Today i was reading interesting post by Zone-h.org Which says 1.5 million websites were defaced and reported on Zong-h. Most of the attacks were SQL Injections, LFI, RFI, Web Dav and misconfiguration of the web server or application itself.
The report further says, large number of attacks happened on Linux Operating System. We talk too much about Linux kernel but the first thing is code which need to be written in efficient way.
Some interesting numbers in chart is mentioned on this page too, Up to date stats
MySQL.com was compromised via amazing blind SQL injection. You can see the database, tables & users informations on full disclosure website.
Vulnerable Target : http://mysql.com/customers/view/index.html?id=1170
Host IP : 188.8.131.52
Web Server : Apache/2.2.15 (Fedora)
Powered-by : PHP/5.2.13
Injection Type : MySQL Blind
Current DB : web
The worse is they posted passwords dump and hundreds of people have already cracked it. We recommend you to change your password on urgent basis as it is the normal bad practice people use same password for all online portals e.g web mail, paypal and so on.
The good or bad guy who had fun with it is ;
[+] Author: Jackh4xor @ w4ck1ng
[+] Site: http://www.jackh4xor.com
Nmap on Android phone
Nmap is open source security scanner used for network exploration. We have been using it widely on Linux and windows operating system. And now we have finally got Nmap for android. This is really great to see.
Nmap for Android
NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows. NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files.
Network Miner is for those who are not much familiar with using WireShark. Network Miner made easy to sniff packets from the network and categories and sort it in different tabs so you can interesting sniffed stuff. You can also analyze pcap files which are dumped using WireShark.
Some cool features can be found :
- Fully GUI application run on Windows platform.
- Open source application.
- Sniff User names of any mailing or social website e.g facebook,twitter,gmail and paypal so on…
- All sort of cookies can be sniffed with one click.
- Extraction of Facebook, Twitter, Yahoo, Windows Live(Hotmail) messages. (You don’t need password of someone to see his emails )
and more detailed features can be seen on official Network Miner web
Network miner has recently launched payware Professional version which provide some extra features e.g reporting, geo localization, command line script support.
Although the free version is so powerful, you will love it. We have been using it for long time.
Latest version is announced today.
Application : NetworkMiner_1-0.zip
Source code : NetworkMiner_1-0_source.zip
ChangeLog : ChangeLog
Netsparker- False Positive Free Web Application Security Scanner
All web application security scanners report false-positives, which means they report vulnerabilities that don’t exist.
Netsparker will try lots of different things to confirm identified issues. If it can’t confirm it and if it requires manual inspection, it’ll inform you about a potential issue generally prefixed as [Possible], but if it’s confirmed, that’s it. It’s a vulnerability. You can trust it.
Netsparker confirms vulnerabilities by exploiting them in a safe manner. If a vulnerability is successfully exploited it can’t be a false-positive. Exploitation is carried out in a non-destructive way.
When Netsparker identifies an SQL Injection, it can identify how to exploit it automatically and extract the version information from the application. When the version is successfully extracted Netsparker will report the issue as confirmed so that you can make sure that the issue is not a false-positive.
Some of great features supported by Netsparker
- Detailed Issue Reporting
RTF / Word
- Integrated Exploitation Engine
Exploitation of SQL Injection Vulnerabilities
Getting a reverse shell from SQL Injection vulnerabilities
Exploitation of LFI (Local File Inclusion) Vulnerabilities
Downloading source code of all crawled pages via LFI (Local File Inclusion)
Downloading known OS files via LFI (Local File Inclusion)
- Custom 404 Detection
- Heuristic URL Rewrite Detection
- List of Vulnerability Checks
- List of issues Netsparker is looking for.
- SQL Injection
- XSS (Cross-site Scripting)
- XSS (Cross-site Scripting) via Remote File Injection
- XSS (Cross-site Scripting) in URLs
- Local File Inclusions & Arbitrary File Reading
- Remote File Inclusions
- Remote Code Injection / Evaluation
- OS Level Command Injection
- CRLF / HTTP Header Injection / Response Splitting
- Find Backup Files
- Crossdomain.xml Analysis
- Finds and Analyse Potential Issues in Robots.txt
- Finds and Analyse Google Sitemap Files
- Detect TRACE / TRACK Method Support
- Detect ASP.NET Debugging
- Netsparker identifies if ASP.NET Debugging is enabled.
- Detect ASP.NET Trace
- Netsparker detects if ASP.NET Tracing is enabled and accessible.
- Checks for CVS, GIT and SVN Information and Source Code Disclosure Issues
- Finds PHPInfo() pages and PHPInfo() disclosure in other pages
- Finds Apache Server-Status and Apache Server-Info pages
- Find Hidden Resources
- Basic Authentication over HTTP
- Source Code Disclosure
- Auto Complete Enabled
- ASP.NET ViewState Analysis
- ViewState is not Signed
- ViewState is not Encrypted
- E-mail Address Disclosure
- Internal IP Disclosure
- Cookies are not marked as Secure
- Cookies are not marked as HTTPOnly
- Directory Listing
- Stack Trace Disclosure
- Version Disclosure
- Access Denied Resources
- Internal Path Disclosure
- Programming Error Messages
- Database Error Messages
For more detailed features screen shots & demo click here