Nullcon CTF BattleUnderground 2011 Walkthrough

Finally after nearly 3 months i have been able to compile the complete walkthrough.

So presenting the walkthrough for Battle underground.

Please keep some notes in mind
1) Most of the stuff is done after servers were shutdown so i have to manage with directions only and not screenshots.
2) Feel free to ask questions or suggest alternative approach if you have any.

As usual PDF uploaded @ Slideshare
Embedded Version here.

Direct download link

View the slides @ slideshare

Do you like what you read, What to share it

protection wordpress username enumeration

After my last post exploiting username enumeration i have looked deep and found a simple workaround to patch your blog for this vulnerability till wordpress has something to add to it.

I am right now using a wordpress plugin : Redirections

Inside the plugin page which comes under : tools -> redirections

Add a new rule with following settings.

Source url : ^(.*)/?author=(.*)
target url : /
Reg Exp : Yes
Match : url only
Action : Redirect to url

and Add Redirection

all done… just try any url with ?author=no

now this url will be redirected back to your main page effectively nullifying the effect of user name enumeration.

Do you like what you read, What to share it

WordPress User Enumeration PoC Shell Script

We have recently seen WordPress User name enumeration Vulnerability disclosure here

Versions Effected are : 2.6, 3.1, 3.1.1, 3.1.3

Here i am enclosing a simple PoC which could be run on Bash Shell.
(Note : PoC on python is already available for those who are curious)


Code could be download from here :

Do you like what you read, What to share it

Hack IM Walk Through : Nullcon – 2011

After nearly one week of finishing the HackIM challenge, I have finally got the time to finally document the whole process with as much link and screen-shots as possible.

However i didn’t went ahead and released the doc at that time coz a lot of users where playing and i don’t wanted to spoil their fun.
However as tomorrow we will have a new game to play, So here i am releasing the document for general public to have a look at the whole contest in a step by step walk through.

However the main aim for doing this is to gather responses from the junta and in turn find optimum ways of solving the problems as well as to get introduced to various other tools and techniques others might have used to perform the task in much simpler and quicker way.

PDF file has been uploaded in Slide-share for sharing purposes.

Embedded Version here.

Direct download link

View the slides @ slideshare

Do you like what you read, What to share it

Howto add PPA in debian

I am back with some more scripting fun.

I have been working on configuring my new debian machine and found one utility very lacking in debian and that was add-apt-repository.
So i set down and took my time out and finally i am able to mix match this simple script.

Disclaimer: I know adding ppa can have adverse effects on debian machines

At this point the work that this script performs is

  1. add the repository of the ppa. (here i am using lucid as the distribution of choice, coz i am using squeeze as my debian version)
  2. add the gpg key to the keyring.


  • This script is at this pointed tested only on one machine. debian Squeeze (mint Flavoured.)

File :

Steps to install this.

  1. Download file

$ wget

2.  Save this file in /usr/sbin/

$ cp /usr/sbin/add-apt-repository

3.  Change permissions to execute

$ chmod o+x /usr/sbin/add-apt-repository

4.  Change ownership to root

$chown root:root /usr/sbin/add-apt-repository

5.  Now when ever you need to execute command type

$ sudo add-apt-repository ppa:ppa-name

Opening this script to larger audience so that we can crowdsource efforts if someone likes it.

hope this can help someone

File :

Change Log

7 – Jan – 2011 : Updated the tutorial to place the file @ /usr/sbin as suggested at various during comments.

6 – Aug – 2011 : Updated the script to deal with the security hole (although not easily exploitable) as suggested by 7eggert at comment no 23

10 Sep – 2011 : bin corrected to sbin in step 3 and 4..  : thanks to Craig for pointing that out

Do you like what you read, What to share it

404-notifier modified for more details


Image by CyboRoZ

I have been using this great plugin by Alex King named as 404-notifier.

This plugin has one specific role and that is to find 404 error on your website and then notify it to you by RSS or E-mail.

But the e-mail generated are not of much use as it tells me only one part of story i.e. URL that was hit and got 404.

So i modified the code and now it makes a lot of sense and gives me some inside on what is actually happening.

So my latest code and send out messages with following details. (providing Pic of the sample message.)

and i have been using this for past 1 yr on my blog. so what exactly i can get from this extra info.

If the link is not refereed by any page then it means that link is either marked as bookmark or some automated bot is trying to access the URL.

User Agents tells a lot more about who is accessing the link.

and just in case you don’t what to be irritated by a perticular user you always have his I.P. address to block him in htaccess.

So i have launched the modifed code at 404-notifier @ google code

hope this code can help someone.

Do you like what you read, What to share it

Innovative and interesting usage of Linux Live Disk’s


Photo by bulinna

While searching for some stuff on Internet i came across this post about interesting usage of ubuntu livecd and was wondering how many more methods are possible.

So some basic usage of live cd that everyone understands and atleast expects from a live disk.

  • Bootable Operating system disk

On top of that a large array of disk’s also work in various ways possible some of them listed here :

So Here is a non exhaustive list of innovative usage of Live CD’s (already implemented or non implemented.)

  • Banks Providing Live CD with Browser Homepaged to Bank Website.
  • Internet Cafe’s operating on Live CD, Refer Internet Kiosk link here
  • To Setup Diskless dumb terminals / Thin clients booting on Live Disk for cheap workstation alternative. LTSP will be a good alternative
  • Ethical Hacking
  • Un Ethical Hacking or Cracking.
  • Disaster Recovery.
  • Forensic evidence collection.
  • Testing any Distro before switching to it.
  • OS on the RUN (when using Live USB mode)(or custom build)
  • Portable Electronic Workbench. <- Preinstalled toolkit for electronics development.
  • Portable Testing Workbench. <- complete with software testing tools installed
  • Portable bio informatics workbench
  • Quick Deployable bastion host
  • Quick Deployable / Easily Resettable Firewall.
  • Portable WebServer with demo (for web development organizations.) (Browser opening and showing the webpages)
  • Live Gaming Disc for LAN parties / Software Demo.
  • Backup O.S. in case of Hardware failure.
  • Backup, rescue and recovery of files from corrupt OS / Corrupt Partition / deleted files.
  • mass setup / replication of system in corporate or other large scale setup
  • System Migration. (burn a disk in one and reinstall in second)
  • Dedicated partitioning tool for hardware vendors and enthusiast’s
  • Cluster on Live CD / Load balancer on live Disk.
  • Virus cleaning Kit. (antivirus, rootkit checker, togen and malware detector.)

some other very innovative usage that came in during discussion including

  • Coasters
  • Wheels
  • Frisbee

I large number of usage have been collected by the community effort using following threads in various forums :

So what do you thing what else could be done if you have to opportunity to create a  Live Disk

Do you like what you read, What to share it