πŸ”’
There are new articles available, click to refresh the page.
βœ‡ DigiNinja

When All You Can Do Is Read.

By: DigiNinja β€”
A look at what files are good to try to read when all you have is read only access to a machine, i.e. no directory listing ability.
βœ‡ DigiNinja

Trying to understand why the EE web portal doesn't have a password change feature.

By: DigiNinja β€”
Trying to understand why the EE web portal doesn't have a password change feature.
βœ‡ DigiNinja

Double tunnels to help a colleague in distress.

By: DigiNinja β€”
Double tunnels to help a colleague in distress - Setting up SSH tunnels to allow external access to an internal network.
βœ‡ DigiNinja

Invalid HTTP requests and bypassing rewrite rules in lighttpd

By: DigiNinja β€”
Using an invalid HTTP request to bypass rewrite rules in lighttpd and the story of how I found the problem.
βœ‡ DigiNinja

Protecting against XSS in SVG

By: DigiNinja β€”
A client had the requirement to allow users to upload SVG files to their web app, these files then had to be displayed. As SVG files can contain JavaScript and can be used for Cross-Site Scripting attacks, I had to do some investigating to find ways to allow them to do what they wanted safely.
βœ‡ DigiNinja

Custom word list generator based on tweets - Update to use the new Twitter search API

By: DigiNinja β€”
Twofi takes keywords and usernames and collects tweets based on these terms. It then extracts individual words and uses them to create a custom word list - Update to use the new Twitter search API
βœ‡ DigiNinja

A Meterpreter script to download wireless profiles from Windows 7 and Vista boxes.

By: DigiNinja β€”
A Meterpreter script to download wireless profiles from Windows 7 and Vista boxes.
βœ‡ DigiNinja

Do you have a second hand Trojan in your pocket?

By: DigiNinja β€”
The Trojan in your pocket - Do you know what your phone is doing?
βœ‡ DigiNinja

Hostapd Karma patches updated to hostapd version 1.0

By: DigiNinja β€”
Hostapd was recently updated to version 1.0 so I've brought the Karma patches up-to-date. This release contains a fully patched source tarball and a patch file if you want to apply it to your own source. I've also added a mention of the hostapd_cli app which you can use to control hostapd once it is running.
βœ‡ DigiNinja

A Pipal analysis of the recent Tesco password disclosure.

By: DigiNinja β€”
A Pipal analysis of the recent Tesco password disclosure.
βœ‡ DigiNinja

Burp Macros and Session Handling.

By: DigiNinja β€”
A worked example of using Burp Suite macros and session handling.
βœ‡ DigiNinja

A Metasploit module to accompany my blog post on finding interesting data in MSSQL databases.

By: DigiNinja β€”
A Metasploit module to accompany my blog post on finding interesting data in MSSQL databases.
βœ‡ DigiNinja

Setting up a RIPv1 lab in GNS3 and then exploiting it to poison routes between two machines.

By: DigiNinja β€”
In this lab I'm going to look at RIPv1, probably the most basic routing protocol. As with the VLAN labs I'm building this one in GNS3 and linking it to a Virtual Box machine running Debian. The plan is to build a network with three routers all using RIP to sync their routing information. I'll then use the attacking box to inject a fake route into the network and so divert traffic away from its real target. If you are not familiar with RIP it is hop based system where each hop is a unit and traffic is routed across the shortest number of hops.
βœ‡ DigiNinja

OSSEC rules for handling Kismet alerts files

By: DigiNinja β€”
Handle alerts generated by Kismet Newcore in OSSEC.
βœ‡ DigiNinja

Extract meta data from videos taken on iPhones.

By: DigiNinja β€”
ivMeta is based on information in . It will attempt to pull the following bits of information from an iPhone video: * Maker - should always be Apple * iOS Software version * Date video was taken * GPS co-ords where video was taken * Model of phone
βœ‡ DigiNinja

Stealing CSRF tokens with XSS

By: DigiNinja β€”
Techniques using both raw JavaScript and jQuery to use XSS to grab a CSRF token and then submit the form it protects.
βœ‡ DigiNinja

Nessus Through SOCKS Through Meterpreter.

By: DigiNinja β€”
Running a Nessus scan through a Meterpreter pivot using a SOCKS4 Proxy.
βœ‡ DigiNinja

A companion tool to Pipal which can spot keyboard patterns in password lists.

By: DigiNinja β€”
It is generally accepted that most passwords in common use are based on dictionary words however, some people decide to use keyboard patterns instead and to try to spot these I've created Passpat. Passpat uses data files containing the layouts of common keyboards to walk each word through the keyboard and score the word based on how close it is to being a pattern. For now I'm taking pattern to mean keys which are next to each other, while qpalzm is a pattern picking something like that up is currently out of the scope of this project.
βœ‡ DigiNinja

My opinion on the eBay password reset policy - no pasting and 20 character caps are bad.

By: DigiNinja β€”
My opinion on the eBay password reset policy - no pasting and 20 character caps are bad.
❌