Category: Penetration Testing

Mar 22 2010

SkipFish – Web Application Security Scanner

SkipFish is a fully automated, active web application security reconnaissance tool.

SkipFish

Key Features:

  • High Speed: Pure C code, highly optimized HTTP handling, minimal CPU footprint – easily achieving 2000 requests per second with responsive targets.
  • Ease of Use: Heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
  • Cutting-Edge Security Logic: High quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

The tool is believed to support Linux, FreeBSD 7.0+, MacOS X, and Windows (Cygwin) environments.

Download: skipfish-1.13b.tgz

More Info: SkipFish – Project Home

Jan 13 2010

finddomains – Discover Domains by IP Address, Hosts

FindDomains is a multithreaded search engine discovery tool that will be very useful for penetration testers dealing with discovering domain names/web sites/virtual hosts which are located on too many IP addresses. Provides a console interface so you can easily integrate this tool to your pentest automation system.

It retrieves domain names/web sites which are located on specified ip address/hostname.

This tool is prepared by starting with Bing API 2.0 code sample.

In order to use FindDomains :

  • Create an appid from “Bing Developers”, this link.
  • It’ll be like that : 32AFB589D1C8B4FEC73D4BCB6EA0AD810E0FA2C7
  • When you have registered an appid, enter it to the “appid.txt” which is on program directory.

Some outlines :

  • Uses Bing search engine. Works with first 1000 records.
  • Multithreaded on crawling and DNS resolution.
  • Performs DNS resolution for extracted domains to eleminate cached/old records.
  • Has a console interface so it can be very useful with some command-line foo.
  • Works with Mono. But running under Windows is more efficient.

Sample usage :

1) FindDomains.exe 1.2.3.4
2) FindDomains.exe www.hotmail.com

finddomains

Requirements :
1) NET Framework 3.5. Also working with Mono.

Download: FindDomainsv0.1.1.rar

More Info: FindDomains Project Home

Nov 28 2009

Symantec Online Store Hacked

Symantec Exposed Passwords, Serials – SQL Injection, Full Database Access

Symantec HackedA self-proclaimed grey-hat hacker has located a critical SQL injection vulnerability in a website belonging to security giant Symantec. The flaw can be leveraged to extract a wealth of information from the database including customer and admin login credentials, product serial numbers, and possibly credit card information.

The flaw was found by a Romanian hacker going by the online handle of Unu, according to whom an insecure parameter of a script from the pcd.symantec.com website, allows for a Blind SQL Injection (SQLi) attack to be performed. In such an attack, the hacker obtains read and/or write permission to the underlying database of the vulnerable website.

The content of the pcd.symantec.com website is written in Japanese, but from what we could determine, it serves a product called Norton PC Doctor. The Web server appears to be running Windows Server 2000 as operating system, Microsoft IIS 6.0 with ASP support and Microsoft SQL Server 2000 as database back-end.

From the screen shots released by Unu there are many potentially interesting databases, but the one he chose to look at is called “symantecstore.” One of the tables in this database is named “PaymentInformationInfo” and contains columns such as BillingAddress, CardExpirationMonth, CardExpirationYear, CardNumber, CardType, CcIssueCode, CustomerEmail, CustomerFirstName, CustomerLastName or SecurityIndicator.

Source: Unu’s Blog

Nov 18 2009

Metasploit Framework 3.3 Released

Metasploit 3.3

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.

Version 3.3 is the latest stable release of the Metasploit Framework and the recommended starting point for new users. Using the online update system, this version can be synchronized with the development tree to obtain the latest exploits and payloads.

Metasploit now has 445 exploit modules and 216 auxiliary modules.

Download: Metasploit 3.3

More Info: Metasploit 3.3 Release Notes

May 13 2009

Pangolin – SQL Injection Tool

Pangolin SQL InjectionPangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.

Database Support:

* Access: Informations (Database Path; Root Path; Drivers); Data
* MSSql: Informations; Data; FileReader; RegReader; FileWriter; Cmd; DirTree
* MySql: Informations; Data; FileReader; FileWriter;
* Oracle: Inforatmions (Version; IP; Database; Accounts); Data;
* Informix: Informatons; Data
* DB2: Informatons; Data; and more;
* Sybase: Informatons; Data; and more;
* PostgreSQL: Informatons; Data; FileReader;
* Sqlite: Informatons; Data

Download Free Edition: Pangolin v2.1.2.924

More Info: Pangolin – Amazing SQL Injection World