Nexus

Tsunami - DNS Amplification Attack Tool

Read

Tsunami is a DNS Amplification Attack Tool which is collected from the internet and modified by Samiux. It is designed for testing your server and/or network under the DNS Amplification Attack. Perform this test on any server and/or network without authorization is a crime and you will be put into a jail.

The number of open recursive DNS servers and the bandwidth of the attacker as well as duration may affect the traffic volume size of the attack.

Tsunami is working perfectly on Kali Linux 1.0.7 or above. The official site is at here.

Usage

To perform DNS Amplification attack :

python amplfiy.py -t 1.2.3.4 -s open_dns.txt -a domain_name.txt -c -1 --verify -v --threads=1000

*where 1.2.3.4 is the victim's IP address

To scan for the open recursive DNS server :

perl find_open_resolvers.pl '1.0.0.0 - 1.84.255.255' -q 1000

Remarks : this script just can check if the DNS server has the RA flag or not only. You need to double check with the following command to confirm the scanned DNS server is a true open recursive DNS server.

dig ANY isc.org @samsung.idv.tw

*where samsung.idv.tw is the open recursive DNS server

where isc.org is the domain to lookup

Tsunami comes with the following files :

amplfiy.py - the attack script

find_open_resolvers.pl - the scanner script

gov-uk_domain.txt - domain names of UK Government

open_dns_1.0.0.0-1.84.255.255.txt - open recursive DNS list within 1.0.0.0 and 1.84.255.255 IP range

That's all! See you.

Read More Add comment

#Cisco uncovers #Microsoft Word #spearphishing attack

By 0x000216

Read

0 Comments

Read More Add comment

OAuth Request Crafter - Tool that helps you to play with OAuth signature protected URLs

By 0x000216

Read

0 Comments

Read More Add comment

#Howto create #sosreport in #linux (RHEL 5.X / RHEL 6.X)

By 0x000216

Read

0 Comments

Sosreport is a command in linux (RHEL / CentOS) which collects system configuration and diagnostic information of your linux box like running kernel version, loaded modules, and system and service configuration files. This command also runs external programs to collect further information, and stores this output in the resulting archive.

Sosreport is required when you have open a case with redhat for technical support. Redhat support Engineers will require sosreport of your server for troubleshooting purpose.

To run sosreport , sos package should be installed. Sos package is part of default installation in most of linux. If for any reason this package is no installed , then use below yum command to install sos package :

# yum install sos

Generate the report

Open the terminal type sosreport command :

# sosreport

This command will normally complete within a few minutes. Depending on local configuration and the options specified in some cases the command may take longer to finish. Once completed, sosreport will generate a compressed a file under /tmp folder. Different versions use different compression schemes (gz, bz2, or xz). The file should be provided to Redhat support representative (normally as an attachment to an open case).

Note: sosreport requires root permissions to run.

Different Options used in sosreport command :

The sosreport command has a modular structure and allows the user to enable and disable modules and specify module options via the command line. To list available modules (plug-ins) use the following command:

# sosreport -l

To turn off a module include it in a comma-separated list of modules passed to the -n/–skip-plugins option. For instance to disable both the kvmand amd modules:

# sosreport -n kvm,amd

Individual modules may provide additional options that may be specified via the -k option. For example on Red Hat Enterprise Linux 5 installations the sos rpm module collects "rpm -Va" output by default. As this may be time-consumingthe behavior may be disabled via:

# sosreport -k rpm.rpmva=off

source

Read More Add comment

Securitytube.net - Train to Hack for Free

By 0x000216

Read

0 Comments

Read More Add comment

Energy Firms #Hacked By #Dragonfly Group

By 0x000216

Read

0 Comments

More than 1,000 energy companies in North America and Europe have been compromised in a huge malware attack unearthed by US security firm Symantec.

The hackers are thought to be part of an Eastern European collective known as Dragonfly, which has been in operation since at least 2011.

Targets included energy grid operators and industrial equipment providers.

"Its primary goal appears to be espionage," Symantec said.

Sabotage operations

Eighty four countries were affected, although most of the victims were located in the United States, Spain, France, Italy, Germany, Turkey, and Poland.

Since 2013 Dragonfly has been targeting organisations that use industrial control systems (ICS) to manage electrical, water, oil, gas and data systems.

Symantec said Dragonfly had accessed computers using a variety of techniques, including attaching malware to third-party programs, emails and websites, giving it "the capability to mount sabotage operations that could have disrupted energy supplies across a number of European countries".

It had used Backdoor.Oldrea to gather system information, including the computers' Outlook address book and a list of files and programs installed, and Trojan.Karagany to upload stolen data, download new files and run them on infected computers, Symantec said.

'Interesting and concerted'

"The way Dragonfly targeted the companies in question was - while not groundbreaking - interesting and concerted. It appears they clearly mapped out their intended plan of attack," said Rob Cotton, CEO at global information assurance firm NCC Group.

"The increasing frequency and sophistication of these attacks whilst concerning should not be a cause of alarm for the average consumer - yet. Government departments such as the CPNI (Centre for the Protection of National Infrastructure) provide sound advice to all key components of our society, ensuring the lights stay on and similar core services and functions critical to our way of life are available."

The attack is similar to the Stuxnet computer worm, which was designed to attack similar industrial controllers in 2010 and reportedly ruined almost 20% of Iran's nuclear power plants.

Symantec said Dragonfly "bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability".

Independent computer security analyst Graham Cluley told the BBC that the motivation for the attack was unclear, but agreed that many would suspect the attacks were sponsored by a foreign state, highlighting a new era of online crime:

"There is no doubt that we have entered a new era of cybercrime, where countries are not just fighting the threat - but are also exploiting the internet for their own interests using the same techniques as the criminals."

Dr Andrew Rogoyski, chair of techUK Cyber Security Group, told the BBC that "on the face of it, the attacks seem much more benign than Stuxnet but time and further analysis will tell."

source

Read More Add comment