Well, I run with psymera a CTF game and we are constantly adding new VMWare machines and new tests just to keep on playing and not get bored. As part of a internal training where I work I started to create some videos on how to use SQLMap (I promise to upload here shortly in a big rant about it) so I started on what everyone does: update your version.

And something interesting happened, sqlmap enumeration broke (gorgeous) but it didn’t look much like it, it baffled me at first, so much that I had to do all by hand and asked psymera if he changed something, he said no.

So this is the info of the updated sqlmap version to that date:


root@fsckOSX:/pentest/database/sqlmap# svn info
Path: .
URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
Repository Root: https://svn.sqlmap.org/sqlmap
Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
Revision: 4380
Node Kind: directory
Schedule: normal
Last Changed Author: stamparm
Last Changed Rev: 4380
Last Changed Date: 2011-09-19 12:08:08 -0700 (Mon, 19 Sep 2011)


the SVN rev is 4380, latest at Sep 19th, here is the example of a run against the vulnerable web server with this revision.

Continuar leyendo »

I’ve been in the security environment for quite around years now, I don’t consider myself an expert but I consider myself knowledgeable, one thing is all my life I’ve had awesome people around me, giving me always advise, knowledge and pushing my creativity.

I recently catch upon Cenzic having a pretty interesting patent, which basically covers any code that baselines a web page and then injects faulty code into parameters to verify vulnerabilities. Yes you read correctly, this patent awarded in 2007 covers all web scanners and even powerful fuzzers into the patent, why it was granted? beats me I presume whoever checked it out didn’t really find prior art (there is) or really understand what was being patented (go lawyer+techie talk) the result? an overlapping patent.

Now a patent should ALWAYS be used defensively, which means “I protect myself from other people coming and breaking my stuff, asking me for money for something I developed or saying I didn’t create it” the problem is, Cenzic is NOT using the patent defensively, they are using it to get money out of web scanner companies.

IBM/HP already did a cross licensing deal with them, (probably giving them their crawler technology) and now they went and asked NTObjectives an insane amount of money, result? NTObjectives is fighting back, the filed a suit which will then break the patent and stop this company from basically extorting money out of other companies for a very generic and broken patent.

It makes me sad, why? because one of the patent owners is someone I really respect: Greg Hoglund, the founder of rootkit.com, his books are great and I love them, but this patent, this is wrong. It saddens me the fact that someone on the security environment (I hate using the industry word, because grayhats and blackhats are not on the industry but are still on the environment) would do this and let it go.

I created then the website www.stop232patent.com you can follow an in depth detail of the analysis of the patent, trial, prior art, etc.

I often stay away from political and economical sources, why? well due to my job and research I believe I should not be involved in any of them, is my job not to be bias against nobody that could potentially be my client, so I just shut up, even with close relatives, friends and relationships.

As the release of trapper was getting closer I started thinking what good would the complete release of the software will do, and I came up with this answers:
- Nothing, nobody would use it
- Some people would use it for kicks, mostly to hack their own networks or hack work
- It could be used to crack something large and big
- Other people would use it on their audits, call me I’m finished and keep on using my research and work.
- Man in black would seize my server (since it’s on the US) and force the app to be erased after magically appearing with a copy of it.

While the last one appears definitely far fetched the third one got me thinking seriously, not only because of the nature of my research has gone definitely into Hydras and AI / Neural Networks / Expert Systems but because potentially sooner or later it could be pushed into the light and someone will do something that would compromise the years I’ve work on the security field.

I’m not calling that a reporter, as the ones I know they have been always fair to me in developing at story, but today as I unleashed the third rewrite of trapper (yes I had to rewrite 2 times already due to redesign of the objects) someone at the starbucks checked their email via pop, in less than 5 minutes all his email was parsed, loged into facebook, found, friends found, had his avatar picture and was searching who he was talking to in MSN. At that second I realized I stupidly left the domain into * and not localhost, definitely my mistake but … it suddenly hit me, am I making stuff secure or insecure releasing this?
Continuar leyendo »

This is the presentation I’m going to push in Campus Party and in Sec-T in Sweden in september.

This is a complete recode of trapper, even changing the language for ruby, having namespaces on it and the capabilities to attack and exploit miss-configurations.

I’m going to be exporting a git repository the first week of August with the public version of Trapper 1.0 in git.security-dojo.com (It’s not setup yet so don’t even try) and version 1.1 should hit around september in Sec-T.

What stuff is being coded or tested now?

- Sniffing
- Cracking the hashes
- Using hashes to bring more hosts into the game
- Reading emails
- Reading applications
- SSH and telnet into hosts
- Start other sniffer heads in different OS (This is going to take time but oh well)
- More to come!

If you are interested in beta testing Trapper drop me an email, you might not get the chance since I’m really picky on who betas my stuff but you can try :P

YES! I’m getting my behind to California (Client shall remain nameless) to go there have fun around 1 or 2 weeks and go climbing and ruby coding, I’ll probably be very prolific since .. well no I won’t LoL!

I will soon release trapper 1.0 (recoded on python for the framework I’m coding)

Thinking today a bit i tried to ask myself in which part of the “hats” i would go into, or most ppl go into?

I’ve never been a really fan of saying you can be a “pure” color hat, so i came up with this:

Yep .. whitehat with spots of black! juuuuust like my conscience!!

Well, yesterday I was contacted by someone and asked me to go visit a web page, I’m actually not fond of doing that at all, but him being a trustworthy person I clicked on the link and found myself looking at a alert script, “Well sure having a web page you control with java script is not a great triumph” but then I started to check exactly what was being done and executed.

Opened my IExplorer (ugh) and visited the same page, and I just saw a normal XML:

So I came back to Firefox and revisited the webpage:

Continuar leyendo »

Recently I saw an article about web scanners, I personaly don’t like them, why? well

1. They are slow
2. They don’t have a sense of “weight” on the exploits
3. They miss half of the complex stuff

Couple of weeks ago we lost a bid based on the fact that the client tought we did everything automatic (Errr LoL! apparently they don’t read the blog, didn’t read my resume and didn’t reaaaaally understood some facts but then again who can blame the girl that was in charge?) this was hilarious but posed a very good question:

Why all scanners SUCK ARE BAD?

Continuar leyendo »

Bien aki mi ultima creacion para matar todos esos crypters chafas okupados por gran cantidad de malware

para ser indetectables a los AV’s

Continuar leyendo »

Hoy termine de dar de alta whitehats.com.mx un “facebook” (red social) de personas que les interese en seguridad tanto en Mexico como en el mundo, pero mas enfocado a Mexico, intentando poner cada vez mas apenfra y nhacker listo para poder hacer publish de los tools.