Exploit-DB updates

Thursday, July 14, 2011

Find out your hardware information in linux

This is very basic, but I hadn't known about it untill recently when I was given an old pc which I instantly install linux on. I don't do much when it comes to hardware as I can't really afford to... other than other peoples stuff I recycle. The quick way to find out all your hardware specs on linux is "lshw".  Turns out it had a 3.00 GHz CPU with a 512mb stick of ram and 3 open slots, which I just so happen to have 3 spare 512mb sticks laying around from other pcs I've recycled. So I ended up with a fully functional 3.00GHz CPU 2GB ram linux box, which made me more than happy... as I can't afford much.

Friday, July 8, 2011

Getting started with skipfish.

Well this is another great vulnerability scanner for webapp's, I really like it so far and thought it was well worth a post. So to start off, download skipfish from here. It has a great interface and outputs the results to an HTML file.

To find out more about the tool and the huge number of probes it performs, read their documentation here.

Now assuming you've downloaded the package from the link above, we will need to untar it and compile it with the make command.

~$ tar -xvzf skipfish-2.02b.tgz
~$ cd ./skipfish-2.02b
~/skipfish-2.02b $ make

Now it should have compiled, but if you get an error along the lines of this;

make: cc: Command not found
make: *** [skipfish] Error 127

Then you may need to install GCC, you also will need libidn installed.

Now assuming we have it all compiled and ready to go, you should have file called "skipfish" in the current directory. You will have to either specify the worldlist you'd like skipfish to use or copy one from the dictionaries directory into the directory that has skipfish in it. 

I'll be specifying one of the dictionaries that come with this tool.

Let's assume we're auditing this blog, we would issue the following command.

~/skipfish-2.02b $ ./skipfish -W /skipfish-2.02b/dictionaries/complete.wl -o outputdir http://www.hakhub.tk 

That'll get skipfish scanning, you can watch the process via the CLI and the results will be stored in the "outputdir" you specified. So you can view the results in your browser of choice. 

~/skipfish-2.02b $ cd
~$ cd ./outputdir
~/outputdir $ firefox index.html

From there, you can analyze the results and perform your audit or fix your code.

Sunday, July 3, 2011

Getting started with MySQL Shell

Okay so I've just recently started getting into a web dev and what not, but I thought I'd make a quick how-to for getting started with MySQL on the linux platform.

First off, make sure you've got a LAMP setup (Linux Apache MySQL & PHP). If you're using a debian based distro you can download them with the repositories like so;

sudo apt-get install apache2 mysql-server apache-mod-php5 php5-mysql

After those install, you'll want to set a password for your MySQL account (MySQL SHOULD be running, but it can be started like so; /etc/init.d/mysql start).

mysqladmin -u root password ThePassword


Now you should set your password set, you can login to MySQL and get to the fun stuff.

mysql -u root -p

You'll be prompted for your pass, after you log in you can start interacting with the DBase. 

/*
Alternatively you can log in without a password, as there is none by default. then could could issue the query like this;

mysql -u root
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('Yourpassword');

 */

If for wanted to view the existing DBases you can issue the following command;

mysql> show databases;

Now to create a DBase you can simply do this;

mysql> create database MonsantosArsenal;

Now if we wanted to move to that DBase we could do the following;

mysql> use MonsantosArsenal;

Now, what's a DBase without tables?

mysql> create table Weapons(
         WepID int,
         Weapon varchar(50)
          );

And that'll create a table named Weapons in the Database MonsantosArsenal. You can now begin adding columns with the insert command, but first I want to point out that you can set a integer to automatically increment by 1 like this;


mysql> create table Weapons(
         WepID int not null auto_increment,
         Weapon varchar(50)
          );

mysql> insert into MonsantosArsenal (Weapon)
          VALUES("Genetically modified food");

You now have a table with a column named "Weapon" that has the value we chose to insert. I hope this helps get you started with the mysql shell.

Anonymizing SQL Injections

So I've previously made posts about things like tor and sqlmap, but I just wanted to make this quick post to show that you can combine the two in order to increase anonymity when doing pentests or what have you. So assuming you have TOR up and running with default settings, if not you can find a how-to here, we will use sqlmap's --tor flag.

python sqlmap.py -u www.example.com/fuckmonsanto.php?prodID=23 --beep --eta --tor --dump-all

or if you're not using TOR or simply having issues, you can use the proxy flag instead. I'll be using polipo, which is utilizing tor, so I will be using my localhost and port 8123 which is the default port used by polipo. You could alternatively use a proxy off the web.

sqlmap -u www.example.com/fuckmonsanto.php?prodID=23 --beep --eta --proxy=http://127.0.0.1:8123 --dump-all

It's sadly as simply as that.

Saturday, July 2, 2011

"Linux: can't open /dev/dsp" Festival FIX

Well I've had no problems with festival on my netbook, but when I tried to used it on my desktop I got the error "Linux: can't open /dev/dsp". It seems this is due to the fact that festival uses outdated OSS emulation, to fix this problem just issue the following command;

printf ";use ALSA\n(Parameter.set 'Audio_Method 'Audio_Command)\n(Parameter.set 'Audio_Command \"aplay -q -c 1 -t raw -f s16 -r \$SR \$FILE\")\n" > .festivalrc 

Now you can test to check whether it's working or not.


echo "Resist Monsanto" | festival --tts