Yokoso! is a project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications. One of the most common questions we hear is "so what can you do with XSS?" and we hope that Yokoso! answers that question.
The Yokoso! project team is interested in growing the number of fingerprints being offered through Yokoso! We are asking for volunteers, both in helping build the application and fingerprint their infrastructure. Please contact us at firstname.lastname@example.org if you are interested in helping with this.
To provide us with fingerprint URIs, please send us the URI for any unique items within the application. Some examples of this would be logo graphics or application files. We are specifically interested in knowing URIs from after authentication. Please send the URI along with the name and version of the software/hardware.
, DefCon Presentation
Injectable exploits focus on the exploitation of major web flaws during penetration tests. Two new tools will be released that expand the foothold penetration testers can obtain through SQL injection and XSS flaws. These tools provide greater insight into the network hosting the web application and the networks in which the users are located. We will also discuss the live CD environment that includes both tools.
Yokoso! is an infrastructure fingerprinting system delivered via XSS attack. This project contains two different parts; the fingerprints and modules for the various browser exploit frameworks. The fingerprints identify web applications deployed in the user's network, applications such as web administration interfaces to different IT manage systems. The modules portion contains code to perform two basic attacks. The first is history browsing which determines if the user has visited the sites of interest. This reveals if the user is an administrator or power user. The second attack module within Yokoso! Initiates requests to map the infrastructure of the user's network.
Laudanum is a collection of injectable files that are prebuilt to perform various attacks within a network. These files are injected via SQL injection attacks. The individual files are placed into scheduled jobs or the web root of database servers.
This is accomplished by exploiting SQL injection flaws within the web application. Laudanum includes various attacks such as shells, proxy capabilities and data collection tools.
A major feature of both tools is their scope limiting capabilities. Many similar tools lack the capability to identify target hosts before performing exploits. Both of these tools allow a penetration tester to specify target restrictions based on external IP, internal IP, and hostname.
The final portion of the talk will cover SamuraiWTF. SamuraiWTF is a live CD environment focused on web penetration tests. It was released during DEFCON 16 and has had four new releases since that time. Both Yokoso! and Laudanum will be included on a new version of SamuraiWTF released at DEFCON this year.
Kevin Johnson is a Senior Security Analyst with Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time contributes to a large number of open source security projects. Kevin founded and leads the development on B.A.S.E. (the Basic Analysis and Security Engine) project. The BASE project is the most popular web interface for the Snort intrusion detection system. Kevin is a senior instructor for SANS, authoring and teaching Security 542, Web Application Pen-Testing and Ethical Hacking and teaching other SANS classes such as the Incident Handling and Hacker Techniques class. He has presented to many organizations, including Infragard, ISACA, ISSA and the University of Florida.
Justin Searle is a Senior Security Analyst with InGuardians. He specializes in network security architecture, penetration testing, and PCI compliance. Prior to InGuardians, Justin served as the IT Security Architect for JetBlue Airways. Justin helped secure their telecommuters' virtual call center and re-design the airline's infrastructure to help towards PCI compliance. He has also provided top-tier support for some of the largest supercomputers in the world. Justin has taught courses in hacking techniques, intrusion detection, forensics and Cisco networking at both ITT Technical Institute and New Horizons. Justin has presented at a number of security conferences, including ToorCon and the SANS Institute Pentesters Summit. Justin has an MBA in International Technology, as well as both the CISSP and SANS GCIH certifications.
- Frank DiMaggio
- Nuri Fattah