Wednesday, February 25, 2009

Cool little device

Ok, nothing to do with OS Fingerprinting, but since I've been looking into Pentesting so much lately also, when I saw this post earlier today on Twitter by Hal, all I could think of was how much fun one could have with one of these!

These devices are getting smaller and smaller all the time and cheaper and cheaper.

I'm waiting to see one with two ethernet ports on it, basically an internal switch so that you can drop one of these behind someones desk, plug their computer feed into your device, a short cable from the device to their computer and then have this thing phone home and open some type of door for you.

As it is now that could still be done easily enough with it, but you also have to find a network port that is live. Adding the internal switch would just make things easier.

Tuesday, February 24, 2009

Insecure Magazine, os fingerprinting and xprobe2

The latest version of (in)secure was released here recently. The first article this month was on using a new version of xprobe2 to do fingerprinting. Sounds like some new features have been added and some cleanup has been done.

Looks like the next release is due out in June of xprobe

Sunday, February 22, 2009

EDHCPFingerprint & EFFormat

Both programs from enterasys have been updated again! They've been busy. Main change I know about is a repository.xml file that is generated. It looks to see what names show up across multiple .xml files (tcp, mac, dhcp, smb, etc). It was a very useful feature in cleaning up some of my files. Some of which I'm not even using yet, but that I've been adding to from time to time in the past and hope to use in the future!

I've pretty much started using EFFormat full time now in editing my fingerprint files!

As always, they can be found here at enterasys

Updated Software

Satori updated to version 0.62. Lots of new fingprints added and others updated. Took like Linux distro's and combined them where it made sense instead of having 5 fingerprints that were all the same because they were based on the same distro. Also added the packetfence fingerprint info back into my dhcp.xml file. We'll see if the packetfence project starts using the .xml file or not, it has been discussed in the past and may be being looked at again. We'll see.

With the addition of these fingerprints back into dhcp.xml I decided to give the user a few more options in parsing dhcp fingerprints. You'll find it under options. I also added a new feature for arp parsing also since it was in an 'addon' dll instead before. Now it is just an option.

Last major change was an update program. It is a stand alone program that will update the .exe, .dll, and .xml files. It is nothing fancy, but it gets the job done. It will let you keep up to date on the latest fingerprint files, dll's, etc without me having to do a full new .zip file!