n8 will be presenting his recent research on several Microsoft Exchange Client Access Server vulnerabilities “Penetrate your OWA” at PasswordsCon 2014 in Las Vegas on August 5th, 2014.
I was informed last month of the release of the new “Faraday” penetration testing framework. A key feature of this framework is its ability to parse the output from various other security tools, including Foofus.Net’s Medusa! Here is the official release from the Infobyte folks:
We are happy to announce our first release of Faraday (beta), an open source collaborative Penetration Test IDE console that uses the same tools you use every day.
Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment
We built a plugin system, where all the I/O from the terminal gets interpreted, if we have a plugin for the command, the output is processed and added to a knowledge base in a transparent way.
Our idea was to build a tool that helps from the perspective of a pentester without changing the way you work, adding the support for multi user collaboration on security testing projects.
Developed with a specialized set of functionalities that help users improve their own work adding collaborative data sharing, indexation and analysis of the generated knowledge during the engagement of a security audit.
* +40 Plugins (Metasploit, Amap, Arachini, Dnsenum, Medusa, Nmap, Nessus, w3af, Zap and More!)
* Collaborative support
* Information Highlighting
* Knowledge Filtering
* Information Dashboard
* Conflict Detection
* Support for multiple Workspaces
* IntelliSense Support
* Easy Plugin Development
* XMLRPC, XML and Regex Parsers
#faraday-dev on irc.freenode.net
I recently gave the talk “Insidious Implicit Windows Trust Relationships” at BSides Detroit. You can download a PDF of the awesome slides and notes here.
Thanks to my foofus.net colleagues for their prior work to make this possible.
On March 14, 2013 I released the white paper “Practical Exploitation Using Malicious SSIDs” at Black Europe in Amsterdam. This paper discuses the concept of leveraging SSIDs to inject various attacks into Wireless devices, and management consoles. The type of injection attacks discussed include XSS, CSRF, and format strings attacks. A copy of the whitepaper can be downloaded from HERE.
Its been almost a year since this firmware process hack was first discussed at CarolinaCon by percX. PercX has finally finished up his tutorial/white paper on the subject. In this paper he discusses the hack in-depth. Covering the step by step process around how to gain root level access to high end Xerox MFP devices, how the firmware signing process works, and how to protect yourself from this attack. The paper can be downloaded by clicking here.
PercX will be presenting his recent research on injection attacks using malicious SSIDs “Practical Exploitation Using A Malicious Service Set Identifier (SSID)” at Blackhat Europe in Amsterdam on March 14-15 2013.
We are foofus.net. We are Humoctopus. Many of us will be at Defcon, where The Danger Is Real.
Updated release of Praeda 0.02.0b can be downloaded from GITHUB HERE . This release contains a few new modules and an update to the dispatcher, allowing NMAP .gnmap as target input.
PercX will be presenting more printer hacking at the Oslo, Norway security conference HackCon on March 28th “From Printer to Pwnd – Leveraging Multifunction Printers During Penetration Testing”. During his presentation he will also be discussing a new ‘simple’ attack against printer firmware update process on high end business MFP devices to gain root level access. This will also coincide with an updated release of PRAEDA that will contain updates to the dispatcher, allowing NMAP .gnmap as target input.
While examining a Lexmark X656de multifunction printer awhile back I was pleased to “NOT” find any of the common information leakage vulns like passwords within the html source that you typically find on these type of devices. Which was a good sign. Although with a little more testing it was quickly found that the export setting feature was a total fail. Once I exported the system setting (settingfile.ucf) using the export function, it revealed the plain test password for the SMTP settings .
For the latest advisory on this click here