All posts by zitstif

zitstif.no-ip.org is back up!

June 6, 2010 zitstif Leave a comment

After having some down time, which started on May 29th, I scrambled around to find a quick solution to the problem.

The problem came to light after noticing a few nights prior to May 29th, that my web server was not responding correctly and I could not log into it what so ever.

So, ergo I had to actually get on my server (physically) and noticed a bunch of read errors, and the first thought that came to mind was “Bad hard drive!”.

With that in mind, I backed up my server contents as needed and booted my server off of a usb drive which contained a live Linux distro and used:

python -m SimpleHTTPServer 80

to host a simple page displaying what had happened.

At a later time I then realized that I had a spare 10 GB hard drive in my basement and that is what the server is currently running on. Hopefully it lasts for quite some time…

My goal with my server is to: top out the specs for it (max out the memory, and hard drive capacity) and have some virtual hosts on it.

For those of you who are fans (I sincerely doubt there are any, but I can hope!), zitstif.no-ip.org is back up!

Code, Posts

Bruteforcing subdomain names with John the ripper

May 24, 2010 zitstif Leave a comment

A key phase in the steps to penetration testing is reconnaissance. Without reconnaissance, pentesters would be essentially blind.

In addition to this, pentesters have myriad of tools to help them with the recon phase.

When hunting down hosts that belong to an organization, dnsmap is a wonderful tool for finding subdomains.

After doing some experimenting with this tool, I stumbled upon a limitation. Dnsmap does not have the capability to read from stdin for keywords to use in the subdomain bruteforcing. It requires a word list. Well what if I want to use john the ripper?

So, I pondered to myself, “What’s wrong with just ‘host’ and ‘john’ in tandem to bruteforce subdomains?”. Well my friends, here’s an example:

john --incremental --stdout | while read words; 
   do host ${words}.google.com &> /dev/null; 
      if [ $? -eq 0 ]; 
          then echo "${words}.google.com"; 
      fi; 
   done

Of course you could change this to accordingly, but here’s it as a function and you could even add this to your .bashrc file.

function dnsbrute {
 if [ ${#} -lt 1 ];
   then 
      echo "I need a domain name...";
      return 1;
 fi
 john --incremental --stdout | while read words; 
   do host ${words}.${1} &> /dev/null; 
     if [ $? -eq 0 ]; 
        then echo "${words}.${1}"; 
     fi; 
   done
 return 0;
}

More to come as usual..

(I’m still dragging my feet on ettersploit.. 🙂 )

Code, Posts

Passively finding MDNS names (.local)

May 16, 2010 zitstif Leave a comment

Just a quicky:

If you’re in a local area network and you’re trying to do some passive information gathering using a sniffer, here is a great way to find .local host names:

tcpdump -i wlan0 -vv 2&>1 | egrep '*.local'

What’s beautiful about this method is you can usually find people’s full names, especially if they’re using Apple devices. Along with that, you’re not probing or alerting the targets.

Also, if you’re not in range of a wifi access point and can barely see the AP, you can use this method while trying to connect (it makes this method a little less passive..), but I’ve discovered Iphone device names via this method.

And now…. back to the books. 🙂

PS: I’m going to set aside time this week to put more effort into ettersploit.

Posts, Videos

Eavesdropping on bluetooth headsets with carwhisperer

May 11, 2010 zitstif 2 Comments

The official tool is available here:

http://trifinite.org/trifinite_stuff_carwhisperer.html

It has also been ported to the Nokia N810:

http://talk.maemo.org/showthread.php?t=20780

I’ve downloaded it and installed it on my Nokia N810, but haven’t had a chance to test it since I don’t own any bluetooth headsets.

More to come as usual..

#Update 11/17/2015

It appears that video no longer works, this should suffice:

Eavesdropping on Bluetooth Headsets by DelwinWood

#Thanks Patryk

Posts

Anti-virus FAIL

May 9, 2010 zitstif Leave a comment

Securityemo writes “The Register is running an article about a new method to bypass antivirus software, discovered by Matousec. By sending benign code to the antivirus driver hooks, and switching it out for malicious code at the last moment, the antivirus can be completely bypassed. This attack is apparently much more reliable on multi-core systems. Here’s the original research paper.” El Reg notes that “The technique works even when Windows is running under an account with limited privileges,” but “it requires a large amount of code to be loaded onto the targeted machine, making it impractical for shellcode-based attacks or attacks that rely on speed and stealth. It can also be carried out only when an attacker already has the ability to run a binary on the targeted PC.”

http://tech.slashdot.org/story/10/05/09/1343239/Critical-Flaw-Found-In-Virtually-All-AV-Software

If you’re a techie, you have to love /. 🙂

S	M	T	W	T	F	S
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

#!/zitstif.no-ip.org/