Insinuator


Some outright rants from a bunch of infosec practitioners.

TAG | tool

Dear Readers,

It’s me again with another teaser for an upcoming workshop at the IPv6 Security Summit. This one is a classic! If you happen to deploy IPv6 in your environment in the near future, but didn’t had the time to think about the security implications, this workshop is the right place to start. (more…)

, , , , , | Post your comment here.

Sep/15

29

Python For Hackers

Python has reached a defacto standard in exploit development lifecycles and most of the proof of concept tools you’ll find out there are written in Python (besides the metasploit framework, which is written in Ruby). Python allows to write scripts handling with remote services, fiddling with binary data and interacting with C libraries (or Java in case of Jython/.Net in IronPython) in a fast and easy way. The huge standard library with it’s “battery included” principle removes some of the dependency hell known from other frameworks/languages. I want to share some of my python coding experiences with you, and maybe this could give some helpful tips for your future work, to make the world a bit safer :) (PS: most of the examples are written in Python 3.x or compatible to both Python branches).

(more…)

, , | Post your comment here.

Sep/15

19

Miner’s Canary Revival in IT Security

canary_credit_to_javier_bano

What is a Miner’s Canary?

Well, it’s a canary (these cute yellow songbirds some people have as a pet), and its main feature is that it dies before you will.

What the hack [pun intended]? And by the way… what has this to do with IT Security? Well… let me first quote Wikipedia on the birds:

(more…)

, , , , , | Post your comment here.

Jun/15

12

An unpacker for Alcatel TiMOS images

Hi,

I wrote a small python script that extracts the content from Alcatel .tim firmware files. It took some time staring at hex values, as well as a fair amount of guess work to figure out the file format.
(more…)

, | Post your comment here.

Jun/15

10

TACACS+ module for loki

There has been, again, some development within the loki domain. Today I’m going to write about the latest module added to the suite, a module for decoding and cracking Cisco’s TACACS+.

(more…)

, , | Post your comment here.

Dec/14

19

Getting 20k Inline-QR-Codes out of Burp

Lately we had to analyze QR-Codes in a pentest. Those held some random data which was used as a token for login and we wanted to know if that data was really random.

(more…)

, , , , | Post your comment here.

Aug/14

25

ERNW’s Top 9 Burp Plugins

In the context of an internal evaluation, we recently had a look at most of the burp plugins available from the BApp store. The following overview represents our personal top 9 plugins, categorized in “Scanner Extensions”, “Manual Testing” and “Misc” in alphabetic order:
(more…)

, | Post your comment here.

Jun/14

25

New Tool: s1ap_enum

As we continue our research in the 3GPP protocol world, there is a new tool for you to play with. It is called s1ap_enum and thats also what it does  😉

The tool itself is written in erlang, as i found no other free ASN.1 parser that is able to parse those fancy 3GPP protocol specs. It connects to an MME on sctp/36412 and tries to initiate a S1AP session by sending an S1SetupRequest PDU. To establish a S1AP session with an MME the right MCC and MNC are needed in the PLMNIdentity. The tool tries to guess the right MCC/MNC combinations. It comes with a preset of known MCC/MNC pairs from mcc-mnc.com, but can try all other combinations as well.

Download

(more…)

, , , , | Post your comment here.

May/14

8

ASCII Protocol Scheme Generator

As we historically have a strong connection to network technologies (not surprising, given the “NW” in “ERNW” stands for “Networks”), I developed a small script to create RFC-style ASCII representations of protocol schemes. The following listing shows an example created for a fictitious protocol:

 0                   1                   2                   3  
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+---------------------------------------------------------------+
|             type              |              id               |
+---------------------------------------------------------------+
|     flags     |                   reserved                    |
+---------------------------------------------------------------+
|                            payload                            |
+---------------------------------------------------------------+

 

The command line to create this output is

./ascii_header.py 16-type 16-id 8-flags 24-reserved 32-payload

and of course the script also provides a help message which explains the parameters in detail.

Download: https://www.ernw.de/download/ascii_protocol_scheme_generator.zip

Enjoy and feel free to leave feedback and comments,

Benedikt :)

, | Post your comment here.

Feb/14

20

Fresh Meat From the Coding Front

Within the last months I had some time to work on my code and today I’m releasing some of that: a new version of dizzy as well as two new loki modules.

(more…)

, , , , , , | Post your comment here.

Older posts >>

Contact


Mail | Twitter | Imprint

©2016 ERNW GmbH
To top