Pastenum – Pastebin/pastie enumeration tool Introduction When conducting a pen-test, the process typically starts with the reconnaissance phase, the process of gathering information about your target(s) system, organization or person. Today, we want to present a tool that can be added to your reconnaissance toolkit. Text dump sites such as pastebin and pastie.org allow users to dump large amounts of text for sharing and storage. As these sites become more popular the amount of sensitive information being posted will inevitably increase. Pastenum is designed to help you find that information and bring it into one easy to read location. The hope is it will allow internal security teams to run simple queries about their companies and determine if they have sensitive information residing in one of these text dumps. In order to do so, it uses a series of search queries for keywords, provided by the pentester. Installing the tool To use Pastenum you will need ruby 1.9.2. Example : Now become that user account, using the profile of the user :
Tiger: A Fast New Hash Function (Designed in 1995) In a response to many requests we publish Tiger2, which differs from Tiger only by the padding method, which is the same as in MD5/SHA.Test vectors for Tiger2 are given here. Tiger is a fast new hash function, designed to be very fast on modern computers, and in particular on the state-of-the-art 64-bit computers (like DEC-Alpha), while it is still not slower than other suggested hash functions on 32-bit machines (well, not any more, after MD5 and SHA-1 were broken). On DEC-Alpha, Tiger hashes more than 132Mbits per second (measured on Alpha 7000, Model 660, on one processor). On the same machine, MD5 hashes only about 37Mbps (this is probably not the best optimized md5 code). On 32-bit machines, the code of Tiger is not fully optimized. Tiger has no usage restrictions nor patents. We urge people to study the strength of Tiger; we will appreciate attacks, analysis and any other comments. Paper: HTML, Gzipped PostScript (Plain PostScript) ASN.1 OID's for Tiger and Serpent
Mac OS X rootkit - Support multiple kernel versions and gives root privileges Today, a 64bit Mac OS-X kernel rootkit has been released by prdelka from NullSecurity . It supports: multiple kernel versions, give root privileges, hide files / folders, hide process, hide user from 'who'/'w', hide network port, sysctl interface for userland control, execute a binary with root privileges via magic ICMP ping. See backdoor section. 64bit Mac OS-X kernel rootkit that uses no hardcoded address to hook the BSD subsystem in all OS-X Lion & below. currently supports: * works across multiple kernel versions (tested 11.0.0+) * give root privileges to pid * hide files / folders * hide a process * hide a user from 'who'/'w' * hide a network port from netstat * sysctl interface for userland control
The Whirlpool Hash Function M51 (Whirlpool) Galaxy in Canes Venatici. Image courtesy of William McLaughlin. Welcome! WHIRLPOOL is a hash function designed by Vincent Rijmen and Paulo S. Historically, WHIRLPOOL had three versions. The function WHIRLPOOL uses Merkle-Damgård strengthening and the Miyaguchi-Preneel hashing scheme with a dedicated 512-bit block cipher called W. Miyaguchi-Preneel compression function: The internal W block cipher The W block cipher used by WHIRLPOOL is very similar to the AES algorithm, RIJNDAEL, the main differences being sketched in the following table: The W S-box, which in the original submission is generated entirely at random (i.e. lacks any internal structure), by a recursive structure: the new 8×8 substitution box is composed of smaller 4×4 "mini-boxes" (the exponential E-box, its inverse, and the pseudo-randomly generated R-box). The recursive structure of the "tweaked" S-box: The documentation The security statement The availability WHIRLPOOL is not (and will never be) patented. Links
MPC - Msfvenom Payload Creator Msfvenom Payload Creator (MPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as simple as possible (only requiring one input) to produce their payload. Fully automating msfvenom & Metasploit is the end goal (well as to be be able to automate MPC itself). The only necessary input from the user should be defining the payload they want by either the platform (e.g. windows), or the file extension they wish the payload to have (e.g. exe). Can't remember your IP for a interface? Note: This will not try to bypass any anti-virus solutions. InstallDesigned for Kali Linux v1.1.0a+ & Metasploit v4.11+ (nothing else has been tested). curl -k -L " > /usr/bin/mpc chmod +x /usr/bin/mpc mpc Help Example #1 (Windows, Fully Automated With IP) Example #2 (Linux Format, Fully Automated With Interface and Port) root@kali:~# . Example #3 (Python Format, Stageless Command Prompt Using Interactive IP Menu)
Jesse Kornblum - Publications Auditing Hash Sets: Lessons Learned from Jurassic Park J. Kornblum Journal of Digital Forensic Practice 2008 What you need to know about Stagefright - SANS Institute What you need to know about Stagefright Friday, August 14 at 1:00 PM EDT (17:00:00 UTC) Josh Wright and Brian LaFlamme Sponsor You can now attend the webinar using your mobile device! Overview In Late July researchers disclosed a critical security flaw in Android which lets an attacker take control of a phone simply by sending a text message - and for the vast majority of Android users, there's no fix available yet. During this webinar Veracode's director of solutions enablement, Brian LaFlamme and Josh Wright, SANS Senior Instructor, will discuss new details regarding the Stagefright vulnerability and why vulnerabilities in graphic libraries keep cropping up. Speaker Bios Joshua Wright Joshua Wright is a Senior Security Analyst with InGuardians, LLC and a Senior Instructor with the SANS Institute. Brian LaFlamme Brian is a security professional with over 14 years of experience in IT and security.
Getting Started with Hashdeep This document provides an introduction to using Hashdeep. It was last updated on 30 Oct 2012. The current version of this document can be found on the md5deep web site at Introduction Hashdeep is a program for recursively computing hashes with multiple algorithms simultaneously. A full description of an audit and its benefits can be found in the paper Auditing Hash Sets: Lessons Learned from Jurassic Park. Installing hashdeep Hashdeep is installed with md5deep. Basic Operation Opening a command prompt Hashdeep is a command line program. c:\Documents and Settings\jessek\Desktop\hashdeep.exe c:\Windows\* Note that you can drag the hashdeep icon into this window and the operating system will fill in the path information for you. Computing hashes By default, hashdeep produces output with a header, and then, for each input file, the file's size, the computed hashes, and the complete filename. If no input files are specified, standard input is hashed. Expert mode