Archive for August, 2010

Gruyere an Web Application Exploits and Defenses

3

Want to beat the hackers at their own game?

  • Learn how hackers find security vulnerabilities!
  • Learn how hackers exploit web applications!
  • Learn how to stop them!

This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you’ll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you’ll learn the following:

  • How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
  • How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.

To get the most out of this lab, you should have some familiarity with how a web application works (e.g., general knowledge of HTML, templates, cookies, AJAX, etc.).

Project  : http://google-gruyere.appspot.com/

Two methodologies for physical penetration testing using social engineering

1

below are Two methodologies for which describes how to conduct physical penetration testing using-social-engineering.

http://whitepapers.hackerjournals.com/wp-content/uploads/2010/07/Two-methodologies-for-physical-penetration-testing-using-social-engineering.pdf

 

Detecting and exploiting XSS injections using XSSer Tool

3

what is XSSer

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications.

we will test this tool on the http://testasp.vulnweb.com/ vulnerable site.

how to use this too

  1. root@punter:/pentest/web# $ svn co https://xsser.svn.sourceforge.net/svnroot/xsser xsser
  2. root@punter:/pentest/web# cd xsser
  3. root@punter:/pentest/web/xsser# python XSSer.py -u “http://testasp.vulnweb.com” -g “Search.asp?tfSearch=” –proxy “http://127.0.0.1:8118″ –referer “666.666.666.666” –user-agent “correct audit” –Fuzz -s
  4. below are the results

see the above results which is marked with blue and the attack URl we will test the results manually to confirm the XSS vulnerability chk the below screenshot

This Tool Works Perfectly finding XSS using the Automation Process

SAP Penetration Testing Video and Slides by Mariano Nunez Di Croce

5

SAP stands for Systems, Applications and Products in Data Processing, and is the world’s fourth largest software enterprise. SAP is headquartered out of Germany and is best known for its Enterprise Resource Planning (ERP) software which has deployments in over 41,000 companies around the world. Mariano’s presentation is very in-depth and starts with basics of a SAP installation and slowly builds on the various security vulnerabilities which exist and then moves on to how to exploit them while pentesting. He also discusses the open source tool Sapyto, which he maintains and distributes.

Detail Video on Testing SAP Applications

http://www.securitytube.net/SAP-Pene…%29-video.aspx

Slides from Mariano’s Blackhat presentation
http://www.blackhat.com/presentation…ing-slides.pdf

Find Websites Located on the Same Web Server

5

Below are the  links and tools will find ur neighbours(websites) hosted on the same sever,this will help us while doing Pentest on Web Application,bcz running scanner without seeing what other webistes are hosted on theserver some times leads to DOS on the server and all websites will be down.so chk  and tuneup ur scanner based on the requirements.

  1. http://www.yougetsignal.com/tools/web-sites-on-web-server/
  2. Get the IP adress of the website or server then go to www.bing.com and type IP:127.0.0.1(Server IP address) and search bing will do a lookup and show the results of all the websites located on the same server.
  3. Serverchk.py http://packetstormsecurity.org/UNIX/scanners/serverchk.rar
  4. http://www.my-ip-neighbors.com/

5.      If you’re using Linux then bing-ip2hosts also does this.

$ ./bing-ip2hosts www.websitename.com

U Can Download from here http://www.morningstarsecurity.com/research/bing-ip2hosts

DotDotPwn v1.0 Directory Traversal Scanner tool

1

Tool Intro:

  1. Detects Directory traversal vulnerabilities on remote HTTP/FTP server systems.
  2. Currently, the traversal database holds 881 attack payloads. Use the -update flag to perform an online fresh update.
  3. DotDotPwn checks the presence of boot.ini on the vulnerable systems through Directory traversal vulnerabilities, so it’s assumed that the tested systems are
  4. Windows based HTTP/FTP servers.

How to use

It requires perl with HTTP module

root@punter:/pentest/web# wget http://chr1x.sectester.net/toolz/ddpwn/ddpwn.tar.gz

root@punter:/pentest/web#tar -xvf ddpwn.tar.gz

root@punter:/pentest/web# perl -MCPAN -e ‘install HTTP::Lite’
root@punter:/pentest/web# ./ddpwn.pl -http 192.168.0.103

Project :http://chr1x.sectester.net/toolz/ddpwn/

How Shall I learn Exploitation Techniques From Bond

0

below is the Links and Guides Tels about How to learn Exploitation Techniques this Guide is writtn by (Aka Bond)

Hello Everyone!

I believe the question been asked in the Subject falls under the same category when a newbie asks “How Shall I learn Hacking Techniques?”.

Here is an attempt to share with you all few tips and guidelines to begin the Exploitation venture.
* Possibility is high that many geeks here would not agree fully with me, but that’s the beauty of hacking domain…everyone learns in his own way!

1. Do I need to know programming?: It’s always good to have programming experience in hacking domain. Same applies to exploitation techniques as well, but not mandatory. Even without having programming experience you would be able to climb up few ladders.

But to reach at a good level, you definitely need to learn programming.
Reason: Who will find the vulnerability for you at the first stage?
Answer: Fuzzing tools, Source code review, Reverse Engineering.

Out of above stated 3 techniques to find vulnerabilities, only Fuzzing using available tools is the option for those who can not code. Moreover later on you’ll find that available fuzzing tools are not meeting your requirements and you need to code something of your own!

Conclusion: Programming skills are mandatory to become a good vulnerability researcher and exploit developer. Btw, now-a-days Python is hackers first choice. C, Perl are other few choices.

2. OK, anyways I wish to taste the exploitation techniques:

a) Do I need to know assembly? Oh man that scares me!!!

Here I would seriously suggest to learn basic 8086 Assembly programming if you wanna go a long way learning exploitation techniques. If you simple wish to somehow manage to list your name once on some exploit database site, don’t learn assembly.

Reason: Don’t you consider “shellcode” to be a part of exploit? Yeah I agree that metasploit is the best to generate them but it’s all shellcodes get detected by AV’s.
Knowledge of assembly programming would help you in the following:
1. Coding your own shellcodes, be them the simple ones of polymorphic shellcodes.
2. Disassembling codes
3. Reverse Engineering
4. To get an inside view of how programs work, the state of registers, memory, stack, heap at the every step of flow of your program. And believe me, analyzing registers, stack, memory etc. is the most fascinating part.

Enough being said to justify the points, lets proceed with the resource you should grab and start with in sequence:
1. Assembly for Hackers Primer Video Series by Vivek Ramachandran

The best series to start with to build up basics. It covers the following:
a) Basics of registers, stack, memory etc
b) Basics of using GDB (GNU DeBugger)
c) Basics of the program flow and how the program execution effects the state of registers, stack etc.
d) Basics of stack over flow exploits etc.
Grab it from security tube.

2. Programming from the Ground Up – by Jonathan Bartlett

Reading first 100 pages serve the purpose and would be enough for a good start. Grab it for free on internet.
The best thing about this book is that it’s not biased towards Win32 Assembly or Linux Assembly. Instead the way the author has presented the programs/codes in this book gives you a deeper understanding of the activities (state of stack, registers) going on behind the curtains.
Here I would like to mention that most of the tutorials you’ll find on Win32 Assembly focuses on the development of GUI programs on windows and not on the internal state of various memory components

3. Being covered the first two steps, you can proceed either with developing shellcode techniques or exploitation techniques.

For both of them you need to follow a deep rabbit hole.

I would like to list down few good resources for them:
a) Exploitation Techniques series by Peter Van Eeckhoutte. An awesome series of tutorials which are easy to understand and practice with.
http://www.corelan.be:8800/index.php/articles/

b) The Art of Exploitation Part 1 and Part 2

c) The Shellcoders Handbook Part 1 and Part 2

d) Past, Present, Future of Windows Exploitation
http://www.abysssec.com/blog/2010/05…-exploitation/ is a good resource of all the famous/popular and good articles on exploitation.

e) From 0x90 to 0x4c454554, a journey into exploitation.
Awesome Resoucres from scratch to Dive Deeper in rabbit hole to Learn Exploitation (Suggested by Punter).

http://myne-us.blogspot.com/2010/08/…rney-into.html

f) Smashing the Stack in 2010 (Suggested by Punter)
http://5d4a.wordpress.com/2010/08/02…stack-in-2010/

The links and sources would never end and hence we would keep on adding them.

So do you dare to exploit now!

Remember: “Everyone Starts from Scratch”

Practical Lock Picking: A Physical Penetration Tester’s Training Guide

0

Description

For the first time, Deviant Ollam, one of the security industry’s best-known lockpicking teachers, has assembled an instructional manual geared specifically toward penetration testers. Unlike other texts on the subject (which tend to be either massive volumes detailing every conceivable style of lock or brief “spy manuals” that only skim the surface) this book is for INFOSEC professionals that need essential, core knowledge of lockpicking and seek the ability to open most locks with relative ease.

Deviant’s material is presented with rich, detailed diagrams and is offered in easy-to-follow lessons which allow even beginners to acquire the knowledge very quickly. Everything from straightforward lockpicking to quick-entry techniques like shimming, bumping, and bypassing is explained and shown.Whether you’re being hired to penetrate security or simply trying to harden your own defenses, this book is essential.

http://www.syngress.com/hacking-and-penetration-testing/Practical-Lock-Picking/

Smashing the stack in 2010

0

since the AlephOne article on Smashing the stack there were not updated threats on latest bufferoverflow now Smashing the stack in 2010 has been out chk out here http://5d4a.wordpress.com/2010/08/02/smashing-the-stack-in-2010/

Diving deeper down the rabbit hole for Learning Exploitation

0

Below is the  link which guides u to Start Learning Exploitation ,The Author has Given complete details on books,Tutorials to Start Learn Exploit Writing.

http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html

Go to Top