Irregular Expressions


November 17, 2012  1:13 AM

IVR’s



Posted by: Dan O'Connor

I have to admit, I hate going through IVR’s. My guess is you won’t find someone that does say they do.

“oh goodness they updated there menu options and I should listen to the whole message” said no one ever.

What I really don’t like doing is using those voice activated systems, the one that wants you to say what you want and constantly reminds you that you can resolve your own problem on the internet.

Then there is this site, I love this site.

http://www.fastcustomer.com/

Why wait on the phone when they can call you when they are ready?

November 13, 2012  11:07 PM

Adding new exploits to Metasploit



Posted by: Dan O'Connor

So you have downloaded a new exploit and of course need to test your defenses to make sure the exploit will get stopped. So how do you do it?

In most cases you will find everything you need already inside of the MSF, but if you do need to add something it’s very simple.

After your first launch of the MSF it will create a hidden directory in your home directory, this will be called .msf4 ( at least with this version ). This is where your added exploits will go, but you need to create some structure so it’s able to find it.

I grabbed this one as an example, (this may or may not be in there already, I just got it for an example.)
http://www.exploit-db.com/exploits/22657/

The key line that we are looking for is;
class Metasploit3 < Msf::Exploit::Remote

This tells us what we need to create, under modules do;
mkdir -p exploit/remote

Then put your new exploit in there, vi works good with a copy and paste.
vi name.rb

Ta-da, next time you load up you should have one more to use.


November 13, 2012  10:41 PM

Google Transparency Report



Posted by: Dan O'Connor

Lots of statistics and a bit of commentary, I have apparently been looking at this for thirty minutes now.

http://www.google.com/transparencyreport/userdatarequests/

I am surprised by a few sets numbers. First I am surprised by the number of requests from the US, I thought it was a little high. I am not sure how much of that was agreements with other countries, but it does seem high. If you work it out over a year they made twenty one requests per day. With a very high compliance rate.

Another was Canada, fifty. Fifty in total, with a 24% compliance rate. I wonder of the US lawyers write better letters?


November 11, 2012  11:13 PM

Sophos Attacks



Posted by: Dan O'Connor

There was a whole list of attacks published against Sophos Anti-Virus a little while ago.

In my opinion none of the disclosed vulnerabilities are minor.

My favorite of the bunch involves a stack overflow scanning PDF’s. Simply receiving the file via a mail client is all that is needed, as soon as you get the file Sophos will do it thing and scan it. Opening it is not needed.

http://www.sophos.com/en-us/support/knowledgebase/118424.aspx

http://www.pcworld.com/article/2013580/researcher-finds-critical-vulnerabilities-in-sophos-antivirus-product.html

https://lock.cmpxchg8b.com/sophailv2.pdf

I don’t know what I would call this whole thing, software will have vulnerabilities. It’s just going to be a thing that’s there. It is possible to improve coding practices to limit these, but there is a balance with getting it out the door and people still make mistakes. Personal I would have to say my confidence in the product has been shaken, but not as much as it could have been in there was active exploitation in the wild.


October 30, 2012  9:35 PM

October wrap up



Posted by: Dan O'Connor

Cisco cutting ties with Chinese telecom ZTE after allegation surface about ZTE selling banned equipment to Iran. I have not seen an update to this since the 10th of the month, but for the FBI to be involved I would assume that there is merit to the claim.

http://www.guardian.co.uk/technology/2012/oct/09/cisco-systems-ends-zte-partnership

Does your company leak information via server-status in apache?

http://urlfind.org/?server-status

You can see a list of popular ones here;

http://blog.sucuri.net/2012/10/popular-sites-with-apache-server-status-enabled.html

Go fast, some people are reacting and fixing it. Interesting stats anyway.

A good updated paper from Bruce and doping in sports with all of the things happening this month.

http://www.wired.com/opinion/2012/10/lance-armstrong-and-the-prisoners-dilemma-of-doping-in-professional-sports/


October 30, 2012  9:26 PM

Natas 0-4



Posted by: Dan O'Connor

Natas0, easy and a logical start to what we are doing. Check out the source of the page.

Natas1, easy right click has been disabled. Find the keyboard shortcut for your browser to view source.

Natas2, a little harder. The answer is not directly on the page but viewing the source code gives you the direction you need to go in. Look where the image is stored.

Natas3, if you know how a search engine is controlled by a site this will be easy. You will want to search for how to block a search engine from seeing parts of a site. There is a big hint on the page for this one.

Natas4, the site looks like it’s down. Boo.

Well I will have to pick this up when they are back up. Just when things were getting interesting too.


October 30, 2012  7:18 PM

More hacking games



Posted by: Dan O'Connor

A nice so far basic site teaching web stuff.

http://www.overthewire.org/wargames/natas/

If you know how to view page sources, keyboard shortcuts and some web search engine basics you should be in level 5 in no time. Next month if I have sometime I will cover some of the more difficult levels.

Here is a preview of level 1 :)


October 30, 2012  7:06 PM

Gone in sixty seconds..



Posted by: Dan O'Connor

No really,

https://www.fbi.gov/sandiego/press-releases/2012/fourteen-charged-in-million-dollar-gone-in-60-seconds-bank-fraud

The idea is clever to get the money, but I don’t see a way out of this. Eventually someone would figure that the same few people are doing this at the same few ATM’s. I wonder how they figured out the delay? and the syncing of the withdraws must have been some work.


October 29, 2012  5:20 PM

Hackthissite.org Application Level 7 – Part 5



Posted by: Dan O'Connor

To automate the interaction with the app7win.exe I used something called Expect. I have used Expect before for Perl on *nix systems but I have never had the need to do it to a Windows machines. It took a bit of research but I turned up a solution.

First;
http://docs.activestate.com/activetcl/8.5/expect4win/

That’s great but it took a little bit of time to figure out how exactly I was going to get this to work as the documentation I could find was light on the installation.

The same company offers ActiveTcl;
http://www.activestate.com/activetcl/downloads

Expect is not included with the install so you have to install it after the fact. To install Expect you need to use an application included with ActiveTcl called teacup.exe.


C:\Tcl\binteacup.exe install Expect

And here is the Expect script that I created.


#!/bin/sh
# \
exec tclsh "$0" ${1+"$@"}

package require Expect
exp_log_user 1
exp_log_file -a 1.log
spawn app7win.exe
puts stdout "$argv"

expect -re "Please enter the password:" {
exp_send "$argv\r"
exp_wait
} eof {
exp_send "ERROR";
}

expect -re "Invalid Password" {
puts stdout "Bad Password $argv"
exp_send_log "Bad Password $argv"

} eof {
puts stdout "good password $argv"
exp_send_log "good password $argv"

}

Now I started looking at a true brute force, but I already have a large dictionary with about 2.6 billion words in it. I figured that should be enough to create the needed collision that I wanted. Now with the ability to interact with the application I needed a way to loop through the contents of the dictionary, I had already started working on one in Perl forgetting that Expect did not work for Perl for Windows.

Here is my lazy perl script that I created, I did not use a fh to get the contents of the file. I only use that if I need to do io, if you are just reading using ‘type’ on windows or ‘cat’ on *nix works just fine.


@file = `type new_full.txt`;

foreach(@file) {
system("tclsh test.tcl $_");
}

It’s pretty basic and I did not do the greatest job, but it worked.


October 29, 2012  2:44 AM

Hackthissite.org Application Level 7 – Part 4



Posted by: Dan O'Connor

Just as I was checking my brute force script before stopping for the night I had a collision on the “correct” value entered and I have the answer. I used ActiveTCL and ActivePerl to do the dirty work, I will create a little how I did it soon. I was pretty dirty but I know perl very well and just needed the ActiveTCL to handle expect.

It happened very quickly, I am tempted to restart it and leave it running for the night to see if any other values can create a success condition.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: