Week 48 in Review – 2010



  • Two New HTTP POST Attack Tools Released – sectechno.com
    Currently there is two free utility that may perform this attack d “R U Dead Yet?” and OWASP HTTP POST Tool tool offers unattended execution by providing the necessary parameters within a configuration file.
  • thicknet – github.com/SpiderLabs/thicknet
    thicknet is a TCP session manipulation and take-over tool. The tool is
    initially aimed at downgrading Oracle sessions and issuing SQL queries
    using an already-established session. This is an early proof-of-concept,
    version, but the basic concepts are there to write modules and do MITM
    against a variety of protocols.
  • Meterpreter scripts for RunAs privilege escalation & other mischief – grep8000.blogspot.com
    send_keystrokes.rb: Meterpreter script to interactively send keystrokes to an open application window using the vbscript SendKeys method. Can be used to escalate privileges into RunAs-invoked command shells on XP.
  • sqlinject-finder – code.google.com/p/sqlinject-finder/
    Simple python script that parses through a pcap and looks at the GET and POST request data for suspicious and possible SQL injects. Rules to check for SQL injection can be easily added. Output can be printed neatly on the command line or in tab delimited format.
  • cvechecker 2.0 – cvechecker.sourceforge.net/
    Version 2.0 is now available for this vulnerability  detection tool.
  • Javasnoop – code.google.com/p/javasnoop/
    JavaSnoop attempts to solve this problem by allowing you attach to an existing process (like a debugger) and instantly begin tampering with method calls, run custom code, or just watch what’s happening on the system.
  • Social-Engineering Ninja v0.4 is out! – grey0.wordpress.com
    This is the new release of ninja phishing framework.


  • Episode #123: Bad Connections – commandlinekungfu.com
    Similar to last week, this week’s challenge comes from Tim’s friend who is mentoring a CCDC team. The mentor was interested in creating some shell fu that lets them monitor all network connections in and out of a system and get information about the executable that’s handling the local side of the connection.
  • Packet Payloads, Encryption and Bacon – packetstan.com
    Over the years I’ve used a couple of techniques to evaluate the content of packet captures to determine if the traffic is encrypted or just obfuscated.
  • Login notifications, pam_exec scripting – stalkr.net
    If you like monitoring, you might want to receive notifications at every (or only root) login, in addition to logs.
  • All your drives are belong to us – fortinet.com
    A new Ransomware module was recently discovered by Fortiguard Labs. When a machine infected with this Ransomware is restarted, the user is greeted with the following boot screen.
  • JavaScript Obfuscation of Metasploit Browser Exploits for AV bypass – grep8000.blogspot.com
    Bam. 0-day with AV bypass? Yeah, you’re on the pwnie express. :} Thanks to Will Metcalf for pointing me in the right direction!
  • Windows PE Header – marcoramilli.blogspot.com
    Each executable file has a Common Object File Format COFF which is used from the OS loader to run the program. Windows Portable Executable (PE) is one of the COFF available in todays OS. For example the Executable Linking File (ELF) is the main Linux COFF.
  • Shearing FireSheep with the Cloud – stratumsecurity.com
    Enjoy surfing open wireless networks or hostile wired network securely!
  • Internal Port Scanning via Crystal Reports – spl0it.wordpress.com
    This is faster than using BeEF’s JavaScript internal portscanning functionality and it doesn’t require client interaction. Pwn dem v0hns!


  • Exploit Code Out For New Windows Kernel Flaw – threatpost.com
    The new Windows kernel bug is considered a critical vulnerability, even though it can’t be exploited remotely, thanks to the fact that an attacker could use it gain powerful credentials on a compromised system and take complete control of the machine.

Vendor/Software Patches:

  • New Tool Patches Offline VMs – darkreading.com
    Nuwa, named after the Chinese goddess who patched a hole in the sky, aims to fix cloud computing security hole.

Other News:

One Comment

  1. […] This post was mentioned on Twitter by Cyber Informer, Win Security. Win Security said: Week 48 in Review – 2010: [#infosecevents.net] Resources: Impersonating The Domain Administrator via SQL Server… http://dlvr.it/9r41z […]

Leave A Comment