Category Archives: Technical

Cloning all github repositories of a user / organization

Github has become a new trend and people have started placing lots and lots of code on the website. So i have also been following this github trends and have pushed, cloned, forked multiple repositories. (total count of 72)

So today i wanted to create a backup of all github repositories under my account or under my organization account.I saw couple of solutions being provided here and here however most of the solutions are ruby based code.

So i thought lets see how much time and efforts it takes to write a simple python script to do the same. So here is the python version of github user/organization cloning script.

Script here

#!/usr/local/bin/python
import json
import requests
import argparse
import os
import sys
from git import Repo

def main(argv):
    global outp
    desc="""This program is used to  clone github repositories of a user / organization"""
    epilog="""Credit (C) Anant Shrivastava http://anantshri.info"""
    parser = argparse.ArgumentParser(description=desc,epilog=epilog)
    parser.add_argument("--name",help="User name",dest='target',required=True)
    parser.add_argument("--output",help="Output Directory",dest='out',required=False)
    x=parser.parse_args()
    target=x.target
    output=x.out
    if not output:
        output = os.path.curdir
    cnt=1
    while (cnt > 0):
        url="https://api.github.com/users/" + target + "/repos?page=" + str(cnt) + "&per_page=100"
        r=requests.get(url)
        js_data=json.loads(r.content)
        if len(js_data) == 0:
            print "No more repositories"
            cnt = -10
        else:
            print 'count: ' +  str(cnt) + ' : ' + str(len(js_data))
            if  "message" in js_data and "API rate limit exceeded" in js_data["message"]:
                print "Rate limit reached"
                cnt = -10
            else:
                for x in js_data:
                    git_url=x["clone_url"]
                    out_name=os.path.join(output, x["name"])

                    print git_url
                    Repo.clone_from(git_url, out_name)
        cnt=cnt+1


if __name__ == "__main__":
    main(sys.argv[1:])

Hope this can help someone.
Github url here

Example Usage
python -t github_clone_user.py --name anantshri --output "/tmp/test"

Also as it goes for anything publically available. It might contain errors and issues, don’t blame me if it blows your computer but if you do find ways to improve it or find better alternatives do drop a line in comments below.

P.S. at this point I needed user cloning stuff on priority so did that, organization cloning would be done but not today.

DroidCAT – Android Application collection for Security professionals

After a gap of 1 month finally releasing the droidcat application.

DroidCAT application is developed as part of HaXdroiD project which is right now in closed tested status.

Lets talk about DroidCat today.

What is Cat-Droid?
DroidCat is inspired by firecat and aims to be a one stop solution to finding all
ethical hacking / information security related application published in android domain.
This Application is also a part of HaXdroiD suite which aims to empower the
Android handset for Penetration Testing purposes.

So now lets not wait head over to the android market and download the application.

DroidCAT

Whitepaper : Security Issues in Android Custom ROM's

Today i am releasing the paper which i presented recently at C0C0N conference at ernakulam. this paper outlines where security misconfiguration that can lead to device compromise, data theft and so on.
Hope this helps in secure development and deployment of custom ROM’s.

http://anantshri.info/articles/android_cust_rom_security.html

The link contains download for both my slidepack as well as the complete whitepaper.

also a crude application is created and uploaded on android market which can help in identifying the issue.

https://market.android.com/details?id=anant.hax.aui

White Paper : Web Application Finger Printing : Methods/Techniques and Prevention

Today I am presenting my work for past some days in form of a white paper.

This white paper basically outlines the automated finger printing methods, techniques and ideas for prevention automated methods to work on your site.

BTW those who are having wappalyzer on there browsers just enjoy visiting my Joomla Powered Website. :D

Here is the link for HTML version of the paper which also includes the PDF version for download.
Web Application finger printing : Methods/Techniques and Prevention
Waiting to hear from the fellows (I am expecting rebuke, criticism, and a bit of appreciation if its worth it)

Chrome Extensions for Security Professionals

Google Chrome Extensions

During Recent days we have seen a phenomenal increase in usage of Google Chrome Browser, however Security Professionals are still looking at Firefox for there day to day life usage, the basic reason behind it is large set of firefox extensions backing it up, we have also custom builds like OWASP Mantra doing the round.

So for those who love using Google Chrome and still miss the large plugin base here is a list of must have plugin set for the Security professional’s.

Note : Usage could be offensive and defensive both, its upto the user to decide. the content here is for informational purpose only

CAUTION : LONG POST …. continue below only if you can give time coz this post is large.

Continue reading

Database protection Techniques : a different prespective

Tips for Db Security

Disclaimer : This post keeps in mind the web frontends and web applications based attacks on DB Servers in mind.

  1. Any Userid used for web application connectivity should be clipped to specific ip addresses that could be localhost in case of same server usage for Db and App server. If two separate servers are used then clip the user id (s) with the application server ip address / hostname. Keep a strick log of who access the id and when.

  2. 1st entry in user /password data base should be a dummy entry with zero privilege and could be used to act as honeypot too.

  3. Default accounts to be removed / blocked.

  4. User Input validation should be a 3 step process.

    1. Web Page / Client Side validation : Jscript.

    2. Server (Application) : OWASP ESAPI or custom functions ocould be used.

    3. DB: use PL/SQL functions to strip input data.

  5. Another good utility to keep in mind is DBA_USERS_WITH_DEFPWD : contains list of users with default passwords, and with 11g all default accounts are locked.

  6. Web application developers should be provided with 3 different user level access to be used inside web application.

    1. Read Access : user with access to select query only.

    2. Write access: User with select update and delete access

    3. App_mod : access to write access plus drop and trunk.

Developers need to make sure the proper user access is used as and when required.

Note : I know a large number of developers might start crying on this that this will increase their headache but then in long run this could turn out to be a life saver.

Please share your opinion is this a good approach, is it going to help you. What do you thing should be added to this.

Tips for Db Security

  1. Any Userid used for web application connectivity should be clipped to specific ip addresses that could be localhost in case of same server usage for Db and App server. If two separate servers are used then clip the user id (s) with the application server ip address / hostname

  2. Web application developers should be provided with 3 different user level access to be used inside web application.

    1. Read Access : user with access to select query only.

    2. Write access: User with select update and delete access

    3. App_mod : access to write access plus drop and trunk.

Developers need to make sure the proper user access is used as and when required.

Note : I know a large number of developers might start crying on this that this will increase their headache but then in long run this could turn out to be a life saver.

  1. 1st entry in user /password data base should be a dummy entry with zero privilege and could be used to act as honeypot too.

  2. Default accounts to be removed / blocked.

  3. User Input validation should be a 3 step process.

    1. Web Page / Client Side validation : Jscript.

    2. Server (Application) : OWASP ESAPI or custom functions ocould be used.

    3. DB: use PL/SQL functions to strip input data.

  4. DBA_USERS_WITH_DEFPWD : contains list of users with default it.

    1. 11 g : all accounts will be locked and expiered byt default.

Nullcon CTF BattleUnderground 2011 Walkthrough

Finally after nearly 3 months i have been able to compile the complete walkthrough.

So presenting the walkthrough for Battle underground.

Please keep some notes in mind
1) Most of the stuff is done after servers were shutdown so i have to manage with directions only and not screenshots.
2) Feel free to ask questions or suggest alternative approach if you have any.

As usual PDF uploaded @ Slideshare
Embedded Version here.

Direct download link

View the slides @ slideshare

protection wordpress username enumeration

After my last post exploiting username enumeration i have looked deep and found a simple workaround to patch your blog for this vulnerability till wordpress has something to add to it.

I am right now using a wordpress plugin : Redirections
https://wordpress.org/extend/plugins/redirection/

Inside the plugin page which comes under : tools -> redirections

Add a new rule with following settings.

Source url : ^(.*)/?author=(.*)
target url : /
Reg Exp : Yes
Match : url only
Action : Redirect to url

and Add Redirection

all done… just try any url with ?author=no

now this url will be redirected back to your main page effectively nullifying the effect of user name enumeration.

Hack IM Walk Through : Nullcon – 2011

After nearly one week of finishing the HackIM challenge, I have finally got the time to finally document the whole process with as much link and screen-shots as possible.

However i didn’t went ahead and released the doc at that time coz a lot of users where playing and i don’t wanted to spoil their fun.
However as tomorrow we will have a new game to play, So here i am releasing the document for general public to have a look at the whole contest in a step by step walk through.

However the main aim for doing this is to gather responses from the junta and in turn find optimum ways of solving the problems as well as to get introduced to various other tools and techniques others might have used to perform the task in much simpler and quicker way.

PDF file has been uploaded in Slide-share for sharing purposes.

Embedded Version here.

Direct download link

View the slides @ slideshare