Saturday, January 26, 2013

Rant: OSX Find Clipboard - Invokes Baby Punching

OSX has multiple clipboards that allow you to do fairly user friendly actions such as drag and drop various files, fonts, text, etc. Among these clipboards is the global "Find Pasteboard". This has been by far the stupidest and more shortsighted idea i have ever seen implemented by apple.

At first it seems like a great idea, select text somewhere, hit cmd+e and search for it in a completely separate application just by hitting cmd+g. I'm sure certain people find that very useful. But there is a problem with this. A problem that makes me want to punch babies.

For example:
if you search for text in chrome on a webpage, and you switch to sublime text 2 to search for something in your code, it automatically inputs the text that you typed into chrome, into the sublime "find" box. ok...thats odd, i'll just backspace and start typing my search. Ah damn, i forgot the syntax to that one perl regex. When you switch back to chrome to search the page, IT COMPLETELY WIPES OUT/REPLACES YOUR SEARCH IN SUBLIME. so that big long regex i was typing in sublime? gone. Thanks apple, your "feature" wiped out the last 30 minutes of research i was doing.

oh.my.god. this is the type of thing that creates serial killers.

The absolute worst part about all of it, the part where apple's arrogance and unbelievable big head ruins everything, is in the fact that THERE IS NO WAY TO DISABLE IT. AT ALL. ZILCH. NADA. They simply say that "this is intended behavior" which is the equivalent of them giving you the finger and saying "deal with it".

The entire idea of the find clipboard itself is stupid. It's a feature thats hardly known, and much more likely to cause frustration and issues than the problems it solves. The probability that you need to search for two different strings in different applications is obscenely higher than the few situations in which you want to search text from one app in another.

I'm not saying take this feature out, as i'm sure someone might be using it, i'm simply asking for a way to disable it.

This issue is more evidence of what i believe to be apple's worst quality, the arrogance of their imposed "user experience" on the consumer. I'm done with apple, this issue is on top of the dozens of other things that have driven me mad by them. I'm doing back to linux. At least then i have %100 control over my computer.

Thursday, January 24, 2013

Barracuda SSH Backdoors

Today i learned of an advisory posted on reddit regarding Barracuda and certain "support" ssh backdoors installed on many of their products. Unfortunately i dont have a Barracuda product to test the specific attack strings on, but i have been able to gather quite a bit of information on it:

Here is the reddit netsec article on it:
http://www.reddit.com/r/netsec/comments/176p7z/critical_ssh_backdoor_in_multiple_barracuda/

Here is the Neohapsis copypasta from SEC-consult:
http://archives.neohapsis.com/archives/fulldisclosure/2013-01/0221.html

Here is the original advisory:
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130124-0_Barracuda_Appliances_Backdoor_wo_poc_v10.txt

Barracuda released several "tech alerts" about this vuln:
https://www.barracudanetworks.com/support/techalerts

Here is a full disclosure post in 2011 where someone suspected Barracuda had a backdoor (for lolz)
http://seclists.org/fulldisclosure/2011/Apr/460

Here is a blog post from 2009 (seriously) of a guy that got root access from the console and revealed overlapping details about the advisory:
http://blog.shiraj.com/2009/09/barracuda-spam-firewall-root-password/

Summary of the situation:
The following products:
     Barracuda Spam and Virus Firewall
     Barracuda Web Filter
     Barracuda Message Archiver
     Barracuda Web Application Firewall
     Barracuda Link Balancer
     Barracuda Load Balancer
     Barracuda SSL VPN
     (all including their respective virtual "Vx" versions)
vulnerable version: all versions less than Security Definition 2.0.5

All have preinstalled (undocumented) support accounts with SSH access in /etc/passwd.
The "product" support account drops you to shell without requiring SSH keys. Which also has access to the MySQL database that can modify the list of users who can log in...

Only hosts coming from certain IPs can access this ssh daemon:
192.168.200.0/24
192.168.10.0/24
205.158.110.0/24
216.129.105.0/24

There are certain reports that the "product" user requires no password.

If anyone can get me the user hashes, i can run it through my (pretty big/extensive) wordlists with rulesets.

Tuesday, January 22, 2013

Edit Text Without Using Files

Lots of times on engagements i'll have to take a big chunk of data, for example user credentials, and parse/format them a particular way. Typically it can be done quickly by placing the text into a small temp file, and then parsing the contents that way.

The problem is that you are then left with a bunch of crap files you dont need. Granted, i could just put everything in the /tmp folder, or create another temp folder alltogether, but i didnt want to have to deal with files at all.

In come here documents. Here documents are awesome for stuff like this. Take this example:


cat <<EOFMEOW | awk '{print $3}'
>ZOMG THE TEXT
>IT GOES HERE
>WHERE?
>IT GOES HERE LOLZ
>EOFMEOW

TEXT
HERE
HERE


Now all i need to do is just paste the text once it spits back the '>' prompt.

Wednesday, January 16, 2013

Windows Network Service Internals - IPC/RPC

http://www.hsc.fr/ressources/articles/win_net_srv/index.html


Here are the core MSRPC functions/capabilities. It includes things like interacting with the SAM, the registry, the event log, the service control manager and much more:

http://www.hsc.fr/ressources/articles/win_net_srv/msrpc_core.html

Saturday, January 5, 2013

Pentest Bookmarks - Single Links

Here is a list of the pentest-bookmarks grabbed from http://code.google.com/p/pentest-bookmarks/
I needed to parse them for a project, so i modified it to be a one-line-per-link format. I figured someone else might be able to use it for something so I'm posting it here.

EDIT: here is the line i used:

grep -E -o '<A HREF=\"http.*?\"' <(curl http://pentest-bookmarks.googlecode.com/files/bookmarksv1.5.html) | sort -u | cut -d \" -f 2

http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/
http://addictomatic.com/
http://andlabs.org/tools.html#dser
http://andlabs.org/tools.html#sotf
http://arachni.segfault.gr/news
http://archangelamael.blogspot.com/
http://articles.manugarg.com/arp_spoofing.pdf
http://asturio.gmxhome.de/software/sambascan2/i.html
http://avondale.good.net/dl/bd/
http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf
http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf
http://bernardodamele.blogspot.com/
http://blindelephant.sourceforge.net/
http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments
http://blog.0x3f.net/tool/keimpx-in-action/
http://blog.andlabs.org/
http://blog.c22.cc/
http://blog.commandlinekungfu.com/
http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/
http://blog.metasploit.com/
http://blog.metasploit.com/2010/03/automating-metasploit-console.html
http://blog.metasploit.com/2010/05/introducing-metasploitable.html
http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html
http://blog.ombrepixel.com/
http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security
http://blog.portswigger.net/
http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/
http://blog.sipvicious.org/
http://blog.skeptikal.org/
http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html
http://blog.spiderlabs.com/
http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
http://bright-shadows.net/
http://capture.thefl.ag/calendar/
http://carnal0wnage.attackresearch.com/node/410
http://carnal0wnage.attackresearch.com/node/436?utm_source=twitterfeed&utm_medium=twitter
http://carnal0wnage.blogspot.com/
http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html
http://centralops.net/co/
http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf
http://cirt.net/passwords
http://cirt.net/ports_dl.php?export=services
http://clez.net/
http://code.google.com/edu/languages/google-python-class/index.html
http://code.google.com/p/fimap/wiki/WindowsAttack
http://code.google.com/p/fm-fsf/
http://code.google.com/p/fuzzdb/
http://code.google.com/p/it-sec-catalog/wiki/Exploitation
http://code.google.com/p/javasnoop/
http://code.google.com/p/keimpx/
http://code.google.com/p/msf-hack/wiki/WmapNikto
http://code.google.com/p/owaspbwa/wiki/ProjectSummary
http://code.google.com/p/pinata-csrf-tool/
http://code.google.com/p/pyrit/
http://code.google.com/p/skipfish/
http://code.google.com/p/wavsep/downloads/list
http://contest.korelogic.com/wordlists.html
http://cr.yp.to/2004-494.html
http://crackme.cenzic.com/Kelev/view/home.php
http://crypto.stanford.edu/cs142/
http://crypto.stanford.edu/cs155/
http://cseweb.ucsd.edu/classes/wi09/cse227/
http://ctf.hcesperer.org/
http://cve.mitre.org/
http://cvedetails.com/
http://demo.testfire.net/
http://dev.tangocms.org/issues/237
http://deviating.net/
http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download
http://en.wikipedia.org/wiki/IPv4_subnetting_reference
http://entitycube.research.microsoft.com/
http://esploit.blogspot.com/
http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/
http://exploit.co.il/
http://feoh.tistory.com/22
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
http://flack.hkpco.kr/
http://forum.intern0t.net/
http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html
http://gnacktrack.co.uk/download.php
http://gse-compliance.blogspot.com/2008/07/netcat.html
http://gynvael.coldwind.pl/
http://h.ackack.net/cheat-sheets/netcat
http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964
http://ha.ckers.org/sqlinjection/
http://hackerfantastic.com/
http://hackme.ntobjectives.com/
http://hakin9.org/
http://hashcrack.blogspot.com/
http://heideri.ch/jso/#javascript
http://heorot.net/livecds/
http://i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/
http://i8jesus.com/
http://ictf.cs.ucsb.edu/
http://infond.blogspot.com/2010/05/toturial-footprinting.html
http://informatica.uv.es/~carlos/docencia/netinvm/
http://intrepidusgroup.com/insight/mallory/
http://intruded.net/
http://isc.sans.edu/diary.html?storyid=1229
http://isc.sans.edu/diary.html?storyid=2376
http://isc.sans.edu/diary.html?storyid=9397
http://jeremiahgrossman.blogspot.com/
http://junker.org/~tkh16/ncat-for-netcat-users.php
http://lab.mediaservice.net/notes_more.php?id=MSSQL
http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/
http://laramies.blogspot.com/
http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf
http://lcamtuf.coredump.cx/strikeout/
http://marc.info/?l=john-users&m=121444075820309&w=2
http://mariano-graziano.llab.it/docs/report.pdf
http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf
http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf
http://memset.wordpress.com/
http://meterpreter.illegalguy.hostzi.com/
http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads
http://milo2012.wordpress.com/2009/09/27/xlsinjector/
http://msdn.microsoft.com/en-us/library/aa478971.aspx
http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
http://myne-us.blogspot.com/
http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
http://mywiki.wooledge.org/BashPitfalls
http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html
http://nmap.org/
http://nmap.org/ncrack/
http://nmap.org/nsedoc/
http://nvd.nist.gov/
http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
http://ophcrack.sourceforge.net/
http://osvdb.org/
http://packetstormsecurity.org/Crackers/wordlists/
http://packetstormsecurity.org/UNIX/scanners/lfi-rfi2.txt
http://packetstormsecurity.org/UNIX/scanners/rfiscan2.py.txt
http://packetstormsecurity.org/files/view/69896/unicode-fun.txt
http://packetstormsecurity.org/files/view/95399/dotdotpwn-v2.1.tar.gz
http://packetstormsecurity.org/papers/wireless/cracking-air.pdf
http://pastie.org/840199
http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html
http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
http://pentest.cryptocity.net/
http://pentestmonkey.net/blog/
http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
http://picfog.com/
http://pipl.com/
http://preachsecurity.blogspot.com/
http://punter-infosec.com/
http://pynstrom.net/holynix.php
http://r00tsec.blogspot.com/2011/03/pr10-08-various-xss-and-information.html
http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html
http://ref.x86asm.net/index.html
http://resources.infosecinstitute.com/
http://reusablesec.blogspot.com/
http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst
http://rubular.com/
http://samsclass.info/124/124_Sum09.shtml
http://samurai.inguardians.com/
http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
http://secdocs.lonerunners.net/
http://seclists.org/fulldisclosure/2006/Jun/508
http://seclists.org/metasploit/
http://seclists.org/nmap-dev/2009/q1/581
http://seclists.org/pen-test/2002/Nov/43
http://secunia.com/
http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter
http://security.ucla.edu/pages/Security_Talks
http://securityandrisk.blogspot.com/
http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections
http://securityoverride.com/forum/index.php
http://securityreliks.wordpress.com/
http://securitytube.net/Deploying-Metasploit-as-a-Payload-on-a-Rooted-Box-video.aspx
http://securitytube.net/Nmap-Scripting-Engine-Primer-video.aspx
http://shelldorado.com/shelltips/beginner.html
http://showmedo.com/videotutorials/python
http://shsc.info/FileUploadSecurity
http://sickness.tor.hu/
http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html
http://sirdarckcat.blogspot.com/
http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html
http://skipease.com/
http://sla.ckers.org/forum/index.php
http://sla.ckers.org/forum/list.php?2
http://sla.ckers.org/forum/read.php?24,33903
http://smashthestack.org/
http://socialmention.com/
http://sourceforge.net/projects/ajaxshell/
http://sourceforge.net/projects/belch/files/
http://sourceforge.net/projects/hashkill/
http://sourceforge.net/projects/lampsecurity/files/
http://sourceforge.net/projects/rips-scanner/
http://sourceforge.net/projects/thebutterflytmp/
http://sourceforge.net/projects/virtualhacking/files/
http://sourceforge.net/projects/websecuritydojo/
http://sourceforge.net/projects/ws-attacker/files/
http://sourceforge.net/projects/yokoso/
http://sqid.rubyforge.org/#next
http://sqlmap.sourceforge.net/
http://sqlzoo.net/hack/
http://ss64.com/nt/
http://stuff.mit.edu/iap/2009/#websecurity
http://sumolinux.suntzudata.com/
http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
http://taosecurity.blogspot.com/
http://technotales.wordpress.com/2009/06/14/netcat-tricks/
http://tenable.com/products/nessus
http://testasp.vulnweb.com/
http://testaspnet.vulnweb.com/
http://testphp.vulnweb.com/
http://theultimates.com/
http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210
http://tools.securitytube.net/index.php?title=Main_Page
http://toorcon.org/pres12/3.pdf
http://trac.happypacket.net/
http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1
http://twapperkeeper.com/index.php
http://tweepsearch.com/
http://tweepz.com/
http://uptime.netcraft.com/
http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#
http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#
http://vimeo.com/16852783
http://vimeo.com/16925188
http://vimeo.com/3418947
http://vimeo.com/user2720399
http://visi.kenshoto.com/
http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html
http://w3af.sourceforge.net/
http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html
http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf
http://websec.files.wordpress.com/2010/11/sqli2.pdf
http://websec.wordpress.com/
http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
http://websecuritytool.codeplex.com/documentation?referringTitle=Home
http://wepma.blogspot.com/
http://whatthefuckismyinformationsecuritystrategy.com/
http://whois.webhosting.info/
http://wirewatcher.wordpress.com/
http://www-inst.eecs.berkeley.edu/~cs161/sp11/
http://www.123people.com/
http://www.12robots.com/index.cfm/2010/9/14/Whats-Possible-with-XSS--Security-Series-81
http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/
http://www.acunetix.com/cross-site-scripting/scanner.htm
http://www.alphaonelabs.com/
http://www.antionline.com/archive/index.php/t-230603.html
http://www.attackvector.org/
http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
http://www.backbox.org/
http://www.backtrack-linux.org/
http://www.backtrack-linux.org/forums/
http://www.badstore.net/
http://www.binary-auditing.com/
http://www.bindshell.net/tools/beef
http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf
http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf
http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf
http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
http://www.bonsai-sec.com/en/research/moth.php
http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/
http://www.cheat-sheets.org/
http://www.commonexploits.com/
http://www.contextis.co.uk/resources/tools/clickjacking-tool/
http://www.corelan.be/
http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf
http://www.cs.rpi.edu/academics/courses/spring10/csci4971/
http://www.cs.sjtu.edu.cn/~kzhu/cs490/
http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
http://www.cs.ucsb.edu/~vigna/courses/cs279/
http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf
http://www.darknet.org.uk/
http://www.darknet.org.uk/2010/09/inspathx-tool-for-finding-path-disclosure-vulnerabilities/
http://www.darkoperator.com/
http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html
http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf
http://www.dest-unreach.org/socat/
http://www.digininja.org/
http://www.digininja.org/blog/when_all_you_can_do_is_read.php
http://www.divineinvasion.net/authforce/
http://www.domaintools.com/
http://www.dvwa.co.uk/
http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
http://www.edge-security.com/metagoofil.php
http://www.edge-security.com/theHarvester.php
http://www.eeye.com/products/retina/community
http://www.elitehackers.info/forums/
http://www.ericheitzman.com/passwd/passwords/
http://www.ethicalhacker.net/
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/
http://www.ethicalhacker.net/content/view/122/2/
http://www.evilsql.com/main/index.php
http://www.exploit-db.com/
http://www.exploit-db.com/google-dorks/
http://www.exploit-db.com/webapps/
http://www.fastandeasyhacking.com/
http://www.fiddler2.com/fiddler2/
http://www.foofus.net/?page_id=63
http://www.foofus.net/jmk/medusa/medusa.html
http://www.foofus.net/~jmk/medusa/medusa-smbnt.html
http://www.gdssecurity.com/l/b/
http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/
http://www.giac.org/certified_professionals/practicals/gsec/0810.php
http://www.glassdoor.com/index.htm
http://www.gnucitizen.org/blog/
http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/
http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+gnucitizen+%28GNUCITIZEN%29&utm_content=Twitter
http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/
http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972
http://www.governmentsecurity.org/forum/
http://www.grmn00bs.com/
http://www.hackernews.com/
http://www.hackersforcharity.org/ghdb/
http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html
http://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html
http://www.hackthissite.org/forums/index.php
http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html
http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf
http://www.iana.org/assignments/port-numbers
http://www.iexploit.org/
http://www.ikkisoft.com/stuff/SMH_XSS.txt
http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
http://www.infosecwriters.com/hhworld/hh8/csstut.htm
http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf
http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html
http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
http://www.irongeek.com/i.php?page=videos/aide-winter-2011
http://www.irongeek.com/i.php?page=videos/metasploit-class
http://www.irongeek.com/i.php?page=videos/network-sniffers-class
http://www.irongeek.com/i.php?page=videos/password-exploitation-class
http://www.jigsaw.com/
http://www.justanotherhacker.com/projects/graudit.html
http://www.kioptrix.com/blog/
http://www.krazl.com/blog/?p=3
http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
http://www.linuxfromscratch.org/
http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
http://www.linuxsurvival.com/
http://www.madirish.net/?article=470
http://www.madirish.net/index.html
http://www.matriux.com/
http://www.mavetju.org/unix/dnstracer-man.php
http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
http://www.mcgrewsecurity.com/
http://www.md5this.com/list.php?
http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav
http://www.mindcenter.net/uploads/ECCE101.pdf
http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf
http://www.mozilla.com/en-US/about/
http://www.mozilla.com/en-US/firefox/central/
http://www.mozilla.com/en-US/firefox/community/
http://www.mozilla.com/en-US/firefox/customize/
http://www.mozilla.com/en-US/firefox/help/
http://www.my-ip-neighbors.com/
http://www.nessus.org/plugins/index.php?view=single&id=10404
http://www.nessus.org/plugins/index.php?view=single&id=10673
http://www.nessus.org/plugins/index.php?view=single&id=10862
http://www.nessus.org/plugins/index.php?view=single&id=11413
http://www.nessus.org/plugins/index.php?view=single&id=11790
http://www.nessus.org/plugins/index.php?view=single&id=12052
http://www.nessus.org/plugins/index.php?view=single&id=12204
http://www.nessus.org/plugins/index.php?view=single&id=12205
http://www.nessus.org/plugins/index.php?view=single&id=12209
http://www.nessus.org/plugins/index.php?view=single&id=15456
http://www.nessus.org/plugins/index.php?view=single&id=15962
http://www.nessus.org/plugins/index.php?view=single&id=18021
http://www.nessus.org/plugins/index.php?view=single&id=18027
http://www.nessus.org/plugins/index.php?view=single&id=19402
http://www.nessus.org/plugins/index.php?view=single&id=19408
http://www.nessus.org/plugins/index.php?view=single&id=21564
http://www.nessus.org/plugins/index.php?view=single&id=21689
http://www.nessus.org/plugins/index.php?view=single&id=21696
http://www.nessus.org/plugins/index.php?view=single&id=22182
http://www.nessus.org/plugins/index.php?view=single&id=22194
http://www.nessus.org/plugins/index.php?view=single&id=23643
http://www.nessus.org/plugins/index.php?view=single&id=25168
http://www.nessus.org/plugins/index.php?view=single&id=26918
http://www.nessus.org/plugins/index.php?view=single&id=26919
http://www.nessus.org/plugins/index.php?view=single&id=26921
http://www.nessus.org/plugins/index.php?view=single&id=26925
http://www.nessus.org/plugins/index.php?view=single&id=29314
http://www.nessus.org/plugins/index.php?view=single&id=34476
http://www.nessus.org/plugins/index.php?view=single&id=34477
http://www.nessus.org/plugins/index.php?view=single&id=34821
http://www.nessus.org/plugins/index.php?view=single&id=40887
http://www.nessus.org/plugins/index.php?view=single&id=42106
http://www.net-security.org/insecuremag.php
http://www.ngssoftware.com/papers/hpoas.pdf
http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx
http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx
http://www.nirsoft.net/articles/saved_password_location.html
http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
http://www.nosec.org/2010/0809/629.html
http://www.notsosecure.com/folder2/
http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter
http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf
http://www.nubuntu.org/
http://www.nullbyte.org.il/Index.html
http://www.nullthreat.net/
http://www.oact.inaf.it/ws-ssri/Costa.pdf
http://www.offensive-security.com/metasploit-unleashed/
http://www.offensivecomputing.net/
http://www.oldapps.com/
http://www.oldversion.com/
http://www.onapsis.com/research.html#bizploit
http://www.onlinehashcrack.com/
http://www.openvas.org/
http://www.openwall.com/john/
http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
http://www.owasp.org/index.php/Owasp_SiteGenerator
http://www.owasp.org/index.php/Testing_for_MS_Access
http://www.owasp.org/index.php/Testing_for_Oracle
http://www.packetstormsecurity.org/
http://www.packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
http://www.packetstormsecurity.org/tools100.html
http://www.paterva.com/web5/
http://www.pauldotcom.com/
http://www.peekyou.com/
http://www.pentest-standard.org/index.php/Main_Page
http://www.pentesterscripting.com/
http://www.pentestit.com/
http://www.phenoelit-us.org/dpl/dpl.html
http://www.phenoelit-us.org/whatSAP/index.html
http://www.phx2600.org/archive/2008/08/29/metacab/
http://www.piotrbania.com/all/kon-boot/
http://www.radare.org/y/
http://www.radarhack.com/tutorial/ads.pdf
http://www.rapid7.com/vulnerability-scanner.jsp
http://www.ravenphpscripts.com/article2974.html
http://www.reddit.com/r/xss/
http://www.robvanderwoude.com/ntadmincommands.php
http://www.room362.com/
http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583
http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974
http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974
http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219
http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214
http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283
http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507
http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf
http://www.searchbug.com/default.aspx
http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
http://www.secmaniac.com/
http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?utm_source=twitterfeed&utm_medium=twitter&utm_campaign=Feed%3A+Sectechno+%28SecTechno%29&utm_content=Twitter
http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/
http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/
http://www.securityexperiment.com/se/documents/Overlooked%20SQL%20Injection%2020071021.pdf
http://www.securityexperiment.com/se/documents/SQLInjectionCommentary20071021.pdf
http://www.securityfocus.com/bid
http://www.securityforest.com/wiki/index.php/Main_Page
http://www.securityninja.co.uk/
http://www.securityninja.co.uk/burp-suite-tutorial-repeater-and-comparer-tools
http://www.securitytube.net/
http://www.sensepost.com/blog/
http://www.sensepost.com/blog/4552.html
http://www.sensepost.com/labs/tools/pentest/reduh
http://www.serversniff.net/index.php
http://www.shodanhq.com/
http://www.skullsecurity.org/blog/
http://www.skullsecurity.org/wiki/index.php/Passwords
http://www.slideshare.net/Laramies/tactical-information-gathering
http://www.smashingpasswords.com/
http://www.sno.phy.queensu.ca/~phil/exiftool/
http://www.social-engineer.org/
http://www.softperfect.com/products/networkscanner/
http://www.spoke.com/
http://www.spokeo.com/
http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf
http://www.spylogic.net/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%e2%80%93-part-2-blogs-message-boards-and-metadata/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/
http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/
http://www.sqlteam.com/article/sql-server-versions
http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/
http://www.swaroopch.com/notes/Python_en:Table_of_Contents
http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf
http://www.technicalinfo.net/papers/CSS.html
http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data
http://www.tekniqal.com/
http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/
http://www.thenewboston.com/?cat=40&pOpen=tutorial
http://www.tineye.com/
http://www.tssci-security.com/
http://www.ucci.it/docs/ICTSecurity-2004-26.pdf
http://www.ustream.tv/recorded/12777183
http://www.ustream.tv/recorded/13396511
http://www.ustream.tv/recorded/13397426
http://www.ustream.tv/recorded/13398740
http://www.virus.org/default-password
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://www.vupen.com/english/advisories/2009/3634
http://www.webappsec.org/projects/articles/071105.shtml
http://www.webappsec.org/projects/threat/
http://www.webscantest.com/
http://www.websecurify.com/
http://www.woodmann.com/TiGa/idaseries.html
http://www.workrobot.com/sansfire2009/561.html
http://www.xing.com/
http://www.yasni.com/
http://www.youtube.com/user/ChRiStIaAn008
http://www.youtube.com/user/HackingCons
http://www.youtube.com/watch?v=WkHkryIoLD0
http://www.zabasearch.com/
http://www.zonbi.org/?p=253
http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html
http://xs-sniper.com/blog/
http://xsser.sourceforge.net/
http://xsser.sourceforge.net/#intro
http://zastita.com/02114/Attacking_ColdFusion..html
http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
http://zoominfo.com/
https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/
https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/
https://addons.mozilla.org/en-US/firefox/addon/hackbar/
https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/
https://addons.mozilla.org/en-US/firefox/addon/osvdb/
https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/
https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/
https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8
https://github.com/koto/squid-imposter
https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/
https://pentoo.ch/
https://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc@group.calendar.google.com&gsessionid=OK
https://www.ssllabs.com/ssldb/analyze.html

Friday, January 4, 2013

John The Ripper Sample Password Hashes

http://openwall.info/wiki/john/sample-hashes

A better list of example hashes are here:

http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats

Thursday, January 3, 2013

Credit Card Test Numbers

Here is a list of credit card test numbers copied from http://www.paypalobjects.com/en_US/vhelp/paypalmanager_help/credit_card_numbers.htm

Credit Card Type
Credit Card Number
American Express
378282246310005
American Express
371449635398431
American Express Corporate
378734493671000
Australian BankCard
5610591081018250
Diners Club
30569309025904
Diners Club
38520000023237
Discover
6011111111111117
Discover
6011000990139424
JCB
3530111333300000
JCB
3566002020360505
MasterCard
5555555555554444
MasterCard
5105105105105100
Visa
4111111111111111
Visa
4012888888881881
Visa
4222222222222
Note : Even though this number has a different character count than the other test numbers, it is the correct and functional number.
Processor-specific Cards
Dankort (PBS)
76009244561
Dankort (PBS)
5019717010103742
Switch/Solo (Paymentech)
6331101999990016

Tuesday, January 1, 2013

Display Unicode in Bash

Sometimes you want to use certain characters that only exist in unicode, unfortunately bash doesnt make it super easy to actually output it.

Here are the steps to manually include unicode in ascii bash scripts.


  1. Go find the actual unicode character online that you want to use.
  2. run this: echo -ne 'paste_unicode_here' | hexdump
  3. The result is the hex output of the unicode 
  4. Take the output, place \x before the bytes and use it in your script.

So, for example, if i wanted to use the "┡" character in something, this is what i'd run:
$echo -ne '┡' | hexdump
0000000 e2 94 a1                                       
0000003
$echo -ne '\xe2\x94\xa1'