Mozilla Firefox4.0.1 First Security Update

Mozilla Released it's first release of Mozilla Firefox Firefox 4.0.1 which is a open source browser.

Fourteen flaws have been found in Firefox 4.0.1 from which 13 flaws are categorized as critical Vulnerabilities and one is mentioned low impact Vulnerability.

The biggest category of fixed vulnerabilities in Firefox 4.0.1 are memory safety related issues, with 10 identified flaws.

"Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products," Mozilla warned in its advisory. "Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code." 

You can check their warning here - Here

The high impact category of flaws is in WebGL and its related WebGLES graphics library. Mozilla is providing three fixes for WebGLES flaws in the Firefox 4.0.1 update.

 As opposed to the critical memory flaws that Mozilla is patching with the Firefox 4.0.1 release, the XSLT flaw will not lead to arbitrary code execution. According to Mozilla, the XSLT flaw could have been used by an attacker to help launch some form of memory corruption that could possibly make another attack more reliable.  

The Firefox 4.0.1 release is the first update to Mozilla's browser since Firefox 4 release in March. Firefox developers are currently on Firefox 5, which may release at JUNE last

Hacker Used SQL-injection to Get 675K Credit Card

A computer hacker from Georgia has pleaded guilty to fraud and identity theft after authorities found him with more than 675,000 stolen credit card accounts on his home computers, Credit card companies have traced more than $36 million in fraudulent transactions to the accounts that were breached by Rogelio Hackett.

How he did it? Hacker briefly used the SQL-injection attack on web resources he was able to use different SQL vulnerabilities despite that this kind of vulnerability is well known. SQL injection is one of the popular attacks on web application’s backend database it is not like XSS vulnerability where attacker uses JavaScript to target the client browser, SQL injection targets the SQL statement being executed by the application on the backend database.

Hackers usually identify the SQL injection vulnerability by adding invalid or unexpected characters to a parameter value and watch for errors in application’s response. For example:

http://www.example.com/users.asp?id=mark’

If the request generates an error, it is a good indication of a mishandled quotation mark and the application may be vulnerable to SQL injection attacks. While I think that automated tools can do fast job in checking these vulnerabilities such as Havij a very fast tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

Attack with SQL-code uses poorly written Web-based applications that directly write data into the database. In fact, SQL-injection does not depend on application language as mistakes in programming allow SQL-injection use almost any programming language.

That’s why it is very important to conduct Application black-box penetration testing as this can reveal OWASP Top 10 application vulnerabilities, including SQL injection, parameter manipulation, cookie poisoning, and XSS.

An attacker who wishes to grab usernames and passwords might try phishing and social engineering attacks against some user’s application. On the other hand, Hackers can try to pull everyone’s credentials directly from the database.

Infondlinux: Install Useful Security Tools & Firefox Addons for hackers

Infondlinux is a script that installs most of the hacking tools, that we use during penetration tests and capture the flag tournaments. It is a post configuration script for Ubuntu Linux. We can also install it on other *nix system but not all of the below mentioned tools may work depending on environment. It has been actively tested on Ubuntu 10.10.

It installs useful security tools and Firefox addons. Tools installed by script are listed at the beginning of source code, which we can edit as per our requirement.

List of security tools included:
Debian packages:

• imagemagick
• vim
• less
• gimp
• build-essential
• wipe
• xchat
• pidgin
• vlc
• nautilus-open-terminal
• nmap
• zenmap
• sun-java6-plugin et jre et jdk
• bluefish
• flash-plugin-nonfree
• aircrack-ng
• wireshark
• ruby
• ascii
• webhttrack
• socat
• nasm
• w3af
• subversion
• mercurial
• libopenssl-ruby
• ruby-gnome2
• traceroute
• filezilla
• gnupg
• rubygems
• php5
• libapache2-mod-php5
• mysql-server
• php5-mysql
• phpmyadmin
• extract
• p0f
• spikeproxy
• ettercap
• dsniff :
  • arpspoof Send out unrequested (and possibly forged) arp replies.
  • dnsspoof forge replies to arbitrary DNS address / pointer queries on the Local Area Network.
  • dsniff password sniffer for several protocols.
  • filesnarf saves selected files sniffed from NFS traffic.
  • macof flood the local network with random MAC addresses.
  • mailsnarf sniffs mail on the LAN and stores it in mbox format.
  • msgsnarf record selected messages from different Instant Messengers.
  • sshmitm SSH monkey-in-the-middle. proxies and sniffs SSH traffic.
  • sshow SSH traffic analyser.
  • tcpkill kills specified in-progress TCP connections.
  • tcpnice slow down specified TCP connections via “active” traffic shaping.
  • urlsnarf output selected URLs sniffed from HTTP traffic in CLF.
  • webmitm HTTP / HTTPS monkey-in-the-middle. transparently proxies.
  • webspy sends URLs sniffed from a client to your local browser
• unrar
• torsocks
• secure-delete
• nautilus-gksu
• sqlmap

Third party packages:

• tor
• tor-geoipdb
• virtualbox 4.0
• google-chrome-stable

Manually downloaded software’s and versions:

• DirBuster (1.0RC1)
• truecrypt (7.0a)
• metasploit framework (3.6)
• webscarab (latest)
• burp suite (1.3.03)
• parosproxy (3.2.13)
• jmeter (2.4)
• rips (0.35)
• origami-pdf (latest)
• pdfid.py (0.0.11)
• pdf-parser.pym (0.3.7)
• fierce (latest)
• wifite (latest)
• pyloris (3.2)
• skipfish (1.86 beta)
• hydra (6.2)
• Maltego (3.0)
• SET

Author made scripts:

• hextoasm
• md5crack.py (written by Corbiero)
• chartoascii.py
• asciitochar.py
• rsa.py
• Firefox extensions:
  
• livehttpheaders
• firebug
• tamperdata
• noscript
• flashblock
• flashgot
• foxyproxy
• certificatepatrol
• chickenfoot 1.0.7

Pretty good list of applications we must say.
How to install/download

# download:
$ wget http://infondlinux.googlecode.com/svn/trunk/infondlinux.sh
# install:
$ sudo infondlinux.sh

enjoy it :)

Data Breach Investigations Report for 2011

Latest data breach reports for 2011 with comparisons is out with some shocking statistics.
361 million >> 144 million >> 4 million. Thus goes the tally of total records compromised across the combined caseload of Verizon and the United States Secret Service (USSS) over the last three years. After four years of increasing losses culminating in 2008’s record-setting 361 million, we speculated whether 2009’s drop to 144 million was a fluke or a sign of things to come. 2010’s total of less than four million compromised records seems to suggest it was a sign.But of what? And is it a permanent change in direction or a temporary detour?To help us answer that, we are very glad to have the United States Secret Service (USSS) back with us for the 2011 DBIR.

Additionally, we have the pleasure of welcoming the Dutch National High Tech Crime Unit (NHTCU) to the team. Through this cooperative effort, we had the privilege—and challenge—of examining about 800 new data compromise incidents since our last report (with 761 of those for 2010). To put that in perspective, the entire Verizon-USSS dataset from 2004 to 2009 numbered just over 900 breaches. We very nearly doubled the size of our dataset in 2010 alone!

Download pdf report here

Armitage 04.24.11

Armitage is a graphical attack management tool for Metasploit that visualize your target, recommends exploits, and expose the advanced capabilities of the framework. Armitage's aim is to make Metasploit usable for security practitioners who understand hacking but do not use Metasploit every day. 

New features in Armitage updated version.

• Armitage -> Listeners -> Reverse now binds to 0.0.0.0.
• Host import now posts an event to the collab mode shared event log

• Added an option to display an MOTD message to clients that connect to Armitage in the collaboration mode. Use -m or –motd before –server and specify a file, e.g.  

               armitage -m /path/to/motd.txt --server ...

• Fixed a potential dead-lock condition with the screenshot/webcam shot tab.

_ User message on connect _

• Added Meterpreter -> Access -> Pass Session to send a meterpreter session to a handler set up on another host.
• Armitage now sets ExitOnSession to false for multi/handlers started within Armitage.
• Pivoting and ARP Scan dialogs now highlight first option by default.
• Added a sanity check to the Route class to prevent malformed IPs from screwing up sorting.
• Removed sqlite3 from the database options. I should have done this long ago–it has no place in Armitage.
• Armitage now intercepts meterpreter “shell” command and opens a new tab with the cmd.exe interaction in it.

You can download Armitage from 


WINDOWS-here
LINUX-here
MacOS X - here

Learn more about Armitage -fastandeasyhacking

How to Disable Geolocation in Specific Programs

Geolocation is a rather secret feature of some browsers and toolbars. It allows the creator of that program to get a fix on the location of your computer to within a few meters of where you actually live.

If you want to see how to disable geolocation on Twitter, Thunderbird,Internet ExplorerX, Apple Safari , GMAIL , etc. Please go to the Source. 

- Facebook (initially just for the iPhone client):

• Goto Privacy Settings
• Click ‘Custom’
• Click ‘Custom Settings’
• Disable ‘Places I check in’
• Disable ‘People here now’
• Disable ‘Friends can check me in to places’

 - Google Chrome:
• Goto the ‘Customize and control Google Chrome’ icon (the little blue wrench on the top right)
• Goto ‘Options’
• Goto ‘Under the Bonnet’
• Choose ‘Content Settings’
• Choose ‘Location’
• Check ‘Do not allow any site to track my physical location’

- Mozilla Firefox:
• Type ‘about:config’ in the address bar (without the ‘’)
• Discard the warning by hitting ‘yes’
• [1] Scroll down until you reach ‘geo.enabled’ or you can simply search for 'geo.enabled'
• Doubleclick the item and it will change from its default value ‘True’ to ‘False’
• [2] Scroll down until you reach ‘geo.wifi.uri’or you can simply search for 'geo.wifi.uri'
• Rightclick the Value of ‘geo.wifi.uri’ and click ‘Modify’
• Type in ‘localhost’ and hit ‘OK’

Metasploit (Video Tutorials)

Metasploit is one of the tool that every hacker have in his tool kit which contains lots of modules and exploits which can be used with various payloads to  break into boxes.

In this video series you will go through the metasploit framework starting from the very basics of metasploit and slowly more towards  intermediate and advanced functionality, including creation of Meterpreter scripts and extending the framework.

Video Series Link (Original source)

1. Metasploit Megaprimer Part 1 (Exploitation Basics and need for Metasploit)

http://www.securitytube.net/video/1175

2. Metasploit Megaprimer Part 2 (Getting Started with Metasploit)
http://www.securitytube.net/video/1176

3. Metasploit Megaprimer Part 3 (Meterpreter Basics and using Stdapi)
http://www.securitytube.net/video/1181

4. Metasploit Megaprimer Part 4 (Meterpreter Extensions Stdapi and Priv)
http://www.securitytube.net/video/1182

5. Metasploit Megaprimer Part 5 (Understanding Windows Tokens and Meterpreter Incognito)
http://www.securitytube.net/video/1183

6. Metasploit Megaprimer Part 6 (Espia and Sniffer Extensions with Meterpreter Scripts)
http://www.securitytube.net/video/1184

7. Metasploit Megaprimer Part 7 (Metasploit Database Integration and Automating Exploitation)
http://www.securitytube.net/video/1185

8. Metasploit Megaprimer Part 8 (Post Exploitation Kung Fu)
http://www.securitytube.net/video/1187

9. Metasploit Megaprimer Part 9 (Post Exploitation Privilege Escalation)
http://www.securitytube.net/video/1188

10. Metasploit Megaprimer Part 10 (Post Exploitation Log Deletion and AV Killing)
http://www.securitytube.net/video/1189

11. Metasploit Megaprimer Part 11 (Post Exploitation and Stealing Data)
http://www.securitytube.net/video/1190

12. Metasploit Megaprimer Part 12 (Post Exploitation Backdoors and Rootkits)
http://www.securitytube.net/video/1191

13. Metasploit Megaprimer Part 13 (Post Exploitation Pivoting and Port Forwarding)
http://www.securitytube.net/video/1192

14. Metasploit Megaprimer Part 14 (Backdooring Executables)
http://www.securitytube.net/video/1198

15. Metasploit Megaprimer Part 15 (Auxiliary Modules)
http://www.securitytube.net/video/1199

16. Metasploit Megaprimer Part 16 (Pass the Hash Attack)
http://www.securitytube.net/video/1215

17. Metasploit Megaprimer Part 17 (Scenario Based Hacking)
http://www.securitytube.net/video/1219

Download (Part - Part )

http://www.filesonic.com/file/105648012/metasploit_megaprimer.part1.rar 

http://www.filesonic.com/file/105647782/metasploit_megaprimer.part2.rar 

http://www.filesonic.com/file/105648392/metasploit_megaprimer.part3.rar 

http://www.filesonic.com/file/105647932/metasploit_megaprimer.part4.rar 

http://www.filesonic.com/file/105641352/metasploit_megaprimer.part5.rar

I take no authorization of the content.