crazylazy.info

txtUnverified updates? Bad idea? Well... a working concept. Automatic updates most times are activated because lazy Administrators - or those who think security isn't worth concerning about - activate them thinking everything that eases their work is good. It turns out that the update process is an open door. Evilgrade delivers a nice framework to fake updates into running applications and plant a trojan.
There's no checkup for SSL certs (not important right?), just some md5 sum check - but replaceable. Cygwins package manager btw. is vulnerable too. It seems to be possible to globally fake an update server with Dan's DNS exploit.
The first age of hacking was attacking servers, the second age is attacking client apps. The third age is attacking files, that are downloaded by the computer, because there's no verification whether the site you're downloading from is trusted.

Putting restrictions on the client to hardend it against attacks is important. Evilgrade is released with a demo to look at. It will be developed further. JavaUpdate, WinZip, Notepad++ - impressive, isn't it? Ownable - everything.


Through pauldotcom this week I got a nice shell script: the one line portscanner:

HOST=192.168.1.97;for((port=1;port/dev/null | grep 'Connected to' > /dev/null;then echo -en "\n\nport $port/tcp is open\n\n";fi;done | grep open

CISCO Shellcode is always good to have: Read here. The IOS privilege elevator.
Another good podcast this week is StackOverflow.


This week Corsair delivered a MacOS 10.5 hardending guide, which isn't containing lots of new stuff. Most stuff is typical to any Unix environment. The Mandatory Access Control realised in sandbox-exec backs up the mDNSresonder i. e. and Safari - which creates a separating layer between important OS functions and the application, which may get exploited. I don't think it's as far as systrace, AppArmor or SELinux. Btw: SMACK may be worth a look for a fast setup. Latter both are Linux Kernel based.


SamuraiWTF is a Web-App pentesting Live distribution, which has some Windows tool emulated via wine, too. I like Live stuff, and added it to my VM repository. Hack the login password on your own. If you can't - this isn't for you. gooscan, Maltego, beef, w3af and some OWASP stuff. Preconfigured, nice, fast - and portable. Thanks to Kevin Johnson and Justin Searle.
Adding a writeable partition for a local wiki maybe useful. You may be in need to document changes. But I prefer LaTeX, sending the files via sftp to a remote host, calling my customised vim via ssh. Funstuff. Interesting distri. Even just for checking out the tools. - And it's NOT SLAX! :) That's great.


- Get your AntiVirus. :) Of you need that crap: you failed.


Have fun,
wishi