Termineter - Smart Meter Hacking Framework Released

A researcher specializing in smart grids has released an open-source tool designed to assess the security of smart meters. Dubbed 'Termineter,' the framework would allow users, such as grid operators and administrators, to test smart meters for vulnerabilities.

It claims will let security researchers and penetration testers verify the security of electric utility smart meters being installed in millions of homes around the country. Termineter uses the serial port connection that interacts with the meter's optical infrared interface to give the user access to the smart meter's inner workings. The user interface is much like the interface used by the Metasploit penetration testing framework. It relies on modules to extend its testing capabilities.

Termineter is a framework written in python to provide a platform for the security testing of smart meters. It implements the C12.18 and C12.19 protocols for communication. Currently supported are Meters using C12.19 with 7-bit character sets. Termineter communicates with Smart Meters via a connection using an ANSI type-2 optical probe with a serial interface.

Download Terminator 

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Snort 2.9.3 RC Released

Snort 2.9.3 RC is now available on Snort.org. 2.9.0 RC & later packages are signed with a new PGP key. Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS), created by Martin Roesch in 1998. Snort's open source network-based intrusion detection system (NIDS) has the ability to perform real-time traffic analysis and packet logging on Internet Protocol (IP) networks. Snort performs protocol analysis, content searching, and content matching. The program can also be used to detect probes or attacks, including, but not limited to, operating system fingerprinting attempts, common gateway interface, buffer overflows, server message block probes, and stealth port scans.

Snort 2.9.3 introduces the following new capabilities:

New additions

• Updates to flowbit rule option to allow for OR and AND of individual bits within a single rule, and allow flowbits to be used in multiple groups. See README.flowbits and the Snort manual for details.
• Dynamic output plugin architecture to provide an API that developers can write their own output mechanisms to log alert and packet data from Snort. Some output plugins have been removed as a result of this to be maintained by their respective authors.
• Update to dcerpc2 preprocessor for improved accuracy and handling of different OSs for SMB processing. See README.dcerpc2 and the Snort manual for details.
• Updates to reputation preprocessor for handling of whitlelist and trustlists and zone information. See README.reputation and the Snort manual for details.
• Updates to the packet decoders to support pflog v4.

Improvements

• Update to return error messages through the control socket.
• Updates to the processing of email attachments for better handling of non-encoded attachments, and improved memory management for attachment processing.
• Improvements in HTTP Inspect for better performance with gzip decompression. Also improvements for handling simple responses, encoded query strings, transfer encoding and chunk encoding processing.
• Fix logging of multiple unified2 alerts with reassembled packets.
• Compiler warning cleanup across multiple platforms.
• Added 116:458 and 116:459 to cover fragmentation issues.
• Added detailed documentation of unified2 logging configuration and logging.
• Removed --enable-decoder-preprocessor-rules configure option and hardened preprocessor and decoder rule event code. To enable old behavior such that specific preprocessor and decoder rules don't have to be explicity added to snort.conf, add "config autogenerate_preprocessor_decoder_rules" to your snort.conf.
• Fixed SMTP mempool allocation for significant memory savings. Also tweaked memory required per stream5 session tracker.
• Force exact versioning match of running dynamic engine and dynamic engine used to build SO rules. This will cause Snort to generate an error and exit if .so rules are used from an older version.
• User can now query reputation pp for routing table and management information

Download Snort 2.9.3 RC

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Webvulscan v 0.12 - Web Application Vulnerability Scanner

WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities. As a scan is running, details of the scan are dynamically updated to the user. These details include the status of the scan, the number of URLs found on the web application, the number of vulnerabilities found and details of the vulnerabilities found.

After a scan is complete, a detailed PDF report is emailed to the user. The report includes descriptions of the vulnerabilities found, recommendations and details of where and how each vulnerability was exploited.

The vulnerabilities tested by WebVulScan are:

• Reflected Cross-Site Scripting
• Stored Cross-Site Scripting
• Standard SQL Injection
• Broken Authentication using SQL Injection
• Autocomplete Enabled on Password Fields
• Potentially Insecure Direct Object References
• Directory Listing Enabled
• HTTP Banner Disclosure
• SSL Certificate not Trusted
• Unvalidated Redirects

Features:

• Crawler: Crawls a website to identify and display all URLs belonging to the website.
• Scanner: Crawls a website and scans all URLs found for vulnerabilities.
• Scan History: Allows a user to view or download PDF reports of previous scans that they performed.
• Register: Allows a user to register with the web application.
• Login: Allows a user to login to the web application.
• Options: Allows a user to select which vulnerabilities they wish to test for (all are enabled by default).
• PDF Generation: Dynamically generates a detailed PDF report.
• Report Delivery: The PDF report is emailed to the user as an attachment.

8th June 2012 - Version 0.12

• Emailing PDF report is now optional. Therefore, you can just view it in your scan history if you wish instead of having it emailed to you.
• Crawling a URL at the start of the scan is now optional. Therefore, you can now test a single webpage for the various vulnerabilties instead of scanning an entire website.
• Issues fixed that some users were having when running WebVulScan on Linux (static path references and case sensitivity). Now tested on Windows (XAMPP 1.7.4 running on Vista) and Linux (XAMPP 1.7.4 running on Ubuntu 12.04).
• Added information about Linux permissions to instructions.
• Instructions now in .docx and .txt format

Download Webvulscan v 0.12

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Nessus 5.0.1 - Vulnerability scanner

The Nessus vulnerability scanner is the world-leader in active scanners, featuring high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus is the world’s most widely-deployed vulnerability and configuration assessment product

Official change log for Nessus 5.0.1:

• Resolved an issue whereas packet forgery was not working on some Windows setups
• Improved the Windows installer which would fail on some setups
• Fixed several thread synchronization issues leading to a crash in certain situations
• Imported v1 reports are more legible
• Nessus can now read a 64-bit database on a 32-bit system and vice-versa
• Identified and resolved a minor memory leak issue occurring on all platforms
• Scanning with a SSL certificate defined in the policy would sometimes cause a scanner crash
• Workaround for CVE-2011-3389
• Worked around a possible incompatibility with the Fedora 16 / Debian 6 memory allocator
• Restored the ability to log in via certificate authentication on port 1241 when “force_pubkey_auth = no“
• This version of Nessus now includes OpenSSL version 1.0.0h

Download Nessus 5.0.1

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

DotDotPwn v3.0 - Directory Traversal fuzzer

It's a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module. It's written in perl programming language and can be run either under *NIX or Windows platforms. Fuzzing modules supported in this version:- HTTP - HTTP URL - FTP - TFTP - Payload (Protocol independent) - STDOUT

Changes / Enhancements / Features:

• -X switch that implements the Bisection Algorithm in order to detect the exact deepness once a directory traversal vulnerability has been found. - http://en.wikipedia.org/wiki/Bisection_method
• -M switch to specify another method different from the default (GET) when the http module is used.
• Other HTTP methods are [POST | HEAD | COPY | MOVE]
• -e switch to specify the file extension to be appended at the end of each fuzz string (e.g. ".php", ".jpg", ".inc")

DotDotPwn is now included in the Backtrack R2. To install the tool, just need to complete the following command: apt-get install dotdotpwn

Download DotDotPwn v3.0

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Joomla Folder Scanner v.1.0b4 Released

Scan Joomla-Based Websites and detects components, modules, languages, templates and plugins (based on a list), in both, the public and the admin paths of the website.

Database status:

• Components: 230 entries
• Languages: 75 entries
• Modules: 683 entries
• Plugins: 30 entries
• Templates: 67 entries

Features :

• Multithread support, speed up scanning up to 10x faster!
• Scan admin and public directories.
• Reveal installed components, languages, modules, plugins and templates.
• No joomla user or admin access required.
• Easily customizable.

Download Joomla Folder Scanner v.1.0b4

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Reaver v1.4 - WPS Brute force attack against Wifi

The WiFi Protected Setup protocol is vulnerable to a brute force attack that allows an attacker to recover an access point’s WPS pin, and subsequently the WPA/WPA2 passphrase, in just a matter of hours.

Usage is simple; just specify the target BSSID and the monitor mode interface to use:

                          # reaver -i mon0 -b 00:01:02:03:04:05

For those interested, there is also a commercial version available with more features and speed improvements. On average Reaver will recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours, depending on the AP. In practice, it will generally take half this time to guess the correct WPS pin and recover the passphrase.

Download Reaver v1.4

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Wifislax 4.1 - security and forensics tools live CD

Wifislax is a Slackware-based live CD containing a variety of security and forensics tools. The distribution’s main claim to fame is the integration of various unofficial network drivers into the Linux kernel, thus providing out-of-the-box support for a large number of wired and wireless network cards.

Official change log for Wifislax 4.1:

Binutils-library moved to core module that can open ark. Deb files without the devel

updated kernel to version 3.3.0 (compiled android drivers)

added support for EXT4 partitions

menu-config-retouched by subject office that showed the category

added rpm2xzm

broadcom firmware updated and added some more b43-fwcutter-added-015

upgraded to 1.1.1 libtheora

reconfigured to record my desktop 1.1.1 libtheora

added jack-audio-connection-kit-0.121.3- i486-1SL kpackage-3.5.9-added-2

fix autostart-date knemo in aircrack-ng suite to revision r2150

added support wps wifite 2 beta 9

Download Wifislax 4.1

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Social Engineer Toolkit 3.3 Released

The Social Engineering Toolkit (SET) is an open source, python-driven, social-engineeringpenetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing. It was designed in order to arm penetration testers and security researchers with the ability to effectively test heavily advanced social-engineering attacks armed with logical methods. SET leverages multiple attackvectors that take advantage of the human element of security in an effort to target attackers.

Official change log for Social Engineer Toolkit:

• Added new menu powershell attack vectors  will be used for powershell based attacks
• Added new payload powerdump to the powershell attack vectors
• Added new payload bind shell to the powershell attack vectors
• Added new payload powershell shellcode injection to the powershell attack vectors
• New core routine added for powershell_convert (powershell_command) which will do all the proper unicode + base64 encoding needed for powershell -EncodedCommand bypass
• New core routine added powershell_generate_payload(payload,ipaddr,port,powershell_command). This will create the necessary alphanumeric shellcode needed through metasploit in order to successfully create the powershell injection attack
• Added ms12-027 to the spear phishing attack vectors – MSCOMCTL ActiveX Buffer Overflow (from Metasploit)
• Added new payload reverse shell to powershell attack vectors
• Fixed a bug in Metasploit browser exploits where the numbers were off and would not properly parse the exploit (thanks for the report Dale Pearson)
• Added a pause when using the Apache menu so it doesn’t automatically exit
• Added a pause when something is on port 80 for credential harvester to display the error message
• Added a new phishing template provided by chap0, thanks for the contribution!
• Fixed a wording issue within Fast-Track exploit selection, it was asking for a nmap range, it should read which exploit do you want
• Added the Solarwinds Storage Manager 5.1.0 Remote SYSTEM SQL Injection Exploit exploit by muts into Fast-Track
• Added the RDP use after free DoS into Social Engineer Toolkit in the Fast-Track custom exploits section
• Added new subroutine for powershell conversion
• Added automatic convert for powershell alphanumeric shellcode to automatically encode the commands
• Added the menu system for the new powershell menu
• Added ability to leverage msf payloads in the alphnaumeric shellcode
• Added metasploit listener option for the powershell attack
• Added a new native python socket listener for a standard reverse shell routine in setcore socket_listener(port)
• Added powershell bind shell into the new powershell interpreter attack vector
• Added new core routine for powershell alphanumeric injection and conversion with msfvenom
• Added functionality through powershell.py to dynamically generate payloads and inject through powershell
• Removed large portion of prep.py and centralized through setcore routines
• Added powershell powerdump to the attack vectors for powershell attacks
• Fixed a bug that would prompt twice for an IP address in the new powershell attack

Download Social Engineer Toolkit 3.3

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

Nmap 6 Released - Network Mapper

Nmap (“Network Mapper”) is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), and a utility for comparing scan results (Ndiff).”

Nmap 6 comes with six major changes and added features.

1. NSE enhanced: The Nmap Scripting Engine (NSE) has exploded in popularity and capabilities. This modular system allows users to automate a wide variety of networking tasks, from querying network applications for configuration information to vulnerability detection and advanced host discovery. The script count has grown from 59 in Nmap 5 to 348 in Nmap 6, and all of them are documented and categorized. The underlying NSE infrastructure has improved dramatically as well.
2. Better Web scanning: When Nmap was first released in 1997, most of the network services offered by a server listened on individual TCP or UDP ports and could be found with a simple port scan. Now, applications are just as commonly accessed via URL path instead, all sharing a web server listening on a single port. Nmap now includes many techniques for enumerating those applications, as well as performing a wide variety of other HTTP tasks, from web site spidering to brute force authentication cracking. Technologies such as SSL encryption, HTTP pipelining, and caching mechanisms are well supported.
3. Full IPv6 support: Given the exhaustion of available IPv4 addresses, the Internet community is trying to move to IPv6. Nmap version 6 contains full support for IP version 6. And it is released just in time for the World IPv6 Launch. Nmap’s developers have created a new IPv6 OS detection system, advanced host discovery, raw-packet IPv6 port scanning, and many NSE scripts for IPv6-related protocols. It’s easy to use too just specify the -6 argument along with IPv6 target IP addresses or DNS records.
4. New Nping Tool: The newest member of the Nmap suite of networking and security tools is Nping, an open source tool for network packet generation, response analysis and response time measurement. Nping can generate network packets for a wide range of protocols, allowing full control over protocol headers. While Nping can be used as a simple ping utility to detect active hosts, it can also be used as a raw packet generator for network stack stress testing, ARP poisoning, Denial of Service attacks, route tracing, etc. Nping’s novel echo mode lets users see how packets change in transit between the source and destination hosts. That’s a great way to understand firewall rules, detect packet corruption, and more.
5. Better Zenmap GUI and results viewer: While Nmap started out as a command-line tool and many (possibly most) users still use it that way, Nmap’s developers have also developed an enhanced GUI and results viewer named Zenmap. One addition since Nmap 5 is a “filter hosts” feature which allows you to see only the hosts which match your criteria (e.g. Linux boxes, hosts running Apache, etc.) They have also localized the GUI to support five languages besides English. A new script selection interface helps you find and execute Nmap NSE scripts. It even tells you what arguments each script supports.
6. Faster scans: Since Nmap 5, the developers have rewritten the traceroute system for higher performance and increased the allowed parallelism of the Nmap Scripting Engine and version detection subsystems. They also performed an intense memory audit which reduced peak consumption during our benchmark scan by 90%. They made many improvements to Zenmap data structures and algorithms as well so that it can now handle large enterprise scans with ease.

Download Nmap 6

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email

WiFite v2 - Automated wireless attack tool

WiFite is an automated wireless attack tool. It’s purpose is to attack multiple WEP and WPA encrypted networks at the same time.

This tool is customizable to be automated with only a few arguments. It can be trusted to run without supervision. It was designed for use with pentesting distributions of Linux, such as Backtrack 5 R1, BlackBuntu, BackBox; any Linux distributions with wireless drivers patched for injection. The script appears to also operate with Ubuntu 11/10, Debian 6, and Fedora 16.

Changes made to WiFite v2:

• support for cracking WPS-encrypted networks (via reaver)
• 2 new WEP attacks
• more accurate WPA handshake capture
• various bug fixes

Download WiFite v2

Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .

Subscribe Top Hacker Stories via email