Posts

A small script for decompressing android backups written in python, practically no deps.

I’ve been trying to expand my knowledge of Metasploit recently. I’ve gotten training which included quite extensive coverage of the framework, for which I’m grateful; but to really get how extensive the tool’s functionality is, there’s nothing quite like practice. With this in mind, I downloaded the metasploitable VM over at sourceforge (http://sourceforge.net/projects/metasploitable/files/Metasploitable2/) and began hacking away at it. When you start working on these things, it’s awful tempting to fall back into ‘CTF mode’, where your only objective is to get in. It’s not super effective in testing the tool, though. So I tried to limit myself to metasploit only, and see how far I could go. I also took a breadth-first approach rather than a depth-first approach - in other words, exploring as many of the scanning functionality as possible before moving on to exploitation. ...

WebSockets are a mechanism that allow a client (typically a web page) to talk to a server without the overhead and complications that web services may pose. The client first establishes a connection using http and then makes a request to switch over to websockets; the process is described in RFC 6455 <https://tools.ietf.org/html/rfc6455>__. Using this technology simplifies development of elaborate web based clients and reduces web traffic, which is pretty sweet for developed and admins alike ...

We like to think of VNC passwords as encrypted; but when you consider that they’re encrypted using DES (a weak encryption algorithm) with a key that is hardcoded… Well… That pretty much makes VNC passwords \ encoded and not \ encrypted. There are a few VNC password revealers out there, such as \ vncpwd <https://github.com/jeroennijhof/vncpwd>__ or VNCPassView <http://www.nirsoft.net/utils/vnc_password.html>__, the former can be used in Linux and the latter in Windows. A prerequisite to using these is that you have access to the VNC passwd file and/or registry. Other tools exist to snarf the VNC password out of network captures.

I wrote this short VBS script today to help out a client; basically, you can run this on an Active Directory domain as a login script to see if your users’ offline shares are correctly configured. In this case, each user is supposed to have a ‘U:’ drive that syncs with a file server whenever they’re on campus, and is available whenever they’re on the road. Sometimes, though, the configuration isn’t set for one reason or another… Hence the script. ...

I was at Brucon 2010 last week, and it was a blast! The ambiance at the con was very much reminiscent of Defcon’s: people talking passionately about security in a relaxed, geek-and-caffeine-rich environment. In the past, when attending infosec cons I tend to go to all the talks – this time, I decided to go to as many workshops as possible. I must say, I was not disappointed at all – while talks are often absolutely fascinating and wildly entertaining, workshops provide a chance to understand something at a much deeper level and allow you to test your knowledge of the topic; it also allows the speaker to tune her content to the audience in a much more interactive manner, providing more, or less, background information according to the crowd’s grasp of the subject. For instance, during the malicious PDF analysis workshop, Didier Stevens provided an overview of the PDF structure and started working through his samples, but quickly started skipping through examples he thought were obvious and allotting more time to the ‘juicy bits’. ...

| Operating System and tools | Pick an operating system with which you’re comfortable. A lot of *nix junkies out there will heckle you about which distro is best, especially when it comes to running security tools; and whilst I agree with the principle that a good solid distro will improve your machine’s robustness and prevent a malicious attacker from turning your security tools against you, let’s be realistic: there isn’t a single distro, operating system or device out there that can’t be exploited. This is not always due to the shortcomings of the developer, or administrator, or what have you: it is the result of a complex balance between security, functionality, communication and logistics. So what I say is, pick *one* distro and get to know it very well. Make sure it can patched on a regular basis and that any remote communication you set up with it is secured (encrypted, with a long password or certificate for authentication). For this example, I’m going to use an Ubuntu box, honeyd, swatch and ruby to set up the honeypot and monitoring systems. ...