Showing 29 results for: 2012 ×Tools ×

Wardrive, Raspberry Pi Style!

I purchased a Raspberry Pi a few weeks back. I found that I could power it, a WiFi card and a GPS from my 12000mah Li-Ion battery pack for about 12 hours. What a great way to explore with out...

PCAP Files Are Great Arn't They??

One of the most important skills in anyone's armory responsible for looking after the security of a corporation's networks should be how to analyze network capture files (PCAP files) obtained from sniffers. Putting a sniffer on the network can not...

Introducing Responder-1.0

Responder is a multi threaded tool that answers to IPv4 LLMNR (Link-local Multicast Name Resolution) and Netbios Name Service (NBT-NS) queries. This tool includes: - LLMNR poisoner. - NBT-NS poisoner. - Rogue SMB server with a NTLMv1/v2 hash graber. -...

Oops, I pwned your router - Part Two

In the last blog post, "Opps I pwned your router Part One", I talked about some of poor security that went into the basic embedded router operating systems. In this post I will flush out in more detail how one can go about reverse engineering these devices, what tools worked for me, and some of the results that I was able to get to. Hint: Having root on your hardware is good for me, bad for you.

Hey, I just met you, and this is crazy, but here's my hashes, so hack me maybe?

Those familiar with password cracking know that KoreLogic's rule set for John the Ripper has become the de facto standard for password cracking.However, as with anything technology related, the rules are slightly starting to show their age, specifically with rules designed to take into account years. So, I decided to take on the task of making a few modifications to the rule set, this includes updating them to take into account the current and prior year, but also reworking some of the rules to eliminate some redundancy.

Oracle DBMS_Scheduler Fun on Windows!

So, last time I showed how to get a Unix reverse shell up and running just by using Oracle PL/SQL commands making use of DBMS_Scheduler. My next challenge was to try and get a similar method to work on a...

Chat server fuzzing, Part 1. The Beginning

This article (along with subsequent articles) will cover the journey I've taken in learning about the XMPP (eXtensible Messaging and Presence Protocol) standard and how I used that knowledge to fuzz various servers, starting with the eJabberd server available from...

CryptOMG Walkthrough - Challenge 1

It has been about 3 months since CryptOMG was released and I will start going through the challenges one-by-one. CryptOMG is CTF-style testbed for exploiting various flaws in cryptographic implementations. It is available for free on the SpiderLabs Github. The...

Client-side Payload - The Brazilian Way.

My name is Wendel Guglielmetti Henrique, and I'm a senior security consultant at Trustwave's SpiderLabs. I have over 12 years experience in Information Technology, with the last 7 years dedicated to penetration testing. My recent presentations include RSA Conference 2012...

All Your Password Hints Are Belong to Us

This past weekend I ended up coming into the SpiderLabs office and "nerded out" with my good friend Ryan Reynolds to follow-up on the research we released at DEFCON and BlackHat this year. As some of you may already know,...

PenTest Manager 2.0 - Attack Sequences

Trustwave recently launched PenTest Manager 2.0, a major enhancement of the innovative Trustwave reporting tool used by SpiderLabs team member during penetration testing. PenTest Manager 2.0 provides a significant reporting upgrade in the form of Attack Sequences. These allow for...

Pentesting like an Eastern European

Through SpiderLabs' Incident Response (IR) and Penetration Testing services we get a chance to both see 'bad actor' techniques in the field and help our clients test how their security controls will stand up to them. One trend we've seen in our IR engagements is a move away from malicious parties stealing 'data at rest' to targeting it as flows through IT infrastructure. This post gives a general overview of how attackers are targeting dynamic data and elaborates on some of the tools and techniques SpiderLabs use to steal information stored in memory during our penetration tests.

Stolen Laptop Recovery via OSX Trap Partition

My Macbook Air has 2 partitions, one that is my normal everyday partition that is encrypted with FileVault2, and a 2nd partition that has Prey http://preyproject.com/ installed and ready to set my Mac as stolen as soon as it is...

Metasploit => tips, tricks, hashes and tokens

Metasploit is one of the many tools that can be used during a penetration test, and it actually consists of a whole suite of tools, that forms part of a complete attacking framework. Metasploit is not the best tool for...

Using Nmap to Screenshot Web Services

As part of Trustwave SpiderLabs network penetration testing team, I perform many internal penetration tests each year. As part of those tests, we see a lot of web servers. Some of those are internal portals like Sharepoint. Others are non-production...

Introducing CryptOMG

CryptOMG is CTF-style testbed for exploiting various flaws in cryptographic implementations. Cryptography is very easy to do incorrectly, which is pretty apparent throughout the web if you know what to look for. CryptOMG will help train your eye to look...

Zap(ped) into Foca(s)

An external penetration test isn't just about the network addresses to pwn, but sometimes about the web presence that is offered to the world at large. And web presence equals web applications. As a new addition to the SpiderLabs team,...