The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Linux News

Fast Network cracker Hydra v 7.4 updated version download

Fast Network cracker Hydra v 7.4 updated version download

December 23, 2012Mohit Kumar
One of the biggest security holes are passwords, as every password security study shows. A very fast network logon cracker which support many different services, THC-Hydra is now updated to 7.4 version. Hydra available for Linux, Windows/Cygwin, Solaris 11, FreeBSD 8.1 and OSX, Currently supports AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP, SOCKS5, SSH (v1 and v2), Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP. Change Log New module: SSHKEY - for testing for ssh private keys (thanks to deadbyte(at)toucan-system(dot)com!) Added support for win8 and win2012 server to the RDP module Better target distribution if -M is used
New Linux Rootkit Attacks Internet Users

New Linux Rootkit Attacks Internet Users

December 02, 2012Mohit Kumar
Security researchers have discovered what appears to be an experimental Linux rootkit designed to infect its highly select victims during a classic drive-by website attack. The malware allows hackers to inject code directly in any infected web page. The new malware, discovered on November 13 of this year, was written especially for servers that run Debian Squeeze and NGINX, on 64 bits. About Rootkit :  Rootkit.Linux.Snakso.a is designed to infect the Linux kernel version 2.6.32-5-amd64 and adds an iframe to all served web pages by the infected Linux server via the nginx proxy.  Based on research, the rootkit may have been created by a Russia-based attacker. The recently discovered malware is very dangerous because it does not infect a specific website. It infects the entire server and this can endanger all websites hosted on that server. Drive-by-downloads expose web surfers to malicious code that attempt to exploit unpatched software vulnerabilities in the web visitor&#
Hardening Linux Security in few seconds using "Server Shield"

Hardening Linux Security in few seconds using "Server Shield"

October 14, 2012Mohit Kumar
Are you running Linux just because you think it's safer than Windows? Think again. Sure, security is a built-in   feature and extends right from the Linux kernel to the desktop, but it still leaves enough room to let someone muck about with your /home folder. Linux might be impervious to viruses and worms written for Windows, but that's just a small subset of the larger issue. Attackers have various tricks up their sleeves to get to those precious bits and bytes that make up everything from your mugshot to your credit card details. Computers that connect to the internet are the ones most exposed to attackers, although computers that never get to see online action are just as vulnerable. We have a small and enough very fast solution for Hardning the security of your Linux machine in few seconds using  Server Shield , It is a lightweight method of protecting and hardening your Linux server. It is easy to install, hard to mess up, and makes your server instantly and effortle
Universal Cross-site scripting vulnerability in Opera browser

Universal Cross-site scripting vulnerability in Opera browser

October 05, 2012Mohit Kumar
A Universal Cross-site scripting vulnerability in Opera browser was disclosed today on a Russian forum rdot.org . The flaw has the ability to be triggered by exploiting flaws inside browsers, instead of leveraging the vulnerabilities against insecure web sites. " Vulnerable versions Opera for Windows, Mac and Linux to 2.12 inclusive (the latest version as of today). On versions prior to 9.50 check is not performed. advise after referring to the following opera when redirecting to a site on data: URL via HTTP -header Location property document.domain has a value in the last redirecting site " The vulnerability actually use the Data URI Scheme in combination with another flaw called " Open Redirection " which happens when an attacker can use the webpage to redirect the user to any URI of his choice. Even one don't have "Open Redirection" flaw in his site, still this XSS can be triggered using various short url services like bit.ly and tinyurl.com.  Here 's a p
Cisco CallManager vulnerable to brute force attack

Cisco CallManager vulnerable to brute force attack

October 01, 2012Mohit Kumar
Roberto Suggi Liverani , founder of the OWASP (Open Web Application Security Project) New Zealand chapter discover a vulnerability in Cisco CallManager AKA Unified Communications Manager. It is a software-based call-processing system developed by Cisco Systems. He described on his blog " During a security review, I have found a quick way to perform PIN brute force attack against accounts registered with a Cisco Unified Communications Manager (CallManager). " Researcher target the HTTP GET requests used by CallManager to initiate the login process. :  https://x.x.x.x/ccmpd/pdCheckLogin.do?name=undefined He Demonstrated the idea with Burp Suite (Penetration testing Framework). He showed the html form parameter used for login as shown below: https://x.x.x.x/ccmpd/login.do?sid=_sid_value_&userid=_userid_&pin=_PIN_ The sid token is required to perform the PIN brute force attack. So first get a valid sid token value and then you can brute force  userid and pin usin
Beacon : A new advance payload for Cobalt Strike

Beacon : A new advance payload for Cobalt Strike

September 30, 2012Mohit Kumar
Raphael Mudge (Creator of Cobalt Strike ) announced Another Advance Payload for Cobalt Strike called " Beacon ". In a conversation with The Hacker News  Raphael said " A big gap in the penetration tester's toolbox are covert command and control options, especially for long engagements. Beacon is a new feature in Cobalt Strike to remedy this problem ." Cobalt Strikes's graphical user interface offers direct control of the 700+ exploits and advanced features in the open source Metasploit Framework. Beacon is a Cobalt Strike payload for long-term asynchronous command and control of compromised hosts. It works like other Metasploit Framework payloads. You may embed it into an executable, add it to a document, or deliver it with a client-side exploit. Beacon downloads tasks using HTTP requests. You may configure Beacon to connect to multiple domains. For extra stealth, Beacon may use DNS requests to check if a task is available. This limits the comm
Security researchers will disclose vulnerabilities in Embedded, ARM, x86 & NFC

Security researchers will disclose vulnerabilities in Embedded, ARM, x86 & NFC

July 24, 2012Mohit Kumar
Security researchers are expected to disclose new vulnerabilities in near field communication (NFC), mobile baseband firmware, HTML5 and Web application firewalls next week at the Black Hat USA 2012 security conference. The Black Hat session aim to expose sometimes shocking vulnerabilities in widely used products. They also typically show countermeasures to plug the holes. Two independent security consultants will give a class called " Advanced ARM exploitation ," part of a broader five-day private class the duo developed. In a sold-out session, they will detail hardware hacks of multiple ARM platforms running Linux, some described on a separate blog posting. The purpose of the talk is to reach a broader audience and share the more interesting bits of the research that went into developing the Practical ARM Exploitation and presenters Stephen Ridley and Stephen Lawler demonstrate how to defeat XN, ASLR, stack cookies, etc. using nuances of the ARM architecture on Linux. I
Android Security shielded with full ASLR implementation

Android Security shielded with full ASLR implementation

July 17, 2012Mohit Kumar
The latest release of Google's Android mobile operating system has finally been properly fortified with an industry-standard defense. It's designed to protect end users against hack attacks that install malware on handsets. Android 4.1 Jelly Bean includes several new exploit mitigations and a more extensive implementation of ASLR to help defeat many kinds of exploits. ASLR is an exploit mitigation method that randomizes the positions of key data areas such as libraries, heap, stack, and the base of the executable, in a process's address space, and that makes it near impossible for malware authors and hackers to predict where their malicious payloads will be loaded. " As we mentioned in our previous post on Android ASLR, the executable mapping in the process address space was not randomized in Ice Cream Sandwich, making ROP-style attacks possible using the whole executable as a source of gadgets. In Jelly Bean, most binaries are now compiled/linked with the PIE fla
Quebec Liberal Party and Education Ministry websites take down in massive Cyber Attack

Quebec Liberal Party and Education Ministry websites take down in massive Cyber Attack

May 20, 2012Mohit Kumar
Quebec Liberal Party and Education Ministry websites take down in massive Cyber Attack Two provincial government websites as well as Quebec Liberal Party and Education Ministry websites went down early Saturday morning and remained inaccessible for most of the day. No one has claimed responsibility for the downed sites but Twitter was full of rumours on Saturday pointing to Anonymous, the loose group of cyber activists. The cyber troubles began just hours after a new law, Bill 78, passed in the National Assembly. It requires any group of 50 or more people holding a demonstration in the province to inform police eight hours in advance of their planned route and other pertinent details such as the start and end times. One of Anonymous' Twitter accounts tweeted on Friday: " Quebec Considers Draconian Anti-Protest Law ... Expect us ." Anonymous also threatened the website belonging to the province's National Assembly. While some reported that the legislature's website had been ta
Cyber Attacks on gas pipeline linked to China

Cyber Attacks on gas pipeline linked to China

May 12, 2012Mohit Kumar
Cyber Attacks on gas pipeline linked to China The spear-phishing attacks laying siege to networks in the natural gas pipeline industry apparently are being carried out by the same group that hacked RSA security last year. The attacks, which have been occurring since late this past March, have targeted several of the country's natural gas pipeline companies. According to U.S. officials, it's unclear if a foreign power is trying to map the gas systems or if hackers are attempting to harm the pipelines. A previous attack on the oil and gas sector seemed to originate in China. DHS supplied the pipeline industry and its security experts with digital signatures, or "indicators of compromise" (IOCs). Those indicators included computer file names, computer IP addresses, domain names, and other key information associated with the cyberspies, which companies could use to check their networks for signs they've been infiltrated. DHS officials and a spokesman have acknowled
Windows 8 operating system will ban Firefox and Chrome

Windows 8 operating system will ban Firefox and Chrome

May 11, 2012Mohit Kumar
Windows 8 operating system will ban Firefox and Chrome A new version of the Windows 8 operating system could shut out browsers such as Firefox and Chrome, according to Mozilla. Microsoft has been saying all along that x86 apps wouldn't run on Windows on ARM and it explicitly said there would be no third-party code on Windows RT when it announced the details of the platform back in February. That's no plugins for IE on the Windows RT desktop as well as no desktop Firefox and Chrome. According to Mozilla, the makers of Firefox, Microsoft is planning to allow only one fully-functioning browser on Windows RT: Microsoft's own Internet Explorer. Writing on the Mozilla blog, Harvey Anderson, general counsel for the company, lashed out at Microsoft for the slight, and called the alleged move " an unwelcome return to the digital dark ages where users and developers didn't have browser choices. " Why is Mozilla focused on Microsoft? Anderson's answer: Microsoft is
Permanent Reverse TCP Backdoor for IPhone and IPad

Permanent Reverse TCP Backdoor for IPhone and IPad

April 26, 2012Mohit Kumar
Security Expert from Coresec explains the use of a Permanent Reverse TCP Backdoor " sbd-1.36 " for IPhone and IPad developed by Michel Blomgren. sbd is a Netcat-clone, designed to be portable and offer strong encryption. It runs on Unix-like operating systems and on Microsoft Win32. sbd features AES-128-CBC + HMAC-SHA1 encryption (by Christophe Devine), program execution (-e option), choosing source port, continuous reconnection with delay, and some other nice features. Only TCP/IP communication is supported. Steps to pwn the Iphone: 1. Install packages iphone-gcc using " apt-get install iphone-gcc " & make " apt-get install make " 2. Download sbd backdoor to the device using Wget from here  & Untar - " tar -zxvf sbd-1.36.tar.gz " 3.) Sbd configuration before the compilation, See details here . 4.) Compilation process - " make darwin " 5. Configuration to RunAtLoad using LaunchDaemons (for permanent access) 6. Gaining acces
Advance Ethical Hacking and Cyber Security Boot Camp at Delhi, India

Advance Ethical Hacking and Cyber Security Boot Camp at Delhi, India

April 21, 2012Mohit Kumar
Have you ever wondered how Hackers or Black Hats hack into a computer system ? Our Hacker Boot Camp training session will teach you how this can be done. You will be shown the techniques, tools and methods that the hacker uses. This insight will help you understand how to better protect your IT architecture and identify the vectors of attack that hackers use. The Hacker News organising an Advance Ethical Hacking and Cyber Security Boot Camp at Delhi, India. All of our instructors are experts in their field and maintain respected reputations within the security community. CCSN is a revolutionary new certification in the field of information security training program for amateurs and professionals to help you gain the skills you need to become an expert in the field of information security. This specialized certification assures potential employers and customers that you have a level of advanced knowledge to detect and offer support for some of the most advanced security
Rootdabitch version 0.1 - Multithreaded Linux root password Bruteforcer

Rootdabitch version 0.1 - Multithreaded Linux root password Bruteforcer

April 18, 2012Mohit Kumar
Rootdabitch version 0.1 - Multithreaded Linux root password Bruteforcer r00tw0rm hacker " th3breacher! "  release   Rootdabitch v0.1  ,which is a Multithreaded Linux/UNIX tool to brute-force cracking local root through su using sucrack. sucrack is a multithreaded Linux/UNIX tool for brute-force cracking local user accounts via su. The main feature of the Rootdabitch is that It's local brute forcer, using 10 passwords in 3 seconds. and works in background so you can leave it , when root is cracked it will email the user using /bin/mail . All for this, you need to have a php shell/reverse shell/ssh access to the target to run thistool and run it as a normal user, Upload this script into it and give it the execution permission and execute the script like:  ~ ./rootdabitch youremail@address.com If the password is cracked you will have a mail with the root password and the password will be stored into password.txt . Try it ! Download Rootdabitch 0.1
Your Facebook credentials at risk on Android - iOS jailbroken devices

Your Facebook credentials at risk on Android - iOS jailbroken devices

April 09, 2012Mohit Kumar
Your Facebook credentials at risk on Android - iOS jailbroken devices Facebook allows its authentication credentials to be stored in plain text within the Apple iOS version of its mobile app, allowing an attacker complete control over your Facebook account if he knows where to look. Security researcher Gareth Wright noted the vulnerability and alerted Facebook. Wright wrote on his blog that he discovered the issue while exploring the application directories in his iPhone with a free tool and came across a Facebook access token in the Draw Something game on his phone. The simple 'hack' allows a user to copy a plain text file off of the device and onto another one. This effectively gives another user access to your account, profile and all on that iOS device. Facebook's native apps for the two platforms not encrypting your login credentials, meaning they can be easily swiped over a USB connection, or more likely, via malicious apps. Facebook has responded that this issue only appl
Mercury v1.0 -  Framework for bug hunters to find Android vulnerabilities

Mercury v1.0 - Framework for bug hunters to find Android vulnerabilities

March 20, 2012Mohit Kumar
Mercury v1.0  - Framework for bug hunters to find Android vulnerabilities A free framework for bug hunters to find vulnerabilities, write proof-of-concept exploits and play in Android. Use dynamic analysis on Android applications and devices for quicker security assessments. Share publicly known methods of exploitation on Android and proof-of-concept exploits for applications and devices. The easy extensions interface allows users to write custom modules and exploits for Mercury Replace custom applications and scripts that perform single tasks with a framework that provides many tools. Mercury allows you to: Interact with the 4 IPC endpoints - activities, broadcast receivers, content providers and services Use a proper shell that allows you to play with the underlying Linux OS from the point of view of an unprivileged application (you will be amazed at how much you can still see) Find information on installed packages with optional search filters to allow for better control Buil
iPad 3 jailbroken on Launch Day by 3 ways

iPad 3 jailbroken on Launch Day by 3 ways

March 18, 2012Mohit Kumar
iPad 3 jailbroken on Launch Day by 3 ways The new Apple iPad (third iPad, iPad 3) has already been jailbroken in at least three different ways. On the same day that Apple started shipping the new iPad out to consumers, there were reports that at least one hacker had already jailbroken the latest tablet. The first to claim was @Musclenerd, a member of the iPhone Dev Team,  tweeted a couple of images showing that he had already jailbroken the device. This must be a great relief for Apple fans who want to have their Apple devices, but don't want Cupertino based tech giant to keep it restricted as it wants. Within the 24 hours of the iOS 5.1 update, teammate @pod2g revealed an untethered jailbreak for the iPad 2 and iPhone 4S. With the new iPad running iOS 5.1 and an A5X processor. His hack was followed by the announcement of a successful untethered jailbreak by teammate, @i0n1c, who released a video as evidence to his accomplishment: Finally, a Tweet by @chpwn and @phoenixdev have rev
[POC] Windows RDP Vulnerability Exploit

[POC] Windows RDP Vulnerability Exploit

March 16, 2012Mohit Kumar
[POC] Windows RDP Vulnerability Exploit The vulnerability described by Microsoft as critical is known as MS12-020 or the RDP flaw. The hackers worked quickly on this particular vulnerability and we've already seen attempts to exploit the flaw which exists in a part of Windows called the Remote Desktop Protocol. Proof of concept (POC) exploit of the deadly RDP vulnerability has been shown to trigger blue screens of death on Windows XP and Windows Server 2003 machines. The exploit attacks a RDP (Remote Desktop Protocol) flaw patched by Microsoft on Tuesday. The discovery of proof-of-concept code on a Chinese website less than 72 hours later came as no great surprise. Security firms warned that worse is likely to follow. The vulnerability might easily be exploited to create a worm that spreads automatically between vulnerable computers. Two POC discovered, first POC to emerge was posted briefly on a Chinese website before disappearing. The second, based off the Chinese POC , was
[POC] Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37

[POC] Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37

March 11, 2012Mohit Kumar
Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37 Ucha Gobejishvili (longrifle0x)  from The Vulnerability Laboratory Research Team  discover Buffer Overflow Vulnerability in GOM Media Player v. 2.1.37. GOM Player (Gretech Online Movie Player) is a 32/64-bit media player for Microsoft Windows, distributed by the Gretech Corporation of South Korea. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In this case, The vulnerability can be exploited by local or remote attackers and Vulnerable module is GomU+0x125cb7. Proof of Concept :
GCC 4.6.3 Released with 70 bug-fixes

GCC 4.6.3 Released with 70 bug-fixes

March 04, 2012Mohit Kumar
GCC 4.6.3 Released with 70 bug-fixes The GNU Compiler Collection version 4.6.3 has been released. Jakub Jelinek of Red Hat announced the release this morning of GCC 4.6.3. Over GCC 4.6.2 there's over 70 bug-fixes and other work. However, all of the exciting work meanwhile is going into what will become GCC 4.7. The GNU Compiler Collection (GCC) is a compiler system produced by the GNU Project supporting various programming languages. GCC is a key component of the GNU toolchain. As well as being the official compiler of the unfinished GNU operating system, GCC has been adopted as the standard compiler by most other modern Unix-like computer operating systems, including Linux, the BSD family and Mac OS X. GCC 4.7 will offer some performance improvements, new CPU support, language enhancements, mature Intel Sandy/Ivy Bridge support, and initial Intel Haswell support. GCC 4.7 should be officially released in March or April. Read More here
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.