apples, penguins and a window to another world

security

Patching Portbunny for Backtrack 4

Posted Wed, 10/14/2009 - 21:41 by flo

About PortBunny

PortBunny is a Linux-kernel-based port-scanner created by Recurity Labs.
Its aim is to provide a reliable and fast TCP-SYN-port-scanner which performs
sophisticated timing based on the use of so called "trigger"-packets.

Why this Mini-howto?

In recent kernels (2.6.28), device_create_drvdata() has been renamed to
device_create(), with the same parameters. A small patch is needed to get
PortBunny built and running for Backtrack4.

Step by Step

* download portbunny here
* apt-get install linux-image-2.6.30.5 linux-source-2.6.30.5
* cd /usr/src/
* tar jxvf /usr/src/linux-source-2.6.30.5.tar.bz2
* rm -f /usr/src/linux
* ln -s /usr/src/linux-source-2.6.30.5 /usr/src/linux
* ln -s /usr/src/linux /lib/modules/2.6.30.5/build
* apply the following, trivial patch for kernel 2.6.30.5 (bt4 current).

have fun with the bunny!

root@victim:/# portbunny 192.168.9.100
Starting PortBunny 1.1.1
+++ Will scan 1697 ports on 1 hosts. +++
+++ Trigger-Phase done. The following hosts are up: +++
192.168.9.100 TCP_SYN 80
1 hosts total.
press h for help.
Results for 192.168.9.100
====================================================
192.168.9.100     53      OPEN            domain
192.168.9.100     443     OPEN            https
all other ports are CLOSED.
1697 ports scanned.
====================================================
All done





the almighty bunny is around

servage xss collage

Posted Sat, 05/23/2009 - 17:28 by flo
servage xss collage

Sometimes a picture says more than 1000 words.

comprehensible security policies are important

Posted Sat, 05/23/2009 - 12:55 by flo
comprehensible security policies are important

Security Policies should be comprehensible.

Inspired by: http://blog.rootshell.be/2009/05/23/security-fail/

Image Source: Jim Gosler, "Rethinking the Foundations Seminar"

template to report xss vulnerabilities

Posted Wed, 05/20/2009 - 11:23 by flo

As tech savy (security focussed) Internet citizen i'm often tinkering with sites using manual or automated techniques. Often there are issues, mostly regarding XSS. Discovering of websites prone to XSS attacks is no supreme discipline (especially if your Name is eg Gareth Heyes), but the tedious task of reporting them is.

Enough written, following is a short XSS Report Template to report such issues directly to  the website owners:

apple website simple xss

Posted Tue, 05/12/2009 - 21:30 by flo

While reading a bit in The Mac Hacker's Handbook and hacking some Cocoa with Xcode, i was browsing the Apple Developer Connection. Bored by this rainy tuesday afternoon, i did a quick audit of the advanced search form.