Chrome Extensions for Security Professionals

Google Chrome Extensions

During Recent days we have seen a phenomenal increase in usage of Google Chrome Browser, however Security Professionals are still looking at Firefox for there day to day life usage, the basic reason behind it is large set of firefox extensions backing it up, we have also custom builds like OWASP Mantra doing the round.

So for those who love using Google Chrome and still miss the large plugin base here is a list of must have plugin set for the Security professional’s.

Note : Usage could be offensive and defensive both, its upto the user to decide. the content here is for informational purpose only

CAUTION : LONG POST …. continue below only if you can give time coz this post is large.

Continue reading “Chrome Extensions for Security Professionals”

Do you like what you read, What to share it

Database protection Techniques : a different prespective

Tips for Db Security

Disclaimer : This post keeps in mind the web frontends and web applications based attacks on DB Servers in mind.

  1. Any Userid used for web application connectivity should be clipped to specific ip addresses that could be localhost in case of same server usage for Db and App server. If two separate servers are used then clip the user id (s) with the application server ip address / hostname. Keep a strick log of who access the id and when.

  2. 1st entry in user /password data base should be a dummy entry with zero privilege and could be used to act as honeypot too.

  3. Default accounts to be removed / blocked.

  4. User Input validation should be a 3 step process.

    1. Web Page / Client Side validation : Jscript.

    2. Server (Application) : OWASP ESAPI or custom functions ocould be used.

    3. DB: use PL/SQL functions to strip input data.

  5. Another good utility to keep in mind is DBA_USERS_WITH_DEFPWD : contains list of users with default passwords, and with 11g all default accounts are locked.

  6. Web application developers should be provided with 3 different user level access to be used inside web application.

    1. Read Access : user with access to select query only.

    2. Write access: User with select update and delete access

    3. App_mod : access to write access plus drop and trunk.

Developers need to make sure the proper user access is used as and when required.

Note : I know a large number of developers might start crying on this that this will increase their headache but then in long run this could turn out to be a life saver.

Please share your opinion is this a good approach, is it going to help you. What do you thing should be added to this.

Tips for Db Security

  1. Any Userid used for web application connectivity should be clipped to specific ip addresses that could be localhost in case of same server usage for Db and App server. If two separate servers are used then clip the user id (s) with the application server ip address / hostname

  2. Web application developers should be provided with 3 different user level access to be used inside web application.

    1. Read Access : user with access to select query only.

    2. Write access: User with select update and delete access

    3. App_mod : access to write access plus drop and trunk.

Developers need to make sure the proper user access is used as and when required.

Note : I know a large number of developers might start crying on this that this will increase their headache but then in long run this could turn out to be a life saver.

  1. 1st entry in user /password data base should be a dummy entry with zero privilege and could be used to act as honeypot too.

  2. Default accounts to be removed / blocked.

  3. User Input validation should be a 3 step process.

    1. Web Page / Client Side validation : Jscript.

    2. Server (Application) : OWASP ESAPI or custom functions ocould be used.

    3. DB: use PL/SQL functions to strip input data.

  4. DBA_USERS_WITH_DEFPWD : contains list of users with default it.

    1. 11 g : all accounts will be locked and expiered byt default.

Do you like what you read, What to share it

Nullcon CTF BattleUnderground 2011 Walkthrough

Finally after nearly 3 months i have been able to compile the complete walkthrough.

So presenting the walkthrough for Battle underground.

Please keep some notes in mind
1) Most of the stuff is done after servers were shutdown so i have to manage with directions only and not screenshots.
2) Feel free to ask questions or suggest alternative approach if you have any.

As usual PDF uploaded @ Slideshare
Embedded Version here.

Direct download link

View the slides @ slideshare

Do you like what you read, What to share it

protection wordpress username enumeration

After my last post exploiting username enumeration i have looked deep and found a simple workaround to patch your blog for this vulnerability till wordpress has something to add to it.

I am right now using a wordpress plugin : Redirections
https://wordpress.org/extend/plugins/redirection/

Inside the plugin page which comes under : tools -> redirections

Add a new rule with following settings.

Source url : ^(.*)/?author=(.*)
target url : /
Reg Exp : Yes
Match : url only
Action : Redirect to url

and Add Redirection

all done… just try any url with ?author=no

now this url will be redirected back to your main page effectively nullifying the effect of user name enumeration.

Do you like what you read, What to share it

WordPress User Enumeration PoC Shell Script

We have recently seen WordPress User name enumeration Vulnerability disclosure here http://seclists.org/fulldisclosure/2011/May/493

Versions Effected are : 2.6, 3.1, 3.1.1, 3.1.3

Here i am enclosing a simple PoC which could be run on Bash Shell.
(Note : PoC on python is already available for those who are curious)

 

Code could be download from here : https://github.com/anantshri/script-collection/blob/master/wp-user-enum.sh

Do you like what you read, What to share it

Hack IM Walk Through : Nullcon – 2011

After nearly one week of finishing the HackIM challenge, I have finally got the time to finally document the whole process with as much link and screen-shots as possible.

However i didn’t went ahead and released the doc at that time coz a lot of users where playing and i don’t wanted to spoil their fun.
However as tomorrow we will have a new game to play, So here i am releasing the document for general public to have a look at the whole contest in a step by step walk through.

However the main aim for doing this is to gather responses from the junta and in turn find optimum ways of solving the problems as well as to get introduced to various other tools and techniques others might have used to perform the task in much simpler and quicker way.

PDF file has been uploaded in Slide-share for sharing purposes.

Embedded Version here.

Direct download link

View the slides @ slideshare

Do you like what you read, What to share it

Howto add PPA in debian

I am back with some more scripting fun.

I have been working on configuring my new debian machine and found one utility very lacking in debian and that was add-apt-repository.
So i set down and took my time out and finally i am able to mix match this simple script.

Disclaimer: I know adding ppa can have adverse effects on debian machines

At this point the work that this script performs is

  1. add the repository of the ppa. (here i am using lucid as the distribution of choice, coz i am using squeeze as my debian version)
  2. add the gpg key to the keyring.

Disclaimer

  • This script is at this pointed tested only on one machine. debian Squeeze (mint Flavoured.)

File : add-apt-repository.sh

Steps to install this.

  1. Download file

$ wget https://blog.anantshri.info/content/uploads/2010/09/add-apt-repository.sh.txt

2.  Save this file in /usr/sbin/

$ cp add-apt-repository.sh.txt /usr/sbin/add-apt-repository

3.  Change permissions to execute

$ chmod o+x /usr/sbin/add-apt-repository

4.  Change ownership to root

$chown root:root /usr/sbin/add-apt-repository

5.  Now when ever you need to execute command type

$ sudo add-apt-repository ppa:ppa-name

Opening this script to larger audience so that we can crowdsource efforts if someone likes it.

hope this can help someone

File : add-apt-repository.sh

Change Log

7 – Jan – 2011 : Updated the tutorial to place the file @ /usr/sbin as suggested at various during comments.

6 – Aug – 2011 : Updated the script to deal with the security hole (although not easily exploitable) as suggested by 7eggert at comment no 23

10 Sep – 2011 : bin corrected to sbin in step 3 and 4..  : thanks to Craig for pointing that out

Do you like what you read, What to share it

404-notifier modified for more details

 

Image by CyboRoZ

I have been using this great plugin by Alex King named as 404-notifier.

This plugin has one specific role and that is to find 404 error on your website and then notify it to you by RSS or E-mail.

But the e-mail generated are not of much use as it tells me only one part of story i.e. URL that was hit and got 404.

So i modified the code and now it makes a lot of sense and gives me some inside on what is actually happening.

So my latest code and send out messages with following details. (providing Pic of the sample message.)

and i have been using this for past 1 yr on my blog. so what exactly i can get from this extra info.

If the link is not refereed by any page then it means that link is either marked as bookmark or some automated bot is trying to access the URL.

User Agents tells a lot more about who is accessing the link.

and just in case you don’t what to be irritated by a perticular user you always have his I.P. address to block him in htaccess.

So i have launched the modifed code at 404-notifier @ google code

hope this code can help someone.





Do you like what you read, What to share it