Hi to all,
Inguma version 0.0.7.2 has been released. In this version I have added
new modules and exploits, fixed many, many, many bugs as well as
enhancing existing modules, such as the Oracle related stuff.
PyShellcodelib has been enhanced as well and now supports Mac OS X. But,
for the moment, just BSD syscalls. Mach syscalls implementation is on
the way. You will also notice that it is now object oriented as opossed
to the previous versions.
Among with the aforementioned changes, I'm releasing 5 new Oracle
modules: 4 modules for bugs fixed in the Critical Patch Update of
January 2008 and one skr1pT k1|>i3 like module for the Oracle PL/SQL
gateway flaw. Give to the module the target's address and port and run
"oragateway". The module will automagically guess the correct DAD and
bypass technique. After it an SQL terminal will be opened.
The new modules added to the framework are the following:
* nikto: A plugin that uses Nikto based databases (Thanks you Sullo!).
* archanix: As you may imagine, it gathers information from archaic Unix
* brutesmtp: A brute forcer for SMTP servers.
* anticrypt: A tool to guess the encryption algorithm of a password's
hash. It saves a lot of time when auditing passwords.
The following is the complete ChangeLog:
* Fixed bugs in almost all modules.
* Added support for command line history and autocompletion (whenever
readline is available).
* Fixed various oracle module documentation.
* Added the first version of "anticrypt", a tool to detect the
encryption algorithm used for a password hash. It saves a lot of time
when auditing a (guessable) algorithm.
* Added a Nikto plugin (Thanks you Sullo!).
* Added module "archanix". Usefull to check old Unix boxes.
* Many changes to PyShellcodelib (Thanks erg0t!).
* Added a brute forcer for SMTP servers.
* First release of the documentation by Andrew Brooks. Check the wiki
available at http://inguma.wiki.sourceforge.net/ (Many thanks Andrew!).
* Added 5 new Oracle exploit modules for CPUJAN2008.
* Updated the distributed Scapy version for both Windows and Unix
(Thanks you Dirk!).
Project web page