The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Tools

Anonymity Tool Tor gains more than 1.2 Million new users since NSA PRISM scandal

Anonymity Tool Tor gains more than 1.2 Million new users since NSA PRISM scandal

August 31, 2013Mohit Kumar
Since Snowden came forward with details about the NSA's PRISM program in June, web users concerned about online privacy are increasingly turning toward privacy tools to protect their online data. U.S. Government project PRISM allows the government to tap phone calls, email, and web browsing of any citizen without a warrant. New metrics from The Tor Project show that, the usage of Tor Browser is increasing day by day due to the fact that internet users are getting more and more inclined in keeping their online activity isolated from internet surveillance programs like US Prism. Tor was launched in 2004 and developed by the U.S. Navy, is used by governments, activists, journalists and dissidents to conceal their online activities from prying eyes. The TOR online anonymity service has exploded since early June, up more than 100 percent, from just over 500,000 global users to more than 1.2 million. Of those 600,000 new users, roughly ten percent are from the
NSA’s #XKeyscore program could read Facebook Chats And Private Messages

NSA's #XKeyscore program could read Facebook Chats And Private Messages

July 31, 2013Mohit Kumar
According to a new report revealed by NSA leaker Edward Snowden , The National Security Agency has a secret program that allows it to see just about everything a person does on the Internet.  An NSA tool called DNI Presenter, used to read the content of stored emails, also enables an analyst using XKeyscore to read the content of Facebook chats or private messages.  An analyst can monitor such Facebook chats by entering the Facebook user name and a date range into a simple search screen. XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst. The Guardian has published several NSA training slides from the program: The NSA documents show that as of 2008, the X-Keyscore platform was used to nab 300 alleged terrorists around the world. Another
UbnHD2 : Ubuntu based Pentesting OS for Mobiles

UbnHD2 : Ubuntu based Pentesting OS for Mobiles

December 27, 2012Mohit Kumar
Most of the crazy readers always demand for some solution to turn their Android Smartphone into a Hacking Machine. There are various solutions, like installing some penetration testing android based tools like ANTI, dSploit, FaceNiff etc and also Installing ARM version of Backtrack OS. Today I found another solution for same purpose i.e.UbnHD2, a Ubuntu based Pen-testing OS. UbnHD2 is a security and pentest focused ubuntu/debian system that runs natively on the HTC HD2 phone. The product right now in beta versions and various options may not work. Installations steps are described by developer . Features Based on Ubuntu 10.10 Maverick Meerkat, Kernel 2.6.32.15 (ARM) X.org 7.5, GNOME 2.32.0 & Cairo-Dock 2.2.0 USB-OTG, 3G Network & WiFi (Drivers not included, proprietary, check XDA Forum) Perl 5.10.1, Ruby 4.5, Python 2.6.6 and more than 170 Pentest Tools preloaded Download From Sourceforge
Beacon : A new advance payload for Cobalt Strike

Beacon : A new advance payload for Cobalt Strike

September 30, 2012Mohit Kumar
Raphael Mudge (Creator of Cobalt Strike ) announced Another Advance Payload for Cobalt Strike called " Beacon ". In a conversation with The Hacker News  Raphael said " A big gap in the penetration tester's toolbox are covert command and control options, especially for long engagements. Beacon is a new feature in Cobalt Strike to remedy this problem ." Cobalt Strikes's graphical user interface offers direct control of the 700+ exploits and advanced features in the open source Metasploit Framework. Beacon is a Cobalt Strike payload for long-term asynchronous command and control of compromised hosts. It works like other Metasploit Framework payloads. You may embed it into an executable, add it to a document, or deliver it with a client-side exploit. Beacon downloads tasks using HTTP requests. You may configure Beacon to connect to multiple domains. For extra stealth, Beacon may use DNS requests to check if a task is available. This limits the comm
The FixMeStick : My Parents Need This

The FixMeStick : My Parents Need This

September 20, 2012Mohit Kumar
The founders over at FixMeStick sent us a pair of their latest devices to check out. The FixMeStick is, in short, a malware removal device for dummies . The FixMeStick is a bootable USB device running Lubuntu and integrates three separate anti-virus scanners from Kaspersky Labs, Sophos, and GFI. While our readers will probably never need it for themselves, we may all wish we had something like this for our non-technical friends and family, or the 9 million PCs infected with ZeroAccess botnet . The FixMeStick does a lot of things that nobody else does on a bootable USB, and let's be real, removing rootkits is never pleasant or easy. Why I Want it For My Parents Linux: the FixMeStick is a Linux-based device that runs before Windows boots enabling it to remove infections without the infection getting stealthy or playing war with my parent's anti-virus software. N-Scanner architecture: contains an integrated multi-scanner composed of three engines: Kaspersky Labs, Sophos, and GFI's VI
Exploit Released for Internet Explorer zero-day attacks : CVE-2012-4969

Exploit Released for Internet Explorer zero-day attacks : CVE-2012-4969

September 19, 2012Mohit Kumar
Microsoft has confirmed reports that a zero-day vulnerability in its Internet Explorer browser is being actively attacked in the wild. Four active exploits of a zero-day vulnerability in the browser exists. Microsoft will push out an out-of-cycle Windows patch to temporarily fix the critical Internet Explorer flaw. Security researcher Eric Romang identified the exploit code on a server used by the "Nitro" hacking group, believed to have exploited the Java zero-day vulnerability reported last month.  Security firm Rapid7 advises that Internet users try a different Web browser. The malware may be linked to an ongoing attack on companies that has been dubbed "Nitro", and was first discovered in October by Symantec. The zero-day in IE 6-9 is a use-after-free memory corruption vulnerability , similar to a buffer overflow, that would enable an attacker to remotely execute code on a compromised machine. The original exploit payload dropped the PoisonIvy remote access Trojan (RAT)
BlackHole Exploit Kit 2.0 released with more latest Exploits

BlackHole Exploit Kit 2.0 released with more latest Exploits

September 14, 2012Mohit Kumar
According to release announcement on Pastebin by unknown developers in a Russian-language BlackHole Exploit Kit 2.0 released with more latest Exploits. BlackHole is one of the most dominant exploit toolkits currently available in the underground market. It enables attackers to exploit security holes in order to install malicious software on victim's systems. The new variant doesn't rely on plugindetect to determine the Java version that's installed, thus speeding up the malware download process. Old exploits that were causing browsers to crash and "scary visual effects" have been removed. The exploit kit is offered both as a "licensed" software product for the intrepid malware server operator and as malware-as-a-service by the author off his own server. Some interesting claims by developer about new version: prevent direct download of executable payloads only load exploit contents when client is considered vulnerable drop use of PluginDetect library (performance jus
Gauss Malware Detection Tool released by Iranian CERT

Gauss Malware Detection Tool released by Iranian CERT

September 08, 2012Mohit Kumar
Iranian National Computer Emergency Response Team releases a tool for Gauss malware detection . Cyber surveillance virus has been found in the Middle East that can spy on banking transactions and steal login and passwords, according Kaspersky Lab, a leading computer security firm. Gauss primarily infects 32-bit versions of Windows, though a separate spy module for USB drives can collect information from 64-bit systems. Infections are mainly split between Windows 7 and Windows XP, although some of the Gauss modules don't work against Windows 7 Service Pack 1. Mac and Linux machines appear to be safe. Multiple modules of Gauss serve the purpose of collecting information from browsers, which include the history of visited websites and passwords. Detailed data on the infected machine is also sent to the attackers, including specifics of network interfaces, the computer's drives and BIOS information. The Gauss module is also capable of stealing data from the clients of several Leb
BackTrack 5 R3 Released - Download Now !

BackTrack 5 R3 Released - Download Now !

August 13, 2012Mohit Kumar
The latest version of Backtrack is out! Check out Backtrack 5 R3! " The time has come to refresh our security tool arsenal – BackTrack 5 R3 has been released. R3 focuses on bug-fixes as well as the addition of over 60 new tools – several of which were released in BlackHat and Defcon 2012. A whole new tool category was populated – "Physical Exploitation", which now includes tools such as the Arduino IDE and libraries, as well as the Kautilya Teensy payload collection. " Backtrack Team have released a single VMware Image (Gnome, 32 bit), for those requiring other VM flavors of BackTrack. Download BackTrack 5 R3
zAnti Pentester’s Worldcup tournament open for Hackers

zAnti Pentester's Worldcup tournament open for Hackers

June 24, 2012Mohit Kumar
zAnti Pentester's Worldcup tournament open for Hackers Today is a great day to be a security enthusiastic since Zimperium kicked off the first ever penetration testing tournament. — Welcome to the Pentester's Worldcup ! Zimperium , a mobile security software start-up was founded by Itzhak " Zuk " Avraham, a world-renowned white-hat hacker, in 2011. The Pentester's World Cup is part of Zimperium's efforts to increase awareness about mobile security, and simultaneously enhance the security of its range of award-winning products. You may recall Anti, The first comprehensive Penetration Testing software offered on Smartphones, Zimperium created a killer mobile app that is so simple to use, any technical person is able to perform pentest on his network to get status of which devices that are attached to the network are vulnerable, what ports are opened and additional information that is a must have for anyone who cares about the safety on his network. Last year at DEFCON, Avraham, also
CVE-2012-2122 : Serious Mysql Authentication Bypass Vulnerability

CVE-2012-2122 : Serious Mysql Authentication Bypass Vulnerability

June 11, 2012Mohit Kumar
CVE-2012-2122 : Serious Mysql Authentication Bypass Vulnerability A serious security bug in MariaDB and MySQL Disclosed, According to Advisory All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 are vulnerable. This issue got assigned an id CVE-2012-2122. " When a user connects to MariaDB/MySQL, a token (SHAover a password and a random scramble string) is calculated and comparedwith the expected value. Because of incorrect casting, it might'vehappened that the token and the expected value were considered equal,even if the memcmp() returned a non-zero value. In this caseMySQL/MariaDB would think that the password is correct, even while it isnot. Because the protocol uses random strings, the probability ofhitting this bug is about 1/256 ." " Which means, if one knows a user name to connect (and "root" almostalways exists), she can connect using *any* password by repeatingconnection attempts. ~300 attempts takes only a fraction of second, s
Orion Browser Dumper v1.0 released

Orion Browser Dumper v1.0 released

May 12, 2012Mohit Kumar
Orion Browser Dumper v1.0 released Jean-Pierre LESUEUR (DarkCoderSc) releases another Browser Forensic tool for Community called " Orion Browser Dumper v1.0 ".  This software is an advanced local browser history extractor (dumper), in less than few seconds (like for Browser Forensic Tool) it will extract the whole history content of most famous web browser, Actually Internet Explorer, Mozilla FireFox, Google Chrome, COMODO Dragon, Rockmelt and Opera. You can download the tool from Official Website of DarkCommet . Video Demonstration: Last week he also release " Browser Forensic Tool v2.0 " - Its is also an advanced local browser history search engine, in less than few seconds it will extract the chosen keywords of most famous web browser, actually Internet Explorer, Google Chrome, Mozilla FireFox, RockMelt, Comodo Dragon and Opera.
Browser Forensic Tool v2.0 - Advanced browser history search engine

Browser Forensic Tool v2.0 - Advanced browser history search engine

May 05, 2012Mohit Kumar
Browser Forensic Tool v2.0 - Advanced browser history search engine Browser Forensic Tool v2.0  , Developed by DarkCoderSc (Jean-Pierre LESUEUR) ,is an advanced local browser history search engine, in less than few seconds it will extract the chosen keywords of most famous web browser, actually Internet Explorer, Google Chrome, Mozilla FireFox, RockMelt, Comodo Dragon and Opera. BFT will attempt to find the keyword(s) in the history title and search, if the keyword is present or suspected to be, it will be display in the result list with his URL and Title. The software also give you the possibility to edit the default keywords and of course add / modify your own keywords, to separate keywords subject you can create your own keywords categories and only scan for some keywords in the chosen category . The program is fully asynchronous so it won't affect your work during the scan time nor it will block the customization of keywords and keylist and can be canceled at anytime. D
Skype Vulnerability Exposing User IP Addresses

Skype Vulnerability Exposing User IP Addresses

May 01, 2012Mohit Kumar
Skype Vulnerability Exposing User IP Addresses Skype is warning users following the launch of a site devoted to harvesting user IP addresses.The Skype IP-Finder site allowed third-parties to see a user's last known IP address by simply typing in a user name. A script has been uploaded to Github that offers these options. According to the page, it can be used to lookup IP addresses of online Skype accounts, and return both the remote and the local IP of that account on a website. The script is for instance available on this site . Just enter the user name of a Skype user, fill out the captcha, and click the search button to initiate the lookup. You will receive the user's remote IP and port, as well as the local IP and port. Adrian Asher, director of product Security, Skype " We are investigating reports of a new tool that captures a Skype user's last known IP address. This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the
oclHashcat-plus v0.08 Released - fastest password Cracker

oclHashcat-plus v0.08 Released - fastest password Cracker

May 01, 2012Mohit Kumar
oclHashcat-plus v0.08 Released - fastest password Cracker oclHashcat-plus is Worlds first and only GPGPU based rule engine and Worlds fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. Features Free Multi-GPU (up to 16 gpus) Multi-Hash (up to 24 million hashes) Multi-OS (Linux & Windows native binaries) Multi-Platform (OpenCL & CUDA support) Multi-Algo (see below) Low resource utilization, you can still watch movies or play games while cracking Focuses highly iterated, modern hashes Focuses single dictionary based attacks Supports pause / resume while cracking Supports reading words from file Supports reading words from stdin Integrated thermal watchdog 20+ Algorithms implemented with performance in mind ... and much more Algorithms MD5 Joomla osCommerce, xt:Commerce SHA1 SHA-1(Base64), nsldap, Netscape LDAP SHA SSHA-1(Base64), nsldaps, Netscape LDAP SSHA Oracle 11g SMF > v1.1 OSX v10.4, v10.5, v10.6 MSSQL(2000) MSSQL(2005) MySQL
WebSploit Toolkit 1.6 Released

WebSploit Toolkit 1.6 Released

April 28, 2012Mohit Kumar
WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability Description : [+]Autopwn - Used From Metasploit For Scan and Exploit Target Service [+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin [+]format infector - inject reverse & bind payload into file format [+]phpmyadmin - Search Target phpmyadmin login page [+]lfi - Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF [+]apache users - search server username directory (if use from apache webserver) [+]Dir Bruter - brute target directory with wordlist [+]admin finder - search admin & login page of target [+]MLITM Attack - Man Left In The Middle, XSS Phishing Attacks [+]MITM - Man In The Middle Attack [+]Java Applet Attack - Java Signed Applet Attack [+]MFOD Attack Vector - Middle Finger Of Doom Attack Vector [+]USB Infection Attack - Create Executable Backdoor For Infect USB For Windows Download WebSploit Toolkit V.1.6
Permanent Reverse TCP Backdoor for IPhone and IPad

Permanent Reverse TCP Backdoor for IPhone and IPad

April 26, 2012Mohit Kumar
Security Expert from Coresec explains the use of a Permanent Reverse TCP Backdoor " sbd-1.36 " for IPhone and IPad developed by Michel Blomgren. sbd is a Netcat-clone, designed to be portable and offer strong encryption. It runs on Unix-like operating systems and on Microsoft Win32. sbd features AES-128-CBC + HMAC-SHA1 encryption (by Christophe Devine), program execution (-e option), choosing source port, continuous reconnection with delay, and some other nice features. Only TCP/IP communication is supported. Steps to pwn the Iphone: 1. Install packages iphone-gcc using " apt-get install iphone-gcc " & make " apt-get install make " 2. Download sbd backdoor to the device using Wget from here  & Untar - " tar -zxvf sbd-1.36.tar.gz " 3.) Sbd configuration before the compilation, See details here . 4.) Compilation process - " make darwin " 5. Configuration to RunAtLoad using LaunchDaemons (for permanent access) 6. Gaining acces
Penetration Testers Get Ready - BackBox Linux 2.05 released !

Penetration Testers Get Ready - BackBox Linux 2.05 released !

April 26, 2012Mohit Kumar
The BackBox team has announce the release 2.05 of BackBox Linux. The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools. What's new System upgrade Bug corrections Performance boost Improved start menu Improved WiFi driver (compat-wireless aircrack patched) New Hacking tools: creepy, fern-wifi-cracker, joomscan, pyrit, reaver, xplico, etc. Updated tools: crunch, fimap, hydra, magictree, metasploit, set, sipvicious, skipfish, w3af, weevely, wireshark, wirouterkeyrec, wpscan, zaproxy, theharvester, xsser, etc. Download Backbox 2.05
Plown : Security scanner for Plone CMS

Plown : Security scanner for Plone CMS

April 24, 2012Mohit Kumar
Plown : Security scanner for Plone CMS Despite the fact that Plone is one of the most secure CMS, even the most secure system can be penetrated due to misconfigurations, use of weak passwords and if the admins never apply the patches released. Plown has been developed during penetration tests on Plone sites and was used to ease the discovery of usernames and passwords, plus expose known Plone vulnerabilities that might exist on a system. What Plown does Username enumeration Multithreading password cracking.You can specify the login url (if different that login_form) and the number of threads (16 default) Known vulnerability enumeration, based on urls/objects exposed. If found vulnerable, the tool informs about the vulnerability and the url of the patch Version enumeration is planned, based on md5 hashes of static content (css, js) We hope that plown can act as an assistant to system administrators to strengthen their Plone sites. Download Code (written on python)  or visit  P
zDefender - Enterprise smartphone IDS/IPS released by Zimperium

zDefender - Enterprise smartphone IDS/IPS released by Zimperium

April 20, 2012Mohit Kumar
zDefender - Enterprise smartphone IDS/IPS released by Zimperium Do you recall the security firm Zimperium which came out with ANTI , the killer Android app that allowed even the clueless to hack and pwn like a pentester? Zimperium, an Israeli security start up founded by Zuk Avraham, a world-renowned hacker and security researcher, has debuted its latest product, the zDefender at DEMO in Santa Clara, California. Called zDefender , this product can detect malicious attacks and take proactive measures to reduce threats via automatic preventive traffic filters and a remote management console. With the onslaught of mobile malware, everyone should have antivirus up and running immediately after purchasing a smartphone. You'd think you were protected from various attacks like man in the middle (MITM) attacks ? At DEMO Spring 2012 , Zuk planted 2 Routers, providing 3 Access points, which have claimed about 3,000 mobile device victims so far. zDefender is able to do this by using Zimpe
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.