w

Oracle Weblogic Apache Connector POST Request Buffer Overflow

This Metasploit module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. The connector fails to properly handle specially crafted HTTP POST requests, resulting a buffer overflow due to the insecure usage of sprintf. Currently, this module works over Windows systems without DEP, and has been tested with Windows 2000 / XP. In addition, the Weblogic Apache plugin version is fingerprinted with a POST request containing a specially crafted Transfer-Encoding header.




w

Microsoft DHCP INFORM Configuration Overwrite

A vulnerability in Windows DHCP was found on Windows OS versions ranging from Windows 2000 through to Windows server 2003. This vulnerability allows an attacker to remotely overwrite DNS, Gateway, IP Addresses, routing, WINS server, WPAD, and server configuration with no user interaction. Successful exploitation of this issue will result in a remote network configuration overwrite. Microsoft acknowledged the issue but has indicated no plans to publish a patch to resolve it.




w

ECLIPSEDWING 1.5.2 Windows 2000 / 2003 / XP MS08-67 SMB Exploit

ECLIPSEDWING exploits the SMB vulnerability patched by MS08-67. It affects Microsoft Windows 2000, 2003, and XP. Note that this exploit is part of the recent public disclosure from the "Shadow Brokers" who claim to have compromised data from a team known as the "Equation Group", however, there is no author data available in this content. Consider this exploit hostile and unverified. For research purposes only. Description has been referenced from http://medium.com/@networksecurity.




w

elog_unix_win.c

ELOG version 2.5.6 and below remote shell exploit. Includes targets for Slackware, Gentoo, FreeBSD, Mandrake, Fedora Core 1, Debian, Windows XP, and Redhat.




w

Samba Heap Overflow Exploit

Samba versions below 3.0.20 heap overflow exploit. Written for older versions of Debian, Slackware, and Mandrake.











w

Anomalous-Payload-based-Worm-Detection-and-Signature-Generation.pdf

Anomalous Payloadbased Worm Detection and Signature Generation.




w

Advanced-Polymorphic-Worms.pdf

Advanced Polymorphic Worms: Evading IDS by Blending with Normal Traffic.




w

Worminator-bin.tgz

A Win32 tool for easing/automating the process of creating IDS/IPS signatures for SMTP based worms, providing a comfortable GUI, including raw base64 variants and Snort signatures support. This tarball is the binary executable version.




w

Worminator-src.tgz

A Win32 tool for easing/automating the process of creating IDS/IPS signatures for SMTP based worms, providing a comfortable GUI, including raw base64 variants and Snort signatures support. This tarball is the source version.




w

Exploit Web 2.0, Real Life XSS-Worm

Whitepaper called Exploiting Web 2.0, Real Life XSS-Worm.




w

Using ShoutBoxes To Control Malicious Software

Whitepaper called Using "ShoutBoxes" to control malicious software.




w

How Conficker Makes Use Of MS08-067

Whitepaper called How Conficker makes use of MS08-067.




w

Sasser Worm avserve FTP PORT Buffer Overflow

This Metasploit module exploits the FTP server component of the Sasser worm. By sending an overly long PORT command the stack can be overwritten.




w

PHP-Nuke 7.0 / 8.1 / 8.1.35 Wormable Remote Code Execution

PHP-Nuke versions 7.0, 8.1 and 8.1.35 wormable remote code execution exploit.




w

Wormtrack Network IDS 0.1

Wormtrack is a network IDS that helps detect scanning worms on a local area network by monitoring anomalous ARP traffic. This allows detection of scanning threats on the network, without having privileged access on a switch to set up a dedicated monitor port, nor does it require a constant updating of the rules engine to address new threats.




w

Linksys Worm Remote Root

Proof of concept exploit used by the recent Linksys worm (known as "Moon"). Exploits blind command injection in tmUnblock.cgi.




w

Metamorphic Worms: Can They Remain Hidden?

Whitepaper that discusses types of computer worms and how metamorphic worms differ from the rest.




w

Hak5 WiFi Pineapple Preconfiguration Command Injection 2

This Metasploit module exploits a command injection vulnerability on WiFi Pineapples versions 2.0 and below and pineapple versions prior to 2.4. We use a combination of default credentials with a weakness in the anti-csrf generation to achieve command injection on fresh pineapple devices prior to configuration. Additionally if default credentials fail, you can enable a brute force solver for the proof-of-ownership challenge. This will reset the password to a known password if successful and may interrupt the user experience. These devices may typically be identified by their SSID beacons of 'Pineapple5_....'; details derived from the TospoVirus, a WiFi Pineapple infecting worm.




w

Morris Worm fingerd Stack Buffer Overflow

This Metasploit module exploits a stack buffer overflow in fingerd on 4.3BSD. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo's Egg.




w

Morris Worm sendmail Debug Mode Shell Escape

This Metasploit module exploits sendmail's well-known historical debug mode to escape to a shell and execute commands in the SMTP RCPT TO command. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo's Egg. Currently only cmd/unix/reverse and cmd/unix/generic are supported.




w

zipcrkpw.zip

Gets the password out of encrypted ZIP files




w

Anonymous Takes Down Greek Sites In Support Of Athens Protests




w

Opera Sings Anti-Malware Tune




w

Opera Update Draws The Curtain On Seven Security Vulns




w

Opera Bitten By Extremely Severe Browser Bug




w

Opera Scrambles To Quash Zero-Day Bug In Freshly Patched Browser




w

Opera Plugs Severe Browser Hole




w

Opera Browser Dinged By Code Execution Flaw




w

Opera Update Plugs Heap Big Buffer Overflow Bug




w

Opera Users Baffled By Vulnerability Warnings




w

Opera Fixes Critical Form-Handling Flaw




w

Book Review: 'The Tangled Web' By Michal Zalewski

No Starch Press: $49.95

If you are a security engineer, a researcher, a hacker or just someone who keeps your ear to the ground when it comes to computer security, chances are you have seen the name Michal Zalewski. He has been responsible for an abundance of tools, research, proof of concepts and helpful insight to many over the years. He recently released a book called "The Tangled Web - A Guide To Securing Modern Web Applications".

Normally, when I read books about securing web applications, I find many parallels where authors will give an initial lay of the land, dictating what technologies they will address, what programming languages they will encompass and a decent amount of detail on vulnerabilities that exist along with some remediation tactics. Such books are invaluable for people in this line of work, but there is a bigger picture that needs to be addressed and it includes quite a bit of secret knowledge rarely divulged in the security community. You hear it in passing conversation over beers with colleagues or discover it through random tests on your own. But rarely are the oddities documented anywhere in a thorough manner.

Before we go any further, let us take a step back in time. Well over a decade ago, the web was still in its infancy and an amusing vulnerability known as the phf exploit surfaced. It was nothing more than a simple input validation bug that resulted in arbitrary code execution. The average hacker enjoyed this (and many more bugs like it) during this golden age. At the time, developers of web applications had a hard enough time getting their code to work and rarely took security implications into account. Years later, cross site scripting was discovered and there was much debate about whether or not a cross site scripting vulnerability was that important. After all, it was an issue that restricted itself to the web ecosystem and did not give us a shell on the server. Rhetoric on mailing lists mocked such findings and we (Packet Storm) received many emails saying that by archiving these issues we were degrading the quality of the site. But as the web evolved, people starting banking online, their credit records were online and before you knew it, people were checking their social network updates on their phone every five minutes. All of a sudden, something as small as a cross site scripting vulnerability mattered greatly.

To make the situation worse, many programs were developed to support web-related technologies. In the corporate world, being first to market or putting out a new feature in a timely fashion trumphs security. Backwards compatibility that feeds poor design became a must for any of the larger browser vendors. The "browser wars" began and everyone had different ideas on how to solve different issues. To say web-related technologies brought many levels of complexity to the modern computing experience is a great understatement. Browser-side programming languages, such as JavaScript, became a playground for hackers. Understanding the Document Object Model (DOM) and the implications of poorly coded applications became one of those lunch discussions that could cause you to put your face into your mashed potatoes. Enter "The Tangled Web".

This book puts some very complicated nuances in plain (enough) english. It starts out with Zalewski giving a brief synopsis of the security industry and the web. Breakdowns of the basics are provided and it is written in a way that is inviting for anyone to read. It goes on to cover a wide array of topics inclusive to the operation of browsers, the protocols involved, the various types of documents handled and the languages supported. Armed with this knowledge, the reader is enabled to tackle the next section detailing browser security features. As the author puts it, it covers "everything from the well-known but often misunderstood same-origin policy to the obscure and proprietary zone settings of Internet Explorer". Browsers, it ends up, have a ridiculous amount of odd dynamics for even the simplest acts. The last section wraps things up with upcoming security features and various browser mechanisms to note.

I found it a credit to the diversity of the book that technical discussion could also trail off to give historical notes on poor industry behavior. When it noted DNS hijacking by various providers it reminded me of the very distinct and constantly apparent disconnect between business and knowledge of technology. When noting how non-HTTP servers were being leveraged to commit cross site scripting attacks, Zalewski also made it a point to note how the Internet Explorer releases only have a handful of prohibited ports but all other browsers have dozens that they block. The delicate balance of understanding alongside context is vital when using information from this book and applying it to design.

Every page offers some bit of interesting knowledge that dives deep. It takes the time to note the odd behaviors small mistakes can cause and also points out where flawed security implementations exist. This book touches on the old and the new and many things other security books have overlooked. Another nice addition is that it provides security engineering cheatsheets at the end of each chapter. To be thorough, it explains both the initiatives set out by RFCs while it also documents different paths various browser vendors have taken in tackling tricky security issues. Google's Chrome, Mozilla's Firefox, Microsoft's Internet Explorer, Apple's Safari and Opera are compared and contrasted greatly throughout this book.

In my opinion, the web has become a layer cake over the years. New shiny technologies and add-ons have been thrown into the user experience and with each of them comes a new set of security implications. One-off findings are constantly discovered and documented (and at Packet Storm we try to archive every one of them), but this is the first time I have seen a comprehensive guide that focuses on everything from cross-domain content inclusion to content-sniffing. It is the sort of book that should be required reading for every web developer.

 -Todd







w

wdial20.zip

No information is available for this file.




w

wdial.zip

No information is available for this file.




w

vex_war.zip

No information is available for this file.




w

ward.c

WARD v1.0 is a classic war dialer: it scans a list of phone numbers, finding the ones where a modem is answering the call. Wargames still r0cks. WARD can generate phone numbers lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. Tested on Linux.




w

ward17.c

WARD v1.7 is a classic war dialer: it scans a list of phone numbers, finding the ones where a modem is answering the call. WARD can generate phone numbers lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. WARD is one of the fastest PBX scanners around (and possibly the best for UNIX environment). Tested on OpenBSD and Linux.




w

ward18.c

WARD v1.8 is a classic war dialer - it scans a list of phone numbers, finding the ones where a modem is answering the call. WARD can generate phone numbers lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. WARD is one of the fastest PBX scanners around (and possibly the best for UNIX environment). Tested on OpenBSD and Linux.




w

ward19.c

WARD v1.9 is a classic war dialer - it scans a list of phone numbers, finding the ones where a modem is answering the call. WARD can generate phone numbers lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. WARD is one of the fastest PBX scanners around (and possibly the best for UNIX environment). Tested on OpenBSD, Linux, and Windows under Cygwin.




w

ward2.c

WARD v2.0 is a classic war dialer - it scans a list of phone numbers, finding the ones where a modem is answering the call. WARD can generate phone number lists based on a user-supplied mask, in incremental or random order. Remember to change some defines to make it fit your current system configuration. WARD is one of the fastest PBX scanners around (and possibly the best for UNIX environments). Tested on OpenBSD, Linux, and Windows under Cygwin.