Portcullis Labs - deano

polenum | Content

Thu, 30 Oct 2008 11:54:12 GMT

polenum is a python script which uses the Impacket Library from CORE Security Technologies to extract the password policy information from a windows machine. This allows a non-windows (Linux, Mac OSX, BSD etc..) user to query the password policy of a remote windows box without the need to have access to a windows machine.

features

can extract password and associated information from a windows machine
will connect over a NULL or authenticated share
supports encrypted/signed sessions

limitations

no NTLMv2 support
has a problem with domain connected workstations

download

download polenum

vessl | Content

Thu, 30 Oct 2008 11:51:42 GMT

vessl is a simple wrapper script that connects, extracts and then verifies the ssl certificate of an encrypted service. It was originally written in order to script up the ability to verify ssl certificates across a large network.

features

vessl will connect to any service that openssl can
it will extract and verify against a given CA Pem file
it will check that certificate matches the host it is on
it produce a map going from ip's to hostname
checks to see if certificate is based on a blacklisted debian key

dependencies

openssl
ping
openssl-vulnkey
mktemp
CA Pem File

download

download vessl

Introduction To Format Strings | Content

Tue, 17 Jun 2008 13:11:17 GMT

What?

This presentation tries to cover the basics of format strings exploitation. Starting with an explanation of the legitimate use of Format Strings (Yin) moving onto how programming flaws can be exploited using this technique.

Why?

I spent many months getting my head aorund the nuonces of FS explitation so though I would put together a presentation on all the little things that I though were they key points when coming accross this subject for the first time. This hopefully will act as a good basis for the More Adventures In Format Strings presentation

More Adventures in Format Strings | Content

Mon, 14 Apr 2008 15:11:37 GMT

What?

This presentation covers a method for exploiting format string vulnerabilities which is compared to techniques used for exploiting heap smashes. It does not not cover the basics of the vulnerability because these seem ten a panny.

Why?

Much work has been written about covering the underlying principles of format strings but not much seemed to be written concerning this specific technique. More over is was written to push forward a method and library that can be used to optimise format strings to fit into smaller buffer spaces

hoppy | Content

Fri, 09 Oct 2009 13:33:35 GMT

hoppy is a http options prober written in python. It checks the availability of HTTP methods as well as probing them to see if they can be forced to disclose system information.

features

HTTP Method detection, TRACK, TRACE, PUT etc
Internal IP address disclosure detection
Internal Path Disclosure detection
Transparent working so you can see exactly what it did
Data extraction
Spider to find directories for webDAV detection
ms09-020 IIS auth bypass check on all discovered directories

download

download hoppy