Articles

OWASP SKANDA – SSRF Exploitation Framework
Is your server protected against port scanning? The general answer will be “Yes, I have a firewall which restricts access to internal servers from outside.” What if I tell you I can still scan the ports on your server and your firewall wouldn’t know about it! People usually think that it is not possible to do a complete port scan on the web server and other servers behind the firewall. This article will make you think otherwise. If the web application running on a server has SSRF (Server Side Request Forgery) vulnerability then it is possible to do port scans on the devices behind the firewall. Once you find a SSRF vulnerable server, SKANDAcan do an automated scan for you and provide you the status of the ports present on that vulnerable server.


Is your server protected against port scanning?  The general answer will be “Yes, I have a firewall which restricts access to internal servers from outside.”

What if I tell you I can still scan the ports on your server and your firewall wouldn’t know about it!

People usually think that it is not possible to do a complete port scan on the web server and other servers behind the firewall. This article will make you think otherwise.

Fatcat V2 Auto [S]ql-Injector
Fatcat is open source web application pen tester tool freely available for download. Fatcat SQL injection is developed for reducing the processes of while exploiting SQL injection vulnerability and exploiting SQL injection profoundly.


Fatcat is open source web application pen tester tool freely available for download. Fatcat SQL injection is developed for reducing the processes of while exploiting SQL injection vulnerability and exploiting SQL injection profoundly.

Features of Fatcat V2

IronWASP Series Part – 1
Hello there, I am Lava, the author of IronWASP. This article is the first in the series of articles that I will be doing on IronWASP. In this article I will cover the introduction to IronWASP and explain how you can scan your websites for security vulnerabilities using it. In the future articles of this series we will look at how you can manually test your site and identify vulnerabilities, how you can use scripting and automate testing and finally we will see how you can extend IronWASP and create your own tools using it.


Hello there, I am Lava, the author of IronWASP. This article is the first in the series of articles that I will be doing on IronWASP. In this article I will cover the introduction to IronWASP and explain how you can scan your websites for security vulnerabilities using it. In the future articles of this series we will look at how you can manually test your site and identify vulnerabilities, how you can use scripting and automate testing and finally we will see how you can extend IronWASP and create your own tools using it.

HAWAS – Hybrid Analyzer for Web Application Security
Penetration testing is more than just running automated tools and redoing the same manual testing workflow. It is about analyzing the target, understanding how it is built and coming up with unique attack scenarios. When you are testing a web application of even moderate size then the amount of pages, parameters and values travelling between the browser and the server can become overwhelming even for seasoned testers. Finding patterns or mapping connections in a maze of data is not a trivial task.


Penetration testing is more than just running automated tools and redoing the same manual testing workflow. It is about analyzing the target, understanding how it is built and coming up with unique attack scenarios.

When you are testing a web application of even moderate size then the amount of pages, parameters and values travelling between the browser and the server can become overwhelming even for seasoned testers. Finding patterns or mapping connections in a maze of data is not a trivial task.

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework
Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s. XSS got listed as the top 2nd Vulnerability in the OWASP 2010 Web application Vulnerabilities list. Cross-site scripting (XSS) is a type of security vulnerability typically found in web applications which allows the attackers to inject client-side script into web pages viewed by other users. The execution of the injected code takes place at client side. A cross site scripting vulnerability can be used by the attacker to bypass the Same Origin Policy (SOP).


Introduction

Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s. XSS got listed as the top 2nd Vulnerability in the OWASP 2010 Web application Vulnerabilities list.

\

Figure 1 - Top 10 Web Application Vulnerabilities OWASP

Hijacking Bluetooth Headset
[Note: This demonstration is based on article “Bluetooth Reconnaissance – Watching over Invisible and Cloning Bluetooth Device”. Please go through it before moving forward] Well for this demonstration, we are using following devices and tools: Bluetooth Headset External Bluetooth Dongle Laptop with BackTrack 5 R3 In this section we will see how to remotely inject audio in Bluetooth headset and also record the audio from it. First we will make our Bluetooth device up and running.


[Note: This demonstration is based on article “Bluetooth Reconnaissance – Watching over Invisible and Cloning Bluetooth Device”. Please go through it before moving forward]

Well for this demonstration, we are using following devices and tools:

Cloning Bluetooth Device
Well in the previous section we saw that how to find the devices which are in visible as well as in invisible mode using different tools. And also understood the different terms we get while scanning process. Here we will recall one scan information. So here in first block the Bluetooth addresses given then the clock offset and then class information. By looking at class information we can conclude which of device we have scanned. In this section let’s play with our own Bluetooth interfaces, so that we can prepare them for attack.


[Note: This demonstration is based on article “Bluetooth Reconnaissance – Watching over Invisible”. Please go through it before moving forward]

Well in the previous section we saw that how to find the devices which are in visible as well as in invisible mode using different tools. And also understood the different terms we get while scanning process.

Here we will recall one scan information.

OWASP Zed Attack Proxy (ZAP)
The OWASP Zed Attack Proxy (popularly known as ZAP) is an integrated penetration testing tool for finding vulnerabilities in web applications. OWASP ZAP is a fork of version 3.2.13 of the open source variant of Paros Proxy. Paros was a HTTP/HTTPS proxy for assessing web application security. It should be noted over here that Paros Proxy was not updated since August 2006.


Introduction

The OWASP Zed Attack Proxy (popularly known as ZAP) is an integrated penetration testing tool for finding vulnerabilities in web applications. OWASP ZAP is a fork of version 3.2.13 of the open source variant of Paros Proxy. Paros was a HTTP/HTTPS proxy for assessing web application security. It should be noted over here that Paros Proxy was not updated since August 2006.

Cracking WPA/WPA2 for Non-Dictionary Passphrase
WPA/WPA2 password can be cracked simply by capturing WPA handshake and then apply dictionary. And if passphrase is in dictionary then password will be cracked. But what if password is not in dictionary? Are there other ways to crack the non-dictionary passphrases? Let’s see them…


WPA/WPA2 password can be cracked simply by capturing WPA handshake and then apply dictionary. And if passphrase is in dictionary then password will be cracked. But what if password is not in dictionary? Are there other ways to crack the non-dictionary passphrases? Let’s see them…

First we will look the basics of WPA/2 cracking-

STEP 1: Start wireless monitor mode.

STEP2: Then capture the WPA handshake.

Tamper Data
What is Tamper Data? Tamper data, an add-on (extension) for Mozilla Firefox, is a fast, simple yet effective tool which can used to do penetration testing. Tamper Data basically gives us the power to view, record and even modify outgoing HTTP requests. Since Tamper data is integrated into the browser, so it has no problems with the HTTPS connections, client authentication certificates or other features that the browser supports. We can  trace and time the http/https connections, responses and parameters being sent.


What is Tamper Data?

Tamper data, an add-on (extension) for Mozilla Firefox, is a fast, simple yet effective tool which can used to do penetration testing.

Tamper Data basically gives us the power to view, record and even modify outgoing HTTP requests. Since Tamper data is integrated into the browser, so it has no problems with the HTTPS connections, client authentication certificates or other features that the browser supports. We can  trace and time the http/https connections, responses and parameters being sent.

OWASP DirBuster – Bruteforcing the Web
DirBuster is a multi-threaded Java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these. This tool is written by James Fisher and now an OWASP's Project, licensed under LGPL.


DirBuster is a multi-threaded Java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these.

This tool is written by James Fisher and now an OWASP's Project, licensed under LGPL.

DirBuster provides the following features:

Scapy Primer
Scapy is a wonderful packet crafting tool written by Philippe Biondi. Below is an excerpt from the Scapy documentation neatly describing Scapy. “Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. Scapy can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery.”


Overview

Scapy is a wonderful packet crafting tool written by Philippe Biondi. Below is an excerpt from the Scapy documentation neatly describing Scapy.

“Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. Scapy can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery.”

Kautilya
One liner about Kautilya - Kautilya is a toolkit which makes it easy to use USB Human Interface Device (like Teensy++), in breaking into a system. Now let’s understand what does that mean. First let’s understand Teensy++ (I will use Teensy for Teensy++ from now on). It is a USB HID which could be used as a programmable keyboard, mouse, joystick and serial monitor. What could go wrong? Imagine a programmable keyboard, which when connected to a system types out commands pre-programmed in it. It types faster than you and makes no mistakes. It can type commands and scripts and could use an operating system against itself, that too in few seconds. If you can program the device properly keeping in mind most of the possibilities and quirks it could be a really nice pwnage device.


Introduction

One liner about Kautilya - Kautilya is a toolkit which makes it easy to use USB Human Interface Device (like Teensy++), in breaking into a system. Now let’s understand what does that mean.

Sysinternals Suite
Sysinternals utilities are one of the best friends of administrator.Sysinternals was original created back in 1996 by Mark Russinovich and Bryce Cogswell and was bought by Microsoft in 2006. Since then the company has continued to release new tools and improve the existing ones. The Sysinternals suite consists of the following different categories: File and Disk Utilities Networking Utilities Process Utilities Security Utilities System Information Utilities Miscellaneous Utilities  


Who wants to be a Millionaire
Everyone wants to be Millionaire and this article is just going to tell you how you can become one. The Web 2.0 has opened lots of opportunities and possibilities along with lots of security issues. One of the popular technology is “Flash” along with its never ending security issues. People laugh when they hear the terms “Flash” and “Security” together. Industry experts say that Flash is actually moving the ball towards ease of use and functionality and thus compromises on security.


Cain and Abel: The Black Art of ARP Poisoning
Cain and Abel is windows based password recovery tool available as a freeware and maintained by Massimiliano Montoro. It supports wide features to recover passwords varying from Local Area Network to various routing protocols as well as provides intelligent capability to recover cached passwords and encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks.


SQLMAP – Automated Sql Injection Testing Tool
Sql injection is one of the most common vulnerability found in web applications today. Exploiting SQL Injection through manual approach is somewhat tedious. Using flags like ―or 1=1--‖ , ―and 1>2‖ we can find out if vulnerability is present but exploiting the vulnerability needs altogether different approach. Tools like Sqlmap, Havij and Pangolin are helpful in exploiting sql injection.


Echo Mirage
In the past few years, Web applica-tion security has really got some good atten-tion. Because of this attention, we have so many proxy tools (Burp/Fiddler/Paros) rea-dily available, are making our lives easy at each step of penetration testing.


Ravan – JavaScript Distributed Computing System
How much computing power do you have? If your answer is 'my personal laptop/dekstop', you don't yet realise your strength. How many friends do you have on Facebook? friends of friends? Add up all of their laptops/desktops, that's how much computing power you have at your disposal.


Demystifying the Android Malware
McAfee‘s first quarter threat report stated that, with six million unique samples of recorded malware, Q1 2011 was the most active first quarter in malware history. McAfee stated that Android devices are becoming malware havens with Android being the second most popular environment for mobile malware behind Symbian in the first quarter.


Tools for Reverse Engineering and Malware Analysis
Reverse engineering is the process of analyzing a subject system to identify the system's components and their relationships, and to create representations of the system in another form or at a higher level of abstraction. The process of reverse engineering, which is part of malware analysis, is accomplished using specific tools that are categorized as hex editors, disassemblers/debuggers, decompiles and monitoring tools.


SniffJoke – Defeating Interception Framework
If you try the command “traceroute” (under windows, called tracert) you will see a lots of network elements between you and the target host. An interception could happen in every location. If you are using some attack tool like airsnort, ettercap, or simple analysis tool with promisc mode support (wireshark, dsniff) you are sniffing in your LAN. Your LAN, is either the first hop for the outgoing session and the last hop for the incoming sessions. The image showed is useful because it shows how many hops will separate two hosts in Internet. Every hop will be monitored, every nation will have different law, and if you get passively sniffed will never be notified to you.


Armitage – The Ultimate Attack Platform for Metasploit
Now! You have one more reasons to add Metasploit in your Pentest Toolkit. You just can?t ignore Metasploit anymore just because it does not give you user interface like commercial frameworks available out there like Core Impact and Immunity Canvas.


Wi-Fi Tools
This section in itself may look incomplete, to have full flavor read Tech Gyan.There are many Wireless Testing tools in the wild for the different OS flavors right from Windows, Unix to Smart Phone OS. Unix based tools remain the most popular among them.


BeEF (Browser Exploitation Framework)
BeEF is a Browser Exploitation Framework. It enables an attacker/pen tester to assess the security of the browser and lets him exploit it if found vulnerable.