Thursday, February 17, 2005
"Google Hacking" Honeypot
Check out the article on Securiteam about this new form of Honeypot which is designed to combat the type of hacking using search engines made popular by johnny ihackstuff.
Tuesday, February 08, 2005
DNSWalker released
The latest tool from pentester labs ™.
DNSWalker enumerates the sub-domains of internet domain names. This tool was designed to rapidly locate hosts on large networks (e.g. Class B address ranges) while staying "under the radar", without the need to ping or port scan.
The tool reads through the contents of the dnswalker.txt text file for potential sub-domains and sends the query to your DNS server to check if an IP address exists for the sub-domain. Adding sub-domains is as easy as editing the text file.
DNSWalker enumerates the sub-domains of internet domain names. This tool was designed to rapidly locate hosts on large networks (e.g. Class B address ranges) while staying "under the radar", without the need to ping or port scan.
The tool reads through the contents of the dnswalker.txt text file for potential sub-domains and sends the query to your DNS server to check if an IP address exists for the sub-domain. Adding sub-domains is as easy as editing the text file.
LMCrack Mirror
PlanetMirror has come to my rescue and is now mirroring LMCrack.
Nice to be helped out, especially by another Aussie company.
Nice to be helped out, especially by another Aussie company.
Wednesday, February 02, 2005
Time-limited Acrobat documents
I recieved some great security standards documents in Acrobat PDF format through a course I attended last year. I went to access them recently only to find that document text had been blacked out and a message telling me that the document had expired. I don't think so!
I could find the same information on the web but this was now a personal challenge.
So how to access the document? I changed the date back a year on the system clock, Bingo! Unprotected doc. Hmm... Adobe security maybe? So I removed the Adobe document protection, set the date back to today - back to the black screen and the message.
OK, I turned to my copy of Solid PDF Converter, sure enough it spat out a nicely formatted Word document. Cool, so the document wasn't encrypted.
Googling for once turned out to be relatively fruitless, until I found someone on a forum asking for a piece of Javascript to do exactly what my document was doing. Of course! Here's me the security dude with programming experience and I didn't think of the obvious.
Open Acrobat, Edit->Preferences->Select JavaScript->Uncheck "Enable Acrobat JavaScript". Time-limited Acrobat PDF document neutered! The only drawback was a nag screen about JavaScript being disabled everytime I accessed the document.
This lead to further investigation... why do I want a PDF executing JavaScript in the first place?
Anyway to cut a now boring story short, if you want to permanently kill off JavaScript in Acrobat go to the c:\Program Files\Adobe\Acrobat X.X\Reader\plug_ins directory where X.X is the version of Acrobat that you have installed and rename or delete the EScript.api file. No more JavaScript in Acrobat.
I have now taken this one step further and renamed the entire plug_ins directory. This results in NO plug ins loading and Acrobat loads in under a second compared to about 8 seconds with all the plug ins loading.
There has been no noticeable adverse effects on the rendering of PDF documents, although I have since had to recreate the plug ins directory and copy the search.api file to re-enable the searching of PDF documents.
I could find the same information on the web but this was now a personal challenge.
So how to access the document? I changed the date back a year on the system clock, Bingo! Unprotected doc. Hmm... Adobe security maybe? So I removed the Adobe document protection, set the date back to today - back to the black screen and the message.
OK, I turned to my copy of Solid PDF Converter, sure enough it spat out a nicely formatted Word document. Cool, so the document wasn't encrypted.
Googling for once turned out to be relatively fruitless, until I found someone on a forum asking for a piece of Javascript to do exactly what my document was doing. Of course! Here's me the security dude with programming experience and I didn't think of the obvious.
Open Acrobat, Edit->Preferences->Select JavaScript->Uncheck "Enable Acrobat JavaScript". Time-limited Acrobat PDF document neutered! The only drawback was a nag screen about JavaScript being disabled everytime I accessed the document.
This lead to further investigation... why do I want a PDF executing JavaScript in the first place?
Anyway to cut a now boring story short, if you want to permanently kill off JavaScript in Acrobat go to the c:\Program Files\Adobe\Acrobat X.X\Reader\plug_ins directory where X.X is the version of Acrobat that you have installed and rename or delete the EScript.api file. No more JavaScript in Acrobat.
I have now taken this one step further and renamed the entire plug_ins directory. This results in NO plug ins loading and Acrobat loads in under a second compared to about 8 seconds with all the plug ins loading.
There has been no noticeable adverse effects on the rendering of PDF documents, although I have since had to recreate the plug ins directory and copy the search.api file to re-enable the searching of PDF documents.
