Archive for July, 2007

Babel Enterprise - Cross Platform System Auditing Tool

Published at July 27, 2007 in Applications, Articles and Security. Comments

Babel Enterprise is a systems auditing tool. Babel performs a security level check of the machine, or hardening. The check consists of a number of auditing tests that obtain a snap of the security status of each machine. The result is a security index of the system that is given after each execution. It a non-intrusive tool, meaning that it does not make any changes in the system at all. It simply takes note of what is not working properly and reports it to the user. .

Babel Enterprise has being designed to manage security on many different systems, different technologies and versions, and different issues and requirements. It is a distributed management system, multi-user, that allows redundant installation in all its critical components. Each change occurring in the system can be watched and marked automatically each time a new audit policy is executed. Users can add, delete or modify existing elements to see exactly if the system works better or worse and why. Babel Enterprise uses a pragmatic approach, evaluating those aspects of the system the represent a security risk and that can be improved with the intervention of an administrator.

Babel Enterprise has a version of its agent for each of the latest Microsoft operating systems, Windows 2003 and Windows XP, and the main Unix system: Solaris 10, AIX 5.x, SUSE GNU/Linux 9 ES and Ubuntu Dapper, although they can be easily adapted to different versions and other UNIX OSs (such as BDS or HP-UX )

Babel currently has modules for auditing many different aspects of system security. These are some examples of currently implemented audit modules:

Service minimization.
Centralized file hashing.
Anomalous SUID0 executable detection.
File permissions checker.
Password strength tests.
Generic registry lookup (Windows)
Remote services configuration.
Audit for Kernel networking and security parameters.
Apache2 configuration auditing
User accounts auditing
Root environment audit
UID0 users detection.
Centralized patch management.
Centralized software inventory.
Listening ports auditing.
Inetd / Xinetd minimization.

You can download the latest stable version of Babel Enterprise here:

Babel Enterprise 1.0 version

Or read more here.

Dr. Morena - Firewall Configuration Testing Tool

Published at July 25, 2007 in Linux, Applications, Articles and Security. Comments

Dr.Morena is a tool to confirm the rule configuration of a Firewall.

The configuration of a Firewall is done by combining more than one rule. Sometimes a rule configuration may reside in a place other than the basic rule configuration place. In such a case, it is difficult to confirm whether it is an intended configuration by the system administrators. (Is an unnecessary hole open, or is a necessary hole open?).

We prepare a computer which has two network interface for this tool. Then, each network interface is connected to each of the network interfaces on both sides of the Firewall. The packet the source IP address and the destination IP address is forged and sent to the Firewall from one network interface. The packet which passed through the Firewall is confirmed in the other network interface. The rule of the Firewall is confirmed from the packets which passed through the Firewall, and the packets which didn’t pass.

This tool can check the rules without depending on the way of the Firewall is configured.

There is two modules in Dr. Morena - similar to the Firewal Tester (FTester). The first module is a check engine, and the second module is a packet list making engine.

Checker, which is the check engine, makes the check packet according to given packet information, and sends and receives this packet. Also, the check engine confirms whether the packet passed through the firewall, and returns the checked result.

Ideally, it is good to be able to check all packets of all services from all Internet Protocol addresses to all Internet Protocol addresses when we check the rules of a firewall. However, it is impossible to check all packets in appropriate time. Therefore, it is necessary to check the firewall by using only some limited packets. However, efficiency is bad in the check which uses packets chosen at random. Then, it is necessary to check the firewall by using the packet intended for an important address and the service listed in the security policy etc. by priority.

ListMaker, which is the check packet list making engine, lists necessary packets for the check, from information classified according to the importance degree.

You can download Dr. Morena here as an rpm file:

drmorena-0.2.0-1.i386.rpm

Or read more here.

Some Guidelines on How to Secure your Ubuntu Installation

Published at July 25, 2007 in Linux, Articles and Security. Comments

Since Ubuntu is getting so fantastically popular nowadays I thought this might be useful to some of you.

I personally think Ubuntu is great, the features, ease of installation, stability and especially the work they have done on things like wireless drivers make it a breeze to get up and running.

It is a pretty secure distro by default, but there are a few little things you can do to tighten it up.

If you don’t know what Ubuntu is you can check it out here:

http://www.ubuntu.com/

Ubuntu is a community developed, linux-based operating system that is perfect for laptops, desktops and servers. It contains all the applications you need - a web browser, presentation, document and spreadsheet software, instant messaging and much more.

If you wan’t to get into Linux I suggest you try this and Mandriva first.

Anyway recently I found a good security guide for Ubuntu, so run through the steps and lock your OS down.

If you’ve recently switched from Windows to the Linux distribution Ubuntu, you’ve probably experienced a decrease in spyware — and malware in general — on your system. But although Ubuntu is billed as the ultra-secure solution, you should know that even though Ubuntu’s default install has its flaws, like every other operating system.

The Big Ol’ Ubuntu Security Resource

piggy - Download MS-SQL Password Brute Forcing Tool

Published at July 23, 2007 in Password Cracking, Applications, Articles and Security. Comments

Piggy is yet another tool for performing online password guessing against Microsoft SQL servers.

It supports scanning multiple servers using a dictionary file or a file with predefined accounts (username and password combinations).

It’s a pretty simple tool and has a Win32 binary verson - it is a command line tool however.

Piggy v1.0.1 by patrik@cqure.net
——————————–
usage: piggy [options]
options:
-u [username] - Single username
-p [password] - Single password
-s [server] - Single server
-S [srvfile] - File containing ip/hostnames
-D [dicfile] - File containing passwords
-A [accounts] - File containing username;password combinations
-N - Do not check availability before scan
-v verbose - Verbose logging

You can download it here:

piggy-src-1_0_1.zip (Source code)
piggy-win32-1_0_1.zip (Binary version)

Learn to use Metasploit - Tutorials, Docs & Videos

Published at July 20, 2007 in Hack, Articles, Security and Vulnerabilities & Exploits. Comments

Metasploit is a great tool, but it’s not the easiest to use and some people get completely lost when trying to get the most out of it.

To help you guys out here is a bunch of links, videos, tutorials and documents to get you up to speed.

You can start with this, a good flash tutorial that shows you step by step how to use it:

Metasploit at Iron Geek

This video covers the use of Metasploit, launched from the Auditor Boot CD, to compromise an unpatched Windows XP box by using the RPC DCOM (MS03-026) vulnerability.
There’s a presentation by HD Moore himself at Cansecwest 2006:csw06-moore.pdfAnd a couple of videos spawned from that here:

Computer defense - TASK Presentation

The most up to date video for Metasploit 3 can be found here:

Exploring Metasploit 3 and the New and Improved Web Interface - Part 1

The Metasploit site itself also has some fantastic documentation, a good place to start is here:

http://framework.metasploit.com/msf/support

The Metasploit book is a good start too:

Using Metasploit

The Security Focus article is a good reference too if a little outdated:

Metasploit Framework, Part 1
Metasploit Framework, Part 2

So get hacking, Metasploit is great!