RSS Feed

carnal0wnage: Grabbing Index Pages Of Webservers

CG — Sat, 04 Sep 2010 17:47:00 -0600

Grabbing the index pages of web servers seems like a no brainer and something every pentester is going to perform on a test. The problem I ran into is how do you get this info once your inside and using meterpreter as your pivot into the network.

Your current options are to port forward to each host or set up a route via your meterpreter session and run some sort of auxiliary module. You can tcp port scan and find open ports or use the [http_version] module to see server version but you don't get a feel for whats actually on the site.

I opted to write something that would scan a range, perform a HTTP GET of / on the ip, then take the resulting body from the response, which should be html, and save it to a file to look at afterwards.

Looks like this when it runs...

msf auxiliary [http_index_grabber)] > set RHOSTS carnal0wnage.com/24
RHOSTS => carnal0wnage.com/24
msf auxiliary [http_index_grabber)] > run
[+] Received a HTTP 200...Logging to file: /home/cg/.msf3/logs/auxiliary/http_index_grabber/209.20.85.4_20100904.4426.html
[+] Received a HTTP 200...Logging to file: /home/cg/.msf3/logs/auxiliary/http_index_grabber/209.20.85.5_20100904.4429.html
[*] Received 301 to [drumsti.cc] for 209.20.85.10:80/
[-] Received 403 for 209.20.85.8:80/
[+] Received a HTTP 200...Logging to file: /home/cg/.msf3/logs/auxiliary/http_index_grabber/209.20.85.12_20100904.4432.html
...
[*] Received 302 to [209.20.85.57] for 209.20.85.57:80/ [+] Received a HTTP 200...Logging to file: /home/cg/.msf3/logs/auxiliary/http_index_grabber/209.20.85.56_20100904.4503.html
[*] Received 302 to [209.20.85.51] for 209.20.85.51:80/

you can then check out the folder with the results

code is here:
[carnal0wnage.googlecode.com]

security-focus: Vuln: maildrop Group Permission Dropping Privilege Escalation Vulnerability

Mon, 06 Sep 2010 00:00:00 -0600

maildrop Group Permission Dropping Privilege Escalation Vulnerability

security-focus: Vuln: Quagga bgpd Null Pointer Deference Denial Of Service Vulnerability

Mon, 06 Sep 2010 00:00:00 -0600

Quagga bgpd Null Pointer Deference Denial Of Service Vulnerability

security-focus: Vuln: Quagga bgpd Route-Refresh Message Stack Buffer Overflow Vulnerability

Mon, 06 Sep 2010 00:00:00 -0600

Quagga bgpd Route-Refresh Message Stack Buffer Overflow Vulnerability

security-focus: Vuln: lvm2-cluster 'clvmd' Local Privilege Escalation Vulnerability

Mon, 06 Sep 2010 00:00:00 -0600

lvm2-cluster 'clvmd' Local Privilege Escalation Vulnerability

register: MS probes mystery IE bug

Team Register — Mon, 06 Sep 2010 09:28:00 -0600

URL shortening shenanigans

Microsoft is investigating reports of a new bug in Internet Explorer.…

securiteam: Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability

Mon, 06 Sep 2010 13:02:00 -0600

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires user interaction in that a victim must open a malicious PUB file.

Make your website safer. Use external penetration testing service. First report ready in one hour!

securiteam: MyBB Password Reset Email BCC Injection Vulnerability

Mon, 06 Sep 2010 13:07:00 -0600

An email injection vulnerability was discovered in MyBB allows injecting e.g. BCC mail headers into password reset emails.

Make your website safer. Use external penetration testing service. First report ready in one hour!

remote-exploit: Kismet troubles

dellthinker — Mon, 06 Sep 2010 13:23:24 -0600

Hi all, quick question. I configured kismet to work with my Alfa AWUS036H USB wireless card with these configurations...

Code: source=rt8180,wlan0,ALFA Kismet starts up fine, but it doesn't detect any APs. Does anyone know what might be the problem? I've got it to work when I ran Linux as a host machine. But now it's running in a VM. But I hardly think that could be the problem because I let the VM take control of the card. Any suggestions? Thanx in advance.

hack-a-day: Snake bot climbs trees

Caleb Kraft — Mon, 06 Sep 2010 08:23:00 -0600

While you are out enjoying your Labor Day festivities, keep an eye out for robot snakes in the trees. The CMU robotics lab has built a snake bot named Uncle Sam that can climb trees and poles. As you can see in the video after the break, the bot seems to have no problem at [...]

register: Symantec finally secures HackIsWack

Team Register — Mon, 06 Sep 2010 06:41:00 -0600

It's such a bungle, sometimes, it makes you wonder...

Symantec has belatedly secured its laughable HackIsWack competition website.…

register: iPad scammers hack Kirstie Allsopp's Twitter

Team Register — Mon, 06 Sep 2010 05:06:00 -0600

Posh property presenter pwned

iPad scammers managed to reach a huge potential audience last weekend after they took over a Twitter profile maintained by British TV presenter Kirstie Allsopp.…

register: Browser security warning lookalike pushes malware

Team Register — Mon, 06 Sep 2010 04:42:00 -0600

Zeven deadly sins

Scareware peddlers have developed a new ruse that relies on mimicking browser warning pages.…

register: USB stick with anti-terror training found outside police station

Team Register — Mon, 06 Sep 2010 03:07:00 -0600

Keychain cops

A memory stick containing anti-terror training manuals and other sensitive material was reportedly found on a street outside a Manchester police station.…

darknet: Google Agrees To Pay $ 8.5 Million To Settle Buzz Class Action Lawsuit

Darknet — Mon, 06 Sep 2010 01:32:57 -0600

And once again Google is in the news regarding privacy issues, this time it’s regarded their social networking service Buzz (which by all accounts is pretty much a flop). The way in which the service used Gmail users address books alarmed a lot of people and the default settings were rather risky and revealed a [...]

Read the full post at darknet.org.uk

remote-exploit: Asus Eee pc 1005P

gvardal — Mon, 06 Sep 2010 01:08:06 -0600

First of all sorry about my english,
I bought an ASUS Eeepc 1005P netbook and downloaded bt4 final iso and setup a USB pen drive when i start netbook from USB, no screens found message occur then stop the working
What can i do ?

security-focus: Vuln: Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability

Mon, 06 Sep 2010 00:00:00 -0600

Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability

security-focus: Vuln: Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability

Mon, 06 Sep 2010 00:00:00 -0600

Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability

security-focus: Vuln: Microsoft Windows Movie Maker and Producer '.mswmm' Buffer Overflow Vulnerability

Mon, 06 Sep 2010 00:00:00 -0600

Microsoft Windows Movie Maker and Producer '.mswmm' Buffer Overflow Vulnerability