29.10.2009 von matti.

http://www.icann.org/en/topics/new-gtlds/high-security-zone-verification-04oct09-en.pdf

Somehow this idea sticks now around for a few years now. I think I first read about it 2 years ago.

This is just a typical example of a decision making process involving too many parties.

I think the Internet should be ruled by one person who is not interested in ruling of the Internet at all.

Douglas Adams had the idea for the whole galaxy so this should also work for the Internet.

Geschrieben in link | Drucken | Keine Kommentare »

29.10.2009 von matti.

http://www.us-cert.gov/current/index.html#blackberry_phonesnoop_application_used_to

here in full:

BlackBerry PhoneSnoop Application Used to Spy on Users
added October 27, 2009 at 11:59 am

US-CERT is aware of public reports of a new software application called PhoneSnoop. This software allows an attacker to call a user’s BlackBerry and listen to personal conversations. In order to install and setup the PhoneSnoop application, attackers must have physical access to the user’s device or convince a user to install PhoneSnoop.

US-CERT encourages users to only download BlackBerry applications from trusted sources and to password protect and lock BlackBerry devices.

Geschrieben in link, general | Drucken | Keine Kommentare »

27.10.2009 von matti.

http://www.offensive-security.com/metasploit-unleashed/

And do not forget to donate for HFC!!!

Geschrieben in link, hacking | Drucken | Keine Kommentare »

24.10.2009 von matti.

http://i8jesus.com/?p=10

and for some help on the exploiting side of things:

 http://www.businessinfo.co.uk/labs/hackvertor/hackvertor.php

Geschrieben in general | Drucken | Keine Kommentare »

22.10.2009 von matti.

http://www.packetstormsecurity.org/assess/exploits/

http://www.milw0rm.com/

http://www.securiteam.com/exploits/

http://www.securityfocus.com/vulnerabilities

http://www.securityforest.com/cgi-bin/viewcvs.cgi/ExploitTree/

http://securityvulns.com/exploits/

http://osvdb.org/

http://www.vupen.com/english/security-advisories/

http://www.red-database-security.com/exploits/oracle_exploits.html

http://www.joomlaexploit.com/

Geschrieben in link, hacking | Drucken | Keine Kommentare »

22.10.2009 von matti.

I saw a post on mumbix blog and on http://cktricky.blogspot.com/2009/10/btod-importing-nikto-db-to-intruder.html. Basically it is about how to extract nikto db in a file to load into burp. Whilst the extracting is nice:

cat /pentest/web/nikto/plugins/db_tests | awk -F “,” ‘{print $4}’ | sed ’s/^\”*//;s/\”$//’ | sed ’s/^\@CGIDIRS//;s/\@ADMIN//;s/^\@NUKE//;s/^\@POSTNUKE//;s/^\@PHPMYADMIN//’ | sed ’s/^\///’ > ~/nikto_burp.txt

(My version would probably be more like this:

cat db_tests | cut -d “,” -f 4 | sed s/^\”//g | sed s/\”$//g | grep -Ev “^@” > file.txt )

my point is that I do not get it at all. I might understand running nikto via Burp to save a complete logfile in one place but that is it. If I want to change the nikto headers so I will do so in the source code. So why would I load test for files being present on the web server into Burp if nikto already does it? It is not that I would start to use Intruder to search such things…

Any suggestions?

Geschrieben in hacking | Drucken | 6 Kommentare »

21.10.2009 von matti.

http://www.metasploit.com/home/faq

Geschrieben in general | Drucken | Keine Kommentare »

20.10.2009 von matti.

http://releases.portswigger.net/2009/10/v1217.html -> XML export -> http://dradisframework.org/

Geschrieben in link, hacking | Drucken | Keine Kommentare »

20.10.2009 von matti.

Most of the firewalls today are actually doing a rather good job. Unfortunately (well this depends on the point of view) some firewall administrators are not. But they should not get all the blame. It might also be that other administrators did not secure there servers, e.g. guys responsible for DNS.

So here is something I need reminding of from time to time.

DNS outbound is most of the time enabled through the firewall but just for UDP. So but by default, if you want to test for a zone transfer, you need TCP to be enabled. Does this mean that zone transfers are not possible because the DNS server is secured or because the firewall blocked you?

Well basically you would try something like this during an assessment:

dig @nameserver.domain domain axfr

So let us go change this a little bit by using an extra flag so that we might be able to do a zone transfer via UDP:

dig @nameserver.domain domain axfr +notcp

There is only one little further thing we might need to think about. So when the request would result in a big reply the DNS server would switch back to TCP. And we would be where we started.

So but maybe we could do something to reduce the packet, something like an incremental zone transfer:

dig @nameserver.domain domain ixfr=serialnumber +notcp

Ok the problem would be the serial number. You would need to send an older version to the server and see that it replies with difference between the old version and the new one. This might result in quite a view requests. But it might not be that bad as the structure is always the same: date+time and you need to do an educated guess how often there will be updates…

Geschrieben in hacking | Drucken | Keine Kommentare »

19.10.2009 von faintdreams.

Having recently been forced to migrate back to using Windows, I feel compelled to comment on Microsoft’s new ‘Security Enhancements’ in the Vista and Windows 7 OS.

Upon starting a Computing MSc I was dismayed to find out that the first trimester was windows- centric. Running a virtual machine under OSX on my Macbook was not practical (due to speed and HDD space concerns) and so I opted for a new lightweight Toshiba laptop to be my course workhorse.

For a non Linux machine, Vista (or nothing) were the OS choices I had and so reluctantly I opted for Vista - with a Windows 7 upgrade to follow as soon as that is available. Little did I know what I was letting myself in for.

The ‘User Access Control’ (UAC) in windows is useless - why? Because it is so intrusive as a piece of security software that I can only liken it to having to unlock 15 deadbolts, AND entering a safe combination every time you want to go through a door, or open a window inside your own house.

To fully understand how irritating it is to use ANY application under Vista with UAC turned on, let me explain that the previous example includes EVERY door / window in your house. You HAVE to shut each door / window behind you when you change rooms, and EVERY time you open a door you have to unlock all fifteen of the deadbolts AGAIN. Imagine your house is somewhat sentient, so ideally you want to say to your house “I have been to the toilet today. I do not wish to unlock the toilet door EVERY time I need to use it. I wish to authorise the door to stay open as long as the sensors see ME either entering or leaving the room.” “NO.” says your house, “I will not allow you to designate security passes to ANY of the doors. I will force you to lock and unlock EVERY DOOR, during EVERY INSTANCE OF USE. You can either authorise EVERY door / window for every instance of use, EVERY TIME or you have to leave all the doors / windows open to everyone ALL THE TIME.

Any sane person would just switch off the house security protocols and leave every door open all the time - right? WRONG.

What you want to do to keep your house secure is make sure that the front door and the windows are shut by default and only THOSE SPECIFIC INSTANCES of holes in your house require authorisation to open, and ONLY YOU have the key. As ‘Keyholder’ you can walk around the house unmolested the rest of the time without having to worry about constantly opening doors you just walked through. Also if you get a pet, you would supposedly want your pet to be able to walk unfettered from room to room, but not walk out the front door, or jump out of the windows.

I may be stretching the point somewhat, but in my illustration, the ‘you’ in the house is the logged on Administrative user, the doors / windows are pre-installed (or pre-approved) windows applications and the pet represents any third party applications you install.

Perhaps I am just being dense, but my google-fu fails me when it comes to ways to authorise individual Apps under the UAC tool.

So in essence I am reduced to leaving all my doors and windows open in order to do anything, and that is far from secure.

Geschrieben in opinion | Drucken | Keine Kommentare »