Week 19 in Review – 2012

Resources

• Research for SharePoint (MOSS) – owasp.org
  This page contains research notes on Microsoft’s SharePoint MOSS and WSS
• MS SQL – Useful Stored Procedures for SQL Injection and Ports Info – pentesticles.com
  The following post lists and describes various useful stored procedures and port information for MS SQL.
• Portable Executable 101 – a windows executable walkthrough – code.google.com
  This graphic (PDF JPG) is a walkthrough of a simple windows executable, that shows its dissected structure and explains how it’s loaded by the operating system.
• SAP Slapping – labs.mwrinfosecurity.com
  Dave Hartley delivered his “SAP Slapping” presentation at the CRESTCon and BSides London security conferences recently. The talk provides a high level overview of common SAP system vulnerabilities and misconfigurations.
• Scanning the Web with Ammonite – resources.infosecinstitute.com
  Ammonite is a Fiddler extension used to scan web applications for common vulnerabilities like verbose and blind SQL injection, OS commanding, local file inclusion, buffer overflows, format string vulnerabilities etc.
• Exploiting Windows 2008 – esec-pentest.sogeti.com
  Internal network pentesting involving domain controllers requires a few steps in order to gain domain administrator access. One of them usually requires to gain local administrator access to a workstation.

Tools

• Gason – BurpSuite Plugin’s Project – Google Project Hosting – code.google.com
  This project contains a plugin to extend BurpSuite proxy. And know you can run gason stand alone!!
• Skipfish version 2.06b Update – code.google.com
  Skipfish is a fully automated, active web application security reconnaissance tool.

Techniques

• Android
• Android Emulator, Trusted CA, and Persistent Storage – carnal0wnage.attackresearch.com
  Android periodically updates it’s SDK and somtimes when this happens, old methods for importing a Trusted CA, necessary to proxy SSL traffic, will fail and you must find a new solution.
• Update – Android & SSL Cert – carnal0wnage.attackresearch.com
  Thanks to the comments left by Zach from our last Android post here, it has been brought to my attention there is an easier way to do all of this with the latest AVD (4.0.3).
• SecurityStreet: Unsupported Browser – rapid7.com
  The purpose of this post is to point out a little-known jewel — the -m flag to meterpreter’s execute command.

Vendor/Software Patches

• Microsoft Security Bulletin
• MS12-029 – Critical : Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352) – technet.microsoft.com
  This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
• MS12-032 – Important : Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338) – technet.microsoft.com
  This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
• Bulletin Management Process and the May 2012 Bulletins – blogs.technet.com
  Have you ever wondered why bulletins group particular issues together? Or one set of products and not another? Well today Jonathan Ness has posted an insightful Security Research & Defense (SRD) blog discussing some of the nuances and packaging decisions that went into MS12-034.
• Microsoft patches 23 Windows flaws, warns of risk of code execution attacks – zdnet.com
  The Patch Tuesday batch for May 2012 covers at least 23 documented vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework and Microsoft Silverlight.
• Adobe, Microsoft Push Critical Security Fixes – krebsonsecurity.com
  Adobe and Microsoft today each issued updates to address critical security flaws in their software.
• PHP-CGI Vulnerability Exploited in the Wild – blog.sucuri.net
  When the PHP-CGI vulnerability was disclosed, we knew it would be just a matter of days before it started to be exploited in the wild.

Vulnerabilities

• Thousands of Twitter passwords exposed – news.cnet.com
  It’s unclear who’s responsible for posting passwords for Twitter accounts to a public Web site. The exact number of accounts is also unclear, as Twitter says many are duplicates and many had already been suspended.

Other News

• FBI Warns Travelers Using Hotel Networks About New Attack – darkreading.com
  The FBI says attackers are trying to trick users into installing malware with promises of software updates.
• Sniffer tool displays other people’s WhatsApp messages – h-online.com
  WhatsApp Sniffer is an app able to display messages from other WhatsApp users connected to the same network as the app user.