illmob

So bitcoins are up to $235 today, just a friendly reminder of some tools I made. The bitcoin_jacker.rb that is part of the metasploit repo since 2011 ::HERE:: and a stand alone version made in MASM RobinHood which you will have to edit and compile yourself. If I help make you rich please toss some coinage my way 🙂
1KAhtigRFREAY7qnr78DKiQFLPETmwG15q

http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html

Like clockwork , the new 0day has been added to metasploit. eromang was quick to record a demo of the exploit in action http://eromang.zataz.com

Spotted in the wild, reports are still coming in.
malware.dontneedcoffee.com
The files
blog.spiderlabs.com
decrypted java source

mimikatz now supports saved domain credentials dumping (task scheduler included) also visit site in chrome unless you manually want to translate it. blog.gentilkiwi.com

Kernel rootkit, that lives inside the Windows registry value data and uses a buffer overflow of win32k.sys for persistance. Check it out ::HERE::

While the concept on DMA through firewire isn’t new (around 2006-ish with
Winlockpwn – no longer developed.) A new project has picked up where winlockpwn left off. The newer version called Inception is able to unlock winxp,vista,7,8,osx,ubuntu,mint. It works over FireWire, Thunderbolt, ExpressCard and PCMCIA . If the machine doesnt have it you can slap one in and the driver should automatically install even though its locked. Great for bypassing machines that have encryption like bitlocker, trucrypt, etc… that are left locked. Newer version of OSX have patched this though as of Oct. 2011. I tested on Backtrack5 r3 against winxp,win7 x32, and OSX 10.7.3 and it worked like a charm.
Check it out ::HERE::

Mark Gamache posted on his blog on how he was able to break the NTLM handshake using cloudcracker.com. Check it out ::HERE::

Kingcope was busy today dropping some new 0days for MySQL, FreeSSHD, & FreeFTPD
check em out
MySQL 5.1/5.5 WiNDOWS REMOTE R00T
MySQL Windows Remote System Level Exploit (Stuxnet technique)
MySQL (Linux) Database Privilege Elevation
MySQL (Linux) Heap Based Overrun
FreeSSHD Remote Authentication Bypass
FreeFTPD Remote Authentication Bypass

VMInjector is a tool designed to bypass OS login authentication screens of major operating systems running on VMware Workstation/Player, by using direct memory manipulation it can be used if the password of a virtual host is forgotten and requires reset. VMInjector can currently bypass locked Windows, Ubuntu and Mac OS X operation systems (x32 & x64).

You can grab a copy ::HERE::