Research
BiDiBLAH Case Study (Part 2)
With our recent release of BiDiBLAH 2.0, we’ve decided to revisit some real world scenarios, and ways BiDiBLAH can deal with it… Herewith, part 2. All the scenarios can be downloaded from the BiDiBLAH home page.
Scenario:
We have a class B network internally. Many of the users run FTP servers on their machines. We do not allow this – but how do I identify these machines?
Solution:
Using BiDiBLAH, define your network as netblocks.
SPUD reminder(s)
After some queries regarding SPUD, I thought it would be a good idea to blog this reminder:
* Spud can only be run as an administrative user.
* Spud cannot be run by directly accessing the .exe. You should run SPUD from the shortcut provided. The reason being: SPUD cannot start from the \bin directory, but only from the \bin parent directory. (default: Program Files\SensePost SPUD). I.e, run “bin\SPUD.exe” from the installation directory as below:
reDuh reVisited…
We’ve had a number of issues with reDuh and the various server versions published. Some clients worked with some versions of the server, and didn’t play nicely with others.
I am happy to say that these have all been resolved now. The single reDuhClient now works with JSP, ASPX and PHP versions of reDuh. Its been tested on a number of different platforms.
Additionally, the new reDuh client supports some enhancements. These are:
reDuh.ASPX
An additional issue has been discovered in the ASPX version of reDuh. Although the script did work as expected, it did not set the ScriptTimeout value. This resulted in reDuh terminating active connections once the page timeout had expired.
This has been fixed in the ASPX version. A copy can be grabbed from here. More information regarding reDuh can be found here.
ASPX and reDuh
We’ve received a number of queries regarding folkses unable to get the ASPX version of reDuh to work.
In truth, the client had a faulty HTTP implementation meaning that HTTP requests were malformed. Apache and Tomcat cope admirably with the malformed requests, IIS does not.
So, we’ve built a new client version for reDuh which will play nicely with IIS. Apart from the bugfix, the new version also supports SSL. A direct link to the updated client is here. More information regarding reDuh is here.
QoW: Software Reversing and Exploitation
I’ve developed a FTP like multi-threaded server application as a target for this challenge of the month. It has been coded in c and compiled by VC++ 2008. This is a three step challenge:
Step 1- Find the correct “passphrase” format to logon to the server and get the “Access Granted” message. (You may use a debugger like Ollydbg to do Live RE for this step).
Step 2- Do vulnerability research on the server software. There is at least one exploitable bug but there could be more bugs or error conditions. Try to spot a memory corruption bug and write a denial of service exploit for it.
BiDiBLAH 2.0 Released!
Yup, that’s right, BiDIBLAH 2.0 has finally been released and is available for purchase at an incredibly low US$500!! You can get BiDiBLAH here. Users who would like to try it out first, can download the evaluation copy, which is limited to a 60 minute runtime. Also, check out the FAQ page for some common / technical questions and answers.
./frankieg
Wikto 2.1 XMAS edition
The latest version of Wikto (2.1) is available for download here. New features include time anomaly reporting and easier access to findings. A few bugfixes have also been made (thanx to some valuable user feedback). Happy holidays from the research and dev team.
./frankieg
(v2.1 XMAS image)
BiDiBLAH 2.0 BETA
Good news to all the blah’ers out there! The BETA version of BiDiBLAH 2 is available for download here.
As you probably know, [a real quick and easy] registration is required, and version 2 of BiDiBLAH runs on dotnet framework 2.
./frankieg
BlackHat/DefCon 2008 – Tool Release(s)
Hey guys..
Our BlackHat/Defcon talk this year featured a few tools that we promised to release.. The first tool, or set of tools is reDuh which can be found [here]. reDuh is made up of 2 parts, a local proxy and a server component (which is jsp, php or asp). If you run the local proxy on your machine while pointing it to the server component, you are able to make TCP connections clean through the web-server. This comes in surprisingly helpful (and if nothing else is really cute!). You can read more about reDuh (with pretty pictures) by checking out the [reduh page] or by checking out our [Vegas slides].