Archive | March, 2008


31 March 2008 | 9,606 views

WSFuzzer – Web Services Fuzzing Tool for HTTP and SOAP

WSFuzzer is a fuzzing tool targetting HTTP and SOAP based web services. The program currently targets Web Services. In the current version HTTP based SOAP services are the only supported targets. This tool was created based on, and to automate, some of the manual SOAP pen testing work we perform. This tool is NOT meant [...]

Continue Reading


28 March 2008 | 12,742 views

Mac owned on 2nd day of Pwn2Own hack contest

I have been following this contest and was wondering which OS would be first to fall (if any) seen as though they were all fully patched and the latest versions. For those that don’t know Pwn2Own is a contest at CanSecWest open to anyone to hack a Windows, Linux or Mac OSX box with a [...]

Continue Reading


27 March 2008 | 13,123 views

Webshag v1.00 – Web Server Auditing Tool (Scanner and File Fuzzer)

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing. Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication (Basic and Digest). In addition to [...]

Continue Reading


26 March 2008 | 15,277 views

httprecon – Advanced Web Server Fingerprinting

httprecon is a tool for advanced web server fingerprinting, similar to httprint that we mentioned previously. The httprecon project is doing some research in the field of web server fingerprinting, also known as http fingerprinting. The goal is the highly accurate identification of given httpd implementations. This is very important within professional vulnerability analysis. Besides [...]

Continue Reading


25 March 2008 | 19,368 views

Hacking Windows NT Through IIS & FTP

This is another selection from the Old Skool Philes, I like these as they tend to generate some good discussion and they are a good introduction to newcomers to hacking on the mindset and workflow of getting access to a box. The exact methods may not work, but we aren’t here to train script kiddies, [...]

Continue Reading


24 March 2008 | 14,632 views

SecurityCompass Exploit-Me – Firefox Web Application Testing Tools

Exploit-Me is a suite of Firefox web application security testing tools. Exploit-Me tools are designed to be lightweight and easy to use. Instead of using a proxy like many web application testing tools, Exploit-Me integrates directly with Firefox. It currently consists of two tools, one for XSS and one for SQL Injection. The Exploit-Me series [...]

Continue Reading


21 March 2008 | 40,991 views

New Windows XP & Vista Full Take-over Hack with Firewire

This Firewire hack seems to be creating a big buzz, from what I’ve read it also works on Vista as for some odd reason the Firewire port gets access to the whole memory space in DMA mode – not just what it needs to function – so you can read from anything stored in memory [...]

Continue Reading


20 March 2008 | 5,396 views

.NETIDS – .NET Intrusion Detection System

This tool is another one on the side of protection, again for web-based applications but this time for .NET applications it’s called .NETIDS (.NET Intrusion detection System). This tool is capable of detecting on attacks on web applications and gives the developer the possibility to react. The project files include filter rules and function stubs [...]

Continue Reading


19 March 2008 | 3,841 views

Core Security to Expand Market with Mark Hatton

It seems like security/pen-testing software can be quite lucrative – especially with the prices Core Security charge for their flagship tool Core Impact (Around $25,000 per seat?). They have offices in two countries and are now looking to expand into new markets, anyway this is a bit of corporate security news for a change. They [...]

Continue Reading


17 March 2008 | 10,551 views

Inguma 0.0.7.2 Released for Download – Penetration Testing Toolkit

For those that don’t know, Inguma is an open source penetration testing and vulnerability research toolkit written completely in Python. The environment is mainly oriented to attack Oracle related systems but, anyway, it can be used against any other kind of systems. It’s becoming a mature and useful package! I’m glad to see continued developing [...]

Continue Reading