Archive | March, 2009

Microsoft Open Source Security Tool – !exploitable Crash Analyzer

The New Acunetix V12 Engine


Finally Microsoft is doing something proactive and perhaps even slightly ahead of the game, a real game-change for the security community.

They have released a new AND open-source tool to make debugging easier, it gives developers a lot of help during the release cycle to build more secure software. Mostly because it takes the legwork and labour intensive tasks and semi-automates them leaving the developer to concentrate on more important stuff.

At least something from Microsoft we can applaud!

Microsoft on Friday released an open-source program designed to streamline the labor-intensive process of identifying security vulnerabilities in software while it’s still under development.

As its name suggests, !exploitable Crash Analyzer (pronounced “bang exploitable crash analyzer”) combs through bugs that cause a program to seize up, and assesses the likelihood of them being exploited by attackers. Dan Kaminsky, a well-known security expert who also provides consulting services to Microsoft, hailed the release a “game changer” because it provides a reliable way for developers to sort through thousands of bugs to identify the several dozen that pose the greatest risk.

“Microsoft has taken years of difficulties with security vulnerabilities and really condensed that experience down to a repeatable tool that takes a look at a crash and says ‘You better take a look at this,'” Kaminsky told The Reg. “What makes !exploitable so fascinating is that it takes at least the first level of this knowledge and packages it up into something that can be in the workflow.”

It’s a great idea, as surely there are a lot of conditions that cause an application to hang – but the majority of them will pose no security risk other than a denial of service locally (which is quite pointless). The tool will point out those bugs that are exploitable and therefore can be considered critical issues.

I hope developers harness this app and really start to produce more secure code.

Over the past five years, Microsoft has made a fair amount of progress hardening its operating systems and applications against the most-common security threats. Protections such as Address Space Layout Randomization and cross-site scripting defenses have been added to later versions of Windows and Internet Explorer, respectively. And the company has generally managed to exorcise its programs of dangerous vulnerabilities before they can be exploited by attackers.

Now, Microsoft wants to help secure third-party applications that run on top of Windows. Last year, the company released a threat-modeling tool and other resources designed to help software developers kick-start secure development lifecycle programs in their organizations. The idea was to package the security experience Microsoft has attained so it can serve as a sort of template for other companies.

The release of !exploitable, which was announced at the CanSecWest security conference in Vancouver, British Columbia, is a continuation of that effort. It’s a Windows debugger extension that’s used during fuzz testing, when testers test the stability and security of an application by throwing unexpected data at it.

The tool creates hashes to ensure each crash is unique then rates them according to how exploitable it is – Exploitable, Probably Exploitable, Probably Not Exploitable or Unknown.

There is currently an x86 and an x64 version availalble.

As wisely said, it’s about the signal to noise ratio and this tool can really help you weed out the noise and get to the important issues.

You can download the application here:

!exploitable Crash Analyzer – MSEC Debugger Extensions

Source: The Register

Posted in: Countermeasures, Exploits/Vulnerabilities, Secure Coding, Security Software

Topic: Countermeasures, Exploits/Vulnerabilities, Secure Coding, Security Software


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Deblaze – Remote Method Enumeration Tool For Flex Servers

Use Netsparker


Through the use of the Flex programming model and the ActionScript language, Flash Remoting was born. Flash applications can make request to a remote server to call server side functions, such as looking up accounts, retrieving additional data and graphics, and performing complex business operations. However, the ability to call remote methods also increases the attack surface exposed by these applications.

This tool will allow you to perform method enumeration and interrogation against flash remoting end points.

Deblaze came about as a necessity during a few security assessments of flash based websites that made heavy use of flash remoting. The author needed something to give him the ability to dig a little deeper into the technology and identify security holes. On all of the servers he’d seen so far the names are not case sensitive, making it much easier to bruteforce. Often times HTTP POST requests won’t be logged by the server, so bruteforcing may go unnoticed on poorly monitored systems.

Deblaze provides the following functionality:

  • Brute Force Service and Method Names
  • Method Interrogation
  • Flex Technology Fingerprinting

There are several ways to determine and access exposed methods:

  • Decompile SWF and search for remoting calls
  • Watch network traffic for service and method names
  • Dictionary attack against service and methods

You can download Deblaze here:

deblaze.tar.gz

Or read more here.

Posted in: Hacking Tools, Web Hacking

Topic: Hacking Tools, Web Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Israel Hacker ‘The Analyzer’ Steals Over $10 Million USD

The New Acunetix V12 Engine


It’s seems like a new hacker is in the sights of the US Government, this time it’s Ehud Tenenbaum AKA ‘The Analyzer’.

He seems to have been quite sloppy about covering his tracks and remaining under the radar, he acts as if no-one can get him. Perhaps he knows something we don’t?

Anyway he’s firmly under investigation now having first popped onto the radar 10 years at the age of 19 for hacking into Pentagon computers.

Ehud Tenenbaum, an Israeli hacker arrested in Canada last year for allegedly stealing about $1.5 million from Canadian banks, also allegedly hacked two U.S. banks, a credit and debit card distribution company and a payment processor in what U.S. authorities are calling a global “cashout” conspiracy.

The U.S. hacks have resulted in at least $10 million in losses, according to court records obtained by Threat Level, and are just part of a larger international conspiracy to hack financial institutions in the United States and abroad.

The broadened case highlights the continued vulnerability of U.S. financial networks to cybercrime, despite supposedly tight industry security standards. It comes on the heels of other multimillion-dollar heists that also breached the security protecting ATM codes and account information. In late 2007, criminals used four hacked iWire payroll cards to steal $5 million from ATMs around the world in just two days. Shortly thereafter, a processing server that handles withdrawals from Citibank-branded ATMs at 7-Eleven convenience stores was cracked, leading crooks to converge on New York to withdraw at least $2 million from Citibank accounts using the stolen ATM data. And a carefully coordinated global heist last November resulted in a one-day haul of $9 million in cash, following a breach at payment processor RBS WorldPay.

It seems like the US banking system has some major problems, with all their self-invented, self-imposed regulations (SOX, PCI, ISO27001 etc.) you’d think they would be more secure.

Obviously all these regulations and reams of paperwork are just making things worse, burying problems under tonnes of dead trees really doesn’t help.

It’s a very International crime network with participants all over the World including Dutch servers and hackers in Russia and Turkey.

According to the affidavit, in October 2007, the United States Secret Service began investigating “an international conspiracy” to hack into computer networks of U.S. financial institutions and other businesses. As part of that investigation, agents examined network intrusions that occurred in January and February 2008 at OmniAmerican Credit Union, based in Fort Worth, Texas, and Global Cash Card of Irvine, California, a distributor of prepaid debit cards used primarily for payroll payments.

In both cases, the attacker gained access using a SQL injection attack that exploited a vulnerability in the company’s database software. The attacker grabbed credit and debit card numbers that were then used by thieves in several countries to withdraw more than $1 million from ATMs.

In April and May 2008, agents investigated two additional hacks at 1st Source Bank in Indiana, and at Symmetrex, a prepaid debit card processor based in Florida. The intruder again used a SQL injection attack, and losses added up to more than $3 million.

It seems like this might have been going on for some time, he managed to pull similar stunts in both Canada and the US and perhaps even Greece too.

I wonder where he is now, and where he’s going to hit next. Or perhaps he won’t, he must have plenty of cash to lay low in some country with no extradition treaty with the US.

Do read the whole article as it’s very interesting.

Source: Wired Blog

Posted in: Hacking News, Legal Issues

Topic: Hacking News, Legal Issues


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


ProxyStrike v2.1 Released – Active Web Application Proxy Tool

Use Netsparker


In April last year we wrote about ProxyStrike, recently the developer has released a couple of new versions – the latest being v2.1.

ProxyStrike is an active Web Application Proxy, is a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that depends heavily on Javascript, not many web scanners did it good in this stage, so we came with this proxy.

Right now it has available SQL injection and XSS modules. Both modules are designed to catch as many vulnerabilities as we can, it’s that why the SQL Injection module is a Python port of the great DarkRaver “Sqlibf”.

The process is very simple, ProxyStrike runs like a passive proxy listening in port 8008 by default, so you have to browse the desired web site setting your browser to use ProxyStrike as a proxy, and ProxyStrike will analyze all the paremeters in background mode. For the user is a passive proxy because you won’t see any different in the behaviour of the application, but in the background is very active.

Features

  • Plugin engine (Create your own plugins!)
  • Request interceptor
  • Request diffing
  • Request repeater
  • Automatic crawl process
  • Save/restore session
  • HTTP request/response history
  • Request parameter stats
  • Request parameter values stats
  • Request URL parameter signing and header field signing
  • Use of an alternate proxy (tor for example)
  • Attack logs
  • Export results to HTML or XML
  • SQL attacks (plugin)
  • Server Side Includes (plugin)
  • XSS attacks (plugin)

You can download ProxyStrike v2.1 here:

ProxyStrike-v2.1.zip (Windows)
proxystrike-2.1.tar.bz2 (Linux)

Or read more here.

Posted in: Hacking Tools, Networking Hacking, Web Hacking

Topic: Hacking Tools, Networking Hacking, Web Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Charlie Miller Does It Again At PWN2OWN

The New Acunetix V12 Engine


You right remember in March last year we posted about Charlie Miller at the PWN2OWN contest owning the MacBook Air in under 2 minutes.

Guess what? He’s done it again! This time though he’s even faster clocking in at under 10 seconds. No one else stood a chance. He walked off with the prize again, $5000 and the MacBook that he hacked.

Of course he wrote the exploit before hand, but still impressive!

Charlie Miller, a security researcher who hacked a Macintosh in two minutes last year at CanSecWest’s PWN2OWN contest, improved his time today by breaking into another Macintosh in under 10 seconds.

Miller, an analyst at Independent Security Evaluators in Baltimore, walked off with a $5,000 cash prize and the MacBook he hacked.

“I can’t talk about the details of the vulnerability, but it was a Mac, fully patched, with Safari, fully patched,” said Miller on Wednesday, not long after he had won the prize. “It probably took five or 10 seconds.” He confirmed that he had researched and written the exploit before he arrived at the challenge.

It guess it might be a Safari exploit, but I guess if you keep your ears open you’ll hear about it soon enough.

I wonder if he’ll be able to pull the same trick again next year, with his record so far I’d say it wouldn’t be a large stretch of imagination.

The PWN2OWN rules stated that the researcher could provide a URL that hosted his exploit, replicating the common hacker tactic of enticing users to malicious sites where they are infected with malware. “I gave them the link, they clicked on it, and that was it,” said Miller. “I did a few things to show that I had full control of the Mac.”

Two weeks ago, Miller predicted that Safari running on the Macintosh would be the first to fall.

PWN2OWN’s sponsor, 3Com Corp.’s TippingPoint unit, paid Miller $5,000 for the rights to the vulnerability he exploited and the exploit code he used. As it has at past challenges, it reported the vulnerability to on-site Apple representatives. “Apple has it, and they’re working on it,” added Miller.

Interestingly another researcher later broke into a Sony laptop that was running Windows 7 by exploiting a vulnerability in Internet Explorer 8. So Safari and IE8 both fell!

What with all the claims from Microsoft that IE8 is so secure…I guess that pissed on their bonfire didn’t it?

This year’s PWN2OWN also has a section for mobile operating systems, the prize is larger too at $10,000. If you want to join you can have a crack at Windows Mobile, Google’s Android, Symbian, and the operating systems used by the iPhone and BlackBerry.

Source: Computer World (Thanks Navin)

Posted in: Apple, Exploits/Vulnerabilities

Topic: Apple, Exploits/Vulnerabilities


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


sqlsus 0.2 Released – MySQL Injection & Takeover Tool

The New Acunetix V12 Engine


sqlsus is an open source MySQL injection and takeover tool, written in perl.

Via a command line interface that mimics a mysql console, you can retrieve the database structure, inject a SQL query, download files from the web server, upload and control a backdoor, and much more…

It is designed to maximize the amount of data gathered per web server hit, making the best use of MySQL functions to optimize the available injection space.

sqlsus is focused on PHP/MySQL installations, and integrates some neat features, some of them being really specific to this DBMS.

It is not and won’t ever be a SQL injection scanner, it starts its job on the next step.

Both quoted and numeric injections are supported.

All quoted texts can be translated as their hex equivalent (eg : “sqlsus” will become 0x73716c737573)

sqlsus also supports these 2 scenarios of injection :

  • sighted : the result of the request will be in the HTML returned by the web server
  • blind : when you can’t see the result of the request directly

Support for GET and POST parameters injections.

Support for HTTP proxy and HTTP simple authentication.

Full logging support of your queries and the answers, allowing you to recall a command and its cached answer, even in a later re-use of the session.

Key variables can be edited on the fly, saved per session, and can be loaded in a later session on the same target server.

Requirements

On a Debian system, in addition to perl, you will need the following packages :

  • libterm-readline-perl-perl
  • libipc-shareable-perl
  • libwww-mechanize-perl

It also requires previous SQL injection knowledge, and.. well.. a brain helps.

You can download sqlsus 0.2 here:

sqlsus-0.2.tgz

Or read more here.

Posted in: Database Hacking, Hacking Tools, Web Hacking

Topic: Database Hacking, Hacking Tools, Web Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.