A Simple Script to Get Top Passwords Cracked

Several days ago, I took a break from doing my work. I did an exercise to sharpened my “rusty” scripting skills. My goal was to develop a simple script using Ruby to get the top passwords cracked from MD5 Statistics page. This should be an interesting exercise for my brain. :D

Unfortunately, my scripting skills was so rusty, so it took me a while to code this simple script.

Continue reading

Kernel Panic Error Message. Is It ?

After doing an upgrade to MSF4, when I run msfconsole, I was greeted by the following “scary error message” :

Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33f
EFLAGS: 00010046
eax: 00000001 ebx: f77c8c00 ecx: 00000000 edx: f77f0001
esi: 803bf014 edi: 8023c755 ebp: 80237f84 esp: 80237f60
ds: 0018   es: 0018  ss: 0018
Process Swapper (Pid: 0, process nr: 0, stackpage=80377000)


Stack: 90909090990909090990909090
90909090990909090990909090
90909090.90909090.90909090
90909090.90909090.90909090
90909090.90909090.09090900
90909090.90909090.09090900
..........................
cccccccccccccccccccccccccc
cccccccccccccccccccccccccc
ccccccccc.................
cccccccccccccccccccccccccc
cccccccccccccccccccccccccc
.................ccccccccc
cccccccccccccccccccccccccc
cccccccccccccccccccccccccc
..........................
ffffffffffffffffffffffffff
ffffffff..................
ffffffffffffffffffffffffff
ffffffff..................
ffffffff..................
ffffffff..................


Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00
Aiee, Killing Interrupt handler
Kernel panic: Attempted to kill the idle task!
In swapper task - not syncing

What a “cool” welcome message. :D

goorecon.rb small problems

While doing a research I utilized goorecon.rb in BackTrack 4. Unfortunately I encountered several problems while using it to enumerate email address.

Let’s produce the problem again here. I want to enumerate all of the email addresses of domain yourbank.com using goorecon.rb :

./goorecon.rb -e yourbank.com
call_center@emyourank.com
helpdesk@emyourank.com
info@emyourank.com

Can you see where the problems are ?

Continue reading

Suricata RC1 Has Been Released

Suricata RC1 has been released. The latest version include the following new features :

  • Support for the http_headers keyword was added
  • libhtp was updated to version 0.2.3
  • Privilege dropping using libcap-ng is now supported
  • Proper support for “pass” rules was added
  • Inline mode for Windows was added

I have also updated the openSUSE RPM specfile for the latest Suricata release.

RPM Spec File for Suricata 0.8.x

Several days ago, Suricata version 0.8.1 was released. One of the change in this release is that the LibHTP is included with the Suricata package.

To ease the Suricata installation, I am developing an RPM spec file for openSUSE 11.1. It was based on the work of Josh at SecureMind and several openSUSE packagers.

Here is the files included in the RPM :

/etc/suricata/suricata.yaml
/usr/bin/suricata
/usr/include/htp/bstr.h
/usr/include/htp/dslib.h
/usr/include/htp/hooks.h
/usr/include/htp/htp.h
/usr/include/htp/htp_decompressors.h
/usr/include/htp/utf8_decoder.h
/usr/lib64/libhtp-0.2.so.1
/usr/lib64/libhtp-0.2.so.1.0.2
/usr/lib64/libhtp.a
/usr/lib64/libhtp.so
/usr/share/doc/packages/suricata
/usr/share/doc/packages/suricata/AUTHORS
/usr/share/doc/packages/suricata/INSTALL
/usr/share/doc/packages/suricata/LIBHTP_LICENSING_EXCEPTION
/usr/share/doc/packages/suricata/QUICK_START
/usr/share/doc/packages/suricata/TODO
/usr/share/doc/packages/suricata/doxygen.conf

You can download the spec file here.

Book Info : “Security Add-ons Benteng Firefox Anda” Has Been Released

In my previous post, I informed you that I was writing a book on information security for Internet users. Now the book has been published.

Information of the book :

  • Title ” Security Add-ons” Benteng Firefox Anda
  • Publisher : PC+
  • Published : in December 2009
  • ISBN : 979-3827-35-1
  • Page : 95

And here is the book cover :

It should be available in the bookstore near you with a reasonable price, so please buy it. :D

Nmap 5.20 Released

I just got information that Fyodor has released Nmap version 5.20.

It offers more than 150 significant improvements, including:

  • 30+ new Nmap Scripting Engine scripts
  • enhanced performance and reduced memory consumption
  • protocol-specific payloads for more effectie UDP scanning
  • a completely rewritten traceroute engine
  • massive OS and version detection DB updates (10,000+ signatures)

You can find out more about this in the CHANGELOG

UPDATE: On Jan. 27, 2010, Fyodor released Nmap 5.21, it’s a bug-fix release.