Posted by Trancer on Mar 06 2009
 Thought Wardialing is dead? Think again. H D Moore released today a very cool new tool for telephone systems security assessments, WarVOX 1.0.0. I haven’t wardial for about 6 years or so… Mostly because it is time consuming and the software for such things is pretty old.
I can’t wait testing it in large organizations, should be a lot of fun!
The announcement:
WarVOX is a suite of tools for exploring, classifying, and auditing
telephone systems. Unlike normal wardialing tools, WarVOX works with the
actual audio from each call and does not use a modem directly. This
model allows WarVOX to find and classify a wide range of interesting
lines, including modems, faxes, voice mail boxes, PBXs, loops, dial
tones, IVRs, and forwarders. WarVOX provides the unique ability to
classify all telephone lines in a given range, not just those connected
to modems, allowing for a comprehensive audit of a telephone system.
WarVOX requires no telephony hardware and is massively scalable by
leveraging Internet-based VoIP providers. A single instance of WarVOX on
a residential broadband connection, with a typical VoIP account, can
scan over 1,000 numbers per hour. The speed of WarVOX is limited only by
downstream bandwidth and the limitations of the VoIP service. Using two
providers with over 40 concurrent lines we have been able to scan entire
10,000 number prefixes within 3 hours.
The resulting call audio can be used to extract a list of modems that
can be fed into a standard modem-based wardialing application for
fingerprinting and banner collection. One of the great things about the
WarVOX model is that once the data has been gathered, it is archived and
available for re-analysis as new signatures, plugins, and tools are
developed. The current release of WarVOX (1.0.0) is able to
automatically detect modems, faxes, silence, voice mail boxes, dial
tones, and voices.
Presentation: http://warvox.org/media/warvox-1.0.0.pdf
Gallery: http://warvox.org/gallery.html
Code: http://warvox.org/install.html
WarVOX
Have a fun time wardialing!
Categories: Tools
      
0 Comments |  Comments RSS |  TrackBack URL
Posted by Trancer on Dec 15 2008
A new version of this great local proxy tool, a penetration-testing must have weapon against web application.
From PortSwigger blog:
Burp Suite v1.2 is now available to download. This is a major upgrade with a host of new features, including:
- Site map showing information accumulated about target applications in tree and table form
- Suite-level target scope configuration, driving numerous individual tool actions
- Display filters on site map and Proxy request history
- Suite-wide search function
- Support for invisible proxying
- Fully fledged web vulnerability scanner [Pro version only]
- Ability to save and restore state [Pro version only]
The series of posts below this one describe the new features in more detail.
Many thanks to everyone who helped with the beta testing and gave me their feedback – this was much appreciated.
Have fun!
In case you missed it, PortSwigger dedicated a month of blog posts reviewing most of the new Burp Suite features – The Month of Burp Pr0n.
Get Burp Suite.
Categories: Tools
0 Comments | Comments RSS | TrackBack URL
Posted by Trancer on Nov 20 2008
Metasploit 3.2 is out!
From the news:
the Metasploit Project announced today the free, world-wide availability of version 3.2 of their exploit development and attack framework. The latest version is provided under a true open source software license (BSD) and is backed by a community-based development team. Metasploit runs on all modern operating systems, including Linux, Windows, Mac OS X, and most flavors of BSD. Metasploit has been used on a wide range of hardware platforms, from massive Unix mainframes to the iPhone. Users can access Metasploit using the tab-completing console interface, the Gtk GUI, the command line scripting interface, or the AJAX-enabled web interface. The Windows version of Metasploit includes all software dependencies and a selection of useful networking tools.
Version 3.2 includes exploit modules for recent Microsoft flaws, such as MS08-041, MS08-053, MS08-059, MS08-067, MS08-068, and many more.
The module format has been changed in version 3.2. The new format removes the previous naming and location restrictions and paved the way to an improved module loading and caching backend. For users, this means being able to copy a module into nearly any subdirectory and be able to immediately use it without edits.
The Byakugan WinDBG extension developed by Pusscat has been integrated with this release, enabling exploit developers to quickly exploit new vulnerabilities using the best Win32 debugger available today.
The Context-Map payload encoding system development by I)ruid is now enabled in this release, allowing for any chunk of known process memory to be used as an encoding key for Windows payloads.
The Incognito token manipulation toolkit, written by Luke Jennings, has been integrated as a Meterpreter module. This allows an attacker to gain new privleges through token hopping. The most common use is to hijack domain admin credentials once remote system access is obtained.
The PcapRub, Scruby, and Packetfu libraries have all been linked into the Metasploit source tree, allowing easy packet injection and capture.
The METASM pure-Ruby assembler, written by Yoann Guillot and Julien Tinnes, has gone through a series of updates. The latest version has been integrated with Metasploit and now supports MIPS assembly and the ability to compile C code.
The Windows payload stagers have been updated to support targets with NX CPU support. These stagers now allocate a read/write/exec segment of memory for all payload downloads and execution.
Executables which have been generated by msfpayload or msfencode now support NX CPUs. The generated executable is now smaller and more reliable, opening the door to a wider range of uses. The psexec and smb_relay modules now use an executable template thats acts like a real Windows service, improving the reliability and cleanup requirements of these modules.
The Reflective DLL Injection technique pioneered by Stephen Fewer of Harmony Security has been integrated into the framework. The new payloads use the “reflectivedllinjection” stager prefix and share the same binaries as the older DLL injection method.
Client-side browser exploits now benefit from a set of new javascript obfuscation techniques developed by Egypt. This improvement leads to a greater degree of anti-virus bypass for client-side exploits.
Metasploit contains dozens of exploit modules for web browsers and third-party plugins. The new browser_autopwn module ties many of these together with advanced fingerprinting techniques to deliver more shells than most pen-testers know what to do with.
This release includes a set of man-in-the-middle, authentication relay, and authentication capture modules. These modules can be integrated with a fake proxy (WPAD), a malicious access point (Karmetasploit), or basic network traffic interception to gain access to client machines. These modules tie together browser_autopwn, SMB relaying, and HTTP credential and form capturing to pillage data from client systems.
Nearly all Metasploit modules now support IPv6 transports. IPv6 stagers exist for the Windows and Linux platforms, opening the door for penetration testing of pure IPv6 networks. The VNCInject and Meterpreter payloads have been extensively tested over IPv6 sockets.
Efrain Torres’s WMAP project has been merged into Metasploit. WMAP is general purpose web application scanning framework that can be automated through integration with an attack proxy (ratproxy) or be accessed as individual auxiliary modules.
Egypt’s new PHP payloads provide complete bind, reverse, and findsock support for PHP web application exploits. If you are sick of C99 and R57 and looking to gain a “real” shell from one of the hundreds of RFI flaws listed on milw0rm, the new PHP payloads work great against multiple operating systems.
The db_autopwn command has been revamped to support port-based limits, regex-based module matching, and limits on the number of spawned jobs. The end result is a way to quickly launch specific modules against a specific set of target machines. These changes were suggested and implemented by Marcell “SkyOut” Dietl (Helith).
Announcement.
Some of the new features are presented in Metasploit Prime.
Grab a copy from the Metasploit web site.
Categories: Metasploit, Tools
0 Comments | Comments RSS | TrackBack URL
Posted by Trancer on Jan 29 2008
Version 3.1 of this great project is out.
Offering tons of cool new features. From the news:
Austin, Texas, January 28th, 2008 — The Metasploit Project announced today the free, world-wide availability of version 3.1 of their exploit development and attack framework. The latest version features a graphical user interface, full support for the Windows platform, and over 450 modules, including 265 remote exploits. “Metasploit 3.1 consolidates a year of research and development, integrating ideas and code from some of the sharpest and most innovative folks in the security research community” said H D Moore, project manager. Moore is referring the numerous research projects that have lent code to the framework.
These projects include the METASM pure-ruby assembler developed by Yoann Guillot and Julien Tinnes, the “Hacking the iPhone” effort outlined in the Metasploit Blog, the Windows kernel-land payload staging system developed by Matt Miller, the heapLib browser exploitation library written by Alexander Sotirov, the Lorcon 802.11 raw transmit library created by Joshua Wright and Mike Kershaw, Scruby, the Ruby port of Philippe Biondi’s Scapy project, developed by Sylvain Sarmejeanne, and a contextual encoding system for Metasploit payloads. “Contextual encoding breaks most forms of shellcode analysis by encoding a payload with a target-specific key” said I)ruid, author of the Uninformed Journal (volume 9) article and developer of the contextual encoding system included with Metasploit 3.1.
The graphical user interface is a major step forward for Metasploit users on the Windows platform. Development of this interface was driven by Fabrice Mourron and provides a wizard-based exploitation system, a graphical file and process browser for the Meterpreter payloads, and a multi-tab console interface. “The Metasploit GUI puts Windows users on the same footing as those running Unix by giving them access to a console interface to the framework” said H D Moore, who worked with Fabrice on the GUI project.
The latest incarnation of the framework includes a bristling arsenal of exploit modules that are sure to put a smile on the face of every information warrior. Notable exploits in the 3.1 release include a remote, unpatched kernel-land exploit for Novell Netware, written by toto, a series of 802.11 fuzzing modules that can spray the local airspace with malformed frames, taking out a wide swath of wireless-enabled devices, and a battery of exploits targeted at Borland’s InterBase product line. “I found so many holes that I just gave up releasing all of them”, said Ramon de Carvalho, founder of RISE Security, and Metasploit contributor.
“Metasploit continues to be an indispensable and reliable penetration testing framework for our modern era”, says C. Wilson, a security engineer who uses Metasploit in his daily work. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
Metasploit runs on all modern operating systems, including Linux, Windows, Mac OS X, and most flavors of BSD. Metasploit has been used on a wide range of hardware platforms, from massive Unix mainframes to the tiny Nokia n800 handheld. Users can access Metasploit using the tab-completing console interface, the Gtk GUI, the command line scripting interface, or the AJAX-enabled web interface. The Windows version of Metasploit includes all software dependencies and a selection of useful networking tools.
The latest version of the Metasploit Framework, as well as screen shots, video demonstrations, documentation and installation instructions for many platforms, can be found online at http://metasploit3.com/
Announcement.
Grab a copy from the Metasplot web site.
Categories: Metasploit, Tools
0 Comments | Comments RSS | TrackBack URL
|
A new version of Nmap Security Scanner released today which is the first stable release since 5.00 – Nmap 5.20.
A new version for the penetration testers and security experts favorite Linux distrobution released – BackTrack Linux 4.
The guys at Rapid7 and the Metasploit team announced the release of version 3.3 of the framework. The new version ships with tons of improvments, bug fixes, new featues, exploits and auxilary modules. I really recommend it. For the complete list of changes read the announcment post by HD Moore – 
RSS 2.0
ATOM 1.0
RDF 1.0
Links OPML
OpenSearch
