Saturday, January 26, 2013

Rant: OSX Find Clipboard - Invokes Baby Punching

OSX has multiple clipboards that allow you to do fairly user friendly actions such as drag and drop various files, fonts, text, etc. Among these clipboards is the global "Find Pasteboard". This has been by far the stupidest and more shortsighted idea i have ever seen implemented by apple.

At first it seems like a great idea, select text somewhere, hit cmd+e and search for it in a completely separate application just by hitting cmd+g. I'm sure certain people find that very useful. But there is a problem with this. A problem that makes me want to punch babies.

For example:
if you search for text in chrome on a webpage, and you switch to sublime text 2 to search for something in your code, it automatically inputs the text that you typed into chrome, into the sublime "find" box. ok...thats odd, i'll just backspace and start typing my search. Ah damn, i forgot the syntax to that one perl regex. When you switch back to chrome to search the page, IT COMPLETELY WIPES OUT/REPLACES YOUR SEARCH IN SUBLIME. so that big long regex i was typing in sublime? gone. Thanks apple, your "feature" wiped out the last 30 minutes of research i was doing. this is the type of thing that creates serial killers.

The absolute worst part about all of it, the part where apple's arrogance and unbelievable big head ruins everything, is in the fact that THERE IS NO WAY TO DISABLE IT. AT ALL. ZILCH. NADA. They simply say that "this is intended behavior" which is the equivalent of them giving you the finger and saying "deal with it".

The entire idea of the find clipboard itself is stupid. It's a feature thats hardly known, and much more likely to cause frustration and issues than the problems it solves. The probability that you need to search for two different strings in different applications is obscenely higher than the few situations in which you want to search text from one app in another.

I'm not saying take this feature out, as i'm sure someone might be using it, i'm simply asking for a way to disable it.

This issue is more evidence of what i believe to be apple's worst quality, the arrogance of their imposed "user experience" on the consumer. I'm done with apple, this issue is on top of the dozens of other things that have driven me mad by them. I'm doing back to linux. At least then i have %100 control over my computer.

Thursday, January 24, 2013

Barracuda SSH Backdoors

Today i learned of an advisory posted on reddit regarding Barracuda and certain "support" ssh backdoors installed on many of their products. Unfortunately i dont have a Barracuda product to test the specific attack strings on, but i have been able to gather quite a bit of information on it:

Here is the reddit netsec article on it:

Here is the Neohapsis copypasta from SEC-consult:

Here is the original advisory:

Barracuda released several "tech alerts" about this vuln:

Here is a full disclosure post in 2011 where someone suspected Barracuda had a backdoor (for lolz)

Here is a blog post from 2009 (seriously) of a guy that got root access from the console and revealed overlapping details about the advisory:

Summary of the situation:
The following products:
     Barracuda Spam and Virus Firewall
     Barracuda Web Filter
     Barracuda Message Archiver
     Barracuda Web Application Firewall
     Barracuda Link Balancer
     Barracuda Load Balancer
     Barracuda SSL VPN
     (all including their respective virtual "Vx" versions)
vulnerable version: all versions less than Security Definition 2.0.5

All have preinstalled (undocumented) support accounts with SSH access in /etc/passwd.
The "product" support account drops you to shell without requiring SSH keys. Which also has access to the MySQL database that can modify the list of users who can log in...

Only hosts coming from certain IPs can access this ssh daemon:

There are certain reports that the "product" user requires no password.

If anyone can get me the user hashes, i can run it through my (pretty big/extensive) wordlists with rulesets.

Tuesday, January 22, 2013

Edit Text Without Using Files

Lots of times on engagements i'll have to take a big chunk of data, for example user credentials, and parse/format them a particular way. Typically it can be done quickly by placing the text into a small temp file, and then parsing the contents that way.

The problem is that you are then left with a bunch of crap files you dont need. Granted, i could just put everything in the /tmp folder, or create another temp folder alltogether, but i didnt want to have to deal with files at all.

In come here documents. Here documents are awesome for stuff like this. Take this example:

cat <<EOFMEOW | awk '{print $3}'


Now all i need to do is just paste the text once it spits back the '>' prompt.

Wednesday, January 16, 2013

Windows Network Service Internals - IPC/RPC

Here are the core MSRPC functions/capabilities. It includes things like interacting with the SAM, the registry, the event log, the service control manager and much more:

Saturday, January 5, 2013

Pentest Bookmarks - Single Links

Here is a list of the pentest-bookmarks grabbed from
I needed to parse them for a project, so i modified it to be a one-line-per-link format. I figured someone else might be able to use it for something so I'm posting it here.

EDIT: here is the line i used:

grep -E -o '<A HREF=\"http.*?\"' <(curl | sort -u | cut -d \" -f 2,33903,com_smf/Itemid,54/topic,6131.msg32678/#msg32678,com_smf/Itemid,54/topic,6158.0/

Friday, January 4, 2013

John The Ripper Sample Password Hashes

A better list of example hashes are here:

Thursday, January 3, 2013

Credit Card Test Numbers

Here is a list of credit card test numbers copied from

Credit Card Type
Credit Card Number
American Express
American Express
American Express Corporate
Australian BankCard
Diners Club
Diners Club
Note : Even though this number has a different character count than the other test numbers, it is the correct and functional number.
Processor-specific Cards
Dankort (PBS)
Dankort (PBS)
Switch/Solo (Paymentech)

Tuesday, January 1, 2013

Display Unicode in Bash

Sometimes you want to use certain characters that only exist in unicode, unfortunately bash doesnt make it super easy to actually output it.

Here are the steps to manually include unicode in ascii bash scripts.

  1. Go find the actual unicode character online that you want to use.
  2. run this: echo -ne 'paste_unicode_here' | hexdump
  3. The result is the hex output of the unicode 
  4. Take the output, place \x before the bytes and use it in your script.

So, for example, if i wanted to use the "┡" character in something, this is what i'd run:
$echo -ne '┡' | hexdump
0000000 e2 94 a1                                       
$echo -ne '\xe2\x94\xa1'