SlideShare a Scribd company logo

DotDotPwn v3.0 [GuadalajaraCON 2012]

Websec México, S.C.
Websec México, S.C.

DotDotPwn is an intelligent fuzzer for discovering directory traversal vulnerabilities. It generates fuzz patterns according to the detected operating system and encodes slashes for correct semantics. It has modules for HTTP, FTP, TFTP and a PAYLOAD module. It is open source and has found vulnerabilities in over 100 software programs. The latest version is included in the Black Hat USA 2011 conference CD.

Technology
1 of 47
Download to read offline
GuadalajaraCON 2012 ../../ DotDotPwn ! The Directory Traversal Fuzzer Alejandro Hernández H. (nitrØus), CISSP, GPEN Christian Navarrete (chr1x), GiJOE http://twitter.com/nitr0usmx http://twitter.com/chr1x <nitrousenador@gmail.com> <chr1x@sectester.net> http://chatsubo-labs.blogspot.com http://chr1x.sectester.net http://www.brainoverflow.org
../../ AGENDA DotDotPwn  Description Introduction  Directory Traversal Vulnerability  (Intelligent) Fuzz Testing General Information  Origin / Evolution  Design / Architecture  Usage options  Website / Contact  Download  Contributions Vulnerabilities  Discovered vulnerabilities Traversal Engine  Description  Resources  Fuzz patterns generation  Intelligent fuzzing Modules  Description of each one Greetings C
../../ DotDotPwn and Pentest Magazine #DoDotPWN @PentestMag C
../../ DotDotPwn and HackOS Proximamente en…. C
../../ DotDotPwn Description README.txt It’s a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module. It's written in perl programming language and can be run either under *NIX or Windows platforms. It’s the first Mexican tool included in BackTrack Linux (BT4 R2). C
../../ Introduction Directory Traversal Vulnerability A directory traversal (or path traversal) consists in exploiting insufficient security validation / sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" are passed through to the file APIs. The goal of this attack is to order an application to access a computer file that is not intended to be accessible. Directory traversal is also known as the ../ (dot dot slash) attack, directory climbing, and backtracking. Some forms of this attack are also canonicalization attacks. A typical example of vulnerable application in php code is: Source: http://en.wikipedia.org/wiki/Directory_traversal C
../../ Introduction Directory Traversal Vulnerability An attack against this system could be to send the following HTTP request: Generating a server response such as: Source: http://en.wikipedia.org/wiki/Directory_traversal C
../../ Introduction Directory Traversal Vulnerability Some web applications scan query string for dangerous characters (to prevent Directory Traversal vulnerabilities) such as: .. .. ../ However, the query string is usually URI decoded before use. Therefore these applications are vulnerable to percent encoded directory traversal such as: %2e%2e%2f which translates to ../ %2e%2e/ which translates to ../ ..%2f which translates to ../ %2e%2e%5c which translates to .. etc. Source: http://en.wikipedia.org/wiki/Directory_traversal C
../../ Introduction Directory Traversal Vulnerability According to a study done by Imperva about Web Applications Attacks, the Directory Traversal vulnerability is one of the most common attacks nowadays (July 2011) Source: Imperva’s Web Application Attack Report. Edition #1 - July 2011 C
../../ Introduction Fuzz Testing Fuzz testing or fuzzing is a software testing technique that provides (in)valid, unexpected, or random data to the inputs of a program. If the program fails (for example, by crashing or failing built-in code assertions), the defects can be noted. Fuzz testing enhances software security and software safety because it often finds odd oversights and defects which human testers would fail to find, and even careful human test designers would fail to create tests for. Source: http://en.wikipedia.org/wiki/Fuzz_testing C
../../ Introduction Intelligent Fuzz Testing Source: N DeMott, J. (2006). The evolving art of fuzzing.
../../ Introduction Intelligent Fuzz Testing Source: N DeMott, J. (2006). The evolving art of fuzzing.
../../ Introduction Intelligent Fuzz Testing Source: N DeMott, J. (2006). The evolving art of fuzzing.
../../ General Information Origin / Evolution CHANGELOG.txt DotDotPwn v1.0 Release date: 21/Aug/2010  Checker Script  Core component: Traversal database (external .txt files) with 881 payloads  Based on Shlomi Narkolayev’s Directory Traversal Cheat Sheet  http://narkolayev-shlomi.blogspot.com/2010/04/directory-traversal-fuzz-list.html DotDotPwn v2.1 Release date: 29/Oct/2010 (BugCon Security Conferences 2010)  From Checker to Fuzzer  Rewritten from the scratch  Modular architechture (DotDotPwn packages)  Core component: Traversal Engine  OS detection (nmap)  A cool banner was included ;)  False positives detection  Many parameters included for fuzzing flexibility  More modules included DotDotPwn v3.0beta Release date: 03/Aug/2011 (Black Hat USA 2011 (Arsenal) - Conference CD)  Random User-Agent in HTTP requests  Operating System type specifier (if known)  Reporting capabilities C
../../ General Information Design / Architecture INPUTS FUZZ PATTERNS OUTPUTS CREATION Modules manual OS type HTTP Traversal Engine OS detection HTTP URL ../../ .... ..%2f..%2f Deepness FTP ..%255c..%255c ..%c0%2f..%c0%2f ..%u2215..%u2215 TFTP ..%uF025..%uF025 ..%25c1%259c..%25c1%259c Filenames %252e%252e%c0%5c%252e%252e%c0%5c PAYLOAD STDOUT Dots & Slashes Encodings C
../../ General Information Usage options USAGE.txt N
../../ General Information Usage options EXAMPLES.txt (one example per module) C
../../ General Information Website / Contact README.txt Official Website: http://dotdotpwn.sectester.net Official Email: dotdotpwn@sectester.net Bugs / Contributions / Improvements: dotdotpwn@sectester.net C
../../ General Information Download DotDotPwn v3.0beta: INCLUDED IN BLACK HAT USA 2011 CONFERENCE CD DotDotPwn v2.1: PacketStormSecurity: http://packetstormsecurity.org/files/view/95399/dotdotpwn-v2.1.tar.gz BackTrack Linux 4 R2: # apt-get update # apt-get install dotdotpwn # cd /pentest/fuzzers/dotdotpwn/ # ./dotdotpwn.pl Mirror: http://www.brainoverflow.org/code/dotdotpwn-v2.1.tar.gz N
../../ General Information Contributions AUTHORS.txt Contribution: Idea Implementation of the Bisection Algorithm (http://en.wikipedia.org/wiki/Bisection_method) once a vulnerability has been found in order to determine the exact deepness of the directory traversal. Origin of -X switch. By: Roberto Salgado aka LightOS http://twitter.com/LightOS http://www.websec.ca ------------------------------------- Contribution: Idea and Code Not always include the @Extra_files (e.g. web.config, httpd.conf, etc.). Origin of the -e switch. Specify the Operating System type if known ("windows" or "unix"). Origin of the -o switch. By: Eduardo Ruiz Duarte aka Beck http://twitter.com/toorandom http://math.co.ro http://b3ck.blogspot.com ------------------------------------- Contribution: Code Save a results' report into the Reports folder. Origin of the -r switch. Treatment of SIGINT in order to print the number of traversals found when Ctrl + C is pressed. Random User-Agent in HTTP requests for IDS/IPS detection avoidance. By: Diego Boy http://twitter.com/Diego_Boy ------------------------------------- Contribution: Code Random User-Agent in HTTP requests for IDS/IPS detection avoidance. By: Cristian Urrutia aka Gashnark http://twitter.com/blion_tec N
../../ General Information To Do  Implementation of the Bisection Algorithm to determine the exact deepness of the directory traversal. The bisection method in mathematics, is a root-finding method which repeatedly bisects an interval then selects a subinterval in which a root must lie for further processing. Source: http://en.wikipedia.org/wiki/Bisection_method ../../../../../../../../../../../../../../../../etc/passwd (16) ../../../../../../../../etc/passwd (16/2 = 8) ../../../../../../../../../../../../etc/passwd ((8+16) / 2 = 12) ../../../../../../../../../../etc/passwd ((8+12) / 2 = 10) ../../../../../../../../../../../etc/passwd ((10+12) / 2 = 11) 5 requests instead of 11 ! N
../../ Vulnerabilities Discovered vulnerabilities Tested software  HTTP: 72  Web platforms: 2 (CMS’s)  FTP: 25  TFTP: 11 C
../../ Vulnerabilities Discovered vulnerabilities Examples of findings … C
../../ Vulnerabilities Discovered vulnerabilities Exploits  MultiThreaded HTTP Server [chr1x] – http://www.exploit-db.com/exploits/12304  Wing FTP Server v3.4.3 [chr1x] - http://packetstormsecurity.org/1005-exploits/wingftp-traversal.txt  VicFTPS v5.0 [chr1x] – http://www.exploit-db.com/exploits/12498  TFTP Desktop 2.5 [chr1x] - http://www.exploit-db.com/exploits/14857  TFTPDWIN v0.4.2 [chr1x] - http://www.exploit-db.com/exploits/14856  Femitter FTP Server 1.04 [chr1x] - http://www.exploit-db.com/exploits/15445  Home FTP Server <= r1.11.1 (build 149) [chr1x] - http://www.exploit-db.com/exploits/15349  Yaws 1.89 HTTP Server [nitrØus] - http://www.exploit-db.com/exploits/15371  Mongoose 2.11 HTTP Server (Win32) [nitrØus] - http://www.exploit-db.com/exploits/15373 N
../../ Vulnerabilities Discovered vulnerabilities 3.4.5 – 2nd Traversal found ! 3.4.3 DotDotPwn iz Breaking Patches! 3.4.2  3.4.1 3.4.0 - 1st Traversal found ! ================= 56 days of exposure!! C
../../ Traversal Engine Description Traversal Engine ../../ .... ..%2f..%2f ..%255c..%255c ..%c0%2f..%c0%2f ..%u2215..%u2215 ..%uF025..%uF025 ..%25c1%259c..%25c1%259c %252e%252e%c0%5c%252e%252e%c0%5c N
../../ Traversal Engine Resources C
../../ Traversal Engine Resources N
../../ Traversal Engine Fuzz patterns generation N
../../ Traversal Engine Intelligent Fuzzing At the beggining of this presentation … Then … N
../../ Traversal Engine Intelligent Fuzzing  Fuzz patterns according to the Operating System detected (nmap) ../../../boot.ini on *NIX-like ../../../boot.ini on Windows ../../../etc/passwd on Windows ../../../etc/passwd on *NIX-like N
../../ Traversal Engine Intelligent Fuzzing N
../../ Traversal Engine Intelligent Fuzzing  Encoding of slashes (/) for the correct semantics in the fuzzing patterns ..%2f..%2fetc/passwd ..%2f..%2fetc%2fpasswd %2e%2e%c0%af%2e%2e%c0%afwindowssystem32driversetchosts %2e%2e%c0%af%2e%2e%c0%afwindows%c0%afsystem32%c0%afdrivers %c0%afetc%c0%afhosts N
../../ Traversal Engine Intelligent Fuzzing N
../../ Modules HTTP #DotDowPwn #snort-2.8.4 - snort-2.9.x, and suricata alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN DotDotPwn User-Agent"; flow: established,to_server; content:"User-Agent|3A| DotDotPwn"; nocase; http_header; threshold: type limit, track by_src,count 1, seconds 60; classtype: attempted-recon; reference:url,dotdotpwn.sectester.net; sid:yyyyyy; rev:1;) C
../../ Modules HTTP  Additional verification to avoid false positives N
../../ Modules HTTP URL N
../../ Modules FTP N
../../ Modules FTP  Compliance with RFC 959 - File Transfer Protocol  Double testing approach:  CD <directory> & GET <file>  GET <directory><file> N
../../ Modules TFTP N
../../ Modules TFTP  A little hack in the TFTP.pm module’s constructor to improve the testing speed (-t switch in DotDotPwn) N
../../ Modules PAYLOAD N
../../ Modules STDOUT N
../../ Upcoming release… DotDotPwn v4.0 …Stay tuned.
../../ Greetings  r1l0, b0rr3x, l1l1th, chipx0r, preth00nker, NataS, Darko, beck, Daemon, dex, Alination, Carlos Ayala, hkm, calderpwn, tr3w, hecky, raito, BelindoFan etc etc…  Helga alt3kx :**  Contributors  GuadalajaraCON Crew  www.underground.org.mx  #mendozaaaa  CRAc, hkm, alt3kx, tr3w, beck, cldrn, LightOS, xScPx, Daemon, SirDarckCat, Rolman, Crypkey, KBrown, nediam, beavis, kaz, Carlos A. Ayala, corelanc0d3r, Héctor López, Raaka (el_gaupo), dex, Cj, preth00nker, Humberto Ochoa, ch0ks, ran, Federico L. Bossi Bonin, Bucio, javi3r, sunLevy, Zeus, etc… C/N
../../ Funny time!
../../ Thanks ! chr1x & nitrØus @ Solar Vision 3 Alejandro Hernández H. (nitrØus), CISSP, GPEN Christian Navarrete (chr1x), ), GiJOE http://twitter.com/nitr0usmx http://twitter.com/chr1x <nitrousenador@gmail.com> <chr1x@sectester.net> http://chatsubo-labs.blogspot.com http://chr1x.sectester.net http://www.brainoverflow.org

Recommended

Guadalajara con 2012
Guadalajara con 2012Guadalajara con 2012
Guadalajara con 2012Jaime Restrepo
 
Call Graph Agnostic Malware Indexing (EuskalHack 2017)
Call Graph Agnostic Malware Indexing (EuskalHack 2017)Call Graph Agnostic Malware Indexing (EuskalHack 2017)
Call Graph Agnostic Malware Indexing (EuskalHack 2017)Joxean Koret
 
0box Analyzer--Afterdark Runtime Forensics for Automated Malware Analysis and...
0box Analyzer--Afterdark Runtime Forensics for Automated Malware Analysis and...0box Analyzer--Afterdark Runtime Forensics for Automated Malware Analysis and...
0box Analyzer--Afterdark Runtime Forensics for Automated Malware Analysis and...Wayne Huang
 
Breaking av software
Breaking av softwareBreaking av software
Breaking av softwareThomas Pollet
 
Malware Analysis on a Shoestring Budget
Malware Analysis on a Shoestring BudgetMalware Analysis on a Shoestring Budget
Malware Analysis on a Shoestring BudgetMichael Boman
 
Tools for developers to ensure legal integrity of their code - Antelink OWF
Tools for developers to ensure legal integrity of their code - Antelink OWFTools for developers to ensure legal integrity of their code - Antelink OWF
Tools for developers to ensure legal integrity of their code - Antelink OWFAntelink
 
Malware 101 by saurabh chaudhary
Malware 101 by saurabh chaudharyMalware 101 by saurabh chaudhary
Malware 101 by saurabh chaudharySaurav Chaudhary
 
The Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage FuzzerThe Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage FuzzerJoxean Koret
 

Recommended

Guadalajara con 2012
Guadalajara con 2012Guadalajara con 2012
Guadalajara con 2012Jaime Restrepo
 
Call Graph Agnostic Malware Indexing (EuskalHack 2017)
Call Graph Agnostic Malware Indexing (EuskalHack 2017)Call Graph Agnostic Malware Indexing (EuskalHack 2017)
Call Graph Agnostic Malware Indexing (EuskalHack 2017)Joxean Koret
 
0box Analyzer--Afterdark Runtime Forensics for Automated Malware Analysis and...
0box Analyzer--Afterdark Runtime Forensics for Automated Malware Analysis and...0box Analyzer--Afterdark Runtime Forensics for Automated Malware Analysis and...
0box Analyzer--Afterdark Runtime Forensics for Automated Malware Analysis and...Wayne Huang
 
Breaking av software
Breaking av softwareBreaking av software
Breaking av softwareThomas Pollet
 
Malware Analysis on a Shoestring Budget
Malware Analysis on a Shoestring BudgetMalware Analysis on a Shoestring Budget
Malware Analysis on a Shoestring BudgetMichael Boman
 
Tools for developers to ensure legal integrity of their code - Antelink OWF
Tools for developers to ensure legal integrity of their code - Antelink OWFTools for developers to ensure legal integrity of their code - Antelink OWF
Tools for developers to ensure legal integrity of their code - Antelink OWFAntelink
 
Malware 101 by saurabh chaudhary
Malware 101 by saurabh chaudharyMalware 101 by saurabh chaudhary
Malware 101 by saurabh chaudharySaurav Chaudhary
 
The Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage FuzzerThe Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage FuzzerJoxean Koret
 
Model-checking for efficient malware detection
Model-checking for efficient malware detectionModel-checking for efficient malware detection
Model-checking for efficient malware detectionPôle Systematic Paris-Region
 
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal in...
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal in...Community SUmmit: Legal & Licensing / Tools for developers to ensure legal in...
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal in...Paris Open Source Summit
 
Simple Bugs and Vulnerabilities in Linux Distributions
Simple Bugs and Vulnerabilities in Linux DistributionsSimple Bugs and Vulnerabilities in Linux Distributions
Simple Bugs and Vulnerabilities in Linux DistributionsSilvio Cesare
 
Software Security - Static Analysis Tools
Software Security - Static Analysis ToolsSoftware Security - Static Analysis Tools
Software Security - Static Analysis ToolsEmanuela Boroș
 
How to drive a malware analyst crazy
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazyMichael Boman
 
How to reverse engineer Android applications
How to reverse engineer Android applicationsHow to reverse engineer Android applications
How to reverse engineer Android applicationshubx
 
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)Alexandre Borges
 
SherLog: Error Diagnosis by Connecting Clues from Run-time Logs
SherLog: Error Diagnosis by Connecting Clues from Run-time LogsSherLog: Error Diagnosis by Connecting Clues from Run-time Logs
SherLog: Error Diagnosis by Connecting Clues from Run-time LogsDacong (Tony) Yan
 
WAF protections and bypass resources
WAF protections and bypass resourcesWAF protections and bypass resources
WAF protections and bypass resourcesAntonio Costa aka Cooler_
 
0d1n
0d1n0d1n
0d1nAntonio Costa aka Cooler_
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeMário Almeida
 
Fuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day ManagementFuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day ManagementCodenomicon
 
Searching for Multi-Fault Programs in Defects4J
Searching for Multi-Fault Programs in Defects4JSearching for Multi-Fault Programs in Defects4J
Searching for Multi-Fault Programs in Defects4JGabin An
 
Atmosphere 2014: JUnit: beyond the basics - Adam Dudczak
Atmosphere 2014: JUnit: beyond the basics - Adam DudczakAtmosphere 2014: JUnit: beyond the basics - Adam Dudczak
Atmosphere 2014: JUnit: beyond the basics - Adam DudczakPROIDEA
 
Fuzzing
FuzzingFuzzing
FuzzingKhalegh Salehi
 
Ceh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationCeh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationAsep Sopyan
 
How to find_vulnerability_in_software
How to find_vulnerability_in_softwareHow to find_vulnerability_in_software
How to find_vulnerability_in_softwaresanghwan ahn
 
Ceh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingCeh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingAsep Sopyan
 
MSL2009. Valgrind
MSL2009. ValgrindMSL2009. Valgrind
MSL2009. ValgrindJuan A. Suárez Romero
 
Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Applicationn|u - The Open Security Community
 
Hide and Find Rootkits in Linux [GuadalajaraCON 2012]
Hide and Find Rootkits in Linux [GuadalajaraCON 2012]Hide and Find Rootkits in Linux [GuadalajaraCON 2012]
Hide and Find Rootkits in Linux [GuadalajaraCON 2012]Websec México, S.C.
 
Criptografía Experimental [GuadalajaraCON 2012]
Criptografía Experimental [GuadalajaraCON 2012]Criptografía Experimental [GuadalajaraCON 2012]
Criptografía Experimental [GuadalajaraCON 2012]Websec México, S.C.
 

More Related Content

What's hot

Community SUmmit: Legal & Licensing / Tools for developers to ensure legal in...
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal in...Community SUmmit: Legal & Licensing / Tools for developers to ensure legal in...
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal in...Paris Open Source Summit
 
Simple Bugs and Vulnerabilities in Linux Distributions
Simple Bugs and Vulnerabilities in Linux DistributionsSimple Bugs and Vulnerabilities in Linux Distributions
Simple Bugs and Vulnerabilities in Linux DistributionsSilvio Cesare
 
Software Security - Static Analysis Tools
Software Security - Static Analysis ToolsSoftware Security - Static Analysis Tools
Software Security - Static Analysis ToolsEmanuela Boroș
 
How to drive a malware analyst crazy
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazyMichael Boman
 
How to reverse engineer Android applications
How to reverse engineer Android applicationsHow to reverse engineer Android applications
How to reverse engineer Android applicationshubx
 
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)Alexandre Borges
 
SherLog: Error Diagnosis by Connecting Clues from Run-time Logs
SherLog: Error Diagnosis by Connecting Clues from Run-time LogsSherLog: Error Diagnosis by Connecting Clues from Run-time Logs
SherLog: Error Diagnosis by Connecting Clues from Run-time LogsDacong (Tony) Yan
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeMário Almeida
 
Fuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day ManagementFuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day ManagementCodenomicon
 
Searching for Multi-Fault Programs in Defects4J
Searching for Multi-Fault Programs in Defects4JSearching for Multi-Fault Programs in Defects4J
Searching for Multi-Fault Programs in Defects4JGabin An
 
Atmosphere 2014: JUnit: beyond the basics - Adam Dudczak
Atmosphere 2014: JUnit: beyond the basics - Adam DudczakAtmosphere 2014: JUnit: beyond the basics - Adam Dudczak
Atmosphere 2014: JUnit: beyond the basics - Adam DudczakPROIDEA
 
Ceh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationCeh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationAsep Sopyan
 
How to find_vulnerability_in_software
How to find_vulnerability_in_softwareHow to find_vulnerability_in_software
How to find_vulnerability_in_softwaresanghwan ahn
 
Ceh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingCeh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingAsep Sopyan
 

What's hot (20)

Model-checking for efficient malware detection
Model-checking for efficient malware detectionModel-checking for efficient malware detection
Model-checking for efficient malware detection
 
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal in...
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal in...Community SUmmit: Legal & Licensing / Tools for developers to ensure legal in...
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal in...
 
Simple Bugs and Vulnerabilities in Linux Distributions
Simple Bugs and Vulnerabilities in Linux DistributionsSimple Bugs and Vulnerabilities in Linux Distributions
Simple Bugs and Vulnerabilities in Linux Distributions
 
Software Security - Static Analysis Tools
Software Security - Static Analysis ToolsSoftware Security - Static Analysis Tools
Software Security - Static Analysis Tools
 
How to drive a malware analyst crazy
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazy
 
How to reverse engineer Android applications
How to reverse engineer Android applicationsHow to reverse engineer Android applications
How to reverse engineer Android applications
 
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
 
SherLog: Error Diagnosis by Connecting Clues from Run-time Logs
SherLog: Error Diagnosis by Connecting Clues from Run-time LogsSherLog: Error Diagnosis by Connecting Clues from Run-time Logs
SherLog: Error Diagnosis by Connecting Clues from Run-time Logs
 
WAF protections and bypass resources
WAF protections and bypass resourcesWAF protections and bypass resources
WAF protections and bypass resources
 
0d1n
0d1n0d1n
0d1n
 
Android reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skypeAndroid reverse engineering - Analyzing skype
Android reverse engineering - Analyzing skype
 
Fuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day ManagementFuzzing 101 Webinar on Zero Day Management
Fuzzing 101 Webinar on Zero Day Management
 
Searching for Multi-Fault Programs in Defects4J
Searching for Multi-Fault Programs in Defects4JSearching for Multi-Fault Programs in Defects4J
Searching for Multi-Fault Programs in Defects4J
 
Atmosphere 2014: JUnit: beyond the basics - Adam Dudczak
Atmosphere 2014: JUnit: beyond the basics - Adam DudczakAtmosphere 2014: JUnit: beyond the basics - Adam Dudczak
Atmosphere 2014: JUnit: beyond the basics - Adam Dudczak
 
Fuzzing
FuzzingFuzzing
Fuzzing
 
Ceh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumerationCeh v8 labs module 04 enumeration
Ceh v8 labs module 04 enumeration
 
How to find_vulnerability_in_software
How to find_vulnerability_in_softwareHow to find_vulnerability_in_software
How to find_vulnerability_in_software
 
Ceh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingCeh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijacking
 
MSL2009. Valgrind
MSL2009. ValgrindMSL2009. Valgrind
MSL2009. Valgrind
 
Reverse Engineering Android Application
Reverse Engineering Android ApplicationReverse Engineering Android Application
Reverse Engineering Android Application
 

Viewers also liked

Hide and Find Rootkits in Linux [GuadalajaraCON 2012]
Hide and Find Rootkits in Linux [GuadalajaraCON 2012]Hide and Find Rootkits in Linux [GuadalajaraCON 2012]
Hide and Find Rootkits in Linux [GuadalajaraCON 2012]Websec México, S.C.
 
Criptografía Experimental [GuadalajaraCON 2012]
Criptografía Experimental [GuadalajaraCON 2012]Criptografía Experimental [GuadalajaraCON 2012]
Criptografía Experimental [GuadalajaraCON 2012]Websec México, S.C.
 
Rompiendo llaves RSA explícitamente con OpenSSL [GuadalajaraCON 2012]
Rompiendo llaves RSA explícitamente con OpenSSL [GuadalajaraCON 2012]Rompiendo llaves RSA explícitamente con OpenSSL [GuadalajaraCON 2012]
Rompiendo llaves RSA explícitamente con OpenSSL [GuadalajaraCON 2012]Websec México, S.C.
 
Escaneo de puertos distribuido [GuadalajaraCON 2012]
Escaneo de puertos distribuido [GuadalajaraCON 2012]Escaneo de puertos distribuido [GuadalajaraCON 2012]
Escaneo de puertos distribuido [GuadalajaraCON 2012]Websec México, S.C.
 
Laboratorio de Análisis de Malware [GuadalajaraCON 2012]
Laboratorio de Análisis de Malware [GuadalajaraCON 2012]Laboratorio de Análisis de Malware [GuadalajaraCON 2012]
Laboratorio de Análisis de Malware [GuadalajaraCON 2012]Websec México, S.C.
 
Criptografía vs esteganografía [GuadalajaraCON 2012]
Criptografía vs esteganografía [GuadalajaraCON 2012]Criptografía vs esteganografía [GuadalajaraCON 2012]
Criptografía vs esteganografía [GuadalajaraCON 2012]Websec México, S.C.
 
Detectando intrusiones en la red [GuadalajaraCON 2012]
Detectando intrusiones en la red [GuadalajaraCON 2012]Detectando intrusiones en la red [GuadalajaraCON 2012]
Detectando intrusiones en la red [GuadalajaraCON 2012]Websec México, S.C.
 
Cazando Predadores en Internet [GuadalajaraCON 2012]
Cazando Predadores en Internet [GuadalajaraCON 2012]Cazando Predadores en Internet [GuadalajaraCON 2012]
Cazando Predadores en Internet [GuadalajaraCON 2012]Websec México, S.C.
 

Viewers also liked (8)

Hide and Find Rootkits in Linux [GuadalajaraCON 2012]
Hide and Find Rootkits in Linux [GuadalajaraCON 2012]Hide and Find Rootkits in Linux [GuadalajaraCON 2012]
Hide and Find Rootkits in Linux [GuadalajaraCON 2012]
 
Criptografía Experimental [GuadalajaraCON 2012]
Criptografía Experimental [GuadalajaraCON 2012]Criptografía Experimental [GuadalajaraCON 2012]
Criptografía Experimental [GuadalajaraCON 2012]
 
Rompiendo llaves RSA explícitamente con OpenSSL [GuadalajaraCON 2012]
Rompiendo llaves RSA explícitamente con OpenSSL [GuadalajaraCON 2012]Rompiendo llaves RSA explícitamente con OpenSSL [GuadalajaraCON 2012]
Rompiendo llaves RSA explícitamente con OpenSSL [GuadalajaraCON 2012]
 
Escaneo de puertos distribuido [GuadalajaraCON 2012]
Escaneo de puertos distribuido [GuadalajaraCON 2012]Escaneo de puertos distribuido [GuadalajaraCON 2012]
Escaneo de puertos distribuido [GuadalajaraCON 2012]
 
Laboratorio de Análisis de Malware [GuadalajaraCON 2012]
Laboratorio de Análisis de Malware [GuadalajaraCON 2012]Laboratorio de Análisis de Malware [GuadalajaraCON 2012]
Laboratorio de Análisis de Malware [GuadalajaraCON 2012]
 
Criptografía vs esteganografía [GuadalajaraCON 2012]
Criptografía vs esteganografía [GuadalajaraCON 2012]Criptografía vs esteganografía [GuadalajaraCON 2012]
Criptografía vs esteganografía [GuadalajaraCON 2012]
 
Detectando intrusiones en la red [GuadalajaraCON 2012]
Detectando intrusiones en la red [GuadalajaraCON 2012]Detectando intrusiones en la red [GuadalajaraCON 2012]
Detectando intrusiones en la red [GuadalajaraCON 2012]
 
Cazando Predadores en Internet [GuadalajaraCON 2012]
Cazando Predadores en Internet [GuadalajaraCON 2012]Cazando Predadores en Internet [GuadalajaraCON 2012]
Cazando Predadores en Internet [GuadalajaraCON 2012]
 

Similar to DotDotPwn v3.0 [GuadalajaraCON 2012]

DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)Alejandro Hernández
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualizationamiable_indian
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...Felipe Prado
 
.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques.NET Debugging Tips and Techniques
.NET Debugging Tips and TechniquesBala Subra
 
.Net Debugging Techniques
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging TechniquesBala Subra
 
Virtual platform
Virtual platformVirtual platform
Virtual platformsean chen
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualizationssusercb4686
 
Trying and evaluating the new features of GlusterFS 3.5
Trying and evaluating the new features of GlusterFS 3.5Trying and evaluating the new features of GlusterFS 3.5
Trying and evaluating the new features of GlusterFS 3.5Keisuke Takahashi
 
software defined network, openflow protocol and its controllers
software defined network, openflow protocol and its controllerssoftware defined network, openflow protocol and its controllers
software defined network, openflow protocol and its controllersIsaku Yamahata
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemBikrant Gautam
 
Production Debugging at Code Camp Philly
Production Debugging at Code Camp PhillyProduction Debugging at Code Camp Philly
Production Debugging at Code Camp PhillyBrian Lyttle
 
Remote code execution in restricted windows environments
Remote code execution in restricted windows environmentsRemote code execution in restricted windows environments
Remote code execution in restricted windows environmentsBorja Merino
 
Tickling CGI Problems (Tcl Web Server Scripting Vulnerability Research)
Tickling CGI Problems (Tcl Web Server Scripting Vulnerability Research)Tickling CGI Problems (Tcl Web Server Scripting Vulnerability Research)
Tickling CGI Problems (Tcl Web Server Scripting Vulnerability Research)Derek Callaway
 
Parrot Drones Hijacking
Parrot Drones HijackingParrot Drones Hijacking
Parrot Drones HijackingPriyanka Aash
 
Standalone Android Apps in Python
Standalone Android Apps in PythonStandalone Android Apps in Python
Standalone Android Apps in PythonBaptiste Lagarde
 
DotJS Lightning Talk Vorlon.js
DotJS Lightning Talk Vorlon.jsDotJS Lightning Talk Vorlon.js
DotJS Lightning Talk Vorlon.jsEtienne Margraff
 

Similar to DotDotPwn v3.0 [GuadalajaraCON 2012] (20)

DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
 
.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques
 
.Net Debugging Techniques
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging Techniques
 
Backtrack Manual Part4
Backtrack Manual Part4Backtrack Manual Part4
Backtrack Manual Part4
 
Virtual platform
Virtual platformVirtual platform
Virtual platform
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
 
Trying and evaluating the new features of GlusterFS 3.5
Trying and evaluating the new features of GlusterFS 3.5Trying and evaluating the new features of GlusterFS 3.5
Trying and evaluating the new features of GlusterFS 3.5
 
TOSCA in Practice with ARIA
TOSCA in Practice with ARIATOSCA in Practice with ARIA
TOSCA in Practice with ARIA
 
software defined network, openflow protocol and its controllers
software defined network, openflow protocol and its controllerssoftware defined network, openflow protocol and its controllers
software defined network, openflow protocol and its controllers
 
The Veil-Framework
The Veil-FrameworkThe Veil-Framework
The Veil-Framework
 
Penetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection SystemPenetration Testing and Intrusion Detection System
Penetration Testing and Intrusion Detection System
 
Production Debugging at Code Camp Philly
Production Debugging at Code Camp PhillyProduction Debugging at Code Camp Philly
Production Debugging at Code Camp Philly
 
Remote code execution in restricted windows environments
Remote code execution in restricted windows environmentsRemote code execution in restricted windows environments
Remote code execution in restricted windows environments
 
Tickling CGI Problems (Tcl Web Server Scripting Vulnerability Research)
Tickling CGI Problems (Tcl Web Server Scripting Vulnerability Research)Tickling CGI Problems (Tcl Web Server Scripting Vulnerability Research)
Tickling CGI Problems (Tcl Web Server Scripting Vulnerability Research)
 
Parrot Drones Hijacking
Parrot Drones HijackingParrot Drones Hijacking
Parrot Drones Hijacking
 
Standalone Android Apps in Python
Standalone Android Apps in PythonStandalone Android Apps in Python
Standalone Android Apps in Python
 
.Net + novas tecnologias + win8
.Net + novas tecnologias + win8.Net + novas tecnologias + win8
.Net + novas tecnologias + win8
 
DotJS Lightning Talk Vorlon.js
DotJS Lightning Talk Vorlon.jsDotJS Lightning Talk Vorlon.js
DotJS Lightning Talk Vorlon.js
 

More from Websec México, S.C.

Ciberseguridad durante la pandemia [Paulino Calderon]
Ciberseguridad durante la pandemia [Paulino Calderon]Ciberseguridad durante la pandemia [Paulino Calderon]
Ciberseguridad durante la pandemia [Paulino Calderon]Websec México, S.C.
 
OWASP IoTGoat - Enseñando a desarrolladores IoT a crear productos seguros - P...
OWASP IoTGoat - Enseñando a desarrolladores IoT a crear productos seguros - P...OWASP IoTGoat - Enseñando a desarrolladores IoT a crear productos seguros - P...
OWASP IoTGoat - Enseñando a desarrolladores IoT a crear productos seguros - P...Websec México, S.C.
 
Estadisticas de redes 802.11 en Mexico (2013) por Paulino Calderon
Estadisticas de redes 802.11 en Mexico (2013) por Paulino CalderonEstadisticas de redes 802.11 en Mexico (2013) por Paulino Calderon
Estadisticas de redes 802.11 en Mexico (2013) por Paulino CalderonWebsec México, S.C.
 
Derrotando a changos con scanners [Paulino Calderon]
Derrotando a changos con scanners [Paulino Calderon]Derrotando a changos con scanners [Paulino Calderon]
Derrotando a changos con scanners [Paulino Calderon]Websec México, S.C.
 
Old fox new tricks malicious macros are back
Old fox new tricks malicious macros are backOld fox new tricks malicious macros are back
Old fox new tricks malicious macros are backWebsec México, S.C.
 
Explotación de vulnerabilidades recientes de Windows - Agosto 2017
Explotación de vulnerabilidades recientes de Windows - Agosto 2017Explotación de vulnerabilidades recientes de Windows - Agosto 2017
Explotación de vulnerabilidades recientes de Windows - Agosto 2017Websec México, S.C.
 
Mi experiencia en el programa Google Summer of Code
Mi experiencia en el programa Google Summer of CodeMi experiencia en el programa Google Summer of Code
Mi experiencia en el programa Google Summer of CodeWebsec México, S.C.
 
Escribiendo firmas para el sistema de detección de versiones de Nmap
Escribiendo firmas para el sistema de detección de versiones de NmapEscribiendo firmas para el sistema de detección de versiones de Nmap
Escribiendo firmas para el sistema de detección de versiones de NmapWebsec México, S.C.
 
El porqué está fallando tu programa de seguridad informática por Paulino Cald...
El porqué está fallando tu programa de seguridad informática por Paulino Cald...El porqué está fallando tu programa de seguridad informática por Paulino Cald...
El porqué está fallando tu programa de seguridad informática por Paulino Cald...Websec México, S.C.
 
Pwning corporate networks in a single day by Paulino Calderon Pale
Pwning corporate networks in a single day by Paulino Calderon PalePwning corporate networks in a single day by Paulino Calderon Pale
Pwning corporate networks in a single day by Paulino Calderon PaleWebsec México, S.C.
 
CPMX7 Pwneando redes informáticas por Paulino Calderon
CPMX7 Pwneando redes informáticas por Paulino CalderonCPMX7 Pwneando redes informáticas por Paulino Calderon
CPMX7 Pwneando redes informáticas por Paulino CalderonWebsec México, S.C.
 
Dragonjarcon2015 - ¿Cómo programar aplicaciones seguras? por Paulino Calderon...
Dragonjarcon2015 - ¿Cómo programar aplicaciones seguras? por Paulino Calderon...Dragonjarcon2015 - ¿Cómo programar aplicaciones seguras? por Paulino Calderon...
Dragonjarcon2015 - ¿Cómo programar aplicaciones seguras? por Paulino Calderon...Websec México, S.C.
 
Explotación práctica de señales de radio por Luis Colunga
Explotación práctica de señales de radio por Luis ColungaExplotación práctica de señales de radio por Luis Colunga
Explotación práctica de señales de radio por Luis ColungaWebsec México, S.C.
 
Pentesting 101 por Paulino Calderon
Pentesting 101 por Paulino CalderonPentesting 101 por Paulino Calderon
Pentesting 101 por Paulino CalderonWebsec México, S.C.
 
Obtener contraseñas del directorio activo por hkm
Obtener contraseñas del directorio activo por hkmObtener contraseñas del directorio activo por hkm
Obtener contraseñas del directorio activo por hkmWebsec México, S.C.
 
Recuperacion de defaces con versionador Git por Alevsk
Recuperacion de defaces con versionador Git por Alevsk Recuperacion de defaces con versionador Git por Alevsk
Recuperacion de defaces con versionador Git por Alevsk Websec México, S.C.
 
Seguridad en Bitcoin por Luis Daniel Beltran
Seguridad en Bitcoin por Luis Daniel BeltranSeguridad en Bitcoin por Luis Daniel Beltran
Seguridad en Bitcoin por Luis Daniel BeltranWebsec México, S.C.
 
CPMX5 - Hacking like a boss por Roberto Salgado
CPMX5 - Hacking like a boss por Roberto SalgadoCPMX5 - Hacking like a boss por Roberto Salgado
CPMX5 - Hacking like a boss por Roberto SalgadoWebsec México, S.C.
 
CPMX5 - Las nuevas generaciones de redes por Luis Colunga
CPMX5 - Las nuevas generaciones de redes por Luis ColungaCPMX5 - Las nuevas generaciones de redes por Luis Colunga
CPMX5 - Las nuevas generaciones de redes por Luis ColungaWebsec México, S.C.
 

More from Websec México, S.C. (20)

Ciberseguridad durante la pandemia [Paulino Calderon]
Ciberseguridad durante la pandemia [Paulino Calderon]Ciberseguridad durante la pandemia [Paulino Calderon]
Ciberseguridad durante la pandemia [Paulino Calderon]
 
OWASP IoTGoat - Enseñando a desarrolladores IoT a crear productos seguros - P...
OWASP IoTGoat - Enseñando a desarrolladores IoT a crear productos seguros - P...OWASP IoTGoat - Enseñando a desarrolladores IoT a crear productos seguros - P...
OWASP IoTGoat - Enseñando a desarrolladores IoT a crear productos seguros - P...
 
Estadisticas de redes 802.11 en Mexico (2013) por Paulino Calderon
Estadisticas de redes 802.11 en Mexico (2013) por Paulino CalderonEstadisticas de redes 802.11 en Mexico (2013) por Paulino Calderon
Estadisticas de redes 802.11 en Mexico (2013) por Paulino Calderon
 
Derrotando a changos con scanners [Paulino Calderon]
Derrotando a changos con scanners [Paulino Calderon]Derrotando a changos con scanners [Paulino Calderon]
Derrotando a changos con scanners [Paulino Calderon]
 
Old fox new tricks malicious macros are back
Old fox new tricks malicious macros are backOld fox new tricks malicious macros are back
Old fox new tricks malicious macros are back
 
Explotación de vulnerabilidades recientes de Windows - Agosto 2017
Explotación de vulnerabilidades recientes de Windows - Agosto 2017Explotación de vulnerabilidades recientes de Windows - Agosto 2017
Explotación de vulnerabilidades recientes de Windows - Agosto 2017
 
Mi experiencia en el programa Google Summer of Code
Mi experiencia en el programa Google Summer of CodeMi experiencia en el programa Google Summer of Code
Mi experiencia en el programa Google Summer of Code
 
Escribiendo firmas para el sistema de detección de versiones de Nmap
Escribiendo firmas para el sistema de detección de versiones de NmapEscribiendo firmas para el sistema de detección de versiones de Nmap
Escribiendo firmas para el sistema de detección de versiones de Nmap
 
El porqué está fallando tu programa de seguridad informática por Paulino Cald...
El porqué está fallando tu programa de seguridad informática por Paulino Cald...El porqué está fallando tu programa de seguridad informática por Paulino Cald...
El porqué está fallando tu programa de seguridad informática por Paulino Cald...
 
Pwning corporate networks in a single day by Paulino Calderon Pale
Pwning corporate networks in a single day by Paulino Calderon PalePwning corporate networks in a single day by Paulino Calderon Pale
Pwning corporate networks in a single day by Paulino Calderon Pale
 
CPMX7 Pwneando redes informáticas por Paulino Calderon
CPMX7 Pwneando redes informáticas por Paulino CalderonCPMX7 Pwneando redes informáticas por Paulino Calderon
CPMX7 Pwneando redes informáticas por Paulino Calderon
 
Dragonjarcon2015 - ¿Cómo programar aplicaciones seguras? por Paulino Calderon...
Dragonjarcon2015 - ¿Cómo programar aplicaciones seguras? por Paulino Calderon...Dragonjarcon2015 - ¿Cómo programar aplicaciones seguras? por Paulino Calderon...
Dragonjarcon2015 - ¿Cómo programar aplicaciones seguras? por Paulino Calderon...
 
Explotación práctica de señales de radio por Luis Colunga
Explotación práctica de señales de radio por Luis ColungaExplotación práctica de señales de radio por Luis Colunga
Explotación práctica de señales de radio por Luis Colunga
 
Pentesting 101 por Paulino Calderon
Pentesting 101 por Paulino CalderonPentesting 101 por Paulino Calderon
Pentesting 101 por Paulino Calderon
 
Obtener contraseñas del directorio activo por hkm
Obtener contraseñas del directorio activo por hkmObtener contraseñas del directorio activo por hkm
Obtener contraseñas del directorio activo por hkm
 
OSINT vs CIBERCRIMEN por nickops
OSINT vs CIBERCRIMEN por nickopsOSINT vs CIBERCRIMEN por nickops
OSINT vs CIBERCRIMEN por nickops
 
Recuperacion de defaces con versionador Git por Alevsk
Recuperacion de defaces con versionador Git por Alevsk Recuperacion de defaces con versionador Git por Alevsk
Recuperacion de defaces con versionador Git por Alevsk
 
Seguridad en Bitcoin por Luis Daniel Beltran
Seguridad en Bitcoin por Luis Daniel BeltranSeguridad en Bitcoin por Luis Daniel Beltran
Seguridad en Bitcoin por Luis Daniel Beltran
 
CPMX5 - Hacking like a boss por Roberto Salgado
CPMX5 - Hacking like a boss por Roberto SalgadoCPMX5 - Hacking like a boss por Roberto Salgado
CPMX5 - Hacking like a boss por Roberto Salgado
 
CPMX5 - Las nuevas generaciones de redes por Luis Colunga
CPMX5 - Las nuevas generaciones de redes por Luis ColungaCPMX5 - Las nuevas generaciones de redes por Luis Colunga
CPMX5 - Las nuevas generaciones de redes por Luis Colunga
 

Recently uploaded

Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 

Recently uploaded (20)

Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 

DotDotPwn v3.0 [GuadalajaraCON 2012]

  • 1. GuadalajaraCON 2012 ../../ DotDotPwn ! The Directory Traversal Fuzzer Alejandro Hernández H. (nitrØus), CISSP, GPEN Christian Navarrete (chr1x), GiJOE http://twitter.com/nitr0usmx http://twitter.com/chr1x <nitrousenador@gmail.com> <chr1x@sectester.net> http://chatsubo-labs.blogspot.com http://chr1x.sectester.net http://www.brainoverflow.org
  • 2. ../../ AGENDA DotDotPwn  Description Introduction  Directory Traversal Vulnerability  (Intelligent) Fuzz Testing General Information  Origin / Evolution  Design / Architecture  Usage options  Website / Contact  Download  Contributions Vulnerabilities  Discovered vulnerabilities Traversal Engine  Description  Resources  Fuzz patterns generation  Intelligent fuzzing Modules  Description of each one Greetings C
  • 3. ../../ DotDotPwn and Pentest Magazine #DoDotPWN @PentestMag C
  • 4. ../../ DotDotPwn and HackOS Proximamente en…. C
  • 5. ../../ DotDotPwn Description README.txt It’s a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module. It's written in perl programming language and can be run either under *NIX or Windows platforms. It’s the first Mexican tool included in BackTrack Linux (BT4 R2). C
  • 6. ../../ Introduction Directory Traversal Vulnerability A directory traversal (or path traversal) consists in exploiting insufficient security validation / sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" are passed through to the file APIs. The goal of this attack is to order an application to access a computer file that is not intended to be accessible. Directory traversal is also known as the ../ (dot dot slash) attack, directory climbing, and backtracking. Some forms of this attack are also canonicalization attacks. A typical example of vulnerable application in php code is: Source: http://en.wikipedia.org/wiki/Directory_traversal C
  • 7. ../../ Introduction Directory Traversal Vulnerability An attack against this system could be to send the following HTTP request: Generating a server response such as: Source: http://en.wikipedia.org/wiki/Directory_traversal C
  • 8. ../../ Introduction Directory Traversal Vulnerability Some web applications scan query string for dangerous characters (to prevent Directory Traversal vulnerabilities) such as: .. .. ../ However, the query string is usually URI decoded before use. Therefore these applications are vulnerable to percent encoded directory traversal such as: %2e%2e%2f which translates to ../ %2e%2e/ which translates to ../ ..%2f which translates to ../ %2e%2e%5c which translates to .. etc. Source: http://en.wikipedia.org/wiki/Directory_traversal C
  • 9. ../../ Introduction Directory Traversal Vulnerability According to a study done by Imperva about Web Applications Attacks, the Directory Traversal vulnerability is one of the most common attacks nowadays (July 2011) Source: Imperva’s Web Application Attack Report. Edition #1 - July 2011 C
  • 10. ../../ Introduction Fuzz Testing Fuzz testing or fuzzing is a software testing technique that provides (in)valid, unexpected, or random data to the inputs of a program. If the program fails (for example, by crashing or failing built-in code assertions), the defects can be noted. Fuzz testing enhances software security and software safety because it often finds odd oversights and defects which human testers would fail to find, and even careful human test designers would fail to create tests for. Source: http://en.wikipedia.org/wiki/Fuzz_testing C
  • 11. ../../ Introduction Intelligent Fuzz Testing Source: N DeMott, J. (2006). The evolving art of fuzzing.
  • 12. ../../ Introduction Intelligent Fuzz Testing Source: N DeMott, J. (2006). The evolving art of fuzzing.
  • 13. ../../ Introduction Intelligent Fuzz Testing Source: N DeMott, J. (2006). The evolving art of fuzzing.
  • 14. ../../ General Information Origin / Evolution CHANGELOG.txt DotDotPwn v1.0 Release date: 21/Aug/2010  Checker Script  Core component: Traversal database (external .txt files) with 881 payloads  Based on Shlomi Narkolayev’s Directory Traversal Cheat Sheet  http://narkolayev-shlomi.blogspot.com/2010/04/directory-traversal-fuzz-list.html DotDotPwn v2.1 Release date: 29/Oct/2010 (BugCon Security Conferences 2010)  From Checker to Fuzzer  Rewritten from the scratch  Modular architechture (DotDotPwn packages)  Core component: Traversal Engine  OS detection (nmap)  A cool banner was included ;)  False positives detection  Many parameters included for fuzzing flexibility  More modules included DotDotPwn v3.0beta Release date: 03/Aug/2011 (Black Hat USA 2011 (Arsenal) - Conference CD)  Random User-Agent in HTTP requests  Operating System type specifier (if known)  Reporting capabilities C
  • 15. ../../ General Information Design / Architecture INPUTS FUZZ PATTERNS OUTPUTS CREATION Modules manual OS type HTTP Traversal Engine OS detection HTTP URL ../../ .... ..%2f..%2f Deepness FTP ..%255c..%255c ..%c0%2f..%c0%2f ..%u2215..%u2215 TFTP ..%uF025..%uF025 ..%25c1%259c..%25c1%259c Filenames %252e%252e%c0%5c%252e%252e%c0%5c PAYLOAD STDOUT Dots & Slashes Encodings C
  • 16. ../../ General Information Usage options USAGE.txt N
  • 17. ../../ General Information Usage options EXAMPLES.txt (one example per module) C
  • 18. ../../ General Information Website / Contact README.txt Official Website: http://dotdotpwn.sectester.net Official Email: dotdotpwn@sectester.net Bugs / Contributions / Improvements: dotdotpwn@sectester.net C
  • 19. ../../ General Information Download DotDotPwn v3.0beta: INCLUDED IN BLACK HAT USA 2011 CONFERENCE CD DotDotPwn v2.1: PacketStormSecurity: http://packetstormsecurity.org/files/view/95399/dotdotpwn-v2.1.tar.gz BackTrack Linux 4 R2: # apt-get update # apt-get install dotdotpwn # cd /pentest/fuzzers/dotdotpwn/ # ./dotdotpwn.pl Mirror: http://www.brainoverflow.org/code/dotdotpwn-v2.1.tar.gz N
  • 20. ../../ General Information Contributions AUTHORS.txt Contribution: Idea Implementation of the Bisection Algorithm (http://en.wikipedia.org/wiki/Bisection_method) once a vulnerability has been found in order to determine the exact deepness of the directory traversal. Origin of -X switch. By: Roberto Salgado aka LightOS http://twitter.com/LightOS http://www.websec.ca ------------------------------------- Contribution: Idea and Code Not always include the @Extra_files (e.g. web.config, httpd.conf, etc.). Origin of the -e switch. Specify the Operating System type if known ("windows" or "unix"). Origin of the -o switch. By: Eduardo Ruiz Duarte aka Beck http://twitter.com/toorandom http://math.co.ro http://b3ck.blogspot.com ------------------------------------- Contribution: Code Save a results' report into the Reports folder. Origin of the -r switch. Treatment of SIGINT in order to print the number of traversals found when Ctrl + C is pressed. Random User-Agent in HTTP requests for IDS/IPS detection avoidance. By: Diego Boy http://twitter.com/Diego_Boy ------------------------------------- Contribution: Code Random User-Agent in HTTP requests for IDS/IPS detection avoidance. By: Cristian Urrutia aka Gashnark http://twitter.com/blion_tec N
  • 21. ../../ General Information To Do  Implementation of the Bisection Algorithm to determine the exact deepness of the directory traversal. The bisection method in mathematics, is a root-finding method which repeatedly bisects an interval then selects a subinterval in which a root must lie for further processing. Source: http://en.wikipedia.org/wiki/Bisection_method ../../../../../../../../../../../../../../../../etc/passwd (16) ../../../../../../../../etc/passwd (16/2 = 8) ../../../../../../../../../../../../etc/passwd ((8+16) / 2 = 12) ../../../../../../../../../../etc/passwd ((8+12) / 2 = 10) ../../../../../../../../../../../etc/passwd ((10+12) / 2 = 11) 5 requests instead of 11 ! N
  • 22. ../../ Vulnerabilities Discovered vulnerabilities Tested software  HTTP: 72  Web platforms: 2 (CMS’s)  FTP: 25  TFTP: 11 C
  • 24. ../../ Vulnerabilities Discovered vulnerabilities Exploits  MultiThreaded HTTP Server [chr1x] – http://www.exploit-db.com/exploits/12304  Wing FTP Server v3.4.3 [chr1x] - http://packetstormsecurity.org/1005-exploits/wingftp-traversal.txt  VicFTPS v5.0 [chr1x] – http://www.exploit-db.com/exploits/12498  TFTP Desktop 2.5 [chr1x] - http://www.exploit-db.com/exploits/14857  TFTPDWIN v0.4.2 [chr1x] - http://www.exploit-db.com/exploits/14856  Femitter FTP Server 1.04 [chr1x] - http://www.exploit-db.com/exploits/15445  Home FTP Server <= r1.11.1 (build 149) [chr1x] - http://www.exploit-db.com/exploits/15349  Yaws 1.89 HTTP Server [nitrØus] - http://www.exploit-db.com/exploits/15371  Mongoose 2.11 HTTP Server (Win32) [nitrØus] - http://www.exploit-db.com/exploits/15373 N
  • 25. ../../ Vulnerabilities Discovered vulnerabilities 3.4.5 – 2nd Traversal found ! 3.4.3 DotDotPwn iz Breaking Patches! 3.4.2  3.4.1 3.4.0 - 1st Traversal found ! ================= 56 days of exposure!! C
  • 26. ../../ Traversal Engine Description Traversal Engine ../../ .... ..%2f..%2f ..%255c..%255c ..%c0%2f..%c0%2f ..%u2215..%u2215 ..%uF025..%uF025 ..%25c1%259c..%25c1%259c %252e%252e%c0%5c%252e%252e%c0%5c N
  • 29. ../../ Traversal Engine Fuzz patterns generation N
  • 30. ../../ Traversal Engine Intelligent Fuzzing At the beggining of this presentation … Then … N
  • 31. ../../ Traversal Engine Intelligent Fuzzing  Fuzz patterns according to the Operating System detected (nmap) ../../../boot.ini on *NIX-like ../../../boot.ini on Windows ../../../etc/passwd on Windows ../../../etc/passwd on *NIX-like N
  • 33. ../../ Traversal Engine Intelligent Fuzzing  Encoding of slashes (/) for the correct semantics in the fuzzing patterns ..%2f..%2fetc/passwd ..%2f..%2fetc%2fpasswd %2e%2e%c0%af%2e%2e%c0%afwindowssystem32driversetchosts %2e%2e%c0%af%2e%2e%c0%afwindows%c0%afsystem32%c0%afdrivers %c0%afetc%c0%afhosts N
  • 35. ../../ Modules HTTP #DotDowPwn #snort-2.8.4 - snort-2.9.x, and suricata alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET SCAN DotDotPwn User-Agent"; flow: established,to_server; content:"User-Agent|3A| DotDotPwn"; nocase; http_header; threshold: type limit, track by_src,count 1, seconds 60; classtype: attempted-recon; reference:url,dotdotpwn.sectester.net; sid:yyyyyy; rev:1;) C
  • 36. ../../ Modules HTTP  Additional verification to avoid false positives N
  • 39. ../../ Modules FTP  Compliance with RFC 959 - File Transfer Protocol  Double testing approach:  CD <directory> & GET <file>  GET <directory><file> N
  • 41. ../../ Modules TFTP  A little hack in the TFTP.pm module’s constructor to improve the testing speed (-t switch in DotDotPwn) N
  • 44. ../../ Upcoming release… DotDotPwn v4.0 …Stay tuned.
  • 45. ../../ Greetings  r1l0, b0rr3x, l1l1th, chipx0r, preth00nker, NataS, Darko, beck, Daemon, dex, Alination, Carlos Ayala, hkm, calderpwn, tr3w, hecky, raito, BelindoFan etc etc…  Helga alt3kx :**  Contributors  GuadalajaraCON Crew  www.underground.org.mx  #mendozaaaa  CRAc, hkm, alt3kx, tr3w, beck, cldrn, LightOS, xScPx, Daemon, SirDarckCat, Rolman, Crypkey, KBrown, nediam, beavis, kaz, Carlos A. Ayala, corelanc0d3r, Héctor López, Raaka (el_gaupo), dex, Cj, preth00nker, Humberto Ochoa, ch0ks, ran, Federico L. Bossi Bonin, Bucio, javi3r, sunLevy, Zeus, etc… C/N
  • 47. ../../ Thanks ! chr1x & nitrØus @ Solar Vision 3 Alejandro Hernández H. (nitrØus), CISSP, GPEN Christian Navarrete (chr1x), ), GiJOE http://twitter.com/nitr0usmx http://twitter.com/chr1x <nitrousenador@gmail.com> <chr1x@sectester.net> http://chatsubo-labs.blogspot.com http://chr1x.sectester.net http://www.brainoverflow.org