Protocols, Data structures and File formats

Recently i discover the website, is a place where you can find information of Data Structures, Protocols, File Formats, etc. It's a valuable resource for creating fuzzing tools, analyzing protocols, or develop a tool.
Really a must have in the security professional bookmarks!

Site: Wotsit


Wfuzz, proxys and webserver scanning

Yesterday i was performing a pentest on a very big network. After struggling a bit i managed to upload files to a web server, an antivirus was running so many known tools didn't work, so it's time for more creativity. I pulled the http-proxy, a python based proxy developed by Edge-security, and compiled it into binary with py2exe, created an self-extracting zip, and uploaded to the server. I configured the proxy to listen on the port 53, as they leave that port unfiltered, neat :P

Well, so far so good, now i needed to know which machines were running webservers. I could have programmed a python scanner and upload it, but i was running out of time, so i went for wfuzz, the swiss knife for application testing (every body says their tool is a swiss knife), i used this command line to scan for web servers in the internal LAN through the proxy:

me ----> Server w/proxy ---->LAN

wfuzz -x serverip:53 -c -z range -r 1-254 --hc XXX -t 5 http://10.10.1.FUZZ

Some wfuzz switchs:

-x set proxy
--hc is used to hide the XXX error code from the results, as machines w/o webserver will fail the request (this is added on the new version).

With this command line, i will get every web server on the segment 10.10.1.X, i had to repeat this line for every segment the compromised server could reach, just that easy, fast and fun.

The http-proxy i used is part of the next framework that is being baked at Edge-security, stay tuned..

See you soon

New tools and some docs..

Hi i'm back from the vacations, i will start posting more frequently than before, it's an objetive that i set.

Well let's move on the first post, it is about some new tools and documents from the last weeks.


Blackhat and Defcon are over, and the presentations and whitepapers could be downloaded from here:


There are a lot of presentations, and some are really good.


First Nmap SOC release! Nmap 4.22SOC1

The new nmap version is available, with all the improvements proposed in the Summer Of Code (Google). Some of the highlights are:

-The UMIT graphical Nmap frontend is now included
-The port selection mechanism was overhauled
-Added the --reason option which explains WHY Nmap assigned a port status
-Integrated all of your 2nd generation OS detection submissions, increasing the database size by 68% since 4.21ALPHA4 to 699 fingerprints.
-Added --servicedb and --versiondb command-line options which allow you to specify a custom Nmap services (port to port number translation and port frequency) file or version detection database.
-In verbose mode, Nmap now reports where it obtains data files (such as nmap-services) from.

These are some of the more significant (at least for me), there are many more improvements on the release.


Umit: Nmap frontend.

Really a very good frontend, with a lot of functionalities, like comparing between different scans, saving scans, multiple tabs, profiles, information highlighting, etc. This project is sponsored by the Google Summer Of Code.


Evolution: Massive information Gathering.

Evolution is a program that can be used to determine the relationships and real world links between different entities. Really it worths a try. I liked a lot the GUI, is still in beta stage, but is really awesome the interface.


Immunity Debugger:

The new toy from Immunity guys, this is a new debugger oriented for vulnerability analysis, and security related task. It's programmed in python :), you can load python scripts to aid the analysis. Immunity says:

-A debugger with functionality designed specifically for the security industry
-Cuts exploit development time by 50%
-Simple, understandable interfaces
-Robust and powerful scripting language for automating intelligent debugging
-Lightweight and fast debugging to prevent corruption during complex analysis
-Connectivity to fuzzers and exploit development tools

Really a very good tool.


That's all for today :)