[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1205341860.7782.5.camel@localhost>
Date: Wed, 12 Mar 2008 18:10:59 +0100
From: Joxean Koret <joxeankoret@...oo.es>
To: pen-test <pen-test@...urityfocus.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Inguma version 0.0.7.2 released
Hi to all,
Inguma version 0.0.7.2 has been released. In this version I have added
new modules and exploits, fixed many, many, many bugs as well as
enhancing existing modules, such as the Oracle related stuff.
PyShellcodelib has been enhanced as well and now supports Mac OS X. But,
for the moment, just BSD syscalls. Mach syscalls implementation is on
the way. You will also notice that it is now object oriented as opossed
to the previous versions.
Among with the aforementioned changes, I'm releasing 5 new Oracle
modules: 4 modules for bugs fixed in the Critical Patch Update of
January 2008 and one skr1pT k1|>i3 like module for the Oracle PL/SQL
gateway flaw. Give to the module the target's address and port and run
"oragateway". The module will automagically guess the correct DAD and
bypass technique. After it an SQL terminal will be opened.
The new modules added to the framework are the following:
* nikto: A plugin that uses Nikto based databases (Thanks you Sullo!).
* archanix: As you may imagine, it gathers information from archaic Unix
services.
* brutesmtp: A brute forcer for SMTP servers.
* anticrypt: A tool to guess the encryption algorithm of a password's
hash. It saves a lot of time when auditing passwords.
The following is the complete ChangeLog:
* Fixed bugs in almost all modules.
* Added support for command line history and autocompletion (whenever
readline is available).
* Fixed various oracle module documentation.
* Added the first version of "anticrypt", a tool to detect the
encryption algorithm used for a password hash. It saves a lot of time
when auditing a (guessable) algorithm.
* Added a Nikto plugin (Thanks you Sullo!).
* Added module "archanix". Usefull to check old Unix boxes.
* Many changes to PyShellcodelib (Thanks erg0t!).
* Added a brute forcer for SMTP servers.
* First release of the documentation by Andrew Brooks. Check the wiki
available at http://inguma.wiki.sourceforge.net/ (Many thanks Andrew!).
* Added 5 new Oracle exploit modules for CPUJAN2008.
* Updated the distributed Scapy version for both Windows and Unix
(Thanks you Dirk!).
Download
http://inguma.sourceforge.net/redirect.php
Web Page
http://inguma.sourceforge.net
Documentation
http://inguma.wiki.sourceforge.net
Project web page
http://sourceforge.net/projects/inguma
Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists