Wednesday, August 31, 2011

WebSurgery – Web Application Security Testing Suite

WebSurgery is a suite of tools for security testing of web applications. It was designed for security auditors to help them with the web application planning and exploitation. Currently, it uses an efficient, fast and stable Web Crawler, File/Dir Brute forcer, Fuzzer for advanced exploitation of known and unusual vulnerabilities such as SQL Injection, Cross site scripting (XSS), Brute force for login forms, identification of firewall-filtered rules, DOS Attacks and WEB Proxy to analyze, intercept and manipulate the traffic between your browser and the target web application.

WEB Crawler

WEB Crawler was designed to be fast, accurate, stable, completely parametrable and the use of advanced techniques to extract links from Javascript and HTML Tags. It works with parametrable timing settings (Timeout, Threading, Max Data Size, Retries) and a number of rules parameters to prevent infinitive loops and pointless scanning (Case Sensitive, Dir Depth, Process Above/Below, Submit Forms, Fetch Indexes/Sitemaps, Max Requests per File/Script Parameters). It is also possible to apply custom headers (user agent, cookies etc) and Include/Exclude Filters. WEB Crawler come with an embedded File/Dir Brute Forcer which helps to directly brute force for files/dirs in the directories found from crawling.

WEB Bruteforcer

WEB Bruteforcer is a brute forcer for files and directories within the web application which helps to identify the hidden structure. It is also multi-threaded and completely parametrable for timing settings (Timeout, Threading, Max Data Size, Retries) and rules (Headers, Base Dir, Brute force Dirs/Files, Recursive, File’s Extension, Send GET/HEAD, Follow Redirects, Process Cookies and List generator configuration).

By default, it will brute force from root / base dir recursively for both files and directories. It sends both HEAD and GET requests when it needs it (HEAD to identify if the file/dir exists and then GET to retrieve the full response).

WEB Fuzzer

WEB Fuzzer is a more advanced tool to create a number of requests based on one initial request. Fuzzer has no limits and can be used to exploit known vulnerabilities such (blind) SQL Inections and more unsual ways such identifing improper input handling, firewall/filtering rules, DOS Attacks.

WEB Editor

A simple WEB Editor to send individual requests. It also contains a HEX Editor for more advanced requests.

WEB Proxy

WEB Proxy is a proxy server running locally and will allow you to analyze, intercept and manipulate HTTP/HTTPS requests coming from your browser or other application which support proxies.
You can download WebSurgery here:

Setup – setup.msi

Portable – websurgery.zip Or read more here.

Thursday, August 25, 2011

BackTrack 5 R1 released


We’re finally ready to release BackTrack 5 R1. This release contains over 120 bug fixes, 30 new tools and 70 tool updates. We will be rolling out some howto’s on our wiki in the next few days, such as VMWare tool installation, alternate compat-wireless setups, etc. The kernel was updated to 2.6.39.4 and includes the relevant injection patches.
As usual, please report bugs to us through our redmine ticket system for the fastest response. Don’t forget to also check our forums and wiki (will be updated in the next few days).
We are really happy with this release, and believe that as with every release, this is our best one yet. Some pesky issues such as rfkill in VMWare with rtl8187 issues have been fixed, which provides for a much more solid experience with BackTrack.

We’ve released Gnome and KDE ISO images for 32 and 64 bit (no arm this release, sorry!), as well as a VMWare image of a 32 bit Gnome install, with VMWare Tools pre-installed.
Lastly, I would like to thank the whole BackTrack team for pulling off the late nights working on this release, as well as Offensive Security for funding all of this stuff. If you need real world Penetration Testing Training – head on over to Offensive-Security and get ready for a bumpy ride!

Saturday, August 20, 2011

[Script] des.py - Data Encryption Standard

Links

Download (des.py): http://www.mediafire.com/?193ngwc7lbd9wbu


What is this?

A python script to show the process of encrypting & decrypting using "Data Encryption Standard" (DES) step by step.


Screenshot

Figure 1 - "Variable" Flowchart

DES - Figure 2 - Console output [Encryption]


DES - Figure 3 - Console output [Decryption]


Examples

python des.py

python des.py -a enc -k 02468ACE -m "HelloWord"

python des.py -a dec -k 02468ACE -m fb37a0c2d860b89630c7618b0df81564

python des.py -a enc -k 1a2b3c4d -m "Have you... g0tmi1k?" -v



References

http://www.tropsoft.com/strongenc/des.htm

http://orlingrabbe.com/des.htm



~g0tmi1k

Thanks to the g0tmi1k for this tutorial you are the man bro!

New module for Metasploit Framework

SecureState released a new auxiliary module for the Metasploit Framework that can reduce the amount of time that it takes to visually fingerprint large amounts of web servers.


During penetration tests, consultants often need to target web applications in order to find “low hanging” vulnerabilities, such as default password configurations and out of date software. This task can be very difficult on large networks that are home to many hosts with different web servers, often running on a variety of ports.


In this situation, penetration testers must often resort to running port scans and opening potential web servers in a browser one by one. This is a very time consuming and tedious task.


The new module, called "page_collector," takes a range of hosts in the typical RHOSTS fashion and checks a user-definable list of ports for web services using both HTTP and HTTPS. Each successfully identified web server then gets a corresponding iFrame in an output file.


The result is a single HTML document that, when loaded by the attacker, presents them with an easy to view list of hosts.


Using this, penetration testers can reduce the overhead usually required to find such “low hanging fruit” as Tomcat and JBoss installations, as well as generic login pages.

Dropbox for Android security bypass vulnerability

A security issue has been reported in Dropbox for Android, which can be exploited by malicious people to bypass certain security restrictions, according to Tyrone Erasmus of MWR InfoSecurity.


Android applications can communicate with each other through the exporting of program features, also known as IPC endpoints. This is defined in the AndroidManifest.xml file which is part of all installable application packages.

Any feature of an Android application can be exported, meaning that other applications can access these features and interact with the application across the sandbox. In some cases this can pose a security risk to the application exporting its features.

The issue with the Dropbox application is that the exported content provider can be leveraged by a malicious application to upload a file from the device to the linked Dropbox account without interaction from the user. It is also possible to upload the Dropbox settings and content databases using this same technique.

The settings database includes the email address, access secret and access key that could be used to access the user's Dropbox account. These files are stored in the application's data storage area which should not be accessible to any other application on the device.

However, because Dropbox is being leveraged to upload these files, that restriction is bypassed. These sensitive files can be placed in the user's Public directory, which allows them to be downloaded by anyone over the internet that has a link to these individual files.

It could also be possible for an attacker to iterate through Dropbox accounts looking for these sensitive files which have been compromised.

Workaround: Uninstall the application or update to the latest version of the Dropbox application from the Android Market.

Solution: The vulnerability was fixed in version 1.1.4.