carnal0wnage [Shared Reader]

Monday, September 27, 2010

Hacking: The Next Generation Book Review

Hacking: The Next Generation Book Review

Nitesh Dhanjani, Billy Rios, & Brett Hardin

5 stars


Good Intro to Next Gen Attacks

First Impressions...skinny book. Strike One. Chapter 1 -- "Intelligence Gathering: Peering Through the Windows to Your Organization" spends a lot of time on physical security and social engineering and no mention of Maltego. I'm not sure how anyone can write a book on Intelligence Gathering and NOT include Maltego. Strike Two.

At this point i was thinking I had a dud on my hands BUT Chapter 2 --- "Inside-Out Attacks: The Attacker Is the Insider" redeems. Tons of code and examples to make XSS work in "realistic" scenarios mix the right amount of tech and narrative. My only gripe was that they talked about using XSS shell for XSS exploitation instead of using BEeF which is actively maintained and developed.

All the other chapters (except for Chapter 3) were very good, none of the others are as technical as chapter 2 but I believe they cover the current trends in a entertaining and readable way. Like one reviewer mentioned the information covered in Chapter 5 -- "Cloud Insecurity: Sharing the Cloud with Your Enemy" was not what I expected. It covered high level "possible" attacks versus any "probable" attacks. With the exception of possibly making insecure VM's and getting people to run it. Chapter 7 -- "Infiltrating the Phishing Underground: Learning from Online Criminals?" was a "chapterfied" version of the authors talk on the subject. Chapter 4 -- "Blended Threats: When Applications Exploit Each Other" was a good overview of stringing vulnerabilities that would be/were not considered high risk into high risk issues by combining one or more together which actually is "next generation".

Chapter 3, IMO didnt cover anything new. Mostly a discussion of insecure protocols, arp spoofing, email spoofing. While still a relevant issue in security not "next generation".


Thursday, September 23, 2010

AppSec DC 2010 and Web Exploitation Framework

Back in March, I spoke of inactivity on this blog because of time being devoted to a new tool.

The post can be found Here :

The tool is actually a combination of tools or Web Exploitation Framework (wXf). The idea is to roll the massive amounts of various AppSec tools into a single framework. Simplifies things, we hope.

Come November 10th, at AppSec DC 2010 we will be presenting the framework and laying out a road-map. I hope it becomes useful to consultants and application security practitioners.

More info can be found at the following link (full schedule):

OWASP FULL SCHEDULE

...and here (wXf Specific):

WXF PRESENTATION

Look forward to seeing you all there.

~Happy Hacking

cktricky

Saturday, September 4, 2010

Grabbing Index Pages Of Webservers

Grabbing the index pages of web servers seems like a no brainer and something every pentester is going to perform on a test. The problem I ran into is how do you get this info once your inside and using meterpreter as your pivot into the network.

Your current options are to port forward to each host or set up a route via your meterpreter session and run some sort of auxiliary module. You can tcp port scan and find open ports or use the http_version module to see server version but you don't get a feel for whats actually on the site.

I opted to write something that would scan a range, perform a HTTP GET of / on the ip, then take the resulting body from the response, which should be html, and save it to a file to look at afterwards.

Looks like this when it runs...

msf auxiliary(http_index_grabber) > set RHOSTS carnal0wnage.com/24
RHOSTS => carnal0wnage.com/24

msf auxiliary(http_index_grabber) > run

[+] Received a HTTP 200...Logging to file: /home/cg/.msf3/logs/auxiliary/http_index_grabber/209.20.85.4_20100904.4426.html

[+] Received a HTTP 200...Logging to file: /home/cg/.msf3/logs/auxiliary/http_index_grabber/209.20.85.5_20100904.4429.html

[*] Received 301 to http://drumsti.cc/ for 209.20.85.10:80/

[-] Received 403 for 209.20.85.8:80/

[+] Received a HTTP 200...Logging to file: /home/cg/.msf3/logs/auxiliary/http_index_grabber/209.20.85.12_20100904.4432.html
...
[*] Received 302 to http://209.20.85.57/apache2-default/ for 209.20.85.57:80/
[+] Received a HTTP 200...Logging to file: /home/cg/.msf3/logs/auxiliary/http_index_grabber/209.20.85.56_20100904.4503.html
[*] Received 302 to http://209.20.85.51/session/new for 209.20.85.51:80/


you can then check out the folder with the results


code is here:
http://carnal0wnage.googlecode.com/svn/trunk/msf3/modules/auxiliary/admin/random/http_index_grabber.rb