Using the web application attack and audit framework known as w3af to test your security

| 0 comments

w3af is a Web Application Attack and Audit Framework is an amazing tool that is written in Python and has the capability to find more than 200 defined vulnerabilities. Not only does it look for the usual suspects such as SQL injection, it also handles crawling, bruteforce, authentication, and so much more. There are a number of vulnerability scanners both commercial and open source, but it all comes down to what you prefer. I tend to lean toward the open source community because of transparency, community involvement, and the fact there is zero cost. Unfortunately web applications pose one of the greatest risks to organizations because often these applications are either public facing, open to business partners and of course employees (the insider threat). The fact is web applications are a rich target because there are so many different attack vectors. For example, the following five examples a very often used and very easy to exploit once vulnerabilities have been identified. Cross-site scripting (XSS): Is the act of injecting lines of code into web pages in some shape or fashion. If not defended against, malicious code will eventually lead to a breach. Session Hijacking: Each unique user is assigned a …

Continue reading

Create a custom wordlist using SmeegeScrape for use in forensics or pentesting

| 0 comments

If you working either in forensics or penetration testing you will absolutely come across the need to create a custom word list. You may be thinking to yourself a custom word list is not needed because you have a number of lists that you have created or gathered over the years. I will not argue that have a bag of lists is not needed because I have my own collection as well. I submit to you that if you have a specific target then understanding said target will be useful when it comes to password cracking. For example, if your target is a big Simpsons fan, then it makes sense to create a word list that maps to keywords amongst those fans. By taking this approach, you may find that you spend less time cracking a password, at least that is the idea. Of course, this means you must know the target somewhat well and to gather this type of intelligence all you need to do is turn to social media or any other internet resource. For those of you who work in security or worry about privacy, you understand the fact that individuals typically share entirely to much detail …

Continue reading

Find and correct WordPress vulnerabilities using WPScan

| 0 comments

If you run a WordPress based website then you should sit up, pull out your notepad, and carefully consider the idea of running WPScan on your site in order to if you have any security vulnerabilities that may require your attention. This is not to say that WordPress is vulnerable per say, but the fact is all software contains some level of vulnerabilities and the more you know, the more you will understand and be able to better protect your site. You may be surprised to learn that CVE has 177 documented vulnerabilities over the years concerning WordPress. If you are really interested in better protecting your site then you absolutely must take the time to read about hardening WordPress. For example, there are a number of excellent recommendations in the areas of securing wp-admin, securing wp-includes, securing wp-config.php, disable File Editing, and so much more. It would be well worth the time and effort reviewing and possibly implementing these recommendations to better protect your site. In fact, as I was researching this article I found one recommendation that I had not considered and after reading that I could add a second layer of protection to my wp-includes folder structure …

Continue reading

They Live at DEFCON22

| 0 comments

Every year in August thousands upon thousands of people flock to Las Vegas, NV for the anual DEFCON conference. This is my second year attending and I knew once I attended DEFCON21 that I was forever hooked. I cannot begin to describe what the experience is like, because the experience is what you make of it. Last year, I had fun, but I did sit back and try to determine what I should and should not do. At the end of DEFCON21, I knew that I was going to jump head first into DEFCON22 and that is exactly what I have done thus far. I took advantage of the vast skill and knowledge that is at this event. There are some very smart people here! Where else can you gather thousands of hackers, security professionals, and hobbyist into a single location where opportunity is everywhere around you? Personally, I have spent very little time in the speaking events with the exception being the WiFi Village where I sat in on the latest news about the Pineapple Mark V firmware that dropped today. Rather, I took a clean laptop, an external USB hard drive, a Pineapple Mark IV, and a burner …

Continue reading

Metagoofil makes metadata extraction easy

| 0 comments

Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf, doc, xls, ppt, docx, pptx, xlsx) belonging to a given target or victim website. The tool will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information-gathering phase. Metadata serves five purposes: resource description; information retrieval; management of information; rights management, ownership and authenticity; and interoperability and e-commerce. I can think of no better way to summarize what metadata is better than Wikipedia’s explanation, which defines Metadata as “data about data”. The simplest way to think about metadata is use the file properties of an electronic document. In this case, I will use an example of a PowerPoint file that provides a wealth of additional information as long as you know where to look. Consider the following example that contains a title, subject, author, manager, and keywords. Go grab Metagoofil and get busy Before you get to far ahead of yourself you need …

Continue reading