πŸ”’
❌
There are new articles available, click to refresh the page.
βœ‡DigiNinja

Mobile Me Madness

β€”
A brief description of how Mobile Me allows access to its file listings and how to interpret them.
βœ‡DigiNinja

Whats in Amazon's buckets?

β€”
The description of how I wrote a tool to brute force bucket names from the Amazon S3 system and then take it a step further.
βœ‡DigiNinja

Using decompression to avoid filters

β€”
Using decompression to avoid filters - Decompressing data to get it past filters such as IDS.
βœ‡DigiNinja

Analysing Amazons Buckets

β€”
Analysis of the content I found when trawling Amazon's buckets looking for public information.
βœ‡DigiNinja

Abusing a DDNS service to find IP cameras around the world.

β€”
When I bought an IP camera to watch by daughters cot I didn't expect to end up writing tools to find others around the world, I also didn't expect it to be so poorly secured.
βœ‡DigiNinja

A story about Hakin9, the kings of spam

β€”
About once a fortnight I get a request to write an article for Hakin9 or one of its sister publications, this article details my attempts to stop this spam.
βœ‡DigiNinja

An application to parse files such as .DS_Store to reveal otherwise unlinked files on web sites.

β€”
File Disclosure Browser, an application to parse files such as .DS_Store to reveal otherwise unlinked files on web sites.
βœ‡DigiNinja

Do you include steps to reproduce vulnerabilities in your security reports? In this post I think about how to do this.

β€”
Three times in the past few months I've been asked by clients to retest previous findings to see if they have been successfully fixed. One of the reports I was given was one I'd written, the other two were by other testers. For my report I couldn't remember anything about the test, reading the report gave me some clues but I was really lucky and found that I'd left myself a test harness in the client's folder fully set up to test the vulnerability. One of the other two was testing for a vulnerability I'd never heard of and couldn't find anything about on Google. I finally tracked down the original tester and it turns out there is a simple tool which tests for the issue and one command line script later the retest was over. The final issue was one that I knew about but had a really good write up that, even if I'd not heard of it, had a full walk through on how to reproduce the test.
βœ‡DigiNinja

Karma comes into the modern age with patches for hostapd.

β€”
Karma was originally written for Madwifi and I then updated it to work with Madwifi-ng. This update adds the same functionality to hostapd.
βœ‡DigiNinja

Using Google Analytics tracking codes to find relationships between domains.

β€”
When doing reconnaissance on clients it is often useful to try to identify other websites or companies who are related to your target. One way to do this is to look at who is managing the Google Analytics traffic for them and then find who else they manage. There are a few online services which do this, the probably best known being ewhois, but whenever you use someone else's resources you are at their mercy over things like accuracy of the data and coverage, especially if you are working for a small client who hasn't been scanned by them then you won't get any results. This is where my tracker tracking tool comes in. The tool is in two parts, the first uses the power of the nmap engine to scan all the domains you are interested in and pull back tracking codes, these are then output in the standard nmap format along with the page title. I've then written a second script which takes the output and generates a grouped and sorted CSV file which you can then analyse.
βœ‡DigiNinja

Enumerating shares on the SpiderOak network.

β€”
Spidering SpiderOak - By looking at the differences between responses it is possible to enumerate valid account names and then shares on the SpiderOak network. This post covers how I researched this, the findings and how it could be fixed.
βœ‡DigiNinja

Calc IP Range

β€”
Given a IP address calculate the top and bottom of its available subnet range
βœ‡DigiNinja

A Pipal analysis of the Manga Traders password dump, some interesting results when looking at demographics and reuse of username/email addresses as passwords.

β€”
A Pipal analysis of the Manga Traders password dump, some interesting results when looking at demographics and reuse of username/email addresses as passwords.
βœ‡DigiNinja

A little trick to extract stored FTP details

β€”
A little trick to extract stored FTP details by setting up a fake server then capturing the clear text.
βœ‡DigiNinja

I've just added a new challenge to the lab looking at exploiting the none algorithm. For more information, and a walk through.

β€”
I've just added a new challenge to the lab looking at exploiting the none algorithm. For more information, and a walk through, see JWT None Authentication Lab.
βœ‡DigiNinja

Metasploit DNS MiTM and DHCP Exhaustion modules

β€”
Two new beta Metasploit modules, one for DNS MiTM and one for DHCP Exhaustion attacks
βœ‡DigiNinja

Adding VLANs to the GNS3/VirtualBox Lab

β€”
Adding VLANs to the GNS3/VirtualBox Lab - In this post I show how to add VLANs to the lab and how to move between them on the switch. I then show what can happen if you get on to a trunk port and get to control your own VLAN tagging.
βœ‡DigiNinja

A modular brute force tool currently supporting HTTP(S), MySQL and SSH.

β€”
A modular brute force tool currently supporting HTTP(S), MySQL and SSH. Written in Ruby and designed to be easily extendable by using off the shelf protocol libraries.
βœ‡DigiNinja

Write up of my efforts to track down what turned out to be an accidental DoS against my Gmail account.

β€”
If anyone was watching my Twitter feed over the last few days you'll have seen me complaining about my Gmail account being down. It wasn't down completely, I could still access the web interface and read all old mails but hadn't had any new emails in since 4AM on Thursday. I have various other mail accounts, some Gmail, some not, so I tried sending myself mails from those account to see if things were broken or whether I had just become very unpopular. None of the mails got through. I also tested sending emails out and none of those worked either so there was definitely a problem. By Friday lunchtime I'd had a couple of mails but nothing much so I figured I'd better do some digging and get it fixed.
❌