[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 20 Oct 2007 18:44:10 +0200
From: Joxean Koret <joxeankoret@...oo.es>
To: inguma-news@...rceforge.net
Cc: Full Disclosure <full-disclosure@...ts.grok.org.uk>,
pen-test@...urityfocus.com
Subject: Inguma 0.0.5: Brute forcing and password cracking
Hi to all,
The latest version of Inguma (0.0.5) have been released with many fixes
and new modules. The following are the most important changes and
updates:
* Added one exploit for the vulnerability in SYS.LT.FINDRICSET (Oracle
CPU Oct. 2007).
* Added the module "firetest" to test firewall configurations.
* Added module "brutessh" to brute force SSH servers.
* Added module "bruteora" to brute force Oracle servers. It will check
for every (commonly) possible user or for an specified user.
* Added a tool to crack MD5 hashes using freely available rainbow
tables.
* Added module "sidguess" to guess the SID of an Oracle Database
instance.
* _*Initial*_ shellcode support. See the SIDVault remote root exploit
and $INGUMA_DIR/lib/libexploit.py for details. x86 support with
InlineEgg. Thanks you Gera!
* Added a password cracker for Oracle11g.
* Added a password cracker for MS SQL Server 7 and 2000.
* Enhanced the Oracle PL/SQL Fuzzer. Now, if you redirect the output
only the vulnerabilities found are logged, all the rest of the output
are written to stderr.
Regards,
Joxean Koret
Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists