Week 38 In Review – 2013

Resources

• Heuristic methods used in sqlmap – unconciousmind.blogspot.com
  You can find slides for Miroslav Štampar talk “Heuristic methods used in sqlmap” held at FSec 2013 conference (Croatia / Varazdin 19th September 2013) here.
• Top Five Ways SpiderLabs Got Domain Admin on Your Internal Network – blog.spiderlabs.com
  It’s always surprising how insecure some internal networks turn out to be. When a penetration tester has to work harder to gain Domain Access to an internal network, this is a list of the top five quickest ways to Domain Admin.

Tools

• OWASP Zed Attack Proxy 2.2.1 Released (Now supports CWE) – code.google.com
  The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. ZAP 2.2.1 is available now.
• New Tool for Visualizing Binaries with Ollydbg and Graphvis released – github.com
  Check the Visualizing Binaries With Ollydbg.pdf file for the full usage.

Technique

• Pivoting to and poking other computers using powershell – Powerpreter and Nishang 0.3.1 – Part 2 – labofapenetrationtester.com
  This is Nikhil SamratAshok Mittal’s second post in the series about powerpreter. Anyone can use Powerpreter to pivot to and poke other machines in a network. Let’s see the technique here.
• Burp Extensions in Python & Pentesting Custom Web Services – labs.neohapsis.com
  Burp is the de facto standard for professional web app assessments and with the new extension API (released December 2012 in r1.5.01) a lot of complexity in creating Burp extensions went away. The official API supports Java, Python, and Ruby equally well. Given the choice Patrick Thomas take Python any day, so these instructions will be most applicable to the parseltongues.
• IOS Application Security Part 17 – Black-box assessment of IOS Applications using Introspy – resources.infosecinstitute.com
  In this article, you will look at how you can use Introspy for Black-box assessment of IOS applications. Infosecinstitute shows how to perform all the necessary steps.
• Web Services Penetration Testing Part 1 – resources.infosecinstitute.com
  The reason to write this article is that the use of web services increased in last couple of years in a major ratio and also the data which flows in web services are very sensitive. This makes web services again an important attack vector. Focus of this article are on details of web services, its testing approach, tools used for testing etc.
• PowerSploit: The Easiest Shell You’ll Ever Get – www.pentestgeek.com
  The easiest way to get a Meterpreter shell without worrying about AV is with PowerSploit. That is the easiest and most convenient AV-bypass Chris Campbell has ever seen! Just open PowerShell and type a command.
• The Hackers Guide To Dismantling IPhone
  • The Hackers Guide To Dismantling IPhone (Part 2) – securityhorror.blogspot.com
    This post is the second part of the series “The Hackers Guide To Dismantling IPhone” and is going to describe how to perform all types of iPhone network attacks on any iPhone. This post is also going to explain how to set up the testing environment for hacking an iPhone also.
  • The Hackers Guide To Dismantling IPhone (Part 3) – securityhorror.blogspot.com
    On May 7, 2013, as a German court ruled that the iPhone maker must alter its company policies for handling customer data, since these policies have been shown to violate Germany’s privacy laws. Finally, the court also prohibited Apple from supplying such data to companies which use the information for advertising. But why does this happen?
• When Domain Admin Is Not Enough – blog.gdssecurity.com
  When conducting a network pentest we often find the goal of the tester, at least on a Windows domain network test, is to get Domain Admin. That is well and good, but for impact nothing beats capturing the CIOs desktop, documents or e-mail. So how do we get there?
• Exploiting Insecure crossdomain.xml to Bypass Same Origin Policy (ActionScript PoC) – gursevkalra.blogspot.com
  In this Gursev Singh Kalra’s blog post you will review at a known attack vector and create a Proof of Concept exploit to bypass browser’s Same-origin policy for websites that host an overly permissive cross-domain policy file.
• JBOSS JMXInvokerServlet Exploit – breenmachine.blogspot.com
  Recently ran into a JMXInvokerServlet that didn’t require authentication. While there is a Metasploit module for this, it wasn’t working for various reasons. Inspired by Matasano, Stephen Breen wrote up some custom exploit code for this.

Vendor/Software Patches

• It’s about time: Java update includes tool for blocking drive-by exploits  – theregister.co.uk
  Oracle’s latest update to the Java SE Development Kit (JDK) version 7 adds new security features designed to help businesses avoid being stung by critical vulnerabilities in out-of-date versions of Java. After a string of embarrassing Java security flaws was disclosed by independent researchers, Oracle has made addressing vulnerabilities its top priority for JDK 7.
  • Java SE Downloads – www.oracle.com
    The update is available from the usual Java download website here.

Vulnerabilities

• Microsoft: IE Zero Day Flaw Affects All Versions – krebsonsecurity.com
  Microsoft said that attackers are exploiting a previously unknown, unpatched vulnerability in all supported versions of its Internet Explorer Web browser. The company said it is working on an official patch to plug the security hole, but in the meantime it has released a stopgap fix to help protect affected customers.
• iOS 7 Bug
  • iOS 7 Bug Lets Anyone Bypass iPhone’s Lockscreen To Hijack Photos, Email, Or Twitter – forbes.com
    Jose Rodriguez, a 36-year-old soldier living in Spain’s Canary Islands, has found a security vulnerability in iOS 7 that allows anyone to bypass its lockscreen in seconds to access photos, email, Twitter, and more. A spokesperson from Apple tells that the company takes security very seriously and they are aware of this issue.
  • Another iOS 7 Bug Lets Anyone Make Calls From Locked iPhones–And This One Has No Quick Fix – forbes.com
    On Friday, Karam Daoud, a 27-year old Palestinian living in the West Bank city of Ramallah, sent a video to Andy Greenberg (Forbes Staff), showing how he’s able to make a call to any number from a locked iPhone running iOS 7 by exploiting a vulnerability in its emergency calling function.