Posted on

NoSQLMap – Automated NoSQL Exploitation Tool

NoSQLMap is an open source Python-based automated NoSQL exploitation tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases. It is also intended to attack web applications using NoSQL in order to disclose data from the database.

NoSQLMap - Automated NoSQL Exploitation Tool

Presently the tool’s exploits are focused around MongoDB, but additional support for other NoSQL based platforms such as CouchDB, Redis, and Cassandra are planned in future releases.

A NoSQL (originally referring to “non SQL”, “non-relational” or “not only SQL”) database provides a mechanism for storage and retrieval of data which is modelled by means other than the tabular relations used in relational databases. Such databases have existed since the late 1960s, but did not obtain the “NoSQL” moniker until a surge of popularity in the early twenty-first century, triggered by the needs of Web 2.0 companies such as Facebook, Google, and Amazon.com.

NoSQL databases are increasingly used in big data and real-time web applications. NoSQL systems are also sometimes called “Not only SQL” to emphasize that they may support SQL-like query languages.

Requirements

On a Debian or Red Hat based system, the setup.sh script may be run as root to automate the installation of NoSQLMap’s dependencies.

Varies based on features used:

  • Metasploit Framework,
  • Python with PyMongo,
  • httpslib2,
  • and urllib available.
  • A local, default MongoDB instance for cloning databases to

There are some various other libraries required that a normal Python installation should have readily available. Your milage may vary, check the script.

Usage Options

  1. Set target host/IP-The target web server (i.e. www.google.com) or MongoDB server you want to attack.
  2. Set web app port-TCP port for the web application if a web application is the target.
  3. Set URI Path-The portion of the URI containing the page name and any parameters but NOT the host name (e.g. /app/acct.php?acctid=102).
  4. Set HTTP Request Method (GET/POST)-Set the request method to a GET or POST; Presently only GET is implemented but working on implementing POST requests exported from Burp.
  5. Set my local Mongo/Shell IP-Set this option if attacking a MongoDB instance directly to the IP of a target Mongo installation to clone victim databases to or open Meterpreter shells to.
  6. Set shell listener port-If opening Meterpreter shells, specify the port.
  7. Load options file-Load a previously saved set of settings for 1-6.
  8. Load options from saved Burp request-Parse a request saved from Burp Suite and populate the web application options.
  9. Save options file-Save settings 1-6 for future use.

You can download NoSQLMap here:

NoSQLMap-0.5.zip

Or read more here.

Read the Full Article here: >Darknet – The Darkside

Posted on

Network forensics tool NetworkMiner 2.2 released

NetworkMiner is a popular network forensics tool that can parse pcap files as well as perform live sniffing of network traffic. It collects data about hosts on the network rather than to collect data regarding the traffic on the network.

NetworkMiner forensics tool

In NetworkMiner 2.2, the PCAP parsing speed has more than doubled and even more details are now extracted from analyzed packet capture files.

User interface improvements

The keyword filter available in the Files, Messages, Sessions, DNS and Parameters tabs has been improved so that the rows now can be filtered on a single column of choice by selecting the desired column in a drop-down list. There is also an “Any column” option, which can be used to search for the keyword in all columns.

The Messages tab now allows the filter keyword to be matched against the text in the message body as well as email headers when the “Any column” option is selected.

Time stamps are now instead shown using the yyyy-MM-dd HH:mm:ss format with time zone explicitly stated.

Protocol parsers

The latest version comes with an RDP parser, which is primarily used in order to extract usernames from RDP cookies and show them on the Credentials tab. Version 2.2 also comes with better extraction of SMB1 and SMB2 details, such as NTLM SSP usernames.

NetworkMiner moved to .NET Framework 4.0. This move doesn’t require any special measures to be taken for most Microsoft Windows users since the 4.0 Framework is typically already installed on these machines. If you’re running NetworkMiner in Linux, you might wanna check out an updated blog post on how to install NetworkMiner in Linux.

The developers have also added an automatic check for new versions of NetworkMiner, which runs every time the tool is started.

Read the Full Article here: >Help Net Security – News

Posted on

Network Segmentation Could Save Your Small Business Millions in a Cyber Attack

For small businesses that rely on websites, smartphones and even connected devices, security is quickly becoming one of the top, if not the top priority in the digital ecosystem where they operate. An infographic from network security company Tufin titled, "Making Security Manageable Through Network Segmentation," will introduce you to a security feature you might not be aware of, network segmentation.

Read the Full Article here: >Computer Security News

Posted on

Microsoft unveils ‘Minecraft’ edition Xbox One S

How devoted are you to Minecraft? Devoted enough that you want your console to be a living, breathing representation of the construction game? If so, you’re in luck. Microsoft has unveiled a limited edition Minecraft Xbox One S that drapes the entire console in Mojang’s blocky art style. There’s a grass block on the front, a transparent, redstone-laced bottom and a Creeper-themed green controller (there’s an optional pink, pig-themed gamepad). Naturally, it’ll include a copy of Minecraft (with the Better Together update).

The system arrives on October 3rd. Microsoft hasn’t detailed pricing or regional availability as we write this, but it’ll ship with a 1TB hard drive. We wouldn’t expect it to carry a significant premium over a plain Xbox One S with a bundled game, but don’t be surprised if this becomes the system to get among Minecraft players… well, those who don’t want to play in 4K, at least.

Source: Xbox Wire

Read the Full Article here: >Engadget

Posted on

Sebi to chart out long term cyber security plans for markets

Sebi will deliberate with its board members next month on putting in place a long term cyber security framework for markets amid concerns over malicious software script targeting systems and possible data breaches. With technology-based platforms and high speed algorithmic systems becoming key fulcrums for trading activities, the regulatory focus is on bolstering the existing framework and ensure a robust firewall is in place to thwart possible cyber attacks.

Read the Full Article here: >Computer Security News

Posted on

Hacking smartphones with malicious replacement parts

Smartphone users can now add a new entry to the list of things they need to worry about: their phones being compromised via replacement parts.

A group of researchers from Ben-Gurion University of the Negev has demonstrated that hardware replacements – e.g. touchscreens, NFC readers, wireless charging controllers, and so on – can be equipped with a chip that is capable of manipulating the device’s communication.

smartphones malicious replacement parts

And even though they haven’t gone through the trouble of doing so, they say that the whole setup can easily be made to be small enough to fit into the device, making it practically impossible for the user to discover that something is amiss.

In fact, even the person that repairs the device could be in the dark about the modification, as the replacement parts are often produced by third-party manufacturers, and are not usually checked for tampering before being installed.

Successful attacks

“Hardware replacement is traditionally considered a strong attack model, under which almost any attack is possible,” the researchers noted. But their research focused on the feasibility of attacks that depend on only one “malicious” component with an extremely limited hardware interface.

They tested three different attacks, using an experimental setup based on a low-cost micro-controller embedded in-line with the touch controller communication bus.

In the first one, they managed to impersonate the user by injecting touch events into the communication bus. This allows the installation of software, the modification of the device configuration, etc.

VIDEO

In the second one, they demonstrated that an attacker can log touch events related to sensitive operations (lock screen patterns, credentials, passwords).

In the third one, they proved that by sending crafted data to the phone over the touch controller in- terface, an attacker can exploit vulnerabilities within the device driver and gain kernel execution capabilities.

smartphones malicious replacement parts

They tested the attacks on a Huawei Nexus 6P smartphone and a LG G Pad 7.0 tablet (both running Android), but it’s likely that they would also work against devices running iOS.

Possible protection

The researchers believe that threat of a malicious peripheral existing inside consumer electronics should not be taken lightly.

“A well motivated adversary may be fully capable of mounting such attacks in a large scale or against specific targets. System designers should consider replacement components to be outside the phone’s trust boundary, and design their defenses accordingly.”

In this particular case (they tested the attacks by using a malicious replacement screen), a good way to prevent compromises would be a I2C interface proxy firewall – a low-cost, hardware-based solution.

“Such a firewall can monitor the communication of the I2C interfaces and protect the device from attacks originating from the malicious screen. Placing this device on the motherboard means that it will not be affected by malicious component replacement. The use of a hardware countermeasure allows for protection against both added malicious components and modified firmware attacks. It may also detect malicious behavior of firmware code that was modified by an insider and may be officially signed or encrypted,” they pointed out.

The final reason why it would be the perfect solution is that it does not require any changes on the CPU or component side.

Read the Full Article here: >Help Net Security – News

Posted on

FBI reportedly advising companies to ditch Kaspersky apps

Kaspersky Lab’s tussle with the US government could have ramifications for its dealings with the private sector. A new report claims the FBI has been meeting with companies to warn them of the threat posed by the cybersecurity firm. The briefings are the latest chapter in an ongoing saga concerning the use of Kaspersky’s products by government agencies. Officials claim the company is a Russian stooge that can’t be trusted with protecting America’s critical infrastructure. The company denies these claims — its CEO Eugene Kaspersky has even offered up its source code in a bid to clear his firm’s name.

It appears that olive branch went unnoticed. Throughout the year, the FBI has been meeting with US firms to convince them to remove Kaspersky Lab’s tools from their systems, according to officials that spoke to CyberScoop. In view of the cyberattacks that crippled Ukraine’s power grid in 2016, the FBI has reportedly focussed its briefings on companies in the energy sector. Although, it has also supposedly met with major tech firms too.

The law enforcement agency has apparently been sharing its threat assessment with the companies, including Kaspersky Lab’s alleged deep ties with Russian intelligence. However, the meetings have reportedly yielded mixed results. Whereas firms in the energy sector have been quick to cooperate, tech giants have resisted taking swift action, claims CyberScoop.

The revelations follow a wave of allegations against Kaspersky Lab by the US government. As recently as June, a draft version of a Senate bill proposed barring the Defense Department from doing business with the company. Then, in July, a Congressional panel ordered multiple government agencies to hand over their documents and communications about the cybersecurity software provider.

In a statement released last month, the firm said: "Kaspersky Lab, and its executives, do not have inappropriate ties with any government." It’s a stance the company has reiterated multiple times to no avail.

Source: CyberScoop

Read the Full Article here: >Engadget

Posted on

Taking aim at China, India tightens power grid, telecom rules

NEW DELHI: India is tightening the rules for businesses entering its power transmission sector and making stringent checks on both power and telecoms equipment for malware – moves that government and industry officials say aim to check China’s advance into sensitive sectors. Chinese firms such as Harbin Electric, Dongfang Electronics, Shanghai Electric and Sifang Automation either supply equipment or manage power distribution networks in 18 cities in India.

Read the Full Article here: >Computer Security News

Posted on

World’s biggest shipper: cyberattack cost up to $300 million

The June cyberattack that paralyzed the computer systems in companies around the world is estimated to have cost the world’s biggest container shipping line between $200 million and $300 million, A.P. Moller-Maersk said Wednesday. The Copenhagen-based group, which was particularly severely affected by the attack, says the impact will first be reflected in its third quarter results as revenue was mainly lost in July.

Read the Full Article here: >Computer Security News

Posted on

Unpatchable Flaw in Modern Cars Allows Hackers to Disable Safety Features

Today, many automobiles companies are offering vehicles that run on the mostly drive-by-wire system, which means a majority of car’s functions—from instrument cluster to steering, brakes, and accelerator—are electronically controlled.

No doubt these auto-control systems make your driving experience much better, but at the same time, they also increase the risk of getting hacked.

Car Hacking is a hot topic, though it is not new for security researchers who hack cars. A few of them have already demonstrated how to hijack a car remotely, how to disable car’s crucial functions like airbags, and even how to remotely steal cars.

Now, security researchers have discovered a new hacking trick that can allow attackers to disable airbags and other safety systems of the connected cars, affecting a large number of vendors and vehicle models.

A team of researchers from Trend Micro’s Forward-looking Threat Research (FTR) team, in collaboration with Politecnico di Milano and Linklayer Labs, discovered a critical security vulnerability in the CAN (controller area network) protocol that car components use to communicate to one another within the car’s network.

Hackers Can Remotely Take Control of Smart Cars

Initially developed in 1983 and put into production in 1989, the CAN standard manages the majority of the electrical subsystems and control units found in a significant number of modern smart cars.

If exploited, the vulnerability could eventually allow attackers to turn off crucial safety functions of a vehicle, such as airbags, power-steering, parking sensors, and the anti-lock brakes—or almost any computerised component that’s connected to the car’s CAN bus.

Since the CAN standard is being used in “practically every light-duty vehicle currently in circulation today,” the fundamental security flaw affects all modern, internet-connected vehicles, rather than just a particular vendor.

How Your Smart Car Can Get Hacked?

The hack particularly targets the messaging system in CAN, in which messages, including errors, are called “frames.”

“Our attack focuses on how CAN handles errors. Errors arise when a device reads values that do not correspond to the original expected value on a frame,” Trend Micro researcher Federico Maggi writes in a blog post.

“When a device detects such an event, it writes an error message onto the CAN bus in order to “recall” the errant frame and notify the other devices to entirely ignore the recalled frame.”

By overloading the system with error messages, attackers can make a device to go into a Bus Off state, cutting it off from the greater CAN system and making it inoperable.

This, in turn, allows attackers to deactivate essential systems like the airbag system or the anti-lock braking system, which could result in dangerous and even fatal situations.

The attack requires a “

specially-crafted attack device

” to be introduced via local access, which is only possible if the attacker has access to your vehicle.

However, researchers believe that current transportation trends like ride-sharing, carpooling, and car renting have made the scenario much easier.

It’s a Design Flaw — Can’t Be Patched!

Since the vulnerability exists in the design of the CAN bus messaging protocol used in CAN controller chips, the issue can not be directly patched with an OTA (on-the-air) upgrade or dealer recall.

Patching this design flaw requires changes in the CAN standards and an entire generation of vehicles using this specification. So, unfortunately, there is no remedy to the problem yet.

However, the researchers recommended car manufacturers to adopt some network countermeasures, which would mitigate such attacks, but not entirely.


“Car manufacturers can only mitigate the attack we demonstrated by adopting specific network countermeasures, but cannot eliminate it entirely,” the researchers said.


“To eliminate the risk entirely, an updated CAN standard should be proposed, adopted, and implemented. This whole process would likely require another generation of vehicles.”

Researchers also suggest car makers even to consider adding a layer of encryption to the CAN bus protocol that will make messages harder to mimic, as part of a long-term security solution.

Read the Full Article here: >The Hacker News [ THN ]