General

4*

I was informed last month of the release of the new “Faraday” penetration testing framework. A key feature of this framework is its ability to parse the output from various other security tools, including Foofus.Net’s Medusa! Here is the official release from the Infobyte folks:

We are happy to announce our first release of Faraday (beta), an open source collaborative Penetration Test IDE console that uses the same tools you use every day.

Faraday introduces a new concept (IPE) Integrated Penetration-Test Environment

We built a plugin system, where all the I/O from the terminal gets interpreted, if we have a plugin for the command, the output is processed and added to a knowledge base in a transparent way.

Our idea was to build a tool that helps from the perspective of a pentester without changing the way you work, adding the support for multi user collaboration on security testing projects.

Developed with a specialized set of functionalities that help users improve their own work adding collaborative data sharing, indexation and analysis of the generated knowledge during the engagement of a security audit.

[Features]
* +40 Plugins (Metasploit, Amap, Arachini, Dnsenum, Medusa, Nmap, Nessus, w3af, Zap and More!)
* Collaborative support
* Information Highlighting
* Knowledge Filtering
* Information Dashboard
* Conflict Detection
* Support for multiple Workspaces
* IntelliSense Support
* Easy Plugin Development
* XMLRPC, XML and Regex Parsers

Get it now:
http://www.faradaysec.com
https://github.com/infobyte/faraday

[Contact]
@faradaysec
#faraday-dev on irc.freenode.net

We hope you enjoy it!

Francisco Amato
http://www.linkedin.com/in/famato
http://twitter.com/famato

Infobyte LLC.
2699 S. Bayshore Dr #300.
[33133], Miami, FL
Phone: +1 305 851 3373
http://www.infobytesec.com
http://blog.infobytesec.com
http://twitter.com/infobytesec

 

On March 14, 2013 I released the white paper “Practical Exploitation Using Malicious SSIDs” at Black Europe in Amsterdam. This paper discuses the concept of leveraging SSIDs to inject various attacks into Wireless devices, and management consoles. The type of injection attacks discussed include XSS, CSRF,  and format strings attacks. A copy of the whitepaper can be downloaded from HERE.

Twitter: @percent_x

Its been almost a year since this firmware process hack was first discussed at CarolinaCon by percX. PercX has finally finished up his tutorial/white paper on the subject. In this paper he discusses the hack in-depth. Covering the step by step process around how to gain root level access to high end Xerox MFP devices, how the firmware signing process works, and how to protect yourself from this attack.  The paper can be downloaded by clicking here.

@percent_x

PercX will be presenting more printer hacking at the Oslo, Norway security conference  HackCon  on March 28th  “From Printer to Pwnd – Leveraging Multifunction Printers During Penetration Testing”. During his presentation he will also be discussing a new ‘simple’ attack against printer firmware update process on high end business MFP devices to gain root level access. This will also coincide with an updated release of PRAEDA that will contain updates to the dispatcher, allowing NMAP .gnmap as target input.

While examining a Lexmark X656de multifunction printer awhile back I was pleased to “NOT” find any of the common information leakage vulns like passwords within the html source that you typically find on these type of devices. Which was a good sign. Although with a little more testing it was quickly found that the export setting feature was a total fail. Once I exported the system setting (settingfile.ucf) using the export function, it revealed the plain test password for the SMTP settings .

For the latest advisory on this click here

Ok now that we have showed you how to bypass authentication on a Toshiba eStudio MFP device. The next obvious step is what data can be extracted. Well it turns out that the Toshiba eStudio multifunction printers also leaks data. If you examine the HTML source code of any of the configuration pages you will find the passwords in plan text. Yes that ******* in the password configuration setting field is not really hiding anything.

For Latest Advisory click here