Tools
Strange Entries in your wbeserver logs, Wikto and questions about our Gender!
Over the past while we have been getting emails from people trying to figure out why they had entries like this in their http log files: 10.10.1.136 – – [32/Dec/2007:25:61:07 +0200] “GET //admin/dat_Gareth_at_sensepost_hackslikeagirl_.asp HTTP/1.1” 404 – Recently a concerned Wikto user figured out that this was linked to him using Wikto (our Win32 Nikto Replacement + Directory / File / Back-End Miner). A snippet from his email read: -snip- I…
Wikto 2 Bugfix
A seasonal Wikto version was released on the 22nd (Version 2.0.2911-20215) which has an issue with the web spider funtionality. HTTPS requests are being made in plain text, and this obviously means that attempts to spider such sites will not work. A bug fix for this is available from www.sensepost.com Thanks to Mark Murdock for the heads up.
Wikto Updates
A new version of Wikto is also available, which provides a more reliable web spider and also includes some minor bugfixes. More details regarding Wikto are available at http://www.sensepost.com/research/wikto
Suru Version 2.0
We are pleased to announce the release of Suru version 2.0, our MITM proxy. Suru has now been rewritten to work with the .Net 2 runtime environment and includes all the features of the original 1.x stream, as well as numbers of enhancements and upgrades. Features which have been added since the last 1.1 stable release include the following: Upstream proxy support Response timing for timing-based attacks Highlighting of search…
Introducing Hex-Rays…
These days its almost impossible to read a book on security or vuln-dev without a gratuitous IDA-Pro screenshot. IDA has proven itself so valuable at reversing that its near impossible to find texts that fail to mention it. (Even ancient texts from fravia and woodman will make reference to it). Well.. for a long long time people have wondered why ilfak (ida’s main author) didnt get into the point and…
Alas.. i could have made squillions (aka – Amazon MTURK)
In early 2002 i suggested that we could solve some computer problems and south africas street-kid problem by setting up a network of street=kids with basic education to handle tasks computers still struggled with. At the time we were concerned with low-false positive, agentless remote detection of defaced web-sites, but also ran into the idea when we first built e-or, our early web application scanner. I suspect i didnt broach…
BMC Video on DTrace..
BMC did his 90 minute engedu talk on DTrace at google to show some of its coolness (and from the looks of things to help get a Linux port going). DTrace looks awesome for system instrumentation (like strace on steroids)(although limiting it like that does it no justice at all). From the DTrace Page: “DTrace is a comprehensive dynamic tracing framework for the Solaris Operating Environment. DTrace provides a powerful…
Core Release Pass the Hash Toolkit..
Hernan Ochoa from Core has released the Pass the Hash Toolkit which is very cool.. It basically means that you dont have to bother cracking a password on a taken machine anymore, you can simply use his iam.exe to associate the captured hash with your current session.. Its accompanying whoisthere.exe means you can grab hashes easily and the fact that its all released with source means you should be able…
F(inally)ull Release of BlackHat-Defcon Timing Stuff..
The slides | tool | paper from BlackHat07/DefCon07 have been posted online for your wget’ing pleasure. More details on squeeza (the tool) can be found on the squeeza page, but in a nutshell is a sql injection tool that uses Metasploits concept of splitting exploit/payloads/etc with SQL Injection attacks. Current modules are written for MS-SQL server but include functionality for (user defined sql queries, some db schema enumeration, command execution,…
Squeeza: The SQL Injection Future?
During our talk we demo’d squeeza.. We will link to the slides and .ppt as soon as we can, but have been getting a few requests already for the code, so here it is.. For those who missed the talk, squeeza is a SQL Injection tool, that once given an entry point can simply a bunch of things. Its the first tool i know of that facilitates full binary file…