Tag: tool

Breaking
by Daniel Mende

Erlang distribution RCE and a cookie bruteforcer

In one of the last pentests we’ve found an epmd (Erlang port mapper daemon) listening on a target system (tcp/4369). It is used to coordinate distributed erlang instances, but also can lead to a RCE, given one knows the so called “authentication cookie”. Usually, this cookie is located in ~/.erlang.cookie and is generated by erlang at the first start. If not modified or set manually it is a random string [A:Z] with a length of 20 characters. If an attacker gains this cookie, a RCE is quite easy – as I like to describe below.

Continue reading “Erlang distribution RCE and a cookie bruteforcer”

Continue reading
Misc
by Christoph Klaaßen

(Mostly) New, Interesting, and Security-focused Open Source Projects

Troopers ’17 – the 10th edition – madness is over and hopefully all of you are well rested and recovered after this special week. Of course the rest of the world did not stand still and thus Google lifted the curtains on a new public portal collecting and promoting the Open Source Software projects developed by employees of Google: opensource.google.com. There are a lot of interesting projects that might incubate new interesting developments. And even security oriented tools and projects (51 at the time of writing to be precise) are publically available Continue reading “(Mostly) New, Interesting, and Security-focused Open Source Projects”

Continue reading
Breaking
by Niklaus Schiess

KNXmap: A KNXnet/IP Scanning and Auditing Tool

Users of the KNX, a standard for home automation bus systems, may already have come across KNXnet/IP (also known as EIBnet/IP): It is an extension for KNX that defines Ethernet as a communication medium for KNX which allows communication with KNX buses over IP driven networks. Additionally, it enables one to couple multiple bus installations over IP gateways, or so called KNXnet/IP gateways.

In the course of some KNX related research we’ve had access to various KNXnet/IP gateways from different vendors, most of them coupled in a lab setup for testing purposes. The typical tools used for such tasks are ETS, the professional software developed by the creators of KNX (proprietary, test licenses available) and eibd, an open source implementation of the KNX standard developed by the TU Vienna.

Continue reading “KNXmap: A KNXnet/IP Scanning and Auditing Tool”

Continue reading
Breaking
by Timo Schmid

Pentesting Webservices with Net.TCP Binding

Hi all,

Most of you that are  pentesters  may have already tested plenty of webservices using SOAP (Simple Object Access Protocol) for communication. Typically, such SOAP messages are transferred over HTTP (Hypertext Transfer Protocol) and are encapsulated in XML (Extensible Markup Language). Microsoft has developed different representations of this protocols to reduce the network load. As these representations/protocols aren’t really covered by typical tools out there, this post will show you some of them, and a proxy which can be used to simplify the testing.

Continue reading “Pentesting Webservices with Net.TCP Binding”

Continue reading
Breaking
by Ahmad Abolhadid

SAMLReQuest Burpsuite Extention

Security Assertion Markup Language (SAML) is an XML standard for exchanging authentication and authorization data between a Service Provider (SP) and an  Identification Provider (IdP). SAML is used in many Single Sign-On (SSO) implementations, when a user is authenticated once by IdP to access multiple related SPs. When a user requests to access a SP, it creates a SAML Authentication Request and redirects the user to IdP to be authenticated according to this authentication request. If the user is successfully authenticated, IdP creates a SAML authentication response and sends it back to SP through the user’s browser.

Continue reading “SAMLReQuest Burpsuite Extention”

Continue reading
Events
by Robert Scholz

unrubby: reversing without reversing

The talk “unrubby: reversing without reversing” was part of the Troopers conference in Heidelberg, 16 March 2016. The talk was done by Richo Healey, who is currently working on the security engineering team at the Irish payment company Stripe. Richo Healey is an experienced conference speaker. Amongst other he has spoken at Kiwicon, DEF CON and 44con.
 
In his talk Richo Healey spoke about reverse engineering of Ruby software. First he talked about existing tools and techniques to regenerate source code from Ruby bytecode. Then he presented a new concept, which is implemented in his tool “unrubby”.

Continue reading “unrubby: reversing without reversing”

Continue reading
Building
by Matthias Luft

Check your SAP landscape for default Solution Manager users

This is a guest post from Joris van de Vis @jvis,  on his upcoming Troopers talk. Additional credits go to: Robin Vleeschhouwer, and Fred van de Langenberg.

 

Picture1

As presented at Troopers this year, ERP-SEC research has uncovered a set of potential default accounts related to the use of SAP Solution Manager. These default accounts might pose a big risk to your SAP supported business as some of them have wide authorisations. It is therefore important to check if they exist in your landscape and change the default passwords.

Continue reading “Check your SAP landscape for default Solution Manager users”

Continue reading
Breaking
by Niki Vonderwell

How to crack a white-box without much effort

By: Philippe Teuwen (@doegox)

White-box cryptography is a relatively new field that aims at enabling safely cryptographic operations in hostile situations.
A typical example is its use in digital-right management (DRM) schemes, but nowadays you also find white-box implementations in mobile applications such as Host Card Emulation (HCE) and the protection of credentials to the cloud.
In all these use-cases the software implementation uses the secret key of a third-party which should remain secret from the owner of the device which is running this executable.

Continue reading “How to crack a white-box without much effort”

Continue reading