Archive for the ‘Uncategorized’ Category

With all the news of the Heartbleed SSL flaw in the media this week IT staff have been working to lock things down on servers & services.

Here are 3 Simple ways to Identify if a domain is vulnerable to a Heartbleed

Method 1
From any host running Chrome Web Browser search for and install the following extension
https://chrome.google.com/webstore/detail/chromebleed/eeoekjnjgppnaegdjbcafdggilajhpic

Image

Now browse to the Domain name in question to validate the status.
If the domain is vulnerable you will see a message similar to the following

Image
Method 2
Use a web based service such as the one found here:
http://filippo.io/Heartbleed/

Method 3
For scanning multiple sites at once we have created the following script.

bleeding_hearts.sh

Usage :

‘./bleeding_hearts.sh domain-list.txt’

Output Examples :

'TLS server extension heartbeat' 

The above output should be further investigated to verify the vulnerability.

More Info:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

Advertisements

Hey looks its a Red Team!
Here they come with a few hours of work & a report that will hopefully provide more valuable information than “Here is what Nessus Found”.

A simple way to test any Red Team’s worth is with a good trolling and disinformation effort once the engagement is underway.  Good testers will be able to bypass the scripties with some manual testing and validations for any findings, and lazy testers will waste a lot of time spinning their wheels on a wild goose chase.

With this in mind we created a few ‘Anti-Pen’ test tools if you will. The entire toolkit is called the Crimson Kool-Aid Toolkit. The other tools in the toolkit will be released with later articles.

So for now here is the first tool:

‘Rusty Web Server: a simple python script to spoof web server versions’
Get it @ https://github.com/thesecuritypimp/rustyweb

In this article we will cover how to quickly setup a trading bot for crypto-currencies. As the difficulty for BTC continues to rise the profit in mining coins continues to drop. A good method to make up those losses is with a trading bot which will work to increase your profit margin by making the moves needed on the market while you are away.

For this we will use the following tools:

  • Turnkey Linux NODE.js VM
  • Gekko Trading Bot
  • Mt.Gox or BTCe account (w/ funds)

Setting up the Environment

First we will download the following Linux VM image

http://www.turnkeylinux.org/nodejs

(alternately you can just run the bot directly by downloading & installing http://nodejs.org/)

For step by step instructions for a Windows based install refer to this:

https://github.com/askmike/gekko/blob/master/docs/installing_gekko_on_windows.md

After downloading and booting the Linux VM image we prepare the host. After initial boot we choose the “Quit” option from the menu to get to a shell.

Once there:

apt-get install byobu
adduser coinmaker

(assign some strong passwords if required setup SSH keys)

git clone https://github.com/askmike/gekko.git /opt/gekko
chown -R coinmaker /opt/gekko
su – coinmaker
cd /opt/gekko/ && npm install

We can now run the bot to verify its functional:

node gekko

We can refer to https://github.com/askmike/gekko/blob/master/docs/Configuring_gekko.md for a full list of options available for the config.js file. To get going quickly change the following options:

cp config.js config.bkup && vi config.js

  • Change the “exchange” to your preferred trading hub
  • Change the currency setting to match your desired currency
  • If you want to enable trading then add the API key/secret generated by your trading hub for your account
  • Also change the tradingEnabled to true to allow trading.
config.normal = {
  enabled: true,
  exchange: 'MtGox', // 'MtGox', 'BTCe', 'Bitstamp' or 'cexio'
  currency: 'USD',
  asset: 'BTC',
  tradingEnabled: false,
  key: '',
  secret: '',
  username: 0 // only fill this is when using Bitstamp or cexio
}

Also ensure the “Advanced section” matches the settings in the config.normal section if you enable trading. This would include the Trading Hub set to “true” along with the same API key/secret used.

Now we can launch the bot and monitor its performance and trading from the console

 byobu && node gekko

2013-12-10 18:12:11 (INFO): Profit reporter active on simulated balance
2013-12-10 18:12:11 (INFO): Calculating EMA on historical data…
2013-12-10 18:14:31 (INFO): ADVICE is to BUY @ xxx.xxx (x.xxx)

The point is ladies and gentlemen that greed, for lack of a better word, is good.

And that’s it! Take a snapshot of the VM instance and clone away if you need to trade on more than one hub at a time.

While reviewing some old publications I came across this great article that was written just weeks after the 9/11 tragedy in NY.

Based on recent events disclosed around the PRISM program and US Government actions against privacy in general the article seems to be very scary with it’s foreshadowing.

Here is an excerpt taken from 2600 Magazine (Fall 2001):

It takes an event of great magnitude to really put things in perspective, to make us realize how insignificant our daily concerns can be. At the same time, such an occurrence can trigger a chain of events that wind up magnifying these concerns.

What is most disturbing is the speed with which things began to change after the attacks. It was as if members of Congress and other lawmakers were poised to spring into action the moment public opinion began to turn and before common sense had a chance of regaining its dominance. Within hours of the horrific events, new restrictions on everything from encryption to anonymity along with broad new powers allowing much easier wiretapping and monitoring of Internet traffic were being purposed – all with initial overwhelming support from the terrified public.

We find it absolutely unconscionable that anyone would use such a tragedy to further their own agenda – whether it be by selling a product or enacting a wish list of legislation. We’ve witnessed a good amount of both recently and its all pretty repugnant. Almost every new law purposed is something we’ve seen in the past – and rejected. And there is very little in them that would have been helpful in preventing the terrorist attacks in the first place.

Our concerns can best be summed up by this quote:
“Maybe the Senate wants to just go ahead and adopt new abilities to wiretap our citizens. Maybe they want to adopt new abilities to go into people’s computers. Maybe that will make us feel safer. Maybe. And maybe what the terrorists have done made us a little bit less safe. Maybe they have increased Big Brother in this country. If that is what the Senate wants, we can vote for it. But do we really show respect to the American people by slapping something together, something that nobody on the floor can explain, and say we are changing the duties of the Attorney General, the Director of the CIA, the U.S. attorneys, we are going to change your rights as Americans, your rights to privacy? We are going to do it with no hearings, no debate. We are going to do it with numbers on a page that nobody can understand.”

Those remarks came from Senator Patrick Leahy of Vermont, one of the few who seem to actually comprehend the serious risks we’re facing.

Today we are seeing the repercussions of the actions taken during that time, and now the train is running full speed so it will take a strong force to have any chance of derailing it.

This all reminds me of another quote from Philip K. Dick (also in 2600 Magazine Spring 2003):

…the essence of the evil government is that it anticipates bad conduct on the part of its citizens. Any government which assumes that the population is going to do something evil has already lost its franchise to govern. That tacit contract between a government and the people governed is that the government will trust the people and the people will trust the government. But once the government begins to mistrust the people it is governing, it loses its mandate to rule because it is no longer acting as a spokesman for the people, but is acting as an agent of persecution

Very interesting source code leak today for the Carberp malware family.
This black market malware once being offered for $40k will surely be of interest to anyone who conducts malware & botnet analysis. The leak included a few other tools that helped make it so successful like the bootloader, MC obfuscate, along with various functions taken from other malware source code like Zeus and Spyeye.

Which begs the question, how do we address the leakage and sharing of malware source code in the public domain?

Here is a more detailed story behind the leak: http://threatpost.com/carberp-source-code-leaked/

Here is more info on the information leaked:

Download
Link 1: http://multiupload.nl/A6CFLK4U6M (as of this posting this link seems dead)
Link 2: https://mega.co.nz/#!0YsXWBRD!CMqd9nrm1d0XABKlifI9vmxprpQ6RnfsdhBHeKrDXao (This one feels lucky!)

The password is:
Kj1#w2*LadiOQpw3oi029)K Oa(28)uspeh

Analysis of the package
Via kernelmode.info:

Ursnif related

pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\VNCDLL.dll
pro\all source\TZ\vnc\VNCd.7z->VNCd/VNCDLL.dll
pro\source builder plugins inj’s modules etc\WndRec\vncdemo\VNCDLL.dll
pro\source builder plugins inj’s modules etc\Сорцы и Модули\VNCd.7z->VNCd/VNCDLL.dll

Rovnix related (BKLoader itself)

pro\all source\bootkit.old\KLoader\release\i386\kloader.sys
pro\all source\BootkitDropper\nbuild\SrcDir\bksetup.exe
pro\all source\test\bootkit\1\bksetup.exe
pro\all source\test\bootkit\1\setupdll.dll
pro\all source\test\bootkit\bksetup.exe
pro\all source\test\bootkit\setupdll.dll
pro\all source\TZ\bootkit\bin\bksetup.exe
pro\all source\TZ\bootkit\bin\setupdll.dll
pro\all source\Инфа по буткиту\Бинарник БК\LatestBk\BK2.8.2\biin\BkSetup.dll
pro\all source\Инфа по буткиту\Бинарник БК\LatestBk\BK2.8.2\bin\release\i386\BkSetup.dll
pro\all source\Инфа по буткиту\Бинарник БК\LatestBk\BK2.8.2_KIP\BK2.8.2_KIP\biin\BkSetup.dll
pro\all source\Инфа по буткиту\Бинарник БК\LatestBk\BK2.8.2_KIP\BK2.8.2_KIP\bin\release\i386\SetupDll.dll
pro\all source\Инфа по буткиту\Инсталятор БК\BootkitDropperPlugBuild\SrcDir\BkSetup.dll
pro\all source\temp\marazm\Droper\Droper_23.01.2012.rar->build\bin\BkSetup.exe
pro\all source\temp\marazm\Droper\Droper_23.01.2012.rar->build\bin\SetupDll.dll
pro\all source\temp\marazm\Droper\Droper_23.01.2012.rar->build\Release\bksetup.exe
pro\all source\temp\marazm\Droper\Droper_23.01.2012.rar->build\Release\setupdll.dll
pro\all source\temp\marazm\Droper\Droper_23.01.2012\build\bin\BkSetup.exe
pro\all source\temp\marazm\Droper\Droper_23.01.2012\build\bin\SetupDll.dll
pro\all source\temp\marazm\Droper\Droper_23.01.2012\build\Release\bksetup.exe
pro\all source\temp\marazm\Droper\Droper_23.01.2012\build\Release\setupdll.dll
pro\source builder plugins inj’s modules etc\Сорцы и Модули\Rootkit.7z->DrvTest/debug/DrvTest.sys
pro\source builder plugins inj’s modules etc\Сорцы и Модули\Rootkit.7z->DrvTest/debug/SpoolNetAdvr.sy_
pro\all source\bootkit\bin\Release\i386\kloader.sys
pro\all source\temp\marazm\Droper\Droper_23.01.2012.rar->build\driver_i386\kloader.sys
pro\all source\temp\marazm\Droper\Droper_23.01.2012\build\driver_i386\kloader.sys
pro\all source\TZ\bootkit\BK\bin\release\i386\kloader.sys
pro\all source\bootkit.old\KLoader\release\amd64\kloader.sys
pro\all source\BootkitDropper\nbuild\SrcDir\BkSetup.dll

Alureon related (dropper of old variants, still ITW)

pro\all source\DropSploit1.rar->DropSploit1\out\builder_Release.exe
pro\all source\DropSploit1.rar->DropSploit1\out\Release\dropper.exe
pro\all source\DropSploit1\out\builder_Release.exe
pro\all source\DropSploit1\out\Release\dropper.exe
pro\all source\DropSploit\out\builder_Release.exe
pro\all source\DropSploit\out\builder_Release.sys
pro\all source\DropSploit\out\dropper.dll
pro\all source\DropSploit\out\Release\dropper.dll
pro\all source\DropSploit\test\1\builder_Release.exe
pro\all source\DropSploit\test\2\builder_Release.exe
pro\all source\DropSploit\test\3\builder_Release.exe
pro\all source\DropSploit\test\5\builder_Release.exe
pro\all source\DropSploit\test\6\builder_Release.exe
pro\all source\DropSploit\test\7\builder_Release.exe
pro\all source\DropSploit\test\8\builder_Release.exe

Claywhist (VNC) related
pro\all source\RemoteCtl\Release\hvnc.exe

Phdet related

pro\all source\TZ\kill_os\bin\os_kill_debug.exe
pro\all source\TZ\kill_os\os_kill_src.7z->os_kill_src/bin/os_kill.exe
pro\all source\TZ\kill_os\os_kill_src.7z->os_kill_src/bin/os_kill_debug.exe
pro\source builder plugins inj’s modules etc\Сорцы и Модули\os_kill_src.7z->os_kill_src/bin/os_kill.exe
pro\source builder plugins inj’s modules etc\Сорцы и Модули\os_kill_src.7z->os_kill_src/bin/os_kill_debug.exe

Zeus related

pro\all source\GrabberIE_FF\Release\GrabberIE_FF.dll
pro\all source\temp\zeus src.rar->zeus src\output\builder\zsb.exe
pro\all source\temp\zeus src.rar->zeus src\output\client32.bin
pro\all source\ZeuS 2.0.8.9\output\builder\zsb.exe
pro\source builder plugins inj’s modules etc\Сорцы и Модули\zeus2089.7z->zeus2089/output/builder/zsb.exe
pro\source builder plugins inj’s modules etc\Сорцы и Модули\zeus2089.7z->zeus2089/output/client32.bin

SpyEye related

pro\source builder plugins inj’s modules etc\Сорцы и Модули\spyinject2.zip->iehookdll_mod.dll
pro\all source\RemoteCtl\Release\rdp.dll
pro\all source\temp\rdp.dll
pro\all source\temp\rdp.exe
pro\all source\TZ\rdp\rdp.plug
pro\source builder plugins inj’s modules etc\plugs\rdp.plug

Vundo related

pro\all source\AgentFullTest.exe
pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\BootkitRunBot.dll
pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\MiniLoader.exe
pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\new.exe
pro\all source\BJWJ\Builds\Bin\Release\blockav2.exe
pro\all source\BJWJ\Builds\Bin\Release\BootkitRunBot.dll
pro\all source\BJWJ\Builds\Bin\Release\MiniLoader.exe
pro\all source\BJWJ\Builds\Bin\Release\new.exe
pro\all source\bootkit\BkBuild\BootkitRunBot.dll
pro\all source\Demo_Cur2\WhiteJoe\Release\WhiteJOE_Bank.exe
pro\all source\keys\Builds\Bin\Debug\RU.exe
pro\all source\temp\marazm\Droper\Droper_23.01.2012.rar->build\WhiteJoe.dll
pro\all source\temp\marazm\Droper\Droper_23.01.2012\build\WhiteJoe.dll
pro\all source\Инфа по буткиту\Инсталятор БК\BootkitDropperPlugBuild\SrcDir\BkInstaller.dll
pro\source builder plugins inj’s modules etc\ConfigBuilder\ConfigBuilder\ConfigBuilder.exe
pro\source builder plugins inj’s modules etc\ConfigBuilder\for test\ConfigBuilder.exe

Carberp itself

pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\BootkitDropper.exe
pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\bot.plug
pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\disktest.exe
pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\FakeDll.plug
pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\RU_Az1.exe
pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\RU_Az_DBG.exe
pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\RU_Az_DBG1.exe
pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\RU_Az_DBG2.exe
pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\RU_Az_FDI_DBG.exe
pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\RU_DBG.exe
pro\all source\BJWJ\Builds\Bin\Release\bki.plug
pro\all source\BJWJ\Builds\Bin\Release\bktest.exe
pro\all source\BJWJ\Builds\Bin\Release\blockav.exe
pro\all source\BJWJ\Builds\Bin\Release\blockav1.exe
pro\all source\BJWJ\Builds\Bin\Release\bootkit.exe
pro\all source\BJWJ\Builds\Bin\Release\BootkitDropper.exe
pro\all source\BJWJ\Builds\Bin\Release\bot.plug
pro\all source\BJWJ\Builds\Bin\Release\docfind.exe
pro\all source\BJWJ\Builds\Bin\Release\first.plug
pro\all source\BJWJ\Builds\Bin\Release\Full.exe
pro\all source\BJWJ\Builds\Bin\Release\ifobstst.exe
pro\all source\BJWJ\Builds\Bin\Release\livrus.exe
pro\all source\BJWJ\Builds\Bin\Release\Loader_dll.dll
pro\all source\BJWJ\Builds\Bin\Release\mmm.exe
pro\all source\BJWJ\Builds\Bin\Release\mybot.exe
pro\all source\BJWJ\Builds\Bin\Release\mytest.exe
pro\all source\BJWJ\Builds\Bin\Release\ola.exe
pro\all source\BJWJ\Builds\Bin\Release\ola1.exe
pro\all source\BJWJ\Builds\Bin\Release\ola2.exe
pro\all source\BJWJ\Builds\Bin\Release\RU_Az.exe
pro\all source\BJWJ\Builds\Bin\Release\RU_Az1.exe
pro\all source\BJWJ\Builds\Bin\Release\RU_Az_FDI.exe
pro\all source\BJWJ\Builds\Bin\Release\RU_Az_serg.exe
pro\all source\BJWJ\Builds\Bin\Release\second.plug
pro\all source\BJWJ\Builds\Bin\Release\test.exe
pro\all source\BJWJ\Builds\Bin\Release\testftp.exe
pro\all source\BJWJ\Builds\Bin\Release\testnew.exe
pro\all source\BJWJ\Builds\Bin\Release\testtt.exe
pro\all source\BJWJ\Builds\Bin\Release\tinytst.exe
pro\all source\BJWJ\Builds\Bin\Release\tst.exe
pro\all source\BJWJ\Builds\Bin\Release\vnctest.exe
pro\all source\BJWJ\Builds\Bin\Release\wndrec.exe
pro\all source\BJWJ\Builds\Bin\Release\wndrec2.exe
pro\all source\BootkitDropper\Bin\RDEBUG_CONFIG\WhiteJoe.exe
pro\all source\BootkitDropper\Bin\RDEBUG_CONFIG\WhiteJoeRebootPing.exe
pro\all source\BootkitDropper\Bin\Release\WhiteJoe.exe
pro\all source\BootkitDropper\Bin\Release\WhiteJoeRebootPing.exe
pro\all source\BootkitDropper\nbuild\SrcDir\WhiteJoe.exe
pro\all source\BootkitDropper\nbuild\SrcDir\WhiteJoeRebootPing.dll
pro\all source\BootkitDropper\nbuild\SrcDir\WhiteJoeRebootPing.exe
pro\all source\Bot Builder\WhiteJoeRebootPing.exe
pro\all source\temp\2012-07-04_FakeDllFiles\bot.plug
pro\all source\temp\marazm\Droper\WhiteJoe.exe
pro\all source\test\test\ola.exe
pro\all source\Инфа по буткиту\Инсталятор БК\BootkitDropperPlugBuild\SrcDir\Bot.plug
pro\all source\Инфа по буткиту\Инсталятор БК\BootkitDropperPlugBuild\SrcDir\Loader_dll.dll
pro\all source\Инфа по буткиту\Инсталятор БК\BootkitDropperPlugBuild\SrcDir\WhiteJoeRebootPing.dll
pro\source builder plugins inj’s modules etc\Full.exe
pro\source builder plugins inj’s modules etc\Full_btc.exe
pro\source builder plugins inj’s modules etc\plugs\bki.plug
pro\source builder plugins inj’s modules etc\plugs\bki_log.plug
pro\source builder plugins inj’s modules etc\plugs\bot.plug
pro\source builder plugins inj’s modules etc\plugs\bot_log.plug
pro\source builder plugins inj’s modules etc\plugs\log\bki.plug
pro\source builder plugins inj’s modules etc\plugs\log\bot.plug
pro\source builder plugins inj’s modules etc\RU_Az_btc.exe
pro\source builder plugins inj’s modules etc\RU_Az_if.exe
pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\DBG_bot.plug
pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\Full.exe
pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\Full_SB.exe
pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\Full_SB_hnt.exe
pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\RU.exe
pro\all source\BJWJ\Builds\Bin\Release\mmmm.exe
pro\all source\BJWJ\Builds\Bin\Release\RU.exe
pro\all source\Demo_Cur.rar->Demo_Cur\WhiteJoe\Debug\WhiteJOE_Bank.exe
pro\all source\Demo_Cur2\WhiteJoe\Debug\WhiteJOE_Bank.exe
pro\all source\Demo_cur\WhiteJoe\Release\WhiteJOE_Bank.exe
pro\all source\Demo_cur_old.7z->WhiteJoe/Debug/WhiteJOE_Bank.exe
pro\all source\keys\Builds\Bin\Release\RU.exe
pro\source builder plugins inj’s modules etc\InjTest.exe
pro\all source\BJWJ\Builds\Bin\BootkitTest\Loader_dll.dll
pro\all source\temp\marazm\Droper\Droper_23.01.2012.rar->build\Loader_dll.dll
pro\all source\temp\marazm\Droper\Droper_23.01.2012\build\Loader_dll.dll
pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\CoreDll.dll
pro\all source\BootkitDropper\Bin\Debug\WhiteJoe.exe
pro\all source\BootkitDropper\Bin\Debug\WhiteJoeRebootPing.dll
pro\all source\BootkitDropper\Bin\Debug\WhiteJoeRebootPing.exe
pro\all source\Demo_Cur.rar->Demo_Cur\WhiteJoe\Release\WhiteJOE_Bank.exe
pro\all source\Demo_cur_old.7z->WhiteJoe/Release/WhiteJOE_Bank.exe
pro\all source\Locker\bin\Debug\locker.exe
pro\all source\temp\Demo_cur.7z->Demo_cur/WhiteJoe/Release/WhiteJOE_Bank.exe
pro\all source\temp\Demo_cur\WhiteJoe\Release\WhiteJOE_Bank.exe
pro\all source\TZ\ifobs\Demo_ifobs.7z->Demo_cur/WhiteJoe/Release/WhiteJOE_Bank.exe
pro\all source\TZ\ifobs\dll\iFOBSBal\Demo_iFOBS_src.7z->Demo_cur/WhiteJoe/Release/WhiteJOE_Bank.exe
pro\all source\TZ\ifobs\dll\iFOBSBal\WhiteJOE_Bank.exe
pro\all source\TZ\ifobs\iFobsLdr.7z->Demo_cur/WhiteJoe/Release/WhiteJOE_Bank.exe
pro\all source\TZ\ifobs\src2\Demo_cur\WhiteJoe\Release\WhiteJOE_Bank.exe
pro\all source\WndRec\output\log\IBank\1237\WhiteJoe\Release\WhiteJOE_Bank.exe
pro\all source\BootkitDropper\Bin\RDEBUG_CONFIG\WhiteJoe.dll
pro\all source\BootkitDropper\Bin\RDEBUG_CONFIG\WhiteJoeRebootPing.dll
pro\all source\BootkitDropper\Bin\Release\WhiteJoeRebootPing.dll
pro\all source\BootkitDropper\nbuild\SrcDir\WhiteJoe.dll
pro\all source\bootkit\BkBuild\ping.dll
pro\all source\temp\marazm\Droper\WhiteJoe.dll
pro\all source\BJWJ\Builds\Bin\Release DEBUGCONFIG\Loader.exe

Stoned framework with Black Hat Europe 2007 Vipin Kumar POC, detected as Sinowal
pro\source builder plugins inj’s modules etc\Сорцы и Модули\Stoned Bootkit Framework.zip

There is also a copy of Win32 Obfuscator known as Mystic Compressor.

adminpanel без иконки\bot_adm\cache\cryptor\CRYPTOR.EXE
pro\all source\BootkitDropper\nbuild\Tools\Mystic.exe
pro\all source\Locker\build\Tools\mystic.exe
pro\all source\test\Mystic.exe
pro\all source\Инфа по буткиту\Инсталятор БК\BootkitDropperPlugBuild\Tools\Mystic.exe

This article will just provide some quick steps to get Backbox Linux ready with a DB for Metasploit to use. To learn more about any of the framework commands shown below try running them with a ‘-h’ switch to see the help.

First start postgresql

sudo service postgresql start

Then login as the DBA and create a user and database

su – postgres

CREATE USER user_name WITH PASSWORD ‘SecretPassword’;

CREATE DATABASE db_name;

GRANT ALL PRIVILEGES ON DATABASE db_name to user_name;

\q

Now we launch Metasploit and connect it to our DB

sudo msfconsole

db_connect user_name:SecretPassword@localhost/db_name

db_status

Now let’s create some workspaces to hold our discoveries

workspace -a Company_A

workspace -a Domain_A

workspace -a Network_192

If we have some previously mapped data we can import it to the workspace

workspace Network_192

db_import /home/user/nmaps/*.xml

Or we can just start a new scan to import directly

db_nmap -sV  -O 192.168.0.0/24

Now we should see our scanned hosts and services

hosts

services

Lastly if you want to move the data to other DB servers MSF also provides a quick export function

db_export /home/user/msfdb_dump.xml

That concludes this short lesson, happy hunting!

The Smackin9 of Hakin9

Posted: 2012/10/02 in Uncategorized

The folks here at SecurityPimp.net have been doing this Information Security thing for some time.  Back in the early days knowledge, tools, and training usually took place on a hidden BBS, and later private IRC’s. But as technology and the internet have evolved so has the training methods and sharing in our hacking community.

It’s always good to learn new things or how to do old things even better. It’s that thirst for knowledge that lead myself to a FREE subscription to a new Information Security & Hacking electronic publication known as “Hakin9”.  How I came to know about this publication I do not remember but I’m sure it had something to do with the free issues and some decent talking points on the cover. 

Who doesn’t like free stuff? Over the next few months I received more links for issues to download for free. Then around Fall/Winter of 2011 things changed. The “Hakin9” publication was going to start charging for their electronic monthly issues.  No big deal I will pay a fair price for quality content. And so far so good right?

About that price.. So I click on the “Subscribe Now” link and see a price of $180 for a 1 year subscription. Or if you break it down $15 a month (the cost of a decent tablet, 3 x monthly Netflix subscription, 2 x annual Amazon Prime).  So does this include any swag, extra tools, access to member forums or anything special? Nope.. $180 for the magazine for 1 person (guess that means others can’t read your magazine). 

About that magazine.. After the first 2 issues I had downloaded I realized there was not too much “new” content included, it almost felt like a version of 2600 quarterly but with cheaper content (and no cool phone pictures). Since then I have mostly tuned out the entire publication and everything associated with it. The most interaction I have these days is seeing the Hakin9 emails spamming my garbage email account at least 2 times a week (over 300 in the past year alone) begging to buy their wares..

Then the other day I found this little gem on our twitter timeline.

 

Image

Which leads you here an email thread on the Nmap boards which outlines how Hakin9 got trolled by some of their “volunteer” authors. Judging by how hard they spammed my inbox just to sell the product I can only imagine how hard these guys were spammed to give them FREE product to sell in their magazine.

So you start off with something decent and catch everyone’s attention, then modify your business model to disgust and gouge your customers. Then after charging an inflated fee for your mediocre product you do not even bother to proof read the content you sell?

Image

 

And with support drying up very quickly hopefully we just see another fly by night security outfit go out into that good night.. 

 

 

Looking for a chance to have fun and show your stuff to the industry players?
CSAW CTF Begins this weekend.

“CSAW CTF is a entry-level CTF, designed for undergraduate students who are trying to break into security. Challenges are specifically designed to point students in directions that will help them understand fundamental concepts and develop practical skills. Our sponsors are big players in the security field, who are serious about hiring the right people with the right skills. Our judges are world-renowned experts in the security field, who are dedicated to making sure that our challenges are designed to test these skills.” https://csawctf.poly.edu/

Wish I had some wild story involving Aliens, Play-Doh, 2 wristwatches and 4 midgets to share as an excuse for my lack of updates. But the play-doh ran out before we were able to even get started.

Instead I offer this as something to help quench your hacking appetite while I was away..

One of the good things about long airport layovers are the chances you finally get to catch up on your reading. Which is what it finally took to crack open my last issue of Wired magazine. I must say I was quite amused to find an article outlining the love/hate relationship between AT&T and Apple. Since I have never been an Apple fan I usually just tune out most news related to them which may explain why many of the details in the article was new to me. The tale ends up being a good example of a “FAILationship” and the fact that it starred two of my favorite US corporations just made it that much more comical. Read the article Here

Meanwhile, no matter how frustrated AT&T got with Jobs, it had little choice but to stand by him. It would have been devastating to lose the iPhone after investing billions of dollars and endless reputational capital. And so the relationship carried on, dysfunctional and loveless though it was. Divorce, at least for the time being, was not an option.

iphone blowup