As mentioned by Ketchup in

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,4586.msg22191/topicseen,1,1/

websecurify has the ability to login to the web application before testing. I didn't see the login link underneath the URL input field.

I can only speak for OSCP and it kicks ass! I highly recommend it.

Hey! thanks for your speedy response. I will download the official version and hopefully in the future websecurify will work against dvwa.

Keep up the good work. DVWA is a nice piece of work. Thanks again.

Morningstar Security News is a security news meta aggregator. Its pretty decent. However, I would like that they include the Diary from the Internet Storm Center (SANS) and even EH.net in order to have all my security news in one page.

A new web app security tool created by the people at gnucitizen.com. Check it out:

websecurify 0.3

Downloaded for the purpose to test websecurify. It looks nice and instrumental in learning web application security.

I'm not sure if the XSS reflected section was or was not intentionally left out since I know you are still working on this version but just in case I wanted to let you know.

And another thing, I saw it some where on the web that you have tested websecurify and I wanted to know if you used it against dvwa. I tried it but it appears that this tool needs to authenticate to dvwa to fully test it. There's no way to add login information to websecurify unless its possible to add it to the URL. Any tips you can provide? Thanks.

Jakinne, try a little bit harder, its easier than you think. I did the challenge, I just have to write out the answers and submit it. I had a fun time doing it.

I would like a copy.

Hey chrisj, check this perl script out for extracting Office 2007 Metadata:

read_open_xml.pl

The script works, I tried against the docx file from the evidence pcap and it gave me some info such as the name of the file creator, creation and modify timestamp. Thats some cool info that you can include in your network forensic report.

You don't need the script to get this info but its quicker.

More cheat sheets for security admins. I got this from BlackHat twitter feed:

What’s in Your Folder: Security Cheat Sheets

Available tools on the Internet for the purpose of extracting files from packet dumps:

NetworkMiner

Xplico

TcpXtract

And to do it manually using WireShark and a Hex editor check out the following blog:

Pulling binaries from pcaps

Enjoy!

Nice, thanks for the info.

There's nothing wrong searching the magic number via Google. This is exactly what I did.

I was able to reconstruct the docx using wireshark and a Hex editor. My md5 hash matches with the one posted in SANS commentaries. The tool tcpxtract help me a lot because I was able to extract the recipe contents and made me realize that the files extracted were zipped XML. This enticed me to research on the docx office 2007 format and such.

It was a cool challenge, to bad that someone posted his answers to SANs. Overall a good learning experience.

Oh yeah, in tcpxtract there's a config file where you can add new signatures. I don't know if docx is included, got to check that out. If not, I'm going to try to create a signature and add it to the config file to see if it works.

It worked for me as well, I was able to get the files, now I just need to properly assemble it to calculate the hash and so forth. Have you accomplish this?

Hey, btw, are you doing the challenge that was posted in SANS?

Network Forensics Puzzle Contest

Because I am and basically I have answered almost all of their questions. The only thing I need is to reconstruct the doc file from the dump file.

I found this tool (tcpxtract) which is used for extracting files from network traffic based on file signatures including Word Documents. I haven't tried yet... I have to wait when I get home or over the weekend but try it and let me know if it works.

Hope this helps.