WebPwn3r - WebApps Security Scanner

Not long ago a group of researchers at computer security reported a RCE (Remote Control Ejecution) vulnerability in a subdomain of Yahoo.com. Good in this occasion I come to present this small tool group use to detect this vulnerability. Well no more to add, comensemos.

WebPwn3r is a scanner of vulnerabilities in web applications. This mentioned tool is written in the Python language, and as I mentioned above help researchers to scan multiple links at the same time, in search of CERs or some typical vulnerabilities XSS vulnerability.

WebPwn3r detections. (The public tool only has the options *)

Scan a URL or a particular list of URL's.

* Detect and exploit remote code injection vulnerabilities.

To detect remote command execution vulnerabilities.

* Detect typical vulnerabilities Cross Site Scripting (XSS)

Detect WebKnight WAF.

It improves the payload for bypass filters seguridad(WAF 's).

Notes and print backend technologies.

Notes:

1.-This tool can also extract the URL´s of Burp Suite then guardardo in a targets.txt, to finally file that the URL's are finally analyzed by WebPwn3r.

2. This tool has great potential, since the user could optimize it to create a powerful and effective Crowler who would search all subdomains of a given domain or domains, to then classify them and print them in .txt files, to then be analyzed with a variacon of WebPwn3r.

Well then I do a little test about WebPwn3r skills, for this I will use Windows 7, since I've previously installed packages of python 3.3.

Our goal for the test will be a subdomain of the Nato.

Aim: https://transnet.act.nato.int/

We entered option 1 since we are going to do tests on a single URL. Option 2 is for multiple objective analysis and rather than enter a URL, we will enter the name of the file that stores all the URLs that will be analyzed.

So far, we can see that our goal has no RCE vulnerability, but apparently if you have multiple Cross Site Scripting vulnerabilities.

Well according to this tool our goal has 94 Cross Site Scripting vulnerabilities. Interesting but apparently this in error. This large number is because the variables were subjected to different types of scripts, some ordinary and others duly obfuscated attacks.

Note: This vulnerability was one of the many vulnerabilities that I could find in the Nato, all vulnerabilities found them with my tool Minerva v.1.4, I have used this objective to simplify the post.

Well I think that we have reached the end of the post, I hope that this small tool will be useful and serve them in the future. See you and it will be up to the next.

Not long ago a group of researchers at computer security reported a RCE (Remote Control Ejecution) vulnerability in a subdomain of Yahoo.com. Good in this occasion I come to present this small tool group use to detect this vulnerability. Well no more to add, comensemos.

WebPwn3r is a scanner of vulnerabilities in web applications. This mentioned tool is written in the Python language, and as I mentioned above help researchers to scan multiple links at the same time, in search of CERs or some typical vulnerabilities XSS vulnerability.

WebPwn3r detections. (The public tool only has the options *)

Scan a URL or a particular list of URL's.

* Detect and exploit remote code injection vulnerabilities.

To detect remote command execution vulnerabilities.

* Detect typical vulnerabilities Cross Site Scripting (XSS)

Detect WebKnight WAF.

It improves the payload for bypass filters seguridad(WAF 's).

Notes and print backend technologies.

Notes:

1.-This tool can also extract the URL´s of Burp Suite then guardardo in a targets.txt, to finally file that the URL's are finally analyzed by WebPwn3r.

2. This tool has great potential, since the user could optimize it to create a powerful and effective Crowler who would search all subdomains of a given domain or domains, to then classify them and print them in .txt files, to then be analyzed with a variacon of WebPwn3r.

Well then I do a little test about WebPwn3r skills, for this I will use Windows 7, since I've previously installed packages of python 3.3.

Our goal for the test will be a subdomain of the Nato.

Aim: https://transnet.act.nato.int/

We entered option 1 since we are going to do tests on a single URL. Option 2 is for multiple objective analysis and rather than enter a URL, we will enter the name of the file that stores all the URLs that will be analyzed.

So far, we can see that our goal has no RCE vulnerability, but apparently if you have multiple Cross Site Scripting vulnerabilities.

Well according to this tool our goal has 94 Cross Site Scripting vulnerabilities. Interesting but apparently this in error. This large number is because the variables were subjected to different types of scripts, some ordinary and others duly obfuscated attacks.

Note: This vulnerability was one of the many vulnerabilities that I could find in the Nato, all vulnerabilities found them with my tool Minerva v.1.4, I have used this objective to simplify the post.

Well I think that we have reached the end of the post, I hope that this small tool will be useful and serve them in the future. See you and it will be up to the next.

Read More

Wireshark Purposes

►Wireshark -has been around for ages and is extremely popular. Wireshark allows the pentester to put a network interface into a promiscuous mode and therefore see all traffic. This tool has many features such as being able to capture data from live network connection or read from a file that saved already-captured packets. Wireshark is able to read data from a wide variety of networks, from Ethernet, IEEE 802.11, PPP, and even loopback. Like most tools in our 2013 Concise Courses Security List the captured network data can be monitored and managed via a GUI – which also allows for plug-ins to be inserted and used. Wireshark can also capture VoIP packets (like Cain & Able ) and raw USB traffic can also be captured.:

►Wireshark -has been around for ages and is extremely popular. Wireshark allows the pentester to put a network interface into a promiscuous mode and therefore see all traffic. This tool has many features such as being able to capture data from live network connection or read from a file that saved already-captured packets. Wireshark is able to read data from a wide variety of networks, from Ethernet, IEEE 802.11, PPP, and even loopback. Like most tools in our 2013 Concise Courses Security List the captured network data can be monitored and managed via a GUI – which also allows for plug-ins to be inserted and used. Wireshark can also capture VoIP packets (like Cain & Able ) and raw USB traffic can also be captured.:

Read More

Metasploit,Nessus and Nmap Detail

►Metasploit -The Metasploit Project is a security project which delivers information about security vulnerabilities and helps penetration testing and Intrusion detection. The open source project – known as the Metasploit Framework, is used by security professionals to execute exploit code against a remote target machine – for penetration testing of course.

►Nessus -is another giant – a security tool that focuses on vulnerability scanning. There is a free and paid version – free for personal use. Started in 1998 by Renaud Deraison is has evolved into one of the world’s most popular security tools – particularly as a vulnerability scanner. The organization behind Nessus, Tenable Security, estimates that it is used by over 75,000 organizations worldwide.

Essentially Nessus scans for various types of vulnerabilities: ones that check for holes that hackers could exploit to gain control or access a computer system or network. Furthermore, Nessus scans for possible misconfiguration (e.g. open mail relay, missing security patches, etc.). The tools also scans for default passwords and common passwords which is can use execute through Hydra (an external tool) to launch a dictionary attack. Other vulnerability scans include denials of service against the TCP/IP stack.


►Nmap - is another massive giant of a security tool which has been around for forever and is probably the best known. Nmap has featured on many movies including the Matrix – just Google it and you’ll see what we mean. Written in C, C++, Python, Lua by Gordon Lyon (Fyodor) starting from 1997, Nmap (Network Mapper) is the defacto security scanner which is used to discover hosts and services on a computer network. To discover hosts on a network Nmap sends specially built packets to the target host and then analyzes the responses. The program is really sophisticated because unlike other port scanners out there, Nmap sends packets based upon network conditions by taking into account fluctuations, congestion and more.

►Metasploit -The Metasploit Project is a security project which delivers information about security vulnerabilities and helps penetration testing and Intrusion detection. The open source project – known as the Metasploit Framework, is used by security professionals to execute exploit code against a remote target machine – for penetration testing of course.

►Nessus -is another giant – a security tool that focuses on vulnerability scanning. There is a free and paid version – free for personal use. Started in 1998 by Renaud Deraison is has evolved into one of the world’s most popular security tools – particularly as a vulnerability scanner. The organization behind Nessus, Tenable Security, estimates that it is used by over 75,000 organizations worldwide.

Essentially Nessus scans for various types of vulnerabilities: ones that check for holes that hackers could exploit to gain control or access a computer system or network. Furthermore, Nessus scans for possible misconfiguration (e.g. open mail relay, missing security patches, etc.). The tools also scans for default passwords and common passwords which is can use execute through Hydra (an external tool) to launch a dictionary attack. Other vulnerability scans include denials of service against the TCP/IP stack.


►Nmap - is another massive giant of a security tool which has been around for forever and is probably the best known. Nmap has featured on many movies including the Matrix – just Google it and you’ll see what we mean. Written in C, C++, Python, Lua by Gordon Lyon (Fyodor) starting from 1997, Nmap (Network Mapper) is the defacto security scanner which is used to discover hosts and services on a computer network. To discover hosts on a network Nmap sends specially built packets to the target host and then analyzes the responses. The program is really sophisticated because unlike other port scanners out there, Nmap sends packets based upon network conditions by taking into account fluctuations, congestion and more.

Read More

John The Ripper Tool Uses:

John The Ripper -is a free password cracking software tool. Originally created for the UNIX operating system, it currently works on every major operating system. By far, this tool is one of the most popular password testing and breaking programs used by information security professionals. The pentesting tool combines various password crackers into one concise package which is then able to identify password hash types through its own customizable cracker algorithm.

John The Ripper -is a free password cracking software tool. Originally created for the UNIX operating system, it currently works on every major operating system. By far, this tool is one of the most popular password testing and breaking programs used by information security professionals. The pentesting tool combines various password crackers into one concise package which is then able to identify password hash types through its own customizable cracker algorithm.

Read More

Ettercap tool uses:

Ettercap - is a free and open source network security tool for man-in-the-middle attacks (MITM) on LAN. The security tool can be used to analyze computer network protocols within a security auditing context. Ettercap has four methods of functionality:
Security scanning by filtering IP-based packets, MAC-based: whereby packets are filtered based on MAC address, (this is useful for sniffing connections through a gateway). ARP-based scanning by using ARP poisoning to sniff on a switched LAN between two hosts (known as full-duplex). PublicARP-based functionality: Ettercap uses ARP poisoning to sniff on a switched LAN from a victim host to all other hosts (known as half-duplex).

Ettercap - is a free and open source network security tool for man-in-the-middle attacks (MITM) on LAN. The security tool can be used to analyze computer network protocols within a security auditing context. Ettercap has four methods of functionality:
Security scanning by filtering IP-based packets, MAC-based: whereby packets are filtered based on MAC address, (this is useful for sniffing connections through a gateway). ARP-based scanning by using ARP poisoning to sniff on a switched LAN between two hosts (known as full-duplex). PublicARP-based functionality: Ettercap uses ARP poisoning to sniff on a switched LAN from a victim host to all other hosts (known as half-duplex).

Read More

Cain & Abel Uses:

Cain & Abel - has a reputation of being a bit of a script-kiddie tool, but it is still awesome nonetheless. Cain & Abel is defined as being a password recovery tool. This tool allows a penetration tester to recover various types of passwords by sniffing the network, and cracking encrypted passwords using either a dictionary or brute-force attacks. The tool can also record VoIP conversations and has the ability to decode scrambled passwords, discover WiFi network keys and cached passwords. With the correct usage and expertise, a penetration tester can also analyze routing protocols. The security tool does not inherently exploit any software vulnerabilities or holes, rather it identifies security weaknesses in protocol’s standards.

Cain & Abel - has a reputation of being a bit of a script-kiddie tool, but it is still awesome nonetheless. Cain & Abel is defined as being a password recovery tool. This tool allows a penetration tester to recover various types of passwords by sniffing the network, and cracking encrypted passwords using either a dictionary or brute-force attacks. The tool can also record VoIP conversations and has the ability to decode scrambled passwords, discover WiFi network keys and cached passwords. With the correct usage and expertise, a penetration tester can also analyze routing protocols. The security tool does not inherently exploit any software vulnerabilities or holes, rather it identifies security weaknesses in protocol’s standards.

Read More

Aircrack-ng Tool Info

Aircrack-ng -is a comprehensive set of network security tools that includes, aircrack-ng (which can cracks WEP and WPA Dictionary attacks), airdecap-ng (which can decrypts WEP or WPA encrypted capture files), airmon-ng (which places network cards into monitor mode, for example when using the Alfa Security Scanner with rtl8187), aireplay-ng (which is a packet injector), airodump-ng (which is a packet sniffer), airtun-ng (which allows for virtual tunnel interfaces), airolib-ng (which stores and manages ESSID and password lists), packetforge-ng (which can create encrypted packets for injection), airbase-ng (which incorporates techniques for attacking clients) and airdecloak-ng (which removes WEP cloaking). Other tools include airdriver-ng (to manage wireless drivers), airolib-ng (to store and manages ESSID and password lists and compute Pairwise Master Keys), airserv-ng (which allows the penetration tester to access the wireless card from other computers). Airolib-ng is similiar to easside-ng which allows the user to run tools on a remote computer, easside-ng (permits a means to communicate to an access point, without the WEP key), tkiptun-ng (for WPA/TKIP attacks) and wesside-ng (which an an automatic tool for recovering wep keys). Aircrack has a GUI interface – called Gerix Wifi Cracker

Aircrack-ng -is a comprehensive set of network security tools that includes, aircrack-ng (which can cracks WEP and WPA Dictionary attacks), airdecap-ng (which can decrypts WEP or WPA encrypted capture files), airmon-ng (which places network cards into monitor mode, for example when using the Alfa Security Scanner with rtl8187), aireplay-ng (which is a packet injector), airodump-ng (which is a packet sniffer), airtun-ng (which allows for virtual tunnel interfaces), airolib-ng (which stores and manages ESSID and password lists), packetforge-ng (which can create encrypted packets for injection), airbase-ng (which incorporates techniques for attacking clients) and airdecloak-ng (which removes WEP cloaking). Other tools include airdriver-ng (to manage wireless drivers), airolib-ng (to store and manages ESSID and password lists and compute Pairwise Master Keys), airserv-ng (which allows the penetration tester to access the wireless card from other computers). Airolib-ng is similiar to easside-ng which allows the user to run tools on a remote computer, easside-ng (permits a means to communicate to an access point, without the WEP key), tkiptun-ng (for WPA/TKIP attacks) and wesside-ng (which an an automatic tool for recovering wep keys). Aircrack has a GUI interface – called Gerix Wifi Cracker

Read More

Acunetix Tool Info

Acunetix -has a free and paid version. This hacking tool has many uses but in essence it tests and reports on SQL injection and Cross Site scripting testing. It has a state of the art crawler technology which includes a client script analyzer engine. This security tool generates detailed reports that identify security issues and vulnerabilities. The latest version, Acunetix WVS version 8, includes several security features such as a new module that tests slow HTTP Denial of Service.This is useful for penetration testers and developers both.

Acunetix -has a free and paid version. This hacking tool has many uses but in essence it tests and reports on SQL injection and Cross Site scripting testing. It has a state of the art crawler technology which includes a client script analyzer engine. This security tool generates detailed reports that identify security issues and vulnerabilities. The latest version, Acunetix WVS version 8, includes several security features such as a new module that tests slow HTTP Denial of Service.This is useful for penetration testers and developers both.

Read More