Haroon Meer
Sorting your shoes like a whore!
(my first X-Rated blog post.. i should hook up ad-words and watch the money roll in!)
Ok.. our Zimbabwean recruit was posed the following question by some international academics:
Q:”How would you sort your shoes?”
He answered:
A: “I make the assumption that the shoes are positioned such that I can see their sizes, and that they are in a row of boxes. I would randomly pick a pair of shoes in a box and call them my ‘pivot point’. I would then reorder the shoes such that all shoes with sizes less than my pivot are on the left of it, and all shoes with a greater size are on the right of the pivot (perhaps having 2 piles of shoes next to me as I work, one for size less than, one for size greater than). This pivot pair of shoes would now be in their correct sorted position. I would then apply this same process to the left and right sets of shoes, and then to their left(left,right) and right(left,right) sets, continuing this process until all shoes have been ‘pivoted’ or there is only one or zero pair of shoes between two pivots. (i.e a set of only one pair).”
HTTP-Mangler QoW…
Many people took a crack at “what tool will work to replace mangler, out of the box” and so we have a bunch of new tools to play with..
Steven’s answer of MS-Word or PowerPoint left us scratching our heads a little, and rezn threw in the added complexity of the app requiring valid certs..
(to answer rezn, i think you could avoid the SSL complications with judicious use of a detours app or echo-mirage from bindshell.net).
Locating other sites on a virtually hosted box..
So everyone uses the live search engine with a ip: when trying to locate virtual hosts.
I used domaintools in the past with good results, till they went fully pay-per-use.
Checkout Reverse IP Domain Check , The 2 ips i’ve tested it on, gave reasonable results and at a great price!
Horses and DNS BruteForcing..
Old timers here will know about the concept of bruteforcing DNS using the clues available..
i.e. zone transfers disabled, but u see that the NS and MX servers are called gandalf.company.com and elrond.company.com. Effectively trying frodo.company.com is going to make good sense..
To this end BidiBlah will do this automagically for u and tries to eek out info.. (a little while back i saw fierce-scanner pop up in a similar vein!)
Open source (and lightning fast) Safari ?
While im into posting mac-links.. Check out [Webkit]
A little while back i mentioned not understanding why anyone would run a closed source browser while a decent open source version existed.. Then i was forced to use Safari while doing some testing, and was impressed by its snappiness.. it impressed me more when it didnt flinch at me opening ans surfing thousands of tabs.. blergh.. suddenly my firefox was losing its sheen!
Tooble for the win.. piracy++ ??
For those of you who have not yet tried it, check out Tooble. Its a point and click tool that lets you download videos from the youtube.. its pretty cool and allows u to pull/convert videos pretty trivially.. [for all my “dont do piracy” holier than thou-ness, i now have to wondr if pulling a google-tech-talk, which doesnt have a download link (i.e. the authors did not want us to download it) is any different to pandas cat internet > home_nas behaviour..)
John Heasman is now Blogging..
John is one of the bright guys over at NGS, and judging by his track record will boost the signal to noise ratio in the blogosphere.. You can read him at [aut disce, aut discede]
(of course, in truth.. i woulda linked to the blog just because i love the title (aut disce, aut discede – Either learn or leave))
Eerie coincidences..
a) its my birthday in a few days
b) Apple just announced the new macbookair..
Coincidence??? i think not!!!
Is URL / Variable Name the new Port Number ??
There has been a fair bit of blog buzz about the new SQL Injection worm that ran around infecting sites. I have not looked too deeply into it, but have not yet seen accounts of how the targeting was done. Since the sites do not appear to have been running a common framework i would guess that it was search-engine generated targets based on resource name (like inurl: search.asp)..
For ages we have been telling people that if they had to have a /admin/admin.asp on their internet facing web-app that they would at least help minimize their exposure a little by naming it /admin_[bet_u_dont_find_this]/admin_[another_variable].asp
Strange Entries in your wbeserver logs, Wikto and questions about our Gender!
Over the past while we have been getting emails from people trying to figure out why they had entries like this in their http log files:
10.10.1.136 – – [32/Dec/2007:25:61:07 +0200] “GET //admin/dat_Gareth_at_sensepost_hackslikeagirl_.asp HTTP/1.1” 404 –
Recently a concerned Wikto user figured out that this was linked to him using Wikto (our Win32 Nikto Replacement + Directory / File / Back-End Miner). A snippet from his email read:
-snip-
I sniffed the traffic going out from my host going to the target host and infact this is the result:
HTTP GET /admin/dat_Gareth_at_sensepost_hackslikeagirl_.asp HTTP/1.0
All the requests are full of this… Well, at this point the questions are two:
1) You have a strange sense of humor.
2) You have been compromised. Waiting for a feedback,