Category: Penetration Testing

Feb 06 2012

Joomscan – Joomla Security Scanner Updated to 611 Vulnerabilities Database

JoomscanJoomscan, Joomla Security Scanner is now updated to 611 vulnerabilities database.

In Joomscan you can check for new updates with command: ./joomscan.pl check or ./joomscan.pl update

Overview:
Joomla! is probably the most widely-used CMS out there due to its flexibility, user-friendlinesss, extensibility to name a few. So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity. It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites. No web security scanner is dedicated only one CMS.

Features:

  • Exact version Probing
  • Common Joomla! based web application firewall detection
  • Searching known vulnerabilities of Joomla! and its components
  • Reporting to Text & HTML output
  • Immediate update capability via scanner or svn

Requirement:
Perl 5.6 or up

Download: joomscan-latest.zip

Dec 31 2011

Facebook Debit Card for White Hat Hackers

Facebook Debit CardA few companies pay money to bug hunters. But Facebook is giving out something more unique than just a check.

Some security researchers are getting a customized “White Hat Bug Bounty Program” Visa debit card.

The researchers, who can make thousands of dollars for reporting just one security hole on the social-networking site, can use the card to make purchases, just like a credit card, or create a PIN and take money out of an ATM. As the researchers find more bugs, Facebook can add more money to their accounts.

Facebook wanted to do something special for the people who are helping the company shore up its software and keep hackers and malware out.

“Researchers who find bugs and security improvements are rare, and we value them and have to find ways to reward them,” Ryan McGeehan, manager of Facebook’s security.

Besides holding cash value, the White Hat card may proffer other advantages. “We might make it a pass to get into a party,” for instance, McGeehan said. “We’re trying to be creative.”

The most Facebook has paid out for one bug report is $5,000, and it has done that several times, according to McGeehan. Payments have been made to 81 researchers, he said.

Szymon Gruszecki, a Polish security researcher and penetration tester; Neal Poole, a junior at Brown University who will be an intern at Facebook next summer; Charlie Miller, a researcher at Accuvant known for finding holes in iOS 5 and Safari, praised the card. “Facebook whitehat card not as prestigious as the SVC card, but very cool ;) Fun way to implement no more free bugs,” he tweeted.

Facebook has plans to leverage the knowledge and skills of the researchers beyond just providing the bug bounty incentive.

“Whenever possible we’re going to try to load-in White Hat researchers into products early–as soon as (they are) in production,” McGeehan said. Thus Facebook “will get an early warning on anything they find.”

Nov 09 2011

PwnPhone – Pentesting Suite for Nokia N900

Nokia Pentesting Suite

The Pwnie Express’ PwnPhone is a full Pentesting suite for the Nokia N900.

It Includes Aircrack, Metasploit, Kismet, GrimWEPa, SET, Fasttrack, Ettercap, Nmap, and more…

Custom pentesting screen with shortcuts to macchanger, injection on/off, etc.

Built-in wireless card supports packet injection, monitor mode, and promiscuous mode.

Download:
pwnphone_image-7.6.2011.tar.gz
pwnphonemanual.pdf

Jul 30 2011

Facebook To Start Paying Security Bug Bounty

Facebook Bug BountyFacebook is the most recent company to come to the bug-bounty party, officially announcing recently that-

To show our appreciation for our security researchers, we offer a monetary bounty for certain qualifying security bugs.”

Here’s how it works:

Eligibility:
To qualify for a bounty, you must:

  • Adhere to our Responsible Disclosure Policy
  • Be the first person to responsibly disclose the bug
  • Report a bug that could compromise the integrity or privacy of Facebook user data, such as: Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF/XSRF), Remote Code Injection.
  • Reside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)

Facebook security team will assess each bug to determine if qualifies.

Rewards:

  • A typical bounty is $500 USD
  • We may increase the reward for specific bugs
  • Only 1 bounty per security bug will be awarded

Exclusions:
The following bugs aren’t eligible for a bounty:

  • Security bugs in third-party applications (e.g., http://apps.facebook.com/[app_name])
  • Security bugs in third-party websites that integrate with Facebook
  • Security bugs in Facebook’s corporate infrastructure
  • Denial of Service Vulnerabilities
  • Spam or Social Engineering techniques

Sign Up: Facebook Official Bug Bounty Page

Jul 27 2011

Half of SAP Systems on the Internet will be Hacked Next Week

SAP HackedOn the 4th of august at the world’s largest technical security conference – BlackHat USA 2011, which will take place in Las Vegas, SAP security expert and CTO of ERPScan Alexander Polyakov will show how any malicious attacker can get access to the systems running on SAP via Internet using new critical vulnerability.

SAP systems are used in more than 100 000 world companies to handle business-critical data and processes. Almost in each company from Forbes 500 system data are set for the handling of any process beginning from purchasing, human resources and financial reporting and ending with communication with other business systems. Thus receiving an access by the malicious attacker leads to complete control over the financial flow of the company, which can be used for espionage, sabotage and fraudful actions against hacked company.

The given attack is possible due to dangerous vulnerability of the new type, detected by Alexander in J2EE engine of SAP NetWeaver software, which allows bypassing authorization checks. For example it is possible to create a user and assign him to the administrators group using two unauthorized requests to the system. It is also dangerous because that attack is possible on systems, protected by the two-factor authentication systems, in which it is needed to know secret key and password to get access. To prove it researchers from ERPScan created a program, which detects SAP servers in the Internet with help of secret Google keyword and checks found servers on potential dangerous vulnerability. As the result, more than half of available servers could be hacked with help of found vulnerability.

“Danger is in that it is not only a new vulnerability, but a whole class of vulnerabilities that was theoretically described earlier but not popular in practice. During our research we only detected several examples in standard system configuration, and because each company customizes the system under its own business processes, new examples of vulnerabilities of the given class can be potentially detected at each company in the future. We have developed a free program which can detect unique vulnerabilities of such type in order to protect companies on time and it is also included in our professional product – ERPScan Security Scanner for SAP.” — noted Alexander.