Archive | March, 2008

WSFuzzer – Web Services Fuzzing Tool for HTTP and SOAP

Outsmart Malicious Hackers

WSFuzzer is a fuzzing tool targetting HTTP and SOAP based web services.

The program currently targets Web Services. In the current version HTTP based SOAP services are the only supported targets. This tool was created based on, and to automate, some of the manual SOAP pen testing work we perform. This tool is NOT meant to be a replacement for solid manual human analysis. Please view WSFuzzer as a tool to augment analysis performed by competent and knowledgeable professionals. Web Services are not trivial in nature so expertise in this area is a must for proper pen testing.

In talking to users of the program it has come to my attention that a note must be made about the results generated from a WSFuzzer run. Be advised that WSFuzzer does not currently do any analysis of the results gathered. That job is yours as the analyst/engineer running the program during a pen test.


  • Attacks a web service based on either valid WSDL, a valid endpoint & namespace, or it can try to intelligently detect WSDL for a given target. As of version 1.6 WSFuzzer includes a simple TCP port scanner.
  • It gives you the ability to handle methods with multiple parameters. Each parameter is handled as a unique entity and can either be attacked or left alone. As of version 1.8.1 this was taken one step further, there are now 2 modes of attacking parameters. The traditional mode is unchanged and is now called “individual” mode due to the fact that each param is fuzzed individually. The new mode is “simultaneous” and attacks multiple parameters simultaneously with a given data set. See the usage examples below for more info.
  • The fuzz generation (attack strings) consists of a combination of a dictionary file, some optional dynamic large injection patterns, and some optional method specific attacks including automated XXE and WSSE attack generation.
  • The tool provides the option of using some IDS Evasion techniques which makes for a powerful security infrastructure (IDS/IPS) testing experience.
  • A time measurement of each round trip between request and response is now provided to aid in results analysis.

WSFuzzer is a dangerous tool so be forewarned, you can easily bring down your target if it susceptible to any of the attack vectors generated and sent in.

You can download WSFuzzer here:

WSFuzzer version

Or read more here.

Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Bluto – DNS Recon, Zone Transfer & Brute Forcer
- dork-cli – Command-line Google Dork Tool
- T50 – The Fastest Mixed Packet Injector Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,024,648 views
- Brutus Password Cracker – Download AET2 - 1,610,727 views
- wwwhack 1.9 – Download Web Hacking Tool - 707,862 views

Mac owned on 2nd day of Pwn2Own hack contest

Keep on Guard!

I have been following this contest and was wondering which OS would be first to fall (if any) seen as though they were all fully patched and the latest versions. For those that don’t know Pwn2Own is a contest at CanSecWest open to anyone to hack a Windows, Linux or Mac OSX box with a varying set of conditions.

Not one person entered the first day, perhaps they don’t want to divulge those heavy exploits…or perhaps no one had any. The second day had a lot more entrants. It’ll be interesting to see what the 3rd day turns up when everything is open to attack.

A brand-new MacBook Air running a fully patched version of Leopard was the first to fall in a contest that pitted the security of machines running OS X, Vista and Linux. The exploit took less than two minutes to pull off.

Charlie Miller, who was the first security researcher to remotely exploit the iPhone, felled the Mac by tapping a security bug in Safari. The exploit involved getting an end user to click on a link, which opened up a port that he was then able to telnet into. Once connected, he was able to remotely run code of his choosing. The feat won him a $10,000 prize paid by Tipping Point, whose Zero Day Initiative pays bounties to researchers for responsibly disclosing vulnerabilities.

Interesting the exploit came in Safari, but gave full control. Still $10,000 is not bad for a days work (I’d imagine though he’s probably prepared the exploit earlier).

I was somehow expecting Mac to fall first.

At time of writing, the Windows and Linux machines were still standing.

Under contest rules, Miller was forbidden from providing specifics of his hack. He said he chose Apple over the other machines because “I thought of the three it was the easiest”. He said he didn’t test the exploit on any other platform. As a Mac user, he added, he felt an incentive to exploit the system because he believes it will help make the platform stronger.

Miller’s win came on day two of the contest, which gradually eases the rules for what constitutes as qualifying exploit. Not a single attendee entered the contest on day one, when all vulnerabilities had to reside in the machine’s operating system, drivers or network stack. Winners were eligible for a $20,000 prize.

On day two, the attack surface was expanded to include browsers, mail applications and other common applications, and the bounty was reduced to $10,000. Contestants on day three will be allowed to attack still more applications, such as Skype, QuickTime and browser plugins for a $5,000 prize.

I wonder if any of our readers are attending CanSecWest, any of you guys there? Having a go at the contest?

I think more things should be organized like this, at the end of it – it really does make all the OSes more secure. Saying that though just because no-one exploited it, doesn’t mean the vulnerability isn’t there and the bad boys aren’t already using it.

It’s been shown before, the underground is always ahead…and a vulnerability with exploit for a fully patched Windows machine is worth way more than $20,000!

Source: The Register

Posted in: Apple, Events/Cons, Exploits/Vulnerabilities

Tags: , , , , , , , , , ,

Posted in: Apple, Events/Cons, Exploits/Vulnerabilities | Add a Comment
Recent in Apple:
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- FBI Backed Off Apple In iPhone Cracking Case
- Mac OS X Ransomware KeRanger Is Linux Encoder Trojan

Related Posts:

Most Read in Apple:
- KisMAC – Free WiFi Stumbler/Scanner for Mac OS X - 83,273 views
- Apple Struggling With Security & Malware - 24,156 views
- Java Based Cross Platform Malware Trojan (Mac/Linux/Windows) - 16,190 views

Webshag v1.00 – Web Server Auditing Tool (Scanner and File Fuzzer)

Keep on Guard!

Webshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.

Webshag can be used to scan a web server in HTTP or HTTPS, through a proxy and using HTTP authentication (Basic and Digest). In addition to that it proposes innovative IDS evasion functionalities aimed at making correlation between request more complicated (e.g. use a different random per request HTTP proxy server).

It also provides innovative functionalities like the capability of retrieving the list of domain names hosted on a target machine and file fuzzing using dynamically generated filenames (in addition to common list-based fuzzing).

Webshag URL scanner and file fuzzer are aimed at reducing the number of false positives and thus producing cleaner result sets. For this purpose, webshag implements a web page fingerprinting mechanism resistant to content changes. This fingerprinting mechanism is then used in a false positive removal algorithm specially aimed at dealing with “soft 404” server responses. Webshag provides a full featured and intuitive graphical user interface as well as a text-based command line interface and is available for Linux and Windows platforms, under GPL license.

You can download Webshag v1.00 here:

Linux (tarball)ws100_linux.tar.gz
Windows (installer)ws100_win.exe

Or read more here.

Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Bluto – DNS Recon, Zone Transfer & Brute Forcer
- dork-cli – Command-line Google Dork Tool
- T50 – The Fastest Mixed Packet Injector Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,024,648 views
- Brutus Password Cracker – Download AET2 - 1,610,727 views
- wwwhack 1.9 – Download Web Hacking Tool - 707,862 views

httprecon – Advanced Web Server Fingerprinting

Outsmart Malicious Hackers

httprecon is a tool for advanced web server fingerprinting, similar to httprint that we mentioned previously.

The httprecon project is doing some research in the field of web server fingerprinting, also known as http fingerprinting. The goal is the highly accurate identification of given httpd implementations. This is very important within professional vulnerability analysis.

Besides the discussion of different approaches and the documentation of gathered results also an implementation for automated analysis is provided. This software shall improve the easiness and efficiency of this kind of enumeration. Traditional approaches as like banner-grabbing, status code enumeration and header ordering analysis are used. However, many other analysis techniques were introduced to increase the possibilities of accurate web server fingerprinting.

httprecon - Web Server Fingerprinting

Besides the well-known enumeration of http response status codes and header-ordering several other fingerprinting mechanisms were introduced. For example the capitalization of header lines, the use of spaces and the structure of ETag values (e.g. length and quotes).

There are nine test cases in which the behavior of the target service ismapped. These are:

  • legitimate GET request for an existing resource
  • very long GET request (>1024 bytes in URI)
  • common GET request for a non-existing resource
  • common HEAD request for an existing resource
  • allowed method enumeration with OPTIONS
  • usually not permitted http method DELETE
  • not defined http method TEST
  • non-existing protocol version HTTP/9.8
  • GET request including attack patterns (e.g. ../ and %%)

This increases the amount of fingerprints to distinguish the given implementation. Thus, the accuracy of the fingerprinting series is very high. Theoretically httprecon 1.x is able to generate approx. 198 fingerprint atoms per full scan run (usually between 80 and 120 are given).

You can download httprecon 4.3 here:

Binary –
Source –

Or read more here.

Posted in: Hacking Tools, Network Hacking, Web Hacking

Tags: , , , , , , , , , , ,

Posted in: Hacking Tools, Network Hacking, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Bluto – DNS Recon, Zone Transfer & Brute Forcer
- dork-cli – Command-line Google Dork Tool
- T50 – The Fastest Mixed Packet Injector Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,024,648 views
- Brutus Password Cracker – Download AET2 - 1,610,727 views
- wwwhack 1.9 – Download Web Hacking Tool - 707,862 views

Hacking Windows NT Through IIS & FTP

Outsmart Malicious Hackers

This is another selection from the Old Skool Philes, I like these as they tend to generate some good discussion and they are a good introduction to newcomers to hacking on the mindset and workflow of getting access to a box. The exact methods may not work, but we aren’t here to train script kiddies, we just want to make you think.

Johnny Hacker has a Windows NT Server at home. Why? Because he knows if he’s going to hack NT he’s best using the same type of computer…it gives him all the necessary tools. He has installed RAS and has a dial-up connection to the Internet. One morning, around 2:00am he dials into the Internet…his IP address is dynamically assigned to him. He opens up a Command Prompt window and gets down to work. He knows’s web server is running IIS. How? Because he once did a search on “batch fil es as CGI” using Excites search engine. That phrase is in Chapter 8 of Internet Information Server’s on-line help….and unfortunately it’s been indexed by Excite’s spider…now Johnny has a list of around 600 web servers running IIS.

He ftps to He isn’t even sure yet if the server is running the ftp service. He knows if he gets a connection refused message it wont be…he’s in luck though…the following appears on the screen:

This connection message tells him something extremely important : The NetBIOS name of the server : SATURN. From this he can deduce the name of the anonymous internet account that is used by NT to allow people to anonymously u se the WWW, FTP and Gopher services on the machine. If the default account hasn’t been changed, and he knows that it is very rare if it has been changed, the anonymous internet account will be called IUSR_SATURN. This information will be needed later if he’s to gain Administrator access to the machine. He enters “anonymous” as the user and the following appears:

Johnny often tries the “guest” account before using “anonymous” as the user. A fresh install of NT has the “guest” account disabled but some admins enable this account….and the funny thing is they usually put a weak password on it such as ‘guest’ or no password at all. If he manages to gain access to the ftp service with this account he has a valid NT user account….everything that the “guest” account has access to…so does Johnny, and sometimes that can be almost everything. He knows he can access their site now…but there is still a long way to go yet….even at this point he still might not get access. At this point he doesn’t even supply a password…he just presses enter and gets a message stating that the Anonymous user is logged in.

First off he types “cd /c” because some admins will make the the root of the drive a virtual ftp directory and leave the default alias name : “/c”. Next he sees whether he can actually “put” any files onto the site ie. is the write permission enabled for this f tp site. He’s in luck. Next he types “dir” to see what he has access to. He chuckles to himself when he sees a directory called “CGI-BIN”. Obviously the Webmaster of the NT machine has put this here with the rest of the WWW site so he can remotely make changes to it. Johnny knows that the CGI-BIN has the “Execute” permission so if he can manage to put any program in here he can run it from his web browser. He hopes that the Webmaster hasn’t, using NTFS file-level security, cut off write access to the anonymous internet account to this directory…even though he knows there are sometimes ways round this. He changes to the CGI-BIN directory and then changes the type to I by using the command “binary”. Then he types “put cmd.exe”. He’s in luck..he gets the following response :

Next he puts getadmin.exe and gasys.dll into the same directory. With these three files in place he doesn’t even gracefully “close” the ftp session; he just closes the Command Prompt window. With a smile on his face he leans back and lights a smoke, savouring the moment…he knows he has them…. After crunching the cigarette out in an overflowing ashtray he connects to AOL. He does this because if logging is enabled on the NT machine the IP address of AOL’s proxy server will be left and not his own…not that it really matters because soon he’ll edit the logfile and wipe all traces of his presence. Opening up the web browser he enters the following URL:

After about a fifteen second wait the following appears on his web browser:

The headers it did return are:

He has just made the anonymous internet account a local administrator and consequently using this account he can do pretty much what he wants to. Firstly though, he has to create an account for himself that he can use to connect to the NT server using NT Explorer and most of the Administrative tools. He can’t use the IUSR_SATURN account because he doesn’t know the randomly generated password. To create an account he enters the following URL:


He has just created an account called “cnn” with the password “news”. To make the account a local administrator he enters the following URL:

It has taken him less than ten minutes to do all of this. He disconnects from AOL and clicks on start, goes upto find and does a search for the computer After about a minute the computer is found, next he right clicks on the “computer” and then clicks on Explore. NT Explorer opens and after a little wait Johnny is prompted for a user-name and password. He enters “cnn” and “news”. Moments later he is connected. Admin rights for the computer are appended to his own security access token…now he can do anything. Using User Manager for Domains he can retrieve all the account information; he can connect to the Internet Service Manager; he can view Server Manager…first though, using NT Explorer he maps a drive to the hidden system share C$. He changes to the Winnt\system32\logfiles directory and opens up the logfile for that day. He deletes all of the log entries pertaining to his “visit” and saves it. If he gets any message about sharing violations all he has to do is change the date on the computer with the following URL:

Next, using the Registry Editor he connects to the registry on the remote computer. Then using L0phtcrack he dumps the SAM (the Security Accounts Manager – holds account info) on the NT server and begins cracking all the passwords on the machine. Using the Task Manager he sets the priority to Low because L0phtcrack is fairly processor intensive (NB L0phtcrack ver 2.0 sets the priority to Low anyway) and there is still a few thing he must do to hide the fact that that some-one has gained entry. He deletes cmd.exe, getadmin.exe and gasys.dll from the cgi-bin, then he checks the security event log for the remote NT server using Event Viewer to see if he’s left any traces there.

Finally using User Manager for Domains he removes admin rights from the IUSR_SATURN account and deletes the cnn account he created a few moments earlier. He doesn’t need this account anymore….L0phtcrack will be able to brute force all the accounts. Next time he connects to this machine it will be using the Administrator account. He breaks his connection to the Internet and sets L0phtcrack’s priority to High, leaves it running and heads to bed…Looking at his alarm clock : it’s just passed 2:30am….Sighing to himself, he mumbles, “Sheesh, I’m getting slow!” and falls asleep with a grin on his face.

The original filename was ntremote.txt – Author Unknown

Posted in: Old Skool Philes, Windows Hacking

Tags: , , , , , , , ,

Posted in: Old Skool Philes, Windows Hacking | Add a Comment
Recent in Old Skool Philes:
- Hacking Windows NT Through IIS & FTP
- Writing Worms for Fun or Profit
- Web Based E-mail (Hotmail Yahoo Gmail) Hack/Hacking with JavaScript

Related Posts:

Most Read in Old Skool Philes:
- Web Based E-mail (Hotmail Yahoo Gmail) Hack/Hacking with JavaScript - 313,245 views
- Remote Network Penetration via NetBios Hack/Hacking - 244,947 views
- How to get Ops and takeover a channel on IRC Hack Hacking - 183,097 views

SecurityCompass Exploit-Me – Firefox Web Application Testing Tools

Keep on Guard!

Exploit-Me is a suite of Firefox web application security testing tools. Exploit-Me tools are designed to be lightweight and easy to use. Instead of using a proxy like many web application testing tools, Exploit-Me integrates directly with Firefox. It currently consists of two tools, one for XSS and one for SQL Injection.

The Exploit-Me series was originally introduced at the SecTor conference in Toronto. The slides for the presentation are available for download [PDF].

Currently in their beta release stage, these open source (GPL v3) FireFox plug-ins search through web applications for vulnerable visible and hidden form fields to perform input validation attacks.


XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS). It does NOT currently test for stored XSS.

The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack.

If the resulting HTML page sets a specific JavaScript value (document.vulnerable=true) then the tool marks the page as vulnerable to the given XSS string.

The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.

SQL Inject-Me

SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.

The tool work by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack.

The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.

The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.

You can get XSS-Me and SQL Inject-Me here:

Download XSS-Me Now!
Download SQL Inject-Me Now!

Or read more here.

Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Bluto – DNS Recon, Zone Transfer & Brute Forcer
- dork-cli – Command-line Google Dork Tool
- T50 – The Fastest Mixed Packet Injector Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,024,648 views
- Brutus Password Cracker – Download AET2 - 1,610,727 views
- wwwhack 1.9 – Download Web Hacking Tool - 707,862 views

New Windows XP & Vista Full Take-over Hack with Firewire

Outsmart Malicious Hackers

This Firewire hack seems to be creating a big buzz, from what I’ve read it also works on Vista as for some odd reason the Firewire port gets access to the whole memory space in DMA mode – not just what it needs to function – so you can read from anything stored in memory with the right tools.

Pretty worrying eh? There is a few ways to secure yourself if you feel this is a threat (Disable the 1394 bus or disable DMA).

A security consultant based in New Zealand has released a tool that can unlock Windows computers in seconds without the need for a password.

Adam Boileau first demonstrated the hack, which affects Windows XP computers but has not yet been tested with Windows Vista, at a security conference in Sydney in 2006, but Microsoft has yet to develop a fix.

Interviewed in ITRadio’s Risky Business podcast, Boileau said the tool, released to the public today, could “unlock locked Windows machines or login without a password … merely by plugging in your Firewire cable and running a command”.

If you are interested in the details and want to read about the Windows Vista Firewire hack you can do so here [PDF].

As I’ve always said though, if you have physical access you basically own the machine. Physical security of servers is a lot more important than many people think.

To use the tool, hackers must connect a Linux-based computer to a Firewire port on the target machine. The machine is then tricked into allowing the attacking computer to have read and write access to its memory.

With full access to the memory, the tool can then modify Windows’ password protection code, which is stored there, and render it ineffective.

Older desktop computers do not come equipped with Firewire ports, which are needed for the hack to work, but many recent models do. Most laptops made in the last few years include Firewire ports.

Microsoft has been unavailable for comment about this issue of course. The FD thread is extremely long, if you are interested in reading it you can do so here.

Source: Sydney Morning Herald

Posted in: Exploits/Vulnerabilities, Windows Hacking

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Windows Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- DJI Firmware Hacking Removes Drone Flight Restrictions
- GnuPG Crypto Library libgcrypt Cracked Via Side-Channel
- NotPetya Ransomeware Wreaking Havoc

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 238,533 views
- AJAX: Is your application secure enough? - 120,734 views
- eEye Launches 0-Day Exploit Tracker - 86,319 views

.NETIDS – .NET Intrusion Detection System

Keep on Guard!

This tool is another one on the side of protection, again for web-based applications but this time for .NET applications it’s called .NETIDS (.NET Intrusion detection System). This tool is capable of detecting on attacks on web applications and gives the developer the possibility to react. The project files include filter rules and function stubs to react on possible intrusions which may vary from logging to warning or redirecting the user.

The goal of this project is to provide am additional layer of protection to any .NET application this project is used with. This also includes the detection of XSS, directory traversal, SQL injections, protection against overwriting JS objects and methods, advanced logging functions, categorization and tagging of the single filter rules and interfaces for reacting on possible intrusions.

.NET IDS is a actually a port of PHPIDS, which we’ve mentioned before, to the .NET Framework. The library is fully CLS compliant and implements exactly the same filtering sets as the PHP version.

.NETIDS can be used in three ways.

The first method is by inheriting your ASP.NET pages from the SecurePage class. This offers an easy and customizable way to scan page input. If you are relatively new to the .NET Framework this is the simplest way to secure your applications.

The second method is more customizable but harder to implement for novice programmers and involves working directly with the IDS objects.

The third method (available in the upcoming release) is by using the supplied HttpModule.

You can find the documentation here:

You can download .NET IDS v. here:

Or you can read more here.

Posted in: Countermeasures, Programming, Security Software

Tags: , , , , , , , , , , , , , , ,

Posted in: Countermeasures, Programming, Security Software | Add a Comment
Recent in Countermeasures:
- maltrail – Malicious Traffic Detection System
- Massive Acunetix Online Update Brings New Features & UI
- PwnBin – Python Pastebin Search Tool

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,734 views
- Password Hasher Firefox Extension - 118,207 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,831 views

Core Security to Expand Market with Mark Hatton

Keep on Guard!

It seems like security/pen-testing software can be quite lucrative – especially with the prices Core Security charge for their flagship tool Core Impact (Around $25,000 per seat?).

They have offices in two countries and are now looking to expand into new markets, anyway this is a bit of corporate security news for a change. They have hired a new CEO – ex Sophos executive Mark Hatton.

Less than a year after an executive reshuffle prompted questions about its direction and viability, Core Security Technologies has hired a new chief executive to pilot its push beyond the niche penetration-testing market.

Core Security, which employs about 130 people in offices in Boston, Mass., and Buenos Aires, Argentina, has tapped former Sophos executive Mark Hatton as its new CEO amidst strong hints that new technology pieces could be added to position the company as more than a specialized vulnerability scanning outfit.

“We have a really good opportunity to rise above the niche pen-test market,” Hatton said in an interview with eWEEK. “We already provide very valuable insight as to where vulnerabilities lie and show [an enterprise] the extent of damage that can occur. We can add a few pieces and provide a much more unified view of how well the security infrastructure is working.”

Their product is very good and the reporting capabilities are way better than the free software out there (that matters a lot when turn-around time is short in a commercial pen-test or VA).

I wonder what markets they are going to move into? Perhaps log aggregation or system architecture security management (more like GFI Languard?).

Hatton declined to discuss future strategic moves, but a quick glance at his track record at Sophos, an enterprise-facing anti-virus vendor that successfully repositioned itself as a full-fledged endpoint security player, suggests that Core Security could be moving in that direction.

“We are in a position today where [Core’s] technology is good and the marketplace is generally opening up,” Hatton said. “If you look at the evolution of Sophos, it was a specialized anti-virus company in the beginning and then it redefined endpoint security and NAC-type offerings. I see Core taking a similar path. We’ll define and evolve this market beyond pen-testing.”

Metasploit Framework has definitely raised some doubts for them though and put them under the spotlight, especially after last year when two of their top honchos left the company. And other much cheaper alternatives like Immunity Canvas.

This is one of the few times you’ll see me talk about commercial software – I tend to stick to the free stuff. Would any one be interested in some info about commercial tools too?

Source: eWeek

Posted in: General News, Security Software

Tags: , , , , , , , , , ,

Posted in: General News, Security Software | Add a Comment
Recent in General News:
- Security Vendor Trustwave Bought By Singtel For $810M
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,543 views
- eEye Launches 0-Day Exploit Tracker - 86,319 views
- Seattle Computer Security Expert Turns Tables On The Police - 45,326 views

Inguma Released for Download – Penetration Testing Toolkit

Keep on Guard!

For those that don’t know, Inguma is an open source penetration testing and vulnerability research toolkit written completely in Python. The environment is mainly oriented to attack Oracle related systems but, anyway, it can be used against any other kind of systems.

It’s becoming a mature and useful package! I’m glad to see continued developing and especially that they are concentrating on fixing bugs and improving the modules rather than adding loads of new features and just making it worse.

In this version there is new modules added, new exploits, many many bug fixes and the enhancing of existing modules, such as the Oracle related stuff.

PyShellcodelib has been enhanced as well and now supports Mac OS X. But, for the moment, just BSD syscalls. Mac syscalls implementation is on the way. You will also notice that it is now object oriented as opposed to the previous versions.

Among with the aforementioned changes, there are 5 new Oracle modules: 4 modules for bugs fixed in the Critical Patch Update of
January 2008 and one skr1pT k1|>i3 like module for the Oracle PL/SQL gateway flaw. Give to the module the target’s address and port and run “oragateway”. The module will automagically guess the correct DAD and bypass technique. After it an SQL terminal will be opened.

The new modules added to the framework are the following:

  • nikto: A plugin that uses Nikto based databases (Thanks you Sullo!).
  • archanix: As you may imagine, it gathers information from archaic Unix services.
  • brutesmtp: A brute forcer for SMTP servers.
  • anticrypt: A tool to guess the encryption algorithm of a password’s hash. It saves a lot of time when auditing passwords.

They are also getting the documentation together (this is the first release) on the Wiki here:

You can download Inguma here:


Or read more here.

Posted in: Database Hacking, Exploits/Vulnerabilities, Hacking Tools

Tags: , , , , , , , ,

Posted in: Database Hacking, Exploits/Vulnerabilities, Hacking Tools | Add a Comment
Recent in Database Hacking:
- Another MongoDB Hack Leaks Two Million Recordings Of Kids
- MongoDB Ransack – Over 33,000 Databases Hacked
- DBShield – Go Based Database Firewall

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 79,164 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,883 views
- SQLBrute – SQL Injection Brute Force Tool - 42,927 views