Yet Another HeartBleed.

This Heartbleed Information Disclosure Vulnerability has pretty much been covered all over the internet today (8th April 2014).  As a one-page-stop summary, please read below: An online site exists to check vulnerabilities: http://filippo.io/Heartbleed/ Source Code available at: https://github.com/FiloSottile/Heartbleed A python script (thats much better): http://s3.jspenguin.org/ssltest.py A second version of above code with STARTTLS Support: https://gist.github.com/takeshixx/10107280 A good breakout of why the bug exists is here: http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html Watching twitter has been entertaining, login.yahoo.com has been leaking user…

Telephony Hacking and Fraud | Securing Telephony Systems

Telephony Fraud Telephony Hacking and Fraud is once again on the rise.  Phone Phreaking was common between the 60’s and 90’s; it allowed Phreakers to place free calls and access Remote Dial-In computers; from there they would add voicemail boxes, snoop on phone lines, add call forwarding etc. Phreaking once again is emerging with modern technology (VOIP, SIP, IAX etc).  Just like open web-services, that allow public internet users to…

SNMP – The Missing MIB

Introduction Many users of SNMP Network Management Tools / Penetration Test Tools, may find that recent versions of software including the popular SNMPwalk appear to be missing MIBs, or that previously available information is now mysterious missing.  This is more prominent on Debian or Ubuntu based systems (any system that compiles from source like Gentoo , appear unaffected).  This is additionally important for Penetration Tester Professionals that have an exam…

Domain Password Audits | InteliSecure

Background With Anti-Virus technology continuing to block auditing/hacking tools like pwdump/fgdump, the ability to audit passwords on a domain is starting to increase in difficultly.  In a series of recent audits it has been challenging to extract the domain hashes, and upon using familiar common tools like pwdump the Windows Security Accounts Manager (SAM); surprisingly only reveals two accounts, where we would expect a long list of domain hashes. Example Output: Administrator:500:3CED43EE2B6F79553F211111D2509C89:2A39F8C2138329F953111D035C1E99AB::: Guest:501:C5C111117DB4E3E7C1E86A266265BCA9:F6B11111D3531AA18821F8B087AE2610::: These…

Fun with System() and I/O Redirection…

Hey, I have seen a few wargame levels now that require you to do funky stuff with IO redirection and thought it would make an interesting blog post. For more information about IO redirection please see: BASH: IO Redirection I don’t know whether you’re familiar with the late Unreal IRCd source being backdoored? More information can be found here: Unreal IRCd Backdoor Well the hackers had placed a system() function…

TRACE, OPTIONS and others HTTP Verbs | InteliSecure

Hi!! Another post here after a some time… I’m really busy at work right now but I also need these small breaks to carry out my own testing and share a bit of what we learn here at Pentura. I want to write today about the TRACE, OPTIONS and others HTTP verbs. Sometimes in reports we can see that they discovered the TRACE verb active in our server. How they…

HOWTO: Using MBSA remotely

When it comes to performing a security assessment of Windows servers (SQL, ISA, IIS etc), the Microsoft Baseline Security Analyzer (MBSA) tool provides a good idea of the key security settings implemented on the Windows server being audited.   MBSA v2.1 One drawback though is MBSA v2.1 needs admin privileges on the remote Window server and offers no way of specifying alternate admin credentials in its GUI…what if you’re MBSA client…