usefulfor.com/security security dojo

9Jul/080

middleware and me (part 2)

hack-fu by: rux0r

In the last article (middleware and me (part-1)) we looked at the concept of Middleware security and why it is often a neglected area. In this article we are moving on to look in detail at the security features that can be employed to protect this type of software. For the purposes of these discussions we are going to be focussing on the IBM Websphere MQ product, hopefully in the future I will be able to contrast these discussions against the security controls employed by a number of other messaging technologies.

Popularity: 13% [?]

Filed under: hack-fu Continue reading
24Jun/080

Grabbing LM challenges with an ettercap filter

hack-fu by: bob So... this is an amalgamtion of several ideas and bits of work I've found floating around that I put together. The result is a handy pentesting/pwnage technique. The following blog that kicked this idea off discusses a modified Metasploit exploit module called smb_server.pm by Kurt Grutzmacher: NTLMv1, Metasploit and You. Around the same time I'd been playing with some ettercap filters, based on the below work at Irongeek: Fun with Ettercap Filters. These two sparked something and gave me a use of those huge LMHALFCHALLENGE rainbow tables I'd downloaded.

Popularity: 16% [?]

Filed under: Networking, Windows, hack-fu Continue reading
13Jun/080

dradis v1.2 – now with one-click installer

dradis Windows one-click installer icon
In adition to the changes released on the 4th of April, yesterday we released a Windows one-click installer for dradis.

The summary of the features of the v1.2 release:

  • in the client:
    • export to XML module is now part of the standard module set.
    • a new implementation of the command line parser: now it is possible to use single and double quotes to pass multi-word arguments to the different commands.
    • fixed the window.rb:159 bug.
  • in the server:
    • a slightly less annoying implementation of the web interface auto refresh functionality.
    • the services added through the web interface can have a name now :)
    • simple prevention against embedded XSS.

You can also download the platform-independent ruby source in the download section of the site.

dradis banner. click to go to dradis home

Popularity: 12% [?]

Filed under: Tools No Comments
6May/080

middleware and me (part 1)

hack-fu by: rux0r

This post is the first in a series on the subject of enterprise messaging and in particular on IBM's flavour of it. The objective of these posts will be to remove some of the confusion about its purpose, the technologies and the methods of securing it. Hopefully this will help both security testers and other interested parties to feel confident about this important area of IT security.

Popularity: 13% [?]

Filed under: hack-fu Continue reading
24Apr/080

National Rail Live Enquiries Departure Board Gadget – Script Injection Vulnerability

Windows Vista includes the “Windows Sidebar”. This new feature allows users to display ‘gadgets’ on the sidebar and on the Windows desktop. Gadgets are small applications containing HTML, XML and JavaScript.

The National Rail Live Departure Board Sidebar gadget provides users with the ability to view real time train departure boards for all main railway stations in the UK. The gadget allows users to choose a “Start Station” and a “Destination Station” in order to provide them with the most up to date live departure information for their chosen trip. The gadget requests this information from a web server, which responds to the gadget with live departure board information for the user’s chosen rail journey.

An attacker capable of intercepting the web server response to the gadget request could modify that response such that a script was injected and then run on the user’s system. The injected script would run under the privileges of the currently logged in user, allowing the remote attacker to execute commands on the target system. An attacker successfully exploiting this vulnerability could execute arbitrary commands in the context of the current logged in user.

Popularity: 100% [?]

Filed under: Advisories Continue reading
2Apr/080

Black Hat Europe 2008

Black Hat Europe brigings logo

I have just arrived from Black Hat Europe 2008 in Amsterdam (this one, not this one). It has been a cool experience, not exactly what I expected but really interesting.

Briefings were held during the 27th and 28th of March, and the presentations are available for download. If you want to see what the chef recommends just keep reading... :roll:

Popularity: 10% [?]

Filed under: Events Continue reading
10Mar/081

security advisory: Elastic Path Unrestricted Filesystem Access

Elastic Path is a popular Java e-commerce platform for building online stores and shopping carts. Elastic Path consists of both a shopping front end where customers can browse and choose the products and a managing backend for administration purposes.

Users of the administrative interface can be granted different levels of access. Research revealed that users with upload/download privileges could abuse them to gain access to arbitrary files in the remote system (read the security advisory - mirror #1, mirror #2).

update: a link to the patch is available in Elastic Path Developer's site (thanks to d-dub).
update: this vulnerability has been assigned the following CVE number: CVE-2008-1606.

Popularity: 14% [?]

Filed under: Advisories Continue reading
7Mar/080

dradis v1.1 is out

A new version of dradis, the information sharing tool for security teams, was released on the 29th of February. Some major changes were introduced from the first release back on December:-

  • New client GUI that runs in Linux, Windows and Mac OS (screenshots).
  • New web interface.
  • Improved step-by-step installation instructions.
  • New contributed modules:
    • Export your Knowledge Base to an XML file.
    • run nmap from dradis and store the results in the knowledge base.

If you want to give it a try, go to the download page. And please let me know any thoughts or feedback (remember that you can use the dradis development mailing list: dradis-devel).

Popularity: 6% [?]

Filed under: Tools Continue reading
22Feb/080

security quiz: input validation bypass

From The Web Application Hackers Handbook a quick quiz:

An input validation mechanism designed to block cross-site scripting attacks performs the following sequence of steps on an item of input:

1.- strip any <script> expressions that appear
2.- truncate the input to 50 characters
3.- remove any quotation marks within the input
4.- url-decode the input
5.- if any items were deleted, return to step 1

how would you bypass it?

Popularity: 8% [?]

Filed under: Webapp security, hack-fu No Comments
7Feb/080

ITN News Gadget – Script Injection Vulnerability

Windows Vista includes the “Windows Sidebar”. This new feature allows users to display ‘gadgets’ on the sidebar and on the Windows desktop. Gadgets are small applications containing HTML, XML and JavaScript.

The ITN News Sidebar gadget provides users with the ability to view the latest world, money, sports, showbiz and weather news. Allowing users to read and watch videos news on the flyout panel. These information is requested by the ITN News gadget from a web server, which responds to the gadget with the latest news stories. An attacker capable of intercepting the web server response to the gadget request could modify that response such that a script was injected and then run on the user’s system. The injected script would run under the privileges of the currently logged in user.

Popularity: 5% [?]

Filed under: Advisories Continue reading
« Newer Entries Older Entries »

Popular Posts

Categories

Archive