ethicalhack3r

I bought an old battered PC over the weekend with the goal of installing a honeypot. I had never installed a honeypot before so wasn’t quite sure what to expect. At first I decided on Dionaea the succsesor to Nepenthes, I had heard great things about Nepenthes from a friend of mine (Infosanity). After going through the installation process, I couldn’t get Dionaea to ‘make’ with the right Python version detected (> 3.0), after about an hour of playing around I decided to give Glastopf a try.

Glastopf is a Honeypot which emulates thousands vulnerabilities to gather data from attacks targeting web applications. The principle behind it is very simple: Reply the correct response to the attacker exploiting the web application. The project has been kicked off by Lukas Rist around one year ago and the results we are got during this time are very promising and an incentive to put even more effort in the development of this unique tool.

Glastopf was very easy to install and configure, I simply downloaded the subversion trunk and ran it with “sudo python webserver.py”. Glastopf was up and running however not configured. Glastopf gives you the option to save the honeypot logs to a MySQL database, for this all you have to do is install MySQL and python-mysql, set up the database/tables and add the ‘mysql.py’ plugin to the configuration file. Glastopf provides you with the table structure already set out in the ‘/structure/log.sql’ file, to import the file I used ‘mysql-navigator’ (sudo apt-get install mysql-navigator), mysql-navigator is a GUI client for MySQL, you can however just use the MySQL command line client.

All I had to do now was forward port 80 on my router to the machine with Glastopf running on it. I will now leave the machine running for a few days and hopefully come back with some statistics, which I will of course be posting and making pretty little graphs out of. :) If the initial statistics and hits are positive I will try to keep the honeypot running indefinitely and some how link the stats to the blog.

I recently upgraded to Windows 7 from Vista. I had planned to migrate fully to Ubuntu 9.10 Karmic however after nearly £100 investment in wireless equipment and none of the hardware working under Ubuntu I bit the bullet. I will now be running Ubuntu and other Linux distributions as Virtual Machines.

Here is a list (in no particular order) of essential (to me) Open Source and Free (as in beer) software (non-security) I installed on my shinny new Windows 7:

FileZilla FTP client – http://filezilla-project.org/ (Open Souce)
Mozilla Thunderbird – http://www.mozillamessaging.com (Open Source)
Inkscape – http://www.inkscape.org/ (Open Source)
BitTorrent – http://www.bittorrent.com/ (Open Source)
Wireshark – http://www.wireshark.org/ (Open Source)
7-Zip – http://www.7-zip.org/ (Open Source)
Notepad++ – http://notepad-plus.sourceforge.net/ (Open Source)
Mozilla Firefox – http://www.mozilla.com/firefox/ (Open Source)
OpenOffice – http://www.openoffice.org/ (Open Source)
Sun VirtualBox – http://www.virtualbox.org/ (Open Source)
Tortoise SVN – http://tortoisesvn.tigris.org/ (Open Source)
VLC – http://www.videolan.org/vlc/ (Open Source)
TrueCrypt – http://www.truecrypt.org/ (Open Source)
XAMPP – http://www.apachefriends.org/en/xampp.html (Open Source)
Zattoo – http://zattoo.com/ (Free)
Spotify – http://www.spotify.com/ (Free)
Skype – http://www.skype.com/ (Free)

It should now be easier than ever to pwn my box now that you all know what software and OS I’m running. ;) What Open Source/Free software can you not live without?

P.S. HAPPY NEW YEEAARRR!!!

RandomStorm have acquired Damn Vulnerable Web App (DVWA) :)

RandomStorm showed their interest in DVWA and wanted to help the project grow. After some weeks of talks we have settled on an agreement which I believe will benefit the DVWA project immensely.

What do RandomStorm do?

RandomStorm was formed in 2007 to provide a proactive vulnerability management service for companies and organisations that take network security seriously and need to demonstrate maximum due diligence in protecting personal and corporate information.

Without going into too much detail RandomStorm will help develop DVWA further, help with marketing, help with direction and overall make the project as good as it can be. DVWA will now be part of the RandomStorm Open Source Project and will be hosted with them in the near future. I will still play a strong role in the development and general overseeing of the project. The acquirement of DVWA has nothing but positives, the project will still be as great and even greater than it is, I still get to work on my baby, DVWA will still be open source and the project has the backing of a great company, RandomStorm.

Andrew Mason, Chief Technologist at RandomStorm says:

I see that combining efforts on this will really add value to this great tool and take it to the next step.

RandomStorm will be releasing an official press release in the near future. I would really like to hear everyones feedback so please comment.

In the meantime you can follow RandomStorm on Twitter: @RandomStorm

I started a poll last week on the 1st of December tittled ‘Open Source Web Application Vulnerability Scanners’. The aim of this poll was to gain feedback from as many people in the security community as possible to find out which was their preferred open source web application vulnerability scanner, what they preferred about it and what they would improve about their favorite scanner. The poll has run for almost 7 days. The poll link was posted on Twitter (via my Twitter account), on this blog and on www.ethicalhacker.net.

The total number of submissions was 32 however there were some anomalies in the data mainly due to my own fault. I had originally included Burp Suite, I had confused their free version with it being open source, it turns out this is not the case. I also had submissions from application developers, I did not state that I wouldn’t be counting their votes however I believe it fairer if we didn’t. After taking out the votes for Burp Suite (3 before removing the option), the submissions from application developers (2) and submissions for other commercial scanners (2), it left us with a total of 25 submissions.

The results:

w3af: 11
Metasploit Framework: 8
Nikto: 4
Wikto: 1
WebSecurify: 1

Stability: 4
Less false positives: 3
More features: 2
Scan time: 1
Output: 1

More features: 2
Scan time: 2
Stability: 1
Output: 1
Configuration: 1
Make ’scenario’: 1

As you can see from the results w3af is the clear favorite open source web application vulnerability scanner of the people who made submissions with the Metasploit Framework coming a close second. Judging from some of the additional comments, I believe that some people were voting for the Metasploit Framework itself rather than the web application modules it includes. The two biggest improvements the community want in w3af is stability and less false positives.

Open Source Web Application Vulnerability Scanner links:
w3af – http://w3af.sourceforge.net/
Metasploit – http://www.metasploit.com/
Nikto – http://cirt.net/nikto2
Wikto – http://www.sensepost.com/research/wikto/
WebSecurify – http://www.websecurify.com/

Big thanks to everyone who took the time to take the poll.

I am trying to find out from the community which open source web application scanners they use and why. Please take the poll, once, and answer honestly. Thank you! ;)

http://spreadsheets.google.com/viewform?formkey=dFNpQmNfUWx4UEFicW0wQXlZTFQyV0E6MA