Change your thought and the world around you changes.
Motivation I’ve started this little project since I was mainly interested in the data my smartphone is ending all the time without my knowledge. I have a bunch of apps installed on my phone and I have absolutely no ideea which (kind of) data is beeing transfered to the Internet all day long. I thought I’d be a great ideea to monitor/sniff my data interface (3G, Edge etc. NOT Wifi) for...
I really love Burp. Since I use it on a daily basis I thought there might be some way to automate it. Usually I mainly do these steps to scan some URL: Define scope Start manual exploring OR spider the URL in order to get some target map Activate passive scanning Activate live scanning Wait to the scan to finish Have a look at the results Save/export the results Well...
Introduction AltoroMutual is an vulnerable-by-design web application created by !WatchFire (now !AppScan Standard) as a demo test application for their !BlackBox Scanner. (Source:https://www.owasp.org/index.php/AltoroMutual) The demo can be found at http://demo.testfire.net/. This is not an usual wargame! I have simply not found an appropriate name for it.
Solution for level2: Here is the code:
|
1 2 3 4 5 6 7 8 9 10 |
#include <stdlib.h> #include <stdio.h> #include <sys/types.h> int main(int argc, char **argv) { char *args[] = { "/bin/tar", "cf", "/tmp/ownership.$$.tar", argv[1], argv[2], argv[3] }; execv(args[0], args); } |
Solution for http://www.overthewire.org/wargames/vortex/vortex1.shtml. Here’s the code they have used:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
#include #include #include #include #define e(); if(((unsigned int)ptr & 0xff000000)==0xca000000) { setresuid(geteuid(), geteuid(), geteuid()); execlp("/bin/sh", "sh", "-i", NULL); } void print(unsigned char *buf, int len) { int i; printf("[ "); for(i=0; i < len; i++) printf("%x ", buf[i]); printf(" ]\n"); } int main() { unsigned char buf[512]; unsigned char *ptr = buf + (sizeof(buf)/2); unsigned int x; while((x = getchar()) != EOF) { switch(x) { case '\n': print(buf, sizeof(buf)); continue; break; case '\\': ptr--; break; default: e(); if(ptr > buf + sizeof(buf)) continue; ptr++[0] = x; break; } } printf("All done\n"); } |
The executable was at /vortex/vortex1:
Description The 29th Chaos Communication Congress (29C3) is an annual four-day conference on technology, society and utopia. The Congress offers lectures and workshops on a multitude of topics including (but not limited to) information technology and generally a critical-creative attitude towards technology and the discussion about the effects of technological advances on society. For 29 years, the congress has been organized by the community and appreciates all kinds of participation....
I always knew DNS/ICMP traffic is mostly allowed and un-monitored. It was about time to setup some DNS server on my vServer which would allow me to break free! Thanks God there is iodine which allows you to route IP traffic over DNS. I was recently at some cafe and thought it would be a great ideea to test my configuration. I’ve setup the iodine server a few weeks before.This...
I was recently doing some hacks and realized that there must be a way to store gained information in a secure manner. I usually encrypt sensitive information (like passwords, accounts etc.) using GPG. But that’s quite unhandy: You always need your private key and the encrypted data is stored unencrypted on the device (unless you’re using full disk encryption which shouldn’t be a problem since data is stored encrypted on...
I’d recommend you all using some VPN to keep your identity safe and private. Here’s some setup:
|
1 2 3 4 |
$ pptpsetup --create vpnde --server pptp.freedevpn.com --username free --password --encrypt $ pptpsetup --create vpnca --server freecavpn.com --username free --password --encrypt $ pptpsetup --create vpnl --server freenlvpn.com --username free --password --encrypt $ pptpsetup --create vpnuk --server freeukvpn.com --username free --password --encrypt |
For the passwords have a look at freenlvpn.com, freedevpn.com, freeukvpn.com, freecavpn.com. The VPN passwords changes every 12 hours, so keep in mind to change whenever the authentication failes. Therefore have a look at /etc/ppp/chap-secrets. Just edit the password there and you’re ready to go. In order to activate the VPN connection you’ll...
Say NO to facebook and add these lines to /etc/firewall.user
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# This file is interpreted as shell script. # Put your custom $IPT rules here, they will # be executed with each firewall (re-)start. IPT=iptables NET_LAN=192.168.0.0/16 ... # facebook $IPT -I FORWARD -p tcp -m iprange --dst-range 66.220.144.0-66.220.159.255 --dport 443 -j DROP $IPT -I FORWARD -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 443 -j DROP $IPT -I FORWARD -p tcp -m iprange --dst-range 204.15.20.0-204.15.23.255 --dport 443 -j DROP $IPT -I FORWARD -p tcp -m iprange --dst-range 66.220.144.0-66.220.159.255 --dport 80 -j DROP $IPT -I FORWARD -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 80 -j DROP $IPT -I FORWARD -p tcp -m iprange --dst-range 204.15.20.0-204.15.23.255 --dport 80 -j DROP |
Run /etc/init.d/firewall restart and you're done!
I was recently playing around with D3 and discovered its dashboard posibilities. dashboarddude.com has a nice compilation of really fancy dashboards (I was mainly interested in D3 but voila… there are also other ways to do it).
When Random Isn’t Random Enough: Lessons from an Online Poker Exploit Technical Details Behind a 400Gbps NTP Amplification DDoS Attack Absolute Computatrace revisited Burp Co2 Porting Applications to 64bit ARM Price and Feature Comparison of Web Application Scanners GoLismero 2.0 Beta 3 vulnhub.com faces.io
Bitcoins the hard way: Using the raw Bitcoin protocol Modern Processors – A 90min guide The GSM security model Analyzing DarkComet in Memory Cryptography Breakthrough Could Make Software Unhackable Git tips from the trenches I Spent Two Hours Talking With the NSA’s Bigwigs. Here’s What Has Them Mad PRESS RELEASE: IRC NETWORKS UNDER SYSTEMATIC ATTACK FROM GOVERNMENTS Web server for Linux written in amd64 assembly.
How I lost my $50,000 Twitter username NSA BIOS Backdoor a.k.a. God Mode Malware Part 1: DEITYBOUNCE Step-by-Step Guide To Decompiling Android Apps Untraceable Blog Continuously jam all wifi clients and access points within range How to Decrypt OpenSSL Sessions using Wireshark and SSL Session Identifiers eduroam WiFi security audit or why it is broken by design Workstation Popcorn: How To Become Uber Productive While Working For Yourself Java-based malware...
Suterusu Rootkit: Inline Kernel Function Hooking on x86 and ARM Oldboot: the first bootkit on Android For the Love of Money Automated penetration testing in the Microsoft stack with OWASP ZAP TCP backdoor 32764 or how we could patch the Internet (or part of it ;)) 2013 Cyber Attacks Statistics (Summary) “Decebal” Point-of-Sale Malware – 400 lines of VBScript code from Romania, Researchers warns about evolution of threats and interests to modern...
InkTag: Secure Applications on an Untrusted Operating System Unicode Security Guide Hunting Botnets with ZMap EncFS Security Audit Hacking Tools Repository The Hacker Who Cracked the Code in Iron Man and The Social Network Operating System Tutorials The Jobless Ph.D. Generation ‘The Holy Book of Password’ by Aram Bartholl Reconstructing the Cryptanalytic Attack behind the Flame Malware ChewBacca – a new episode of Tor-based Malware Exclusive: Secret contract tied NSA...
Remote Code Execution exploit in WordPress 3.5.1 Dissection of Android malware MouaBad.P Linux: Keep An Eye On Your System With Glances Monitor A Forensic Overview of a Linux perlbot DNA seen through the eyes of a coder Infection of biological DNA with digital Computer Code Reversing and Exploiting ARM Binaries: rwthCTF Trafman OpenBSD Exploit mitigation techniques RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis
Phalanx 2 Revealed: Using Volatility to Analyze an Advanced Linux Rootkit How We Decoded Some Nasty Multi-Level Encoded Malware LAYER 7 DDOS ATTACKS: DETECTION & MITIGATION Bypassing Internet Explorer’s Anti-Cross Site Scripting Filter On the 1st of January, 1998, Bjarne Stroustrup gave an interview to the IEEE’s ‘Computer’ magazine. AnalyzePDF – Bringing the Dirt Up to the Surface The Difference Between Encoding, Encryption, and Hashing
Android Root Detection Techniques Shmoocon 2013 Playlist INSECURE Mag 40 A society of phone Zombies Encrypted peer-to-peer web application platform for decentralized, privacy-preserving applications The UNIX system family tree: Research and BSD Found: Hacker server storing two million pilfered passwords Burp/Zap plugin: generator script
If you got IP ranges in this layout: x.x.x.1-255, y.y.y.42-120 etc., you could easily use this code to generate full IP adresses without any ranges:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
ips = """ x.x.x.1-23 y.y.y.56-12 """ buf = StringIO.StringIO(ips) while True: line = buf.readline() if line == '': break else: import re m = re.search('(.*)\.(.*)\.(.*)\.(.*)', line) if m: ip_range = m.group(4).split('-') if len(ip_range) == 2: ip_addr = range(int(ip_range[0]), int(ip_range[1])+1) for i in ip_addr: print "%s.%s.%s.%s" % (m.group(1), m.group(2), m.group(3), i) else: print "%s.%s.%s.%s" % (m.group(1), m.group(2), m.group(3), m.group(4)) |
Recent Comments