February 20th, 2010 by mopey
Traditionally I’ve done this with nc. However, there is in fact a curl flag to do this. Demonstrating once again how awesome curl is (but I still use the inferior wget because I can never remember curl syntax).
curl -X CONNECT example.com
Tags: curl
Posted in Linux | No Comments »
February 7th, 2010 by mopey
This program takes a regular expression for a problem and returns the
affected hosts. It iterates through all reports saved in a .nessus file
making no attempt at uniqueness, (eg if you scanned a host more than once)
searching through titles, data, port, and IDs for matches.
Tags: grep, nessus, python
Posted in Programming | No Comments »
February 3rd, 2010 by mopey
POC XSRFs that only allow POST is not as straightforward as the GET. I use something like the following for situations like that.
<html>
<head></head>
<body>
<script>
function poststuff() {
var site = document.getElementById("posturl").value;
var post_data = document.getElementById("postparam").value;
alert("site: " + site);
alert("pdata: " + post_data);
var xmlhttp=new XMLHttpRequest();
xmlhttp.open("POST", site, true);
xmlhttp.onreadystatechange [...]
Tags: xsrf
Posted in GrayHat | No Comments »
January 21st, 2010 by mopey
cdecl, stdcall, fastcall, c++
Posted in Bits and Bytes | No Comments »
January 16th, 2010 by mopey
In my line of work, I come across SNMP default community strings quite a bit. I seem to always be searching for a reference on how to query various things – and also what I might change.
Tags: snmp
Posted in Network | No Comments »
January 3rd, 2010 by mopey
The code is pretty self explanatory. It searches through a .nessus file and spits out matching hosts.
Tags: nessus, python
Posted in GrayHat, Programming | No Comments »
December 30th, 2009 by mopey
Kind of an annoying problem, but sometimes nikto runs out of control. This is made worse by nessus, which can have a lot of nikto instances running at once.
Tags: nikto, python
Posted in GrayHat, Programming | No Comments »
December 6th, 2009 by mopey
proxychains is a pretty amazing tool available at http://proxychains.sourceforge.net/. It is a versitile proxy tool. So folks like me, who would like the source IPs to be from a proxy, or multiple proxys. For me, the main uses are proxying gui port scan stuff like nessus and proxying tor.ychains.sourceforge.net/. It is a versitile proxy tool. So folks like me, who would like the source IPs to be from a proxy, or multiple proxys. For me, the main uses are proxying gui port scan stuff like nessus and proxying tor.
Posted in Network, Security Tools | 1 Comment »
November 22nd, 2009 by mopey
The goal of this project was to integrate all parts covered throughout the lab. Similar to lab7, lab8 fetches microcode from a second memory device. Extending lab7, however, it also performs very basic operations, including add, eq, nop, ld, skipz, and halt. There are 4 physical registers, which will be referred to as 00, 01, 10, and 11.
Tags: mycontroller
Posted in Bits and Bytes | No Comments »
November 13th, 2009 by mopey
I had to change this script a lot, so take with a grain of salt. That said, we changed about 1000 LOCAL passwords in a couple hours – which would have really taken all day and been more boring.
Tags: python
Posted in Network, Programming | No Comments »
October 31st, 2009 by mopey
This program is a hillclimbing program solution to the 8 queens problem. The algorithm is silly in some places, but suits the purposes for this assignment I think. It was tested with python 2.6.1 with psyco installed. If big runs are being tried, having psyco may be important to maintain sanity, since it will speed things up significanlty. Otherwise, you may want to stick to –numrun being less than around 50.
Tags: artificial intelligence, python
Posted in Programming | No Comments »
October 14th, 2009 by mopey
This is a stupid script to scan a class b network. I only wanted a detailed scan of hosts that exist (which I generated with a ping scan). I also wanted this information separated by file.
Tags: nmap
Posted in GrayHat, Network, Programming | 2 Comments »
August 29th, 2009 by mopey
I’ve made chrome my default linux browser. It’s been performing very well…
The thing is, flash on linux is unstable, gosh darn adobe! I have ff crash about every few days due to something like google finance. No more! The separate processes of chrome isolate this somewhat. So although it’s still “unstable” it seems to be [...]
Posted in Linux | 1 Comment »
August 11th, 2009 by mopey
http://www.milw0rm.com/exploits/9410
Tags: wordpress
Posted in GrayHat | 2 Comments »
July 26th, 2009 by mopey
This is something obvious to statisticians but maybe less obvious to most programmers. I recently came across some code that essentially looks like this: x = rand^2. The programer was for some reason assuming that x was still uniform between [0,1]. Of course, this isn’t the case. Although the domain is still between [0,1] the numbers will now be squished down closer to 0.
Posted in Programming | No Comments »
July 25th, 2009 by mopey
This is an RTOS developed by myself, with some code taken from FreeRTOS. This is some of the most difficult code I have ever written, although it really doesn’t do anything useful. Man, context switching in C can be a bear! It’s like a programatic buffer overflow! (seriously, you do a function call and just pop off enough stuff to overwrite the instruction pointer).
Tags: avr atmega16 rtos
Posted in Bits and Bytes, Programming | 2 Comments »
July 23rd, 2009 by mopey
http://kenshoto.com/vtrace/
Documented commands (type help <topic>):
========================================
alias bpedit detach ignore meta resume stepi vstruct
alloc bpfile dis lm mode script struct writemem
attach break eval maps ps search suspend
autocont bt exec mem python server syms
bestname call fds memdump quit signal threads
bp config go memprotect reg snapshot var
So this looks pretty promising… a call function to call things right [...]
Posted in GrayHat | No Comments »
July 10th, 2009 by mopey
Port Knocking and Single Packet Authorization (SPA) are relatively new (circa 2004 and later) techniques used to enable anonymous, temporary activation of remote network services that are otherwise blocked by means of a firewall. These techniques greatly enhance the so-called “zero-day” exploit resilience of systems which properly implement them, but they have weaknesses and more importantly share a weakness common to most common security augmentation system: human nature. This paper presents a framework for securely enabling remote services in a manner which focuses on the human factor, a concept often neglected in security research and the key reason that such systems rarely see widespread usage in the real-world. The primary focus is to make SPA easier for humans to interact with.
Posted in Network | No Comments »
July 9th, 2009 by mopey
Wireless ad-hoc network protocols are a topic of much recent discussion and development. This has prompted many researchers to develop interesting and promising-sounding protocols that should be considered and examined. One such protocol, Authenticated Protocol for Wireless Ad Hoc Networks (APEC), was designed by Robert Hiromoto and Hope Forsmann[1]. APEC has been the subject of an increasing amount of scientific discussion and research around Universities, Laboratories, and professional conferences. In this paper, we examine APEC in depth and discuss many potential problems with the protocol that must be addressed if APEC is achieve widespread acceptance.
Posted in Network | 1 Comment »
July 8th, 2009 by mopey
The gnu Privacy handbook has a ton of useful information, but I thought I’d make a quick reference for the gpg usage I use most. Especially because I was just an idiot and lost my gpg private key (though I do remember the passphrase) – this time there will be a backup!
List all keys
gpg –list-keys
print [...]
Posted in GrayHat, Linux | No Comments »