Archive | December, 2009

FindDomains v0.1.1 Released – Discover Domains/Sites/Hosts


FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses. Provides a console interface so you can easily integrate this tool to your pentest automation system.

It retrieves domain names/web sites which are located on specified ip address/hostname.

In order to use FindDomains you need to:

  1. Create an appid from “Bing Developers” at this link.
  2. It’ll be like that : 32AFB589D1C8B4FEC73D4BCB6EA0AD810E0FA2C7
  3. When you have registered an appid, enter it to the “appid.txt” which is in the program directory.

Features

  • Uses Bing search engine. Works with first 1000 records.
  • Multithreaded on crawling and DNS resolution.
  • Performs DNS resolution for extracted domains to eleminate cached/old records.
  • Has a console interface so it can be very useful with some command-line foo.
  • Works with Mono. But running under Windows is more efficient.

Sample usage

Requirements

  • .NET Framework 3.5. Also working with Mono.

You can dowload FindDomains v.0.1.1 here:

FindDomainsv0.1.1.rar

Or read more here.

Posted in: Hacking Tools, Privacy, Web Hacking

Topic: Hacking Tools, Privacy, Web Hacking


Latest Posts:


ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.


Microsoft IIS Semicolon Bug Leaves Servers Vulnerable


The latest news breaking over the Christmas period is that of a fairly serious bug in IIS that allows local file inclusion (LFI) of any filetype due a bug in the way IIS filters handle semicolons (;).

Secunia has confirmed the vulnerability “on a fully patched Windows Server 2003 R2 SP2 running Microsoft IIS version 6. Other versions may also be affected”.

Although oddly it only classifies the bug as “Less critical” – basically a 2/5 on their threat scale.

A researcher has identified a vulnerability in the most recent version of Microsoft’s Internet Information Services that allows attackers to execute malicious code on machines running the popular webserver.

The bug stems from the way IIS parses file names with colons or semicolons in them, according to researcher Soroush Dalili. Many web applications are configured to reject uploads that contain executable files, such as active server pages, which often carry the extension “.asp.” By appending “;.jpg” or other benign file extensions to a malicious file, attackers can bypass such filters and potentially trick a server into running the malware.

There appears to be some disagreement over the severity of the bug, which Dalili said affects all versions of IIS. While he rated it “highly critical,” vulnerability tracker Secunia classified it as “less critical,” which is only the second notch on its five-tier severity rating scale.

It’s a pretty nasty bug if you ask me, it means any CMS, forum software or gallery page where users are allowed to upload files (running on IIS) can be owned by a webshell without any effort at all.

Even if an app doesn’t allow native uploading, LFI can now be executed using another exploit and it will bypass any filtering IIS provides against executable files such as .asp scripts.

I don’t really see how this bug is “Less critical” – I’d imagine there’s some mass pwnage going around the World right now.

“Impact of this vulnerability is absolutely high as an attacker can bypass file extension protections by using a semicolon after an executable extension such as ‘.asp,’ ‘.cer,’ ‘.asa’ and so on,” Dalili wrote. “Many web applications are vulnerable against file uploading attacks because of this weakness of IIS.”

In an email to El Reg, Dalili offered the following attack scenario:

“Assume a website which only accepts JPG files as the users’ avatars. And the users can upload their avatars on the server. Now an attacker tries to upload “Avatar.asp;.jpg” on the server. Web application considers this file as a JPG file. So, this file has the permission to be uploaded on the server. But when the attacker opens the uploaded file, IIS considers this file as an ASP file and tries to execute it by ‘asp.dll.’

“So, the attacker can upload a web-shell on the server by using this method. Most of the uploaders only control the last part of the files as their extensions, and by using this method, their protection will be bypassed.”

Microsoft as per usual is ‘looking into it’ – I would guess within a week or so users will be screaming for a patch in the next round of updates planned for January if not sooner.

Although if you are using IIS, I wouldn’t hold your breath for an out of schedule patch – we all know what Microsoft thinks of those.

Source: The Register

Posted in: Exploits/Vulnerabilities, Web Hacking, Windows Hacking

Topic: Exploits/Vulnerabilities, Web Hacking, Windows Hacking


Latest Posts:


ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.


Merry Christmas 2009


I’d just like to take this opportunity to wish you all a merry xmas 2009, enjoy the festive season and I hope santa brought you whatever nifty gadgets you wished for.

Posted in: Site News

Topic: Site News


Latest Posts:


ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.


hostmap 0.2 – Automatic Hostname & Virtual Hosts Discovery Tool


hostmap is a free, automatic, hostnames and virtual hosts discovery tool written in Ruby, licensed under GNU General Public License version 3 (GPLv3). Its goal is to enumerate all hostnames and configured virtual hosts on an IP address. The primary users of hostmap are professionals performing vulnerability assessments and penetration tests.

hostmap helps you using several techniques to enumerate all the hostnames associated with an IP address.

Features

  • DNS names and virtual hosts enumeration
  • Multiple discovery techniques, to read more see documentation.
  • Results correlation, aggregation and normalization
  • Multithreaded and event based engine
  • Platform independent

Changes/New Features in v0.2

  • Fully refactored and rewritten in Ruby.
  • User requested interrupt (CTRL+C) now is handled.
  • Added Rakefile to automatize task. For example readme and API documentation rebuilding.
  • Changed info gathering plugin architecture. Now using PlugMan library.
  • Added some host names to brute forcing dictionaries.
  • Added parsing of alternate subject (subjectAltName) from X.509 certificates.
  • Added info gathering plugin using dnshistory.org.
  • Added wildcard domains detection.
  • Added wildcard X.509 certificate detection.
  • Added -d option to use a user supplied list of DNS servers
  • Added blacklist for second level TLD (for example co.uk) detection.
  • Added an enumeration plugin to use Microsoft Bing via API. API key must be provided in configuration file.
  • Added a configuration file (hostmap.conf) to keep user settings.
  • Added option –http-ports to specify the ports to check for an HTTP/HTTPS service.

You can see the complete list of changes here.

The user manual is available here – README.pdf [PDF]

You can download hostmap 0.2 here:

hostmap-0.2.tar.gz

Or read more here.

Posted in: Hacking Tools, Networking Hacking, Web Hacking

Topic: Hacking Tools, Networking Hacking, Web Hacking


Latest Posts:


ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.


Brittany Murphy Dies & Scareware Scammers Strike


It seems to be a trend now, whenever someone famous dies some kind of malware or phishing scam will pop up playing on their death with the usual social engineering aspect.

The most memorable one recently of course was the passing of The King of Pop – Michael Jackson

The latest one is Brittany Murphy who passed away last Sunday, search results lead users to fake anti-virus products labeled as ‘scareware’ tactics.

Actress Brittany Murphy’s sudden death, just like Michael Jackson’s untimely demise before her, has quickly been exploited by scareware scammers.

A spike in searches on Murphy’s death has been taken as a theme for Black Hat SEO attacks, designed to push sites that have been hacked to redirect surfers to scareware portals into prominence in search engine results.

Windows users who click on links to poisoned search results get exposed to a fake anti-virus scan, designed to frighten users into buying rogue security software of little or no utility.

They have to act fast of course to get their results ranking at the top during the aftermath of a celebrity death.

For most tech-savvy users I don’t think it would be much of an issue, but for the average joe it seems they are fairly gullible when it comes to promises of anti-viral solutions.

Net security firm F-Secure, which has a full write-up of the attack here, detects the strain of scareware involved in the attack as Fakevimes-T. More detail on how search results were poisoned can be found in a blog posting be WebSense here.

Murphy, who starred in movies including 8 Mile, Sin City and Spun died on Sunday, 20 December after collapsing at her LA home. She was only 32. The precise cause of death is yet to be determined but an autopsy is planned. ®

It’s a sad event nevertheless and I hope the news doesn’t come out that yet another celebrity died from a drug overdose.

It has been rumoured that Brittany Murphy used drugs due to intense Hollywood pressure to maintain her slim stature.

Oh well, Merry Christmas indeed!

Source: The Register

Posted in: Malware, Social Engineering, Spammers & Scammers

Topic: Malware, Social Engineering, Spammers & Scammers


Latest Posts:


ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.


PDFResurrect v0.9 Released – PDF Analysis and Scrubbing Utility


PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions.

This tool can also “scrub” or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.

Release Notes

v0.9 is a bug fix release and addresses the gathering of data (within limit) for the Creator MetaData at the end of a PDF. The previous version would stop prematurely, or possibly get too much info (in certain cases).

You can download PDFResurrect v0.9 here:

pdfresurrect-v0_9.tar.gz

Or read more here.

Posted in: Hacking Tools, Privacy

Topic: Hacking Tools, Privacy


Latest Posts:


ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.