miércoles, 29 de noviembre de 2006

Testing Security FatWire 6 (administrator.pdf)

Copiado de la documentación de FatWire, en concreto del manual de administración. Me ha venido bien para una auditoría.

Security Tests for All Systems
After you have implemented your security measures, test your systems.
Security Tests for All Systems
Complete the following steps on your development, management, and delivery systems:


  1. Try to log in to the database with Content Server Explorer using the default user
    accounts:

    • - DefaultReader
      If you can log in using SomeReader as the password, the
      secure.CatalogManager and secure.TreeManager properties are set to
      false. Change them to true.
    • - ContentServer
      If you can log in using FutureTense as the password, change the password
      immediately.
    • - editor
      If you can log in using xceleditor as the password, change the password
      immediately.
    • - fwadmin
      If you can log in using xceladmin as the password, change the password
      immediately.

  2. Verify that the sample site users do not exist on the management or delivery systems.
  3. Verify that you cannot log in as ContentServer/FutureTense using a CatalogManager
    http://servername/pathToservlet/
    CatalogManager?ftcmd=login&username=ContentServer&password=
    FutureTense
  4. Verify that you cannot flush the entire cache as ContentServer/FutureTense using a
    CacheServer URL:
    Note
    Do not remove this directory from the application server. Remove
    it from the web server only.
    http://servername/pathToservlet/
    CacheServer?all=true&authusername=ContentServer&authpassword=Fu
    tureTense
  5. Verify that you cannot log in to the application server as the default administrator user.
  6. Verify that you cannot log in to the database as the default administrator user.
  7. Verify that you cannot log in to the web server as the default administrator user.

Additional Security Tests for the Delivery System

In addition to the preceding six steps, complete the following tasks to test your security
setup on the delivery system:

  1. Verify that you removed the developer forms from the web server:
    http://yourhost/futuretense_cs/Dev
    If the futuretense_cs directory is present, delete it and then set the
    cs.wrapper property to false.
  2. Verify that you cannot log in to CS-Direct:
    http://yourhost/Xcelerate/LoginPage.html
    If you can log in, change the names of the LoginPage and LoginPost pages.
  3. Verify that you mapped URLs for all servlets other than ContentServer, BlobServer,
    CookieServer, and Satellite to display a “404 Page Not Found” message. If you can
    send a request to any other servlet, you should map that URL to an error page
    immediately.


jueves, 23 de noviembre de 2006

Herramientas SQL Injection

Listado al canto:

  • sqlbf: sin duda alguna, la primera, la mejor. Los genios hacen genialidades.
  • sqlinjector: de NGSSoftware, a dia de hoy, un poco desfasada.
  • bfsql blind sql injection para mysql (la mia, vamos). un TODO infinito. y un BUGS infinito++
  • sqlpowerinjector: mysql, oracle, sql-server, postgresql, ¿sybase?.. sql injection normal y blind. Jamas la he conseguido hacer funcionar.
  • sqlmap: blind para mysql y postgresql
  • sqlninja: injection para sql-server.
  • bobcat: para sql-server. no está mal, pero hay que montar un MSDE para hacerla rular... y le cuesta!
  • absinthe: : postgresql, oracle, sql-server, ¿sybase?... bastante maja, aunque tiene un par de fallos que podrian mejorarse...
  • sqlbrute: sql-server y oracle. blind sql injection para dumpear tablas. no va todo lo fina que deberia.
  • automagic: automatización para explotar sql-server.
  • webinspect - sql injector: Comercial, solo disponible en el paquete de webinspect, oracle, sql server, sybase... realmente buena.
  • SQLIBF: realmente buena, muy potente. nice work!
  • Priamos SQLdump de sql-server. Muy sencillo/eficaz en mi experiencia.
  • FG-Injector: un poco liosa en su uso, pero eficiente.
  • SQLDumper:No la he testado aún.
  • SQL Injection Tool: Sin probar.
  • ISR-sqlget. Sin probar
  • SQLix De OWASP, bastante simple.
  • SQLID En ruby, no me convence
  • SQLier script en bash... ehm..
  • Pangolin En los 3 SQL que he probado, no ha funcionando en ninguno, eso si, tiene buena pinta.
  • Squeeza Para MSSQL, liberado en bh2007, ataque basado en tiempo.
  • BSQLHacker Funciona bajo windows, para MSSQL, Oracle y en beta MySQL, basado en tiempos.
  • Marathon Tool de nuestros amigos de ElLadoDelMalisimo, basada en tiempo, d16, una pasada.
  • Witool, koreana, SQLServer y Oracle. No testeada

viernes, 17 de noviembre de 2006

Comprobar cabecera Server de HTTP en HTTPS


Básicamente:

aramosf~$ echo -e "GET / HTTP/1.0\nHost:www.gmail.com\n\n" | openssl s_client -quiet -connect www.gmail.com:443 2>/dev/null|awk -F: '/^Server:/ { print $2 }'

lunes, 13 de noviembre de 2006

Burning BIN/CUE Image en MacOS

El archivo .cue tiene que contener correctamente el directorio del archivo .BIN.

Comandito en consola:
$ drutil -drive internal burn -noverify -eject Imagen.cue


domingo, 12 de noviembre de 2006

Registry MRU Keys / Forensic

No he encontrado mucha información ni ningún listado de claves del registro de windows donde encontrar los MRU más importantes y que se deberian de consultar en todo forense que se precie.

Haciendo un poco de reversing sobre MRU-Blaster y mirando en varios registros, he podido obtener un listado medianamente aceptable.

Trataré de gestionar esta información en un excel que dejaremos colgado en la web de 514.es.

Esta información se puede consultar mediante perl sobre un archivo .reg (exportable facilmente desde el propio regedit, o herramientas como WRR de mitec) o mediante comandos de sistema si el equipo esta encendido:

C:\> reg query "HKCU\Software\Microsoft\Office\11.0\Excel\Resiliency\DocumentRecovery" /s

O hacer un script para que recorrar un archivo y pruebe todas las posibles opciones:
C:\> for /F %i in (forensic_mru.txt) do reg query "%i" /s

Una forma de buscar estas claves de forma rápida y ampliar la lista, podría ser:

C:\>reg query HKCU\ /s | find "Opened" | find "HKEY"
C:\>reg query HKCU\ /s | find "MRU" | find "HKEY"
C:\>reg query HKCU\ /s | find "Recent File List" | find "HKEY"


Y esta es la lista....

HKCU\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Word\Settings\Save As\File Name MRU
HKCU\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Word\Settings\Open\File Name MRU
HKCU\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Word\Settings\Create custom dictionary\File Name MRU
HKCU\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft Word\Settings\Add Custom Dictionary\File Name MRU
HKCU\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft PowerPoint\Settings\Insert Picture\File Name MRU
HKCU\Software\Microsoft\Office\9.0\Common\Open Find\Microsoft PowerPoint\Settings\Save As\File Name MRU
HKCU\Software\Microsoft\Office\10.0\Common\Open Find\Microsoft Word\Settings\Save As\File Name MRU
HKCU\Software\Microsoft\Office\10.0\Common\Open Find\Microsoft Word\Settings\Open\File Name MRU
HKCU\Software\Microsoft\Office\10.0\Common\Open Find\Microsoft Word\Settings\Create custom dictionary\File Name MRU
HKCU\Software\Microsoft\Office\10.0\Common\Open Find\Microsoft Word\Settings\Add Custom Dictionary\File Name MRU
HKCU\Software\Microsoft\Office\10.0\Common\Open Find\Microsoft Word\Settings\Insert Picture\File Name MRU
HKCU\Software\Microsoft\Office\10.0\Common\Open Find\Microsoft Word\Settings\New from Existing Document\File Name MRU
HKCU\Software\Microsoft\Office\10.0\Common\Open Find\Microsoft PowerPoint\Settings\Insert Picture\File Name MRU
HKCU\Software\Microsoft\Office\10.0\Common\Open Find\Microsoft PowerPoint\Settings\Save As\File Name MRU
HKCU\Software\Microsoft\Office\10.0\Common\Open Find\Microsoft Document Imaging\Settings\Save As\File Name MRU
HKCU\Software\Microsoft\Office\10.0\Common\Open Find\Microsoft Document Imaging\Settings\Open\File Name MRU
HKCU\Software\Microsoft\Office\8.0\Common\Open Find\Microsoft Word\Settings\Save As\File Name MRU
HKCU\Software\Microsoft\Office\8.0\Common\Open Find\Microsoft Word\Settings\Open\File Name MRU
HKCU\Software\Microsoft\Office\8.0\Common\Open Find\Microsoft Word\Settings\Select File to Merge Into Current Document\File Name MRU
HKCU\Software\Microsoft\Office\8.0\Common\Open Find\Office\Settings\Open Office Document\File Name MRU
HKCU\Software\Microsoft\Office\8.0\Common\Open Find\Office\Settings\Open Office Document\Any Text MRU
HKCU\Software\Microsoft\Office\8.0\Common\Open Find\Microsoft PowerPoint\Settings\Save\File Name MRU
HKCU\Software\Microsoft\Office\8.0\Excel\Recent File List
HKCU\Software\Microsoft\Office\9.0\Excel\Recent Files
HKCU\Software\Microsoft\Office\10.0\PowerPoint\Recent File List
HKU\.DEFAULT\Software\Microsoft\Office\10.0\Excel\Recent Files
HKCU\Software\Microsoft\Office\10.0\Excel\Recent Files
HKCU\Software\Microsoft\Office\11.0\Excel\Resiliency\DocumentRecovery
HKCU\Software\Microsoft\Office\10.0\Excel\Recent Templates
HKCU\Software\Microsoft\Office\10.0\PowerPoint\Recent Templates
HKCU\Software\Microsoft\Office\10.0\Word\Recent Templates
HKCU\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent File List
HKCU\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Page List
HKCU\Software\Gabest\Media Player Classic\Recent Dub List
HKU\.DEFAULT\Software\Microsoft\MSPaper\Persist File Name
HKCU\Software\Microsoft\MSPaper\Persist File Name
HKCU\Software\Microsoft\MSPaper\Recent File List
HKCU\Software\Foxit Software\Foxit Reader\Recent File List
HKU\.DEFAULT\Software\Microsoft\MSE\10.0\FileMRUList
HKU\.DEFAULT\Software\Microsoft\MSE\10.0\ProjectMRUList
HKU\.DEFAULT\Software\Microsoft\MSE\10.0\SolutionMRUList
HKCU\Software\Microsoft\MSE\10.0\FileMRUList
HKCU\Software\Microsoft\MSE\10.0\ProjectMRUList
HKCU\Software\Microsoft\MSE\10.0\SolutionMRUList
HKCU\Software\Corel\User Assistant\9\Recent Work\WordPerfect\Last Opened
HKCU\Software\Corel\User Assistant\10\Recent Work\WordPerfect\Last Opened
HKCU\Software\Corel\User Assistant\9\Recent Work\QuattroPro\Last Opened
HKCU\Software\Corel\User Assistant\10\Recent Work\QuattroPro\Last Opened
HKCU\Software\Corel\User Assistant\9\Recent Work\Corel Presentations\Last Opened
HKCU\Software\Corel\User Assistant\10\Recent Work\Corel Presentations\Last Opened
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKCU\Software\Microsoft\Internet Explorer\TypedURLs
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\TypedURLs
HKCU\Software\Microsoft\MediaPlayer\Player\RecentFileList
HKCU\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir
HKU\.DEFAULT\Software\Microsoft\MediaPlayer\Player\RecentFileList
HKCU\Software\Microsoft\MediaPlayer\Player\Settings\SaveAsDir
HKCU\Software\Microsoft\MediaPlayer\Preferences\CDRecordPath
HKCU\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist
HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List
HKCU\Software\Google\NavClient\1.1\History
HKU\.DEFAULT\Software\7-ZIP\FM
HKCU\Software\7-ZIP\FM
HKCU\Software\ahead\Nero - Burning Rom\Settings\BrowserDir
HKCU\Software\ahead\Nero - Burning Rom\Settings\ImageDir
HKCU\Software\ahead\Nero - Burning Rom\Settings\NeroCompilation
HKCU\Software\ahead\Nero - Burning Rom\Settings\WorkingDir
HKU\.DEFAULT\Software\Macromedia\Flash 6\Open Document
HKCU\Software\Macromedia\Flash 6\Open Document
HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\LastLoginTime
HKCU\Software\RealNetworks\RealPlayer\6.0\Preferences\LastOpenFileDir
HKCU\Software\SmartFTP\Queue
HKCU\Software\SmartFTP\LocalView
HKCU\Software\WinRAR\General\LastFolder
HKCU\Software\Nico Mak Computing\WinZip\directories
HKCU\Software\Adobe\Acrobat Reader\5.0\AVGeneral\cRecentFiles
HKU\.DEFAULT\Software\Adobe\Acrobat Reader\5.0\AVGeneral\cRecentFiles
HKU\.DEFAULT\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cRecentFiles
HKCU\Software\Adobe\Acrobat Reader\6.0\AVGeneral\cRecentFiles
HKU\.DEFAULT\Software\Adobe\Adobe Acrobat\6.0\AVGeneral\cRecentFiles
HKCU\Software\Adobe\Adobe Acrobat\6.0\AVGeneral\cRecentFiles\c1
HKCU\Software\MGI\VideoWave\Recent File List
HKCU\Software\Sierra Imaging\Image Expert 2000\Recent Album List
HKCU\Software\ahead\Nero - Burning Rom\Recent File List
HKU\.Default\Software\ahead\Nero - Burning Rom\Recent File List
HKCU\Software\ahead\nero wave editor\Recent File List
HKU\.Default\Software\ahead\nero wave editor\Recent File List
HKCU\Software\ahead\Cover Designer\Recent File List
HKU\.Default\Software\ahead\Cover Designer\Recent File List
HKCU\Software\BVRP Software\Annuaire\Recent File List
HKCU\Software\Microsoft\HTML Help Workshop\Recent File List
HKCU\Software\Microsoft\HTML Help Workshop\Project Files
HKCU\Software\Microsoft\HTML Help Workshop\Html Titles
HKCU\Software\Microsoft\HTML Help Workshop\Compressed HTML
HKCU\Software\Microsoft\Picture It! Publishing\5.0\Recent File List
HKCU\Software\Software602\602Tab\Recent File List
HKCU\Software\Software602\WinMgr\1.0\602Tab\Recent Files
HKCU\Software\Software602\602Text\2000\Settings
HKCU\Software\TMT Development\TMT Pascal Lite 3
HKCU\Software\HeadLight\GetRight\TypedURLs
HKU\.Default\Software\HeadLight\GetRight\TypedURLs
HKCU\Software\Jasc\Paint Shop Pro 6\Recent File List
HKCU\Software\Jasc\Paint Shop Pro 7\Recent File List
HKCU\Software\Jasc\Paint Shop Pro 8\Recent File List
HKCU\Software\Greatis\Regrun2\RegAdviser\LocateHistory
HKCU\Software\Ontrack\PowerDesk\CurrentVersion\PDFind\FileNames
HKCU\Software\SpeedBit\Download Accelerator\HistoryCombo
HKCU\Software\Microsoft\Office\10.0\Clip Organizer\Search\Last Query
HKU\.Default\Software\Microsoft\Office\10.0\Clip Organizer\Search\Last Query
HKCU\Software\Microsoft\ClipArt Gallery\2.0\MRUDescription
HKU\.DEFAULT\Software\JetCar\JetCar\Recent File List
HKU\.DEFAULT\Software\JetCar\JetCar\DownDir
HKCU\Software\JetCar\JetCar\Recent File List
HKCU\Software\JetCar\JetCar\DownDir
HKU\.DEFAULT\Software\VB and VBA Program Settings\Microsoft Visual Basic AddIns\VisData6
HKCU\Software\VB and VBA Program Settings\Microsoft Visual Basic AddIns\VisData6
HKU\.DEFAULT\Software\CursorArts\MRU Items
HKCU\Software\CursorArts\MRU Items
HKU\.DEFAULT\Software\Spidersoft\WebZIP\Settings
HKCU\Software\Spidersoft\WebZIP\Settings
HKU\.DEFAULT\Software\Advanced Grapher\RecentFiles
HKCU\Software\Advanced Grapher\RecentFiles
HKU\.DEFAULT\Software\MeeSoft\ImageAnalyzer
HKCU\Software\MeeSoft\ImageAnalyzer
HKU\.DEFAULT\Software\InstallShield\Express\4.0\Recent File List
HKCU\Software\InstallShield\Express\4.0\Recent File List
HKU\.DEFAULT\Software\Impact\Microangelo\Animator\MRU List
HKU\.DEFAULT\Software\Impact\Microangelo\Librarian\MRU List
HKU\.DEFAULT\Software\Impact\Microangelo\Studio\MRU List
HKCU\Software\Impact\Microangelo\Animator\MRU List
HKCU\Software\Impact\Microangelo\Librarian\MRU List
HKCU\Software\Impact\Microangelo\Studio\MRU List
HKCU\Software\Impact\Microangelo\Animator\MRU List
HKU\.DEFAULT\Software\FerretSoft\NetFerret\CurrentVersion\Web
HKCU\Software\FerretSoft\NetFerret\CurrentVersion\Web
HKU\.DEFAULT\Software\ORL\VNCviewer\MRU
HKCU\Software\ORL\VNCviewer\MRU
HKU\.DEFAULT\Software\PowerArchiver\Files
HKCU\Software\PowerArchiver\Files
HKU\.DEFAULT\Software\Microsoft\DevStudio\6.0\Recent File List
HKCU\Software\Microsoft\DevStudio\6.0\Recent File List
HKU\.DEFAULT\Software\e-merge\WinAce\2.0\MRU Items
HKCU\Software\e-merge\WinAce\2.0\MRU Items
HKU\.DEFAULT\Software\JGsoft\EditPadLite\Search
HKCU\Software\JGsoft\EditPadLite\Reopen
HKU\.DEFAULT\Software\VB and VBA Program Settings\3D Canvas\Application
HKCU\Software\VB and VBA Program Settings\3D Canvas\Application
HKCU\Software\7-ZIP\FM
HKU\.DEFAULT\Software\Vallen-Systeme GmbH\Vallen JPegger\MRU-Files-BMP&PCX
HKU\.DEFAULT\Software\Vallen-Systeme GmbH\Vallen JPegger\MRU-Folders-IMG
HKU\.DEFAULT\Software\Vallen-Systeme GmbH\Vallen JPegger\MRU-Folders-MP3
HKCU\Software\Vallen-Systeme GmbH\Vallen Zipper\MRU-Files-ZIP
HKU\.DEFAULT\Software\M.Dev Software\ZG5\MRU Items
HKCU\Software\M.Dev Software\ZG5\MRU Items
HKCU\Software\WinRAR\ArcHistory
HKCU\Software\Trident Software\PowerZip\Recent File List
HKCU\Software\Trident Software\PowerZip\Doc
HKCU\Software\WinRAR\DialogEditHistory\ExtrPath
HKCU\Software\Nico Mak Computing\WinZip\extract
HKCU\Software\Gnucleus\Searches
HKCU\Software\Kazaa\Search
HKU\.Default\Software\Kazaa\Search
HKCU\Software\Jasc\Animation Shop 2\Recent File List
HKCU\Software\Jasc\Animation Shop 3\Recent File List
HKCU\Software\Jasc\Jasc Media Center Plus\Recent File List
HKCU\Software\Jasc\Jasc WebDraw 1\Recent File List
HKCU\Software\Macromedia\Flash 5\Recent File List
HKCU\Software\Macromedia\Flash 6\Recent File List
HKCU\Software\Macromedia\Firework 6\Recent File List
HKCU\Software\Macromedia\Dreamweaver 4\Recent File List
HKCU\Software\Macromedia\Dreamweaver 6\Recent File List
HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
HKCU\SOFTWARE\Microsoft\DirectInput\MostRecentApplication
HKCU\Software\Ulead Systems\Ulead PhotoImpact\7.0\Recent File List
HKCU\Software\SpeedBit\Download Accelerator\HistoryCombo
HKCU\Software\Microsoft\Office\10.0\Clip Organizer\Search\Last Query
HKU\.Default\Software\Microsoft\Office\10.0\Clip Organizer\Search\Last Query
HKCU\Software\Microsoft\ClipArt Gallery\2.0\MRUDescription
HKCU\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor
HKU\.DEFAULT\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor
HKCU\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor
HKCU\Software\Creative Tecg\Creative Wavestudio\Settings
HKCU\Software\Freeware\VirtualDub\MRU List
HKCU\Software\Microsoft\Journal Viewer\MRU
HKCU\Software\Ying3\DLExpert\MAIN
HKCU\Software\Microsoft\Search Assistant\ACMru\5001
HKCU\InstallLocationsMRU
HKU\.Default\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\ContainingTextMRU
HKU\.Default\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\ContainingTextMRU
HCKU\Software\ORL\VNCviewer\MRU
HCKU\Software\RealVNC\VNCViewer4\MRU
HCKU\Software\Ahead\Cover Designer\Recent File List
HCKU\Software\Ahead\Nero - Burning Rom\Recent File List
HCKU\Software\Ahead\Nero WaveEditor\Recent File List
HCKU\Software\DVD Shrink\DVD Shrink 3.2\Recent File List
HCKU\Software\DVDAuthor2\DVD-lab\Recent File List
HCKU\Software\JetCar\JetCar\Recent File List
HCKU\Software\Macromedia\Dreamweaver 8\Recent File List
HCKU\Software\Macromedia\Fireworks\8\ini\Recent File List
HCKU\Software\Macromedia\Flash 8\Recent File List
HCKU\Software\Microsoft\Consola de administración de Microsoft\Recent File List
HCKU\Software\SoulSeek\SoulSeek\Recent File List
HCKU\Software\WinHTTrack Website Copier\WinHTTrack Website Copier\Recent File List

miércoles, 1 de noviembre de 2006

Aplicaciones utiles en XP de microsoft.com

Para limpiar el HIVE del registro, en concreto el CURRRENT_USER, funciona como servicio:
http://www.microsoft.com/downloads/details.aspx?FamilyID=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en

PowerToys interesantes en Microsoft:
http://www.microsoft.com/spain/windowsxp/downloads/powertoys/xppowertoys.mspx

En concreto merecen la pena: TweakUI: para optimizar parámetros del XP SP1 o superior, TaskSwitch: para añadir un thumbnail cuando se hace Alt-Tab, Deskman: Virtual Desktops al puro estilo de Linux