πŸ”’
❌
There are new articles available, click to refresh the page.
Before yesterdayDigiNinja

When All You Can Do Is Read.

29 June 2022 at 12:06
A look at what files are good to try to read when all you have is read only access to a machine, i.e. no directory listing ability.

Trying to understand why the EE web portal doesn't have a password change feature.

19 May 2002 at 15:21
Trying to understand why the EE web portal doesn't have a password change feature.

Double tunnels to help a colleague in distress.

29 June 2022 at 12:06
Double tunnels to help a colleague in distress - Setting up SSH tunnels to allow external access to an internal network.

Invalid HTTP requests and bypassing rewrite rules in lighttpd

19 May 2002 at 15:21
Using an invalid HTTP request to bypass rewrite rules in lighttpd and the story of how I found the problem.

Protecting against XSS in SVG

19 May 2002 at 15:21
A client had the requirement to allow users to upload SVG files to their web app, these files then had to be displayed. As SVG files can contain JavaScript and can be used for Cross-Site Scripting attacks, I had to do some investigating to find ways to allow them to do what they wanted safely.

Custom word list generator based on tweets - Update to use the new Twitter search API

29 June 2022 at 12:06
Twofi takes keywords and usernames and collects tweets based on these terms. It then extracts individual words and uses them to create a custom word list - Update to use the new Twitter search API

A Meterpreter script to download wireless profiles from Windows 7 and Vista boxes.

29 June 2022 at 12:06
A Meterpreter script to download wireless profiles from Windows 7 and Vista boxes.

Do you have a second hand Trojan in your pocket?

29 June 2022 at 12:06
The Trojan in your pocket - Do you know what your phone is doing?

Hostapd Karma patches updated to hostapd version 1.0

29 June 2022 at 12:06
Hostapd was recently updated to version 1.0 so I've brought the Karma patches up-to-date. This release contains a fully patched source tarball and a patch file if you want to apply it to your own source. I've also added a mention of the hostapd_cli app which you can use to control hostapd once it is running.

A Pipal analysis of the recent Tesco password disclosure.

29 June 2022 at 12:06
A Pipal analysis of the recent Tesco password disclosure.

Burp Macros and Session Handling.

19 May 2002 at 15:21
A worked example of using Burp Suite macros and session handling.

A Metasploit module to accompany my blog post on finding interesting data in MSSQL databases.

29 June 2022 at 12:06
A Metasploit module to accompany my blog post on finding interesting data in MSSQL databases.

Setting up a RIPv1 lab in GNS3 and then exploiting it to poison routes between two machines.

29 June 2022 at 12:06
In this lab I'm going to look at RIPv1, probably the most basic routing protocol. As with the VLAN labs I'm building this one in GNS3 and linking it to a Virtual Box machine running Debian. The plan is to build a network with three routers all using RIP to sync their routing information. I'll then use the attacking box to inject a fake route into the network and so divert traffic away from its real target. If you are not familiar with RIP it is hop based system where each hop is a unit and traffic is routed across the shortest number of hops.

OSSEC rules for handling Kismet alerts files

29 June 2022 at 12:06
Handle alerts generated by Kismet Newcore in OSSEC.

Extract meta data from videos taken on iPhones.

29 June 2022 at 12:06
ivMeta is based on information in . It will attempt to pull the following bits of information from an iPhone video: * Maker - should always be Apple * iOS Software version * Date video was taken * GPS co-ords where video was taken * Model of phone

Stealing CSRF tokens with XSS

19 May 2002 at 15:21
Techniques using both raw JavaScript and jQuery to use XSS to grab a CSRF token and then submit the form it protects.

Nessus Through SOCKS Through Meterpreter.

29 June 2022 at 12:06
Running a Nessus scan through a Meterpreter pivot using a SOCKS4 Proxy.

A companion tool to Pipal which can spot keyboard patterns in password lists.

29 June 2022 at 12:06
It is generally accepted that most passwords in common use are based on dictionary words however, some people decide to use keyboard patterns instead and to try to spot these I've created Passpat. Passpat uses data files containing the layouts of common keyboards to walk each word through the keyboard and score the word based on how close it is to being a pattern. For now I'm taking pattern to mean keys which are next to each other, while qpalzm is a pattern picking something like that up is currently out of the scope of this project.

My opinion on the eBay password reset policy - no pasting and 20 character caps are bad.

29 June 2022 at 12:06
My opinion on the eBay password reset policy - no pasting and 20 character caps are bad.
❌