Wireshark 1.2.1 Released – Network Protocol Analyzer

Wireshark is the world’s foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions.

Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998. Many of you will know it as Ethereal.

Features

•Deep inspection of hundreds of protocols, with more being added all the time

•Live capture and offline analysis

•Standard three-pane packet browser

•Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others

•Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility

•The most powerful display filters in the industry

•Rich VoIP analysis

•Capture files compressed with gzip can be decompressed on the fly

You can see the full changelog for version 1.2.1 here:
Wireshark 1.2.1 Release Notes

You can download Wireshark 1.2.1 here:
Windows 32-bit – wireshark-win32-1.2.1.exe
Source code – wireshark-1.2.1.tar.bz2

bsqlbf v2.3 Released – Blind SQL Injection Brute Forcing Tool

This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections.

Bsqlbf first hit the net back in April 2006 with bsqlbf v1.1, then the v2.0 update in June 2008 .This new update adds much better Oracle support.

Databases supported:

•MS-SQL
•MySQL
•PostgreSQL
•Oracle

The 6 Attack Models

•Type 0: Blind SQL Injection based on true and false conditions returned by back-end server

•Type 1: Blind SQL Injection based on true and error(e.g syntax error) returned by back-end server.

•Type 2: Blind SQL Injection in “order by” and “group by”.

•Type 3: extracting data with SYS privileges (ORACLE dbms_export_extension exploit)

•Type 4: is O.S code execution (ORACLE dbms_export_extension exploit)

•Type 5: is reading files (ORACLE dbms_export_extension exploit, based on java)

New additions

-type: Type of injection:

3: Type 3 is extracting data with DBA privileges
(e.g. Oracle password hashes from sys.user$)
4: Type 4 is O.S code execution(default: ping 127.0.0.1)
5: Type 5 is Reading O.S files(default: c:\boot.ini)

Type 4 (O.S code execution) supports the following sub types:

-stype: How you want to execute command:

0: SType 0 (default) is based on java,
universal but won’t work against XE
1: SType 1 against oracle 9 with plsql_native_make_utility
2: SType 2 against oracle 10 with dbms_scheduler

You can download bsqlbf v2.3 here:
bsqlbf-v2-3.pl

GFI LANguard 9 Review – Network Security Scanner & Vulnerability Management Tool

GFI released version 9 of their scanner (overview here) with improvements to the scanning engine and the interface (including the monitoring dashboard which gives you a good heads-up of the scan results).

One of the big positives with LANguard was the ability to detect patch levels and automatically roll out patches over the network. This makes it a very comprehensive solution, the recent versions also include checks to ensure 3rd party software such as Anti-virus solutions are also up to date (full features here).

It’s as easy to install and get up and running as ever, if you do have any issues the Installation Guide is here [PDF].

Getting started with a scan is as easy as clicking 1 button, the interface has been simplified and it’s a lot more attractive . In fact it’s simple enough that non-security IT folks could use it without much problem.

After a scan is complete you have a choice to Analyze or Remediate. The Analysis section will give you fairly detailed instructions on any vulnerabilities found (including a vulnerability level) and full system information including shares, patch levels and so on.

The Remediate section will inform you of missing patches and allow you to apply these. Other than the standard MS patches and service packs you can also deploy 3rd party applications and uninstall rogue software.

Most things in the scanner can be scheduled too so for example if you want to scan outside of office ours or roll out software/patches at the weekend you can set LANguard to do that.

The dashboard is a nice addition which gives you an overview of the network security and the changes in vulnerabilities over time.

It also comes with the generic network utilities like Whois, DNS Lookup, Traceroute & SNMP Walk.

All in all it’s a great tool, especially for those managing Windows based networks. It makes your life a LOT easiest and it makes it easier to manage patches and software across the Domain.

It’s not a hardcore security tool, which means it also appeals to people more in the Sys Admin & Network areas of the industry. If you have any Windows machines do give it a look, perhaps start with the free version below.

You can download the latest version here:
GFI LANguard 9 Download

Pricing is done on a per-IP basis with prices starting from around $32USD per IP for a 10-24 IP block.

There is also a FREE version available here:

GFI LANguard 9 5-IP Freeware edition

Chinese Firm Writes First SMS Worm

Once again China is at the forefront! A group of Chinese companies has managed to develop the first SMS worm!

" Three Chinese companies — XiaMen Jinlonghuatian Technology, ShenZhen ChenGuangWuXian Technology, and XinZhongLi TianJin — created the ‘Sexy Space’ worms or Yxe Worm (Worm:SymbOS/Yxe.D) and submitted to Symbian OS-based phones through the express signing procedure, said F-Secure Security Labs recently.

“The worm is the first text message worm in history,” said Chia Wing Fei, security response senior manager at F-Secure. “Our labs have received few confirmed reports from China and Middle East at the moment.”

The first stage of Symbian’s signing process is done automatically using an antivirus engine, said Chia, adding that once an application has been submitted and scanned, random samples are then submitted for human audit.

However, most applications are not inspected by humans through the express signing procedure, he noted.

An attacker can therefore put a web link pointing to the worm’s web site into a text message and invite the user to download the worm by clicking the link, Chia said. Once activated, the worm will install itself on the device, and send a similar text messages to all phonebook contacts listed, he added.

“These messages are sent in your name and from your phone. It means you will pay for each SMS sent by the worm. A typical cost for a single text message might be 5 cents. If you have 500 contacts in your phone, an infection would cost you 500 times 5 cents,” Chia noted. "

Source: Network World

sqlmap 0.7 Released – Automatic SQL Injection Tool

Sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications.

Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Recent Changes
Along all the takeover features introduced in sqlmap 0.7 release candidate 1, some of the new features include:

•Adapted Metasploit wrapping functions to work with latest 3.3 development version too.

•Adjusted code to make sqlmap 0.7 to work again on Mac OSX too.

•Reset takeover OOB features (if any of –os-pwn, –os-smbrelay or –os-bof is selected) when running under Windows because msfconsole and msfcli are not supported on the native Windows Ruby interpreter.

•This make sqlmap 0.7 to work again on Windows too.

•Minor improvement so that sqlmap tests also all parameters with no value (eg. par=).

•HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+.

For a complete list of changes view the ChangeLog.

The manual is available here – README.pdf [PDF]

You can download sqlmap 0.7 here:
Linux Source: sqlmap-0.7.tar.gz
Windows Portable: sqlmap-0.7_exe.zip