Thursday, February 26, 2009

SQL Queries

Still in the top 10 security threats for 2009 Web Application attacks. During my work i`m facing DB`s that i`m not working on regular basis, which got me to c0mpile a list of queries for mssql, oracle, mysql, postgresql and msaccess. In the following xls file you can find the most used sql injection queries. The list >> constructed from data that i picked from several web sites and dring the days and n1ght of /me @work ;)

Tuesday, February 17, 2009

iPhone 2.2 Backup

In order to make a bit by bit copy use the following method:

On your *nix box open up netcat:
nc -lvp 1337 | dd of=./imagem.dmg bs=4096

On your iPhone/ssh execute the following:
dd if=/dev/rdisk0s2 bs=4096 | netcat 192.168.1.100 1337

If you want to browse y0ur iPhone contents just follow the following directories:
Calendar /mobile/Library/Calendar/calendar.sqlitedb
Call history /mobile/Library/CallHistory/call_history.db
Notes /mobile/Library/Notes/notes.db
SMS /mobile/Library/SMS/sms.db
Adress book /mobile/Library/AddressBook/AddressBook.sqlitedb
voicemail /var/root/Library/Voicemail/voicemail.db
Photos /mobile/Media/DCIM/
Photos /mobile/Media/Photos
Google Maps /moblie/Library/Caches/MapTiles/MapTiles.sqlitedb
Cookies /mobile/Library/Cookies/Cookies.plist
iPhone Recorder /private/var/mobile/Media/iPhoneRecorder

ג'קי אלטל

Advanced Exploitation with Metasploit

I decided to write a post about the new/advanced features in my favorite exploitation framework Metasploit. Those improved tools/features in the advanced framework includes wmap (application mapping), autopwn (what does it sounds like?)

WMAP

"WMAP is a general purpose web application scanning framework for Metasploit 3. The architecture is simple and its simplicity is what makes it powerful. It's a different approach compared to other open source alternatives and commercial scanners, as WMAP is not build around any browser or spider for data capture and manipulation."

STEP 1: load sqlite3 database
>load db_sqlite3
STEP 2: Create new database
>db_create wmapjack.db
STEP 3: Load wmap Database
>load db_wmap
STEP 4: Connect to wmap database
>db_connect wmap.db

Now just add web application target address
>wmap_targets -a http://127.0.0.1
Set it to the new target with the following command:
>wmap_targets -s 1

wmap_run - execute application mapping



The active modules are:
wmap_ssl_vhost WMAP_SERVER
frontpage_login WMAP_SERVER
version WMAP_SERVER
wmap_vhost_scanner WMAP_SERVER
wmap_file_same_name_dir WMAP_DIR - this will take a while (bruteforcing directory names)

wmap_reports - view web application report




Test your application

Wednesday, February 11, 2009

BackTrack 4 Beta released

BT4 - New & improved version, The best so far......another great work by the remote exploit team. some new and exciting features. The most significant of these changes is the expansion from the realm of a Pentesting LiveCD towards a full blown "Distribution".

DOWNLOAD: BackTrack 4 Beta