Jump to content

TioSam

Members
  • Posts

    9
  • Joined

  • Last visited

  • Days Won

    2

TioSam last won the day on October 30 2012

TioSam had the most liked content!

About TioSam

  • Birthday 05/26/1993

Converted

  • Occupation
    Pentester
  • Location
    Buenos Aires

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

TioSam's Achievements

Newbie

Newbie (1/14)

40

Reputation

  1. Thanks for reporting, I do not know, I'm new to this forum. The administrator can delete this topic if it thinks fit. Greetings.
  2. INTRODUCTION: Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. Many times when performing audit of a website, it is always advisable to place an intermediate proxy to know and have full control of the requests sent and received, for it to use Burp Suite. It is also known that in these audits, better known vulnerability that can occur is the SQL Injection. For this case, in this post brings a completely free plugin developed by ggdaniel that will help us use the Burp Suite sqlmap from an easy and effective. ¿WHAT IS SQLMAP? SQLMAP is an open source penetration testing tool that helps in automating the process of detecting and exploiting SQL injection vulnerabilities and taking full access over the database servers. ¿WHAT IS SQLMAP PLUG-IN? When we audit a web application, we normally configure an intermediate proxy to have more control over the request and response parameters. SQLMAP plug-in is an add-on feature that we can configure to the burp through which we can redirect a URL or a request directly to the SQLMAP with a single mouse click. ¿HOW TO CHARGE THE PLUGIN SUITE BURP? Very easy, the first thing we have to do is download the plugin from the following link: Downloads - gason - BurpSuite Plugin's Project - Google Project Hosting recommend downloading (burpplugins-0.9.3.zip), then decompress files and place them in the same folder where this Burp Suite (Pentest - web - burpsuite) Next, run the command to run Burp Suite along with respective plugin. Linux: - java -classpath burpplugins.jar: burpsuite_v1.4.01.jar burp.StartBurp Windows: - java -classpath burpsuite_v1.4.01.jar;burpplugins.jar burp.StartBurp CONFIGURING THE PROXY: Firefox: - Edit - Preferences - Advanced - Network - Settings - Manual Proxy Configuration Google Chorme: - Settings - Show Advanced Options - Network - Change Proxy Settings - Connections - LAN Settings The proxy configuration is necessary for this method because we need the browser to send requests to the Burp Suite ¿HOW DO WE USE THE PLUGIN? Once you have executed the next to Burp Suite Plugin is very easy to use it, simply right click on the request parameters which you can appreciate the "Send to sqlmap" as shown in the following image: If we click on that option will open a new window (sqlmap wrapper) that will configure sqlmap. It shows the overview of the configuration features in the "Target" specifies the URL you're testing (usually filled by default as it has previously sent the request parameters). We specify the method in which the domain is accessible (GET/POST), then in the "bin-path" seek the location and load the file sqlmap sqlmap.py In "Custom Options" you can select the options you execute the tool, for example we can list the database users, passwords, roles, privileges, databases, etc.. Default is set to "Auto" which means that the tool tried to list all the options listed. Sqlmap Once configured, click on "Run" to open a new tab with the execution of the configuration, as shown in the following image: One can see that the website is vulnerable, so it is accessible database. Now we will try to list all the tables in the database "intranet", for it set the sqlmap wrapper with "Enumerate database tables" which returns the following results: Then we list the table "dbo.BusquedaWeb" for its columns, select the option for it "Enumerate database tables and columns" returning the following result: As we already have the data of the database, tables and columns, we will give Dump to get the final results, we will use the option "Dump DBMS database" getting the latest results as shown in the following image: After obtaining the data we "want" can save the contents of the information obtained, to select it in the "Save to file" which will be saved in a text file. You see, audit a website from BurpSuite with this plugin is very comfortable and efficient, which helps us a lot in this process so tedious that usually the Penetration Test. I hope they can. Greetings.
  3. ¿WHAT IS JIGSAW? - Jigsaw is a simple ruby script for enumerating information about a company's employees. - It is useful for Social Engineering or Email Phishing LOCATION IN BACKTRACK 5R3: - BackTrack - Information Gathering - Network Analysis - OSINT Analysis - jigsaw HOW TO USE: - In this case I will get information from Facebook, for this use the command: ./jigsaw.rb -s Facebook - I had some ID showing the name of the entity to which it corresponds, then will put the command including the ID number of the entity we want to obtain information, example: ./jigsaw.rb -i 234590 - As you can see, I have placed the ID has thrown two domains, thus showing us a message that we place the domain from which we obtain information, in this case I will write: facebook.com The information that was obtained was 479 records in which includes names, charges, E-mail and home address. - Now, if we want to save the information obtained and then view it again, simply post the following commands: facebook.com ls cat facebook.csv./jigsaw.rb -i 234590 -r facebook VIDEO-TUTORIAL IN HD: DOWNLOAD JIGSAW: - https://github.com/pentestgeek/jigsaw Hope you like it
  4. A security researcher has found a new 0day vulnerability affecting Internet Explorer, while analyzing a malware page that was being used to exploit vulnerabilities in Java. According to Metasploit team, Internet Explorer 7, 8 and 9 on Windows XP, Vista and 7 are vulnerable to this attack. Eric Romang has discovered a folder "/public/help" in one of the infected hosts. He found a flash file (. Swf), two html pages (protect.html, exploit.html) and exe file. More Info: Zero-Day Season Is Really Not Over Yet If we have to exploit this vulnerability module from Metasploit, you need to update it from the following link: https://community.rapid7.com/docs/DOC-1975 The screenshot below shows a successful attack against a machine of Windows 7 with Internet Explorer 9 installed: It is against Internet Explorer 8 installed: Here is another example of exploitation in a Windows XP SP3 box, fully patched: More Info: https://community.rapid7.com/community/metasploit/blog/2012/09/17/lets-start-the-week-with-a-new-internet-explorer-0-day-in-metasploit Enjoy!
  5. After the recent escalation of cyber attacks on U.S. soil and produced subsequent to the Chinese government claims to be creating a breeding ground for an imminent Cyberwar, information has emerged indicating that the Chinese Government has deployed a new name Kylin Operating System, which in theory would be invulnerable to any known form of attack, whether from the United States, or any other source. While there have begun to launch virtual missiles, defense measures taken by both powers cast a veil of concern about the global digital community. SYSTEM INFORMATION: Kylin is an operating system that focuses on the performance of high availability and security. Its initial development was funded and sponsored by the Chinese Government Research and Development (R & D) in 2002. The first public version of Kylin was released in 2007. Kylin is based on FreeBSD 5.3 with some own security extensions to add an additional level of security for that operating system. Kylin, Qili name, a mythical beast, is organized in a hierarchical model, including the core layer, which is responsible for initializing the hardware and providing basic memory management and task management, layer service system based on FreeBSD provides UFS2 and BSD networking protocols, and the desktop environment that is similar to Windows. It is designed to meet the UNIX standards and is compatible with Linux binaries. Kylin is approved for use by the People's Liberation Army and apparently has been deployed in the Chinese military, national defense and sensitive government organizations since 2007. Kylin is also being used in finance, government and education. Companies using Kylin: - China Construction Bank - North China Electric Power - Xiangcai Securities - Shanghai Unicom SCREENSHOT SYSTEM: - System Installation (Virtual Box) - Screen to login: - Kylin OS Desktop: DOWNLOAD Kylin OS: - Download KYLIN-2.1-1A.iso - Free Download from ftp.inferra.ru - Download KYLIN-2.1-1B.iso - Free Download from ftp.inferra.ru OFFICIAL SITE: - ?? | Kylin os | NeoKylin | ???????? | ????????? | ???????? | ???? | ???????????????? | ???????? | ???? Grettings...
  6. Some attackers may determine that a website running on Joomla! site-web.com/administrator But in some cases, when you type /administrator/ index.php automatically redirects us, then practically the attacker gives up because it thinks that the website is Joomla admin panel but has another name or another direction. That happens for settings that the administrator has made ??to your Joomla, Plugin installed AdminExile [/ b] that allows administrators to add an access key to the end of the URL that redirects to erroneous entries page beginning on page 404, or anywhere else without seeing the login panel administrator. Example: - www.site-web.com/administrator/ <----- Redirecciona al index.php - www.site-web.com/administrator/?key <----- Admin Panel Once you have clicked on the second link, AdminExile password will be active until the session expires (or until the browser is closed). For this case, I made a video demonstrating where achievement easily get the key (key) to enter the administrative site without problems. Video: Description: Getting the db settings (web) by Symlink, obtaining administrative username and password, "bypass" adminpane and placing the 0day Java7 Plugin AdminExile: AdminExile - Joomla! Extensions Directory Grettings
      • 1
      • Upvote
×
×
  • Create New...