Re: [Full-disclosure] INSECT Pro 2.5 Release - Web scanner tool
Well correct me if I'm wrong, but the whole premise of an un-regulated forum is for people to collaborate on opinions, even if they don't necessarily agree. You clearly didn't like the comments directed toward the INSECT devs, so aren't you 'wasting your time' by replying to them yourself? On Apr 1, 2011, at 6:12 AM, Esteban Cañizal este...@canizal.com.ar wrote: Come on guys!! I think they are not trying to reinvent the wheel here! As far as i can remember they never said they created a new product better than msf (or the other tools you mentioned) they packed a bunch of really good tools and made it easier to those who dont like using console, or complicated things... they also have some own native exploits BTW, do you guys always use your time for replying to all the threads you dont like?? What a waste of time! I tried it and i think it is really usefull, thumbs up for insect pro!! Cheers :D ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] NiX - Linux Brute Force 1.0.3 update has been released
Would you care to offer what particular tests you did to compare your tool to Hydra? Just curious. Ryan On Nov 19, 2010, at 6:52 PM, n...@myproxylists.com wrote: There are several fixes done in this release compared to the 1st version. It is encouraged to upgrade to the latest version. To those who want to ask, does it outperform Hydra? Yes it does, especially in basic auth and form mode. Full features and download: http://myproxylists.com/nix-brute-force Changelog: http://myproxylists.com/NIX_BRUTE_FORCER.CHANGELOG Regards NiX Lead Developer ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] NiX - Linux Brute Forcer (the beast) has been released!]]
In all fairness I do use proxychains for all of my proxy randomization and all that kind of stuff if I need it. That way it's consistent regardless of what I throw at it, even tools without random proxy chaining like nmap and hydra. Good job coding it though, I can't imagine that was easy. Ryan On Nov 13, 2010, at 3:36 PM, n...@myproxylists.com wrote: Le vendredi 12 novembre 2010 à 21:47 +0200, n...@myproxylists.com a écrit : Where is for example FORM auto-detection for those other tools? Where is SOCKS4 proxy support? Where is proxy randomization? Where is logic to drop dead proxies? Where is logic for fake-detection? Then, you should have started by that, it is that simple. We are all busy and you can't expect anyone to even have a look on your tool or link if you don't highlight how different it is from others or why you did it. As far as I am concerned, these features may be nice, but I don't need them and will stick to Medusa for the brute force tests I run from time to time (ie not often, a few times a year at most). But, to make it clear, it is just my personal opinion, I am not saying that your tool is not interesting or useless. I just gave a test-run for Hydra against my own site and noticed: It does support only single proxy, any site that has even a bit protection will defeat it. NiX does support HTTP/SOCKS4/SOCKS5 (as much as you have working proxies) with randomization etc. This is significant advantage over any other tool. I have worked 1.5 months constantly on NiX, after i have had a little break. I will implement support for other major protocols which is now really easy after having otherwise working engine. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Filezilla's silent caching of user's credentials
I mean it's a nice thought, but the steps to get something like that indexed are quite silly. You would have to have your webserver indexing your application data, which is clearly a HUGE mis-configuration on their part. I personally don't care because I don't know if it's really going to do any good, and the last thing I want to do is have to explain to people in detail with varying levels of technical capacity how to secure their own systems. I do that enough already :-/ If that's being indexed I think they have far bigger problems already and their servers are probably already compromised a few times over. I'd say if you have a personal connection to any of those ~11 servers go for it, but otherwise I wouldn't waste my time. After all it is 11 out of the billions of external facing servers on the Internet. If you spent your time for every google dork privately disclosing to each owner the fact that their site is vulnerable, you wouldn't have enough time in your life to finish with them. Even if you tried to automate it. Plus there's a good portion of people who will just ignore you, I've had it done to me on pressing issues on a couple of occasions. It's just a part of the security world you have to live with. I guess it just depends on how much you want to 'fix the interwebz'. That's just my 2 cents though but it's a nice thought. Regards, Ryan Sears On Oct 11, 2010, at 6:39 AM, Brandon McGinty brandon.mcgi...@gmail.com wrote: If this is the wrong list for this question, I appologize. Is there any precedent for notifying those whose results have popped up for the below referenced google search? I would be happy to send out an email to the domain owners?, to alert them of a problem, but I am not sure if this is recommended. Brandon McGinty On 10/9/2010 11:00 AM, Vipul Agarwal wrote: That's a live and good example. I hope that now they'll understand the importance of the issue. On Fri, Oct 8, 2010 at 11:28 AM, Shirish Padalkar shirish.padal...@tcs.comwrote: http://www.google.com/#sclient=psyhl=ensite=source=hpq=inurl:recentservers.xmloq=inurl:recentservers.xml :) From: Ryan Sears rdse...@mtu.edu To: full-disclosure full-disclosure@lists.grok.org.uk Date: 10/08/2010 08:52 AM Subject: [Full-disclosure] Filezilla's silent caching of user's credentials Sent by: full-disclosure-boun...@lists.grok.org.uk -- Hi all, As some of you may or may not be aware, the popular (and IMHO one of the best) FTP/SCP program Filezilla caches your credentials for every host you connect to, without either warning or ability to change this without editing an XML file. There have been quite a few bug and features requests filed, and they all get closed or rejected within a week or so. I also posted something in the developer forum inquiring about this, and received this response: I do not see any harm in storing credentials as long as the rest of your system is properly secure as it should be. Source:(http://forum.filezilla-project.org/viewtopic.php?f=3t=17932) To me this is not only concerning, but also completely un-acceptable. The passwords all get stored in PLAIN TEXT within your %appdata% directory in an XML file. This is particularly dangerous in multi-user environments with local profiles, because as we all know physical access to a computer means it's elementary at best to acquire information off it. Permissions only work if your operating system chooses to respect them, not to mention how simple it is *even today* to maliciously get around windows networks using pass-the-hash along with network token manipulation techniques. There has even been a bug filed that draws out great ways to psudo-mitigate this using built-in windows API calls, but it doesn't seem to really be going anywhere. This really concerns me because a number of my coworkers and friends were un-aware of this behavior, and I didn't even know about it until I'd been using it for a year or so. All I really want to see is at the very least just some warning that Filezilla does this. Filezilla bug report:(http://trac.filezilla-project.org/ticket/5530) My feelings have been said a lot more eloquently than I could ever hope to in that bug report: Whoever keeps closing this issue and/or dismissing its importance understands neither security nor logical argument. I apologize for the slam, but it is undeniably true. Making the same mistake over and over does not make it any less of a mistake. The fact that a critical deficiency has existed for years does not make it any less critical a deficiency. Similarly, the fact that there are others (pidgin) who indulge in the same faulty reasoning does not make the reasoning any more sound. ~btrower While it's true you can mitigate this behavior, why should it even be enabled by default? The total lapse in security for such a feature-rich, robust piece of software is quite
Re: [Full-disclosure] New tool for pentesting
Seriously. The only reason CANVAS and IMPACT are still used is because of the 0-days that come packaged with them. Metasploit if far superior not only in exploitation, but post exploitation, persistance, networking pivioting, and just generally being a badass! Can ANYTHING really compare to the meterpreter for pwning windows? They implemented remote kernel calls for gods sake! You have the ENTIRE windows API at your disposal with it, assuming you don't want to use one of the very awesome ruby scripts that come with it to manipulate your tokens or do remote route additions! If I'm going to use any 'enterprise level vulnerability scanner' ::shudders:: it'll be Metasploit express, or MAYBE Nessus. Mainly just my brain though, which costs me nothing! If you're going to try to sell stuff like this, I wouldn't go where ACTUAL security people dwell, I'd go back to the netstumbler forums. You'd have better luck there. On Sep 17, 2010, at 11:31 AM, Eyeballing Weev eyeballing.w...@gmail.com wrote: Looking at that webpage is making me rage. I'm sending him an invoice for a new keyboard. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Windows' future (reprise)
And what of the pass the hash group of attacks, not to mention the insecure hashing to begin with? Combine that with token manipulation and process migration and you have a very deadly combination to almost any windows network that you don't see anywhere else. Exploiting windows networks in this way is trivial at best, and is built in to the operating system as a set of 'features'. That's not to say the *nix platform doesn't have it's own security problems, but at least they're a.) dealt with in a more timely manner, and b.) easily analyzed by anyone. Even if 99/100 people that looks at it is 'uneducated' as you put it i'd rather have the one set of eyes on it going 'hey this needs to be fixed' and educating eveyone else on how to manage it, a la the Debian PRNG SSH bug a couple years ago. Imagine how that wouldve gone if Microsoft had dealt with a similar issue. Having said that I have to say even though some people may not find Stuart's research interesting, he's simply trying to report his findings. He's doing this to help paint a picture of security in the state it's ACTUALLY in, and try to predict where it's progressing to. Everything in nature can be modeled with mathematics, why not threat trends? On May 15, 2010, at 4:22 PM, Jeffrey Walton noloa...@gmail.com wrote: My main reason for claiming that Windows is inherently insecure is because it's closed source. As opposed to crowd sourcing, which some claim is inherently more secure because more [uneducated] eyes review the source code? This is along the lines of, 'Linux does not get viruses' argument. Give me a break... On Sat, May 15, 2010 at 4:06 PM, lsi stu...@cyberdelix.net wrote: Is that you, Bill? I think you misunderstand. 9 months ago, I measured the growth rate at 243%, using Symantec's stats. 9 months ago I posted that number here, together with a prediction of this year's stats. Recently, I got this year's stats and compared them with that prediction. I found that this prediction was 75.4% accurate. I am now reporting those results back to the group. And this is trolling how? My point is that the prediction was not wildly wrong, and so that leads me to wonder if anything else I said, 9 months ago, was also not wildly wrong. My main reason for claiming that Windows is inherently insecure is because it's closed source. However it's also because of the sloppy, monolithic spaghetti code that Windows is made of. If you're claiming Windows is in fact inherently secure, I assume this means you don't use AV on any of your Windows machines, and advise everyone you know to uninstall it? I never said migration would be free or easy. That is why I am posting this data here, because I see it as a vulnerability, a very big vulnerability that many companies have not woken up to. The very fact that migration is hard, lengthy, and expensive, means that the vulnerability is larger than ever. Stu On 15 May 2010 at 14:40, Thor (Hammer of God) wrote: From: Thor (Hammer of God) t...@hammerofgod.com To: full-disclosure@lists.grok.org.uk full- disclos...@lists.grok.org.uk Date sent: Sat, 15 May 2010 14:40:29 + Subject:Re: [Full-disclosure] Windows' future (reprise) I am constantly amazed at posts like this where you make yourself sound like some sort of statistical genius because you were able to predict that since last year was %243, that this year would be %243. Wow. Really? And for the record, these claims of 'inherent insecurity' in Windows are simply ignorant. If you are still running Windows 95 that's your problem. Do a little research before post assertions based on 10 or 20 year old issues. This smacks of the classic troll, where you say things like nothing that Microsoft makes is secure and it never will be and then go on to say how easy it is to migrate, and how it's free, with only a one off cost, and how to move off of .NET. Obvious predictions, ignorant assumptions, and a total lack of any true understanding of business computing. Yep, troll. t [SNIP] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/