Author Archives: agent0x0

Automated Penetration Testing with CORE IMPACT

2
Posted by agent0x0 on February 25, 2008 – 10:45 am
Filed under Penetration Testing

< %image(20080225-logo_core_impact.gif|194|50|CORE IMPACT)%>

Last week I spoke at a local security professionals user group about Automated Penetration Testing with CORE IMPACT (from Core Security Technologies). There has been some great developments in the automated penetration testing area recently with commercial tools like CORE IMPACT and Immunity’s CANVAS. However, lets not forget about recent advancements with open source solutions like Metasploit 3. All of these products perform automated penetration testing.

Instead of posting my slide deck I will highlight some of the key points below. Note that this is presented from the perspective of a customer, this was not a sales pitch for CORE IMPACT even though they do have a great product. Next month I will be speaking about Metasploit 3, specifically talking about the autopwn feature which automates exploiting network hosts. One thing I want to mention, automated penetration testing should never replace detailed manual penetration testing! You should use these tools to supplement your tool kit, not replace them!
Read More »

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Goolag Scanner – Google Vulnerability Scanner Released

2
Posted by agent0x0 on February 22, 2008 – 11:14 am
Filed under Hacking

<%image(20080222-goolag.gif|228|84|Goolag Scanner)%>

The infamous Cult of the Dead Cow (cDc) has released a very cool Google vulnerability scanner called Goolag Scanner. This tool allows you to search a specific web site or domain for known vulnerabilities and misconfigurations.

From an eWeek article:

“The open-source program comes with about 1,500 custom Google search queries embedded by default to run searches for vulnerable Web applications, misconfigured Web servers with open backdoors, sensitive user names and passwords, and other documents accidentally exposed on the Internet.”

From the cDc press release:

“It’s no big secret that the Web is the platform,” said cDc spokesmodel Oxblood Ruffin. “And this platform pretty much sucks from a security perspective. Goolag Scanner provides one more tool for web site owners to patch up their online properties. We’ve seen some pretty scary holes through random tests with the scanner in North America, Europe, and the Middle East. If I were a government, a large corporation, or anyone with a large web site, I’d be downloading this beast and aiming it at my site yesterday. The vulnerabilities are that serious.”

Looks like they took Johnny Long’s “Google Dorks” search queries and put them into an automated tool. Very nice. Right now the tool only runs on Windows (.NET) but it looks like they will soon release it for other platforms. Nice to see all of these search queries put into a easy to use interface. Goolag Scanner and Maltego make fantastic additions to your pentest reconnaissance toolkit. You can download Goolag Scanner here.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Notacon 5: April 4-6 Cleveland, Ohio

0
Posted by agent0x0 on February 21, 2008 – 9:37 am
Filed under Hacking

If you are in the Cleveland, Ohio area you should check out the local con called Notacon. Similar to Defcon or ShmooCon but much smaller and in my opinion more unique. From the Notacon web site:

“NOTACON, an annual conference held in Cleveland, Ohio, explores and showcases technologies, philosophy and creativity often overlooked at other “hacker cons”. Our desire is not to supplant other events, but complement them and strike a balance that has gone unnoticed in our community for far too long.

With each new year we build upon the successes and knowledge of the previous years. Our goal is to enlighten, educate, and entertain attendees, presenters, and staff alike. We try to do this by finding new ways to apply technology to graphics, art, music, or social interaction.

Notacon espouses an ethos of exploration, participation and positive contributions. Hence, while some of the material we may cover is controversial or potentially “black hat” in nature, we feel it is important to bring light to all topics so that everyone can learn from the experience and create something good, fun or interesting from it.

Events during Notacon run from Friday morning through Sunday afternoon. These include over 40 presentations, contests such as “Anything but Ethernet”, game shows, prize giveaways and a whole lot of who-knows-what. Anything can happen, and usually does. “

It’s also affordable! $50 gets you into the con for the whole weekend. Looks like they have some interesting talks planned including “Bagcam – How did TSA and/or the airlines manage to do that to your luggage?” and the “Exploit-Me Series: Firefox Plug-ins for Application Penetration Testing”.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

PHP File Include Attacks Explained

0
Posted by agent0x0 on February 19, 2008 – 3:57 pm
Filed under Hacking

If you have been checking out Quzart’s QedShell v2.0 article and want to know more about PHP file include attacks and how they work…be sure to check out this fantastic four part series about these attacks on TippingPoint’s DV Labs blog. I have yet to find a more comprehensive article on this subject.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Social Networks and Personal Information

0
Posted by agent0x0 on February 19, 2008 – 10:18 am
Filed under Security Awareness

<%image(20080219-linkedin.jpg|137|43|LinkedIn)%>

Good post over at GNUCITIZEN today. They talk about how easy it would be for a hacker to social engineer their way into LinkedIn connections to get information about a potential business target, possibly even your company or business.

Social networking in general is very popular with security minded and non-security minded people. I use LinkedIn as well as many other security professionals because of the obvious career benefits. Even a gray hat/black hat hacker can use LinkedIn to further a legitimate career in the corporate world by getting a LinkedIn connection by doing a project for Hackers for Charity. It’s all about what you perceive your “personal risk” is associated with using a site like LinkedIn. The benefit may outweigh the risk in your case. Here are a few tips that you can do to help “minimize” your personal information exposure:

1. Do not make your LinkedIn profile public
2. Only accept connections from people you know and/or have personally worked with.

For example, if you own your own business you may want a public profile available to generate business. Again, this all depends on your personal risk assessment of your personal information.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Wireless Headset Dangers

0
Posted by agent0x0 on February 16, 2008 – 10:52 am
Filed under Wireless Security

<%image(20080216-plantronics.jpg|127|127|Wireless Headset)%>

I was listening to the latest Security Now podcast and Steve Gibson mentioned an interesting social engineering attack where some penetration testers were able to pose as employees just by listening to conference call and other telephone conversations across the street from the company facility. They used a police scanner dialed into the 800-900 Mhz range to pickup the signals of unsecured wireless headsets (very popular with many companies). There was also a very good article on this posted on Dark Reading that is a must read about this attack.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

New blogger

0
Posted by agent0x0 on February 15, 2008 – 9:29 pm
Filed under Spylogic News

Welcome Quzart to the spylogic.net team!

Another blogger from the Netherlands named Quzart will be posting an article on the revised c 99shell php script. Keep an eye out for it. Thanks Quzart!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Netcat – The Basics Video Tutorial

0
Posted by agent0x0 on February 14, 2008 – 11:17 am
Filed under Penetration Testing

The fine folks who brought you the De-ICE Pentest LiveCD’s have put together a nice nine minute video tutorial on Netcat. I personally love Netcat. It is a must use pentest tool. You can check it out on the heorot.net web site.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Lock your stuff up!

0
Posted by agent0x0 on February 14, 2008 – 10:20 am
Filed under Physical Security

<%image(20080214-master_lock.jpg|85|124|Master Lock)%>

So I was at the gym yesterday and noticed something that really bothered me….

As soon as I pulled into the gym parking lot I noticed that it was packed! Seems like everyone wanted to workout last night for some reason. So I grabbed my gym bag and went into the locker room to change. The locker room isn’t very big to begin with so I started to hunt for an open locker to drop my stuff into. Most every locker had a “Master Lock” brand combination or key lock. I finally found three lockers in a row that didn’t have locks. I opened up the first locker and it wasn’t empty. Someone’s cell phone, wallet, and ID all available for the taking. So I thought to myself, ok someone just forgot their lock right? I opened up the locker next to that one and saw another guys wallet and PDA just sitting there! No way…two in a row? Thinking that there is no way there would be three lockers in a row unsecured I opened up the third locker…what do you know…someones bag with car keys just sticking out of the bag. Amazing.

Lucky that I have some ethics and wouldn’t take someones stuff but the sad truth is that someone else could have easily stolen all of this stuff…wallets with credit cards, drivers license, PDA’s and cell phones all could be used for simple transactions or even worse identity theft.

Whats the lesson here? Buy yourself a lock! A Master Lock is like $3.99 (or cheaper). While you could crack one of these locks with very little effort, it does provide a good “deterrent” to prevent simple physical theft. At a busy gym someone might say something to you if you were trying to break a lock off by force, calculating magic numbers or by picking it!

Lock your stuff up at the gym…please!

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

“Twilight Hack” offers Wii Homebrew Possibilities

0
Posted by agent0x0 on February 12, 2008 – 10:45 am
Filed under Video Game Hardware Hacking

<%image(20080212-wii_linux.jpg|75|98|Linux on the Wii one day?)%>

As previously reported, the game save that exploits a vulnerability in the Twilight Princess game has been released. This exploit will potentially allow you to run unsigned code and eventually a ELF loader which will allow Linux to run on the Wii. All you need is a copy of Twilight Princess and an SD card to load the hacked game save file. This is the first time that the game save has been released with installation details.

Full instructions with video’s are available from the wiibrew.org web site.

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS