Underground hacking/cracking Magazine - Phrack

You can read the latest release of the underground magazine Phrack from their website. For those among us who are not very familiar with phrack or underground magazine scene. Phrack has been around since 1985, well over 20 years, and has been the leading underground hacking/cracking ezine out there. Some notable facts about phrack (taken from wikipedia):

The Mentor’s Hacker Manifesto, which has been an inspiration to young hackers since the 1980s, was published in the 7th issue of Phrack.

Aleph One’s Smashing The Stack For Fun And Profit, published in issue 49, is the “classic paper” on stack buffer overflows, partly responsible for popularizing the vulnerability.

* Several regular columns are present in most issues of Phrack, such as:
* Prophile - the presentation of a very influential character from the hacking underground.
* Loopback - answers to the most original (or stupid) emails received by the phrack staff.
* Phrack World News - a compilation of reports on the latest counter-culture events.
* International Scene - a compilation of testimonies from hackers all around the world focusing on national and international activities.

You can read more about phrack history here and here.

Read more

Discovering and Hacking Bluetooth

Discovering Bluetooth Devices

BlueScanner - BlueScanner searches out for Bluetooth-enabled devices. It will try to extract as much information as possible for each newly discovered device. Download BlueScan.

BlueSniff - BlueSniff is a GUI-based utility for finding discoverable and hidden Bluetooth-enabled devices. Download BlueSniff.

BTBrowser - Bluetooth Browser is a J2ME application that can browse and explore the technical specification of surrounding Bluetooth-enabled devices. You can browse device information and all supported profiles and service records of each device. BTBrowser works on phones that supports JSR-82 - the Java Bluetooth specification. Download BTBrowser.

BTCrawler -BTCrawler is a scanner for Windows Mobile based devices. It scans for other devices in range and performs service query. It implements the BlueJacking and BlueSnarfing attacks. Download BTCrawler.

Hacking Bluetooth Devices

BlueBugger -BlueBugger exploits the BlueBug vulnerability. BlueBug is the name of a set of Bluetooth security holes found in some Bluetooth-enabled mobile phones. By exploiting those vulnerabilities, one can gain an unauthorized access to the phone-book, calls lists and other private information. Download BlueBugger.

CIHWB - Can I Hack With Bluetooth (CIHWB) is a Bluetooth security auditing framework for Windows Mobile 2005. Currently it only support some Bluetooth exploits and tools like BlueSnarf, BlueJack, and some DoS attacks. Should work on any PocketPC with the Microsoft Bluetooth stack. Download CIHWB.

Bluediving - Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, has features such as Bluetooth address spoofing, an AT and a RFCOMM socket shell and implements tools like carwhisperer, bss, L2CAP packetgenerator, L2CAP connection resetter, RFCOMM scanner and greenplaque scanning mode. Download Bluediving.

Transient Bluetooth Environment Auditor - T-BEAR is a security-auditing platform for Bluetooth-enabled devices. The platform consists of Bluetooth discovery tools, sniffing tools and various cracking tools. Download T-BEAR.

Bluesnarfer - Bluesnarfer will download the phone-book of any mobile device vulnerable to Bluesnarfing. Bluesnarfing is a serious security flow discovered in several Bluetooth-enabled mobile phones. If a mobile phone is vulnerable, it is possible to connect to the phone without alerting the owner, and gain access to restricted portions of the stored data. Download Bluesnarfer.

BTcrack - BTCrack is a Bluetooth Pass phrase (PIN) cracking tool. BTCrack aims to reconstruct the Passkey and the Link key from captured Pairing exchanges. Download BTcrack.

Blooover II - Blooover II is a J2ME-based auditing tool. It is intended to serve as an auditing tool to check whether a mobile phone is vulnerable. Download Blooover II.

BlueTest - BlueTest is a Perl script designed to do data extraction from vulnerable Bluetooth-enabled devices. Download BlueTest.

BTAudit - BTAudit is a set of programs and scripts for auditing Bluetooth-enabled devices. Download BTAuding.

Read more

Forward Squid traffic to secure tunnel (SSH)

When Squid is installed and running, it uses port 3128 by default. You should test it manually by setting your HTTP proxy to the server that runs Squid. For instance, in Firefox to go Tools -> Options -> Advanced -> Network -> Settings and enter the IP address or host of the Squid proxy (e.g. 192.168.0.100) and 3128 for the port. Try to load any web page. If you see an access denied error, check out the http_access configuration in the squid configuration file.

Once Squid is all set and ready to go, you need to forward your connection to it over SSH. To set the tunnel up on your Windows laptop, download Plink, a command-line version of Putty SSH client, and run this command:

plink.exe -batch -N -l UserName -pw Password -L 3128:localhost:3128 SSH_Server

On Unix-based systems, simply run this command:

ssh -L 3128:localhost:3128 SSH_Server -f -N

Finally, tell your browser to use the SSH tunnel as a proxy. Basically you need to change the host to localhost and the port number to 3128 (See below).

Read more

SQL Injection Tool - sqlninja

Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.

Features:

The full documentation can be found in the tarball and also here, but here's a list of what the Ninja does:

*  Fingerprint of the remote SQL Server (version, user performing the queries, user privileges, xp_cmdshell availability, DB authentication mode)

*  Bruteforce of 'sa' password (in 2 flavors: dictionary-based and incremental)

*  Privilege escalation to sysadmin group if 'sa' password has been found

*  Creation of a custom xp_cmdshell if the original one has been removed

*  Upload of netcat (or any other executable) using only normal HTTP requests (no FTP/TFTP needed)

*  TCP/UDP portscan from the target SQL Server to the attacking machine, in order to find a port that is allowed by the firewall of the target network and use it for a reverse shell

*  Direct and reverse bindshell, both TCP and UDP

*  DNS-tunneled pseudo-shell, when no TCP/UDP ports are available for a direct/reverse shell, but the DB server can resolve external hostnames (check the documentation for details about how this works) 

*  Evasion techniques to confuse a few IDS/IPS/WAF

Prerequisites

In order to use sqlninja, the following Perl modules need to be present:

*  NetPacket

*  Net-Pcap

*  Net-DNS

*  Net-RawIP

*  IO-Socket-SSL

download Sqlninja here

Read more

Call For Open Source Awards 2008 Nominations

For the 4th year running, Google and O’Reilly will present a set of Open Source Awards at OSCON 2008. The awards recognize individual contributors who have demonstrated exceptional leadership, creativity, and collaboration in the development of Open Source Software. Past recipients for 2005-2007 include Doc Searls, Jeff Waugh, Gerv Markham, Julian Seward, David Heinemeier Hansson, Karl Fogel, David Recordon, and Paul Vixie.

The nomination process is open to the entire open source community, closing May 15th, 2008. Send your nominations to osawards AT oreilly DOT com. Nominations should include the name of the recipient, any associated project/org, suggested title for the award (”Best Hacker”, “Best Community Builder”, etc.), and a description of why you are nominating the individual. Google and O’Reilly employees cannot be nominated.

Read more