e-axe`s small home


     e-axe`s small home :: blog

-------------------------------------------------------------------------
 menu :: blog | projects | books | wishlists | about :: prev | next 
-------------------------------------------------------------------------

 how to "recover" check point passwords... [Fri Jan 8 22:37:58 CET 2010]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 dear visitor :)
 i just wrote a small tool which generates a shadow like file out
 of the check point fw1 (this might also work for other check point devices)
 firewall authentication file (fwauth.ndb). the file is normally located
 within the conf/ or database/ directory on the device and consists of
 printable and non printable characters.
 
 the passwords for the users managed by the device are stored in there
 in 3des format.
 
 http://mytty.org/nopaste/?pid=436
 
 what you can do with the generated output? hmm... JTR?!
 
 
 so long,
 e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 the "404 file not found" problem... [Fri Jan 8 22:36:05 CET 2010]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 some of you might be already stumbled over the so called
 "404 file not found" problem - which means, the webserver (oh, in some
 cases it is the application itself by modifying the http header) sends
 back a "200 OK" with the 404 error inside the content. or, which i have
 seen even more often, you get an "302 Moved" back which redirects
 to a custom 404 page.
 
 well, the problem with this is, that a lot of crawling and security
 tools are relying on the http status codes! which in case means, that
 those tools think, that the requested resource is existent even if its
 not! this brings in a lot of false positives.
 
 i thought about on how to solve this "problem" and came to some
 solutions. today, i will share one of them with you:
 
 http://mytty.org/nopaste/?pid=427
 
 execute it like this: ruby SCRIPT www.THE-DOMAIN.org "/resource1.html" "/resource/2.html" "/foobar/"
 
 the script will perform a check if those pages of the given domain
 are existent or not by fetching 10 "not existing pages" and
 calculating the average size of the response bodys. then it fetches
 the given resources and checks if the body sizes are equal
 (+- a few bytes; this maybe need to be adjusted (can partly be done
 automatically!)). this method could be used if you stumble over a
 webserver/application answering with "200 OK 404 not found" pages ;)
 
 your feedback is very welcome!
 
 
 so long,
 e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 extract FQDNs, IPs and CNAMEs from zonefiles... [Fri Jan 8 22:34:06 CET 2010]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 just a quick release of a script a wrote some years ago:
 
 http://mytty.org/nopaste/?pid=406
 
 you can use it to extract all FQDNs (the script will assamble
 those with the help of the hostnames/subdomains and the
 root domain in the zonefile), IPs and CNAMEs out of bind
 zonefiles.
 
 it can be really useful... :)
 
 
 so long,
 e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 FSpy starts getting popular... [Fri Jan 8 22:33:04 CET 2010]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 in the last few weeks i received a lot of emails from people
 who are going to add fspy to the repositories of different linux
 distributions.
 
 chances are good that you can install fspy on your famous
 distro by just using the default package managing tools :)
 
 i am aware of fedora core, debian and ubuntu packages builded and
 added to those package trees... and i am realy happy to see that
 it is useful...
 
 
 thanks to all of you!
 
 
 so long,
 e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 FSpy - just released [Fri Jan 8 22:29:58 CET 2010]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 i just gave a quick talk about filesystem monitoring with
 a tool called fspy - on the 25c3.
 
 enjoy:
 project page -> http://mytty.org/fspy/
 slides -> http://www.mytty.org/fspy_25c3_richard-sammet.pdf
 
 
 so long,
 e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------------------------------------------------------------------------
search ::   :: prev | next 
-------------------------------------------------------------------------

 there is always something stupid to do...