Monday, January 09, 2012

Technical Workshop Material for BPPT

3 comments
Last year (actually more than a month ago :lol:). I and two other friends had an opportunity to give a workshops related to Information Security to the participants from BPPT. This workshop covers most aspects of Information Security, and aims to provide hands-on experience to participants for every sessions/material.

I myself assigned to convey the three sessions/materials, namely:
1. Security Penetration Testing,
2. Network Security, and
3. Internet Security.


While others will cover: Wireless Security, Web application Security, Digital Forensic, Firewall and IPS/IDS,

Surely the time 4 hours/subject is far from enough, but 90% of time used for hands-on and 10% of it for theory, so that we hope the participants still get an overview of the activities they do alone


Here is the 10% (the theory materials), most of the image, screenshot, video are removed :)


Friday, January 06, 2012

Python-Nmap patch supporting product version

1 comments
This is a patch code for python-nmap module, to parse product and product version output from nmap result; Or we can simply develop yet-our-own-and-another XML parser, but why bother reinveting the wheel, we can just modify python-nmap to meet our needs. So, thanks to Alex for python-nmap module, and here is the patch to get product and product version.

*** nmap.py.ori 2011-10-09 14:21:55.000000000 +0700
--- nmap.py 2011-12-17 22:33:13.000000000 +0700
***************
*** 7,12 ****
--- 7,13 ----
  Author : Alexandre Norman - norman at xael.org
  Contributors: Steve 'Ashcrow' Milner - steve at gnulinux.net
                Brian Bustin - brian at bustin.us
+ Patch : To support output product and product version by y3dips - y3dips at echo.or.id
  Licence : GPL v3 or any later version
  
  
***************
*** 294,319 ****
                  state = dport.getElementsByTagName('state')[0].getAttributeNode('state').value
                  # reason
                  reason = dport.getElementsByTagName('state')[0].getAttributeNode('reason').value
!                 # name if any
                  name = ''
                  for dname in dport.getElementsByTagName('service'):
                      name = dname.getAttributeNode('name').value
!                 # store everything
                  if not proto in list(scan_result['scan'][host].keys()):
                      scan_result['scan'][host][proto] = {}
                  scan_result['scan'][host][proto][port] = {'state': state,
                                                    'reason': reason,
!                                                   'name': name}
                  script_id = ''
                  script_out = ''
!                 # get script output if any
!                 for dscript in dport.getElementsByTagName('script'):
!                     script_id = dscript.getAttributeNode('id').value
!                     script_out = dscript.getAttributeNode('output').value
!                     if not 'script' in list(scan_result['scan'][host][proto][port].keys()):
!                         scan_result['scan'][host][proto][port]['script'] = {}
! 
!                     scan_result['scan'][host][proto][port]['script'][script_id] = script_out
  
  
          self._scan_result = scan_result # store for later use
--- 295,332 ----
                  state = dport.getElementsByTagName('state')[0].getAttributeNode('state').value
                  # reason
                  reason = dport.getElementsByTagName('state')[0].getAttributeNode('reason').value
!                 # name, product, ostype if any
                  name = ''
+                 
                  for dname in dport.getElementsByTagName('service'):
                      name = dname.getAttributeNode('name').value
!                     try:
!                         product = dport.getElementsByTagName('service')[0].getAttributeNode('product').value
!                     except:
!                         product = None
!                     try:
!                         version = dport.getElementsByTagName('service')[0].getAttributeNode('version').value
!                     except:
!                         version = None
!         # store everything
                  if not proto in list(scan_result['scan'][host].keys()):
                      scan_result['scan'][host][proto] = {}
+                 
                  scan_result['scan'][host][proto][port] = {'state': state,
                                                    'reason': reason,
!                                                   'name': name,
!                                                   'product': product,
!                                                   'version': version}
                  script_id = ''
                  script_out = ''
!         # get script output if any
!             for dscript in dport.getElementsByTagName('script'):
!                 script_id = dscript.getAttributeNode('id').value
!                 script_out = dscript.getAttributeNode('output').value
!                 if not 'script' in list(scan_result['scan'][host][proto][port].keys()):
!                     scan_result['scan'][host][proto][port]['script'] = {}
!             
!                 scan_result['scan'][host][proto][port]['script'][script_id] = script_out
  
  
          self._scan_result = scan_result # store for later use
so, it will give you this kind of output :

Thursday, January 05, 2012

(hot) Dark Reading Vulnerable with XSS? WTF

0 comments
 I just wanna read this "AntiSec Hacks Signal Same Old, Same Old in Database security" posting at Dark Reading, but after a while i found out that it seems that the page get redirected to pastehtml.com, with some defaced page created by attacker.