15 Minutes Penetration test

Here you have two interesting videos from Ryan Linn on EthicalHacker.net , reviewing a fast Penetration Test using Nmap, Nessus, Metasploit / Meterpreter and Ophcrack.

Video part 1 Nmap, Nessus, Metasploit
Video part 2 Meterpreter, Ophcrack, Command line users

This is a good time to say how much i like meterpreter :)



Google Safe Browsing Diagnostic

Today i read about Google Safe Browsing Diagnostic report, and it's really interesting.

Google is providing a security diagnostic report about web sites, where they give:

*What is the current listing status for [the site in question]?

We display the current listing status of a site and also information on how often a site or parts of it were listed in the past.

*What happened when Google visited this site?

This section includes information on when we analyzed the page, when it was last malicious, what kind of malware we encountered and so fourth. To help web masters clean up their site, we also provide information about the sites that were serving malicious software to users and which sites might have served as intermediaries.

*Has this site acted as an intermediary resulting in further distribution of malware?

Here we provide information if this site has facilitated the distribution of malicious software in the past. This could be an advertising network or statistics site that accidentally participated in the distribution of malicious software.

*Has this site hosted malware?

Here we provide information if the the site has hosted malicious software in the past. We also provide information on the victim sites that initiated the distribution of malicious software.

This service is very useful and is similar to McAfee Site Advisor, you can check an example report for doubleclick.net here where in the past malware was detected.

This report is what google knows about the security of a site, better said the potential security risks that you can find in a site.

You can access this service via the website, or via Firefox "additional information"

More information in the Google blog


FIST Conference Barcelona March 2009

Next March 6th we are throwing a new edition of the FIST Conference here in Barcelona, so if you want to check the program, you can go here

I will give a talk about "A fresh new look into information gathering", where i intend to present the new beta version of the Metagoofil, and some new sources for Information Gathering.

Vicente Díaz will continue the talk he gave at the last FIST Conference with new information and facts about cyber crime and the business behind it (or in front of it), very interesting and entertaining talk.

The location has changed, and this edition will be inside the FiberParty 2009 event.

After the conference we flight to USA, first NY and then we head to BOSTON, to attend SOURCE Conference.

Please join us at FIST Conference :)


Black Hat DC 2009 - Slides

The presentations of the last Black Hat DC conference are available online, here are some interesting talks:

  • DNS 2008 and the New (old) Nature of Critical Infrastructure, Dan Kaminsky
  • Windows Vista Security Internals, Michael Mukin
  • Dissecting web attacks, Val Smith & Colin Ames

You can download the presentations here


Fast-Track - Automated penetration testing suite

Fast-track is
"a compilation of custom developed tools that allow penetration testers the ease of advanced penetration techniques in a relatively easy manner"

Fast-Track has tools for MSSQL server, SQL Injection, Metasploit Autopwn Automation, Mass Client Side attacks, exploits and a Payload generator.

The idea is to provide easy and fast to use tools, that will usually take you many steps, or some minor coding on existing tools. I liked the integration with Metasploit payloads.

It's like executing scripts and tools combos :)

You can check a video of the SQLPwnage module in action:

Fast-Track SQLPwnage from David Kennedy on Vimeo

Presentation of Fast-Track at ShmooCon 2009, here
Download here



CUDA and bruteforcing

Did you hear about Pyrit?

"Pyrit is implementation allows to create massive databases, pre-computing part of the WPA/WPA2-PSK authentication phase in a space-time-tradeoff"

Pyrit exploit the power of the new GPU, like the Nvidia family that support CUDA.

"CUDA is the compute engine in NVIDIA graphics processing units or GPUs, that is accessible to software developers through industry standard programming languages"
Just look at this comparison of pyrit running on different graphic cards:

Well I wanted to know the performance of my GPU's, so i did some test on my Macbook Pro unibody, that has two Nvidia graphic cards on board, and here are the results:

Nvidia 9400 M

Nvidia 9600 GT

With the 9400 M i got 690.67PMK/s  more than 2x of the CPU Core2duo 2.4Ghz, and with the 9600 GT i got 912.77 PMK/s almost 4x !!  

Now it will be sweet to have both graphic cards working at the same time ;)

Pyrit is included in Backtrack  4 and in the next Pentoo release!

Also i tested another CUDA based bruteforcer, "Multihash Bruteforcer":

The world's fastest cross-platform MD4/MD5/NTLM cracking
 for Windows/Mac/Linux

Here are the results on my Macbook Pro:

I guess that this tool will improve over time, but they are giving great results right now.

Enjoy your password cracking


Backtrack 4 is here! - Cuda support

The new Backtrack 4 beta is out!, you can download your ISO here, also you can check the backtrack 4 info on their blog.

The most interesting feature is that is based on Ubuntu, this mean that will be easy to update, maintain, create packages, etc!  The Backtrack team wants that besides of being your live CD, to be your every day desktop, and with this change i think that a lot of users will make the change.

Another feature is the support for pyrit and CUDA, to exploit the power of the GPU's.



Web Services Security testing

Last week  i had to perform a penetration test on a Web Services environment and during the project i found the following interesting documents:

SIFT  - Web Services Security Testing Framework  V1  - by SIFT  Link

This document is a great resource.

Web Services Security  - by Bilal Saddiqui Link

Exploring Web Services Encryption - by Bilal Saddiqui   Link

More on Web Services Encryption - by Schmoil Link

Seguridad en Servicios Web (Spanish) - by Oscar Gonzales Link

About the tools, i had some trouble with the usual hacking tools, we didn't had UDDI or JUDDI, so we had to hack the application server (Jboss) and then access the Web services admin panel, to get the WSDL.

With the WDSL i proceed to perform some bruteforce attacks with WebSlayer to find a valid username and password for the WS-Security (client authentication).

The other tool that i used was Appscan, Web Services Power tools that allowed me to get the descriptions, and perform request, but i didn't liked the way it handle the raw request...

Another interesting tools is the SOAPUI, the web services testing tool, it's very complete and i'm still learning on how to use it....

Also we used WSFuzzer from OWASP. Here is a video on how to use it


Any other interesting tools or document?