APT2: Automated Penetration Toolkit

Automated Penetration Toolkit can perform an NMap scan and import the scan results from Nexpose, Nessus and other scanning tools. The results are further used to launch exploit and enumeration modules.

All the results are stored to knowledge base of APT2 on localhost machine. The KB is accessible from within the application and allows the user to view the harvested results of an exploit module.

Setup:

On kali Linux install Python-Nmap library: pip installpython-nmap

Configuration:

To configure APT2 to run as you desire, edit the default.cfg file in root directory.

Current options include:
• metasploit
• nmap
• threading

Metasploit RPC API: 

APT2 can utuilize your host’s Metasploit RPC interface

NMAP:

Configure NMAP scan settings to include the target, scan type, scan port range, and scan flags. These settings can be configured while the program is running.

Threading:

Configure the number of the threads APT2 will use.

Run:

No Options:

python apt2 or ./apt2

With Configuration File

python apt2 -C

Import Nexpose, Nessus, or NMap XML

python apt2 -f

Specify Target Range to Start

python apt2 -f 192.168.1.0/24

Safe Level:

Safe levels indicate how safe a module is to run againsts a target. The scale runs from 1 to 5 with 5 being the safest. The default configuration uses a Safe Level of 4 but can be set with the -s or --safelevel command line flags.

Usage:

apt2.py [-h] [-C ] [-f [ [ ...]]]

               [--target] [--ip ] [-v] [-s SAFE_LEVEL] [-b]

               [--listmodules]

optional arguments:

  -h, --help            show this help message and exit

  -v, --verbosity       increase output verbosity

  -s SAFE_LEVEL, --safelevel SAFE_LEVEL

                        set min safe level for modules

  -b, --bypassmenu      bypass menu and run from command line arguments

inputs:

  -C       config file

  -f [ [ ...]]

                        one of more input files seperated by spaces

  --target              initial scan target(s)

advanced:

  --ip       defaults to ip of interface

misc:

  --listmodules         list out all current modules

Modules

-----------------------

LIST OF CURRENT MODULES

-----------------------

nmaploadxml               Load NMap XML File

hydrasmbpassword          Attempt to bruteforce SMB passwords

nullsessionrpcclient      Test for NULL Session

msf_snmpenumshares        Enumerate SMB Shares via LanManager OID Values

nmapbasescan              Standard NMap Scan

impacketsecretsdump       Test for NULL Session

msf_dumphashes            Gather hashes from MSF Sessions

msf_smbuserenum           Get List of Users From SMB

anonftp                   Test for Anonymous FTP

searchnfsshare            Search files on NFS Shares

crackPasswordHashJohnTR   Attempt to crack any password hashes

msf_vncnoneauth           Detect VNC Services with the None authentication type

nmapsslscan               NMap SSL Scan

nmapsmbsigning            NMap SMB-Signing Scan

responder                 Run Responder and watch for hashes

msf_openx11               Attempt Login To Open X11 Service

nmapvncbrute              NMap VNC Brute Scan

msf_gathersessioninfo     Get Info about any new sessions

nmapsmbshares             NMap SMB Share Scan

userenumrpcclient         Get List of Users From SMB

httpscreenshot            Get Screen Shot of Web Pages

httpserverversion         Get HTTP Server Version

nullsessionsmbclient      Test for NULL Session

openx11                   Attempt Login To Open X11 Servicei and Get Screenshot

msf_snmplogin             Attempt Login Using Common Community Strings

msf_snmpenumusers         Enumerate Local User Accounts Using LanManager/psProcessUsername OID Values

httpoptions               Get HTTP Options

nmapnfsshares             NMap NFS Share Scan

msf_javarmi               Attempt to Exploit A Java RMI Service

anonldap                  Test for Anonymous LDAP Searches

ssltestsslserver          Determine SSL protocols and ciphers

gethostname               Determine the hostname for each IP

sslsslscan                Determine SSL protocols and ciphers

nmapms08067scan           NMap MS08-067 Scan

msf_ms08_067              Attempt to exploit MS08-067

Download

Read more

by Malik korrich ~ lundi 25 juillet 2016 0 commentaires

Commix: Command Injection Exploiter

Commix a short form for Command Injection Exploiter is an environment that web developers, penetration testers and even security researchers can use to test web applications in order to find bugs or vulnerabilities.

Commix is written in python programming language. That helps to find vulnerabilities related to command injection attacks. In Command injection attack the goal is to execute arbitrary commands on the host operating system via a vulnerable application. These attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell.

The arbitrary commands will be executed on successful command injection attack through vulnerable application. The features available in Commix include a set of options for specifying which parameters should be injected and to append the injection payloads. User can also define data in POST request as well as employ injection payload suffix and prefix string to exploit the target.

Moreover, it supports base64 encoding for multiple injection techniques (eval-based, time based or file based).

Requirements 

Python version 2.6.x or 2.7.x is required for running this program.

Supported Platform

• Linux
• Mac OS X
• Windows (Experimental)

Installation 

Download commix by cloning the Git repository:

git clone https://github.com/stasinopoulos/commix.git commix

Commix comes packaged on the official repositories of the following Linux distributions:

• ArchAssault
• BlackArch
• Kali Linux
• BackBox
• Weakerthan

Commix also comes pre-installed, on the following penetration testing frameworks:

• The Penetration Testers Framework (PTF)
• CTF-Tools
• PentestBox
• PenBox
• Katoolin

Usage

To get a list of all options and switches use:

python commix.py -h

So, do you want to get some ideas on how to use commix? Have a quick look of all available options and switches here.

Download

Read more

by Malik korrich ~ lundi 18 juillet 2016 0 commentaires

Exploring Vulnerabilities in HDMI

The HDMI (High Definition Multimedia Interface) standard has gained extensive market penetration. Nearly every piece of modern home theater equipment has HDMI support and most modern mobile devices actually have HDMI-capable outputs, though it may not be obvious. Lurking inside most modern HDMI-compatible devices is something called HDMI-CEC, or Consumer Electronics Control. This is the functionality that allows a media device to, for example, turn on your TV and change the TV’s input. That doesn’t sound interesting, but as we'll see in this presentation, there are some very surprising things an attacker can do by exploiting CEC software implementations. Then there's something called HEC or HDMI Ethernet Connection, which allows devices to establish an Ethernet connection of up to 100Mbit/s over their HDMI connections (newer HDMI standards raise the speed to 1Gbit/s).

Don't think your mobile phone implements CEC? You might be wrong. Most modern Android-based phones and tablets have a Slimport(r) connection that supports HDMI-CEC. Ever heard of MHL (Mobile High-Definition Link)? Think Samsung and HTC (among other) mobile devices, and many JVC, Kenwood, Panasonic, and Sony car stereos – as many as 750 million devices in the world so far. Guess what? MHL supports HDMI-CEC as well. Let's explore:

Read more

by Malik korrich ~ vendredi 1 juillet 2016 0 commentaires

Top 10 Web Application Vulnerability Scanners

A web vulnerability scanner is a program which works on a web application in order to discover potential security vulnerabilities and architectural flaws. It performs a black-box test, no source code is reviewed.

As web applications are widely used now days, performing many businesses around the world. This is making it an easy target for many attackers to play around. In past few years, thousands of web applications are compromised due to its security vulnerabilities and loop holes in their architecture.

Today we are going to discuss about the top 10 web application scanners through which we can discover security flaws before being targeted.

Netsparker

Netsparker is the web security scanner which supports both exploitation and detection of vulnerabilities. It provides the result for only confirmed vulnerabilities after successful exploitation and testing.

Burp Suite

Burp suite is a Java base software for performing vulnerability scanning of web applications. It contains a variety of tools designed to facilitate the attack. The free version is available with limited features, but can be directly purchased with one year subscriptions for $299.

Nikto

Nikto is an open source web security scanner tool which performs comprehensive scanning of web servers. It can scan multiple items on servers, including files and versions specific problems for servers. It can also check server's configuration, making it a powerful tool to scan server's security and related flaws.

W3af

W3af is known as most powerful and flexible tool for finding web application’s vulnerability. It’s easy to use feature made it popular among the security professionals like ethical hackers. W3af contains many web assessment and exploitation plugins as well.

Arachni Vulnerability Scanner

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications.

It is free, with its source code public and available for review.

WebScarab

WebScarab is a tool, available for anyone who wants to expose or check the working of HTTP request on web application. It allows developer to debug program, and security specialist to identify vulnerabilities in the application or in application's design.

Vega

Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.

Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web: Javascript.

Skipfish

It is the most popular tool that scans and prepares sitemap for the web application by recursively crawling into the application. The resulted sitemap is further can be used to exploit and discover different vulnerabilities.

Acunetix

Acunetix is known for its automated nature to find the vulnerabilities such as Sql injection, cross site scripting, weak password strength on authentication pages and others. Security professional uses this tool for preparing security audit reports and advance web penetration testing due to its interactive GUI.

AppScan

AppScan is the scanning tool that provides security testing throughout the development cycle of a web application. It scans the web application for the commonly known vulnerabilities and backdoors. Many professional and penetration testers use this tool to test the web application.


Web Vulnerability scanners are not limited to these defined tools only. There are many other tools that are used by cyber security professionals and pen-testers to scan the web application for any flaw.

Read more

by Malik korrich ~ vendredi 17 juin 2016 0 commentaires

Burp Suite for Web Vulnerability Assessment, Free Training

Burp suite, a well known platform for performing security testing for web, there are many advantages of burp suite over the traditional web vulnerability scanners. But, the objective of this article is not to introduce the advantages of burp suite, however, the objective is to introduce a training course which is available for FREE of cost.

Yes, EH Academy introduces an outstanding course "Learn Burp Suite for Web Application Security Assessment" and it is FREE.

Quickly Master the Most Important Web Hacking/Penetration Testing Tool, the Burp Suite.

• Learn the most important features of the Burp Suite
• Hands-on exercises
• Automate what you can
• Do efficient manual testing

Enroll Now today!

Read more

by Malik korrich ~ samedi 27 février 2016 0 commentaires

Brakeman Vulnerability Scanner for Ruby on Rails

Brakeman is an open source static analysis tool which checks Ruby on Rails applications for security vulnerabilities.

Unlike many web security scanners, Brakeman looks at the source code of your application. This means you do not need to set up your whole application stack to use it. Once Brakeman scans the application code, it produces a report of all security issues it has found.

Advantages

No Configuration Necessary

Brakeman requires zero setup or configuration once it is installed. Just run it.

Run It Anytime

Because all Brakeman needs is source code, Brakeman can be run at any stage of development: you can generate a new application with rails new and immediately check it with Brakeman.

Better Coverage

Since Brakeman does not rely on spidering sites to determine all their pages, it can provide more complete coverage of an application. This includes pages which may not be ‘live’ yet. In theory, Brakeman can find security vulnerabilities before they become exploitable.

Limitations

False Positives

Only the developers of an application can understand if certain values are dangerous or not. By default, Brakeman is extremely suspicious. This can lead to many “false positives.”

Unusual Configurations

Brakeman assumes a “typical” Rails setup. There may be parts of an application which are missed because they do not fall within the normal Rails application layout.

Only Knows Code


Dynamic vulnerability scanners which run against a live website are able to test the entire application stack, including the webserver and database. Naturally, Brakeman will not be able to report if a webserver or other software has security issues.

Download and read more at

Installation

Using RubyGems:

gem install brakeman

Using Bundler:

group :development do
  gem 'brakeman', :require => false
end

Usage

From a Rails application's root directory:

brakeman

Outside of Rails root:

brakeman /path/to/rails/application

Read more

by Malik korrich ~ jeudi 18 février 2016 0 commentaires

Your Android Phone is Vulnerable To Remote Hacking With StageFright Bugs

Your Android Phone is Vulnerable To Remote Hacking With StageFright Bugs!

Stagefright 2.0, a set of two vulnerabilities that manifest when processing specially crafted MP3 audio or MP4 video files. 

Security Researcher of Zimperium Joshua Drake (Vice President of platform research and exploitation at Zimperium) discovered two more vulnerabilities in the Android. His aimed to researching media processing in Android and focused on remote attacks agains current devices.

What is the vulnerability ? 
Processing specially crafted MP3 or MP4 files can lead to arbitrary code execution. -

The vulnerability lies in the processing of metadata within the files, so merely previewing the song or video would trigger the issue. Since the primary attack vector of MMS has been removed in newer versions of Google’s Hangouts and Messenger apps, the likely attack vector would be via the Web browser.

• An attacker would try to convince an unsuspecting user to visit a URL pointing at an attacker controlled Web site (e.g., mobile spear-phishing or malicious ad campaign)
• An attacker on the same network could inject the exploit using common traffic interception techniques (MITM) to unencrypted network traffic destined for the browser.
• 3rd party apps (Media Players, Instant Messengers, etc.) that are using the vulnerable library.

After the execution this Vulnerbaility allow attackers to access to personal data and photos stored on the phone, be able to take photos, record conversations, email and SMS and can download malicious apps remotely.

Google said that new Stagefright bugs will be fixed in next schedule update.

Source: Zimperium

Read more

by Malik korrich ~ jeudi 1 octobre 2015 0 commentaires

How To Hack iPhone To See Photos and Contacts Just in 30 Seconds

How To Hack iPhone ?
To See Photos and Contacts Just in 30 Seconds!

A new method to unlock a iPhone, iPad or iPod touch running on latest iOS 9 and iOS 9.1. The vulnerability has been discovered to access the device contacts and photos within 30 sec.

How to do unlock for iOS 9?

• Type incorrect password 4 times 
• For the fifth time Type the password 3 times and in 4th time hold the HOME button to invoke SIRI by the 4th digit.
• Now ask the siri about the Time.
• Tap the Clock icon to open the Clock app and add a new Clock, then write anything in the Choose a City field.
• Now double tap on the word to select, you wrote to invoke the copy & paste menu, Select All and then click on "Share".
• Tap the 'Message' icon in the Share Sheet, and again type something random, hit Return and double tap on the contact name on the top.
• Select "Create New Contact," and Tap on "Add Photo" and then on "Choose Photo".
• You'll now be able to see the entire photo library on the iOS device, which is still locked with a passcode. Now browse and view any photo from the Photo album individually.

Watch Video for bypass iOS 9 Lockscreen



After this bypass attack Apple have been updated new version iOS 9.0.1 but its still we can bypass its lockscreen.

Look below Video demonstrate:

Video for bypass iOS 9.0.1 Lockscreen



How To prevent by this attack?

Until Apple fixes this issue, iOS users can protect themselves by disabling Siri on the lock screen

• Go to Settings > Touch ID & Passcode > Siri
• Turn off Siri

Just few days back Biggest Security Breach In Apple App Store Gets Malware Infected.

Read more

by Malik korrich ~ lundi 28 septembre 2015 0 commentaires

Organizations Need To Be More Concerned About Their Security

Organizations Need To Be More Concerned About Their Security.

Nothing is secure! Yes, you heard it right. Today we point of some recent hacks.

From a top range of cars to high potential planes, all have been found vulnerable many times.

SuperCar Tesla S gets Vulnerable

Starting from the recent hack of Tesla Model S car, two researchers have found a vulnerability in the internal network of Tesla’s dashboard and it was successfully penetrated with the help of software command and they could even plant a trojan into the Model S’ network and remotely disconnect its engine from the dashboard.

America Airlines And Sabre Systems

Now the same thing happened with the American Airlines too, Chinese Hackers have breached the American Airlines and Sabre Systems and got access to hundreds of airlines reservations and thousands of hotel’s data but evidence have not been found yet.

Security Breach In Pentagon Computers

Another big breach was Pentagon Access, Russian Hackers got access to Pentagon email systems and affected 4,000 Joint Chief’s of Staff Personnel (both military and civilian) and now the system has been shutdown for around two weeks.

Skateboards Also Compromised

And not only this but your Skateboards are also being compromised. Recently, two security researchers Healey and Mike Ryan developed an exploit called FacePlant which can seize the device and take over the control of electric Skateboards and they have also presented their findings in DEFCON Conference held at Las Vegas.

Ashley Madison Dating Website Hacked
Ashley Madison Website Hacked: Hackers Want To Release 37 Million Users Data. Ashley Madison is and undertaking site to the online personals & dating destination for easygoing experiences, wedded dating, attentive experiences and extramarital issues. 

Hacking Team Got Hacked
Italian Surveillance Company "HackingTeam" Got Hacked, 400GBs Data Leaked Online! An Italian company that sells spying tools to government and law enforcement agencies has been hacked with 400GB data of internal documents, source code and emails. -

Read more

by Malik korrich ~ lundi 10 août 2015 0 commentaires

Chinese Hackers Attack On American Airlines And Sabre Systems

Chinese Hackers Attack On American Airlines And Sabre Systems.

Hundreds of airlines reservations and thousand of hotels data, which process by Sabre Corp. and American Airlines group Inc the world's biggest air carrier has breached by Chinese-linked Hackers.

American Airlines Spokesperson Casey Norton said the company does not find any evidence yet.

According to report by Reuters,

"We recently learned of a cyber security incident," Sabre said in an email to Reuters. "At this time, we are not aware that this incident has compromised sensitive protected information, such as credit card data or personally identifiable information, but our investigation is ongoing."

"American has worked with outside cyber security experts who checked digital signatures, IP addresses and the style of attack, and there's no evidence to suggest a breach similar to that experienced by the U.S. Office of Personnel Management," Norton said in an email to Reuters.

The China-based hackers reportedly targeted the systems of United Continental Holdings Inc (UAL.N), which the airline detected in May or early June, Bloomberg reported last month.

"Not in light of today, but because of prevalent attacks in the industry, we have redoubled our efforts and brought in more cyber security experts to investigate and defend our systems," Norton said in later phone conversation.

Source: Reuters, Bloomberg
Photo by: Tony Gutierrez

Read more

by Malik korrich ~ samedi 8 août 2015 0 commentaires

Microsoft Announced To Increase the Bug Bounty Rewards Upto $100,000

Microsoft Announced To Increase the Bug bounty Rewards Up-to $100,000.

Good news for Bug Hunters!

On Wednesday, Microsoft Announced To Increase the Bug bounty Rewards at BlackHat USA conference 2015. Microsoft also running a contest at Black Hat in Las Vegas, 5-6 August 2015.


Raising the Bounty for Defense from $50,000 USD to $100,000 USD

• Brings defense up on par with offense
• Rewards the novel defender equally for their research

This continued evolution includes a new approach to the Online Services Bug Bounty Program:

Authentication vulnerabilities will receive double bounty payouts

• Microsoft Account (MSA) and Azure Active Directory (AAD) vulnerabilities
• Bonus period will run from August 5, 2015 - October 5, 2015
• All payouts during this period will receive twice the normal payout (that means we will pay $30,000 USD for a great Authentication vulnerability!)

MSA contest at Black Hat

• Come show us your 1337 skills and win an Xbox One, Surface 3, or one year of full MSDN access.
• Come visit us at the Microsoft Networking Lounge, August 5-6, in Mandalay Bay to review full rules and to participate.

RemoteApp

• RemoteApp lets users run Windows apps hosted in Azure anywhere, and on a variety of devices.
• RemoteApp is being added as a new property of the Online Services Bug Bounty Program and all of the regular terms and payout rules apply.

Few days ago Microsoft Fixed Windows 10 Bugs After Official Released


Source: Microsoft 

Read more

by Malik korrich ~ jeudi 6 août 2015 0 commentaires

Smashing The Browser: From Vulnerability Discovery To Exploit Development

Smashing The Browser: From Vulnerability Discovery To Exploit Development.

Part 1: Browser Fuzzing Technology

This part will first introduce a fuzzer framework (StateFuzzer) developed by myself as well as the fuzzing strategies behind it. Then conclude some effective fuzzing ideas and related vulnerabilities based on results of the fuzzer.

Part 2: Advance Browser Exploitation Techniques

This part will first brief introduce the security model of modern browsers as well as the combat between exploit and mitigation. Then introduce all kinds of heap management mechanisms and their defects together with some exploit-friendly data structures of Google Chrome and IE 11. After that, analyze the advance exploit technologies of these two browsers, including two new exploitation techniques, one of which is not limited by sandbox (Demo). Finally conclude the dilemmas of Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and Sandbox.

Part 3: IE 11 0day Exploit Development

After taking one of my IE 11 UAF vulnerabilities from StateFuzzer, I will share the whole exploit developing experience from the vulnerability trigger to arbitrary code execution, together with all related technologies and skills (Demo).

At last, I will bring a special, interesting and undisclosed IE 11 0day (not affected by isolated heap and protected free).

Download

Read more

by Malik korrich ~ samedi 25 juillet 2015 0 commentaires

Security Hole in Apple OS X Privilege Escalation Bug Found

Security Hole in Apple OS X, Privilege Escalation Bug Found By Security Researcher Stephan Esser.

Esser said the vulnerability is present in both the current 10.10.4 (Yosemite) version of OS X and the current beta version of 10.10.5. 

Significantly, the present beta variant of 10.11 is free of the flaw, an evidence that Apple designers might as of now aware of the vulnerability. It wouldn't be astounding for the fix to discover its way into an incremental redesign to OS X released in the coming weeks.

Its the type of security hole attackers regularly exploit to bypass security protections built into modern operating systems and applications.

Esser explained in the blog post,

When Apple changed the dynamic linker code for OS X 10.10 to support the new DYLD_PRINT_TO_FILE environment variable they added the following code directly to the _main function of dyld. As you can see from this code the value of the environment variable is directly used as filename for the opened or created logging file.

const char* loggingPath = _simple_getenv(envp, "DYLD_PRINT_TO_FILE");
if ( loggingPath != NULL ) {
        int fd = open(loggingPath, O_WRONLY | O_CREAT | O_APPEND, 0644);
        if ( fd != -1 ) {
                sLogfile = fd;
                sLogToFile = true;
        }
        else {
                dyld::log("dyld: could not open DYLD_PRINT_TO_FILE='%s', errno=%d\n", loggingPath, errno);
        }
}


The problem with this code is that it does not come with any safeguards that are required when adding new environment variables to the dynamic linker. Normally for security reasons the dynamic linker should reject all environment variables passed to it in case of restricted files. This is automatically handled when new environment variables are added to the process DyldEnvironmentVariable() function. However in the DYLD_PRINT_TO_FILE case the code was directly added to the _main function of dyld.

Notwithstanding that it includes a relief against a typical trap to evade O_APPEND limitations on document descriptors.

How can we protect?

Before going into the exploitation of this problem please be reminded that because it will likely take months for Apple to react to this issue we released a kernel extension that protects from this vulnerability by stopping all DYLD_ environment variables form being recognized by the dynamic linker for SUID root binaries. In addition to that it adds a mitigation against a common trick to circumvent O_APPEND restrictions on file descriptors.

Essar tweeted:

echo python -c '"import os;os.write(3,\"ALL ALL=(ALL) NOPASSWD: ALL\")"'|DYLD_PRINT_TO_FILE=/etc/sudoers newgrp;sudo su # via reddit lsdhobo

— Stefan Esser (@i0n1c) July 22, 2015

echo 'echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" >&3' | DYLD_PRINT_TO_FILE=/etc/sudoers newgrp; sudo -s # via reddit: numinit (shorter)

— Stefan Esser (@i0n1c) July 22, 2015

If you want to fix this vulnerability before apple new update then here you can. Security researcher Esser explained to fix this vulnerability on GitHub.

SUIDGuard - A kernel extension adding mitigations to protect SUID/SGID binaries

SUIDGuard is a TrustedBSD kernel driver that implements several mitigations to protects against weaknesses usually involving SUID/SGID binaries.

• Protects SUID/SGID root binaries from DYLD_ environment variables by overwriting the string DYLD_ with XYLD_
• Protects the O_APPEND flag usually used when opening e.g. logfiles from being disabled by someone with credentials that are different from those used to open the file
• Tested with OS X Yosemite 10.10.4.

Download

Read more

by Malik korrich ~ jeudi 23 juillet 2015 0 commentaires

Ashley Madison Website Hacked: Hackers Want To Release 37 Million Secret Data

Ashley Madison Website Hacked: Hackers Want To Release 37 Million Users Data.

Ashley Madison is and undertaking site to the online personals & dating destination for easygoing experiences, wedded dating, attentive experiences and extramarital issues.

Ashley Madison is a Canadian based online dating service and social networking service marketed to people who are already in a relationship, whose slogan is "Life is short. Have an affair." The website was launched in 2001. The name of the site was created from two popular female names, "Ashley" and "Madison".

Screenshot during Ashley Madison Site Hacked

One of the Impact Team member said, "will profit in a big way" if they sell the stolen personal details.

ALM Chief Executive Noel Biderman confirmed the hack given interview to Krebsonsecurity , and said the company was “working diligently and feverishly” to take down ALM’s intellectual property. Indeed, in the short span of 30 minutes between that brief interview and the publication of this story, several of the Impact Team’s Web links were no longer responding.

“We’re not denying this happened,” Biderman said. “Like us or not, this is still a criminal act.”

A member of a hacking community claims Impact Team "will profit in a big way" if they sell the stolen personal details.

However, according to the Impact Team, Ashley Madison made money from the paid "Full Delete" service that does not work.

ALM statement in Blog,
"We were recently made aware of an attempt by an unauthorized party to gain access to our systems. We immediately launched a thorough investigation utilizing leading forensics experts and other security professionals to determine the origin, nature, and scope of this incident.

We apologize for this unprovoked and criminal intrusion into our customers’ information. The current business world has proven to be one in which no company’s online assets are safe from cyber-vandalism, with Avid Life Media being only the latest among many companies to have been attacked, despite investing in the latest privacy and security technologies.

We have always had the confidentiality of our customers’ information foremost in our minds, and have had stringent security measures in place, including working with leading IT vendors from around the world. As other companies have experienced, these security measures have unfortunately not prevented this attack to our system.

At this time, we have been able to secure our sites, and close the unauthorized access points. We are working with law enforcement agencies, which are investigating this criminal act. Any and all parties responsible for this act of cyber–terrorism will be held responsible."

"Full Delete netted [Avid Life Media] $1.7mm in revenue in 2014. It’s also a complete lie," the group wrote in a statement released Sunday. "Users almost always pay with the credit card; their purchase details are not removed as promised and include real name and address, which is, of course, the most important information the users want to be removed."

Ashley Madison Website is Live now

Read more

by Malik korrich ~ mardi 21 juillet 2015 0 commentaires

Firefox Blocks Adobe Flash Player Plugin Due To Unpatched 3rd Zero Day Vulnerability

Firefox Blocks Adobe Flash Player Plugin Due To Unpatched 3rd Zero Day Vulnerability.

Some of the places user didn't see the videos due to block. Exploits for these vulnerabilities were found in the information taken from HackingTeam in the assault revealed a week ago.

Adobe expected to patch these flash Zero days in this week, but at the meantime Adobe disabled all versions of plugin.

Adobe released 18.0.0.209 update version for flash player plugin today

In the Mozilla Statement,
"All versions of Adobe’s Flash Player plugin are currently deactivated by default, until Adobe releases an updated version to address known critical security issues."

Last week we reported Hacking Team was hacked and 400GBs Data Leaked. These zero days comes out from these leaks.

Firefox officially Tweeted,

We are committed to protecting our users from security risks. That's why–following an Adobe alert–we temporarily blocked #Flash in Firefox.

— Firefox (@firefox) July 14, 2015

New Facebook Chief Security Officer (CSO) Alex Stamos tweeted,

It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.

— Alex Stamos (@alexstamos) July 12, 2015

In the Statement of Adobe,

"Security Advisory for Adobe Flash Player
Release date: July 10, 2015

Last Updated: July 12, 2015
Vulnerability identifier: APSA15-04

CVE number: CVE-2015-5122, CVE-2015-5123

Platform: Windows, Macintosh and Linux

Summary:
Critical vulnerabilities (CVE-2015-5122, CVE-2015-5123) have been identified in Adobe Flash Player 18.0.0.204 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  

Adobe is aware of reports that exploits targeting these vulnerabilities have been published publicly. Adobe expects to make updates available during the week of July 12, 2015."

By playing any flash content in Firefox, top of the browser windows can read 

"Firefox has presented the unsafe plugin 'Adobe Flash' from running on the target URL."

Read more

by Malik korrich ~ mardi 14 juillet 2015 0 commentaires

VBScan Black Box vBulletin Vulnerability Scanner

Vulnerability scanning and assessment is the foremost method to find the vulnerabilities and fix them to avoid any mishaps. There are many tools available that can find vulnerabilities on the web server, web application and etc. Some vulnerability scanners are exclusively being created to scan a particular web software and CMS, VBScan is amongst them.

vBulletin is the one of the known Internet forum software and there are some top notch forums out there, based on vBulletin. Mohammad Reza Espargham has created VBScan that can do vulnerability scanning of  vBulletin.

 
VBScan in Action:




Download and read more at

Read more

by Malik korrich ~ jeudi 25 juin 2015 0 commentaires

Hack iOS Mail App: Exploit Working [Video]

Hack iOS Mail App Credentials: Exploit Working [Video]  
iOS 8.3 Mail app injection kit!

This injection kit pawns every iOS 8.3 Mail app and  it is developed by Jan Soucek. He is exploiting a bug of iOS Mail app that lets hackers send fake prompts to access the password information of the user. So beware of the prompts if you are asked to enter the password and think twice giving your iOS credentials.

Back in January 2015 Jan stumbled upon a bug in iOS's mail client, resulting in HTML tag in e-mail messages not being ignored.

This bug allows remote HTML content to be loaded, replacing the content of the original e-mail message. JavaScript is disabled in this UIWebView, but it is still possible to build a functional password "collector" using simple HTML and CSS.

It was filed under Radar #19479280 back in January, but the fix was not delivered in any of the iOS updates following 8.1.2. Therefore I decided to publish the proof of concept code here.

Demo:


Usage

• Edit the e-mail address you would like to use for password collection in framework.php
• Upload index.php, framework.php and mydata.txt to your server
• Send an e-mail containing HTML code from e-mail.html to the research subject
• Don't forget to change the modal-username GET parameter value to the e-mail address of the recipient
• You can use https://putsmail.com for testing purposes

Credits
Framework7: Vladimir Kharlampidi (http://www.idangero.us/framework7) - Framework7's CSS code was used for the login dialog styling

License
MIT

Notes
The code detects that the research subject has already visited the page in the past (using cookies) and it stops displaying the password prompt to reduce suspicion.

The e-mail address and password are submitted via GET to framework.php, which then saves them to the mydata.txt file, sends them out via e-mail to the specified "collector" e-mail address and then returns the research subject back to Mail.app using redirect to message://dummy.

The password field has autofocus enabled. We then use focus detection to hide the login dialog once the password field loses its focus (e.g. after the subject clicks on OK and submits the password).

Download

Read more

by Malik korrich ~ mercredi 10 juin 2015 0 commentaires

YASUO: A Ruby Script That Scans Vulnerable 3rd-Party Web Applications

YASUO: A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network.

While working on a network security assessment (internal, external, redteam gigs etc.), we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiting publicly known vulnerabilities. 

Some of the common & favorite applications are Apache Tomcat administrative interface, JBoss jmx-console, Hudson Jenkins and so on.

If you search through Exploit-db, there are over 10,000 remotely exploitable vulnerabilities that exist in tons of web applications/front-ends and could allow an attacker to completely compromise the back-end server. These vulnerabilities range from RCE to malicious file uploads to SQL injection to RFI/LFI etc.

Yasuo is built to quickly scan the network for such vulnerable applications thus serving pwnable targets on a silver platter.

Setup / Install

You would need to install the following gems:

• gem install ruby-nmap net-http-persistent mechanize colorize text-table

Details

Yasuo provides following command-line options:

-r :: If you want Yasuo to perform port scan, use this switch to provide an IP address or IP range or an input file with new-line separated IP addresses

-s :: Provide custom signature file. [./yasuo.rb -s mysignatures.yaml -f nmap.xml] [Default - signatures.yaml]

-f :: If you do not want Yasuo to perform port scan and already have an nmap output in xml format, use this switch to feed the nmap output

-n :: Tells Yasuo to not ping the host while performing the port scan. Standard nmap option.

-p :: Use this switch to provide port number(s)/range

-A :: Use this switch to scan all the 65535 ports. Standard nmap option.

-b [all/form/basic] :: If the discovered application implements authentication, use this switch to brute-force the auth. "all" will brute-force both form & http basic auth. "form" will only brute-force form-based auth. "basic" will only brute-force http basic auth.

-t :: Specify maximum number of threads

-h :: Well, take a guess

Examples

./yasuo -r 127.0.0.1 -p 80,8080,443,8443 -b form

The above command will perform port scan against 127.0.0.1 on ports 80, 8080, 443 and 8443 and will brute-force login for all the applications that implement form-based authentication.

./yasuo -f my_nmap_output.xml -b all

The above command will parse the nmap output file "my_nmap_output.xml" and will brute-force login for all the applications that implement form-based and http basic authentication

Download

Read more

by Malik korrich ~ vendredi 5 juin 2015 0 commentaires

Oops! Bug In Skype Crashed By Send Simple Word

Oops! Bug In Skype | Crashed By Send Simple Word

I just sent the message to my friend
As you can see in image i type "http://:" [without quote] and send. After enter it shown the pop up with message

"Skype has stopped working".


This is the Bug in Skype and Skype confirmed the bug.  If you are current using Skype you can also check the same.

Now Skype officially said that this bug has been fixed now.

Solution:
Just install the Latest Version from http://www.skype.com/download For Android and iOS for to be fixed this Bug on your OS platform.

Read more

by Malik korrich ~ mercredi 3 juin 2015 0 commentaires

Plecost: Wordpress Vulnerabilities Finder

There are a huge number of Wordpress around the world. Most of them are exposed to be attacked and be converted into a virus, malware or illegal porn provider, without the knowledge of the blog owner.
This project try to help sysadmins and blog's owners to make a bit secure their Wordpress.

Plecost is a vulnerability fingerprinting and vulnerability finder for Wordpress blog engine. 

What's new?

This Plecost 3 version, add a lot of new features and fixes, like:

• Fixed a lot of bugs.
• New engine: without threads or any dependencies, but run more faster. We'll used python 3 asyncio and non-blocking connections. Also consume less memory. Incredible, right? :)
• Changed CVE update system and storage: Now Plecost get vulnerabilities directly from NIST and create a local SQLite data base with filtered information for Wordpress and theirs plugins.
• Wordpress vulnerabilities: Now Plecost also manage Wordpress Vulnerabilities (not only for the Plugins).
• Add local vulnerability database are queryable. You can consult the vulnerabilities for a concrete wordpress or plugins without, using the local database.

Installation

Install Plecost is so easy:

$ python3 -m pip install plecost

Remember that Plecost3 only runs in Python 3.

Quick start

Scan a web site si so simple:

$ plecost http://SITE.com

A bit complex scan: increasing verbosity exporting results in JSON format and XML:
JSON

$ plecost -v http://SITE.com -o results.json

XML

$ plecost -v http://SITE.com -o results.xml

Example :

 Download and read more at:

Read more

by Malik korrich ~ mardi 2 juin 2015 0 commentaires