Comments for http://travisaltman.com Wed, 16 May 2012 13:17:56 +0000 hourly 1 http://wordpress.org/?v=3.3 Comment on windows privilege escalation via weak service permissions by GreenDog http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/comment-page-1/#comment-1271 GreenDog Wed, 16 May 2012 13:17:56 +0000 http://travisaltman.com/?p=550#comment-1271 OK, one of them was not 0-day. It was Cisco VPN client. VPN client's folder has a normal permissions(Read and Execute) for "User" group, but also it has full permissions for "Interactive". So, any user can change the service's executable :) But the vuln was only in one Cisco VPN client version - 5.0.07.0290, which I have. I thought that it is the last version, but Cisco said that the last is 5.0.07.04xx. So it isn't 0-day )) OK, one of them was not 0-day.
It was Cisco VPN client.
VPN client’s folder has a normal permissions(Read and Execute) for “User” group, but also it has full permissions for “Interactive”. So, any user can change the service’s executable :)
But the vuln was only in one Cisco VPN client version – 5.0.07.0290, which I have. I thought that it is the last version, but Cisco said that the last is 5.0.07.04xx. So it isn’t 0-day ))

]]> Comment on Honeypot / honeyd tutorial part 1, getting started by dev http://travisaltman.com/honeypot-honeyd-tutorial-part-1-getting-started/comment-page-1/#comment-1269 dev Tue, 08 May 2012 11:20:35 +0000 http://travisaltman.com/?p=353#comment-1269 in the last it shows "aborting dhclient on interface wlan0 after 12 tries" in the last it shows
“aborting dhclient on interface wlan0 after 12 tries”

]]> Comment on Honeypot / honeyd tutorial part 1, getting started by dev http://travisaltman.com/honeypot-honeyd-tutorial-part-1-getting-started/comment-page-1/#comment-1268 dev Tue, 08 May 2012 11:19:11 +0000 http://travisaltman.com/?p=353#comment-1268 hey travis i am implementing honeyd using ubuntu and ma interface to network is wlan0 n i am not able to det dhcp offer...............plz help hey travis
i am implementing honeyd using ubuntu and ma interface to network is wlan0 n i am not able to det dhcp offer……………plz help

]]> Comment on password dictionary generator by Tristan http://travisaltman.com/password-dictionary-generator/comment-page-1/#comment-1267 Tristan Mon, 07 May 2012 02:35:55 +0000 http://travisaltman.com/?p=199#comment-1267 hi hi

]]> Comment on password dictionary generator by derka http://travisaltman.com/password-dictionary-generator/comment-page-1/#comment-1266 derka Mon, 07 May 2012 02:22:23 +0000 http://travisaltman.com/?p=199#comment-1266 BitcoinPlusMiner("donny@bitcoinplus.com") can you make it for python 3 BitcoinPlusMiner(“donny@bitcoinplus.com”)

can you make it for python 3

]]> Comment on Honeypot / honeyd tutorial part 1, getting started by travis http://travisaltman.com/honeypot-honeyd-tutorial-part-1-getting-started/comment-page-1/#comment-1265 travis Sat, 05 May 2012 13:51:17 +0000 http://travisaltman.com/?p=353#comment-1265 Dave, You could just open up port 80 in your config but I assume you're wanting to do more than that? There is a way to actually serve up web pages but I forget the actual instructions. I hate to punt you but the book "Virtual Honeypots" is an excellent resource on doing things like that. Dave,

You could just open up port 80 in your config but I assume you’re wanting to do more than that? There is a way to actually serve up web pages but I forget the actual instructions. I hate to punt you but the book “Virtual Honeypots” is an excellent resource on doing things like that.

]]> Comment on windows privilege escalation via weak service permissions by Rarbocs http://travisaltman.com/windows-privilege-escalation-via-weak-service-permissions/comment-page-1/#comment-1264 Rarbocs Wed, 02 May 2012 21:16:41 +0000 http://travisaltman.com/?p=550#comment-1264 Very informative, I knew most of the above but there were bits I was not aware off Thank You Very informative, I knew most of the above but there were bits I was not aware off
Thank You

]]> Comment on Honeypot / honeyd tutorial part 1, getting started by Dave http://travisaltman.com/honeypot-honeyd-tutorial-part-1-getting-started/comment-page-1/#comment-1263 Dave Wed, 02 May 2012 18:22:44 +0000 http://travisaltman.com/?p=353#comment-1263 Hi, how can I use this honeyd to set up as a web server in Windows or BackTrack 5? Hi, how can I use this honeyd to set up as a web server in Windows or BackTrack 5?

]]> Comment on Webscarab Tutorial Part 3 (fuzzing) by Kiran DJ http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/comment-page-1/#comment-1262 Kiran DJ Wed, 02 May 2012 06:25:55 +0000 http://travisaltman.com/webscarab-tutorial-part-3-fuzzing/#comment-1262 Hi Travis, Many thanks for your informative posts, While working on my project instead of fuzzer i used XSS/CRLF functionality available in webscarab, the difference that i found was In fuzzer you have to select the attack vectors against the listed parameters one at a time, so if in case of 5 different parameters you have to repeat the fuzzing task 5 times (This reply is purely according to my experience, i welcome if someone found a nice method to do it) Assume that particular URL methods are vulnerable to XSS/CRLF attacks then I bet, that particular URL will be picked up by the XSS/CRLF section, the beauty of this method is assume that you have five parameters, you just have to update "Edit Test Strings" (add some more attack vectors, one below one) and click on Check button, all parameters will be auto injected and you will find the response. Here no need to inject parameter by parameter as it in case of fuzzer. If you are already updated this feature somewhere else then that's awesome, or else I request you to update it. Correct me if I am wrong Note: If parameters are vulnerable then you will definitely get a response or else there will be no response. Hi Travis,

Many thanks for your informative posts,

While working on my project instead of fuzzer i used XSS/CRLF functionality available in webscarab, the difference that i found was

In fuzzer you have to select the attack vectors against the listed parameters one at a time, so if in case of 5 different parameters you have to repeat the fuzzing task 5 times (This reply is purely according to my experience, i welcome if someone found a nice method to do it)

Assume that particular URL methods are vulnerable to XSS/CRLF attacks then I bet, that particular URL will be picked up by the XSS/CRLF section, the beauty of this method is
assume that you have five parameters, you just have to update “Edit Test Strings” (add some more attack vectors, one below one) and click on Check button, all parameters will be auto injected and you will find the response.

Here no need to inject parameter by parameter as it in case of fuzzer.

If you are already updated this feature somewhere else then that’s awesome, or else I request you to update it.

Correct me if I am wrong

Note: If parameters are vulnerable then you will definitely get a response or else there will be no response.

]]> Comment on Honeypot / honeyd tutorial part 1, getting started by travis http://travisaltman.com/honeypot-honeyd-tutorial-part-1-getting-started/comment-page-1/#comment-1261 travis Mon, 30 Apr 2012 18:27:10 +0000 http://travisaltman.com/?p=353#comment-1261 Shruti, Do you not see something like "[eth0] got DHCP offer: 192.168.99.135" in the output of honeyd? You can allot an IP using the static method which I've described below. http://travisaltman.com/honeypot-honeyd-tutorial-part-3-static-ips/ Shruti,

Do you not see something like “[eth0] got DHCP offer: 192.168.99.135″ in the output of honeyd? You can allot an IP using the static method which I’ve described below.

http://travisaltman.com/honeypot-honeyd-tutorial-part-3-static-ips/

]]>