Wishes for a Happy New Year!

    May 2011 fulfill everyone’s personal goals! May it be a year full of love, joy, happiness, prosperity and good health for everybody! This alien wishes you all the best and especially to the Infosec community a year with less incidents! To all mankind I wish peace, hope and unity!

Greetings and a Happy New Year fellow Earthlings!


P.S.: A gift for all developers that want to strengthen their application security skills -> http://SpotTheVuln.com/

4li3n’s after midnight useless news and links – 2010.12.31 (Texas Hold’em edition)

After a crazy Texas Hold’em night here comes the accompanying edition! Last one for 2010!

[DISCLOSURE] SQL-injection in people.joomla.org -> http://goo.gl/c1YaW
[INFO] Kernel Buffer Overflow in NDProxy.sys (MS10-099) -> http://goo.gl/SkBqz
[POST] Mitigating Attacks on the User of the Web Browser -> http://goo.gl/PdRnP
[POST] Mitigating Attacks on the Web Browser and Add-Ons -> http://goo.gl/iWJJ0
[NEWS] Cambridge university refuses to censor student’s thesis on chip-and-PIN vulnerabilities -> http://goo.gl/0Fk5c
[VM] VirtualBSD 8.1: The simplest way to experience a desktop ready FreeBSD -> http://goo.gl/qZ01m
[POST] Putting the Record Straight on the Lamo-Manning Chat Logs -> http://goo.gl/uWCE2
[POST] A Study of HTTPOnly and Secure Cookie Flags for the Top 1000 Websites -> http://goo.gl/cf5eN
[INFO] Information Security Cheat Sheets and Checklists -> http://goo.gl/frMNz
[ONLINE] AutoDiff: Automated Binary Differential Analysis -> http://goo.gl/7gk5C
[27C3] Wideband GSM Sniffing -> http://goo.gl/2BNmo
[INFO] Syscall Hijacking: Simple Rootkit (kernel 2.6.x) -> http://goo.gl/EsLgQ
[DISTRO] Tor-ramdisk i686 UClibc-based Linux Distribution x86 20101227 -> http://goo.gl/SnZak
[SCRIPT] Nikto trunk: now has full regex support in test matching (ZIP) -> http://goo.gl/8R3Yi
[VIDEO] DOJOCON 2010 Videos -> http://goo.gl/MOLYT
[METASPLOIT] Feature #3429 – Cisco IOS SNMP file copy (TFTP) -> http://goo.gl/IXxsv
[UPDATE] WordPress 3.0.4 Important Security Update -> http://goo.gl/eJItt
[EXPLOIT] Targeted attacks against recently addressed Microsoft Office vulnerability (CVE-2010-3333/MS10-087) -> http://goo.gl/z4ilJ
[27C3] Chip and PIN is Broken -> http://goo.gl/fdkZx
[INFO] Awakenedlands.com Hacked/Username-Password Dump & Source Code -> http://goo.gl/zpHXC
[ONLINE] CrashIE8 -> http://goo.gl/gpQhg
[INFO] Joe Johnson explains how the Alureon MBR rootkit is able to work under 64-bit Win7 (PDF) -> http://goo.gl/1l6ZR
[TOOL] HelloOX2: Symbian Rooting Kit -> http://goo.gl/YSAc2
[NEWS] Android Trojan with botnet capabilities found in the wild -> http://goo.gl/cwexm
[ONLINE] Wavsep: webapp collection of vuln pages to assess scanners -> http://goo.gl/00CTK
[POST] BotTorrent? Using BitTorrent as a DDoS Tool -> http://goo.gl/Gfed7
[27C3] SMS of Death (posts & video) -> http://goo.gl/PH204 , http://goo.gl/BMdbQ , http://goo.gl/xwmPY , http://goo.gl/iNGRp
[EXPLOIT] Microsoft Word/RTF pFragments Stack/Buffer Overflow -> http://goo.gl/D8Yar
[27C3] Hackers obtain PS3 private cryptography key due to epic programming fail -> http://goo.gl/g8tqi , http://goo.gl/tkmOh , http://goo.gl/KaNiN
[27C3] High-speed high-security cryptography: encrypting and authenticating the whole Internet -> http://goo.gl/FR56S
[INFO] Bridge mode security bug in Fonera 2.0n -> http://goo.gl/3dMgC
[PAPER] An Army of Bots by Jason Suplita (PDF) -> http://goo.gl/v7ndN
[TOOL] NetS-X: e-learning environment for network security -> http://goo.gl/nQqEo
[ADVISORY] WordPress 3.0.4 Stored XSS -> http://goo.gl/pdwAV
[INFO] New Fast Flux Botnet for the Holidays: Could it be Storm Worm 3.0? -> http://goo.gl/M6YYV

100 posts and counting…

    When I started this news and links sharing blog about two months ago I had a fear that one day I would be out of material to post. At the moment I was considering the infosec community a closed “cult-like” entity where it would be difficult to find and pass free the knowledge. Being located in Greece I was feeling away from where “things happen”.

    It all started by sharing interesting links on my favorite magazine’s facebook fan page whenever I could and whenever I would find something interesting to share. Being busy all day I would only find time to post my links after midnight, hence the silly name “4li3n’s after midnight useless news and links”. It was back then I realised that finding interesting stuff to share is just a matter of looking in the right places! Gradually the positive comments on the effort were increasing, pushing me to the idea of creating this blog.

    Of course the positive feedback and the overall support never stopped. Both magazine and readers/fans were always welcoming every edition of “4li3n’s after midnight useless news and links” which led to keep the column on a daily basis (when possible). With many of those we have become friends and we communicate regularly. One thing led to another and on the latest issue (#39) of total XAKER magazine the “4li3n’s after midnight useless news and links” was mentioned in all its glory! That’s something I could never believe possible a couple a months ago! And it came right on time with the 100th post on the blog!

    So here we are! A hundred posts and counting! Many people started following the blog and my twitter account! The site views increase like crazy! I even used Google Analytics to figure out how much of this is real! The whole situation is so overwhelming and for sure much more than expected! Of course I never forget my promises so projects announced (like the review on “Social Engineering: The Art of Human Hacking” and an original article with an alien’s view on hackers breed) are still valid. No need to say that “4li3n’s after midnight useless news and links” will continue as usuall (except from today due to lack of time, irony?). What I would like to make sure is that I love doing this and I will keep doing it for as long as possible!

    Instead of an epilogue I would just like to thank some friends (I hope I don’t forget someone) for their exceptional support. I will mention them with their nicknames or initials because I didn’t bother to ask for their permission! So without further ado: SubZraw, cr0w, Eleutheros Maxitis, S.F., N.S., dr0pper, b10zgr, A.P., A.T., Alexander Flash, T.MS., J.T., Black White, G.X., S.D., Y.M., P.K., N.D., G.K., S.C., P.K., Alexandros Mtt, InFamous, P.S., F.P., A.Z., V.M., V.T., THANK YOU ALL!!!! A very special “thank you” to my other half T.M., without her patience and support non of these would be possible!!!!

    Oh by the way, I owe dr0pper a RT! Here it is buddy: aGFjayBYTUFTIHRvIGdhaW4gbW9yZSBwcmVzZW50cyBhbmQgbW9uZXk=

Greetings and keep enjoying sharing knowledge!!!


4li3n’s after midnight useless news and links – 2010.12.29 (mondo edition)

Rumors spread that “after midnight useless news and links” is mentioned in total XAKER #39 magazine! More on that shortly! So here it is, another “mondo” edition of the column!

[POST] Three web attack vectors using a web browser -> http://goo.gl/mJ3HX
[POST] Installation Protection Mechanisms of Phoenix Exploit’s Kit -> http://goo.gl/SOuze
[INFO] Injected Script Loads Host.exe Using Hidden Iframes and Java Applets -> http://goo.gl/Y4RnM
[TOOL] TDSS Remover: Free antivirus tool to cure TDSS infection automatically -> http://goo.gl/p7gWy
[TOOL] THC-IPv6 version 1.4: tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6 -> http://goo.gl/EjbsJ
[POST] 3 Phases of Malware Analysis: Behavioral, Code, and Memory Forensics -> http://goo.gl/y46T3
[POST] 6 Hex Editors for Malware Analysis -> http://goo.gl/QDBkS
[TOOL] Adaptive Security Analyzer IIS: A Tool to Protect Windows Based Web Servers -> http://goo.gl/YHgxH
[ADVISORY] XSRF (CSRF) in whCMS -> http://goo.gl/fb/6wtdp
[ADVISORY] XSRF (CSRF) in Cambio -> http://goo.gl/fb/57yOW
[ADVISORY] XSS vulnerability in diafan.CMS -> http://goo.gl/fb/pmsN5
[ADVISORY] XSRF (CSRF) in diafan.CMS -> http://goo.gl/fb/KHQYM
[ADVISORY] Stored XSS vulnerability in diafan.CMS -> http://goo.gl/fb/qT9cy
[ADVISORY] XSS vulnerability in VaM Shop -> http://goo.gl/fb/5ty16
[ADVISORY] XSS vulnerability in VaM Shop -> http://goo.gl/fb/glJwQ
[ADVISORY] XSRF (CSRF) in VaM Shop -> http://goo.gl/fb/K7Ttx
[ADVISORY] XSS vulnerability in VaM Shop -> http://goo.gl/fb/GR28l
[ADVISORY] XSRF (CSRF) in Energine -> http://goo.gl/fb/1JxIY
[ADVISORY] Path disclosure in Energine -> http://goo.gl/fb/jHRbh
[ADVISORY] SQL injection vulnerability in Energine http://goo.gl/fb/HHdV7
[INFO] Making a Difference: memory dump with “pslist” and “volatility psscan2” -> http://goo.gl/8nmPh
[NEWS] Flaws Spotlighted in Tor Anonymity Network -> http://goo.gl/LvBf6
[INFO] Building a cheap USB protocol analyzer -> http://goo.gl/cUNSZ
[PAPER] Automatic Identification of Cryptographic Primitives in Software (PDF) -> http://goo.gl/irzat
[EXPLOIT] PoC Windows Fax Cover Page Editor (.cov) Heap Overflow -> http://goo.gl/nehWz
[METASPLOIT] Revision 11426 – Merge Armitage 12.22.10 and a front-end script into Metasploit proper -> http://goo.gl/0kgzL
[METASPLOIT] Revision 11436 – adds easy logging to msfconsole -> http://goo.gl/1BoOp
[DISTRO] Blackbuntu Community Edition 0.1: designed for security training students and practitioners -> http://goo.gl/L1f2b
[VIDCAST] DeAuthThis #1 -> http://goo.gl/TUhBP
[NEWS] X-Do-Not-Track support in NoScript -> http://goo.gl/YwfsU
[POST] Anti-Security and the Christmas Day Incident -> http://goo.gl/aiMJR
[NEWS] Bank of America Hit By Anonymous DDoS Attack -> http://goo.gl/2HHMi
[INFO] Protecting Against Firesheep with Strict Transport Security -> http://goo.gl/UccXO
[INFO] Wired Keyboards Vulnerable To Attacks -> http://goo.gl/rCE9a
[SCRIPT] Pentbox: The Security Command Line Suite -> http://goo.gl/YzIo0

4li3n’s after midnight useless news and links – 2010.12.28

[POST] Read Embedded NAND Flash Chips without removing them -> http://goo.gl/PPlIx
[DISTRO] NixOS: aims to improve the state of the art in system configuration management -> http://goo.gl/LM20t
[INFO] Android-x86: Porting Android to x86 -> http://goo.gl/z6MOb
[SCRIPT] HashGrab2: Extract Username Password Hashes from SAM and SYSTEM Files -> http://goo.gl/v5imQ
[SCRIPT] Stack Guard & Format String Blocker -> http://goo.gl/MEXkz
[METASPLOIT] Revision 11417 – added IPv6 discovery modules and getsocketname -> http://goo.gl/6mUa0 , http://goo.gl/LXriK
[INFO] WPA-PSK Wordlist Download – 13GB -> http://goo.gl/KnSBl
[INFO] A new green file format: WWF -> http://goo.gl/lNGp2
[INFO] Secure Coding Practises (PDF & video) -> http://goo.gl/v5LqP , http://goo.gl/qw7Aw

Setting up Armitage on Ubuntu with a Postgres DB (via toastresearch.com)

I wanted a pretty gui to show off some metasploit functionality recently which led me to armitage.

I use (and love) backtrack 4, as does most of the world, but i also have a ubuntu based distro (mint 10, which is based on ubuntu 10.10) that i like to use. i found a lot of tutorials on how to install armitage on backtrack, but hardly anything on installing armitage on a non-backtrack machine, and practically nothing for installing armitage on ubuntu with a postgres backend. i decided i wanted to install armitage on the mint machine using postgres (per the armitage recommendation here) and not finding any good instructions, i thought i would give it a go and document. here we go:

first, you need to have some of the basics installed. i will leave it to others to describe how to install these if you need help (others == google).

  1. java 1.6 (has to be the official oracle java version)
  2. metasploit 3.5+

next, lets install postgres:

sudo apt-get install postgresql-8.4

now that postgres is installed, we need to create a db and a user for armitage to use. i su’ed to the postgres user to do this:

su –
su – postgres
CREATE USER postgres_user WITH SUPERUSER password ‘postgres_password’;

next, go to your metasploit directory (/opt/metasploit3/bin in my case) and start up the rpc service (as root):

sudo ./msfrpcd -f -U msf -P msf_password -t Basic

lastly, go to where you extracted armitage and run the shell script (you can run it as a normal user, you don’t have to be root). you will run ./armitage.sh and once you have the correct parameters entered, click “connect”.

the parameters are:

  • host:
  • port: 55553
  • ssl: should be checked
  • user: msf_user
  • pass: msf_password
  • db driver: postgresql
  • db connect string: postgres_user:”postgres_password”@

thats it! here is what you should be looking at once you get done:

note #1: it seems armitage doesn’t like underscores in the db name
note #2: if you need help in postgres, type ? (a lot of commands in postgres start with a “”)

Original article: http://toastresearch.com/2010/12/24/setting-up-armitage-on-ubuntu-with-a-postgres-db/