I’ve uploaded a basic PEAP/LEAP brute-force logon script that I wrote a couple of months ago to the wireless page. It simply calls wpa_supplicant and parses the results, which is slow, but appears to work. Enjoy.
Joe
PEAP/LEAP Brute-Force Fun
July 16th, 2010Twitter Instant Password And Storage
July 2nd, 2010This is old, but might be interesting to fellow security geeks. The idea here is to challenge concepts of what a password is and how it should be secure. In essence, using this system will allow you to keep your uber-secret in a public place such as twitter. There’s some other crufty code (firefox plugin) to go with this, but it’s really just for fun.
BMC Service Desk Express Advisory
July 2nd, 2010This isn’t really very cool, but it’s been exploited during assessments to great effect. So, why not share with everyone. If you’re on an assessment and find they’re running BMC Software’s Service Desk Express, then you can probably leverage this for great justice.
Site Update and New Content
May 18th, 2010Heya,
I reworked the site a bit yesterday. My goal is to migrate all of my old patches/content into it. You’ll find a couple of new pages (Passwords & Hashes, Challenge/Response Authentication) linked on the right sidebar. These pages should contain the latest Samba and other patches I’ve put together over the years.
I’ve also added a new wireless page which contains a patch to Hostapd that adds auto-probe response and PEAP/MSCHAPv2 logging fun.
Joe
Medusa 2.0 Release
February 10th, 2010After what feels like an eternity, Medusa 2.0 is now available for public download.
http://www.foofus.net/jmk/tools/medusa-2.0.tar.gz
This release contains the most significant changes to the core of Medusa since its original release in 2005. We’ve moved to a “real” thread pool and modified how credential sets are selected. See the following for a more detailed list of changes:
http://www.foofus.net/jmk/medusa/ChangeLog
Enjoy,
Joe
Samba “Improvements” Updated
September 3rd, 2009I’ve updated my Samba modifications for the 3.3.7 release. The patch adds support to Samba utilities for passing-the-hash. For the uninformed, this allows you to leverage hashes gathered with such excellent tools as FgDump, without needing to ever crack the password. You can simply pass-the-hash and mount remote shares, create new accounts, etc. as the targeted account. Another bit of goodness here are some changes to the nmbd and smbd daemons. With this patch, nmbd will respond to all broadcast requests. Smbd will log any challenge/response handshakes. All sorts of fun can be had with this… See the following pages for more information:
http://www.foofus.net/jmk/smbchallenge.html/
http://www.foofus.net/jmk/passhash.html
Gordo Attacks
August 1st, 2009This is mildly entertaining for me.
The guys over at StackOverflow.com were doing a podcast and the subject of NTP servers came up. At the end of the podcast, Joel and Jeff discuss various methods of eliminating error messages related to the Windows time service. The conversation soon moved to the idea of using the NTP.org pool of time servers. By default, Windows sends NTP traffic to time.windows.com, or somesuch. The NTP.org pool consists of time servers, run by volunteer system administrators, scattered across the globe. If you don’t know about NTP.org, I suggest you start here.
During the discussion, Jeff typed us.pool.ntp.org into his browser and was redirected to gordo.foofus.net. Gordo, you see, is a NTP (time) server participating in the NTP.org server pool.
This all happened at the end of Episode 52 of the awesome Stack Overflow podcast:
[ Stack Overflow ep.52 - Gordo strikes @ 1:02:00 (mp3) ]
Of course, Gordo must respond to this:
[ Gordo's Official Response ]
Stack Overflow knows how to closeout a show:
[ Stack Overflow ep.58 - starts around 1:00:00 (mp3) ]
Found in my mailbox…
May 15th, 2009I got a pretty ridiculous flyer in my mailbox yesterday, and I thought I’d share. Enjoy!
It’s official, I’m an ass!
April 1st, 2009The latest, and most prodigious, certification in recent years was unveiled recently and I’m proud to announce that I’ve passed their rigorous testing.
You too can attempt to conquer this mountain by going here: http://www.asscert.com/
Foofus.Net Mailing List
February 17th, 2009Have a FgDump/PwDump or Medusa question? Join our mailing list and we’ll help you out.
http://lists.foofus.net/listinfo.cgi/foofus-tools-foofus.net