Did lulzsec expose your friends password?
I assume you have all heard about Lulzsec over the past few months so I will not go into their backstory and instead get straight to the point.
Yesterday, 26th June 2011, they released their last data dump on ThePirateBay (TPB) containing usernames and passwords from a few different sources. One of those sources was hackforums.net, I myself had registered here once upon a time. Luckily I had signed up with a disposable password. It turns out however that, yes, that password was leaked in the final lulzsec data dump.
The data dump has now been removed from TPB due to some of the files allegedly being infected with malware. So I found this site which allows you to search for your email address to see if you may have been effected; http://dazzlepod.com/lulzsec/final/
Introducing WPScan – WordPress Security Scanner
After creating the WordPress Brute Force Tool last weekend, I decided to create a bigger project out of it, called WPScan.
WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations. Its intended use it to be for security professionals or WordPress administrators to asses the security posture of their WordPress installations. The code base is Open Source and licensed under the GPLv3.
Features include:
- Username enumeration (from ?author)
- Weak password cracking (multithreaded)
- Version enumeration (from generator meta tag)
- Vulnerability enumeration (based on version)
- Plugin enumeration (todo)
- Plugin vulnerability enumeration (based on version) (todo)
- Other miscellaneous checks
WordPress Brute Force Tool
Following on from my previous post Patching WordPress Username Disclosure I got bored over the weekend and decided to implement Veronica Valeros’s username disclosure technique into a WordPress password brute force tool.
It is nothing revolutionary or difficult to code, but it may come in handy one day on a pentest or web application assessment, mainly to automate the process.
Currently you can use the tool in 3 different ways.
Patching WordPress Username Disclosure
On May 26th Veronica Valero of Talsoft S.R.L. posted a security advisory on the Full Disclosure mailing list outlining a username disclosure vulnerability via a Direct Object Reference.
This is a problem in itself, however, what was more interesting to me was Zerial’s reply to the advisory;
“Also you can “enumerate” wordpress users using the wp-login.php. Whenyou enter a non-existent user wordpress returns “Invalid username” andwhen you enter a valid user with any random/dummie password, wordpressreturns “Invalid Password”. Now you can use brute-force to enumerate allvalid users using, for example, a name&username dictionary.”
Ethical Hacking Degrees – the good, the bad, the ugly
I often get emails (yes, people actually email me) around September time from young students who have come across this blog wanting to know more about doing Ethical Hacking at university level. I am writing this blog post in part to prevent myself from asking these young people for money for my time in replying to all of their questions. Also there seems to be a lot of misinformation about doing degrees related to computer/information security within the community.
Now, you maybe thinking… Ryan has invested countless thousands of pounds and four years of his life to his Ethical Hacking degree so he is bound to be biased. Well, I guess if I wasn’t a little biased then I wouldn’t be human, but I am going to try to be as honest as possible.
