May 21, 2011

Unknown Exploit Kit (Crimeware) leaked

Another New Exploit kit is called Unknown Exploit Kit or Mushroom Exploit Kit .

This kit offers the following exploits:
MDAC, SpreadSheet, SnapShot, Aurora, CSSClip, IEPeers, PDF LibTiff, PDF GetIcon, PDF CollectEmail, JAVA, Shockwave, and AOL.


Screenshots :







Download Links :



Or


http://www.wupload.com/file/4414057/unkow_pack.zip

Or you can download it from the Source.
Source: http://www.thehackernews.com/2011/05/unknown-exploit-kit-crimeware-leaked.html

May 20, 2011

Anonymous leaks PSN SSH Logs, Sony is responsible for Data Theft ?


1.) On the Sony servers running the highly outdated Open SSH version 4.4.


2.) Current version is 5.7. For those of Sony for encrypted version are used for more than five years several known security holes.

3.) Sony server running in part to the long-outdated software Apache 2.2.10.

4.) Current version is 2.2.17. The version used by Sony is vulnerable to damaging Internet attacks, such as overload attacks (DDOS).

Outdated server software may have caused outage Allowing PSN hackers to enter PlayStation Network stealing more than 100 million user data sets from PSN and SOE. Since the allegation itself isn't exactly new, correct, there are new proofs that this rumor is.

Report even claims that Sony lies when it comes to the statement of outdated servers. Computer Bild got an excerpt showing log files that proof that Sony was, as of the hacking attack, using very outdated server software, searchable as OpenSSH 4.4 - current version is 5.7. Back in 2006 there were reports about OpenSSH 3.x and 4.x, and the security issues those versions utilize.

But SSH was not the only open door for hackers: Sony used to outdated version of the Apache webserver as well. Apache server was found on Sony's current version is 2.2.10 while 2.2.17. Sun Sony made it easy for hackers to access sensitive data since summer 2009 as there were bug reports about "dangerous security issues" Mentioned in the version, as Hamburger Press states.

Source: http://www.thehackernews.com/2011/05/anonymous-leaks-psn-ssh-logs-sony-is.html

Distributed Denial of Service Cheat Sheet

The CERT Societe Generale has released another cheat sheet for Distributed Denial of Service (DDoS) freely available here. "This Incident Response Methodology is a cheat sheet dedicated to handlers investigating on a precise security issue."

http://cert.societegenerale.com/resources/files/IRM-4-DDoS.pdf

Previously published cheat sheet:
Worm Infection - http://cert.societegenerale.com/resources/files/IRM-1-Worm-Infection.pdf
Windows Intrusion - http://cert.societegenerale.com/resources/files/IRM-2-Windows-Intrusion.pdf
Unix Intrusion - http://cert.societegenerale.com/resources/files/IRM-3-Unix-Intrusion.pdf

Source: http://isc.sans.edu/diary.html?storyid=10897

After setup Back|track 5.

After I setup Backtrack5. I do many things to let me do everything like I can do in my custom Backtrack4. ( I used Backtrack5 Gnome 64Bit.)

1. Install Synaptic(Graphical package manager).
    -$ apt-get install synaptic

2. Get or remove package that I think it's not necessary to me or it help my work with synaptic.
    -$ synaptic
    OR
    - Go to System Menu -> Administration -> Synaptic Package Manager

3. If you're using Backtrack5 Gnome 64Bit like me, I think you will get error flash player like me. If you want to fix the flash player, try this.
    - http://r00tsec.blogspot.com/2011/05/how-to-get-flash-player-working-on-bt5.html
 
4. Install Fasttrack, ZAP, Webscarab, or many tools that I used in Backtrack4 but Backtrack5 has take it off.
    - http://sourceforge.net/projects/fast-track/
    - http://www.google.com

5. Change position of minimize, maximize, button in Windows
    -$ gconf-editor
    - apps -> metacity -> general -> button_layout
    - Change the value to "menu:minimize,maximize,close"



6. Update the repository and upgrade the packages.
    -$ apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y

7. Try everything in it with yourselves.
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |