During the development of my AFP library for Nmap I came a cross a critical vulnerability in Apple’s implementation of AFP on Snow Leopard. The vulnerability occurs due to improper input validation and allows an attacker to access (list, read, and/or write) files in the parent directory of any AFP sharepoint.
I just finished a patch against Romain Raboin’s HTTP Digest authentication patch for John the Ripper. Romain’s patch is also included in the jumbo patch available from the John the Ripper main page. The patch I made is very small and simply checks if the Quality of Protection (qop) parameter was supplied in the input or not. If it’s not it makes the appropriate changes so that the response is computed per the simpler RFC 2069 standard instead.
I have just posted a new tool to the website called krbpwguess. It does exactly what the name suggests, guesses passwords against the Kerberos service. Visit the krbpwguess web page for more information.
I’ve just released a new security testing tool for Kerberos that allows you to guess valid user accounts against the KDC. More information is available under the KrbGuess page which can be found here.