Latest ramblings of the monkey... http://pentestmonkey.net Fri, 30 Jul 2010 11:06:57 +0100 FeedCreator 1.7.2 http://pentestmonkey.net/images/M_images/mambo_rss.png http://pentestmonkey.net Latest ramblings of the monkey... http://feedproxy.google.com/~r/pentestmonkey/~3/FDTUvSr0z40/index.php I've been involved in the beta testing of Netsparker (http://www.mavitunasecurity.com/) for some time now. Now that it's publicly available (http://www.mavitunasecurity.com/pricing/), I wanted to write a brief blog post to recommend that you try it out...If you can't be bothered reading this post, make sure you at least check out the videos of Netsparker in action (http://www.mavitunasecurity.com/blog/netsparker-videos/) (particularly the bit where it gets a reverse shell from a SQL injection!). ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=140&Itemid=1 http://feedproxy.google.com/~r/pentestmonkey/~3/9Q7NOrGmk2I/index.php I recently had cause to create a proof-of-concept for a site that seemed to be vulnerable to Cross-Site Request Forgery (CSRF). I say seemed because there was no CSRF protection, but I was finding the XML POST body really hard to forge (It was a SOAP / XMLRPC type request).Eventually Sid from notsosecure.com (http://www.notsosecure.com) pointed me in the right direction. The solution is not new, but it's interesting if you've never come across this problem before. ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=139&Itemid=1 http://feedproxy.google.com/~r/pentestmonkey/~3/McVQ_hOcwXo/index.php Minor update to exploit suggester. It now suggests the (http://www.0xdeadbeef.info/exploits/raptor_libnspr) raptor (http://www.0xdeadbeef.info/exploits/raptor_libnspr2) sploits (http://www.0xdeadbeef.info/exploits/raptor_libnspr3) for Netscape Portable Runtime (http://securityfocus.com/bid/20471) vulnerability. Download it here (http://pentestmonkey.net/tools/exploit-suggester/). ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=138&Itemid=1 http://feedproxy.google.com/~r/pentestmonkey/~3/g7SvhBXdU20/index.php Version 1.1 of the Yaptest Frontend (http://pentestmonkey.net/projects/yaptest/yaptestfe-overview/) is now available. Download it here (http://pentestmonkey.net/projects/yaptest/yaptestfe-overview/). There are three main improvements to the interface:The Ports page now displays Nmap version and service information when it's available.The Windows Info page displays a list of Windows hosts along with various information about each: Domain name, whether the host is a domain controller, whether it's in a workgroup or a domain, its SID, password complexity setting and account lockout policy.The Nessus page simply display the nessus HTML report for the corresponding host. ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=137&Itemid=1 http://feedproxy.google.com/~r/pentestmonkey/~3/4RqYBvjtjzU/index.php Version 0.2.1 of yaptest (http://pentestmonkey.net/projects/yaptest/yaptest-overview/) is now available. Download it here (http://pentestmonkey.net/projects/yaptest/yaptest-installation/).This is quite a major update. The most notable improvements are support for running Nessus (http://www.nessus.org/) and/or OpenVAS (http://www.openvas.org/). At present Nessus and OpenVAS are automatically run against any open ports with Safe Checks enabled. As with any major update one or two bugs might have crept in. Please mail pentestmonkey at pentestmonkey dot net if you find anything's broken. The complete changelog is included below: ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=136&Itemid=1 http://feedproxy.google.com/~r/pentestmonkey/~3/d1iJe43L0Ec/index.php The next version of unix-privesc-check (http://pentestmonkey.net/tools/unix-privesc-check/) has just been released. Download it here (http://pentestmonkey.net/tools/unix-privesc-check/).This version checks the file permissions of SUID programs. It should catch issue like the recent Ingres privesc (http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733) where and SUID programs used a shared object file that could be modified by a non-root user. ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=135&Itemid=1 http://feedproxy.google.com/~r/pentestmonkey/~3/3YighzN6WXw/index.php Some useful syntax reminders for SQL Injection into Informix databases... ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=134&Itemid=13 http://feedproxy.google.com/~r/pentestmonkey/~3/vHLedb9JorQ/index.php I just updated unix-privesc-check (http://pentestmonkey.net/tools/unix-privesc-check/). Download it here (http://pentestmonkey.net/tools/unix-privesc-check/).This release fixes a couple of minor bugs in the reporting of cron-related issues and some problem while running under /bin/sh (as opposed to /bin/bash). ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=133&Itemid=1 http://feedproxy.google.com/~r/pentestmonkey/~3/qfcivqYFxVc/index.php I just released an important update to exploit-suggester (http://pentestmonkey.net/tools/exploit-suggester/). Download it here (http://pentestmonkey.net/tools/exploit-suggester/).It seems that showrev -p sometimes lists multiple revisions for the same patch. This caused exploit-suggester to return false-positives. ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=132&Itemid=1 http://feedproxy.google.com/~r/pentestmonkey/~3/VgxL-P4wMxs/index.php I reveived an interesting tip from Munish about how to prevent directories from being easily identified in IIS. I've updated my original post about directory enumeration (http://pentestmonkey.net/blog/direnum/) with the following info:Setting the Hidden Attribite to Hide Files in ISS Hiding directories in IIS seems to be as easy as setting the hidden attribute: cd c:\Inetpub\wwwroot attrib +h myprivatedirectory Now when an attacker browses to http://yoursite/myprivatedirectory they will get a 404 Not Found message instead of a 403 Directory Listing Denied . However, files inside the directory are still accessible (e.g.... ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=131&Itemid=1