From Paul's Security Weekly
Jump to: navigation, search

Episode Audio

Guest Interview: Ferruh Mavituna

CEO / Product Architect Ferruh Mavituna has been working in the application security industry for well over a decade and his ambition to ease the process of automatically detecting web application vulnerabilities led him to build Netsparker, and pursued it to the point of commercial reality. Ferruh is also the Netsparker’s Product Architect.

Tech Segment: Scanning Web Sites With Nmap

nmap -p80 --script=http-enum TARGETS

nmap -p80 -sV --script=(default or safe or intrusive) and not http-slowloris* and http-* -oA myservers -iL myservers

| http-enum:
|   /maintenance/: Possible admin folder
|   /README: Interesting, a readme.
|   /docs/README: Interesting, a readme.
|   /cache/: Potentially interesting directory w/ listing on 'apache/2.4.10 (debian)'
|   /docs/: Potentially interesting directory w/ listing on 'apache/2.4.10 (debian)'
|   /images/: Potentially interesting directory w/ listing on 'apache/2.4.10 (debian)'
|   /includes/: Potentially interesting directory w/ listing on 'apache/2.4.10 (debian)'
|   /tests/: Potentially interesting directory w/ listing on 'apache/2.4.10 (debian)'
|_  /vendor/: Potentially interesting directory w/ listing on 'apache/2.4.10 (debian)'
| http-useragent-tester:
|     Allowed User Agents:
|     Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
|     libwww
|     lwp-trivial
|     libcurl-agent/1.0
|     PHP/
|     Python-urllib/2.5
|     GT::WWW
|     Snoopy
|     MFC_Tear_Sample
|     HTTP::Lite
|     PHPCrawl
|     URI::Fetch
|     Zend_Http_Client
|     http client
|     PECL::HTTP
|     Wget/1.13.4 (linux-gnu)
|     WWW-Mechanize/1.34
| http-wordpress-brute:
|   Accounts: No valid accounts found
|_  Statistics: Performed 2879 guesses in 501 seconds, average tps: 5
| http-wordpress-enum:
| Search limited to top 100 themes/plugins
|   plugins
|     contact-form-7 4.4
|     jetpack 3.9.4
|   themes
|_    twentyfourteen 1.6
| http-wordpress-users:
| Username found: harry
| Username found: dick
| Username found: tom

Stories of the Week - 7:00PM-8:00PM

Paul's Stories

  1. "Stealthy USB Trojan hides in portable applications - "USB ports should be disabled wherever possible and, if that’s not possible, strict policies should be in place to enforce care in their use," said Tomáš Gardoň, a malware analyst at ESET, in a separate blog post. "It’s highly desirable for staff at all levels to undergo cybersecurity training -- including real-life testing." Is that really the answer?
  2. Mobile Security: Why App Stores Don't Keep Users Safe - Interesting set of bypasses for App Stores.
  3. FBI — Cyber’s Most Wanted - Looks like Carlos Perez IS on the list!
  4. TP-Link blocks open source router firmware to comply with new FCC rule - This is horrible.
  5. "Once thought safe - Also, [See this http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html] from Google.
  6. "What does Oman - This is a really cool article on Typosquatting and the .cm domain.
  7. Emergency Java Patch Re-Issued for 2013 Vulnerability - Yea, so, that patch from 3 years ago, yea turns out it didn't work. WTF!
  8. FBI Warns On Risks Of Car Hacking - However, there has not yet been a real-world example of such hacking. Doesn't mean you shouldn't update your firmware!
  9. MITRE Rolls Out New CVE System After Reg Reveal - Wow, the code that will break with the new format! (Like my own code...)
  10. Only 0.1% Of You Are Doing Web Server Security Right - Seem Netcraft is calling people out as well they should.
  11. Hacktivists caught tampering with water treatment plant - *sigh* The hack - which involved SQL injection and phishing - exposed KWC's ageing AS/400-based operational control system because login credentials for the AS/400 were stored on the front-end web server. This system, which was connected to the internet, managed programmable logic controllers (PLCs) that regulated valves and ducts that controlled the flow of water and chemicals used to treat it through the system.
  12. Firmware bug in CCTV software may have given POS hackers a foothold - This kills me: The big security problem is that this kind of software shouldn't be accessible from the public Internet. NO NO NO NO NO NO...NO! The big security problem is someone wrote vulnerable code! Then someone didn't find it in QA. Then it went into production, and no one reported (or no one founded it). I mean this is like saying "I bought a car with a faulty seat belt, so the manufacturer said not to drive it over 20 mi/hr". Wait, Whut? This is like the
ultimate moron game. First, don't put the bugs in the software, or at least have a process for reducing bugs. Second, don't put crap on the Internet that doesn't belong on the Internet!
  1. Researchers Find Hole In SIP - Keep in mind this is a local attack, e.g. you have to be pwned already, the priv esc. bypasses SIP.

Joff's Stories

  1. USB Malware
  2. Verizon Breach