Latest ramblings of the monkey... http://pentestmonkey.net Wed, 07 Jan 2009 13:36:14 +0100 FeedCreator 1.7.2 http://pentestmonkey.net/images/M_images/mambo_rss.png http://pentestmonkey.net Latest ramblings of the monkey... http://feeds.feedburner.com/~r/pentestmonkey/~3/490942917/index.php Minor update to exploit suggester. It now suggests the (http://www.0xdeadbeef.info/exploits/raptor_libnspr) raptor (http://www.0xdeadbeef.info/exploits/raptor_libnspr2) sploits (http://www.0xdeadbeef.info/exploits/raptor_libnspr3) for Netscape Portable Runtime (http://securityfocus.com/bid/20471) vulnerability. Download it here (http://pentestmonkey.net/tools/exploit-suggester/). ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=138&Itemid=1 http://feeds.feedburner.com/~r/pentestmonkey/~3/466668200/index.php Version 1.1 of the Yaptest Frontend (http://pentestmonkey.net/projects/yaptest/yaptestfe-overview/) is now available. Download it here (http://pentestmonkey.net/projects/yaptest/yaptestfe-overview/). There are three main improvements to the interface:The Ports page now displays Nmap version and service information when it's available.The Windows Info page displays a list of Windows hosts along with various information about each: Domain name, whether the host is a domain controller, whether it's in a workgroup or a domain, its SID, password complexity setting and account lockout policy.The Nessus page simply display the nessus HTML report for the corresponding host. ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=137&Itemid=1 http://feeds.feedburner.com/~r/pentestmonkey/~3/466668201/index.php Version 0.2.1 of yaptest (http://pentestmonkey.net/projects/yaptest/yaptest-overview/) is now available. Download it here (http://pentestmonkey.net/projects/yaptest/yaptest-installation/).This is quite a major update. The most notable improvements are support for running Nessus (http://www.nessus.org/) and/or OpenVAS (http://www.openvas.org/). At present Nessus and OpenVAS are automatically run against any open ports with Safe Checks enabled. As with any major update one or two bugs might have crept in. Please mail pentestmonkey at pentestmonkey dot net if you find anything's broken. The complete changelog is included below: ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=136&Itemid=1 http://feeds.feedburner.com/~r/pentestmonkey/~3/463140721/index.php The next version of unix-privesc-check (http://pentestmonkey.net/tools/unix-privesc-check/) has just been released. Download it here (http://pentestmonkey.net/tools/unix-privesc-check/).This version checks the file permissions of SUID programs. It should catch issue like the recent Ingres privesc (http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733) where and SUID programs used a shared object file that could be modified by a non-root user. ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=135&Itemid=1 http://feeds.feedburner.com/~r/pentestmonkey/~3/463129493/index.php Some useful syntax reminders for SQL Injection into Informix databases... ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=134&Itemid=13 http://feeds.feedburner.com/~r/pentestmonkey/~3/447514220/index.php I just updated unix-privesc-check (http://pentestmonkey.net/tools/unix-privesc-check/). Download it here (http://pentestmonkey.net/tools/unix-privesc-check/).This release fixes a couple of minor bugs in the reporting of cron-related issues and some problem while running under /bin/sh (as opposed to /bin/bash). ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=133&Itemid=1 http://feeds.feedburner.com/~r/pentestmonkey/~3/447488445/index.php I just released an important update to exploit-suggester (http://pentestmonkey.net/tools/exploit-suggester/). Download it here (http://pentestmonkey.net/tools/exploit-suggester/).It seems that showrev -p sometimes lists multiple revisions for the same patch. This caused exploit-suggester to return false-positives. ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=132&Itemid=1 http://feeds.feedburner.com/~r/pentestmonkey/~3/447370420/index.php I reveived an interesting tip from Munish about how to prevent directories from being easily identified in IIS. I've updated my original post about directory enumeration (http://pentestmonkey.net/blog/direnum/) with the following info:Setting the Hidden Attribite to Hide Files in ISS Hiding directories in IIS seems to be as easy as setting the hidden attribute: cd c:\Inetpub\wwwroot attrib +h myprivatedirectory Now when an attacker browses to http://yoursite/myprivatedirectory they will get a 404 Not Found message instead of a 403 Directory Listing Denied . However, files inside the directory are still accessible (e.g.... ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=131&Itemid=1 http://feeds.feedburner.com/~r/pentestmonkey/~3/438471496/index.php Yaptest (http://pentestmonkey.net/projects/yaptest/yaptest-overview/) v0.2.0 is now avaialble. Download it here (http://pentestmonkey.net/projects/yaptest/yaptest-installation/).The main improvements are support for udp-proto-scanner (http://labs.portcullis.co.uk/application/udp-proto-scanner/) to improve UDP service detection and support for ms08-067_check (http://labs.portcullis.co.uk/application/ms08-067-check/) to automatically check for the most recent pentester-friendly MS vulnerability.There are also minor improvements including DNS tests and more automatic issue-parsing. Remember that you can use YaptestFE (http://pentestmonkey.net/projects/yaptest/yaptestfe-overview/) to view collected data if you get tired of using the CLI.The complete changelog is below... ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=127&Itemid=1 http://feeds.feedburner.com/~r/pentestmonkey/~3/432911386/index.php Release 0.1.9 of yaptest (http://pentestmonkey.net/projects/yaptest/yaptest-overview/) is now available. Download here (http://pentestmonkey.net/projects/yaptest/yaptest-installation/).This release includes enumeration of users via the finger service (using finger-user-enum (http://pentestmonkey.net/tools/finger-user-enum/)) and gathering of usernames and password hashes via rexd (Linux rexd client (http://pentestmonkey.net/blog/rexd-client-for-linux/)). There are also important improvments to the gathering of topology information, which should make network diagrams generated in YaptestFE (http://pentestmonkey.net/projects/yaptest/yaptestfe-overview/) look nicer. See below for the full change log... ptm http://pentestmonkey.net/index.php?option=com_content&task=view&id=126&Itemid=1