We got an e-mail a while back about this new and apparently simple Oracle Application Server scanner.
It detects web pages, DADs (Database Access Descriptors) and test applications installed by default.
It may be useful for system hardening and pen-test.
You can download OAPScan here:
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
Grype – Vulnerability Scanner For Container Images & Filesystems
APT-Hunter – Threat Hunting Tool via Windows Event Log
GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
At Black Hat Europe (in Amsterdam) security experts from India (Nitin and Vipin Kumar of NV labs) demonstrated a special boot loader that gets around Vista’s code-signing mechanisms. Known as VBoot and launching from a CD and booting Vista it can make on-the-fly changes in memory and in files being read.
In a demonstration, the “boot kit” managed to run with kernel privileges and issue system rights to a CMD shell when running on Vista RC2 (build 5744), even without a Microsoft signature
Experts say that the fundamental problem that this highlights is that every stage in Vista’s booting process works on blind faith that everything prior to it ran cleanly. The boot kit is therefore able to copy itself into the memory image even before Vista has booted and capture interrupt 13, which operating systems use for read access to sectors of hard drives, among other things.
As soon as the NT Boot sector loads Bootmgr.exe, VBootkit patches the security queries that ensure integrity and copies itself into an unused area of memory. Something similar is done with the subsequent boot stages of Winload.exe and NTOSKrnl.exe so that the boot kit is running in the background when the system is finally booted; at no time are Vista’s new security mechanisms, which were intended to prevent unsigned code from being executed with kernel privileges, set off.
Interesting eh, seen as though Microsoft touts Vista as so secure…and it’s already been taken apart.
It might lead to some interesting workarounds for DRM and video content protection.
From the Black Hat release:
Vboot kit is first of its kind technology to demonstrate Windows vista kernel subversion using custom boot sector. Vboot Kit shows how custom boot sector code can be used to circumvent the whole protection and security mechanisms of Windows Vista. The booting process of windows Vista is substantially different from the earlier versions of Windows. The talk will give you:
- details and know abouts for the Vista booting process.
- explain the vboot kit functionality and how it works.
- insight into the Windows Vista Kernel.
We will also review sample Ring 0 Shell code (for Vista). The sample shellcode effectively raises the privileges of certain programs to SYSTEM. A live demonstration of vboot kit POC will be done.
Source: Heise Security
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
Grype – Vulnerability Scanner For Container Images & Filesystems
APT-Hunter – Threat Hunting Tool via Windows Event Log
GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.
ProxyFuzz is a good tool for quickly testing network protocols and provide with basic proof of concepts. Using this tool you will be amazed by the poor quality of software and you will see clients and servers dying upon unexpected input, just be prepared to see the very weird behaviours.
Syntax of ProxyFuzz:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
ProxyFuzz 0.1, Simple fuzzing proxy by Rodrigo Marcos usage(): python proxyfuzz -l <localport> -r <remotehost> -p <remoteport> [options] [options] -w: Number of requests to send before start fuzzing -c: Fuzz only client side (both otherwise) -s: Fuzz only server side (both otherwise) -u: UDP protocol (otherwise TCP is used) -v: Verbose (outputs network traffic) -h: Help page |
A demo of ProxyFuzz is available here.
The video shows ProxyFuzz proxying traffic between a VMWare Console and a VMWare Server. This is just a dumb example of the things you can do with this tool.
Download ProxyFuzz 0.1 Source Code
Download ProxyFuzz 0.1 Windows Binary
Or read more here.
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
Grype – Vulnerability Scanner For Container Images & Filesystems
APT-Hunter – Threat Hunting Tool via Windows Event Log
GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
The Kcpentrix Project was founded in May 2005 , KCPentrix 1.0 was liveCD designed to be a standalone Penetration testing toolkit for pentesters, security analysts and System administrators
What’s New in KcPentrix 2.0
Now release 2.0 is a liveDVD, It features a lot of new or up to date tools for auditing and testing a network, from scanning and discovering to exploiting vulnerabilities
Kcpentrix is based on SLAX 5, a Slackware live DVD, the Powerful modularity which Kcpentrix uses, allow it to be easily customised and include relevant modules.
It has switched to 2.6 kernel line and Zisofs compression was replaced by SquashFS, which provides better compression ratio and higher read speed.
You can download the ISO from Kcpentrix.com or Securitydistro.com here:
Or read more here.
Some of the key tools/software included:
ARP
arping-2.04
seringe
arp-sk
arpspoof
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
Grype – Vulnerability Scanner For Container Images & Filesystems
APT-Hunter – Threat Hunting Tool via Windows Event Log
GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
This is some pretty interesting news, rather than trying to cover things up like normal during July the Philippine government will be soliciting hackers to test the security of their Internet voting system.
I think it’s a great initiative from the International Foundation for Electoral System.
Local and foreign computer hackers will be tapped to try and break into an Internet-based voting system that will be pilot tested by the country’s Commission on Elections (Comelec) starting July 10.
The Internet voting system, developed by Spanish firm Scytl Consortium, is worth $452,000. Comelec will pilot test the system from July 10 to 30 for voters in Singapore, where there are 26,853 registered absentee voters.
The results of the polls, which will use survey questions, will be non-binding, which means it will not affect official elections results.
I think it might work out better if some kind of prize or at least incentive was offered for anyone who could successfully compromise the voting system, things usually work out better that way.
Comelec commissioner Florentino Tuason Jr. told local reporters they have already asked the help of the International Foundation for Electoral System (IFES), a Washington-based IFES non-profit organization, in getting professional hackers to test the security of the Internet voting system.
“When Scytl presented the system, everybody was impressed on the security features. It is covered by international patent and it has been declared secured by no less than Switzerland and everyone in the global community should respect that decision,” Tuason told reporters in a conference Tuesday.
Scytl’s computerized voting system is also being used in countries such as the U.S., Switzerland, and Belgium.
It’ll certainly be interesting to see how the systems ‘impressive security’ stands up against a bunch of random hackers.
Source: All Headline News
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
Grype – Vulnerability Scanner For Container Images & Filesystems
APT-Hunter – Threat Hunting Tool via Windows Event Log
GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment.
It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered. It is written in PERL and runs on Unix-like boxes.
Features
What’s New?
You can find it, together with a flash demo of its features, at the address:
Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
Grype – Vulnerability Scanner For Container Images & Filesystems
APT-Hunter – Threat Hunting Tool via Windows Event Log
GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
