Archive for October, 2006

Client Side Port Scanning

October 05th, 2006 * Comments(0)

Current JavaScript or other Client Side Scanning Techniques:

1. IMG Scanner - using (img src=)
http://www.gnucitizen.org/projects/javascript-port-scanner/
http://www.spidynamics.com/spilabs/js-port-scan/

Limitations:
This is a nice technique for scanning but can be easily mitigated by disallowing external images. This effectively breaks both scanners (tested in Firefox). This includes SPI Dynamics PING feature. You can turn off external images as follows (instructions for Firefox):
> Tools
> Options
> Click “for the originating Web Site only”

2. XML Port Scanning - Haven’t looked into this to much
http://www.sift.com.au/36/172/xml-port-scanning-bypassing-restrictive-perimeter-firewalls.htm

3. JSEScanner - using (script src=)
http://michaeldaw.org/projects/jsescanner/

4. JSWebPing - using iframes
http://michaeldaw.org/projects/jswebping/

JSWebPing - JavaScript Web Ping

October 05th, 2006 * Comments(4)

JavaScript Web Ping
Author: david.kierznowski_at_gmail.com
http://michaeldaw.org

The Idea:
1. We setup an Iframe
2. We dynamically load our target address with a timeout
3. If the document is loaded, we flag the host as being up.
4. If the host is down, the timeout is reached and we flag the host as down.

This concept can also be extended to perform port scanning for open web services.

Also see:
http://michaeldaw.org/projects/jsescanner/
http://www.gnucitizen.org/projects/javascript-port-scanner/
http://www.spidynamics.com/spilabs/js-port-scan/

The source for the tool is available here
The full tool is available here

Hacker, Cracker Power Shift?

October 03rd, 2006 * Comments(0)

Interesting news the last few weeks…..
ScanAlert customers get hacked:
http://jeremiahgrossman.blogspot.com/2006/10/just-when-you-think-its-over-scanalert.html

Accunetix and F5 are caught with their pants down:
http://www.darkreading.com/document.asp?doc_id=104815

Is a hacker, cracker power shift finally happening?

Let us examine a few areas:

1. Out of date security prodecures and tools vs cutting-edge exploitation
Jeremiah mentioned ScanAlert being PCI certified. Part of the PCI standard is to test according to the OWASP Top Ten. Accunetix also claims to test according to OWASPs standard. Hence, my rantings here.

2. Exploits are now a product
Every penetration testing tool on the market relies on internal research and publically published vulnerabilities. This model worked great a few years ago, when the industry was young and “true” hackers roamed the earth. Nowadays, who cares about going through the pain of notifying the vendor - who in many cases couldn’t care less, when hackers can earn some money, i.e.
http://www.zerodayinitiative.com/. I wonder what the new and upcoming generation(s) think about this? What principle is this teaching? hmm..

3. Extreme situations call for extreme laws
Hacker gets 40 years in jail. Chefs get 19 years for rape.

What side will our new generation of hackers be on?
How are the above factors affecting the traditional hacker philosophy?
The traditional security model relied on sharing knowledge, ideas and tools… is this still the case?

« Previous Page

Recent