Difference between revisions of "Episode119"

From Security Weekly Wiki
Jump to navigationJump to search
Line 9: Line 9:
 
= Announcements & Shameless Plugs =
 
= Announcements & Shameless Plugs =
  
Live from the PaulDotCom Studios Welcome to PaulDotCom Security Weekly, Episode 118 for August 17th, 2008
+
Live from the PaulDotCom Studios Welcome to PaulDotCom Security Weekly, Episode 119 for August 21st, 2008
  
 
Welcome to PaulDotCom Security Weekly, a show for security professionals, by security professionals.
 
Welcome to PaulDotCom Security Weekly, a show for security professionals, by security professionals.
Line 21: Line 21:
 
** Featuring wireless, voip, and SCADA!
 
** Featuring wireless, voip, and SCADA!
 
* Help support pauldotcom with your donations.  Visit http://pauldotcom.com and press the DONATE button.Note: Thanks to listener Ken for the donation!
 
* Help support pauldotcom with your donations.  Visit http://pauldotcom.com and press the DONATE button.Note: Thanks to listener Ken for the donation!
* NS2008! Paul giving keynote: Things That Go Bump In The Network: Embedded Device (In)Security and teaching SEC535, Network Security Projects Using Hacked Wireless Routers!
+
* NS2008! Paul giving keynote: Things That Go Bump In The Network: Embedded Device (In)Security and teaching SEC535, Network Security Projects Using Hacked Wireless Routers! Don't forget our live podcast!
 +
* Check out the new beer listing.
  
 
= Mini-tech Segment - [http://samurai.intelguardians.com SamuraiWTF] =  
 
= Mini-tech Segment - [http://samurai.intelguardians.com SamuraiWTF] =  

Revision as of 19:42, 21 August 2008


Sponsors

This episode is sponsored by Core Security Technologies, helping you penetrate your network. Rock out with your 'sploit out and check out the client side exploit and web application testing modules! Listen to this podcast and qualify to receive a 10% discount on Core Impact, worlds best penetration testing tool.

This podcast is also sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notibly the creators of Nessus, the worlds best vulnerability scanner. Tenable Security Center software extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable also offers a Direct Feed subscription for immediate access to new Nessus plugins, and compliance checks” Tenable – Unified Security Monitoring!

Announcements & Shameless Plugs

Live from the PaulDotCom Studios Welcome to PaulDotCom Security Weekly, Episode 119 for August 21st, 2008

Welcome to PaulDotCom Security Weekly, a show for security professionals, by security professionals.

  • PaulDotCom SANS Click-Through - Go there, register for fabulous SANS training! Go now!
  • ICE (Integrated Cyber Exercise) - Oct. 1-3 at SANS Las Vegas!
    • Larry and I will each lead a team, names to be announced
    • Attendance and participation is FREE, come join one of our teams!
    • 4 Networks, 1) Attackers 2) Defenders 3) Public/Internetish 4) Spectator Room
    • Looking for food/drink sponsor
    • Featuring wireless, voip, and SCADA!
  • Help support pauldotcom with your donations. Visit http://pauldotcom.com and press the DONATE button.Note: Thanks to listener Ken for the donation!
  • NS2008! Paul giving keynote: Things That Go Bump In The Network: Embedded Device (In)Security and teaching SEC535, Network Security Projects Using Hacked Wireless Routers! Don't forget our live podcast!
  • Check out the new beer listing.

Mini-tech Segment - SamuraiWTF

Kevin Johnson has done an awesome service to the community here. SamuraiWTF, as we've talked about briefly is a live CD full of Web app testing tools. Right now it is development "alpha', so there are still a few issues that are being resolved. They've even gone far enough to configure Wine to include some of the windows tools.

Note on logging in: (which will be better documented) The user to login as is "samurai" with the password of "samurai"

Some of the tools that we've talked about on the show in the past are included on the CD - HTTPrint, Nikto, Paros Proxy, the Burp Suite, Maltego CE and Gooscan.

I was real happy to see Grendel included as well, which was released right about DEFCON time. Grendel is pretty easy to use, and even provides a local proxy for additional manual testing, a la burp and Paros.

DirBuster (from OWASP) will brute force directories on a webserver to see if they exist. It likes a file to pre-populate (aka a "rainbow table"), but I wasn't able to locate a list on the CD in a few seconds, so I elected to do a brute force. It found some stuff right off on the site I tested (with permission), however with the default thread count, it would take 62254470 Days to complete! As you can see from the screen shots, I have at least one directory to follow up on.

I was hoping for some good bookmarks in the browser. I was happy to find the local install of BeEF, Ajax Shell, PHP Shell, and the local wiki - great for documenting your findings!

Of course, they also included w3af- the Web application Attack and Audit Framework, including the nice gui. w3af is similar in concept to Nessus, in that you define a host, and pick tests to run against it. It also adds the features of Metasploit, in that it can exploit its findings and deploy connection methods.

I must say the guys have done a fantastic job at the "first pass" development release to include some awesome, helpful tools all in one place. You can be sure that I'll be keeping this one around!

Kevin is always looking for feedback, tool suggestions and feature requests, so feel free to download, USE it, and offer kevin some feedback. His contact info can be found at the project site samurai.intelguardians.com

Stories For Discussion

FEMA phones hacked for toll calls - [Larry] - Yep, hackers broke in to the phone system and were able to place $12k in calls to Europe and Asia. The security consultant claims that the hack is "old school". Certainly, but we all know when there is money to be saved or made, the attack is certainly one attackers look for. Now, the method in which the hack was conducted? Even more old school - they attacker apparently utilized the default administrative password. FEMA blames the contractor that set up the system for leaving this open. Time for someone to start examining that contract... And yes, FEMA is a division of DHS, the same folks who are ultimately responsible for the TSA fun cavity searches at US airports. It gets better - allegedly DHS put out a notice for this type of system vulnerability in 2003...

Combatting Stego - [Larry] - I thought that this was an interesting approach - just add your own stego over top on systems where you can automate.

Search engines uncover potential Olympics "fraud" - [Larry] - Note, not a political commentary on China, the Olympics or the IOC. Stryde Hax (and apparently the AP as well) used Google.cn and Baidu so search for information about the age of China's star, gold winning gymnast He Kexin. From Excel documents found from "official" Chinese sources (Like the state run Chinese Gymnastics Association) list her birth-date as 1994, in contrary to her passport, which lists 1992. After access, the documents disappeared, but remained in search cache, then not in Google's but still in Baidu's. An important pont to be careful about what gets put on the internet - expand here!

Cisco Shell codes - [Larry] - Neat. Yay or full disclosure. Some patches for IOS to enable backdoor VTY/TTY sessions with a priv of 15 with no password.

DEFCON r ful ov hackrz - [Larry] - Wow, I love it when lawyers get it wrong.

Helpful tools for malware removal - [Larry] I know we all get calls form family to fix computers, usually for malware. Here's a great tool to gather all of the applicable tools in a jiffy. We of course know that the only way to totally remove the problem is a format and install Linux. :-)