e-axe`s small home :: blog
-------------------------------------------------------------------------
menu :: blog | projects | books | wishlists | about :: prev | next
-------------------------------------------------------------------------
spygame! [Fri Jan 8 22:28:32 CET 2010]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hi there,
just in case you want to log the passwords of invalid ssh
login attempts: nopaste_snipped
if you also want to log successful logins you should drop
the ^if(* line...
so long,
e-axe
ps. yes, it will be logged to your regular logfile
(in most cases /var/log/messages)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
when the sub, versions... [Fri Jan 8 22:26:19 CET 2010]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hi all ... (whom?)
as a regular kisgearth junky (if there are any) you should have
already noticed the latest changes in the TRUNK of the svn.
they might be really helpfull to make the network/ap position calculation
much more reliable.
if you have not checked it out already, DO IT - NOW! ;)
so long,
e-axe
ps. have a look at the -s/--use-signal option...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
some nse scripts... [Fri Jan 8 22:25:21 CET 2010]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hi there... (where?)
i finaly decided to release two nmap scripts (nse) which might
be helpful in one or another situation:
http://mytty.org/nopaste/?pid=380
http://mytty.org/nopaste/?pid=381
the first one is meant to check webservers for allowed HTTP-Options
at least for some well known (ok, i just guess them) resources.
the second script is a modification of one of Kris Katterjohn's
scripts which checks webservers for the HTTP TRACE method and
if it's exploitable.
so long,
e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
my pics are back online... [Fri Jan 8 22:24:18 CET 2010]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
the topic does not lie! ;)
i pushed my pictures back online... at least some of them.
enjoy: http://mytty.org/pics/
so long,
e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
unxor it easy - as well... [Fri Jan 8 22:23:00 CET 2010]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
as some guys asked my about the "real" security of a simple xor
encrypted file, i decided to lighten the dark a little bit ;)
and the best way to show you on how easy it could be to "crack"
a simple xored file is by example:
http://mytty.org/nopaste/?pid=378
use it like that: ./crack_xor encrypted_PNG_image
with the help of this little tool you will be able to get down
to the encryption key (up to eight chars - could be changed within the
sourcecode) of any encrypted PNG image file. and, it will just take
a few micro seconds.
this attack type could be called a clear text attack. so, if you know
which kind of file or data is encrypted, than you can easily
crack a simple xor encryption...
as i mentioned in my last post, its just a temporary quick and dirty
solution if you have nothing else available.
so long,
e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
there is always something stupid to do...