Kill-9 CrEw Indonesia

Wednesday, January 12, 2011

IPv6 Hackit

IPv6 is future protocol internet with rich of security features but hackers always do research and try to exploit it. Van Hauser of The Hacker Choice (THC) releases his IPv6 attack toolkit to exploit IPv6 protocol weakness. His tools can be freely downloaded on THC website. HD Moore, author Metasploit project wrote paper about Exploiting Tomorrow’s Internet Today: Penetration testing with IPv6 which can be read on http://www.uninformed.org. His paper tells us about exploiting IPv6 applications by proxying/relaying via IPv4.

IPSECS, unofficially releases his IPv6 Hackit on sourceforge and papers which nearly complete explains IPv6 exploitation. IPSECS wrote IPv6-Hackit using Perl Scripting Language which means that the tools don’t need to be compiled. Somehow, this tool needs some perl module to be installed.

This tool supports to do:
Hosts Enumeration finding which host is up/down.
TCP Port scanning to find which port is open/close.
Googling via unix shell to find possible IPv6 domains.
Finding AAAA IPv6 host record from single or massive collected domains.
Getting shell from IPv6 binding shellcode/payload.
Getting shell from IPv6 reverse shellcode/payload.
Exploiting simple IPv6 application weakness (currently this module is still developed)
IPv6 Binding backdoor with authentication (currently this module is still developed)

You can easily download this IPv6 Hackit on ipv6hackit.sourceforge.net.

SIPVicious

SIPVicious tools address the need for traditional security tools to be ported to SIP. This package consists of a SIP scanner, a SIP wardialer, and a SIP PBX cracker. Written in Python.

A new tool has been added to SIPVicious - svcrash.py. As the name implies, it crashes something - svwar.py and svcrack.py. This tool is meant to be used by system administrators and organizations that are receiving unauthorized scans on their exposed IP PBX.

As3 Crypto


As3 Crypto is a cryptography library written in Actionscript 3 that provides several common algorithms. This version also introduces a TLS engine (TLS is commonly known as SSL.)

Protocols: TLS 1.0 support (partial)
Certificates: X.509 Certificate parsing and validation, built-in Root CAs.
Public Key Encryption: RSA (encrypt/decrypt, sign/verify)
Secret Key Encryption: AES, DES, 3DES, BlowFish, XTEA, RC4
Confidentiality Modes: ECB, CBC, CFB, CFB8, OFB, CTR
Hashing Algorithms: MD2, MD5, SHA-1, SHA-224, SHA-256
Paddings available: PKCS#5, PKCS#1 type 1 and 2
Other Useful Stuff: HMAC, Random, TLS-PRF, some ASN-1/DER parsing

The library is offered under the BSD license, and include several derivative works from Java, C and javascript sources. Check the LICENSE.txt file for a list of contributors.

You can browse the source, download the source or download the SWC binary
Check out the release notes for a bit more details.

Source & Download

OpenSCAP

The OpenSCAP Project was created to provide an open-source framework to the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities. It is the goal of OpenSCAP to provide a simple, easy to use set of interfaces to serve as the framework for community use of SCAP.

SCAP is a line of standards managed by NIST. It was created to provide a standardized approach to maintaining the security of enterprise systems, such as automatically verifying the presence of patches, checking system security configuration settings, and examining systems for signs of compromise.

The SCAP suite contains multiple complex data exchange formats that are to be used to transmit important vulnerability, configuration, and other security data. Historically, there have been few tools that provide a way to query this data in the needed format. This lack of tools makes the barrier to entry very high and discourages adoption of these protocols by the community. It’s our goal to create a framework of libraries to improve the accessibility of SCAP and enhance the usability of the information it represents. Tools for parsing SCAP documents and querying content must be created to achieve this. This requires common set of interfaces to be defined and implemented to meet this need. It is the intent of this project to provide these interfaces and functional examples that would allow others in the open-source and vendor communities to make use of SCAP while minimizing the effort needed to gain value from it.

 
Kill-9 CrEw Indonesia Copyright © 2009 Blogger Template Designed by Bie Blogger Template