Posted On:January 2013 - Pentest Geek

standard

How do I phish? – Advanced Email Phishing Tactics

2013/01/30 - By 

I’m often times asked how I perform email email phishing attacks.  Email phishing attacks are very compelling, and unique to each situation. The process of creating a successful email phishing campaign is very methodical, and most of the time and effort goes up front into the planning phase.

Understanding that good security is a multilayer approach and we will have many layers of security that could potentially destroy our email phishing campaign. Some of these layers may include Email Gateway Spam Filters, Outlook ‘Junk Email’ Filters, Host based Antivirus, Intrusion Prevention Systems, Web Proxy Servers, Egress filtering, and the list goes on and on.

Read More


standard

Hard coded encryption keys and more WordPress fun

2013/01/16 - By 

Metasploit modules [1, 2]

A few days ago I was chatting with pasv about a recent vulnerability he discovered. Apparently there was demand for Razer Synapse which syncs the configuration for a Razer mouse to the “cloud”. Syncing configurations to the cloud was most likely needed since some of Razer models have so many buttons the mouse has its own full blown number pad on the side. Pasv got bored and did what any good bored security professional does and reverse engineered the Razer Synapse installer. He discovered that the encryption key and IV were hard coded for the “Remember my password” feature (PoC).

The vulnerability was recently fixed before the new year (12/27/12), via an auto-update in the Razer Synapse software but we figure there are probably at least a few configuration files still sitting out there. This vulnerability was very similar to a recent metasploit module @zeknox and I released about Spark IM so it was fairly painless to write up a new module to exploit this configuration.

Read More


standard

WordPress Pingback Portscanner – Metasploit Module

2013/01/03 - By 

Github Module [1]

The latest version of WordPress, version 3.5 was recently released on December 11, 2012. This latest version of WordPress comes pre-packaged with the XML-RPC interface enabled by default. This is just the type of configuration that us pentesters love to see during an engagment. This additional attack surface may be just the little extra that a pentester needs.

WordPress doesn’t actually give you an easy option in the settings to disabled the XML-RPC interface. It’s much more complicated than that. You must install an additional plugin (which can make your WordPress site more vulnerable) or edit the source code directly. With this in mind, you can be assured that there will be tons of WordPress 3.5 websites out on the internet with their XML-RPC interface enabled and publicly accessible.

Read More


Follow Pentest Geek

twitterrssyoutubetwitterrssyoutube

Subscribe to Pentest Geek

Recent Posts

Penetration Testing

Categories

Metasploit

Web Application Hacking

css.php