Donkey On A Waffle : /2007/Oct

Stupid Idea of the Day

Thu, 25 Oct 2007 16:19

Stupid Idea of the Day. The wii-Helm. Thanks... that's all I really have to say about that...

Home | Tags: stupid | Category: /humor | [0 comments] | Link

Experts Exchange Bypass

Thu, 18 Oct 2007 13:06

This is a nifty little hack pointed out to me by mjxg today. How to view premium membership sites like Experts-Exchange for free!

If you think on the problem for a minute, one question comes to mind. How does google index the content on these pages if it can't see it without paying? Well, it CAN see it without paying, and so can you. Simply modify you user-agent to match that of googlebot "Googlebot/2.1 (http://www.googlebot.com/bot.html)" and block cookies from being added from the target site. Bingo, you look just like googlebot and can now view Experts-Exchange for free! The link above goes into detail on one method of doing this, there are many other ways (I use an inline proxy to achieve the same goals), but do what works for you.

Home | Tags: hacking | Category: /infosec | [2 comments] | Link

Little Bobby Tables

Wed, 10 Oct 2007 09:48

Exploits of a MOM! - As seen at XKCD.COM

Home | Tags: humor, sql_injection | Category: /humor | [0 comments] | Link

Web Fuzzers SUCK

Tue, 09 Oct 2007 17:06

Web fuzzers all suck. Every last one of them. The easy part about fuzzing a web site is sending the data, the HARD part is interpreting the results. Every single web fuzzer I use has something I don't like about it. So instead of having 20 different web fuzzers sitting on my system, I took two days and wrote my own. It too SUCKS. But at least if it doesn't meet my needs I can easily modify it to do what I want without having to learn someone elses code.

txsWebFuzz is written in perl, so it's easy to modify. It is a basic web fuzzer that has a .txt file of fuzzstrings in a easy format for addition/modification. The fuzz.pl script takes a handfull of command line arguments and fuzzes both GET and POST requests. It can fuzz the URL or the POST content depending on need. After the fuzzing is complete, the script process.pl takes the returned web pages and creates a single web page with image snapshots of each returned page. This allows a quick and easy way to view the fuzz results in chunks. I also put some interesting zoomy script in there for "coolness" factor.

If you like my script, great, let me know... If you think it sucks.. great.. don't bother to let me know.. and if you can't figure out how it works? WRITE YOUR OWN! (or email me a question, I'll probably answer).

You can find the latest version on my Projects Page

Home | Tags: fuzzers | Category: /infosec | [0 comments] | Link

~/.irssi/config

Tue, 09 Oct 2007 13:43

I, like most communication minded people, use irssi in a screen session on a shell box. I connect to roughly 5-6 servers, mixed between IRC, IRC+SSL, and SILC systems. The documentation on configuration of the irssi config file is pretty non-existant, so after struggling for far too long, I've decided to share my notes for anyone else that may find them useful.

Step 1: Add your servers and networks to the servers = section of the document.

Example:

{ address = "silc.XXXXXXXXX.com"; chatnet = "XXXXXXXXX"; port = "706"; autocon nect = "yes"; },
{ address = "irc.YYYYY.org"; chatnet = "YYYYY"; port = "6667"; autoconnect = "yes"; use_ssl = "yes"; },

The item to note with this section is the use of the parameter use_ssl. It's not documented very well and I pretty much had to guess or get lucky with a google search to find it.

Step 2: Add your channels to the channels = section of the config file.

Example:

{ name = "BlahBlah-Channel"; chatnet = "XXXXXXX"; autojoin = "Yes"; }, { name = "Foo-Chanel"; chatnet = "YYYYYYY"; autojoin = "Yes"; password = "NOWAY"; },

The interesting thing to note with this section is the use of the password parameter. This is used for channels that require passwords to connect. Again this isn't documented well anywhere.

Step 3: Autorun SILC Plugin

This is the one that took me the longest to figure out. To autorun a plugin in irssi you have to create a file in your .irssi directory called startup. It's not there by default and not documented anywhere. In this file put "LOAD silc" to autoload the silc plugin upon starting irssi. Becareful though, it took me a while to figure out that "LOAD silc" is NOT the same as "LOAD SILC". Loading the plugin is case sensitive.

And finally a bit of humour to ensure that this post actually gets hits *GRIN*. Thanks to Cooler for sending me this one...

Darth Vader on Harmonica | Funny Jokes at JibJab

Home | Tags: irssi, tech, config | Category: /generic | [0 comments] | Link

Security Company of the YEAR!

Thu, 04 Oct 2007 10:45

Ahh corporate marketing. I won't say anything negative.. I'll let you use your own judgement!

Symantec In the House!
Checkpoint Corporate Song?!
Symantec Norton Fighter!
Cisco Career Makeover Crew!
Even individual people aren't immune to acting silly. Security Firm Marketing Director in the UK
Apple Talent Show?!

And just for good measure This Video. It's not marketing related at all, but still funny as hell.

Send me comments with your own interesting "Corporate Marketing Materials". I might even buy you a beer in thanks!

Home | Tags: security, humor | Category: /humor | [0 comments] | Link

About: