Image via Wikipedia

Back Track Dev team has finally announced public availability of  BackTrack 5, code named “revolution”.

BackTrack 5 has been built from scratch, and boasts several major improvements over all previous releases and its based on Ubuntu Lucid LTS  and uses  Linux Kernel 2.6.38 patched with all relevant wireless injection patches.

You can grab your copy from (available as a torrent download) – http://www.backtrack-linux.org/downloads/

BackTrack project is majorly sponsored and developed by Offensive Security.

Around a month back Infosec Resources compiled a post with nice set of tools and tactics to exploit OWASP top 10 vulnerabilities

Following is a risk and tool matrix.

The article is a good reference point for someone looking forward for web application testing on the lines of OWASP

Full article can be found here:

http://resources.infosecinstitute.com/owasp-top-10-tools-and-tactics/

There’s another interesting article by Rakkhi Samarasekera which deals with mitigating OWASP top 10 without touching any code.

This might be useful for many legacy apps

http://www.rakkhis.com/2011/03/mitigating-owasp-top-10-without-any.html

Image via Wikipedia

yInjector is a MySQL Injection penetration tool, created by Giovanni ‘Osirys‘ Buzzin.

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input i s either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. (Wikipedia)

Features:

Main Feature

• GET and POST request
• Proxy Support
• Log Report option avaiable

Exploitation Methods

• Columns number finder
• Database dump, SQL Injection must be provided
• Advanced and Automated Exploitation : finds the SQL Injection to provide a Shell Assistant

Shell Assistant features

• Multiple data from all DB extraction
• MySQL Command line (SELECT)
• md5 hash cracker assistant
• Remote Command Execution via SQL Injection

Video:  yInjector – SQL Injection Penetration Tool

More Information: http://y-osirys.com/softwares/

The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.

Samhain been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host.

Samhain is an open-source multiplatform application for POSIX systems (Unix, Linux, Cygwin/Windows).

If you want to know more about SAMHAIN, see the Documentation.

Details:

Version 2.8.3a   samhain-current.tar.gz
MD5 checksum     9885c093ab7e8d63be9ed6aaedf28138

Version 2.8.3

• Samhain now runs lstat/stat system calls in a subprocess to avoid getting blocked by hanging NFS mounts. This feature can be switched off via the new option ‘AvoidBlock = false’ in the Misc section of the configuration file.
• A Windows/Cygwin compile error has been fixed.
• Some issues with the networking code have been fixed.
• Minor code cleanup.

Website: http://la-samhna.de/samhain

FacebookPasswordDecryptor is the FREE software to instantly recover stored Facebook account passwords stored by popular web browsers and messengers. Most of the applications store the Login passwords to prevent hassle of entering the password everytime. Often these applications use their own proprietary encryption mechanism to store the login passwords including Facebook account passwords. FacebookPasswordDecryptor automatically crawls through each of these applications and instantly recovers the encrypted Facebook account password.

It presents both GUI interface as well as command line version, the later is more helpful for Penetration testers. Apart from normal users who can use it to recover their lost password, it can come in handy for Forensic Folks.

Currently it supports Faceboook password recovery from following applications

• Internet Explorer
• Firefox
• Google Chrome
• Opera Browser
• Apple Safari
• Flock Browser
• Paltalk Messenger
• Miranda Messenger

Though it is primarily designed to recover one’s lost password it can be very useful in many ways. For example in cases where you have to hand over your laptop to some one else, you can run FacebookPasswordDecryptor and remove any password from all the stored applications.

It is also possbile for this tool to be misused by spywares and dark guys to get hold of your secret Facebook passwords after compromising your system. Facebook being most popular, it is one of the most targeted account by spywares/trojans. To protect against such threats it is adivsed to set up master password wherever it is possible. For example in Firefox you can protect your saved passwords with master password. As not all applications have such kind of protection mechanism, it is not good idea to store the passwords in every application. Also in the event of spyware infection or insider attack you are advised to immediately change your important passwords before anything else.

It can happen to anybody either you are normal user or security expert. Like what happened to our Rohit but good thing is that he was able to discover the attack while it was happening and changed all his 83 passwords !

FacebookPasswordDecryptor comes with Portable edition as well as with integrated Installer. Portable version allows you to run it directly from USB or other portable devices without installing it on the system. It works on wide range of platforms starting from Windows XP to latest operating system Windows 7.

For more details and to download this free tool, visit FacebookPasswordDecryptor !

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs.

Fuzzing

• Sulley: fuzzer development and fuzz testing framework consisting of multiple extensible components
• Peach Fuzzing Platform: extensible fuzzing framework for generation and mutation based fuzzing
• antiparser: fuzz testing and fault injection API
• TAOF, including ProxyFuzz, a man-in-the-middle non-deterministic network fuzzer
• untidy: general purpose XML fuzzer
• Powerfuzzer: highly automated and fully customizable web fuzzer (HTTP protocol based application fuzzer)
• FileP: file fuzzer. Generates mutated files from a list of source files and feeds them to an external program in batches
• SMUDGE
• Mistress: probe file formats on the fly and protocols with malformed data, based on pre-defined patterns
• Fuzzbox: multi-codec media fuzzer
• Forensic Fuzzing Tools: generate fuzzed files, fuzzed file systems, and file systems containing fuzzed files in order to test the robustness of forensics tools and examination systems
• Windows IPC Fuzzing Tools: tools used to fuzz applications that use Windows Interprocess Communication mechanisms
• WSBang: perform automated security testing of SOAP based web services
• Construct: library for parsing and building of data structures (binary or textual). Define your data structures in a declarative manner
• fuzzer.py (feliam): simple fuzzer by Felipe Andres anzano

More information: here

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs.

Debugging and reverse engineering

• Paimei: reverse engineering framework, includes PyDBG, PIDA, pGRAPH
• Immunity Debugger: scriptable GUI and command line debugger
• IDAPython: IDA Pro plugin that integrates the Python programming language, allowing scripts to run in IDA Pro
• PyEMU: fully scriptable IA-32 emulator, useful for malware analysis
• pefile: read and work with Portable Executable (aka PE) files
• pydasm: Python interface to the libdasm x86 disassembling library
• PyDbgEng: Python wrapper for the Microsoft Windows Debugging Engine
• uhooker: intercept calls to API calls inside DLLs, and also arbitrary addresses within the executable file in memory
• diStorm64: disassembler library for AMD64, licensed under the BSD license
• python-ptrace: debugger using ptrace (Linux, BSD and Darwin system call to trace processes) written in Python

More information: here

If you are involved in vulnerability research, reverse engineering or penetration testing, I suggest to try out the Python programming language. It has a rich set of useful libraries and programs.

Network

• Scapy: send, sniff and dissect and forge network packets. Usable interactively or as a library
• pypcap, Pcapy and pylibpcap: several different Python bindings for libpcap
• libdnet: low-level networking routines, including interface lookup and Ethernet frame transmission
• dpkt: fast, simple packet creation/parsing, with definitions for the basic TCP/IP protocols
• Impacket: craft and decode network packets. Includes support for higher-level protocols such as NMB and SMB
• pynids: libnids wrapper offering sniffing, IP defragmentation, TCP stream reassembly and port scan detection
• Dirtbags py-pcap: read pcap files without libpcap
• flowgrep: grep through packet payloads using regular expressions
• httplib2: comprehensive HTTP client library that supports many features left out of other HTTP libraries

More information: here

With the rise of non signature based Malware detection tools, HBGary’s announced the release of their new product Razor.

Razor appliance uses a “virtual-machine system” that takes all files and copies them to inspect for malware by “detonating” the file copies in a sandbox to examine whether any document contains malicious content. It also watches for malicious command-and-control activity, and can automatically block further traffic associated with a malicious site.

More details – http://itnews.com/security/27901/security-firm-detonates-copies-suspicious-files-sniff-out-malware-botnet-attacks

Shim is a term used to describe an application compatibility workaround. Microsoft’s workaround used the Application Compatibility Toolkit to modify the core library of IE — a DLL, or Dynamic-Link library, named “Mshtml.dll,” that contains the rendering engine — in memory each time IE runs. The modification prevents recursive loading of a CSS, which effectively stops the existing attacks.

Source – http://www.computerworld.com/s/article/9204579/Microsoft_turns_to_creative_tactic_to_block_IE_attacks