Monday, May 5, 2008

Book - Zero Day Threat


I finished another book, this time i read "Zero Day Threat" a very interesting investigation about cybercrime, made by two journalist (Byron Acohido and Jon Swartz).

As stated in the cover they show us "The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity"

The book is very well narrated, i liked how they focused the history from 3 different point of view (The Exploiters, the Expediters and the Enablers). The authors made a fantastic job in the investigation and in the accuracy of the information given by the book.

It's a must for anyone who wants to know how the cybercrime is organized and the inner workings of these mafias. You could learn how they steal identities, credit cards, passwords, etc and how they transform all of these in money through laundering tricks.

After reading the book you get a feeling of being totally naked and vulnerable to the cybercrime mafias. I was aware of all the technological issues involving cybercrime, but now i'm aware of the other two pieces in this game and i get the full picture on how everything works.

You can check the site of the book for more information:




Prologue
Pages: 304

By - No comments:
Labels:

Mysql - SQL Injection

Hi, here are the steps needed to extract data from a Mysql Database through SQL Injection automation. This will be useful for penetration test, when you need to craft your own tool because the ones that are available fails...

Let's get to work, first we need to get the schemas (Databases):

"SELECT table_schema FROM information_schema.tables WHERE table_schema != 'mysql' AND table_schema != 'information_schema' limit 1,1"

Once we know which database we want to extract data, we proceed to list the tables:

"SELECT table_name FROM information_schema.tables where table_schema = 'MYSCHEMA' limit 1,1"

MYSCHEMA = obtained schema from query 1

Now that we have the tables, we will go for the columns:

"SELECT column_name FROM information_schema.columns WHERE table_schema ="MYSCHEMA" and table_name = 'MYTABLE' Limit 1,1"

MYTABLE = obtained from query 2

And after this process you know the Schema (Database), the tables and the columns, so you can create the query to extract the data you want or think it will be interesting for the penetration test.

Another interesting query for penetration testing, is the one that can create a bruteforce attack
to find which table has a column named X.

"SELECT table_name FROM information_schema.columns WHERE column_name like '%MYWORD%' limit 1,1"

MYWORD= a word taken from a dictionary


Now is all about of putting this together in a script for automation. You can check www.edge-security.com Pblind for a SQL Injector script, the next release will have this feature included.

If you have another idea, please let me know.

Regards
By - No comments:
Labels: ,

Tuesday, April 15, 2008

SQLZoo - Your one stop for SQL

How many times you were facing a SQL Injection and you have doubts or didn't remember how a query was made for a specific database? Or sometimes you don't want to start Vmware machine just to try a query, so you start googling for an answer. But there is a great website for this kind of needs called SQLzoo, here you can find a lot of examples for every type of query for the different database engines, and the best is that you can execute the queries and check if they are correct.

Another great resource is the reference section where you can find information on how to obtain Metadata and how to run queries about Functions, Selects and Users for all the different database engines.

Also there is SQL Injection area, where you can try some injections against a vulnerable system.

There are many more interesting things related to SQL in the site, check it here SQLzoo

Enjoy

By - No comments:
Labels:

Wednesday, April 2, 2008

Pwn to own

In CansecWest Conference they created a contest where there were three machines with 3 differents OS's. The one who managed to pwn one of them, will win money and the machine.

Well now the contest is over and the results are this:

1- MacBook Air running OSX 10.5.2 - Charlie Miller - Exploited a Safari bug
2- Fujitsu U810 running Vista Ultimate SP1 - Shane Macaulay (Security Objetives) -

Ubuntu standed strong in the contest and nobody managed to own it. The question is, someone went after the Ubuntu? or everybody concentrated their efforts on the more deployed OS's?

Now everyone will start saying that Linux is stronger than the others, but i don't think that one
contest like this could be used in the war of "Which OS is more secure?"

Also is interesting seeing how in a little time (48hs) when money is put in the game new vulnerabilities are founded.

Charlie in action:



More information here
Video of Charlie Miller after pwning OS X
By - No comments:

Thursday, March 20, 2008

RedIris Conference



Hi all, the thursday 27 i will be talking on the "VI Foro de Seguridad RedIris", the topic of this Forum will be Web Application security. My talk is about "Common application security vulnerabilities" aka "The Usual Suspects". I will make an overview of the most common vulnerabilities, based on the OWASP Top 10.

If you want to have a good time and learn more about Web Application Security this could be a good oportunity.

The conference program can be checked here

See you there!
By - No comments:
Labels: ,

Thursday, March 6, 2008

MSRPC Auditing

Cody Pierce and Aaron Portnoy have released the Msrpc framework for auditing the Microsoft RPC protocol. The presented the tool in DeepSec 2007, it was a good presentation where they show us how they used to analyze RPC. Now the tools is available at Google Code.

pymsrpc is an attempt to develop a working library for communicating with remote Microsoft RPC endpoints. It includes an IDL parser and NDR data types for making requests.

The following toolset is recommended by them:
  • PyMSRPC consists of the following components
  • Lexer and Parse
  • A library of NDR objects
  • Utilizes Impacket from CORE for transport
  • Tie-ins for the Sulley Fuzzing Framework
This framework allows you to immediately communicate and audit an RPC service.











By



-





No comments:
  


















Labels:

















          

        

          

        

Wednesday, February 20, 2008


          

        










Fuzzing - Brute force Vulnerability discover












This time i will talk about another great book.  In this book Michael Sutton, Adam Greene and Pedram Amini expose everything you want to know about Fuzzing.

We can find a information about all the different types of Fuzzing: Network protocol Fuzzing, Web application Fuzzing, File format Fuzzing, in memory Fuzzing, etc. The book also cover the best fuzzing frameworks available like Spike, Peach, Sulley, and many more.

I enjoyed very much this book, it was easy to read and follow, very clear the concepts and well organized the contents.

If you want to learn all about Fuzzing, this is your book.

You can check the book web page:  Fuzzing

See you soon!









By



-





No comments:
  


















Labels:
,

















        

      









Subscribe to:
Posts (Atom)









Wfuzz 2.2.0 released



 I'm pleased to announce  a new version of WFuzz!   Wfuzz has been created to facilitate the task in web applications assessments and it...












    

  • 

    

    Wfuzz 2.1 released !
    

     I'm pleased to announce  a new version of WFuzz!   Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for findi...
    

    

    

    • 

  • 

    

    Scan for shellshock with wfuzz
    

     In the last few weeks everyone has been talking about Shellshock, the vulnerability affecting bash and having security ramifications everyw...
    

    

    

    • 

  • 

    

    Wfuzz 2.2.0 released
    

     I'm pleased to announce  a new version of WFuzz!   Wfuzz has been created to facilitate the task in web applications assessments and it...
    

    

    

    •