Thursday, November 24, 2011

Browser Exploitation Framework on Mac OSX 10.6


As you know BeEF is a good framwork for browser exploitation.Here is a guide to install it in Mac,as the original documentation doesnt work most of the times with OSX.


Check your ruby version first (Im assuming you have ruby gem,rvm and svn already installed,if not install them first.)

ruby --version

i had 1.8,updated to 1.9 through rvm and made it default.
create a folder for beef and checkout the latest code,
mkdir beef
cd !$
svn checkout http://beef.googlecode.com/svn/trunk/ beef-read-only
cd beef-read-only
ruby beef
You may see some Load errors,don't be panic..we can easily fix it.

Beef requires some ruby gems,if it is not there inside your system,It will throw load errors,to fix those get what gem is missing and install it using the following command
Lets say you saw one error like ,

/Users/r3dsm0k3/.rvm/rubies/ruby-1.9.2-p290/lib/ruby/
site_ruby/1.9.1/rubygems/custom_require.rb:36:in `require': no such file to load -- ansi (LoadError)
from /Users/r3dsm0k3/.rvm/rubies/ruby-1.9.2-p290/lib/ruby/site_ruby/1.9.1/rubygems/custom_require.rb:36:in `require'
from /users/r3dsm0k3/Desktop/stuffhack/beef/beef-read-only/core/loader.rb:23:in `'
from :29:in `require'
from :29:in `require'
from beef:37:in `
'

from the first line it is sure that,there is no gem called "ansi"
just install it then,
gem install ansi


done, :)
Try running beef again.If it fails,install the missing gem like before.
I got issues with the following gems,
ansi
erubis
term/ansicolor (
gem install term-ansicolor
)
librex (for librex, the installation is quite different as beef needs 0.0.52 version of librex,but when you install from gem it will be the latest,so install the corresponding version like
gem install librex --version 0.0.52 --no-rdoc --no-ri 
)

After all your dependencies are fulfilled run beef.

ruby beef

Enjoy your pwnage,Errr...Pentest :)

Monday, November 21, 2011

Debugging clue-less crash XCode

This is taken from web,but forgot what site it was,I had it on my sticky notes.


I thought I would share this, I'm sure most of you already know, but just in case, cos I find it pretty useful.


Whenever we get one of those crashes where there is no trace on the debug window, there are a few things we ca do, after the crash, don't close the app just yet, go to the debug window, and first, type "bt", that will give you a stack trace of the executing just after the crash, on top of the list you will see the last point that caused the crash, may be code on your classes or from some of the frameworks, find the first one that belongs to your code, there will be a number, for example #5, type "f 5" and that will jump to that part of the code. Now, if you want to debug values of any variables at that point, type "p variable_name" or you can even call a function or expression. If the variable is an object, you will see the pointer, if not, the value. If the variable is an object, use "po variable_name" to get the value, note you may get an memory error, that would mean that variable is nil (maybe the cause of your crash).

So in summary:
  • bt: display stack trace
  • f X: jump to code line
  • p variable: display variable value, pointer of basic type
  • po variable: display object variable value
Maybe this is trivial for some people, but I discovered time ago after more than one year developing on XCode!!


Sunday, October 16, 2011

So you want to deface a website ?

  ______     ___      _____     _____  
.' ____ \  .'   `.   |_   _|   |_   _| 
| (___ \_|/  .-.  \    | |       | |   
 _.____`. | |   | |    | |   _   | |   
| \____) |\  `-'  \_  _| |__/ | _| |_  
 \______.' `.___.\__||________||_____| 
---------------------------------------
Defacement for Lazy People
---------------------------------------
PREFACE aka Legal Shit 

 So you want to deface a website but have no idea how to do it? Now I'm not telling you that you should deface websites,that would be illegal. But to paraphrase OJ Simpson “If you want to do it, this is how you would.” First off your going to need some basic under standing of what SQL (Standard Query Language) is. Its a way for websites to store data in tables similar to a spread sheet. Obviously there is no actual visual table but still yet the data is stored in tables, and columns. Now since your a skiddy bastard (we are all guilty) your going to need some programs. There are several on the market but for this guide I'm going to show you how to use SQLMap. Go get it Sqlmap . There you go. Isn't that nice ?. Its command line so you better know how to use that other wise you need to go learn some basic computer shit. I do not have time to explain how to use command line, or terminal as its called on linux or mac to you. (In truth I do have the time, just not the patience :P) 

GOOGLE DORKS aka Finding a Target

 Okay now we need to find some retards to fuck up. Where going to use Google dorks to do this. Google dorks as they are called is a way to get Google to give you potentially vulnerable sites. (I will get really pissed off if someone call it 'google hacking',most of them do. ) .
In this example we will use 'inurl:”php?id=” news” this will return websites that have the word 'news' in it and php?id= in the url. Php?id= specifies that the site is probably using some sort of sql (90% it would be MySql ). There are other dorks out there I'll drop a list of them at the bottom of this guide. So hopefully you find a site thats a fitting target with a url some thing like http://www.jews.com/php?id=1337. To test and see if this site is vulnerable all we need to do is add a ' at the end of the url.  So http://www.jews.com/php?id=1337' if you get an error its probably vulnerable.

Using SQLMap aka Seeing What Your Not Supposed To

 There are three categories of data in a SQL database. They are, databases, tables, and columns. Databases contain tables, tables contain columns, columns contain information. First we need to determine what databases are on the site. To do this run this command,

Sqlmap is written in python so you can either go into the sqlmap directory,run "python sqlmap.py -arguments" or give executable permission and do like "./sqlmap.py -arguments"
I will be using the second methode (im saving some keystrokes :P )
./sqlmap.py -u http://www.jews.com/php?id=1337 –dbs


 Lets say this returns these databases, information_schema and jews_sql. You can ignore information__schema at first, its the database that tells the other databases information about formatting, organization, rules, etc. Theres probably nothing good in it, but as a last resort check it out. 

 Now that you have the databases you need to figure out the tables in it. Run this command.
./sqlmap.py -u http://www.jews.com/php?id=1337 -D jews_sql –tables


 It'll enumerate the tables now and give you a nice pretty list of them. Look for ones labeled admin, email, and users. If your trying to get login credentials. This isn't the only kind of information you can get, you may be able to see restricted pages, emails, and other fun stuff. Lets say you get these tables.

Users
Pictures
Videos
News

 Now you need to get the columns in users so run this command.

./sqlmap.py -u http://www.jews.com/php?id=1337 -D jews_sql -T users –columns


 Give it some time to figure every thing out and it will dump the columns for you. It'll probably look some thing like this. 

Id int(5)
username varchar(30)
email varchar(30)
password varchar(25)

 I think you know which ones you want :) so run this command.

./sqlmap.py -u http://www.jews.com/php?id=1337 -D jews_sql -T users -C username,password –dump


 So it'll dump the information you want. Odds are the password will be hashed its probably md5 so you'll need to crack that just Google md5 cracker. Now you'll have the unencrypted password and a user name. Now you need to find the admin page login, unless your just fucking with regular users. You can use this tool. http://sc0rpion.ir/

 Now log in and fuck shit up. You may not be able to login with the creds you got this is probably because of Ip Range Filtering. Which is when the website restricts logins to certain ip addresses, for example ones in the same country, or even a single certain IP. You can spoof this, but thats a story for a different time.

OTHER SHIT aka Extra Credit

  ______     ___      _____     _____  
.' ____ \  .'   `.   |_   _|   |_   _| 
| (___ \_|/  .-.  \    | |       | |   
 _.____`. | |   | |    | |   _   | |   
| \____) |\  `-'  \_  _| |__/ | _| |_  
 \______.' `.___.\__||________||_____| 
---------------------------------------
Defacement for Lazy People
---------------------------------------
So now you have this information and have logged into the site and defaced it, dumped there emails, or done what ever you intend to do. We aren't done yet. If you can get there emails you may want to cross reference the passwords with there email accounts to see if they used the same password. Then from that you can leverage other accounts, like twitter, linkedin, and face book. Be creative.

5000 SQLi Dorks



SQLi Scanner 



Havij

Havij - A GUI sqli tool for Windows.



This is just for educational and entertainment purposes.
Of course education and entertainment are very relative things :)
Buy me a beer if you find this post useful. :)


Saturday, October 15, 2011

Un-Fuck the VirtualBox

If you are like me who tried to configure ssh working from  Host OS to Guest OS by doing the steps from this Blog and got this   "Configuration error: Failed to get the "MAC" value. 
VBox status code: -2103 (VERR_CFGM_VALUE_NOT_FOUND). " error while starting the machine,Here is how to fix that annoying error.
Just open a terminal window and do
You have to replace the <Machine name> with your Virtual Machine,and use escape the spaces with a backslash like "Ubuntu\ 10.10"


$ VBoxManage getextradata <Machine name> enumerate







This will display the keys that you have configured for your machine,you will have to unset the keys that you have added.
You can do this simply providing an empty value for the key.


Im just pasting my output to make things clear for a newbie.



aji@mbp:~$ VBoxManage getextradata Ubuntu\ 11.04 enumerate
Key: GUI/LastCloseAction, Value: shutdown
Key: GUI/LastGuestSizeHint, Value: 640,480
Key: GUI/LastNormalWindowPosition, Value: 480,141,640,342,max
Key: GUI/LastScaleWindowPosition, Value: 550,118,640,480
Key: GUI/MiniToolBarAlignment, Value: top
Key: GUI/SaveMountedAtRuntime, Value: yes
Key: GUI/ShowMiniToolBar, Value: yes
Key: VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/GuestPort, Value: 22
Key: VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/HostPort, Value: 2222
Key: VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/Protocol, Value: TCP
I have added the last 3 keys manually,so lets just go ahead and remove the custom keys by executing the following 3 commands.


aji@mbp:~$ VBoxManage setextradata Ubuntu\ 11.04  VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/GuestPort
aji@mbp:~$ VBoxManage setextradata Ubuntu\ 11.04 VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/HostPort
aji@mbp:~$ VBoxManage setextradata Ubuntu\ 11.04 VBoxInternal/Devices/pcnet/0/LUN#0/Config/ssh/Protocol


And we're done.Now start your VirtualBox,it will run without any problems.
Hope this helps someone.

Thursday, October 13, 2011

iOS 5 Hidden Features

iOS5 Tips,Tricks and Hidden Features


Nice Compilation from MacStories

Fibonacci

I wanted to find fibonacci of a large number for one of the Hacking challenges that i was doing,
The number was larger than 1000 so the online calculators were crashing.

If you are writing a recursive function for this task,it will take ages to complete.
So just wrote this stuff in ruby with Matrix.
I know no-one gives a fuck about fibonacci,but it will be useful for someone who is in real need as i were that time.

require 'matrix'

FIBONACCI_MATRIX = Matrix[[1,1],[1,0]]
def fibonacci(n)
 (FIBONACCI_MATRIX**(n-1)) [0,0]
end

31337.times do |j|
 puts "n=#{j} => #{fibonacci(j)}"
end
 


Monday, March 28, 2011

I dont know

I don't know why I'm fucking doing this, its not like anyone I know is going to read this, because seriously...who do I know  that would ever have a fucking blog?
Today I sat around and did a lot of nothing. Isn't that fucking interesting? Aren't you glad that you're reading this?
But no one is fucking reading this are they?

But im in a fuckin mission to write a whole lot of nothing,FUCK YEAH..!