how to install backtrack 5 R3 on a encrypted hdd and get it working with the latest tools
First of all this is not my work an I will try to mention every source. This is based on one post of Kevin over at www.infosecramblings.com and one of sirwolfgang from disillusion.us
Second, I now Kali is out but I'm just waiting for a more mature project as the dist has a lot of bugs.
This tutorial is for the a 32 bit install but if you have an IQ grater than 60 I'm sure you'll mange to adapt. Also please check the versions downloaded with wget are the latest.
DefCamp 2012 – Romania Bucharest
What?
DefCamp 2012. Second edition of the Romanian conference dedicated to IT Security or as the organizers declare, in-security. The idea of DefCamp came out in March 2011, after some informal discussions between more computer security addicts from Romania, passionate about various INFOSEC topics.
When?
Friday, November 30, 2012 at 9:00 AM - Sunday, December 2, 2012 at 6:00 PM (PST) Bucharest, Romania. 44.441682,26.059049 to be more precisely. https://plus.google.com/109940733198368750319/about?gl=ro&hl=ro
Who?
Unlike the first edition of DefCamp where mostly Romanian underground security specialists enthusiasts were present this year the event is backedup by KPMG Romania.
And I really have to mention the following:
- Jim Manico, VP of Security Architecture at WhiteHat Security and VP OWASP with over 16 years of experience in IT security
- Andras Kabai, Senior IT Security Specialist at Deloitte
- Marian Ventuneac, Security Architect at Genworth Financial and Founder OWASP Ireland-Limerick Chapter
- Alexandru Bălan, Chief Security Researcher at Bitdefender
- Adrian Furtună, Security Consultant at KPMG România and international speaker at IT security conferences
- Bogdan Alecu, System Administrator and international speaker at IT security conferences
Some of the topics discussed will be: 0days, captcha breaking, digipass bypass, mobile security, android malware, DDOS, networking, P2P networks, D&D APT’s, social engineering and baking muffins.
Why?
If grey-hat, black-hat, blue-hat or white-hat means more to you then fashion, you should join. There will be security workshops, forensic, cracking, hacking and polo contests. Also it is very important that you keep up with the latest topics in this very dincamic field.
Another reason to join is helping this event to become the best running hacker convention around Eastern Europe.
Official website: http://www.defcamp.ro/
Official Facebook page: http://www.facebook.com/pages/DefCamp/116250668472724
And: http://www.worldit.info/articole/defcamp-2012-bucuresti-un-eveniment-hipnotizant-tu-ai-vazut-prezentarile/
Buy your ticket here: http://defcamp2012-es2.eventbrite.com/?rank=1#
snuck automatic XSS filter bypass
snuck is an automated tool that may definitely help in finding XSS vulnerabilities in web applications. It is based on Selenium and supports Mozilla Firefox, Google Chrome and Internet Explorer. The approach, it adopts, is based on the inspection of the injection's reflection context and relies on a set of specialized and obfuscated attack vectors for filter evasion. In addition, XSS testing is performed in-browser, a real web browser is driven for reproducing the attacker's behavior and possibly the victim's.
Description
snuck is quite different from typical web security scanners, it basically tries to break a given XSS filter by specializing the injections in order to increase the success rate. The attack vectors are selected on the basis of the reflection context, that is the exact point where the injection falls in the reflection web page's DOM. Having access to the pages' DOM is possible through Selenium Web Driver, which is an automation framework, that allows to replicate operations in web browsers. Since many steps could be involved before an XSS filter is "activated", an XML configuration file should be filled in order to make snuck aware of the steps it needs to perform with respect to the tested web application. Practically speaking, the approach is similar to the iSTAR's one, but it focuses on one particular XSS filter.
Download here
IronWASP – Iron Web application Advanced Security testing Platform
IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool’s features are simple enough to be used by absolute beginners.
Learn more about it here | Download from here
Passive Plug-ins
- Analyzes all traffic going through the tool
- Can also modify the traffic
- Identifies vulnerabilities passively
Eg: Passwords sent over clear-text, Http-Only /Secure flag missing in cookies
Active Plug-ins
- Performs scans against the target to
- identify vulnerabilities
- Executed only when the user explicitly
- calls them
- Fine-grained scanning support
Eg: Cross-site Scripting, SQL Injection
IronWASP performs Taint Analysis forDOM based XSS, identifies Sources and Sinks and traces them through the code. Also custom Source and Sink objects can be configured.
web-sorrow – server security scanner
A perl based tool for misconfiguration, version detection, enumeration, and server information scanning. Web-Sorrow is a "safe to run" program. meaning it is not designed attempt to exploit or preform any kind of injection, DDoS/DoS, CSRF, XSS, or any harmful attacks. It's entirely focused on Enumeration and collecting Info on the target server.
CURRENT functionality:
-S - stands for standard. a set of Standard tests and includes: indexing of directories testing, banner grabbing, language detection (should be obvious), robots.txt, 200 response testing (some servers send a 200 ok for every req), and thumbs.db scanning
-auth - looks for login pages with a list of some of the most common login files and dirs and admin consoles. don't need to be very big list of URLs because what else are going to name it? notAlogin.php???
-Cp - scan with a huge list of plugins dirs. the list is a bit old (Drupal and wordpress plugins databases are now current but sorry joomla's still a bit old)
-I - searches the responses for interesting strings
-Ws - looks for web services such as hosting provider, blogging services, favicon fingerprinting, and cms version info
-Fd - look for generally things people don't want you to see. The list is generated form a TON of robot.txt so whatever it finds should be interesting.
-ninja - A light weight and undetectable scan that uses bits and peaces from other scans
-R - use http range headers to make scans faster
-Shadow - Use Google cache instead of requesting from the target host
-Sd - Bruteforce Sub Domains
-Db - Bruteforce Directories with the big dirbuster Database
-ua - use a custom UserAgent. PUT UA IN QUOTES if there's spaces
-proxy - send all http reqs via a proxy. example: 255.255.255.254:8080
-e - run all the scans in the tool
web-sorrow also has false positives checking on most of it's requests (it pretty accurate but not perfect)
EXAMPLES:
- basic: perl Wsorrow.pl -host scanme.nmap.org -S
- stealthy: perl Wsorrow.pl -host scanme.nmap.org -ninja -proxy 190.145.74.10:3128
- scan for login pages: perl Wsorrow.pl -host 192.168.1.1 -auth
- CMS intense scan: perl Wsorrow.pl -host 192.168.1.1 -Ws -Cp all -I
- most intense scan possible: perl Wsorrow.pl -host 192.168.1.1 -e
- dump http headers: perl headerDump.pl
- Check if host is alive: perl hdt.pl -host 192.168.1.1
CONTACT: @flyinpoptartcat
Enema – tool for SQL injection
Enema is not autohacking software. This is dynamic tool for people, who knows what to do.
Not supported old database versions (e. g. mysql 4.x). Development targeted to modern versions.
- Features:
- Multi-platform.
- User-friendly graphical interface.
- Multithreaded.
- Dump.
- Customise your queries
- Plugins to automate attacks
- Supported for today:
- POST, GET, Cookies
- MSSQL >=2000 and MySQL>=5.0
- Injection methods supported for today:
- Error based injection.
- Union based injection (using subquery).
- Blind Time-based MSSQL(waitfor), MySQL(sleep)
Enema is not autohacking software. This is dynamic tool for people, who knows what to do. Not supported old database versions (e. g. mysql 4.x). Development targeted to modern versions.
Download here
XCat – exploitation of XPath injection vulnerabilities
XCat is a command line program that aides in the exploitation of XPath injection vulnerabilities. It boasts a wide range of features and can utilize the more advanced features of the XPath 2.0 specification (pattern matching, unicode normilization and even http requests) or gracefully degrade to using XPath 1.0 if they are not available.
XCat is built to exploit boolean XPath injections (Where only one bit of data can be extracted in one request) and it requires you to manually identifiy the exploit first, this does not do that for you.
Features
- Exploits both GET and POST attacks
- Extracts all nodes, comments, attributes and data from the entire XML document
- Small and lightweight (only dependency is Twisted)
- Parallel requests
- XPath 2.0 supported (with graceful degrading to 1.0)
- Regex pattern matching to reduce character search space
- Unicode normalization
- Advanced data postback through HTTP (see below)
- Arbitrarily read XML files on the servers file system via the doc() function (see below)
Source here
usage: xcat.py [-h] [--method {GET,POST}] [--arg POST_ARGUMENT] [[--true TRUE_KEYWORD | --false FALSE_KEYWORD | --error ERROR_KEYWORD] [--true-code TRUE_CODE | --false-code FAIL_CODE | --error-code ERROR_CODE] [--schema-only] [--quotecharacter QUOTE_CHARACTER] [--executequery EXECUTEQUERY] [--max_search SEARCH_LIMIT] [--timeout TIMEOUT] [--stepsize STEP_SIZE] [--normalize {NFD,NFC,NFDK,NFKC}] [--xversion {1,2,auto}] [--lowercase] [--regex] [--connectback] [--connectbackip CONNECTBACK_IP] [--connectbackport CONNECTBACK_PORT] [--notfoundstring NOTFOUNDCHAR] [--fileshell] [--getcwd] [--useragent USER_AGENT] [--timeit] URL
Apache Tomcat Remote Exploit (PUT request) and Account Scanner
The modified pnscan scanner utility scans a range of IPs to find open apache tomcat servers by trying the following login access combinations:
- tomcat:tomcat
- password:password
- admin:admin
- admin:password
- admin:<nopass>
- tomcat:<nopass>
The included perl script can be used to unlock apache tomcat servers remotely by using the collected login combinations.
it will retrieve either a root or SYSTEM reverse shell depending on the operating system or the equivalent of a reverse shell as the current user tomcat is running as. the exploit might contain metasploit logic (thanks to jduck).
By Kingcope
Use this tool at your own risk. No source code review (may contain hidden shell)
httpry packet sniffer
httpry is packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the traffic as it is parsed, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications.
What can you do with it? Here's a few ideas:
- See what users on your network are requesting online
- Check for proper server configuration (or improper, as the case may be)
- Research patterns in HTTP usage
- Watch for dangerous downloaded files
- Verify the enforcement of HTTP policy on your network
- Extract HTTP statistics out of saved capture files
This release brings substantial improvements to some existing features. IPv6 parsing can now follow extension headers that are present in the captured packets. Also, the rate statistics code has been substantially overhauled to handle an arbitrary number of hosts, along with a couple of additional switches for controlling behavior. Additionally, this release adds an optional switch to specify the PID filename, which is helpful when running multiple instances of httpry on the same box.
DotDotPwn v3.0 The Directory Traversal Fuzzer
Version: DotDotPwn v3.0
Release date: 03/Feb/2012 (Release at BugCon Security Conferences 2012)
Changes / Enhancements / Features:
- -X switch that implements the Bisection Algorithm in order to detect the exact deepness once a directory traversal vulnerability has been found. - http://en.wikipedia.org/wiki/Bisection_method
- -M switch to specify another method different from the default (GET) when the http module is used.
- Other HTTP methods are [POST | HEAD | COPY | MOVE]
- -e switch to specify the file extension to be appended at the end of each fuzz string (e.g. ".php", ".jpg", ".inc")
- New dots & slashes encodings (fuzz patterns) based on: https://www.owasp.org/index.php/Canonicalization,_locale_and_Unicode and http://wikisecure.net/security/uri-encoding-to-bypass-idsips
Supported modules:
- HTTP
- HTTP URL
- FTP
- TFTP
- Payload (Protocol independent)
- STDOUT
Feel free to download this new release from the following sites:
Contact us: dotdotpwn@sectester.net
Disclaimer
Categories
- android (1)
- antivirus (1)
- backup (1)
- backup exec (2)
- bruteforce (6)
- conference (2)
- CRSF (2)
- DirectAdmin (1)
- DoS (11)
- enumeration (2)
- Fără categorie (2)
- flash (2)
- Fuzzer (2)
- games (1)
- hacking (116)
- how-to (32)
- Information gathering (2)
- lfi (3)
- linux (27)
- mobile (1)
- ms exchange (2)
- News (2)
- Phishing (1)
- php (1)
- rdp (1)
- rfi (5)
- rootkit (1)
- scripts (33)
- seo (1)
- sniff (3)
- social engineering (2)
- source code (33)
- sqli (16)
- ssh (2)
- symantec (3)
- tools (73)
- tutorials (20)
- tutorials (1)
- Uncategorized (7)
- vranger (1)
- windows (12)
- wireless (1)
- wsus (1)
- xpath (1)
- xsrf (1)
- xss (12)
