2008 March archive at bLackhammer.org

Less

« Older

Home

Newer »

Archive for March, 2008

.NETIDS - .NET Intrusion Detection System

Published at March 22, 2008 in Applications, Programming, Articles and Security. 0 Comments

This tool is another one on the side of protection, again for web-based applications but this time for .NET applications it’s called .NETIDS (.NET Intrusion detection System). This tool is capable of detecting on attacks on web applications and gives the developer the possibility to react. The project files include filter rules and function stubs to react on possible intrusions which may vary from logging to warning or redirecting the user.

The goal of this project is to provide am additional layer of protection to any .NET application this project is used with. This also includes the detection of XSS, directory traversal, SQL injections, protection against overwriting JS objects and methods, advanced logging functions, categorization and tagging of the single filter rules and interfaces for reacting on possible intrusions.

.NET IDS is a actually a port of PHPIDS, which we’ve mentioned before, to the .NET Framework. The library is fully CLS compliant and implements exactly the same filtering sets as the PHP version.

.NETIDS can be used in three ways.

The first method is by inheriting your ASP.NET pages from the SecurePage class. This offers an easy and customizable way to scan page input. If you are relatively new to the .NET Framework this is the simplest way to secure your applications.

The second method is more customizable but harder to implement for novice programmers and involves working directly with the IDS objects.

The third method (available in the upcoming release) is by using the supplied HttpModule.

You can find the documentation here:

http://www.the-mice.co.uk/dotnetids/docs/

You can download .NET IDS v.0.1.3.0 here:

dotnetids-bin-0_1_3_0.zip

Or you can read more here.

Technorati Tags: NET, application intrusion detection, asp, ASP IDS, ASP.net, Countermeasures, dotnet, IDS, intrusion detection system, Javascript, protection, Security Software, sql-injection, web-application-security, web-security, XSS

Inguma 0.0.7.2 Released for Download - Penetration Testing Toolkit

Published at March 19, 2008 in Penetration Testing, Applications, Articles and Security. 0 Comments

For those that don’t know, Inguma is an open source penetration testing and vulnerability research toolkit written completely in Python. The environment is mainly oriented to attack Oracle related systems but, anyway, it can be used against any other kind of systems.

It’s becoming a mature and useful package! I’m glad to see continued developing and especially that they are concentrating on fixing bugs and improving the modules rather than adding loads of new features and just making it worse.

In this version there is new modules added, new exploits, many many bug fixes and the enhancing of existing modules, such as the Oracle related stuff.

PyShellcodelib has been enhanced as well and now supports Mac OS X. But, for the moment, just BSD syscalls. Mac syscalls implementation is on the way. You will also notice that it is now object oriented as opposed to the previous versions.

Among with the aforementioned changes, there are 5 new Oracle modules: 4 modules for bugs fixed in the Critical Patch Update of
January 2008 and one skr1pT k1|>i3 like module for the Oracle PL/SQL gateway flaw. Give to the module the target’s address and port and run “oragateway”. The module will automagically guess the correct DAD and bypass technique. After it an SQL terminal will be opened.

The new modules added to the framework are the following:

nikto: A plugin that uses Nikto based databases (Thanks you Sullo!).
archanix: As you may imagine, it gathers information from archaic Unix services.
brutesmtp: A brute forcer for SMTP servers.
anticrypt: A tool to guess the encryption algorithm of a password’s hash. It saves a lot of time when auditing passwords.

They are also getting the documentation together (this is the first release) on the Wiki here:

http://inguma.wiki.sourceforge.net

You can download Inguma 0.0.7.2 here:

Inguma 0.0.7.2

Or read more here.

Technorati Tags: Hacking Tools, hacking-databases, oracle-hacking, oracle-security, pen-testing-toolkit, penetration-testing, Python, security-tools, web-security

Nipper 0.11.5 Released - Network Device Configuration Security Auditing Tool

Published at March 19, 2008 in Network Hacking, Hacking Tools, Applications, Articles and Security. 0 Comments

Nipper performs security audits of network device configuration files. The report produced by Nipper includes; detailed security-related issues with recommendations, a configuration report and various appendices. Nipper has a large number of configuration options which are described on this page.

Nipper currently supports the following device types:

Cisco Switches (IOS)
Cisco Routers (IOS)
Cisco Firewalls (PIX, ASA, FWSM)
Cisco Catalysts (NMP, CatOS, IOS)
Cisco Content Service Switches (CSS)
Juniper NetScreen Firewalls (ScreenOS)
CheckPoint Firewall-1 (FW1)
Nokia IP Firewalls (FW1)
Nortel Passport Devices
SonicWALL SonicOS Firewalls (SonicOS)

The security audit includes details of the findings, together with detailed recommendations. The security audit can be modified using command lineparameters or an external configuration file.

Network filtering audits include the following, all of which can be modified:

Rule lists end with a deny all and log
Rules allowing access from any source
Rules allowing access from network sources
Rules allowing access from any source port
Rules allowing access to any destination
Rules allowing access to destination networks
Rules allowing access to any destination service
Rules that do not log
Deny rules that do not log
Rules that are disabled
Rules that reject rather than drop
No bypass rules exist
Default rules

This update (0.11.5) includes improvements to support for Cisco PIX / ASA / FWSM firewalls, SonicWALL SonicOS firewalls, CheckPoint Firewall-1 and Nokia IP firewalls. It also includes a host of other updates.

The output from Nipper can be in HTML, Latex, XML or Text formats. Furthermore, Nipper will reverse any Cisco type-7 passwords identified, all other encrypted passwords can be output to a John-the-Ripper file for further strength testing. By default, input is retrieved from stdin and is output (in HTML format) to stdout.

Nipper is available for Linux, Windows and other platforms. You can download Nipper here:

Nipper 0.11.5

Or read more here.

Technorati Tags: audit config files, cisco security, network auditing, network infrastructure testing, network-security, nipper, pix security

Goolag - GUI Tool for Google Hacking

Published at March 19, 2008 in Hacking Tools, Hack, Applications and Articles. 0 Comments

cDc (Cult of the Dead Cow) recently released a GUI driven tool for Google Hacking called Goolag.

Google Dorks have been around for several years and have been researched most assiduously by Johnny I Hack Stuff.

If one searches the Web, one will find multiple collections of dorks, and also some applications - standalone and Web-based - offering certain “scanning” possibilities.

Nevertheless, gS is different from other applications released to date for the following reasons:

There is no need for a special tool to use dorks other than a browser, but scanning hundreds of dorks ‘by hand’ is impossible.
Goolag Scanner is focused on usability. It simplifies the use of myriad numbers of dorks to a few mouse clicks. No cryptic command line options and no knowledge of
Google hacking are required to test one’s host.
Goolag Scanner comes with its own dorks-database, but it is not limited to such.
gS uses a very simple xml-document, which is readable and part of the distribution.

This software requires Microsoft .NET Framework Version 2.0.

You can download Goolag here:

Goolag (1.0.0.40)

Or read more here.

Technorati Tags: cdc, cult of the dead cow, google doorks, google hacking tool, google hacks, google-hacking, goolag, information gathering, Web Hacking

Fusil Fuzzer 0.7 - Fuzzing Functions in Python

Published at March 19, 2008 in Applications and Articles. 0 Comments

Fusil is a fuzzing framework written in Python and distributed under GNU GPLv2 license. Fusil allows you to easily write “Fuzzing Projects” from a set of functions such as:

Create a process
Compile a C program
Watch a process
Watch syslog and so on

Fusil uses small “agents” which exchange messages to launch actions. e.g. MangleFile injects errors into valid file (PDF file, AVI movie, JPEG picture etc.). And then Fusil uses generated filename to run a process.

Currently available projects are ClamAV, Firefox (contains an HTTP server), gettext, gstreamer, identify, libc_env, libc_printf, libexif, linux_syscall, mplayer, php, poppler, vim and xterm.

For fuzzing safety, Fusil limits process memory, process priority, only copies a few environment variables, creates a temporary directory used as working directory, etc.

You can download Fusil 0.7 here:

fusil-0.7.tar.gz (INSTALL doc)

Or read more here.

Technorati Tags: fusil, fusil fuzzer, fuzzer, fuzzing, fuzzing python, fuzzing-tool, python fuzzer

bLackhammer.org

Archive for March, 2008

.NETIDS - .NET Intrusion Detection System

Inguma 0.0.7.2 Released for Download - Penetration Testing Toolkit

Nipper 0.11.5 Released - Network Device Configuration Security Auditing Tool

Goolag - GUI Tool for Google Hacking

Fusil Fuzzer 0.7 - Fuzzing Functions in Python

About

Recent Posts

Categories

Blogroll