Tag Archives: security

Nmap 5.10-BETA2

Nmap 5.10-BETA2 was released by Fyodor as a X-mas present the other day. I was pleased to see that almost all of my scripts made it into this version. The remaining one, oracle-sid-brute, made it into SVN just a few minutes ago 🙂

For the full changelog of Nmap 5.10-BETA2 have a look here.

Nmap Citrix script updated

So, my friend Ian Vitek enlightened me again. Apparently when the published application list is long it’s split up into multiple packets and the client needs to keep reading them until the magic byte at offset 31 is toggled to 1.

I have adjusted my script so that it checks for this and prints a complete list of published applications, instead of just the first packets. The script can be downloaded from here.

For more information on how to get it running, check my earlier posts or post a comment to the article.

VoIPTK version 0.2

While testing another IP PBX product I found some bugs in my applications that I have now fixed. While fixing these bugs I also finished some additional changes that I have been working on. I also added an additional method of determining if an account is valid or not that I found while testing the other PBX product.

More details are available under the VoIPTK page.

smbat CLK_TCK patch

I must say that I am somewhat surprised that people still use the smbat suite for Windows security testing. Since I am doing most Windows testing from Windows now a days I have found myself using alternative tools instead.

I have recieved numerous of questions over time regarding compilation problems, the most common being. Why does smbat fail to compile with the following error message?

error: ‘CLK_TCK’ undeclared (first use in this function)

This is due to the CLK_TCK being deprecated and replaced by CLOCKS_PER_SEC. The following patch solves this problem. Apply it by running the following command from within the smbat directory:

patch -p1 < smbat_CLK_TCK.patch

Preparing for sec-t

Unfortunately I couldn’t make Vegas this year. According to friends and the slides I have been going through it looked as if there were quite a few really good and interesting talks this year at both Blackhat and Defcon.

I will be attending the first Swedish based Sec-t security conference here in Stockholm which I think might actually turn out really well. It will be held between the 11th and 12th of September.

I will be speaking at the last slot on Friday about what administrators can do in order to reduce the impact of web application vulnerabilities ie. system and application hardening.

More information regarding the event is available at the official web site http://www.sec-t.org/