«
Expand/Collapse
69 items tagged "list"
Related tags:
mailing [+],
word list [+],
shawn moyer [+],
satan [+],
nathan hamiel [+],
black hat [+],
wordpress [+],
word [+],
txt [+],
BackTrack [+],
usa [+],
sql [+],
social networks [+],
shop [+],
list shop [+],
hacks [+],
don [+],
builder [+],
web [+],
third party [+],
taxonomy [+],
recon [+],
input systems [+],
inclusion [+],
filter data [+],
fabian mihailowitsch [+],
email [+],
drupal [+],
django [+],
day [+],
data extraction [+],
cross site scripting [+],
company [+],
chaos communication congress [+],
buffer overflow exploit [+],
application intelligence [+],
admin [+],
widget [+],
text [+],
sql injection [+],
sorted [+],
social engineering [+],
python [+],
password [+],
moyer [+],
montreal [+],
generator [+],
elements [+],
disclosure [+],
buffer overflow vulnerability [+],
bitweaver [+],
author [+],
audio [+],
asia [+],
Software [+],
General [+],
xftp [+],
wxf [+],
world [+],
wordlist [+],
web script [+],
wall street [+],
video object [+],
video [+],
transportation [+],
todd miller [+],
tips [+],
thread [+],
system v2 [+],
system [+],
suppression [+],
sudo [+],
street [+],
statistics [+],
static ip [+],
static [+],
speakers [+],
speaker [+],
sophos [+],
software list [+],
software link [+],
sns [+],
site [+],
service vulnerability [+],
search [+],
sdk [+],
safer use [+],
robots [+],
robot [+],
response [+],
repeater [+],
remote buffer overflow vulnerability [+],
remote buffer overflow [+],
remote admin [+],
project [+],
privilege escalation vulnerability [+],
prefix [+],
pcs [+],
password list [+],
party details [+],
parameter names [+],
paper [+],
omniwheel [+],
occupy wall [+],
mssql [+],
motorcycle [+],
mlmmj [+],
misc [+],
mdvsa [+],
mailing list manager [+],
mac [+],
lync [+],
local privilege escalation [+],
linux security [+],
lavasoft [+],
kiwi [+],
keyword list [+],
keyword [+],
key generator [+],
jonathan guberman [+],
jaunt [+],
iraniannames [+],
iranian names [+],
ipswitch [+],
ip list [+],
input validation [+],
indicator [+],
imail server [+],
imail [+],
huge list [+],
host [+],
hit list [+],
hexagonal [+],
hash [+],
hacking search [+],
guberman [+],
google [+],
gnu mailman [+],
ftpdmin [+],
free weekends [+],
free email list [+],
florian streibelt [+],
field [+],
essid [+],
english thanks [+],
email password [+],
electric motorcycle [+],
dsa [+],
drive robot [+],
dozen [+],
dirty dozen [+],
dirty [+],
directory traversal vulnerability [+],
dhcp [+],
denial of service [+],
demands [+],
cornell university [+],
cornell [+],
command [+],
code execution [+],
closure [+],
cktricky [+],
christmas lights [+],
china [+],
chat [+],
build [+],
bugtraq [+],
bomb [+],
bl4ck [+],
ben nelson [+],
available [+],
attacking [+],
atmel [+],
assignement [+],
arbitrary web [+],
admin login [+],
Support [+],
Related [+],
Newbie [+],
Issues [+],
Howto [+],
Discussion [+],
Area [+],
vulnerability [+]
-
-
![Permalink for '[Video] Don't scan, just ask'](/themes/lilina/web//media/mark_off.gif)
22:36
»
SecDocs
Authors:
Fabian Mihailowitsch Tags:
web application intelligence Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: For years, we tried to identify vulnerable systems in company networks by getting all the companies netblocks / ip addresses and scanning them for vulnerable services. Then with the growing importance of web applications and of course search engines, a new way of identifying vulnerable systems was introduced: "Google hacking". However this approach of identifying and scanning companies ip addresses as well as doing some Google hacking for the (known) URLs of the company doesn't take all aspects into account and has some limitations. At first we just check the systems which are obvious, the ones that are in the companies netblocks, the IP addresses that were provided by the company and the URLs that are known or can be resolved using reverse DNS. However how about URLs and systems that aren't obvious? Systems maybe even the company in focus forgot? Second, the current techniques are pretty technical. They don't take the business view into account at any point. Therefore we developed a new technique as well as framework to identify companies’ web pages based on a scored keyword list. In other words: From zero to owning all of a company’s existing web pages, even the pages not hosted by the company itself, with just a scored keyword list as input. Systems that are hosted by third parties, web pages that were just released for a marketing campaign, maybe even by a third party marketing company but within the name of the company we want to check? Possibly not even the company does remember all the web applications and domains that are running under his name. These systems/applications won’t be detected using traditional techniques and thus impose a potential security risk for the company. Second, the current techniques are pretty technical. They don't take the business view into account. That means, we try to identify certain applications using technical information like version banner or the comapnies ip addresses in order to identify his systems. But how about the other way around, trying to identify applications and systems by using the company’s business data (e.g. product names, company names, tax identification numbers, contact persons, …) and then test the identified systems and applications for vulnerabilities? That is what we did. The idea is to build up a scored keyword list for the company in focus. This list contains general keywords like the company name, product names, more detailed keywords like an address contained in imprints and very specific keywords like the companies tax number. Every keyword in that list is then rated by human intelligence. Which means specific keywords do have a higher scoring than general keywords. In the next step a spider uses these keywords to query search engines like bing, google, etc. for the keywords and stores all the web sites URLs identified in a database with their scoring. If a web site that already is in the database is found for another keyword, just the score of that entry is increased. At the end, we get a list of websites that contained one or more of the keywords, along with a scoring for each web site. Then the URL is taken and checked whether it contains one of the keywords (e.g. company name). If this is the case, the scoring of the page is increased again. Then for each entry the FQDN as well as the ip is resolved and a whois query is executed. If that whois record does contain the company name, the scoring is increased again. Furthermore the country codes are used to remove results which are not in the target country. At the end of that process, we do have a list of URLs and FQDNs that could be found using company specific key words. Furthermore that list is scored. Since during that process you get (based on your keyword list) hundred thousands of unique hits, you have to minimize that list. Therefore we did some research on the results generated and found a decent way to minimize the results to an amount that can be checked manually by a human. Then those identified company web pages are passed to a crawler that just extracts external links from those pages, with the idea that correct company pages might link to other company pages, and integrates them to the results list. Using these technique in practice it is possible to identify a lot of web sites hosted (even by third parties) for one company. During the crawling process not just external links are extracted but all forms, HTTP parameters as well as certain parts of the web content are stored. Thus besides a list, we do have a "mirror" of the web page as well as the forms and dynamic functions that pose an attack surface. The information collected can then be used as input to special analysis modules. For some of our projects we integrated WAFP (Web Application Finger Printer), SQLMap and other well known tools as well as some other self written fuzzers and fingerprinters into that process. This way the whole process, from identifying web pages belonging to a certain company up to analyzing those for vulnerabilities can be totally automated. In other words: From zero to owning all of a company’s existing web pages, even the pages not hosted by the company itself, with just a scored keyword list as input. During our talk we will present our idea as well as our approach of identifying vulnerable web applications that belong to a certain company, based on business data. Furthermore we will explain how our framework is structured and how it does the searching as well as the vulnerability assessment in an automated way. So everybody who is interested will be able to implement his own version or adapt certain ideas for his projects. Besides just telling you how it could work, we will also present our framework that performs all of the steps described above automatically in a demo.
-
22:36
»
SecDocs
Authors:
Fabian Mihailowitsch Tags:
web application intelligence Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: For years, we tried to identify vulnerable systems in company networks by getting all the companies netblocks / ip addresses and scanning them for vulnerable services. Then with the growing importance of web applications and of course search engines, a new way of identifying vulnerable systems was introduced: "Google hacking". However this approach of identifying and scanning companies ip addresses as well as doing some Google hacking for the (known) URLs of the company doesn't take all aspects into account and has some limitations. At first we just check the systems which are obvious, the ones that are in the companies netblocks, the IP addresses that were provided by the company and the URLs that are known or can be resolved using reverse DNS. However how about URLs and systems that aren't obvious? Systems maybe even the company in focus forgot? Second, the current techniques are pretty technical. They don't take the business view into account at any point. Therefore we developed a new technique as well as framework to identify companies’ web pages based on a scored keyword list. In other words: From zero to owning all of a company’s existing web pages, even the pages not hosted by the company itself, with just a scored keyword list as input. Systems that are hosted by third parties, web pages that were just released for a marketing campaign, maybe even by a third party marketing company but within the name of the company we want to check? Possibly not even the company does remember all the web applications and domains that are running under his name. These systems/applications won’t be detected using traditional techniques and thus impose a potential security risk for the company. Second, the current techniques are pretty technical. They don't take the business view into account. That means, we try to identify certain applications using technical information like version banner or the comapnies ip addresses in order to identify his systems. But how about the other way around, trying to identify applications and systems by using the company’s business data (e.g. product names, company names, tax identification numbers, contact persons, …) and then test the identified systems and applications for vulnerabilities? That is what we did. The idea is to build up a scored keyword list for the company in focus. This list contains general keywords like the company name, product names, more detailed keywords like an address contained in imprints and very specific keywords like the companies tax number. Every keyword in that list is then rated by human intelligence. Which means specific keywords do have a higher scoring than general keywords. In the next step a spider uses these keywords to query search engines like bing, google, etc. for the keywords and stores all the web sites URLs identified in a database with their scoring. If a web site that already is in the database is found for another keyword, just the score of that entry is increased. At the end, we get a list of websites that contained one or more of the keywords, along with a scoring for each web site. Then the URL is taken and checked whether it contains one of the keywords (e.g. company name). If this is the case, the scoring of the page is increased again. Then for each entry the FQDN as well as the ip is resolved and a whois query is executed. If that whois record does contain the company name, the scoring is increased again. Furthermore the country codes are used to remove results which are not in the target country. At the end of that process, we do have a list of URLs and FQDNs that could be found using company specific key words. Furthermore that list is scored. Since during that process you get (based on your keyword list) hundred thousands of unique hits, you have to minimize that list. Therefore we did some research on the results generated and found a decent way to minimize the results to an amount that can be checked manually by a human. Then those identified company web pages are passed to a crawler that just extracts external links from those pages, with the idea that correct company pages might link to other company pages, and integrates them to the results list. Using these technique in practice it is possible to identify a lot of web sites hosted (even by third parties) for one company. During the crawling process not just external links are extracted but all forms, HTTP parameters as well as certain parts of the web content are stored. Thus besides a list, we do have a "mirror" of the web page as well as the forms and dynamic functions that pose an attack surface. The information collected can then be used as input to special analysis modules. For some of our projects we integrated WAFP (Web Application Finger Printer), SQLMap and other well known tools as well as some other self written fuzzers and fingerprinters into that process. This way the whole process, from identifying web pages belonging to a certain company up to analyzing those for vulnerabilities can be totally automated. In other words: From zero to owning all of a company’s existing web pages, even the pages not hosted by the company itself, with just a scored keyword list as input. During our talk we will present our idea as well as our approach of identifying vulnerable web applications that belong to a certain company, based on business data. Furthermore we will explain how our framework is structured and how it does the searching as well as the vulnerability assessment in an automated way. So everybody who is interested will be able to implement his own version or adapt certain ideas for his projects. Besides just telling you how it could work, we will also present our framework that performs all of the steps described above automatically in a demo.
-
22:36
»
SecDocs
Authors:
Fabian Mihailowitsch Tags:
web application intelligence Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: For years, we tried to identify vulnerable systems in company networks by getting all the companies netblocks / ip addresses and scanning them for vulnerable services. Then with the growing importance of web applications and of course search engines, a new way of identifying vulnerable systems was introduced: "Google hacking". However this approach of identifying and scanning companies ip addresses as well as doing some Google hacking for the (known) URLs of the company doesn't take all aspects into account and has some limitations. At first we just check the systems which are obvious, the ones that are in the companies netblocks, the IP addresses that were provided by the company and the URLs that are known or can be resolved using reverse DNS. However how about URLs and systems that aren't obvious? Systems maybe even the company in focus forgot? Second, the current techniques are pretty technical. They don't take the business view into account at any point. Therefore we developed a new technique as well as framework to identify companies’ web pages based on a scored keyword list. In other words: From zero to owning all of a company’s existing web pages, even the pages not hosted by the company itself, with just a scored keyword list as input. Systems that are hosted by third parties, web pages that were just released for a marketing campaign, maybe even by a third party marketing company but within the name of the company we want to check? Possibly not even the company does remember all the web applications and domains that are running under his name. These systems/applications won’t be detected using traditional techniques and thus impose a potential security risk for the company. Second, the current techniques are pretty technical. They don't take the business view into account. That means, we try to identify certain applications using technical information like version banner or the comapnies ip addresses in order to identify his systems. But how about the other way around, trying to identify applications and systems by using the company’s business data (e.g. product names, company names, tax identification numbers, contact persons, …) and then test the identified systems and applications for vulnerabilities? That is what we did. The idea is to build up a scored keyword list for the company in focus. This list contains general keywords like the company name, product names, more detailed keywords like an address contained in imprints and very specific keywords like the companies tax number. Every keyword in that list is then rated by human intelligence. Which means specific keywords do have a higher scoring than general keywords. In the next step a spider uses these keywords to query search engines like bing, google, etc. for the keywords and stores all the web sites URLs identified in a database with their scoring. If a web site that already is in the database is found for another keyword, just the score of that entry is increased. At the end, we get a list of websites that contained one or more of the keywords, along with a scoring for each web site. Then the URL is taken and checked whether it contains one of the keywords (e.g. company name). If this is the case, the scoring of the page is increased again. Then for each entry the FQDN as well as the ip is resolved and a whois query is executed. If that whois record does contain the company name, the scoring is increased again. Furthermore the country codes are used to remove results which are not in the target country. At the end of that process, we do have a list of URLs and FQDNs that could be found using company specific key words. Furthermore that list is scored. Since during that process you get (based on your keyword list) hundred thousands of unique hits, you have to minimize that list. Therefore we did some research on the results generated and found a decent way to minimize the results to an amount that can be checked manually by a human. Then those identified company web pages are passed to a crawler that just extracts external links from those pages, with the idea that correct company pages might link to other company pages, and integrates them to the results list. Using these technique in practice it is possible to identify a lot of web sites hosted (even by third parties) for one company. During the crawling process not just external links are extracted but all forms, HTTP parameters as well as certain parts of the web content are stored. Thus besides a list, we do have a "mirror" of the web page as well as the forms and dynamic functions that pose an attack surface. The information collected can then be used as input to special analysis modules. For some of our projects we integrated WAFP (Web Application Finger Printer), SQLMap and other well known tools as well as some other self written fuzzers and fingerprinters into that process. This way the whole process, from identifying web pages belonging to a certain company up to analyzing those for vulnerabilities can be totally automated. In other words: From zero to owning all of a company’s existing web pages, even the pages not hosted by the company itself, with just a scored keyword list as input. During our talk we will present our idea as well as our approach of identifying vulnerable web applications that belong to a certain company, based on business data. Furthermore we will explain how our framework is structured and how it does the searching as well as the vulnerability assessment in an automated way. So everybody who is interested will be able to implement his own version or adapt certain ideas for his projects. Besides just telling you how it could work, we will also present our framework that performs all of the steps described above automatically in a demo.
-
-
8:31
»
Hack a Day
On the list of things we’ll build ‘when we get a few free weekends,’ an electric motorcycle is right at the top. With a 20-mile range, they may not be as versatile as a car or truck, but we can’t imagine a vehicle better suited for making a quick jaunt around town. [Ben Nelson] just finished [...]
-
-
14:01
»
Hack a Day
Like all of us, [Jonathan Guberman] has a list of projects and builds that ‘will get done when I have time.’ His Kiwi drive robot is no exception. It’s intended to be one piece of a much larger project, but he decided to document it anyway (we think in the hope of getting is rear [...]
-
-
5:55
»
Carnal0wnage
I've created a video on how to use the latest module addition to the buby family of modules in wXf. The purpose behind the module is to search Burp's history and seek out parameters in requests to an application which match our list of keywords. The keywords are basically parameters that might warrant manual analysis.
Consider we've made the following requests:
http://www.example.com/welcome.php
http://www.example.com/resource.php?accountid=
http://www.example.com/help.php?page=1
Most folks would agree that the request with a parameter of
accountid warrants some manual analysis. On a larger scale (think thousands of requests), this can be tedious to search and then send to intruder or repeater. So the idea is that we have a keyword list to help speed things up, when a match is found, an alert is sent to burp and the request is sent over to repeater & intruder for manual analysis.
As of now the keyword list in wXf isn't huge but I plan on adding to it over the next few days. If you'd like to utilize GitHub's fork/edit/merge function to contribute interesting parameter names please fork the following
file.
If you have a personal keyword list that you'd like to use privately that is okay too. The video shows you how to add a file under the datum directory and reload the list of "lfiles" (files under the datum directory).
Don't forget that if you have questions on usage, installation or anything else we've provided documentation
here .
Lastly, here is the video:
wXf module buby/keyword_search_send from cktricky on Vimeo.
-
-
8:11
»
Hack a Day
Here’s a way to display which friends are logged into chat. This uses the same G-35 hacked Christmas lights we saw earlier in the month. [Andrejk's] company uses Microsoft Lync as their chat protocol when working in teams. The service has an SDK that allowed him to write some .NET code to check status and [...]
-
-
16:03
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-191 - Multiple cross-site scripting vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving the list information field or the list description field.
-
-
13:45
»
remote-exploit & backtrack
Hello, friends.
Do you know about any manner to increase the (allways short: 10 or so) number of Static DHCP List that routers use to have?
I am talking about the IP assignement that a certain MAC connecting to the local network will have.
Thanks :).
-
-
17:55
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IPSwitch IMail List Mailer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:34
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2073-1 - Florian Streibelt reported a a directory traversal flaw in the way the Mailing List Managing Made Joyful mailing list manager processed users' requests originating from the administrator web interface without enough input validation. A remote, authenticated attacker could use these flaws to write and / or delete arbitrary files.
-
-
6:29
»
Hack a Day
Looking for an interesting project to do using an Atmel Mega644? Students at Cornell University have got you covered. They were required to choose, design, and build a project using the microcontroller; and this year is quite promising with video object tracking, the always popular theremins, helicopters, Potentiostats, even Pavlovian conditioned mosquitoes, and more. Of [...]
-
-
23:06
»
Sophos security news
Q1 2010 statistics show China dramatically disappears from list of worse spam-relaying nations for the first time.
-
-
10:47
»
remote-exploit & backtrack
Hi
Sorry for this thread don't know if its being posted in the right thread but i would like to ask if you could help me, help myself and other biginner like me...
I would like to start a threat with a list of software for backtrack.
So if you could ever so kindly..
Post a software link
instruction and how to run it.
example: apt-get install vlc :)
-
-
8:07
»
remote-exploit & backtrack
hi. i have 2gb word list for cracking wpa and also i have 1gb ram and i can not copy word list to backtrack home.(im using backtrack from usb flash disk) i want to show word list to aircrack from my hdd (it is hda1) how do i do that. i tried this command
aircrack-ng -a 1 -b (essid) -w /dev/hda1/word.lst essid.cap
also tried
aircrack-ng -a 1 -b (essid) -w /media/hda1/word.lst essid.cap.
and last,
is there any usefull document for airolib-ng
sorry for my english
thanks.
-
-
14:34
»
remote-exploit & backtrack
this is my first post so be easy on me..
is there a hexagonal key generator inside backtrack?
i want to make a password list with all the possible combination's for 10 character long hexagonal keys
i already have a generator for windows (pwlistgen_v1.8 by sh4d0w) which will do this but its asking for 12tb that's space i don't have.
half the passwords it generates have 4,5,6,7,8,9,10 characters the same next to each other
e.g.
AAAAAAAAAA
BAAAAAAAAA
BBAAAAAAAA
BBBAAAAAAA
BBBBAAAAAA
and so on...
the way i see it it would be highly unlikely that a password would have more than 3 of the same characters in a row,
is there a way to generate a list that does all the passwords but don't write more than 3 characters in a row?
any ideas how much big the list would be after?
thanks :)
-
-
5:51
»
remote-exploit & backtrack
i want a wordlist as we call it for a list of number from 1000000 to 9999999
but with a 101-prefix to the list generated, i.e 1011000000, 10110000001,...
1019999999 like that.
i searched and found many but with none i'm able to get to generate a list like this. someone can guide me, then it would be great. i want any program name and the correct argument to pass to get this sort of list printed.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Wirevolution
0:00