Skip to main content

Posts

Showing posts from May 22, 2008

Hotspotter - Automatic wireless client penetration

Hotspotter passively monitors the network for probe request frames to identify the preferred networks of Windows XP clients, and will compare it to a supplied list of common hotspot network names. If the probed network name matches a common hotspot name, Hotspotter will act as an access point to allow the client to authenticate and associate. Once associated, Hotspotter can be configured to run a command, possibly a script to kick off a DHCP daemon and other scanning against the new victim.

SEAT

SEAT (Search Engine Assessment Tool) is the next generation information digging application geared toward the needs of security professionals. SEAT uses information stored in search engine databases, cache repositories, and other public resources to scan a site for potential vulnerabilities. It’s multi-threaded, multi-database, and multi-search-engine capabilities permit easy navigation through vast amounts of information with a goal of system security assessment. Furthermore, SEAT’s ability to easily process additional search engine signatures as well as custom made vulnerability databases allows security professionals to adapt SEAT to their specific needs. Features Supported Search Engines: o Google o Yahoo o MSN o A9 o AltaVista o AllTheWeb o AOL o DMOZ Vulnerability Databases: o GHDB o NIKTO o GSDB o WMAP o URLCHK o NESTEA Advanced Features: o Mine domain names belonging to a target site o Indirectly scan a range of IP addresses o Quickly create new custom Search Engine signatures ...

wicrawl

Wicrawl is a simple wi-fi (802.11x) Access Point auditor with a simple and flexible plugin architecture. The plugins allow us to find out useful information about an AP so we don’t have to manually check each access point. Plugins are implemented for existing common tools, and new plugins can be written in any language. Wicrawl is able to use multiple cards, and eventually will be able to use multiple computers. The goal is to automate the tedious task of scanning wi-fi access points for interesting information. This can be a useful tool for penetration testers looking to “crawl” through massive numbers of APs looking for interesting data. Plugins will be everything from DHCP and nmap to aircrack or hooks to move a motorized directional antenna around. Major features: o Passive detection of Access Points (This means that if there are clients, we can find out the SSIDs from APs that have broadcast turned off). o Support for multiple cards. Discovery can be run from one card, while the p...

Open Research

Busting The Bluetooth Myth Author(s): Max Moser Topic: During the last year, rumours had come to my attention that apparently it is possible to transform a standard 30USD Bluetooth® dongle into a full-blown Bluetooth® sniffer. Thinking you absolutely need Hardware to be able to hop 79 channels 1600 times a second I was rather suspicious about these claims. This paper is the result of my research into this area, answering the question whether it is possible or not. How to Grab Ressources - a Practical Guide Author(s): Andreas Naepflin Topic: This is a small tutorial about Reverse Engineering. This tutorial explains how to manually unpack a UPX-packed executable and manually extract a resource out of it. Phun with Fortiguard Filters Author(s): Satya Jith Topic: Funny issue with Fortiguard Filters and HTTPs OpenWRT Madness Author(s): Mati Aharoni Topic: Getting Metasploit to run on a Linksys Router Netgear WG511 External Antenna Modification Author(s): Paul Mansbridge Topic: Adding an ant...