New blog home

This is just to let you know that from now on i will post in the "Security on the Edge" blog, where all the members of Edge-Security post their articles.

I invite you to update yours RSS readers to http://edge-security.blogspot.com/

Thank you

Chris

OWASP VI Spain Meeting -2010: And still bruteforcing

Hi all, the past 19 of June i presented at OWASP VI Spain Meeting, a review of Bruteforce attacks in web applications, this is an old technique that is still useful for the attackers, and i showed with examples that is present in many attacks that affect big companies like Facebook, Yahoo, AT&T, Tuenti, etc. Also i presented the latest version of Webslayer a tool to perform all kind of bruteforce attacks in web applications.

You can find the presentation here:

http://www.owasp.org/images/2/2a/Bruteforce2010.key.pdf

And also the video of the talk (spanish) here.

Here is a picture of the conference showing the Webslayer results interface:

Next version will add some requested features like multiple proxies support, delay between request, and many more.

Stay tuned and enjoy...

Christian

Massive Web Application discovery with Wfuzz

Last week i had to review like 40 websites for a penetration test in a short period of time, so the first thing i wanted was to search for directories or files in the web servers, so how can i automate the full scan with Wfuzz? We can use a command like this:

$ wfuzz -c -z file -f urllist.txt,dictionary.txt --html --hc 404 http://FUZZ/FUZ2Z 2> results.html

The first FUZZ will be replaced with the content of urllist.txt, where you should have the websites address in the format "www.target.com", and the second FUZ2Z will be replaced with the dictionary, in my case i used the big.txt.

Soon i will release an update of Webslayer, and will show how to do this with it.

Enjoy!

Laramies

Security Ezines 2010

Hi all, in this brief post i will like to share some new ezines about security that were relased this year, the first one is called Into the Boxes, and it's centered in Forensics and Incident response, it's a join effort from Harlan Carvey and Don (securityripcord), this ezine looks promising. You can download the first issue here.

The other ezine is the one launched by Hack In the Box (HitB), this magazine has a very professional look and a lot of articles, can be compared with a Hakin9 magazine, but free. They relaunched the ezine this year. You can download the first issue here.

It's cool to see fresh initiatives for sharing knowledge :)

I would like to see a Kindle version of them ;)

Owning Windows 7 - Double hack (physical access required)

Hi all, i finished my Windows 7 upgrade and i decided to check and old trick that worked on XP and Vista, no foo required, it's an easy one:

If you have access to a Windows 7 Box, you can still replace the binary c:\windows\system32\sethc.exe by your favourite backdoor (you can insert the same binary with the meterpreter embedded) and trigger it pressing 5 times the shift key on the login screen. Also the trick works by replacing c:\windows\system32\utilman.exe, and pressing WIN-U in the login screen. (you must boot with a live CD in order to replace the binaries)

I know, i know.. if someone have access to your machine it's game over, but hey this it's still there and this could have been improved and avoid the direct calling of two binaries by a key combination.

You can see the double cmd.exe popping one for sethc.exe and the other for utilman.exe, both with "nt authority\system" privileges.

If you don't have your disk encrypted you should do it... if you have it encrypted, beware with the Evil Maid.

Enjoy,

Christian