Injectable exploits focus on the exploitation of major web flaws during penetration tests. Two new tools will be released that expand the foothold penetration testers can obtain through SQL injection and XSS flaws. These tools provide greater insight into the network hosting the web application and the networks in which the users are located. We will also discuss the live CD environment that includes both tools.
Yokoso! is an infrastructure fingerprinting system delivered via XSS attack. This project contains two different parts; the fingerprints and modules for the various browser exploit frameworks. The fingerprints identify web applications deployed in the user's network, applications such as web administration interfaces to different IT manage systems. The modules portion contains code to perform two basic attacks. The first is history browsing which determines if the user has visited the sites of interest. This reveals if the user is an administrator or power user. The second attack module within Yokoso! Initiates requests to map the infrastructure of the user's network.
Laudanum is a collection of injectable files that are prebuilt to perform various attacks within a network. These files are injected via SQL injection attacks. The individual files are placed into scheduled jobs or the web root of database servers.
This is accomplished by exploiting SQL injection flaws within the web application. Laudanum includes various attacks such as shells, proxy capabilities and data collection tools.
A major feature of both tools is their scope limiting capabilities. Many similar tools lack the capability to identify target hosts before performing exploits. Both of these tools allow a penetration tester to specify target restrictions based on external IP, internal IP, and hostname.
The final portion of the talk will cover SamuraiWTF. SamuraiWTF is a live CD environment focused on web penetration tests. It was released during DEF CON 16 and has had four new releases since that time. Both Yokoso! and Laudanum will be included on a new version of SamuraiWTF released at DEF CON this year.