Inguma version 0.0.7.2 has been released. In this version I have added new modules and exploits, fixed many, many, many bugs as well as enhancing existing modules, such as the Oracle related stuff.
PyShellcodelib has been enhanced as well and now supports Mac OS X. But, for the moment, just BSD syscalls. Mach syscalls implementation is on the way. You will also notice that it is now object oriented as opossed to the previous versions.
Among with the aforementioned changes, I'm releasing 5 new Oracle modules: 4 modules for bugs fixed in the Critical Patch Update of January 2008 and one skr1pT k1|>i3 like module for the Oracle PL/SQL gateway flaw. Give to the module the target's address and port and run "oragateway". The module will automagically guess the correct DAD and bypass technique. After it an SQL terminal will be opened.
The new modules added to the framework are the following:
* nikto: A plugin that uses Nikto based databases (Thanks you Sullo!).
* archanix: As you may imagine, it gathers information from archaic Unix services.
* brutesmtp: A brute forcer for SMTP servers.
* anticrypt: A tool to guess the encryption algorithm of a password's hash. It saves
a lot of time when auditing passwords.
The following is the complete ChangeLog:
* Fixed bugs in almost all modules.
* Added support for command line history and autocompletion (whenever
readline is available).
* Fixed various oracle module documentation.
* Added the first version of "anticrypt", a tool to detect the encryption
algorithm used for a password hash. It saves a lot of time when auditing
a (guessable) algorithm.
* Added a Nikto plugin (Thanks you Sullo!).
* Added module "archanix". Usefull to check old Unix boxes.
* Many changes to PyShellcodelib (Thanks erg0t!).
* Added a brute forcer for SMTP servers.
* First release of the documentation by Andrew Brooks. Check the wiki
available at http://inguma.wiki.sourceforge.net/ (Many thanks Andrew!).
* Added 5 new Oracle exploit modules for CPUJAN2008.
* Updated the distributed Scapy version for both Windows and Unix (Thanks
Log in to post a comment.