Nahid's Blog

Friday, September 30, 2011

OWASP’s herd of goat

Sorry for weird funny title. Every security folks know about OWASP Web goat project, one most successful project of OWASP.

WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application.

Just copy following quote from OWASP wiki why the name is WebGoat.

Why the name "WebGoat"? Developers should not feel bad about not knowing security. Even the best programmers make security errors. What they need is a scapegoat, right? Just blame it on the 'Goat!

But there are also other OWASP goat(s) project available less people know about them.

OWASP .NET Goat

One of them is OWASP .NET Goat. Will be found is Codeplex.OWASP .NET Goat is a webgoat style security learning application written in C#.

And another Goat join recently is GoatDroid. owasp-goatdroid is also open source goat found in here is a a fully functional training environment for exploring Android mobile application security.

Well what about iPhone, Yes OWASP owasp-igoat is for apple iPhone.This OWASP iGoat project is a security learning tool for iOS developers to learn about security weaknesses in iOS -- by breaking things as well as fixing them.

OWASP-iGoat project home.

Happy learning… if anyone know other goat please write on comment.

Tuesday, September 27, 2011

Web Application Analysis With Owasp Hatkit

Yet another proxy to analyses web application. We already have WebScarab,burp,paros,ratproxy,OWASP zap proxy,fiddler so many now another one OWASP Hatkit which is released in defcon 19. The main feature that may capture your attention is it has a database to store all recoded data that’s helps further analysis. Hatkit use MongoDB where parse data store in as JSON document. So you can use MongoDB advanced querying facilities and even can use other tools to view and analyze data.

Now how do you configure it in your favorite backtrack, I’m try it in backtrack5r1. First you need to install MongoDB . if you install synaptic you should found MongoDB by search in default repo. obviously there should other way to do it but I’m take simplex options.

Or just $sudo apt-get install mongodb

Next download Hatkit it self from from here. direct link hatkit_proxy-0.6.1.zip

just extract it in /opt
#ls
#hatkit_proxy.jar hatkit_proxy.sh lib LICENSE.txt processors README
#java -jar hatkit_proxy.jar

hatkit has web scrapper converter you need to locate its install path

Well so to analyze data there is another project available Owasp Hatkit Datafiddler project. So with help of this is a tool basically you do performing data analysis of data in a MongoDB, particularly Http traffic.

This tool can be download from here, Direct link hatkit_datafiddler-0.6.0.zip.

$ unzip hatkit_datafiddler-0.6.0.zip
$ cd hatkit_datafiddler-0.6.0/
$ python datafiddler.py

you may got dependency error of python mongoDB if you are not install it before

pymongo : Python drivers for MongoDB

there are different way of installing pymongo but I did install it from source.Installing pymongo python driver for mongodb from source is easy

git clone https://github.com/mongodb/mongo-python-driver.git

python setup.py install

$ python datafiddler.py

My first look feeling is still this tool need some UI improvement and need to a bit user friendly. I will try to update this post after more work with this tool. And hope this tool will keep updated.

More info: defcon conference slide here. OWASP project home here

Friday, September 9, 2011

registrydecoder

Registry Decoder provides a single tool in which to perform browsing, searching, analysis, and reporting of registry hive contents. All functionality is exposed through an intuitive GUI interface and accommodates even novice investigators.

Download http://code.google.com/p/registrydecoder/downloads/list

SWFREtools

The SWFRETools are a collection of tools built for vulnerability analysis of the Adobe Flash player and for malware analysis of malicious SWF files.

Current version is SWFRETools v1.4.0

Download https://github.com/sporst/SWFREtools/downloads

Pentest cheat sheet bookmark

Reverse Shell Cheat Sheet
Namp cheat sheet
- http://nmapcookbook.blogspot.com/2010/02/nmap-cheat-sheet.html
- http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
Nessus cheat sheet
- http://www.infosecwriters.com/text_resources/pdf/nessusNMAPcheatSheet.pdf
Backtrack
- http://www.corelan.be/index.php/2009/07/04/backtrack-4-cheat-sheet/
Oracle Security
- http://www.red-database-security.com/wp/oracle_cheat.pdf
XSS
SSH cheat shhet
- http://pentestmonkey.net/cheat-sheet/ssh-cheat-sheet
SQl Injection
Unix cheat sheet
- http://bhami.com/rosetta.html
Microsoft SQL,Sybase,MySQL,Oracle,PostgreSQL,DB2,IngresBypass SQL Injection Filters
- http://michaeldaw.org/sql-injection-cheat-sheet
- http://pentestmonkey.net/cheat-sheets/
Packetlife Cheatsheets
- http://packetlife.net/cheatsheets/
Windows command line tools
- http://www.sans.org/resources/sec560/windows_command_line_sheet_v1.pdf
Netcat Cheat Sheet
- http://www.sans.org/resources/sec560/netcat_cheat_sheet_v1.pdf
Useful Attack Tools, Metasploit commands, HPing, FGDump
- http://www.sans.org/resources/sec560/misc_tools_sheet_v1.pdf
Reverse Engineering Malware Cheat Sheet
- http://zeltser.com/reverse-malware/reverse-malware-cheat-sheet.html

Original sources and other sources

Bookmarked RSS items- until 8/9/2011

Last few month RSS bookmark before forget forever- its for me but somebody else may find some thing interesting also.

Vulnerabilities

Firefox 3.6.20 Corrects Several Critical Vulnerabilities, (Tue, Aug 16th) via SANS Internet Storm Center, InfoCON: green on 8/16/11
ZDI-11-251: Apple QuickTime STSS atom Parsing Remote Code Execution Vulnerability via Full Disclosure on 8/9/11
Skype (<= 5.5.0.113, Windows) html/js code injection vulnerability via Full Disclosure on 8/17/11
Dropbox for Android Vulnerability Breakdown via Computer Security Blog | Learning The Offensive Security by noreply@blogger.com (Medt) on 8/19/11
Apache exploit leaves up to 65% of all websites vulnerable via Naked Security - Sophos by Mark Stockley on 8/26/11

Learn,see, check, think and forgot

How to Add Speech Recognition to your Website via Digital Inspiration Technology Blog by Amit on 8/16/11
An-interesting-forensics-analysis via Aldeid News on 8/9/11
Sneak in These Simple Exercises at the Office to Stay Healthy [Health] via Lifehacker by Melanie Pinola on 8/25/11
aaron barr, defcon, and anonymity via terminal23 by michael on 9/7/11
3 Reasons Why Computer Security Fails via MalwareCity Blog by WebMaster (news@malwarecity.com) on 8/26/11
How Can I Make the Windows Command Prompt Better? [Ask Lifehacker] via Lifehacker by Whitson Gordon on 8/26/11
When is Offense the Best Defense? via 360 Security by John Alexander on 9/7/11

Book review

Book review: IDA Pro Book, 2nd Edition via Hex Blog by Elias Bachaalany on 8/3/11
Book: Puzzles for Programmers and Pros via xorl %eax, %eax by xorl on 8/27/11

Discover

Can we believe our eyes? by msft-mmpc on 8/10/11 This is about how a Trojan that hijack the hosts by modify hosts file with some Unicode technique .

Tools

LDAP & XPATH Injection tools via Security-Shell by noreply@blogger.com (d3v1l) on 8/16/11
Integrating Nessus with BackTrack 5's Tools via Tenable Network Security by Paul Asadoorian on 8/3/11
Advance SQL Injection Tool – Havij via Ethical Hacking-Your Way To The World Of IT Security by noreply@blogger.com (Ethical Hacking) on 8/9/11
Updates: ProcDump v4.0, Process Monitor v2.96, Process Explorer v15.02,and Zero Day Malware Cleaning via Security-Shell by noreply@blogger.com (d3v1l) on 8/16/11
Detect Hidden Trojans on Your Computer via Computer Hacking | Learn How To Hack by noreply@blogger.com (Aleksandar) on 7/20/11

Trips and trick

5 Easy Tips to Reduce and Refactor Your Code with Resharper by JohnPapa.net on 10/2/10 – People who can’t write code without Reshaper should know this tips before.
SEO Poisoning Attack - What and How via Ethical Hacking-Your Way To The World Of IT Security by noreply@blogger.com (Ethical Hacking) on 8/10/11
Tweaking WCF to build highly scalable async REST API via Omar AL Zabir on things you don't find easily by Omar AL Zabir on 7/31/11

News

Windows 8 is on the way and... via suck-o.com RSS news feed by bad_brain@suck-o.com (floodhound2) on 8/16/11
BackTrack 5 R1 released via BackTrack Linux - Penetration Testing Distribution by admin on 8/18/11
Joining OWASP Board via ...Application Security... by Michael Coates on 8/18/11
AppSec Asia 2011 via Open Web Application Security Project by Jim Manico on 7/20/11
Cyberdouchery of Kasperskian Proportions via Liquidmatrix Security Digest by James Arlen on 7/21/11
Falsely issued Google SSL certificate in the wild for more than 5 weeks via Naked Security - Sophos by Chester Wisniewski on 8/29/11

Monday, August 29, 2011

Running dradis server in any port and ip address on backtrack 5

By default dradis server run on localhost. To run it in any interface following helps available in http://dradisframework.org/FAQ.html#q4. But its not works for me.

By default the server starts in 127.0.0.1:3004. How can I make it listen on a different interface/port number?

Port number can be changed using the -p parameter. For instance to listen on port 80:
rails server -p 80

The interface can be changed using the -b parameter. To listen on ALL (dangerous!) interfaces do:
rails server -b 0.0.0.0

I’m try couple of way and can’t make it work. get following error

ruby ./script/rails server -b 0.0.0.0 -p 3004
./script/rails:5:in `require': no such file to load -- rails/commands/server (LoadError)
from ./script/rails:5:in `<main>'

After a long time search internet i found a fix.I’m try

$./start.sh –h

But its not work, then a fixed has been found there git hut source.You just need to modify start.sh following way

-bundle exec rails server webrick

+bundle exec rails server webrick $*

After that you have $./start.sh –h cool help.

Just type ./start.sh –b <ip> will work.

Hope this save some one time.