Difference between revisions of "Kolkata"
(11 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
− | {{ | + | {{social}} |
− | + | {{main|Web exploitation tools}} | |
+ | '''Kolkata''' is a [[web applications|web application]] fingerprinting engine written in [[Perl]] that combines [[cryptography]] with [[IDS]] evasion. Kolkata uses session splicing for IDS evasion and configurable [[Cryptography|checksums]] of static files in order to determine the version of a [[web applications|web application]]. | ||
− | = | + | <font size="-2">Special thanks to [[User:fxm|fxm]] and [[User:hatter|hatter]] for their contributions to this article.</font> |
− | + | ||
==Dependencies== | ==Dependencies== | ||
+ | |||
* LibWhisker2 - This comes bundled in the tarball, with nikto, and a variety of other tools on this site. | * LibWhisker2 - This comes bundled in the tarball, with nikto, and a variety of other tools on this site. | ||
* YAML::XS - Install with cpan in bash (cpan -i YAML::XS) | * YAML::XS - Install with cpan in bash (cpan -i YAML::XS) | ||
==Usage== | ==Usage== | ||
+ | |||
kolkata.pl -d domain.tld [-v -p [remote_path_to_web_application]] | kolkata.pl -d domain.tld [-v -p [remote_path_to_web_application]] | ||
* '''kolkata''' requires a directory called ''sigs'' in its directory | * '''kolkata''' requires a directory called ''sigs'' in its directory | ||
* The sigs directory must contain [[#Signature_Bundles|properly formatted yml files]] with [[cryptography|checksums]]. | * The sigs directory must contain [[#Signature_Bundles|properly formatted yml files]] with [[cryptography|checksums]]. | ||
− | =Source= | + | ==Source== |
− | * Download : http://www. | + | |
+ | * Download : http://www.blackhatlibrary.net/releases/kolkata.tgz | ||
{{code|text=<syntaxhighlight lang="perl"> | {{code|text=<syntaxhighlight lang="perl"> | ||
#!/usr/bin/perl | #!/usr/bin/perl | ||
− | # @url http://www.blackhatacademy. | + | # @url http://www.blackhatacademy.net/ |
# @author fxm+hatter | # @author fxm+hatter | ||
use strict; | use strict; | ||
Line 98: | Line 101: | ||
</syntaxhighlight>}} | </syntaxhighlight>}} | ||
− | =Signature Bundles= | + | ==Signature Bundles== |
+ | |||
{{info|Each signature bundle is written in yaml.}} | {{info|Each signature bundle is written in yaml.}} | ||
− | ==Wordpress== | + | |
+ | ===Wordpress=== | ||
* '''sigs/wordpress.yml''' | * '''sigs/wordpress.yml''' | ||
<pre> | <pre> | ||
Line 134: | Line 139: | ||
</pre> | </pre> | ||
− | ==Joomla== | + | ===Joomla=== |
* '''sigs/joomla.yml''' | * '''sigs/joomla.yml''' | ||
<pre> | <pre> | ||
Line 159: | Line 164: | ||
</pre> | </pre> | ||
− | ==MediaWiki== | + | ===MediaWiki=== |
* '''sigs/mediawiki.yml''' | * '''sigs/mediawiki.yml''' | ||
<pre> | <pre> | ||
Line 181: | Line 186: | ||
1.9.4: 24b79f325b32661fd24c93d7d2e8ccef | 1.9.4: 24b79f325b32661fd24c93d7d2e8ccef | ||
</pre> | </pre> | ||
+ | |||
+ | |||
+ | = Download = | ||
+ | |||
+ | * '''Download URL''': http://www.blackhatlibrary.net/releases/kolkata.tgz | ||
+ | |||
+ | |||
{{InHouse}} | {{InHouse}} | ||
{{social}} | {{social}} | ||
+ | [[Category:Web exploitation]] |
Latest revision as of 08:33, 21 April 2013
- Main article: Web exploitation tools
Kolkata is a web application fingerprinting engine written in Perl that combines cryptography with IDS evasion. Kolkata uses session splicing for IDS evasion and configurable checksums of static files in order to determine the version of a web application.
Special thanks to fxm and hatter for their contributions to this article.
Contents
Dependencies
- LibWhisker2 - This comes bundled in the tarball, with nikto, and a variety of other tools on this site.
- YAML::XS - Install with cpan in bash (cpan -i YAML::XS)
Usage
kolkata.pl -d domain.tld [-v -p [remote_path_to_web_application]]
- kolkata requires a directory called sigs in its directory
- The sigs directory must contain properly formatted yml files with checksums.
Source
<syntaxhighlight lang="perl">
use strict; use YAML; use YAML::XS; use Digest::MD5 qw(md5_hex); use LW2; use Getopt::Std; my @apps; my %opts; getopts('c:p:d:v', \%opts); usage() unless $opts{d}; my $domain = $opts{d}; my $verbose = 0; $verbose = 1 if $opts{v}; my $path = ; $path = $opts{p} if ($opts{p});
opendir(SIGDIR, "./sigs/") or die $!; my @filenames = grep { /\.yml$/ && -f "./sigs/$_" } readdir(SIGDIR); my $i = 0; foreach my $file (@filenames) { $apps[$i] = YAML::XS::LoadFile("./sigs/$file"); $i++; }
print "Downloading " . $path . $app->{'config'}->{'check_file'} . " to check for " . $app->{'config'}->{'app_name'} . "\n"; my $contents = download($path . $app->{'config'}->{'check_file'}, $domain); my $target_md5 = md5_hex($contents); foreach my $sig (keys %{$app->{'sigs' |
print "Comparing $target_md5 with " . $app->{'sigs'}->{$sig} . " for " . $app->{'config'}->{'app_name'} . " " . $sig . " detection.\n" if ($verbose > 0); die($app->{'config'}->{'app_name'} . " version " . $sig ."\n") if ($app->{'sigs'}->{$sig} eq $target_md5); }
}
sub usage {
print "kolkata.pl -d domain.tld [-v -p [remote_path_to_web_application]]\n"; exit(0);
}
sub download {
my $uri = shift; my $try = 5; my $host = shift; my %request; my %response; LW2::http_init_request(\%request); $request{'whisker'}->{'method'} = "GET"; $request{'whisker'}->{'host'} = $host; $request{'whisker'}->{'uri'} = $uri; $request{'whisker'}->{'encode_anti_ids'} = 9; $request{'User-Agent'} = "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10"; LW2::http_fixup_request(\%request); if(LW2::http_do_request(\%request, \%response)) { if($try < 5) { print "Failed to fetch $uri on try $try. Retrying...\n"; return undef if(!download($uri, $try++)); } print "Failed to fetch $uri.\n"; return undef; } else { return ($response{'whisker'}->{'data'}, $response{'whisker'}->{'data'}); }
}
</syntaxhighlight>}}
Signature Bundles
Each signature bundle is written in yaml. |
Wordpress
- sigs/wordpress.yml
--- config: app_name: Wordpress check_file: /wp-includes/js/tinymce/tiny_mce.js sigs: 2.0: a306a72ce0f250e5f67132dc6bcb2ccb 2.1: 4f04728cb4631a553c4266c14b9846aa 2.2: 25e1e78d5b0c221e98e14c6e8c62084f 2.3: 83c83d0f0a71bd57c320d93e59991c53 2.5: 7293453cf0ff5a9a4cfe8cebd5b5a71a 2.6: 61740709537bd19fb6e03b7e11eb8812 2.7: e6bbc53a727f3af003af272fd229b0b2 2.8.5: 56c606da29ea9b8f8d823eeab8038ee8 2.9.1: 128e75ed19d49a94a771586bf83265ec 3.0.0: 128e75ed19d49a94a771586bf83265ec 3.0.1: 0711a6aa3862ac0dd2f9ef1a3d26f809 3.0.2: 0711a6aa3862ac0dd2f9ef1a3d26f809 3.0.3: 0711a6aa3862ac0dd2f9ef1a3d26f809 3.0.4: 0711a6aa3862ac0dd2f9ef1a3d26f809 3.0.5: 0711a6aa3862ac0dd2f9ef1a3d26f809 3.0.6: 0711a6aa3862ac0dd2f9ef1a3d26f809 3.1: c67211f73b63e773e626127aa95338c2 3.1.1: 1786644689f0495f07d5ae1737395108 3.1.2: 1786644689f0495f07d5ae1737395108 3.1.3: 1786644689f0495f07d5ae1737395108 3.1.4: 1786644689f0495f07d5ae1737395108 3.2: b2c6b6d221c816948248b453046355eb 3.2.1: b2c6b6d221c816948248b453046355eb 3.3.1: 9754385dabfc67c8b6d49ad4acba25c3
Joomla
- sigs/joomla.yml
--- config: app_name: Joomla check_file: /includes/js/joomla.javascript.js sigs: 1.0.11: 1d28094f16c310591b855982759bc992 1.0.14: 9570ccaab7cdac45e6727740515ce69a 1.0.15: 9570ccaab7cdac45e6727740515ce69a 1.0.4: 1080567bb801a301e3be618805a55125 1.0.6: 1080567bb801a301e3be618805a55125 1.0.8: 222ab5eb9cb8136619053a4f8358b9a5 1.5.1: b891f61dc9b85a9193592c9d13e9c97a 1.5.10: 326412fc179cb787500adffada69c4e7 1.5.11: 326412fc179cb787500adffada69c4e7 1.5.14: 326412fc179cb787500adffada69c4e7 1.5.15: 326412fc179cb787500adffada69c4e7 1.5.4: 326412fc179cb787500adffada69c4e7 1.5.5: 326412fc179cb787500adffada69c4e7 1.5.8: 326412fc179cb787500adffada69c4e7 1.5.9: 326412fc179cb787500adffada69c4e7
MediaWiki
- sigs/mediawiki.yml
--- config: app_name: MediaWiki check_file: /skins/simple/main.css sigs: 1.10.0: 31ef23cbcdf689bd68d957ae0d8b8a19 1.10.2: 31ef23cbcdf689bd68d957ae0d8b8a19 1.10.3: 31ef23cbcdf689bd68d957ae0d8b8a19 1.13.0: 6781b4412fbc451b792c4cdc88b0a1fa 1.13.5: 6781b4412fbc451b792c4cdc88b0a1fa 1.14.0: 846eec3b6696476a79548b82bf48e492 1.14.1: 846eec3b6696476a79548b82bf48e492 1.15.1: b6301262680144f1709d995a6c097db8 1.5.2: 2fb3891102f9fe2d37a4bdb47b8f42de 1.5.8: 2fb3891102f9fe2d37a4bdb47b8f42de 1.8.2: 5d52c4473189e70e4878a5a7b38e3a82 1.9.2: 24b79f325b32661fd24c93d7d2e8ccef 1.9.4: 24b79f325b32661fd24c93d7d2e8ccef
Download
- Download URL: http://www.blackhatlibrary.net/releases/kolkata.tgz
|