Brute force MySQL with Nmap

December 24th, 2014

Just a quick one liner, you can also incorporate this into a huge sweep of the network which will hopefully identify MySQL databases with weak or default credentials.

nmap -p 3306 10.10.10.10 --script mysql-brute --script-args userdb=user.txt,passdb=pass.txt

Sqlmap – crawl and discover SQL injections

September 7th, 2014

I use these command line switches to automate the process, I’ve had some good results.

python sqlmap.py -u http://example.com --forms --batch --crawl=10 --cookie=jsessionid=12345 --level=5 --risk=3

Explanation

-u = URL

--forms = Parse and test forms

--batch = non interactive mode, usually Sqlmap will ask you questions, this accepts the default answers

--crawl = how deep you want to crawl a site

--cookie = put cookie in here if you want to do an authenticated scan

--level = different levels of tests, 1 is default and 5 is the most

--risk = different risk of tests, 1 is default and 3 is the most

Burp extension environment for Python

December 7th, 2013

This post will explain how to setup Burp so that you can use Python to write Burp extensions. Burp has an API that allows for extensions which add to the functionality of Burp. The Burp suite itself is written in Java so Burp natively supports Java extensions but through Jython you can now use Python scripts to build extensions. This comes in handy if you are more comfortable using Python day to day.

The first thing you’ll need to do is download Jython, I downloaded the traditional installer which will end in a JAR extension. In order for the installer to work you’ll need to have already installed the Java runtime environment (JRE). Now double click the JAR file to install.

I chose the standard installation type.

Next it should hopefully recognize where your JRE is installed.

Hopefully you get to the last window during the install process that says congratulations.

Now that Jython is installed correctly we need to fire up Burp and configure it to use Jython for our Python scripts. Once in Burp go to the Extender tab then the Options. There you will see a section labeled “Python Environment”, simply point to the location of your Jython JAR file. I accept the defaults during install and my location was C:\jython2.5.4rc1\jython.jar. See screen shot below.

After this we are ready to load our first Python extension to Burp. Go back to the Burp extension page and download the HelloWorld zip fie which contains a Python example. Under the Extensions tab you can click “Add”, choose the Python extension type and simply pick the HelloWorld.py example. After loading the extension you should see the window below.

You’ll also see some errors generated in the Errors tab.

This is normal as the HelloWorld.py example is meant to show you what errors would look like as well. There you have it you have just loaded your first Python extension in Burp. Hopefully I will follow up with extensions I find useful and how they can help in performing application security assessments. Feel free to contact me or leave feedback.

Burp suite tip / tutorial: History logs at the top

August 31st, 2013

When performing an assessment of a web application I’ll spend most of my time in the History tab under the Proxy tab quite a bit. By default Burp will append the latest request to the bottom of that History log which means that I have to keep scrolling down to see my latest request to the application. This can be annoying and it’s better if my latest request were at the top of the History log. Luckily this is an easy fix with the proper sort in the History tab, simply click on the first column which will keep your latest request at the top.

Burp suite tip / tutorial: renaming tabs

June 29th, 2013

This will be a quick and simple tip that you may not have been aware of, you can rename tabs within Burp. A friend of mine who works out of Raleigh turned me onto this. I find new sometimes obvious and hidden features in Burp all the time and this is one of them.

I find this feature handy especially in a large application as I can easily keep track of what I’m testing.  I use the tab renaming on the Repeater and Intruder functionality. In order to rename a tab simply double click the tab which will allow you to edit the tab.

Repeater before

Repeater after

Intruder before

Intruder after

Hope this simple tip helps you perform better application pen testing.