2008
Sorting your shoes like a whore!
(my first X-Rated blog post.. i should hook up ad-words and watch the money roll in!)
Ok.. our Zimbabwean recruit was posed the following question by some international academics:
Q:”How would you sort your shoes?”
He answered:
A: “I make the assumption that the shoes are positioned such that I can see their sizes, and that they are in a row of boxes. I would randomly pick a pair of shoes in a box and call them my ‘pivot point’. I would then reorder the shoes such that all shoes with sizes less than my pivot are on the left of it, and all shoes with a greater size are on the right of the pivot (perhaps having 2 piles of shoes next to me as I work, one for size less than, one for size greater than). This pivot pair of shoes would now be in their correct sorted position. I would then apply this same process to the left and right sets of shoes, and then to their left(left,right) and right(left,right) sets, continuing this process until all shoes have been ‘pivoted’ or there is only one or zero pair of shoes between two pivots. (i.e a set of only one pair).”
HTTP-Mangler QoW…
Many people took a crack at “what tool will work to replace mangler, out of the box” and so we have a bunch of new tools to play with..
Steven’s answer of MS-Word or PowerPoint left us scratching our heads a little, and rezn threw in the added complexity of the app requiring valid certs..
(to answer rezn, i think you could avoid the SSL complications with judicious use of a detours app or echo-mirage from bindshell.net).
Locating other sites on a virtually hosted box..
So everyone uses the live search engine with a ip: when trying to locate virtual hosts.
I used domaintools in the past with good results, till they went fully pay-per-use.
Checkout Reverse IP Domain Check , The 2 ips i’ve tested it on, gave reasonable results and at a great price!
WebScarab-NG HTTP Mangler Functionality
H said that there is a tool that will do the HTTP Mangler functionality out of the box.
So here goes. WebScarab-NG is the tool that will do the trick. First we select the feature that will allow us to setup the proxy listener as seen in the image below.
Then we need to configure the proxy listener to the ports etc we need as seen below.
Horses and DNS BruteForcing..
Old timers here will know about the concept of bruteforcing DNS using the clues available..
i.e. zone transfers disabled, but u see that the NS and MX servers are called gandalf.company.com and elrond.company.com. Effectively trying frodo.company.com is going to make good sense..
To this end BidiBlah will do this automagically for u and tries to eek out info.. (a little while back i saw fierce-scanner pop up in a similar vein!)
Open source (and lightning fast) Safari ?
While im into posting mac-links.. Check out [Webkit]
A little while back i mentioned not understanding why anyone would run a closed source browser while a decent open source version existed.. Then i was forced to use Safari while doing some testing, and was impressed by its snappiness.. it impressed me more when it didnt flinch at me opening ans surfing thousands of tabs.. blergh.. suddenly my firefox was losing its sheen!
Tooble for the win.. piracy++ ??
For those of you who have not yet tried it, check out Tooble. Its a point and click tool that lets you download videos from the youtube.. its pretty cool and allows u to pull/convert videos pretty trivially.. [for all my “dont do piracy” holier than thou-ness, i now have to wondr if pulling a google-tech-talk, which doesnt have a download link (i.e. the authors did not want us to download it) is any different to pandas cat internet > home_nas behaviour..)
HBN Bootcamp @ Black Hat
Black Hat DC this year is supposed to be “a different kind of Black Hat”. There are four tracks over the two days with a special emphasis on wireless and speakers include Chris Wysopal, FX from Phenoelit, Job de Haas, and Adam Laurie. The smaller shows are always good fun and good value for money and DC this year promises to have an excellent line-up of speakers.
As usual training courses are offered on the two days before the briefings begin. Its been a while since we trained at DC but this year we’re back with a Bootcamp course. The course is filing up nicely, so we’re totally stoked. Like the show, the courses tend to be smaller and more personal so if you’ve never attended a Hacking By Numbers
‘Bootcamp’ course before then this is a great opportunity. Bootcamp Edition teaches a method-based approach to hacking into networks and systems over the Internet. The method taught consists of seven distinct phases that each have their own objectives, techniques and tools. Students are provided with fully-configured laptop computers that are used stage-for-stage to complete fifteen different technical exercises. You can learn more or enroll here… otherwise contact us via training@sensepost.com if you’d like some more information.
John Heasman is now Blogging..
John is one of the bright guys over at NGS, and judging by his track record will boost the signal to noise ratio in the blogosphere.. You can read him at [aut disce, aut discede]
(of course, in truth.. i woulda linked to the blog just because i love the title (aut disce, aut discede – Either learn or leave))
On working when everyone else is asleep…
This quote reminded of something H always says:
“When opportunity comes… its too late to prepare”
– John Wooden – Hall of Fame Basketball coach