webstersprodigy.net

Traditionally I’ve done this with nc. However, there is in fact a curl flag to do this. Demonstrating once again how awesome curl is (but I still use the inferior wget because I can never remember curl syntax).
curl -X CONNECT example.com

This program takes a regular expression for a problem and returns the
affected hosts. It iterates through all reports saved in a .nessus file
making no attempt at uniqueness, (eg if you scanned a host more than once)
searching through titles, data, port, and IDs for matches.

POC XSRFs that only allow POST is not as straightforward as the GET. I use something like the following for situations like that.

<html>
<head></head>
<body>
<script>
function poststuff() {
var site = document.getElementById("posturl").value;
var post_data = document.getElementById("postparam").value;
alert("site: " + site);
alert("pdata: " + post_data);
var xmlhttp=new XMLHttpRequest();
xmlhttp.open("POST", site, true);
xmlhttp.onreadystatechange [...]

cdecl, stdcall, fastcall, c++

In my line of work, I come across SNMP default community strings quite a bit. I seem to always be searching for a reference on how to query various things – and also what I might change.

The code is pretty self explanatory. It searches through a .nessus file and spits out matching hosts.

Kind of an annoying problem, but sometimes nikto runs out of control. This is made worse by nessus, which can have a lot of nikto instances running at once.

proxychains is a pretty amazing tool available at http://proxychains.sourceforge.net/. It is a versitile proxy tool. So folks like me, who would like the source IPs to be from a proxy, or multiple proxys. For me, the main uses are proxying gui port scan stuff like nessus and proxying tor.ychains.sourceforge.net/. It is a versitile proxy tool. So folks like me, who would like the source IPs to be from a proxy, or multiple proxys. For me, the main uses are proxying gui port scan stuff like nessus and proxying tor.

The goal of this project was to integrate all parts covered throughout the lab. Similar to lab7, lab8 fetches microcode from a second memory device. Extending lab7, however, it also performs very basic operations, including add, eq, nop, ld, skipz, and halt. There are 4 physical registers, which will be referred to as 00, 01, 10, and 11.

I had to change this script a lot, so take with a grain of salt. That said, we changed about 1000 LOCAL passwords in a couple hours – which would have really taken all day and been more boring.

This program is a hillclimbing program solution to the 8 queens problem. The algorithm is silly in some places, but suits the purposes for this assignment I think. It was tested with python 2.6.1 with psyco installed. If big runs are being tried, having psyco may be important to maintain sanity, since it will speed things up significanlty. Otherwise, you may want to stick to –numrun being less than around 50.

This is a stupid script to scan a class b network. I only wanted a detailed scan of hosts that exist (which I generated with a ping scan). I also wanted this information separated by file.

I’ve made chrome my default linux browser. It’s been performing very well…
The thing is, flash on linux is unstable, gosh darn adobe! I have ff crash about every few days due to something like google finance. No more! The separate processes of chrome isolate this somewhat. So although it’s still “unstable” it seems to be [...]

http://www.milw0rm.com/exploits/9410

This is something obvious to statisticians but maybe less obvious to most programmers. I recently came across some code that essentially looks like this: x = rand^2. The programer was for some reason assuming that x was still uniform between [0,1]. Of course, this isn’t the case. Although the domain is still between [0,1] the numbers will now be squished down closer to 0.

This is an RTOS developed by myself, with some code taken from FreeRTOS. This is some of the most difficult code I have ever written, although it really doesn’t do anything useful. Man, context switching in C can be a bear! It’s like a programatic buffer overflow! (seriously, you do a function call and just pop off enough stuff to overwrite the instruction pointer).

http://kenshoto.com/vtrace/

Documented commands (type help <topic>):
========================================
alias     bpedit  detach  ignore      meta    resume    stepi    vstruct
alloc     bpfile  dis     lm          mode    script    struct   writemem
attach    break   eval    maps        ps      search    suspend
autocont  bt      exec    mem         python  server    syms   
bestname  call    fds     memdump     quit    signal    threads
bp        config  go      memprotect  reg     snapshot  var

So this looks pretty promising… a call function to call things right [...]

Port Knocking and Single Packet Authorization (SPA) are relatively new (circa 2004 and later) techniques used to enable anonymous, temporary activation of remote network services that are otherwise blocked by means of a firewall. These techniques greatly enhance the so-called “zero-day” exploit resilience of systems which properly implement them, but they have weaknesses and more importantly share a weakness common to most common security augmentation system: human nature. This paper presents a framework for securely enabling remote services in a manner which focuses on the human factor, a concept often neglected in security research and the key reason that such systems rarely see widespread usage in the real-world. The primary focus is to make SPA easier for humans to interact with.

Wireless ad-hoc network protocols are a topic of much recent discussion and development. This has prompted many researchers to develop interesting and promising-sounding protocols that should be considered and examined. One such protocol, Authenticated Protocol for Wireless Ad Hoc Networks (APEC), was designed by Robert Hiromoto and Hope Forsmann[1]. APEC has been the subject of an increasing amount of scientific discussion and research around Universities, Laboratories, and professional conferences. In this paper, we examine APEC in depth and discuss many potential problems with the protocol that must be addressed if APEC is achieve widespread acceptance.

The gnu Privacy handbook has a ton of useful information, but I thought I’d make a quick reference for the gpg usage I use most. Especially because I was just an idiot and lost my gpg private key (though I do remember the passphrase) – this time there will be a backup!
List all keys
gpg –list-keys
print [...]