http://www.cqure.net/wp Thu, 29 May 2008 18:02:41 +0000 http://backend.userland.com/rss092 en My presentation from the Swedish OWASP meeting the other day is now online. I spoke about SQL injection (again), efficient UNION exploitation, OOB channels and DNS-tunneling in MSSql, Oracle and MySQL. The presentation, DNS-server tool and a minimal cheat sheet can be found here. I had a great time and enjoyed meeting friends, ... http://www.cqure.net/wp/2008/05/owasp-sweden-meeting-20080527/ I made some minor adjustments and bugfixes to the 0.7 release and released 0.8. MSSQLScan should now support a graceous shutdown when doing a ctrl-break and not skip hosts when running out of sockets. Get it here. http://www.cqure.net/wp/2008/05/mssqlscan-08-released/ I have released a new tool that can be used to verify password quality against several database engines. Make sure to check it out here. http://www.cqure.net/wp/2008/05/new-tool-dbpwaudit/ I have released a new version of my MSSQLScan tool. It contains fixes for running out of sockets when scanning large networks with low timeouts and re-scheduling of unsuccesful probes. Let me know how/if it works and please send me bug reports. http://www.cqure.net/wp/2008/05/mssqlscan-version-07-released/ I have launched a new blog with "random thoughts about random things" ... The reason why I'm launching a new site when barely keeping up with this one is that I want to keep this one security oriented while the new one a bit more "random". The new blog can ... http://www.cqure.net/wp/2008/04/new-blog/ I have been experimenting with SQL-injection and information enumeration through error messages for a while. The idea was to simplify the process of extracting data so that very little application logic would be needed to perform the task. Ideally a simple 3-5 line bash-script wrapping wget or curl should do the ... http://www.cqure.net/wp/2007/11/simplifying-enumeration-by-error-messages/ I finally got to publishing a tool, which due to a number of reasons, has not happened for quite some time now. The MSSQLScan tool scans for Microsoft SQL Server *surprise*. It does so by using UDP which means that it can either discover servers by hitting a broadcast address ... http://www.cqure.net/wp/2007/10/mssqlscan-06-release/ I attended the T2 security conference last Friday where I presented a talk on SQL injection and out-of-band channelling. Unfortunately I wasn't able to stay for the whole conference but the talks I attended were very good. Make sure to check it out next year. Hopefully, I will have a ... http://www.cqure.net/wp/2007/10/t2-security-conference/ Finally, Oracle has made changes to the way they store passwords. Oracle 11g introduces a different algorithm (SHA1), supports mixed-case passwords and adds salts to stored passwords. This all sounds great EXCEPT that the old weaker hashes are still being stored in the sys.user$ table. It seems as if several different ... http://www.cqure.net/wp/2007/09/oracle-11g-password-security/ Core security released their PSH (passing-the-hash) toolkit today. Even though the concept of passing-the-hash is old, few tools putting it into practise have been available to the public. A number of companies working within security industry have had their own tools, some being more proud of them than others ;) ... http://www.cqure.net/wp/2007/08/passing-the-hash-for-everyone/