Inguma 0.0.6 Released

From: Joxean Koret <joxeankoret@xxxxxxxx>
Date: Mon, 26 Nov 2007 19:13:50 +0100

Hi to all,

Inguma version 0.0.6 have been released. In this new version I added
many modules as well as enhanced existent ones as, in example, the
Oracle modules. The Oracle payloads now uses the Cursor Injection method
when possible so CREATE PROCEDURE system privilege is not needed to
become DBA.

The support for InlineEgg, added in version 0.0.5.1, have been removed
and a new completely free library have been added: PyShellCodeLib.
Currently, the library supports Linux and OpenBSD x86 based shellcodes.
*INITIAL* version.

The static analysis framework OpenDis have been enhanced and now you can
use the API exposed by OpenDis to write your own binary static analysis
tools. As an example of the API, a tool to make binary diffs have been
added. Take a look to the file $INGUMA_DIR/dis/asmdiff.py and to the
README stored in the same directory.

New 5 exploits for Oracle Databases have been added and the module
"sidguess" have been enhanced to retrieve the SID of the database
instance from the Enterprise Manager/Database Control banner when
possible.

The new modules added to the discover, gather and brute sections are the
following:

brutehttp: A brute forcer for HTTP servers.
extip : A tool to known your external IP address. Very usefull to
check anonymous proxies, i.e.
nmbstat : A tool to gather NetBIOS information.
ipscan : A tool to make IP protocol scans. The tool check what IP
protocols are enabled in the target.
arppoison: A tool to poison target's ARP cache

Download
http://sourceforge.net/project/platformdownload.php?group_id=188246

Web Page
http://inguma.sourceforge.net

Project web page
http://sourceforge.net/projects/inguma

Complete ChangeLog
http://sourceforge.net/project/shownotes.php?release_id=557099&group_id=188246

Regards,
Joxean Koret

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- FireCAT 1.3 Firefox Catalog of Auditing exTensions released
  - From: SD List

Prev by Date: VOIP Pen TEST
Next by Date: Re: FAX virus
Previous by thread: Pen Test Success Factors
Next by thread: FireCAT 1.3 Firefox Catalog of Auditing exTensions released
Index(es):
- Date
- Thread

Relevant Pages

[Full-disclosure] Oracle DBMS - Access Control Bypass in Login
... Clients use a protocol called TNS to communicate to the Oracle server. ... Protocol messages are used for session setup, authentication and data transfer. ... size=3>The authentication part of the protocol is comprised of two steps, including two different client requests and two server responses respectively. ...
(Full-Disclosure)
Re: Problems with protocol NMP in Linux + Oracle 10g
... Why are you attempting to use the Named Pipe protocol? ... want a connection between the client and the database server using TCP/IP ... Please consider purchasing the O'Reilly book 'Oracle Essentials' (found at ...
(comp.databases.oracle.misc)
Re: Unable to connect to Oracle 9i database via Oracle 6i Developer
... Forms Developer and Forms Server 6i on a stand-alone PC ... running on Windows XP Pro but cannot connect to my Oracle databases via ... (PROTOCOL = BEQ) ...
(comp.databases.oracle.tools)
Re: htp "301 Moved Permanently"
... HTP is part of Oracle, ... Also there is no such thing as 'htp': there is a HTTP protocol, ... There is an Apache HTTP server, which is usually referred to as HTTPD. ...
(comp.databases.oracle.server)