Penetration Testing

We have talked about SlowHTTPTest in detailed here, 2 days ago Shekyan released a new version, below is summary of change log.

SlowHTTPTest 1.4 release notes:

  • Added man pages as doc support
  • Some bug fixes
  • and now it can handle 64000 concurrent connections  😀 OpsS!!

You can read our previous post in detail that would help you, how to compile and use it.

Download and install SlowHTTPTest latest version :

wget http://slowhttptest.googlecode.com/files/slowhttptest-1.4.tar.gz
tar -zxvf slowhttptest-1.4.tar.gz

[Keep Reading…]

HookWorm Stealth is an old PHP Backdoor just like c99Shell created by Justin Klein Keane as Proof of concept.

HookWorm Stealth provides less features than c99Shell but it’s activity can’t be track easily like c99Shell. it uses Cookies to leave no TRACE in Web server access log.

HookWorm Stealth PHP Backdoor Features :

  • Find .htaccess
  • Find open ports on remote system
  • Search for writable files or directories
  • and many more.

Download HookWorm Stealth from  http://www.madirish.net/sites/default/files/hookworm.php.tar.gz

When you get access of remote web server SHELL, the access log of web server will throw /index.php 200 OK status code that’s a normal good HTTP request.

To read further about HookWorm Stealth, go to the author blog

FBPwnknown in community commonly as Facebook Profile dumper have released latest version last week FBPwn Beta – 0.1.7 We have already talked about it in detail. We have also shoot FBPwn video tutorial can be viewed here

In this release there are some bug fixes, it doesn’t contain new features.

Issues fixed :

  • getting authenticated profile’s ID while logging in
  • Friend list dumping feature.
  • Adding victim’s friends.
  • Profile cloning
  • Image dumper

Download FBPwn Beta – 0.1.7 from

http://fbpwn.googlecode.com/files/FBPwn-beta-0.1.7.zip

Few months back we posted Apache Range Byte flaw named ‘KillApache’ where we posted a perl script that can be use to freeze Apache web server in seconds(We have tested it) This time Miroslave Stampar(Co-Author of SQLMap tool) written this tool with few extended features in python scripting language named it ‘KillApachePy’

New enhancements :

  • Automated input parameters
  • Proxy support
  • Chose custom page of your target
  • Chose custom HTTP method e.g GET, HEAD
You can download it from github

Google and Web Performance

Well, we should accept that Google is working hard to improve user experience on web. They have proved with their search engine, soon then launch Gmail as super fast web mail that allowed more storage for users and so many other initiatives that includes spdy alternative http protocol.

Few months back they launched Public DNS Service which claimed to be Super FAST dns server publicly available.

Google DNS Servers : 8.8.8.8 & 8.8.4.4

[Keep Reading…]

What is PScan?

PScan is a multi-threaded port scanner that can scan 65535 port numbers. It is very efficient, super fast compare to Nmap but provide a limited set of features.

Features :

  • Perform SYN scan
  • Define port ranges to scan (by default attempt to scan all)
  • Resolves port number to known services.

How to install PScan?

There isn’t any binary available for PScan so we have to compile it from the source code. Before compiling it, you need to make sure you have libpcap library installed at your system.
This HowTo can be followed for any linux distro e.g CentOS, BackTrack, LinuxMint etc.
Dependency
aptitude install libpcap-dev

cd /tmp/
wget http://www.secpoint.com/freetools/threaded-syn-port-scanner-2.0.zip
unzip threaded-syn-port-scanner-2.0.zip
cd threaded-syn-port-scanner-2.0/
make
cp -a pscan /bin/

It is cooked.

Now simple run;
pscan

How to use PScan?

PScan can be use with following options;

Example :
pscan 10.0.54.23 -p 1-65535 -n 20 -w 2000 -r -M

-p : Define port ranges
-n : Number of threads that runs ports scan
-w : Max time to wait for next port scan
-r : If you want to resolve port number to known service name e.g 53 # DNS
-M : Lookup for Mac Address.

Note : You must provide IP address to scan it. You can use nslookup or dig command line utility.

If you have any question or suggestion feel free to comment.