Archive for August, 2007

FireCAT 1.1 Released

Published at August 30, 2007 in Applications, Articles and Security. Comments

Turn Firefox into a Security Platform

FireCAT is a Firefox Framework Map collection of the most useful security oriented extensions. It can be used to turn your favorite browser (Firefox) into a powerful security framework.

FireCAT comes from “Firefox Catalog of Auditing Toolbox”

Changes for FireCAT 1.1

+ Category Network Utililies
- Added ffsniff to subcat “Sniffers”
- Added CrossFTP to subcat FTP (thanks to Benjamin Picuira)
- Added JiWire to subcat Wi-Fi (thanks to Mike from google.com)
- Added Oracle DBA Toolbar to Subcat Database (thanks to Laurent Chouraki)

+ New category “IT Security Related”
- Added Open Source Vulnerability Database Search (OSVD)
- Added US Homeland Security Threat Level.

You can download Firecat here:

Firecat 1.1 Freemind source (Zip - 3.4 kb)
Firecat 1.1 PDF (PDF - 156.4 kb)
Firecat 1.1 Browsable HTML (Zip - 36.4 kb)

Or read more here.

KGB Keylogger from Refog Software

Published at August 28, 2007 in Applications, Articles and Security. Comments

KGB Keylogger from Refog Software is a decent light weight Key Logger.

KGB Keylogger is a multi-functional keyboard tracking software that is widely used by both regular users and IT security specialists for tracking the key strokes typed on a given machine.

KGB Keylogger Features at a Glance

* Stealth mode and visible mode of work;
* Logs keyboard input, including language-specific characters;
* Logs Clipboard entries;
* Monitors and logs network activities;
* Custom list of monitored applications;
* Detailed information for each log entry, including the time stamp, application name and window caption;
* Screenshots at custom frequency (regular intervals or on mouse clicks);
* Export of logs into HTML;

The software works as described and is pretty fully featured for a Keylogger including a screen capture feature, not just the normal text/keyboard capturing facility.

The interface is nice and it’s fairly easy to use.

You can download the trial version here (Valid for 7 days):

KGB Keylogger - Trial

Install Beryl on Ubuntu 7.04 Feisty with AIGLX for Nvidia Chipset

Published at August 25, 2007 in Linux and Articles. Comments

Installing Beryl on Ubuntu Feisty with AIGLX.You’ll need to add the beryl-project repositories to your sources list. You can do that by adding the following line to your /etc/apt/sources.list:

deb http://ubuntu.beryl-project.org feisty main

You’ll also want to import the project GPG key for authentication

wget http://ubuntu.beryl-project.org/root@lupine.me.uk.gpg -O- | sudo apt-key add -

Now that you’ve got these added you’ll want to make sure you’ve updated to the changes

sudo aptitude update

If you haven’t already you’ll need to make sure you have 3D acceleration setup with the Nvidia drivers.

sudo aptitude install nvidia-glx

The X.org 7.2 in Feisty includes AIGLX so it’s pretty simple to get it going. Below are a few things you’ll want to add, or verify are included in your xorg.conf file. As usual, before you make any changes to your xorg.conf you’ll want to make a backup!

Under the Section “Module” make sure that you’ve got the following:

Load “dri”
Load “dbe”
Load “glx”

Now check the Section “Device” and add:

Option “XAANoOffscreenPixmaps”

On my machine (Nvidia GeForce MX 440) I also needed to add this next line to the device section:

Option “AddARGBGLXVisuals” “True”

And lastly you’ll want to make sure that these options are included, normally at the end of the file:

Section “DRI”
Mode 0666
EndSection

Section “Extensions”
Option “Composite” “Enable”
EndSection

OK. At this point AIGLX should be setup and ready to run. You will need to restart X before the changes will take place. If you are reading these instructions on the machine you’re upgrading you’ll want to make sure this is bookmarked to come back to for the final steps. You can use one of the links below this post to save it to your favorite social bookmarking page.

To restart your desktop use one of the following (for ubuntu or kubuntu users):

sudo /etc/init.d/gdm restart (ubuntu)
sudo /etc/init.d/kdm restart (kubuntu)

…ok, and now you’re back. Now we’ll want to install a couple of packages. The beryl packages and the theme decorations:

sudo aptitude install beryl emerald-themes

After you’ve installed these packages you’re ready to go with Beryl! Hit ALT-F2 and run

beryl-manager

You should hopefully see a Beryl splash screen at this point. If not you there should be a new Beryl icon in your notification tray. You can make sure it is running by right-clicking the icon and making sure that Beryl is selected in the desktop manager options.

Enjoy! If you’ve never used Beryl before be sure to check out some of the basic usage commands such as:

CTRL-ALT-right / left arrow : switch to next cube side
CTRL-ALT-SHIFT-right / left arrow : switch to next cube and bring current window
CTRL-ALT-left-click (drag) : move cube with mouse movement

…you might be interested in seeing more at the Beryl FAQ page.

w3af - Web Application Attack and Audit Framework

Published at August 22, 2007 in Applications, Articles and Security. Comments

A pretty cool tool was released a while back called w3af ( Web Application Attack and Audit Framework ), a fully automated auditing and exploiting framework for the web. This framework has been in development for almost a year and has the following features:

Audit

* SQL injection detection
* XSS detection
* SSI detection
* Local file include detection
* Remote file include detection
* Buffer Overflow detection
* Format String bugs detection
* OS Commanding detection
* Response Splitting detection
* LDAP Injection detection
* Basic Authentication bruteforce
* File upload inside webroot
* htaccess LIMIT misconfiguration
* SSL certificate validation
* XPATH injection detection
* unSSL (HTTPS documents can be fetched using HTTP)

Discovery

* Pykto, a nikto port to python
* Hmap, http fingerprinting.
* fingerGoogle, finds valid user accounts in google.
* googleSpider, a spider that uses google.
* webSpider, a classic web spider.
* robotsReader
* urlFuzzer
* serverHeader, fetches server header
* allowedMethods, gets a list of allowed HTTP methods.
* crossDomain, get and parse the flash file crossdomain.xml
* error404page, generate a regular expression to match 404 pages.
* sitemapReader, read googles sitemap.xml and parse it.
* spiderMan, using a localproxy and a human, find new URLs for auditing.
* webDiff, find differences between a local and a remote directory.
* wsdlFinder, find and parse WSDL and DISCO files.

The framework is extended using plug-ins and is completely written in Python.

You can download w3af here:

w3af BETA 4

Or read more here.

Immunity Debugger v1.0 (immdbg) Release

Published at August 22, 2007 in Applications, Articles and Security. Comments

After almost a year of intensive development and internal use, Immunity (The guys who bought us CANVAS) has announced the public release of Immunity Debugger v1.0. The main objective for this tool was to combine the best of commandline based and GUI based debuggers.

Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry’s first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.

* A debugger with functionality designed specifically for the security industry
* Cuts exploit development time by 50%
* Simple, understandable interfaces
* Robust and powerful scripting language for automating intelligent debugging
* Lightweight and fast debugging to prevent corruption during complex analysis
* Connectivity to fuzzers and exploit development tools

Immunity Debugger’s interfaces include the GUI and a command line. The command line is always available at the bottom of the GUI. It allows the user to type shortcuts as if they were in a typical text-based debugger, such as WinDBG or GDB. Immunity has implemented aliases to ensure that your WinDBG users do not have to be retrained and will get the full productivity boost that comes from the best debugger interface on the market.

Basically they’ve ended up creating a fully flexible and extensible Win32 debugger that has all of it’s features, both debugging and graphical, easily accessible from it’s Python scripting engine.

And best of all, it’s available for free. That’s right, Immunity Debugger is released for free, including free monthly updates.

You can download Immunity Debugger here, after registration.

http://debugger.immunityinc.com/register.html

Yes this goes against our general policy of not including tools that require registration, but this one is too cool to miss, so grab it! This is seriously cool and could well replace Ollydbg as the hackers choice. Along with IDA Pro and SoftIce of course ;)

Or read more here.