Oct 272013
 

This is a really simple fix which will block the user enumeration on a wordpress site (like the method by wpscan).

Before I get into this, I am very well aware of the IfIsEvil page on nginx wiki.  But it also says on this page, “The only 100% safe things which may be done inside if in location context are:  return and rewrite as the last statement in a location block”  With that in mind, we are going to use ONLY rewrite as the last statement in our location block.

Continue reading »

May 182013
 

A long time ago, I created a database to hold passwords and their respective hashes for some 16 various hash types.  It has approximately 310,261,848 passwords for each type and is growing nearly every day as more password lists become available.  I found a pretty quick way to generate the hashes for these wordlists and wanted to share how it is done.  These hashes only work with unsalted/unpeppered passwords.

First, lets look at my table schema, which is very simple and very effective.  It uses an index on the hash + password column so there can not be any two hashes+passwords that are the same.  The types table is a  simple lookup table that references data.type 1 to a name like DES.  The primary key is on the name column.  I don’t claim to be a db administrator so if you spot any errors, let me know.

Continue reading »

Jul 272012
 

Glastopf is a web application honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications.  The principle behind it is very simple:  Reply the correct response to the attacker exploiting the web application.

This article is mostly to cover the installation, setup, usage, etc

Installation

Continue reading »

Jul 092012
 

Backtrack has dbpwaudit in /pentest/database/dbpwaudit, however, it does not come with the java jar files required.  So, first you have to go download them.  The easiest way I found out to do that is by simply searching for the aliases and then googling them.  You can get the aliases with the -L option:

user@HOST:/pentest/database/dbpwaudit$ ./dbpwaudit.sh -L
DBPwAudit v0.8 by Patrik Karlsson <patrik@cqure.net>
----------------------------------------------------
Oracle - oracle.jdbc.driver.OracleDriver
MySQL - com.mysql.jdbc.Driver
MSSql - com.microsoft.sqlserver.jdbc.SQLServerDriver
DB2 - com.ibm.db2.jcc.DB2Driver

Continue reading »

Jun 132012
 

I love tweetdeck, so imagine my surprise when Adobe decided to not support AIR on linux anymore.  So until today, I had still been using the native adobe air version of tweetdeck on linux.  Yesterday though, tweetdeck would randomly lock up.  Today, it wouldn’t post or anything so I set out to install the windows version on linux using wine.  Its actually pretty damn easy and so far, no problems.

This is how you do it in 5 steps or less in ubuntu’ish linux:

Continue reading »

May 252012
 

I do things the easiest way that gets the job done.  Someone asked me recently about mounting a shared windows drive in Linux from bash.  They stated they normally mount it through dolphin using:

smb://username:password@ip_address/SHARED_DRIVE

That works until you need to copy files via rsync or some other bash method.  The solution is actually very simple:

mount -t cifs //ip_address/SHARED_DRIVE /mnt/directory -o user=username,password=user_password_on_windows_share,uid=500,gid=500

Just be sure you replace uid=500 with the users id in linux and gid=500 with the users group id in linux in order to be able to write files/directories with the proper permissions.  Of course the mount directory, /mnt/directory, also must exist.

If you get an error about “mount error(12): Cannot Allocate Memory

the fix is:

Edit the windows registry

Set “HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\LargeSystemCache” to “1″.
 
Set “HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\Size” to “3″.
 
Restart the “server” service.

Feb 112012
 

Lets face it, John the Ripper has been around a long time and the reason its been around a long time is because its damn good at cracking passwords.  Yea, hashcat and oclhashcat are great for gpu cracking, but it doesn’t support as many algorithms as JTR.  So, imagine my surprise when I fire up John The Ripper on backtrack 5 64 bit and find out it is using a single CPU.  That is letting a potential 75% of my system sit there wanting to do something.  Luckily the fix is easier than fixing a sandwich.

If you already have jtr installed, you may want to see my john tips article.

First, lets grab the jumbo sourcecode….

Continue reading »

Oct 112011
 

….I can assure you, if I can’t do it in bash, it doesn’t need to be done…..the other side of the argument was, well, bash isn’t multi-threaded…..hahahahaha …..really??? Run this……

#!/bin/bash
 
set -m # Enable Job Control
trap '' 2 # disable ctrl + c so you can't stop this bitch
rand=${RANDOM} # lets find some big random number
 
let POWEROFTWO=${rand}**2 # and since its not big enough, make it ^2
 
	for i in `seq ${POWEROFTWO}`; do # start HUGE num jobs in parallel
		echo "99999999999^99999999999" | bc
		sleep 1 &
	done
 
# Wait FOREVER for jobs to finish cause you can't stop me now nemo
while [ 1 ]; do fg 2> /dev/null; [ $? == 1 ] && break; done

May 182011
 
openvas gsd interface

So backtrack 5 still using the older openvas-2 series and I actually like the newer version.  So here are the instructions on getting the latest version installed. This will install these versions: openvas libraries 4.0.5-1; openvas scanner 3.2.4-1; openvas client 3.0; openvas manager 2.0.4-1; openvas admin 1.1.1-1; gsa 2.0.1-1; gsd 1.2.0-1; openvas cli 1.1.2-1 as packaged by the opensuse build service.

 

NOTE: June 23, 2011 — if the version numbers have changed, you can browse the repository address and update this document accordingly.  Also, yes, this does work on my bt5 install on three different systems.  I am installing on a 4th system now and will update the steps because I think I may have left 1 or 2 out.

Continue reading »

May 052011
 

Did you ever wish you could start certain scripts only when you are bringing the network up and then stop them when bring the network down?

For the longest time, I was using wicd to manage network connections.  At some point and time I decided to take a look at NetworkManager.

Using network manager, you can use the dispatcher to run scripts based on network connection, runlevel, etc.

This is how I got it working in gentoo linux and a few example scripts.

Continue reading »