ProxyStrike 2.2 – Tool to Audit Web Applications

May 5th, 2013 Mourad Ben Lakhoua

Web applications is getting more and more importance in the computer security field, this makes on a daily bases we have new scanners to help in finding bugs and vulnerabilities on web platforms.

ProxyStrike is a tool that helps auditors to test the security of web application using several web requests that usually made by the browser and verify the response to identify any known vulnerability.

The tool also includes a crawler to check website against XSS vulnerabilities or SQL injections using an integrated plugins.  Main features for the tool:

  • Automatic crawl process
  • Http request/response history
  • Request parameter stats
  • Request parameter values stats
  • Request url parameter signing and header field signing
  • Use of an alternate proxy
  • Sql attacks (plugin)
  • Server Side Includes (plugin)
  • Xss attacks (plugin)
  • Attack logs

You can download the tool by following this link: http://code.google.com/p/proxystrike/

Share

Multiple vulnerabilities in Cisco Video Surveillance Operations Manager

May 4th, 2013 Mourad Ben Lakhoua

Video conferencing is now becoming a flexible way to have meeting over internet and some magazines are using these systems to record all activities at their shops. this way to track any violation or a problem in their markets. An exploit has been published for the Cisco Video Surveillance Operations Manager version 6.3.2 that allow an attacker to conduct a local file inclusion, access to the system and view the attached cameras or a cross site scripting attack on the vulnerable servers.

cross site scripting is a vulnerability that allow a malicious user to redirect victim to a malicious webpage to steal sensitive information such as web sessions or cookies without victim knowledge and this is a very high risk vulnerability. this should be fixed by the server owner where the web application needs to perform validation for the inputs/outputs for its pages.

spying on the vulnerable server console is also possible where attacker can bypass the authentication using the following url string: http://serverip/broadware.jsp

Security measures for such system should be properly made on the network level to avoid any attack on affected servers this by creating VPN and restricting the access to these systems. While if you are using Cisco Video Surveillance Operations Manager version 6.3.2 you need to upgrade to a fixed version 7.x.

Link to the exploits: http://www.exploit-db.com/exploits/24786/

Share

HookME 0.2 – API Spying Tool

April 28th, 2013 Mourad Ben Lakhoua

Hooking API calls on operating system allows to intercept useful information, new release of HookMe have been issued to add more stability to the application , a way to choose what API functions to hook and some fixes to the program.

HookMe provides a nice graphic user interface allowing you to change the packet content in real time, dropping or forwarding the packet. It also has a python system plugin to extend the HookMe functionality.

Site mirroring in progress [12, 0 bytes] - [sectechno.com

 HookME application interface (click to enlarge)

the tool can be a perfectly used in penetration testing for analyzing and modifying network protocols, creating some type of malwares or backdoors for PoC embebed into network protocols. hooking the API calls for sending and receiving network data (even SSL clear data). or to investigate any rootkit that is hooking API calls. you can download the latest version of HookMe over this link: https://code.google.com/p/hookme/

Share

Kippo 0.8 small SSH honeypot to keep track of brute force attacks

April 14th, 2013 Mourad Ben Lakhoua

New release have been announced on Kippo one of the most widely used ssh honeypot. this tool is a python based and emulates a shell on the server end to detect brute force attack. Kippo is a low to medium interaction SSH honeypot and can be a good addition to your honeypot solution. Some interesting features:

  • Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
  • Possibility of adding fake file contents so the attacker can ‘cat’ files such as /etc/passwd. Only minimal file contents are included
  • Session logs stored in an UML compatible format for easy replay with original timings
  • Just like Kojoney, Kippo saves files downloaded with wget for later inspection
  • Trickery; ssh pretends to connect somewhere, exit doesn’t really exit, etc

You can add Kippo-Graph to have 24 charts, including top 10 passwords, top 10 usernames, top 10 username/password combos, success ratio, connections per IP, connections per country, probes per day, probes per week, ssh clients, top 10 overall input, top 10 successful input, top 10 failed input and many more. There are also geolocation data extracted and displayed with Google visualization technology using a Google Map, a Intensity Map, etc. Lastly, input-related data and statistics are also presented giving an overview of the action inside the system.

You can download the latest release by following this link.

Share

BSOD after Windows patch Tuesday

April 14th, 2013 Mourad Ben Lakhoua

Microsoft alerted about an issue in the security update detected after installing KB2823324, the bulletin MS13-036 comes to fix several  vulnerabilities but after installing the patch some users were not able to normally boot the operating system. According to Microsoft blog post:

"We are aware that some of our customers may be experiencing difficulties after applying security update 2823324, which we provided in security bulletin MS13-036 on Tuesday, April 9. We’ve determined that the update, when paired with certain third-party software, can cause system errors. As a precaution, we stopped pushing 2823324 as an update when we began investigating the error reports, and have since removed it from the download center.

Contrary to some reports, the system errors do not result in any data loss nor affect all Windows customers. However, all customers should follow the guidance that we have provided in KB2839011 to uninstall security update 2823324 if it is already installed."

screen

on the other hand after downloading the update KB2823324, with Kaspersky Anti-Virus for Windows Workstations and Kaspersky Anti-Virus for Windows Servers 6.0.4.1424 and 6.0.4.1611 there are also an error message displayed, which states that software license for the AV is invalid . As a result, some components of the anti-virus have stopped working.

Microsoft developers have initiated an internal investigation, and at the time to determine the causes of errors that have disabled all references to the update. In addition, the bulletin MS13-036 was removed from MSFT automatic updates to prevent this problems.

All users are recommended to block the 2823324 security update or uninstall it if it is already present. you can read Microsoft announcement on the following  link.

Share

Microsoft patches IE Pwn2Own bug

April 7th, 2013 Mourad Ben Lakhoua

Microsoft announced as part of the traditional Patch Tuesday that it will release nine security bulletins. Two of them are considered critical and the first one is issued to fix vulnerabilities revealed at the last Pwn2Own hacking contest.

Multiple browsers were subject to attacks during CanSecWest March 2013. Google Chrome, Firefox and Internet Explorer. Vupen announced also two vulnerabilities using a tablet Surface Pro on the latest OS from Microsoft. Remaining bulletins are important and comes to fix vulnerabilities in Windows server, Office InfoPath 2010, and Web Apps 2010 Service Pack 1, as well as in server software such as Groove Server and SharePoint.

Most vulnerabilities allow attacker to elevate their privileges and launch denial-of-service attacks while security bugs affecting Microsoft Office and Microsoft Server Software allows information disclosure attack.

If you are using Microsoft based system make sure to review next patch Tuesday advance notification to prepare your infrastructure and plan how you will patch and restart affected software’s.

Share

PostgreSQL to release a highly critical Security fix

March 31st, 2013 Mourad Ben Lakhoua

The PostgreSQL Global Development Group will be releasing a new security update for all versions on Thursday April 4th, 2013. This release will include a fix for a high-exposure security vulnerability and all users are strongly urged to apply the update as soon as it is available.

The core committee for PostgreSQL have decided lock down access to database’s repositories to make this update secret without disclosing information as the vulnerability may allow database servers being exposed to attackers. Developers have also revealed that the lock down is only temporary and during this phase committers will have access to the repositories. The reason for the lockdown is to ensure that malicious users don’t work out an exploit by monitoring the changes to the source code while it is being implemented to fix the flaw.

To apply the update you only require installation of packages and a database system restart. You do not need to dump/restore or use pg_upgrade for this update release. Make sure to read the patch release and prepare your system to the next update.

 

Share
« Older Entries
Powered by WordPress | Designed by: Best SUV | Thanks to Toyota SUV, Ford SUV and Best Truck