Operation n

On the 28/10/2006 HD Moore released version 2.7 of his infamous Metasploit package. In my opinion he deserves to be credited for his excellent contributions in this area. However, I do wonder how long this framework will be effective?

Metasploit 3 seems to be going in the same direction as the commercial Core Impact exploit suite which allows detection and point and click exploitation abilities. The unique feature of the Core Impact tool set is the ability to install agents on the exploited system. Attacks can then be taken further via these agents giving the tool depth as well as breadth, but for how long?

How long will *overflow vulnerabilities last? Windows XP2 comes standard with a firewall and stack protection. Other host operating systems are also heading in this direction. Some may argue that it is still possible to get around stack protection (this is only possible in certain circumstances), however, I can see vendors learning lessons and moving on. Again, how long will *overflow vulnerabilities be around and therefore how long will these tools be effective?

JavaScript Network Mapper (v1.0)
author: david.kierznowski_at_gmail.com
http://michaeldaw.org

I have been doing alot of research into JavaScript Port Scanning lately. This tool is an initial attempt to correlate my ideas into a single project.

Download the latest version of jsscan.tar.gz here.

Synopsis:
function webPingScan() {
s = new jsscanner(”192.168.1.1/30″);
s.jssWebPing();
}

Usage:
s = new jsscanner(”IP/Range”);
s.jssWebPing(); OR
s.jssWebScript(); OR
s.jssWebImage();

TODO:
+ Complete jssWebScript Scanner (Half done)
Add Additional Fingerprints
see: http://michaeldaw.org/projects/jsescanner/
+ Write jssWebImage Scanner (DONE)
Add OS Fingerprints
see: http://www.spidynamics.com/spilabs/js-port-scan/
+ Add port selection
Include Browser Port Restrictions
see: http://michaeldaw.org/projects/web_browser_port_restrictions/
+ Add some validation

Credits:
pdp (http://gnucitizen.org)
I hope to incorporate this project into pdp’s AttackAPI at some point.
It currently uses AttackAPI’s IP Calculator script.

Some of my notes regarding Browser Port Restrictions.

Internet Explorer:

Anything goes. I need to look into this more.

Opera 9:

Resticts access to Ports 22,25,53 and 110. All other services seem accessible, I need to do more work here - It was interesting to note that my CPU was cranked up to 100% when requesting a restricted port. A “-1″ port will cause Opera to wrap to 65535 (although this could be the default). Its late and I’m going to bed.

Firefox (tested on 1.5.0.7):

Restricts common services such as Telnet and SSH. However, it allows most services. Some of the more interesting ports allowed include:

Service | Port
bootps | 67/tcp
snmp | 161/tcp
netbios-ns | 137/tcp
netbios-dgm | 138/tcp
microsoft-ds | 445/tcp
ldaps | 636/tcp # Firefox blocks ldap (unencrypted version)
imaps | 993/tcp # Firefox blocks imap (unencrypted version)
pop3s | 995/tcp
socks | 1080/tcp
nessusd | 1241/tcp
ms-sql-s | 1433/tcp
ms-sql-m | 1434/tcp
oracle TNS | 1521/tcp
mysql | 3306/tcp
RDP | 3389/tcp
postgresql | 5432/tcp

Max Moser and team from remote-exploit.org are doing some great stuff:

- Backtrack
A brilliant linux distribution designed for penetration testers. I have used this distro for a number of tasks (especially WIFI testing) and it just works!

- WIFI Cheat Sheet
Contains up to date information on default WIFI insecurities and vulnerabilities.

So all her friends have warned her against dating a computer nerd, or you feel like roughing up some serious grub before hitting up the code. Regardless of the reasoning, this is a Michael Daw classic.

Things you will need:
- Two pieces of “stewing” steak (500g)
- Rice
- Mixed Vegetables and Red Peppers (Red is good for the prostate).
- Olive Oil
- Butter or Margarine
- Garlic
- Chutney (I like Apricot, but whatever tickles your fancy)
- Salt and Pepper for that extra touch

First, clean the kitchen! A clean kitchen will always impress. Nothing will kill her appetite quicker then a bunch of left over Pizza and Chinese Boxes left all over your kitchen counters.

Second, if this is for the lady, make sure she eats beef or you have lost before you even begin.

Third, put a “little” Olive oil into your Wok (use a frying pan if you don’t have a Wok).
Put the stove on a low temperature, while you chop up the beef into small cube sized pieces.

Fourth, fill and boil the kettle. Add a cup of rice into a pot and add three cups of boiling hot water. Bring this to the boil. Continually check the pot in case it overflows or runs out of water. Add a few teaspoons of salt for flavour. Rice normally takes around 20 minutes to cook.

Fifth, place the cubed size steak pieces into your Wok. Increase to a medium heat and add some garlic. Continually turn the beef pieces until no blood is visible.

Sixth, place your vegetables into a glass bowl. Add a touch of water and a spoon of margarine. Place this in the Microwave with a lid for 6-7 minutes.

Seven, combine the vegetables and steak. Add chutney (maybe a little Bisto) and gently mix the contents at a medium heat for several minutes.

Eight, set the table, candles and music or power up the computer(s), whichever the occasion.

Nine, serve up dish by placing the Steak and Vegatables onto a bed of rice.

Ten, enjoy the fruits of your labour.