Tools
Enter Google Chrome…
Google have thrown their hat in the browser-ring, which many have predicted. [Chrome] should be coming soon to downloads near u.
It’s based on [webkit], which you might [recall] was impressive in many ways.. It has a few other interesting promises, like a brand new javascript engine [which sounds like an excellent target for future hackery] and a simple but sweet isolation concept [tabs are independent processes].
Like anything released from google, people expect it to change the world (now thats some heavy expectation-anxiety) but if nothing else it will be interesting to watch. Their comic intro is fairly comprehensive, and mixes healthy amounts of “eureka” with “this is still a hard problem“.
BlackHat/DefCon 2008 – Tool Release(s)
Hey guys..
Our BlackHat/Defcon talk this year featured a few tools that we promised to release.. The first tool, or set of tools is reDuh which can be found [here]. reDuh is made up of 2 parts, a local proxy and a server component (which is jsp, php or asp). If you run the local proxy on your machine while pointing it to the server component, you are able to make TCP connections clean through the web-server. This comes in surprisingly helpful (and if nothing else is really cute!). You can read more about reDuh (with pretty pictures) by checking out the [reduh page] or by checking out our [Vegas slides].
BlackHat / DefCon 2008….
Hey guys..
Most of our BlackHat/Defcon team has arrived back home in one piece.. I landed with a fever and a lost voice (but to be honest i already caught something while in Vegas!)
We will post some post-Vegas thoughts as soon as the dust settles, but i also promised:
The slides from our talk The tools we released… A link to the slides is here: [Pushing a Camel through the eye of a Needle]
Crowbar 0.941
Quick update on your favourite brute forcer… The file input “MS EOF char” issue has been resolved, and provision has been made for blank passwords too. The above mentioned error meant that Crowbar incorrectly used EOF characters on *nix based files.
Regarding the blank passwords, simply include the word “[blank]” (without the “”) in your brute force file and crowbar will test for blank usernames/passwords as well.
For those of you that don’t know, Crowbar is a generic brute force tool used for web applications. It’s free, it’s light-weight, it’s fast, it’s kewl :>
DNS Tunnels (RE-REDUX)
On a recent assessment we came across the following scenario:
1) We have command execution through a web command interpreter script (cmd.jsp) on a remote Linux webserver
2) The box is firewalled only allowing 53 UDP ingress and egress
3) The box is sitting on the network perimeter, with one public IP and one internal IP, and not in a DMZ
So we want to tunnel from the SensePost offices to Target Company’s internal machines, with this pretty restrictive setup. How did we accomplish this?
Locating other sites on a virtually hosted box..
So everyone uses the live search engine with a ip: when trying to locate virtual hosts.
I used domaintools in the past with good results, till they went fully pay-per-use.
Checkout Reverse IP Domain Check , The 2 ips i’ve tested it on, gave reasonable results and at a great price!
WebScarab-NG HTTP Mangler Functionality
H said that there is a tool that will do the HTTP Mangler functionality out of the box.
So here goes. WebScarab-NG is the tool that will do the trick. First we select the feature that will allow us to setup the proxy listener as seen in the image below.
Then we need to configure the proxy listener to the ports etc we need as seen below.
Horses and DNS BruteForcing..
Old timers here will know about the concept of bruteforcing DNS using the clues available..
i.e. zone transfers disabled, but u see that the NS and MX servers are called gandalf.company.com and elrond.company.com. Effectively trying frodo.company.com is going to make good sense..
To this end BidiBlah will do this automagically for u and tries to eek out info.. (a little while back i saw fierce-scanner pop up in a similar vein!)
Open source (and lightning fast) Safari ?
While im into posting mac-links.. Check out [Webkit]
A little while back i mentioned not understanding why anyone would run a closed source browser while a decent open source version existed.. Then i was forced to use Safari while doing some testing, and was impressed by its snappiness.. it impressed me more when it didnt flinch at me opening ans surfing thousands of tabs.. blergh.. suddenly my firefox was losing its sheen!
Tooble for the win.. piracy++ ??
For those of you who have not yet tried it, check out Tooble. Its a point and click tool that lets you download videos from the youtube.. its pretty cool and allows u to pull/convert videos pretty trivially.. [for all my “dont do piracy” holier than thou-ness, i now have to wondr if pulling a google-tech-talk, which doesnt have a download link (i.e. the authors did not want us to download it) is any different to pandas cat internet > home_nas behaviour..)