SNMPPLUX

InteliSecure continually develops new tools and scripts to improve the effectiveness of the team. One such tool called SNMPPLUX is an offshoot of a larger development project (ORR). SNMPPLUX is a USM compliant SNMPv1, SNMPv2c and SNMPv3 authentication scanner powered by pysnmp, re, sys, getopt, array, time and multiprocessing python modules. As well as providing SNMPv1 and v2c community dictionary attacks is will also provide username and password dictionary attacks…

Exploiting Same Origin Method Execution Vulnerabilities

Recently it came to my attention that it was possible to abuse JSONP callbacks using a vulnerability known as SOME – Same Origin Method Execution which can be used by an attacker to widely abuse a user’s trust between the web application and the intended flow of execution. For example, using the SOME attack it is possible for an attacker to trick a user to visiting a malicious web-page which…

[IRCCloud] History and Another XSS Bug Bounty

Personally, I have been a user of IRC since 2004 on some private networks and some other well-known ones such as Freenode. However, it was always inconvenient to have to set up an IRC Bouncer, so when IRCCloud came around, I was excited to try it and see if it provided me with a method of staying connected to all the required networks without having to download a new client…

[IRCCloud] Inadequate input validation on API endpoint leading to self denial of service and increased system load

So as you do, I was just looking around, manually fuzzing some Web Sockets requests, seeing if I could get any sort of XSS, Remote IRC Command Injection or SQLi mainly – ended up that I didn’t find much there that worse worth noting. So I started seeing if their logic was all alright, so one of their requests looked similar to: {“_reqid”:1234, “cid”:5678, “to”: “#treehouse”, “msg”:”test”, “method”:”say”} I thought,…

Most businesses do not understand data breach risks

Research by HP has uncovered a lack of understanding among businesses of the risks associated with data breaches. More than 70% of US and UK executives surveyed by the Ponemon Institute said that their organisation does not understand fully the dangers of breaches, while less than half of top executives and board members are kept informed about the response process. The 2014 Executive Breach Preparedness Research Report was designed to…

Shell Shock Rapid 7 Threatsweeper

By now, you may have heard about CVE-2014-6271, also known as the “bash bug“, or even “Shell Shock”, that may affect your organisation. It’s rated the maximum CVSS score of 10 for impact and ease of exploitability. The affected software, Bash (the Bourne Again SHell), is present on most Linux, BSD, and Unix-like systems, including Mac OS X. New packages were released today, but further investigation made it clear that the patched version…

Chat Forums Latest Method of Attack for Hackers | InteliSecure

Reports surfaced this week that Amazon’s Twitch.TV gaming site had been hit by a malware attack that targeted chat forums to access user’s machines.  Hackers were found to be sending phishing messages across the site’s chat forums, which lured users with offers of raffle prizes, then drops a malicious Windows binary file on anyone who replies with their name and email address. The news presents an interesting twist on traditional…

Gmail Flaw Highlights Mobile App Risks

Researchers at the University of California’s College of Engineering and the University of Michigan have identified a weakness in Gmail’s mobile application that could allow malicious third party apps to obtain personal information from users’ email accounts. Researchers found that 92 percent of Gmail accounts, and around 82 per cent of the several apps they tested, can be cracked using the memory interrogation technique. While this is an alarmingly high…

Documentum DQL Injection / ESA-2014-046 | InteliSecure

Before naming your vulnerabilities became cool (Heartbleed anyone?) I discovered an issue on the EMC Documentum software and internally called it injeception”. Now that naming your vulnerability is so mainstream I will just call it ESA-2014-046 (that, surprisingly, matches with the name used by the vendor!) But why that name? Well, it’s 2014 and they have released other 45 vulner…. Oh, you mean the injeception? Well, because if you do…

Size Doesn’t Matter to Cyber-Attackers

A new report released by Damballa this week revealed that the average enterprise will have 18.5% of machines infected with malware, with the figure unchanged across larger and smaller organisations. While the report focussed on enterprise sized businesses it is safe to say malware has no concept of business size, it merely seeks out vulnerabilities and exploits them, meaning any organisation that stores data is a potential target. This means…