A Simple Script to Get Top Passwords Cracked

Several days ago, I took a break from doing my work. I did an exercise to sharpened my “rusty” scripting skills. My goal was to develop a simple script using Ruby to get the top passwords cracked from MD5 Statistics page. This should be an interesting exercise for my brain. :D

Unfortunately, my scripting skills was so rusty, so it took me a while to code this simple script.

Continue reading

Kernel Panic Error Message. Is It ?

After doing an upgrade to MSF4, when I run msfconsole, I was greeted by the following “scary error message” :

Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33f
EFLAGS: 00010046
eax: 00000001 ebx: f77c8c00 ecx: 00000000 edx: f77f0001
esi: 803bf014 edi: 8023c755 ebp: 80237f84 esp: 80237f60
ds: 0018   es: 0018  ss: 0018
Process Swapper (Pid: 0, process nr: 0, stackpage=80377000)

Stack: 90909090990909090990909090

Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00
Aiee, Killing Interrupt handler
Kernel panic: Attempted to kill the idle task!
In swapper task - not syncing

What a “cool” welcome message. :D

Security Incident at Automattic

Automattic, the company behind the WordPress.com platform experienced a low-level break-in to several of its servers.

Although at this moment, there haven’t any information about the extend of this incident, as the Automattic’s people are still doing investigation.

If your blog is located in the wordpress.com domain, you may want to follow the suggestions offered by the WordPress about the security fundamentals located in the link mentioned above.

goorecon.rb small problems

While doing a research I utilized goorecon.rb in BackTrack 4. Unfortunately I encountered several problems while using it to enumerate email address.

Let’s produce the problem again here. I want to enumerate all of the email addresses of domain yourbank.com using goorecon.rb :

./goorecon.rb -e yourbank.com

Can you see where the problems are ?

Continue reading

OSSIM : Lessons Learned from Tuning Snort IDS

Recently I’ve been busy with tuning Snort IDS (Intrusion Detection System) included with OSSIM. Compare to the installation process, the tuning process is much more involved and time-consuming.

You may wonder why should you do the tuning for you IDS ? Because if you don’t tune the IDS to suit your network environment (servers, network devices, security devices) you will get a lot of events. And I really mean A LOT OF. I received more than 100,000 events each day during the days before I did the tunnng.  It’s a sure thing that if you received this number of events, you will not analyze them, you may not even read them anymore. The good thing is they are all false-positive, so you can ignore them. And of course you don’t want to store those false-positive events to disk. After the tuning process, I received less than ten events per day. :D

Continue reading

Suricata RC1 Has Been Released

Suricata RC1 has been released. The latest version include the following new features :

  • Support for the http_headers keyword was added
  • libhtp was updated to version 0.2.3
  • Privilege dropping using libcap-ng is now supported
  • Proper support for “pass” rules was added
  • Inline mode for Windows was added

I have also updated the openSUSE RPM specfile for the latest Suricata release.

OWASP Top 10 2010

OWASP just released the latest Top 10 Web Application Security Risks for 2010. And here is the list :

  • A1: Injection
  • A2: Cross-Site Scripting (XSS)
  • A3: Broken Authentication and Session Management
  • A4: Insecure Direct Object References
  • A5: Cross-Site Request Forgery (CSRF)
  • A6: Security Misconfiguration
  • A7: Insecure Cryptographic Storage
  • A8: Failure to Restrict URL Access
  • A9: Insufficient Transport Layer Protection
  • A10: Unvalidated Redirects and Forwards