Posting here as a reference of presentation that i gave in May 2011.
Finally after nearly 3 months i have been able to compile the complete walkthrough.
So presenting the walkthrough for Battle underground.
Please keep some notes in mind
1) Most of the stuff is done after servers were shutdown so i have to manage with directions only and not screenshots.
2) Feel free to ask questions or suggest alternative approach if you have any.
As usual PDF uploaded @ Slideshare
Embedded Version here.
After my last post exploiting username enumeration i have looked deep and found a simple workaround to patch your blog for this vulnerability till wordpress has something to add to it.
I am right now using a wordpress plugin : Redirections
Inside the plugin page which comes under : tools -> redirections
Add a new rule with following settings.
Source url : ^(.*)/?author=(.*)
target url : /
Reg Exp : Yes
Match : url only
Action : Redirect to url
and Add Redirection
all done… just try any url with ?author=no
now this url will be redirected back to your main page effectively nullifying the effect of user name enumeration.
We have recently seen WordPress User name enumeration Vulnerability disclosure here http://seclists.org/fulldisclosure/2011/May/493
Versions Effected are : 2.6, 3.1, 3.1.1, 3.1.3
Here i am enclosing a simple PoC which could be run on Bash Shell.
(Note : PoC on python is already available for those who are curious)
Code could be download from here : https://github.com/anantshri/script-collection/blob/master/wp-user-enum.sh
I have been working on using any Linux Distribution on my handset (SE Xperia X10) and finally i have suceeded.
I have posted all the details in a nice manner on XDA Developer forum and would prefer getting bug reports and suggestions in their.
CLI : command prompt at its best.
GUI on Xperia : LXDE
After nearly one week of finishing the HackIM challenge, I have finally got the time to finally document the whole process with as much link and screen-shots as possible.
However i didn’t went ahead and released the doc at that time coz a lot of users where playing and i don’t wanted to spoil their fun.
However as tomorrow we will have a new game to play, So here i am releasing the document for general public to have a look at the whole contest in a step by step walk through.
However the main aim for doing this is to gather responses from the junta and in turn find optimum ways of solving the problems as well as to get introduced to various other tools and techniques others might have used to perform the task in much simpler and quicker way.
PDF file has been uploaded in Slide-share for sharing purposes.
Embedded Version here.
I am back with some more scripting fun.
I have been working on configuring my new debian machine and found one utility very lacking in debian and that was add-apt-repository.
So i set down and took my time out and finally i am able to mix match this simple script.
Disclaimer: I know adding ppa can have adverse effects on debian machines
At this point the work that this script performs is
Steps to install this.
$ wget https://blog.anantshri.info/content/uploads/2010/09/add-apt-repository.sh.txt
2. Save this file in /usr/sbin/
$ cp add-apt-repository.sh.txt /usr/sbin/add-apt-repository
3. Change permissions to execute
$ chmod o+x /usr/sbin/add-apt-repository
4. Change ownership to root
$chown root:root /usr/sbin/add-apt-repository
5. Now when ever you need to execute command type
$ sudo add-apt-repository ppa:ppa-name
Opening this script to larger audience so that we can crowdsource efforts if someone likes it.
hope this can help someone
7 – Jan – 2011 : Updated the tutorial to place the file @ /usr/sbin as suggested at various during comments.
6 – Aug – 2011 : Updated the script to deal with the security hole (although not easily exploitable) as suggested by 7eggert at comment no 23
10 Sep – 2011 : bin corrected to sbin in step 3 and 4.. : thanks to Craig for pointing that out
This plugin has one specific role and that is to find 404 error on your website and then notify it to you by RSS or E-mail.
But the e-mail generated are not of much use as it tells me only one part of story i.e. URL that was hit and got 404.
So i modified the code and now it makes a lot of sense and gives me some inside on what is actually happening.
So my latest code and send out messages with following details. (providing Pic of the sample message.)
If the link is not refereed by any page then it means that link is either marked as bookmark or some automated bot is trying to access the URL.
User Agents tells a lot more about who is accessing the link.
and just in case you don’t what to be irritated by a perticular user you always have his I.P. address to block him in htaccess.
So i have launched the modifed code at 404-notifier @ google code
hope this code can help someone.
Photo by bulinna
While searching for some stuff on Internet i came across this post about interesting usage of ubuntu livecd and was wondering how many more methods are possible.
So some basic usage of live cd that everyone understands and atleast expects from a live disk.
On top of that a large array of disk’s also work in various ways possible some of them listed here : http://en.wikipedia.org/wiki/Live_CD#Uses
So Here is a non exhaustive list of innovative usage of Live CD’s (already implemented or non implemented.)
some other very innovative usage that came in during discussion including
I large number of usage have been collected by the community effort using following threads in various forums :
So what do you thing what else could be done if you have to opportunity to create a Live Disk
Most of us at one point come to a conclusion that spam bot and Leachers are some of the annoyance of web which needs to be dealt with severly.
so here is one way of doing this if you have Apache Webserver.
.htaccess is the file which can help you on this.
I have collected a list of some most common bot user agent strings used and based on these strings we can block them just by using .htaccess file.