Monday, April 20, 2009

Open Source Voting System

Today reading the " Understanding Open Source Application in The Voting Industries" and following some discussions on it, I found several Open Source Voting Softwares and Methodologies.

1. OpenSTV
2. FREE e-democracy project
3. evm
4. EML Voting Project
5. Verifyable Electronic Voting
6. SOLON-free election program
7. electronic voting platform
8. osdv-sharp
9. Open Source Democracy
10. Secure Electronic Voting System



Since I believe Open Source is a great development methodology to prevent Security issues, I'm going to investigate more on some of this tools, especially the number 6,7 and 10. Again, if someone of you guys, knows (in terms of "has used") these systems please let me know some impressions between them.

Saturday, April 18, 2009

SQL injection to get access to OS

Hi folks,
today I'd like to point out an amazing Black Hat's talk concerning SQL injection. As you know SQL injection has been really used in the past years and it's a well known background that every attacker has. This talks seems to be pretty much different.


Over ten years have passed since a famous hacker coined the term "SQL injection" and it is still considered one of the major web application threats, affecting over 70% of web application on the Net. A lot has been said on this specific vulnerability, but not all of the aspects and implications have been uncovered, yet.

It's time to explore new ways to get complete control over the database management system's underlying operating system through a SQL injection vulnerability in those over-looked and theoretically not exploitable scenarios: From the command execution on MySQL and PostgreSQL to a stored procedure's buffer overflow exploitation on Microsoft SQL Server. These and much more will be unveiled and demonstrated with my own tool's new version that I will release at the Conference.



The author will discuss his new sqlmapper. Since I have no much experience with this tool ( I use to do SQL injection by hand, in the old way ..) I'm not going to describe it, I just wanna show how it seems powerful by attaching some relevant screen shots on what it does.

List of available DataBases:


List of available tables:



I'm going to investigate more about this tool, if someone knows better then me sqlmap, please lets some comments regarding his experiences.
Thanks

Monday, April 6, 2009

Italy: earthquake


Photo from www.repubblica.it

As you Know, these are difficult days for italian people. A powerful earthquake destroyed many cities in the center of italy.
Today my deep thought goes to Italian people who slept the first night without own home. I guess it's terrible.



Photo from www.repubblica.it

FAST-TRAK, fast and easier.

Hi Folks,
today I wanna point out this amazing penetration testing tool. As you know doing penetration testing could be very long and very stressful especially if you need to replace the same actions to many penetrations points. For this reason fastrak developers decided to automatize the entire process. Here we go, a high impact logo and a nice web site for fastrack
The introduction directly from web site.

For those of you new to Fast-Track, Fast-Track is a python based open-source project aimed at helping Penetration Testers in an effort to identify, exploit, and further penetrate a network. Fast-Track was originally conceived when I was on a penetration test and found that there was generally a lack of tools or automation in certain attacks that were normally extremely advanced and time consuming. In an effort to reproduce some of my advanced attacks and propagate it down to my team at SecureState, I ended up writing Fast-Track for the public. Many of the issues Fast-Track exploits are due to improper sanitizing of client-side data within web applications, patch management, or lack of hardening techniques. All of these are relatively simple to fix if you know what to look for, but as penetration testers are extremely common findings for us. Fast-Track arms the penetration tester with advanced attacks that in most cases have never been performed before. Sit back relax, crank open a can of jolt cola and enjoy the ride. 

A really aggressive video showing how it works.


Fast-Track comes with three different modes, interactive/menu mode, command line, and web front-end.
The Interactive mode is a menu based mode that allows you to enter commands and receive output based on the commands executed. To use fast-track interactive mode type:

python fast-track.py -i


Command line mode allows you to use the command line interface to execute attacks, this is always useful for scripting. To use fast-track command line mode type:

python fast-track.py -c


The web GUI gives you an interactive graphical interface when interacting with Fast-Track. To use fast-track web front-end mode type:

python fast-track.py -g or python ftgui.py


You can also type python fast-track.py 99999 (or whatever port number you want) to use an alternate port then 44444.
Once Fast-Track launches, go to your web browser and type localhost:44444