IP id finder

I have been intrigued by nmap’s feature to scan a target using an idle zombie pc which has an incremental ip id. I have also been intrigued by scapy. Finally I have also been intrigued by metasploit. At first I combined nmap and metasploit and the end result was, that I was not able to get the IPIDSEQ module to work. So I turned to scapy and tried porting the metasploit module to python. It was fun and I finally employed python for something besides playing with it to learn.

python src

I’ve also finally learned why it’s nice to prepend your output with “[*]“, since I’ve been lazy with the verbose output I have just used the one from scapy to know if my script should output or shouldn’t output verbose messages. This means that the output gets cluttered. So by prepending “[*]” you can just grep the results to have a clear view of what the script is doing without the scapy stuff in between it.

Finally scapy is a real nice toy. I had to implement 0.0 code to support cidr notation. So when you for example want to scan a /24 range you can just go like: “microsoft.com/24″. isn’t that neat? Hope you enjoy it and find a way to use it. For me it was more fun to write it and learn a lot along the way, then the actual goal I wrote it for. oh btw the non-verbose output looks like:

[*] 74.125.45.100 = Randomized

oh a second btw I recommend putting the timeout/waittime on 5 or something like that.

Art Exposition

Well like you probably don’t remember a while back I wrote about art I enjoyed. Well to my surprise the artist has a exposition right at the airport of Madrid. It seems like the information is only available in Spanish for the moment being. Although the most important bit of information can be translated quite easily:

La exposición, situada en el pasillo que da acceso al Terminal T-2 del Aeropuerto desde el Metro y el Parking P-2

translates to:

The exposition which is stationed in the hallway that gives access to the T-2 terminal of the airport coming from the metro and parking P-2

So if anyone is going to Madrid I recommend having a look. It is available until the end of July.
For people interested in art events in Madrid I recommend the following blog:

• http://exposicionesenmadrid.blogspot.com

which at the time beeing happens to also inform about the exposition at the airport of Madrid.

Google Dork

Well I suspect that people already know about this. I didn’t, so I felt like blogging about it. Often when searching for specific directories on google it can be a pain in the ass, I mean you can combine “inurl” and “intitle” but still… so the other day I stumblod upon this nice feature of the “site” command. you can actually append a directory name to it!!

site:<[sitename].tld>/directortyname/

That actually seems to yield better results. For example I used it to search for a specific directory on some TLD and it worked fine. I particularly like it because it makes searching for a specific directory with specific characteristics a lot easier. A nice example to try for example could be, it results in (almost) only include directories which allow directory listing:

site:org/include/ intitle:”index of”

If you stretch it even further you *COULD* argue that you can do a directory search withouth actually hitting the target, of course it would be limited to the directories indexed by google.

If you already knew it then oh well…if not enjoy.

Added contact information

added contact info on the right like you can see

PGP public key is on there too, so feel free to email me in a secure manner.

Scriptable Anti Live Forensics – POC

In short this + python support. I’ve finally decided to build alpha POC code for the idea I already blogged about. Some of you might wonder why I choose to support python, seeing that I previously wrote about it and I hate/loved it. Well because afaik it’s the easiest language to embed inside C. Oh and the reason why I added support for a scripting language is because some things are just so much easier when done in a scripting language. So let’s see the actual code(make sure u read my previous blog post else the next stuff might sound like total gibberish).

Read more »

Burn Notice toy…is really THAT easy to build!

ok WOW sometimes the gadgets and toys you see in a Hollywood show REALLY are THAT easy to build. I’m talking about the home made taser gun, made out of a disposable camera and I first saw it on Burn Notice.

Read more »

The power of suggestion

You make an ass out of u and me! In other words never assume because it’s bad. That’s exactly what my midnight idea is all about. Let’s assume…you write stuff down on a piece of paper but there is no shredder nearby and you are to lazy to eat it/burn it etc. How do you make sure the stuff you wrote down, doesn’t get into someone else his hands and if it does that it’s totally useless to them? Well for that I had the following midnight idea…just suggest them some wrong information!

Read more »

Laser Alarm…fun stuff

So one day you wake up and you think…why should I buy an alarm installation if I can just make my own. The normal answer is because you usually don’t have the skills nor the time for it. In my case I preferred the answer, because you can learn new skills and do cool stuff. Well that motivated me so here I am writing about how I build my first amateur laser alarm(which is far from finished). Keep on reading if you are curious about my first steps into the hardware world.

Read more »

The process of a successful stack based BOF-Part 2

The previous post explained how to setup the environment so that we would be able to actually debug the crashing process. In this post I will try to explain the process of analyzing it and building a working exploit. So the first step is to identify why it crashed in the first place.

Read more »

The process of a successful stack based BOF-Part 1

n0limit his legend preceeded him but the real deal is way better then the legend! No, really this dude really helped me out in the process to making it work. When doing BOF bugs there is a HUGE difference between reading about it and putting it to practice. Another big thanks go out to KD he got me interested in this stuff again. I mean with all the web exploiting going on these days…you’d almost forget about the giant of all times. The infamous Buffer Overflow!

Read more »

Geographically locating phone numbers

Well this isn’t as nice as my last post about Geographically locating ip addresses but still this is highly interesting specially with all the LBS(Location Based Services) that are going on. LBS are usually based on companies and/or software which has extreme access to information able to pin point the location of a person. These techniques are often used when performing somebody is beeing investigated or when someone makes a distress call to 911(112 in europe). Before you carry on reading I highly apreciate feedback about my english writing so don’t be ashamed to correct me or tell me about any errors in my postings. I regret that this post isn’t as detailed as I wanted it to be…but then again I hate keeping information to myself for ages. So here is a first glance at this topic.

Read more »

Backerdie

Well that was a real nasty experience…beeing a while without access to internet. You could call me an addict but oh well. Anyways I had some moving in between houses issues and a little problem with my ISP. I’m on temp internet now with some weird usb stick which is treating me pretty good until now. Anyways I’ll get back to posting some random stuff as usual. It feels good to finally have access to internet again.

[POC] RFI Scanner

Well it certainly is true, why not? That question never has a correct answer imo. It is the same question I asked myself yesterday. I was like thinking what to write on my blog (I was bored and thought that blog writing could help) after a while I just gave up (so lesson learned: only write when you actually have something to write). So today I fired up my browser(for the ones wondering, this is a personal opinion, I use: Opera {FTW!}, IE {nice}, FF {sucks}, I use them depending on what I need) and the first things I saw was this. Which is funny since it’s just a couple of days ago since I posted about python and now I see a nice and small python script to do funky stuff.

Read more »

Truecrypt, a variety of bruteforcing options

A lot of people ask the question: How can I recover my truecrypt password? Others ask the question: How can I crack a truecrypt container? So out of curiousity I went on a little investigation to know what the current tools are to bruteforce a truecrypt container. So here is a small compilation of the methods I’ve found to bruteforce a truecrypt container.

Read more »

Python hidden love and hate

This is just my little hate/love affair with python. This post will be a bit chaotic but ohwell…

Well when I first read about python my inmediate reaction was: HATE HATE HATE. This reaction was only triggered because of one reason: indentation. This kept going on for a while until I finally decided to try python out and create my opinion based on using the language instead of prejudices. I’ll explain what the word ‘hidden’ does in the title of this blog posting later on.

Read more »