0x0e.org | pentesting perspective

braindump on pentesting, QA, metasploit, constant learning

Archive for January 2009

john, meet amazon. amazon, john.

with 2 comments

These are a rough set of notes I put together when figuring out Amazon’s EC2. I’ve been using the boxes quite extensively to crack passwords. This has turned out to be a godsend for me when i’m on the road, and i need to be able to set up heavy duty machines on the fly.

To get started:

Set up an Amazon account:

Chances are you probably already have one, but if necessary you can sign up here: http://aws.amazon.com/ You can use your regular Amazon.com account to get started with EC2.

  • Take note of your key and secret key, you’ll need them in the next steps

Get & Configure ElasticFox Firefox Plugin

Though Amazon.com just released their own browser-based console to control machines, I prefer the ElasticFox plugin.

  • download latest version of elasticfox (firefox plugin)
  • open elasticfox
  • firefox -> tools -> elasticfox
  • click credentials
    • add your amazon credentials to the list
    • click okay
  • select the new account from the drop-down

Create a New Instance

  • Click the Amazon Machine Instances (AMI) and Instances tab
    • Hit the refresh button in the upper left (blue)
    • If you’re looking for a specific machine, type that in the search, and hit refresh
      • try the alestic ubuntu base (i386) machines – they’re vanilla, and rock-solid
    • right-click on the instance, say create

Selecting An Instance Type

  • Amazon images come in a few flavors:
    • M1 – memory – $0.10 / hour (default)
    • M2 – memory2 – $0.40 / hour
    • M3 – memory3 – $0.80 / hour
    • C1 – cpu1 – $0.20 / hour
    • C2 – cpu2 – $0.80 / hour

Generate a Public/Private key pair

Amazon, by default, requires key-based authentication. ElasticFox makes the management of this fairly painless, except when you’re dealing with multiple PCs. The management of these keys is important.  If the key is lost, you WILL NOT be able to log into the machine created with the key.

  • if you’re on linux, the pem file will work with the default terminal (if you’re on windows, a little extra work with putty / puttygen is needed here)
    • tested on ubuntu/gnome-terminal

Configuring an Elastic IP

  • Elastic IPs can be used to give a temporarary static IP to a machine
    • This can be useful in the case of connect-backs
  • Note that the machines a can always be accessed by public DNS name

Setting up the box

Now for the fun part.

  • run the following:
    #!/bin/bash<br />apt-get update<br />apt-get upgrade<br />apt-get install john<br />
  • Copy / Paste the hash file into the terminal
  • Run john on the hash file
  • ???
  • Profit.

enjoy :).

Written by jcran

January 31, 2009 at 11:10 PM

Posted in Uncategorized

Top Web Hacking Techniques of 2008

leave a comment »

Jeremiah Grossman & co’s “Top Web Hacking Techniques of 2008” have been released. Go check’m out, update your own techniques, and add anything they might have missed (I can’t think of any…).

Some of my favorites:

  • Cross-Site Printing – By using only JavaScript, an Internet web site can remotely print to an internal network based printer by doing an HTTP POST. Handy for sending anonymous notes when your neighbor just won’t shut up.
  • GIFARS – These files could be uploaded to sites that allow image uploading (such as many site’s member photos), to run code in the context of that site – getting around the “same origin policy” that browsers impose. Handy for spl0iting forums
  • SQL Column Truncation – Interesting technique that j0e brought to my attention. Good for spl0iting your friendly neighborhood mysql app.
  • Cross-Environment Hopping –  to be honest, i haven’t read the whole post here, but i think i’ve always wanted to cross-hop someone. sue me. (this is a REALLY nice explanation of current same-origin issues & how to utilize different IE / Firefox components to take advantage of variations in implementation, for what it’s worth).

Note to self: Don’t spend 45 mins trying to figure out how to unlink a word in ScribeFire. Entire linked paragraphs are /okay/ if it’s going to destroy your productivity (and your non-existent social life).

Written by jcran

January 27, 2009 at 4:30 AM

Posted in Uncategorized

Ain’t no berry like a boiled-dead berry

with 2 comments

So I killed my Blackberry earlier this week, but a few good tips came out of it.

  1. You can configure your email accounts & autoforwarders here. You can also (re)send service books.
  2. To access a CDMA service screen, enter ##000000 (six zeros) and hit send. From here, you can edit the number associated with the phone and some of the network settings.
  3. FYI (and this is more a note to myself), it’s not a good idea to make noodles after coming home from the bar @ 2AM.

Written by jcran

January 20, 2009 at 2:43 AM

Posted in Uncategorized

OWASP v3.0

leave a comment »

Just in case you missed this one, the OWASP v3.0 Testing Guide has been released. If you are involved in application security at all, building or breaking, you should be very familiar with this material.

Written by jcran

January 15, 2009 at 4:59 AM

Posted in Uncategorized

How to suck at infosec

leave a comment »

Written by jcran

January 9, 2009 at 3:48 PM

Posted in Uncategorized