2008
Eerie coincidences..
a) its my birthday in a few days
b) Apple just announced the new macbookair..
Coincidence??? i think not!!!
Is URL / Variable Name the new Port Number ??
There has been a fair bit of blog buzz about the new SQL Injection worm that ran around infecting sites. I have not looked too deeply into it, but have not yet seen accounts of how the targeting was done. Since the sites do not appear to have been running a common framework i would guess that it was search-engine generated targets based on resource name (like inurl: search.asp)..
For ages we have been telling people that if they had to have a /admin/admin.asp on their internet facing web-app that they would at least help minimize their exposure a little by naming it /admin_[bet_u_dont_find_this]/admin_[another_variable].asp
Strange Entries in your wbeserver logs, Wikto and questions about our Gender!
Over the past while we have been getting emails from people trying to figure out why they had entries like this in their http log files:
10.10.1.136 – – [32/Dec/2007:25:61:07 +0200] “GET //admin/dat_Gareth_at_sensepost_hackslikeagirl_.asp HTTP/1.1” 404 –
Recently a concerned Wikto user figured out that this was linked to him using Wikto (our Win32 Nikto Replacement + Directory / File / Back-End Miner). A snippet from his email read:
-snip-
I sniffed the traffic going out from my host going to the target host and infact this is the result:
HTTP GET /admin/dat_Gareth_at_sensepost_hackslikeagirl_.asp HTTP/1.0
All the requests are full of this… Well, at this point the questions are two:
1) You have a strange sense of humor.
2) You have been compromised. Waiting for a feedback,
Wikto 2 Bugfix
A seasonal Wikto version was released on the 22nd (Version 2.0.2911-20215) which has an issue with the web spider funtionality.
HTTPS requests are being made in plain text, and this obviously means that attempts to spider such sites will not work.
A bug fix for this is available from www.sensepost.com
Thanks to Mark Murdock for the heads up.
Two pointless excuses to post two pictures..
a) At the end of the year we usually end up getting geek-gifts.. from SensePost, to SensePost.. Last years iPod nano’s were always going to be a tough act to follow.. but i think the picture says it all:
(click pic for clearer view) I know for those across the pond its probably going to sound 3rd world, but i was genuinely suprised at how life-changing GPS technology is.. Of course, it brings the usual geek side effects (other than people playing with Pimp my GPS). I.e. we noticed the other day that in the car park before going home, everyone was busy fiddling with their GPS units.. so suddenly, a bunch of reasonably intelligent folks who used to make the commute to the office and home daily for about 3 years need instructions on how to do it *sigh*
Applescript for HTTP BruteForcing..
A long time ago i blogged on the joys of using VBS to automate bruteforcing [1|2]when one didnt want to mess about duplicating an applications functionality at the protocol level.. Yesterday i had need to brute-force a web application which tried hard to be difficult and annoying..
Normally i would have used crowbar, Suru or a ugly mangled Python script, but the application was strangely difficult..
i.e. the login process is multi staged, with new cookies being handed out at various stages. 302 redirects are used heavily and then to top it off a healthy dose of JavaScript is sent back in replies that also affect your navigation.. Now all of this can be scripted (obviously) but i figured i would try automating Safari with applescript to get the same effect..
Prev
Page 8 of 8