malwareL4B

Description:

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page.

It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the database, running SQL  statements and even accessing the underlying file system and executing commands on the  operating system.

The power of Havij that makes it different from similar tools is its injection methods. The success rate is more than 95% at injectiong vulnerable targets using Havij.

The user friendly GUI (Graphical User Interface) of Havij and automated settings and detections makes it easy to use for everyone even amateur users.

Features:

 

Items	Free version	Commercial version
1. Supported Databases with injection methods:
MsSQL 2000/2005 with error
MsSQL 2000/2005 no error union based
MsSQL Blind
MySQL time based
MySQL union based
MySQL Blind
MySQL error based
MySQL time based
Oracle union based
Oracle error based
PostgreSQL union based
MsAccess union based
MsAccess Blind
Sybase (ASE)
Sybase (ASE) Blind
2. HTTPS Support
3. Proxy support
4. Automatic database detection
5. Automatic type detection (string or integer)
6. Automatic keyword detection (finding difference between the positive and negative response)
7. Trying different injection syntaxes
8. Options for replacing space by /**/,+,... against IDS or filters
9. Avoid using strings (magic_quotes similar filters bypass)
10. Manual injection syntax support
11. Manual queries with result
12. Bypassing illegal union
13. Full customizable http headers (like referer,user agent and ...)
14. Load cookie from site for authentication
15. Http Basic and Digest authentication
16. Injecting URL rewrite pages
17. Bypassing mod_security web application firewall and similar firewalls
18. Real time result
19. Guessing tables and columns in mysql<5 (also in blind) and MsAccess
20. Fast getting tables and columns for mysql
21. Executing SQL query in Oracle database
22. Getting one row in one request (all in one request)
23. Dumping data into file
24. Saving data as XML format
25. View every injection request sent by program
26. Enabling xp_cmdshell and remote desktop
27. Multi thread Admin page finder
28. Multi thread Online MD5 cracker
29. Getting DBMS Informations
30. Getting tables, columns and data
31. Command executation (mssql only)
32. Reading system files (mysql only)
33. insert/update/delete data

 


패킷 떠서 분석해봐야겠군요..후후후






 

The supervisor who spoke with me was not sure how this software ended up in the new laptop thus put me on hold. He confirmed that yes, Samsung did knowingly put this software on the laptop to, as he put it, "monitor the performance of the machine and to find out how it is being used."

번역하자면 고객지원 담당자는 이 소프트웨어(키로거)를 노트북에 포함하였으며, "기기의 성능을 모니터링하고 어떻게 사용하는지 파악하기 위해서"라고 이유를 설명했습니다.

이런 응대를 했던 직원은 당장 짤릴게 뻔하군요..

삼성에서는 확인 중이라고 하는데 어떤 결과가 나올지 대충 짐작은 갑니다.

"직원의 실수였다.."
"대화 중 의미가 와전된 것 같다.."
등등


머 아무튼 피바람 한번 불겠군요..

최근 코모도에서 해킹사건이 있었고 이를 통해 가짜 인증서가 발급되었었습니다.

Rogue SSL certificates ("case comodogate")
http://www.f-secure.com/weblog/archives/00002128.html


가짜로 발급된 인증서는 아래 사이트들에 접속할 때 영향을 받습니다.

mail.google.com (GMail)
login.live.com (Hotmail et al)
www.google.com
login.yahoo.com (three certificates)
login.skype.com
addons.mozilla.org (Firefox extensions)
"Global Trustee"

Phishing이나 MITM(Man in the Middle) 공격에 악용될 수 있다고 하는데요.


아래 그림은 가짜로 발급된 인증서와 정상 인증서 모습입니다. (가짜는 벌새님 블로그에서~)

가짜 인증서는 발급자가 UTN-USERFirst-Hardware로 되어 있다고 하니 위 사이트에 접속하셔서 확인하신 후

Microsoft에서 제공하는 긴급 업데이트를 적용하시면 되겠습니다.


Microsoft Security Advisory (2524375) - Fraudulent Digital Certificates Could Allow Spoofing
http://www.microsoft.com/technet/security/advisory/2524375.mspx

New Adobe Zero-Day [CVE-2011-0609]
2011/03/15 - [0x06 vul info] - New Adobe Zero-Day [CVE-2011-0609]



Security update available for Adobe Flash Player

http://www.adobe.com/support/security/bulletins/apsb11-05.html

SOLUTION

Adobe recommends all users of Adobe Flash Player 10.2.152.33 and earlier versions upgrade to the newest version 10.2.153.1 by downloading it from the Adobe Flash Player Download Center. Windows users can install the update via the auto-update mechanism within the product when prompted.

Users of Flash Player for Android version 10.1.106.16 and earlier can update to Flash Player version 10.2.156.12 by browsing to the Android Marketplace on an Android phone.

Google Chrome users can update to Chrome version 10.0.648.134 or later.

Adobe AIR 
Adobe recommends all users of Adobe AIR 2.5.1 and earlier versions update to the newest version 2.6 by downloading it from the Adobe AIR Download Center.

Security updates available for Adobe Reader and Acrobat

http://www.adobe.com/support/security/bulletins/apsb11-06.html

SOLUTION

Adobe recommends users update their software installations by following the instructions below:

Adobe Reader
Users on Windows and Macintosh can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.

Adobe Reader 9.x users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.

Adobe Reader users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.

Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011

Adobe Acrobat 
Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.

Acrobat Standard and Pro users on Windows can also find the appropriate update here: 
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows.

Acrobat Pro Extended users on Windows can also find the appropriate update here:http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows.

Acrobat Pro users on Macintosh can also find the appropriate update here: 
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.