e-axe`s small home :: blog
-------------------------------------------------------------------------
menu :: blog | projects | books | wishlists | about
-------------------------------------------------------------------------
"new" pics online... [Thu Jun 11 00:09:18 CEST 2009]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
well, yes, i just uploaded some new images! ;)
take a close look at the vegas_08/ pics - then you will be able to get
free internet access and to own the tv control machine of the las vegas
hilton...
http://mytty.org/pics/
have fun,
e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
how to "recover" check point passwords... [Wed Apr 29 18:06:11 CEST 2009]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
dear visitor :)
i just wrote a small tool which generates a shadow like file out
of the check point fw1 (this might also work for other check point devices)
firewall authentication file (fwauth.ndb). the file is normally located
within the conf/ or database/ directory on the device and consists of
printable and non printable characters.
the passwords for the users managed by the device are stored in there
in 3des format.
http://mytty.org/nopaste/?pid=436
what you can do with the generated output? hmm... JTR?!
so long,
e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
the "404 file not found" problem... [Sat Mar 28 23:50:00 CET 2009]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
some of you might be already stumbled over the so called
"404 file not found" problem - which means, the webserver (oh, in some
cases it is the application itself by modifying the http header) sends
back a "200 OK" with the 404 error inside the content. or, which i have
seen even more often, you get an "302 Moved" back which redirects
to a custom 404 page.
well, the problem with this is, that a lot of crawling and security
tools are relying on the http status codes! which in case means, that
those tools think, that the requested resource is existent even if its
not! this brings in a lot of false positives.
i thought about on how to solve this "problem" and came to some
solutions. today, i will share one of them with you:
http://mytty.org/nopaste/?pid=427
execute it like this: ruby SCRIPT www.THE-DOMAIN.org "/resource1.html" "/resource/2.html" "/foobar/"
the script will perform a check if those pages of the given domain
are existent or not by fetching 10 "not existing pages" and
calculating the average size of the response bodys. then it fetches
the given resources and checks if the body sizes are equal
(+- a few bytes; this maybe need to be adjusted (can partly be done
automatically!)). this method could be used if you stumble over a
webserver/application answering with "200 OK 404 not found" pages ;)
your feedback is very welcome!
so long,
e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
extract FQDNs, IPs and CNAMEs from zonefiles... [Sat Feb 7 23:21:42 CET 2009]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
just a quick release of a script a wrote some years ago:
http://mytty.org/nopaste/?pid=406
you can use it to extract all FQDNs (the script will assamble
those with the help of the hostnames/subdomains and the
root domain in the zonefile), IPs and CNAMEs out of bind
zonefiles.
it can be really useful... :)
so long,
e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fspy starts getting popular... [Sat Feb 7 22:39:38 CET 2009]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
in the last few weeks i received a lot of emails from people
who are going to add fspy to the repositories of different linux
distributions.
chances are good that you can install fspy on your famous
distro by just using the default package managing tools :)
i am aware of fedora core, debian and ubuntu packages builded and
added to those package trees... and i am realy happy to see that
it is useful...
thanks to all of you!
so long,
e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I want your routers! [Wed Dec 31 13:26:29 CET 2008]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
for my current project, which is about upnp (universal plug and play)
security, i am looking for upnp enabled devices. if you own a upnp
enabled device you no longer need (e.g. your old DSL router) and you
are willing to donate it to a security project, please get in touch
with me!
thanks,
e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FSpy - just released [Mon Dec 29 14:09:44 CET 2008]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
i just gave a quick talk about filesystem monitoring with
a tool called fspy - on the 25c3.
enjoy:
project page -> http://mytty.org/fspy/
slides -> http://www.mytty.org/fspy_25c3_richard-sammet.pdf
so long,
e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
spygame! [Tue Sep 30 22:00:10 CEST 2008]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hi there,
just in case you want to log the passwords of invalid ssh
login attempts: nopaste_snipped
if you also want to log successful logins you should drop
the ^if(* line...
so long,
e-axe
ps. yes, it will be logged to your regular logfile
(in most cases /var/log/messages)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
when the sub, versions... [Fri Aug 22 08:08:34 CEST 2008]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hi all ... (whom?)
as a regular kisgearth junky (if there are any) you should have
already noticed the latest changes in the TRUNK of the svn.
they might be really helpfull to make the network/ap position calculation
much more reliable.
if you have not checked it out already, DO IT - NOW! ;)
so long,
e-axe
ps. have a look at the -s/--use-signal option...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
some nse scripts... [Tue Jul 22 09:07:04 CEST 2008]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hi there... (where?)
i finaly decided to release two nmap scripts (nse) which might
be helpful in one or another situation:
http://mytty.org/nopaste/?pid=380
http://mytty.org/nopaste/?pid=381
the first one is meant to check webservers for allowed HTTP-Options
at least for some well known (ok, i just guess them) resources.
the second script is a modification of one of Kris Katterjohn's
scripts which checks webservers for the HTTP TRACE method and
if it's exploitable.
so long,
e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
my pics are back online... [Tue Jul 22 08:53:06 CEST 2008]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
the topic does not lie! ;)
i pushed my pictures back online... at least some of them.
enjoy: http://mytty.org/pics/
so long,
e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
unxor it easy - as well... [Sat Jul 12 18:01:23 CEST 2008]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
as some guys asked my about the "real" security of a simple xor
encrypted file, i decided to lighten the dark a little bit ;)
and the best way to show you on how easy it could be to "crack"
a simple xored file is by example:
http://mytty.org/nopaste/?pid=378
use it like that: ./crack_xor encrypted_PNG_image
with the help of this little tool you will be able to get down
to the encryption key (up to eight chars - could be changed within the
sourcecode) of any encrypted PNG image file. and, it will just take
a few micro seconds.
this attack type could be called a clear text attack. so, if you know
which kind of file or data is encrypted, than you can easily
crack a simple xor encryption...
as i mentioned in my last post, its just a temporary quick and dirty
solution if you have nothing else available.
so long,
e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
xor it easy... [Tue Jul 8 20:45:17 CEST 2008]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
just a quick, first, "content enabled", blog entry for this time...
if you have the need to store some data on a friends/family/customer
machine but you do not have any encryption software available:
http://mytty.org/nopaste/?pid=377
use it like that: cat secret_file.dat | ./xor hidden_k3y > secret_file.enc
do the same thing to decrypt it...
it works pretty well... and yeah, i did not implement any error
or security checks!
so long,
e-axe
ps. for all those lazy fools out there -> do not forget to clear
your shell history or exit the shell the right way (kill -9 $$)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
this one is back ;) [Wed May 28 14:33:52 CEST 2008]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hey out there!
as you may have noticed right now, my small private site is back
out of the dirty grounds of the www. i am currently working on getting
my project pages and the remaining parts of this site back online.
stay tuned, there will be more in the future... ;)
e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hosted by ghost-home