Articles

WATOBO is a ruby frameworkfor performing security testing of web applications. It is intended to perform highly efficient (semi-automated) security audits.We are convinced that the combination of full-control and state-of-the-art automation is the best way to perform an accurate audit of your web application.



Introduction

WATOBO is a ruby frameworkfor performing security testing of web applications. It is intended to perform highly efficient (semi-automated) security audits.We are convinced that the combination of full-control and state-of-the-art automation is the best way to perform an accurate audit of your web application.

Usually, after we performed a Vulnerability Assessment in our organization, we continue our work with the development of a plan of security improvements with the ultimate goal of reducing the risk and threats and be in conformity with security policies and requirements. But this security improvements plan can be difficult to carry out in time, if we cannot:



Usually, after we performed a Vulnerability Assessment in our organization, we continue our work with the development of a plan of security improvements with the ultimate goal of reducing the risk and threats and be in conformity with security policies and requirements.

But this security improvements plan can be difficult to carry out in time, if we cannot:

Viproy is developed to improve quality of SIP Penetration Tests. It's a collection of Metasploit Framework modules focused on SIP tests, it can be used with Metasploit Framework Github edition or Metasploit Framework Pro edition. It has 10 different modules to test target SIP servers with authentication and fuzzing support. Also Viproy has a SIP library to extend Metasploit Framework REX library.



Introduction

Viproy is developed to improve quality of SIP Penetration Tests. It's a collection of Metasploit Framework modules focused on SIP tests, it can be used with Metasploit Framework Github edition or Metasploit Framework Pro edition. It has 10 different modules to test target SIP servers with authentication and fuzzing support. Also Viproy has a SIP library to extend Metasploit Framework REX library.

Description of Modules:

1) OPTION

Options module can be used to discover target SIP services and devices.

A Content Management System makes your life easy. It makes the online presence of your business more accessible and hence the probability of the success of your business soars higher. Incredibly, if you are unfamiliar with CMSes, the best part is, you need not be a nerdy, high-tech web developer to give this touch of virtuality to your ideas and convert them to online reality.



CMS - What's the Fuss all About?

Android is a mobile operating system platform developed by Andy Rubin, Rich Miner, Nich Sears and Chris White, which was later acquired by Google Inc. and is right now developed and maintained by Google itself. In the smartphone share, Android covers more than 50% of the market share, much more than iOS and other mobile platforms such as Blackberry, Windows and Symbian.



Android is a mobile operating system platform developed by Andy Rubin, Rich Miner, Nich Sears and Chris White, which was later acquired by Google Inc. and is right now developed and maintained by Google itself.  In the smartphone share, Android covers more than 50% of the market share, much more than iOS and other mobile platforms such as Blackberry, Windows and Symbian.

Is your server protected against port scanning? The general answer will be “Yes, I have a firewall which restricts access to internal servers from outside.” What if I tell you I can still scan the ports on your server and your firewall wouldn’t know about it! People usually think that it is not possible to do a complete port scan on the web server and other servers behind the firewall. This article will make you think otherwise. If the web application running on a server has SSRF (Server Side Request Forgery) vulnerability then it is possible to do port scans on the devices behind the firewall. Once you find a SSRF vulnerable server, SKANDAcan do an automated scan for you and provide you the status of the ports present on that vulnerable server.



Is your server protected against port scanning?  The general answer will be “Yes, I have a firewall which restricts access to internal servers from outside.”

What if I tell you I can still scan the ports on your server and your firewall wouldn’t know about it!

People usually think that it is not possible to do a complete port scan on the web server and other servers behind the firewall. This article will make you think otherwise.

Fatcat is open source web application pen tester tool freely available for download. Fatcat SQL injection is developed for reducing the processes of while exploiting SQL injection vulnerability and exploiting SQL injection profoundly.



Fatcat is open source web application pen tester tool freely available for download. Fatcat SQL injection is developed for reducing the processes of while exploiting SQL injection vulnerability and exploiting SQL injection profoundly.

Features of Fatcat V2

Hello there, I am Lava, the author of IronWASP. This article is the first in the series of articles that I will be doing on IronWASP. In this article I will cover the introduction to IronWASP and explain how you can scan your websites for security vulnerabilities using it. In the future articles of this series we will look at how you can manually test your site and identify vulnerabilities, how you can use scripting and automate testing and finally we will see how you can extend IronWASP and create your own tools using it.



Hello there, I am Lava, the author of IronWASP. This article is the first in the series of articles that I will be doing on IronWASP. In this article I will cover the introduction to IronWASP and explain how you can scan your websites for security vulnerabilities using it. In the future articles of this series we will look at how you can manually test your site and identify vulnerabilities, how you can use scripting and automate testing and finally we will see how you can extend IronWASP and create your own tools using it.

Penetration testing is more than just running automated tools and redoing the same manual testing workflow. It is about analyzing the target, understanding how it is built and coming up with unique attack scenarios. When you are testing a web application of even moderate size then the amount of pages, parameters and values travelling between the browser and the server can become overwhelming even for seasoned testers. Finding patterns or mapping connections in a maze of data is not a trivial task.



Penetration testing is more than just running automated tools and redoing the same manual testing workflow. It is about analyzing the target, understanding how it is built and coming up with unique attack scenarios.

When you are testing a web application of even moderate size then the amount of pages, parameters and values travelling between the browser and the server can become overwhelming even for seasoned testers. Finding patterns or mapping connections in a maze of data is not a trivial task.

Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s. XSS got listed as the top 2nd Vulnerability in the OWASP 2010 Web application Vulnerabilities list. Cross-site scripting (XSS) is a type of security vulnerability typically found in web applications which allows the attackers to inject client-side script into web pages viewed by other users. The execution of the injected code takes place at client side. A cross site scripting vulnerability can be used by the attacker to bypass the Same Origin Policy (SOP).



Introduction

Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s. XSS got listed as the top 2nd Vulnerability in the OWASP 2010 Web application Vulnerabilities list.

\

Figure 1 - Top 10 Web Application Vulnerabilities OWASP

[Note: This demonstration is based on article “Bluetooth Reconnaissance – Watching over Invisible and Cloning Bluetooth Device”. Please go through it before moving forward] Well for this demonstration, we are using following devices and tools: Bluetooth Headset External Bluetooth Dongle Laptop with BackTrack 5 R3 In this section we will see how to remotely inject audio in Bluetooth headset and also record the audio from it. First we will make our Bluetooth device up and running.



[Note: This demonstration is based on article “Bluetooth Reconnaissance – Watching over Invisible and Cloning Bluetooth Device”. Please go through it before moving forward]

Well for this demonstration, we are using following devices and tools:

Well in the previous section we saw that how to find the devices which are in visible as well as in invisible mode using different tools. And also understood the different terms we get while scanning process. Here we will recall one scan information. So here in first block the Bluetooth addresses given then the clock offset and then class information. By looking at class information we can conclude which of device we have scanned. In this section let’s play with our own Bluetooth interfaces, so that we can prepare them for attack.



[Note: This demonstration is based on article “Bluetooth Reconnaissance – Watching over Invisible”. Please go through it before moving forward]

Well in the previous section we saw that how to find the devices which are in visible as well as in invisible mode using different tools. And also understood the different terms we get while scanning process.

Here we will recall one scan information.

The OWASP Zed Attack Proxy (popularly known as ZAP) is an integrated penetration testing tool for finding vulnerabilities in web applications. OWASP ZAP is a fork of version 3.2.13 of the open source variant of Paros Proxy. Paros was a HTTP/HTTPS proxy for assessing web application security. It should be noted over here that Paros Proxy was not updated since August 2006.



Introduction

The OWASP Zed Attack Proxy (popularly known as ZAP) is an integrated penetration testing tool for finding vulnerabilities in web applications. OWASP ZAP is a fork of version 3.2.13 of the open source variant of Paros Proxy. Paros was a HTTP/HTTPS proxy for assessing web application security. It should be noted over here that Paros Proxy was not updated since August 2006.

WPA/WPA2 password can be cracked simply by capturing WPA handshake and then apply dictionary. And if passphrase is in dictionary then password will be cracked. But what if password is not in dictionary? Are there other ways to crack the non-dictionary passphrases? Let’s see them…



WPA/WPA2 password can be cracked simply by capturing WPA handshake and then apply dictionary. And if passphrase is in dictionary then password will be cracked. But what if password is not in dictionary? Are there other ways to crack the non-dictionary passphrases? Let’s see them…

First we will look the basics of WPA/2 cracking-

STEP 1: Start wireless monitor mode.

STEP2: Then capture the WPA handshake.

What is Tamper Data? Tamper data, an add-on (extension) for Mozilla Firefox, is a fast, simple yet effective tool which can used to do penetration testing. Tamper Data basically gives us the power to view, record and even modify outgoing HTTP requests. Since Tamper data is integrated into the browser, so it has no problems with the HTTPS connections, client authentication certificates or other features that the browser supports. We can  trace and time the http/https connections, responses and parameters being sent.



What is Tamper Data?

Tamper data, an add-on (extension) for Mozilla Firefox, is a fast, simple yet effective tool which can used to do penetration testing.

Tamper Data basically gives us the power to view, record and even modify outgoing HTTP requests. Since Tamper data is integrated into the browser, so it has no problems with the HTTPS connections, client authentication certificates or other features that the browser supports. We can  trace and time the http/https connections, responses and parameters being sent.

DirBuster is a multi-threaded Java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these. This tool is written by James Fisher and now an OWASP's Project, licensed under LGPL.



DirBuster is a multi-threaded Java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these.

This tool is written by James Fisher and now an OWASP's Project, licensed under LGPL.

DirBuster provides the following features:

Scapy is a wonderful packet crafting tool written by Philippe Biondi. Below is an excerpt from the Scapy documentation neatly describing Scapy. “Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. Scapy can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery.”



Overview

Scapy is a wonderful packet crafting tool written by Philippe Biondi. Below is an excerpt from the Scapy documentation neatly describing Scapy.

“Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. Scapy can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery.”

One liner about Kautilya - Kautilya is a toolkit which makes it easy to use USB Human Interface Device (like Teensy++), in breaking into a system. Now let’s understand what does that mean. First let’s understand Teensy++ (I will use Teensy for Teensy++ from now on). It is a USB HID which could be used as a programmable keyboard, mouse, joystick and serial monitor. What could go wrong? Imagine a programmable keyboard, which when connected to a system types out commands pre-programmed in it. It types faster than you and makes no mistakes. It can type commands and scripts and could use an operating system against itself, that too in few seconds. If you can program the device properly keeping in mind most of the possibilities and quirks it could be a really nice pwnage device.



Introduction

One liner about Kautilya - Kautilya is a toolkit which makes it easy to use USB Human Interface Device (like Teensy++), in breaking into a system. Now let’s understand what does that mean.

Sysinternals utilities are one of the best friends of administrator.Sysinternals was original created back in 1996 by Mark Russinovich and Bryce Cogswell and was bought by Microsoft in 2006. Since then the company has continued to release new tools and improve the existing ones. The Sysinternals suite consists of the following different categories: File and Disk Utilities Networking Utilities Process Utilities Security Utilities System Information Utilities Miscellaneous Utilities  



Everyone wants to be Millionaire and this article is just going to tell you how you can become one. The Web 2.0 has opened lots of opportunities and possibilities along with lots of security issues. One of the popular technology is “Flash” along with its never ending security issues. People laugh when they hear the terms “Flash” and “Security” together. Industry experts say that Flash is actually moving the ball towards ease of use and functionality and thus compromises on security.



Cain and Abel is windows based password recovery tool available as a freeware and maintained by Massimiliano Montoro. It supports wide features to recover passwords varying from Local Area Network to various routing protocols as well as provides intelligent capability to recover cached passwords and encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks.



Sql injection is one of the most common vulnerability found in web applications today. Exploiting SQL Injection through manual approach is somewhat tedious. Using flags like ―or 1=1--‖ , ―and 1>2‖ we can find out if vulnerability is present but exploiting the vulnerability needs altogether different approach. Tools like Sqlmap, Havij and Pangolin are helpful in exploiting sql injection.



In the past few years, Web applica-tion security has really got some good atten-tion. Because of this attention, we have so many proxy tools (Burp/Fiddler/Paros) rea-dily available, are making our lives easy at each step of penetration testing.



How much computing power do you have? If your answer is 'my personal laptop/dekstop', you don't yet realise your strength. How many friends do you have on Facebook? friends of friends? Add up all of their laptops/desktops, that's how much computing power you have at your disposal.



McAfee‘s first quarter threat report stated that, with six million unique samples of recorded malware, Q1 2011 was the most active first quarter in malware history. McAfee stated that Android devices are becoming malware havens with Android being the second most popular environment for mobile malware behind Symbian in the first quarter.