Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Tuesday, September 17, 2019

Azure configuration Check (part 1)

Part 1: Use azucar tool

Azucar is a multi-threaded plugin-based tool to help assess the security of Azure Cloud environment subscription. By leveraging the Azure API , Azucar automatically gathers a variety of configuration data and analyses all data relating to a particular subscription in order to determine security risks.

The script will not change or modify any asset deployed in the Azure subscription.
More details on https://github.com/nccgroup/azucar/

Requirement:


  1. Windows 10, 1903
  2. An Azure read-only account
  3. Excel 2016 if you want to export excel format report

Steps


  1. Download and install Git for Windows from https://gitforwindows.org/ using default options. If you have git installed on your system, you can skip this step.
  2. Run a command line window. On your folder, run command: git clone https://github.com/nccgroup/azucar.git
  3. Run a powershell window as administrator, go to the “azucar” folder.
  4. Run command “$psversiontable”, make sure the powershell version is 3.x
  5. Run command: “Get-ChildItem -Recurse c:\tools\azucar | Unblock-File” to unblock the files
  6. Run command “.\Azucar.ps1 -ExportTo EXCEL,CSV,XML,JSON -Verbose -Instance AzureCloud -Analysis All”. it will popup a window to ask you to sign in.
  7. Enter the Azure email and password. Click “sign in” button. Select the Subscription and click “OK” button. 
  8. Wait until the analysis process ended, you can find the reports on folder “azucar\report”

References:


  1. https://github.com/nccgroup/azucar/
  2. https://gitforwindows.org/


Sunday, October 4, 2015

Default Webcam Username & Passwords

  • ACTiadmin/123456 or Admin/123456
  • Axis (traditional)root/pass,
  • Axis (new): requires password creation during first login
  • Cisco: No default password, requires creation during first login
  • Grandstreamadmin/admin
  • IQinVisionroot/system
  • Mobotixadmin/meinsm
  • Panasonicadmin/12345
  • Samsung Electronicsroot/root or admin/4321
  • Samsung Techwin (old)admin/1111111
  • Samsung Techwin (new)admin/4321
  • Sonyadmin/admin
  • TRENDnetadmin/admin
  • Toshibaroot/ikwd
  • Vivotekroot/<blank>
  • WebcamXPadmin/ <blank>
Search for Webcams on https://www.shodan.io/

  • webcamxp country:US          
  • WebcamXP city:"Chicago"
  • webcam port:81
  • webcam net:123.123.123.0/24    ---Filter by IP

Tuesday, April 22, 2014

Use NMAP to detect OPENSSL heartbleeding vulnerability

NMAP 6.46 (http://nmap.org/download.html) includes the openssl heartbleed script:


To use it, below is a sample command:
nmap -sV -v -p 0-65535 --script=ssl-heartbleed -iL ./hosts.txt -oX ./result.xml
Parameter description:
-sV: Probe open ports to determine service/version info
-v: Increase verbosity level
-iL : Input from list of hosts/networks
-oX: output scan in XML format.
A sample output as below:



If for some reason, you cannot install nmap 6.46, you can manually download ssl-heartbleed.nse from http://nmap.org/nsedoc/scripts/ssl-heartbleed.html and put it in the NMAP scripts folder. You may need tls library to run the heartbleed script. Download it from http://nmap.org/nsedoc/lib/tls.html and put it in NMAP nselib folder.