Week 46 in Review – 2012

Resources

• VulnVoIP (Vulnerable VoIP) – The Fundamentals of VoIP Hacking – rebootuser.com

  VulnVoIP is based on a relatively old AsteriskNOW distribution and has a number of weaknesses. The aim is to locate VoIP users, crack their passwords and gain access to the Support account voicemail.

• Owning Computers Without Shell Access – accuvant.com

  What’s This All About? Consultants often upload and execute a binary payload to a remote system during penetration tests for the purpose of footprinting the target, gathering information, and leveraging that information to compromise additional hosts.

• A Preview of the Bitsquatting PCAPs – blog.dinaburg.org

  Recently I decided to make public the packet captures (PCAPs) of DNS traffic from my bitsquatting experiment (dnslogs.tar.7z, 56Mb, 7zip compressed). Currently I am working on an in-depth analysis of the PCAP data, including distribution of request types, domains, source addresses and more. In the meantime I wanted to share some interesting findings.

Tools

• O2 tools to view and script J2EE, Struts and Tiles xml config files – diniscruz.blogspot.com

  If you are reviewing Java/J2EE applications, here are a number of mini O2 tools that will help you to understand what is going on.

• VMInjector – DLL Injection tool to unlock guest VMs – secforce.com/blog

  VMInjector is a tool designed to bypass OS login authentication screens of major operating systems running on VMware Workstation/Player, by using direct memory manipulation.

• mwielgoszewski/python-paddingoracle – github.com
  A portable, padding oracle exploit API. Contribute to python-paddingoracle development by creating an account on GitHub.

• The Sleuth Kit version 4.0.1 Update – sourceforge.net

  The Sleuth Kit that is an open source forensic toolkit for analyzing Microsoft and UNIX file systems and disks has been updated to version 4.0.1!

Techniques

• XSS by uploading/including a SWF file – soroush.secproject.com

  As you may already know, it is possible to make a website vulnerable to XSS if you can upload/include a SWF file into that website. I am going to represent this SWF file that you can use in your PoCs.

• HTTP Pass the Hash with Python – labs.neohapsis.com

  When assessing a Windows domain environment, the ability to “pass the hash” is invaluable. The technique was pioneered by Paul Ashton way back in ’97, and things have only gotten better since. Fortunately, we no longer need to patch Samba, but have reasonably functional tools like Pass-The-Hash Toolkit and msvctl.

• Anatomy of an Attack: How I Hacked StackOverflow – blog.ircmaxell.com

  Almost two years ago I had stumbled upon a pretty significant vulnerability in the StackExchange network. I say stumbled, because I wasn’t actually trying to attack the site. Circumstance just showed me a door. The actual attack is pretty interesting, and it holds a lesson for everybody who builds or maintains websites or server infrastructure.

• Playing with the JVM from Linux – anfractuosity.com

  Just playing with the JVM from Linux.

Vendor/Software Patches

• Assessing risk for the November 2012 security updates – blogs.technet.com
  Today we released six security bulletins addressing 19 CVE’s. Four of the bulletins have a maximum severity rating of Critical, one has a maximum severity rating of Important, and one has a maximum severity rating of Moderate.
• New 0day Exploits: Novell File Reporter Vulnerabilities – community.rapid7.com

  Today, we present to you several new vulnerabilities discovered in Novell File Reporter 1.0.2, which “helps organizations more effectively manage network storage by providing administrators the ability to access comprehensive network storage information so that they can determine the best means of addressing their storage content”. Following our standard disclosure policy, we notified both Novell and CERT.

• SE-2012-01 – Details – security-explorations.com
  This page presents details of security vulnerabilities and attack techniques discovered as a result of our Java SE security research project. These details are provided in a form of a technical report and presentation slides for the talk that was given by Adam Gowdiak on 14 Nov 2012 at Devoxx Java Community Conference in Antwerp.

Vulnerabilities

• Skype
• Are You Using Strong E-mail Addresses? – blog.rootshell.be
  Today was a bad day for Skype Microsoft: A vulnerability was discovered on the Skype website which allowed an attacker to hijack the account of a Skype user.
• Microsoft Researching Skype Password Reset Security Hole – voipsa.org/blog
  This morning The Next Web reported on an exploit where Skype’s password reset web page could be used to hijack a user’s Skype account using only the password associated with the account.
• Security Advisory- SNMP vulnerability on Huawei multiple products – support.huawei.com
  In some of Huawei products as affected products list below, there are MIBs which support the query of the local user account and password. However, the security authentication protection for SNMP V1 and V2 is not enough, which leads to the risk that the user account and password can be disclosed through SNMP.
• Proof-of-concept malware can share USB smart card readers with attackers over Internet – computerworld.com
  A team of researchers have created a proof-of-concept piece of malware that can give attackers control of USB smart card readers attached to an infected Windows computer over the Internet.

Other News

• Obama Signs Cyberwar Directive
• Obama signs secret directive to help thwart cyberattacks – washingtonpost.com
  President Obama has signed a secret directive that effectively enables the military to act more aggressively to thwart cyber­attacks on the nation’s web of government and private computer networks.
• Cybersecurity Bill Dies, Obama Signs Cyberwar Directive. What’s Next? – readwrite.com
  Cybersecurity legislation has died in the Senate, but President Obama could cherry-pick portions of this year’s defeated bill for an executive order that would have much of the same effect on raising our defenses.
• The hacking of a general’s mistress – erratasec.blogspot.com
  This news story claims “Anonymous” (the well known hacker collective) may have hacked the account of Petraeus mistress. That’s because her e-mail account, paulabroadwell@yahoo.com, was included in Stratfor email hack last year.
• Hardcoded passwords leave Telstra routers wide open – scmagazine.com.au
  Hardcoded usernames and passwords have been discovered in a recent line of Telstra broadband routers that could allow attackers access to customer networks.