Foofus.Net Security Stuff

SQL Injection and other issues in Micro Technology Services, Inc. Lynx

bede — Thu, 03 May 2012 13:54:39 +0000

The Micro Technology Services Inc. “Lynx Message Server 7.11.10.2″ and/or “LynxTCPService version 1.1.62″ web interface is vulnerable to SQL Injection, Cross-Site Scripting, and other security problems.

See: http://www.foofus.net/?page_id=562

- Bede 5/3/12

Medusa 2.1 Release

jmk — Mon, 02 Apr 2012 21:01:44 +0000

Medusa 2.1 is now available for public download.

http://www.foofus.net/jmk/tools/medusa-2.1.tar.gz

What is Medusa? Medusa is a speedy, massively parallel, modular, login brute-forcer for network services created by the geeks at Foofus.net. It currently has modules for the following services: AFP, CVS, FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), NNTP, PcAnywhere, POP3, PostgreSQL, rexec, rlogin, rsh, SMB, SMTP (AUTH/VRFY), SNMP, SSHv2, SVN, Telnet, VmAuthd, VNC. It also includes a basic web form module and a generic wrapper module for external scripts.

While Medusa was designed to serve the same purpose as THC-Hydra, there are several significant differences. For a brief comparison, see:

http://www.foofus.net/jmk/medusa/medusa-compare.html

This release does not introduce any major changes to the core of the application, however, it does include two years worth of bug-fixes throughout the code base and numerous incremental improvements.

Enjoy,

Joe

Praeda version 0.02.0b is now available for download

percX — Thu, 29 Mar 2012 16:49:16 +0000

Updated release of Praeda 0.02.0b can be downloaded from HERE . This release contains a few new modules and an update to the dispatcher, allowing NMAP .gnmap as target input.

PercX to present at HackCon in Oslo, Norway in March

percX — Tue, 21 Feb 2012 14:21:32 +0000

PercX will be presenting more printer hacking at the Oslo, Norway security conference HackCon on March 28th “From Printer to Pwnd – Leveraging Multifunction Printers During Penetration Testing”. During his presentation he will also be discussing a new ‘simple’ attack against printer firmware update process on high end business MFP devices to gain root level access. This will also coincide with an updated release of PRAEDA that will contain updates to the dispatcher, allowing NMAP .gnmap as target input.

More Multifunction Printer Information Leakage Issues

percX — Mon, 07 Nov 2011 15:22:31 +0000

While examining a Lexmark X656de multifunction printer awhile back I was pleased to “NOT” find any of the common information leakage vulns like passwords within the html source that you typically find on these type of devices. Which was a good sign. Although with a little more testing it was quickly found that the export setting feature was a total fail. Once I exported the system setting (settingfile.ucf) using the export function, it revealed the plain test password for the SMTP settings .

For the latest advisory on this click here

Printer Pass-Back-Attack Tutorial

percX — Fri, 28 Oct 2011 04:47:13 +0000

At Defcon 19 during my presentation we discussed a new attack method against printers. This attack method involved tricking the printer into passing LDAP or SMB credential back to attacker in plain text. We refer to this attack as a Pass-Back-Attack . So its been awhile, but we wanted to release a short tutorial discussing how this attack is performed. A PDF of the Tutorial can be downloaded from here

Toshiba eStudio Multifunction Printer Information Leakage

percX — Wed, 26 Oct 2011 04:19:04 +0000

Ok now that we have showed you how to bypass authentication on a Toshiba eStudio MFP device. The next obvious step is what data can be extracted. Well it turns out that the Toshiba eStudio multifunction printers also leaks data. If you examine the HTML source code of any of the configuration pages you will find the passwords in plan text. Yes that ******* in the password configuration setting field is not really hiding anything.

For Latest Advisory click here

PercX is scheduled to speak at BSides in Wilmington Delaware

percX — Fri, 21 Oct 2011 20:26:50 +0000

PercX will being speaking on printers, and embedded device information gathering attacks. Covering how the information is leveraged to gain access to other core network server systems. Also will be discussing the tool Praeda and its features, functions, and future. So join PercX at BSides Delaware. Registration is available here and schedule information is available here. Follow PercX on twitter at @Percent_X

Toshiba eStudio Multifunction Printer Authentication Bypass

percX — Sun, 16 Oct 2011 21:38:48 +0000

Wow this one was so simple I still cant stop laughing. This was originally released at Shmoocon on January 29 2011 Thought it was time to follow up with an advisory because most end users still do not know about this vulnerability. The authentication on Toshiba eStudio MFP devices is easily bypassed by adding an extra / in the URL after TopAccess.

Example:
http://IP Address/TopAccess//Administrator/Setup/ScanToFile/List.htm

For Latest Advisory click here

Really easy as you can see. Iam looking for assistance to better map out devices with this issue. If you have a Toshiba eStudio please check out the request at http://praeda.foofus.net to give me a hand.

PercX to take PRAEDA printer hacking to India

percX — Thu, 01 Sep 2011 15:52:47 +0000

PercX will be presenting more printer hacking at the Bangalore, India security conference Securitybyte on September 6th. This will coincide with an updated release of PRAEDA that will contain several new modules to test for default authentication credentials and information leakage on embedded network appliances.