Events: Submitted by Wade on 09-Jan-08 at 12:14am
Pentestmonkey has a great tool called php-reverse-shell. It is for elevation from web server (PHP) upload access to a reverse bindshell. The script will open an outbound TCP connection from the webserver to a host and port of your choice.
Events: Submitted by Wade on 06-Nov-07 at 09:42am
Josh Abraham has added BeEF to BackTrack3. He has also created a tutorial with some of the basic functionality.
New password cracking tool Dnetj and updates to John The Ripper MPI
Events: Submitted by John on 08-Aug-07 at 05:51pm
For those people wanting to crack password hashes, there is a minor update (john-1.7.2-mpi5) to the MPI cluster patch for John The Ripper available Here as well as a completely new tool called Dnetj which is available Here
Dnetj is a client/server wrapper around John The Ripper that allows the use of a central server and any number of cracking nodes, in much the same way setiathome or distributed.net works.
The server loads a set of password hashes, and splits the available keyspace into "work units" of a configurable size. The clients connect and retrieve the hashes, as well as a set of work units to process. Once a client has processed some work units, it connects back to the server to submit the completed units as well as any passwords which have been cracked.
This is a very early release, and although functional there could well be bugs.
Security: Submitted by John on 20-Apr-07 at 10:40pm
A new version of John The Ripper MPI (mpi4) is now available in the tools section...
This version includes:
Support for MacOSX/Intel, this support requires SSE2, as does MacOS itself.
Support for runtime status updates (send a SIGHUP to the running john processes).
Several minor bugfixes
Inter-protocol Exploitation and Communication papers
Security: Submitted by Wade on 19-Apr-07 at 02:04pm
Two papers are now available that demonstrate inter-protocol security issues - Inter-protocol Communication and Inter-protocol Exploitation. Among other things they show the practicality of encapsulating exploit code in one protocol to compromise a program which uses a different protocol.
An example is provided that shows how a web browser can launch a MetaSploit type exploit to own an Asterisk server. Of course, this raises concerns over the (in)effectiveness of firewalls against this attack.
Events: Submitted by Wade on 19-Mar-07 at 10:16am
The new version of BeEF has been released. BeEF 0.3.1.6 has new modules employing cutting edge exploitation techiques. It is the first framework/tool that can perform Inter-Protocol Communication and Inter-Protocol Exploitation. It can reach behind hardened firewalls and IDSs to launch ported exploits at arbitrary servers.
Konqueror DoS Via JavaScript Read Of FTP Iframe
Security: Submitted by Mark on 04-Mar-07 at 07:48pm
This Konqueror crash is a spin-off finding from the FTP PASV paper.
Manipulating FTP Clients Using The PASV Command Paper
Security: Submitted by Mark on 04-Mar-07 at 07:46pm
A common implementation flaw in FTP clients allows FTP servers to cause clients to connect to other hosts. This seemly small vulnerability has some interesting consequences for web browser security.
This paper discusses how the flaw affects Firefox, Opera and Konqueror.
Advanced Cross-site Scipting Virus Paper
Security: Submitted by Wade on 30-Jan-07 at 11:34am
This paper explores the real potential of the web being infected with a cross-site scripting virus that autonomously searches for, and employs, new vulnerabilities for propagation.