Bing Web Server Probe

This is a tool for security researchers. It allows you to search for either an IP address or a DNS name and display all associated domain names known to Bing.

Download:
http://bingprobe.codeplex.com/

Posted in Internet, Networking, Privacy, Software | No Comments

Newest “IQ Test” Is Pure Evil

Named Win32.Worm.Zimuse.A, this new nasty claims to be an IQ Test but is really a worm that will create about 7-11 copies of itself and store them in critical areas of your Windows system and then destroy the first 50KB of the Master Boot Record (MBR) after X number of days (it’s being reported that variant A is 40 days, and variant B is 20 days).

The worm sets itself into the registry at:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]”Dump”=”%programfiles%\Dump\Dump.exe”

It also creates the following 2 “driver” files:

%system%\drivers\Mstart.sys
%system%\drivers\Mseu.sys

Source:
http://www.malwarecity.com/blog/malware-alert-win32wormzimusea-the-hard-disk-wrecker-736.html

Posted in Internet, Security, Windows | No Comments

How Many Virtual Machines Do You Have Running At Home?

I just noticed that I have 13 different virtual machines installed on my home VirtualBox installation.  It seems like a lot but there are many more that I would love to install and play with.  This is just a variety of flavors I’ve needed in the past for “testing” various things.  Now I just wish this machine had more RAM to where I can run more than 2 (sometimes 3) at a time.

Posted in General BS, Internet, Linux, Networking, Windows | No Comments

Exploiting The New IE 0day (Aurora) With MetaSploit

While I was updating my VMs today with the final version of BackTrack 4 I decided to jump in and take a look at the new IE 0day exploit that was added to MetaSploit a couple of days ago.  It works surprisingly well.  I had 100% success rate with IE6.  IE7 was really touchy but I could not get it to work with IE8 at all.  (has to do with DEP being enabled or not)

You need to use the new exploit for this bug:

Set your favorite payload:

Set your srvhost, lhost, and lport accordingly.  You can also customize the uripath if you want. (defaults to a random string)

When it’s all set just start the exploit and wait until the URL is launched on the victim machine.  If successful, you should get a session back and have full control:

Have fun.

Posted in Coding, Internet, Security, Software, Windows | 1 Comment

BackTrack 4 Final Released

BackTrack 4 Final has now been released and aside from the many bug fixes, this version includes a new kernel, a larger and expanded toolset repository and custom tools that you can only find on BackTrack.

Download:
http://www.backtrack-linux.org/downloads/

Posted in Internet, Linux, Networking, Privacy, Security, Software | No Comments