lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 28 Dec 2007 04:20:43 -0500 (EST)
From: Ben <comsatcat@...thlink.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Hellsing

I was looking through my Projects/ folder earlier today and found this discarded piece of work.  I vamped it up a little bit and decided to post it in my blog (socialnetworkwhore.com) as well as here.  It still has a few things busted (like ssl only works with non self signed certificates), but it gets the job done.

Now on to an explanation... Hellsing is a web attack application utility which uses a configuration file to define your attack methods.  It supports cookies, ssl, post and get methods.  It uses format strings to build useful attack patterns.

Example Usage:

./hellsing -c hellsing.conf -t 1 -k 127.0.0.l  -v www.localhost -x /index.php -f 't:123;c:/bin/ls' -o

This tells hellsing to attack the ip 127.0.0.1 over ssl (-o flag; defaults to port 80; 443 for ssl) and target the virtual host www.localhost.  The target app is index.php and the module to be used is 1 (see -l for all modules).  Arguments to the module are t and f, each with the respective values of 123 and /bin/ls.

I left a few web app vulns in the config file to give you examples to play with.  You can do a few more things like encoding (see -e) and selective output buffering (see -s).

Oh one other thing, it sends lots of headers. when I wrote it, I wanted it to emulate the headers firefox sent in a generic http get request.

Anyhow have a good one.

- Ben
Download attachment "hellsing-0.2.tar.gz" of type "application/gzip" (10176 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ