«
Expand/Collapse
56 items tagged "don"
Related tags:
hackaday [+],
robot [+],
list [+],
home [+],
web [+],
stinkin badges [+],
stinkin [+],
shawn merdinger [+],
security event [+],
robots [+],
physical security [+],
input systems [+],
hacking [+],
google [+],
fabian mihailowitsch [+],
entertainment [+],
company [+],
chaos communication congress [+],
badges [+],
arduino [+],
application intelligence [+],
BackTrack [+],
usa [+],
tool [+],
threat [+],
tablet [+],
social engineering [+],
read [+],
print [+],
presentation slides [+],
patrick mccabe [+],
owasp [+],
nbsp [+],
modeling [+],
misc [+],
microcontrollers [+],
may [+],
links [+],
ipad [+],
code [+],
cloud [+],
android [+],
ambilight [+],
Wireless [+],
Howto [+],
hacks [+],
zigbee [+],
wxf [+],
wireless doorbell [+],
wifi [+],
whitepaper [+],
whistles [+],
wheel button [+],
wheel [+],
website penetration [+],
webfilter [+],
web filter [+],
way [+],
watering [+],
wardriving [+],
want [+],
wanna [+],
vulnerability assessments [+],
vulnerability assessment [+],
vulnerability [+],
vnc server [+],
video [+],
version [+],
utopia [+],
utah [+],
use [+],
usb joystick [+],
usb enclosure [+],
usb [+],
uav [+],
two colors [+],
tuna fish [+],
tuna [+],
travis goodspeed [+],
trashed [+],
transportation [+],
transistor gates [+],
transfer protocol ftp [+],
toy [+],
toolkit [+],
time lapse camera [+],
time don [+],
time [+],
three strings [+],
test reports [+],
television [+],
target [+],
system [+],
switch [+],
studio photography [+],
studio [+],
street fighter [+],
stockholm [+],
sticky note [+],
steering wheel [+],
sparkfun [+],
source [+],
softbox [+],
social engineer [+],
simon inns [+],
set [+],
server message block [+],
server [+],
serial protocol [+],
self tuning [+],
security [+],
script kiddy [+],
salted [+],
rfid reader [+],
rfid [+],
reprap [+],
repeater [+],
reason [+],
reader [+],
rant [+],
rain barrels [+],
rain barrel [+],
rain [+],
radio [+],
quinn dunki [+],
qr code [+],
pumping station [+],
prototyping [+],
protocol [+],
projector [+],
printers [+],
power supply [+],
power adapter [+],
power [+],
post [+],
poker odds [+],
poker game [+],
poker [+],
plethora [+],
playstation [+],
playing chess against the computer [+],
play station 3 [+],
play station [+],
play ground [+],
piano [+],
photos [+],
photography [+],
personality [+],
peripherals [+],
pentest [+],
penetration [+],
pen [+],
pdf [+],
patrick [+],
parameter names [+],
page [+],
oscilloscope [+],
open source version [+],
open source implementation [+],
old tv [+],
office mates [+],
office [+],
offering [+],
occifer [+],
o matic [+],
nut shell [+],
news [+],
need [+],
mysql oracle [+],
my website [+],
my web [+],
my name [+],
musical [+],
music [+],
multitouch [+],
mixing colors [+],
mixing [+],
mindflex [+],
mileage [+],
messagepad [+],
maze [+],
malware [+],
makerbot [+],
make [+],
macbook [+],
mac os [+],
mac [+],
low water pressure [+],
lost keys [+],
liu [+],
linux os [+],
linux [+],
link [+],
lib [+],
lego pieces [+],
leds [+],
led [+],
leavers [+],
larry [+],
laptops [+],
krakow [+],
korek [+],
kinect [+],
kilo [+],
killswitch [+],
keyword list [+],
keyword [+],
keypad [+],
joystick [+],
john [+],
japan [+],
jailbreak [+],
iterations [+],
ipwraw [+],
ipod [+],
ipads [+],
international benchmark [+],
intermediate [+],
i.s.e [+],
hunting [+],
htpc [+],
household penetration [+],
home entertainment system [+],
hobby store [+],
high voltage [+],
high frequency [+],
hexapod [+],
header [+],
head [+],
hashes [+],
hand bell [+],
hand [+],
halloween [+],
hadouken [+],
grub [+],
green [+],
gentle slope [+],
gadget [+],
g page [+],
full adder [+],
framework [+],
foot [+],
fob [+],
file transfer protocol [+],
file [+],
filament [+],
fiber [+],
eric [+],
engineer [+],
eio [+],
drive [+],
doors [+],
doorbell [+],
don gilmore [+],
diy [+],
disk [+],
dirty fingers [+],
digital logic [+],
digital [+],
delta theta [+],
dave kennedy [+],
daniel [+],
cyber [+],
creation functions [+],
crank arm [+],
core module [+],
copter [+],
contests [+],
contest winner [+],
contest [+],
concepts [+],
command [+],
colored balloons [+],
coffee [+],
cnc [+],
clone [+],
clock kit [+],
clock [+],
cktricky [+],
chess against the computer [+],
chess [+],
car puccino [+],
can [+],
cameras [+],
camera module [+],
bypass [+],
button presses [+],
button [+],
burning car [+],
burning [+],
building [+],
bsides [+],
broadband [+],
breathalyzer [+],
box [+],
bot [+],
board [+],
blood [+],
bell [+],
atlanta [+],
apple filing [+],
anyone [+],
and [+],
amplifier [+],
amp [+],
amazing toys [+],
aluminum [+],
alex [+],
alchohol [+],
aircrack [+],
afp [+],
admin [+],
access panel [+],
Supporto [+],
Software [+],
Pentesting [+],
HackIt [+],
Fixes [+],
Bugs [+],
3d printing [+],
3d printer [+],
3d mapping [+]
-
-
5:01
»
Hack a Day
3d printing has come huge strides in ability to construct detailed objects. Unfortunately, color is still a considerable limitation. Here, some people at the Reprap blog are having fun coming up with an extruder head that actually mixes two colors as it deposits them. Don’t confuse this with the dual head that Makerbot is touting [...]
-
-
8:01
»
Hack a Day
Amazing ass… for a robot Yep, Japan still has the creepy robotics market cornered. Case in point is this robotic posterior. Don’t worry, they’ve included a dissection so you can see how the insides work too. [via Gizmodo] Time-lapse camera module results As promised, [Quinn Dunki] sent in a link to the photo album from [...]
-
-
5:00
»
Carnal0wnage
Several (tm) months back I did my talk on "From LOW to PWNED" at
hashdays and
BSides Atlanta.
The slides were published
here and the video from hashdays is
here, no video for BSides ATL.
I consistently violate
presentation zen and I try to make my slides usable after the talk but I decided to do a few blog posts covering the topics I put in the talk anyway.
Post [1] Exposed Services and Admin Interfaces
Exposed Services:An example of exposed services and making sure you check for default and common passwords. so first example is a VNC server with no password. This gives us a HIGH severity finding
The following is a VNC server with a password of "password"
see the problem? Same thing goes for SSH, Telnet, FTP, etc. Don't forget about databases as well, MS SQL, MySQL, Oracle, Postgres listening out to the Internet at large.
Admin Interfaces:Admin interfaces can be gold. the problem is 1) you have to find them on the random ass port they are running on and 2) you have to get eyes on them. this can be a hassle/problem/hard to do.
So to bring the "low" to it. some random HTTP server gets you this in Nessus
Now, to be fair this could be totally accurate, but the point is you need to look at what is being served on this HTTP server, could be something could be nothing, no way to know unless you look. Finding useful HTTP pages on all the random ports can be challenging.
Here is a possible methodology for doing it:
- Nmap your range
- Import your nmap results into metasploit
- Use the db_ searches to pull out a list of hosts & ports
- With the magic of scripting languages make that list into an html page(s)
- Use linky to open all those links
Kinda goes like this:
after you have imported your nmap results, uses the services option.
If its populated you'll get a list or results like the below
Output that stuff to a CSV
msf > services -o /tmp/demo.csv
Take that CSV and run some ruby on it
The above code will output an html file that you can open with
linky
linky will open each link in a new tab allowing you a way to get eyes on each of those random HTTP(S) services.
You can now start intelligently trying default passwords or viewing exposed content.
Thoughts?
-CG
-
-
18:05
»
Hack a Day
Remember the times before the iPad existed? When a tablet PC was actually a full computer in a tablet form factor? Yeah, those days we were all so very optimistic about the future of tablet computing. Don’t think we don’t appreciate the new amazing toys that we’ve got around with the plethora of tablets to [...]
-
-
15:21
»
Hack a Day
Don’t mind me, I’m just listening to some tunes during our poker game. Well, that and getting some electronic coaching about poker odds. This board lets you wiggle your toes to input the upcards, and those in your hand. After each entry the gadget will tell you your odds of winning the hand. Take it [...]
-
-
6:01
»
Hack a Day
Don’t get your dirty fingers on the glass [Poke] sent in a video of him using Android devices with a wiimote and PS3 controller. The build uses the Joystick2Touch and the USB Joystick Center app. Root is required, but this will be very useful when tv-sized Android devices start showing up. Wonderful restoration work [John] sent in [...]
-
-
22:36
»
SecDocs
Authors:
Fabian Mihailowitsch Tags:
web application intelligence Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: For years, we tried to identify vulnerable systems in company networks by getting all the companies netblocks / ip addresses and scanning them for vulnerable services. Then with the growing importance of web applications and of course search engines, a new way of identifying vulnerable systems was introduced: "Google hacking". However this approach of identifying and scanning companies ip addresses as well as doing some Google hacking for the (known) URLs of the company doesn't take all aspects into account and has some limitations. At first we just check the systems which are obvious, the ones that are in the companies netblocks, the IP addresses that were provided by the company and the URLs that are known or can be resolved using reverse DNS. However how about URLs and systems that aren't obvious? Systems maybe even the company in focus forgot? Second, the current techniques are pretty technical. They don't take the business view into account at any point. Therefore we developed a new technique as well as framework to identify companies’ web pages based on a scored keyword list. In other words: From zero to owning all of a company’s existing web pages, even the pages not hosted by the company itself, with just a scored keyword list as input. Systems that are hosted by third parties, web pages that were just released for a marketing campaign, maybe even by a third party marketing company but within the name of the company we want to check? Possibly not even the company does remember all the web applications and domains that are running under his name. These systems/applications won’t be detected using traditional techniques and thus impose a potential security risk for the company. Second, the current techniques are pretty technical. They don't take the business view into account. That means, we try to identify certain applications using technical information like version banner or the comapnies ip addresses in order to identify his systems. But how about the other way around, trying to identify applications and systems by using the company’s business data (e.g. product names, company names, tax identification numbers, contact persons, …) and then test the identified systems and applications for vulnerabilities? That is what we did. The idea is to build up a scored keyword list for the company in focus. This list contains general keywords like the company name, product names, more detailed keywords like an address contained in imprints and very specific keywords like the companies tax number. Every keyword in that list is then rated by human intelligence. Which means specific keywords do have a higher scoring than general keywords. In the next step a spider uses these keywords to query search engines like bing, google, etc. for the keywords and stores all the web sites URLs identified in a database with their scoring. If a web site that already is in the database is found for another keyword, just the score of that entry is increased. At the end, we get a list of websites that contained one or more of the keywords, along with a scoring for each web site. Then the URL is taken and checked whether it contains one of the keywords (e.g. company name). If this is the case, the scoring of the page is increased again. Then for each entry the FQDN as well as the ip is resolved and a whois query is executed. If that whois record does contain the company name, the scoring is increased again. Furthermore the country codes are used to remove results which are not in the target country. At the end of that process, we do have a list of URLs and FQDNs that could be found using company specific key words. Furthermore that list is scored. Since during that process you get (based on your keyword list) hundred thousands of unique hits, you have to minimize that list. Therefore we did some research on the results generated and found a decent way to minimize the results to an amount that can be checked manually by a human. Then those identified company web pages are passed to a crawler that just extracts external links from those pages, with the idea that correct company pages might link to other company pages, and integrates them to the results list. Using these technique in practice it is possible to identify a lot of web sites hosted (even by third parties) for one company. During the crawling process not just external links are extracted but all forms, HTTP parameters as well as certain parts of the web content are stored. Thus besides a list, we do have a "mirror" of the web page as well as the forms and dynamic functions that pose an attack surface. The information collected can then be used as input to special analysis modules. For some of our projects we integrated WAFP (Web Application Finger Printer), SQLMap and other well known tools as well as some other self written fuzzers and fingerprinters into that process. This way the whole process, from identifying web pages belonging to a certain company up to analyzing those for vulnerabilities can be totally automated. In other words: From zero to owning all of a company’s existing web pages, even the pages not hosted by the company itself, with just a scored keyword list as input. During our talk we will present our idea as well as our approach of identifying vulnerable web applications that belong to a certain company, based on business data. Furthermore we will explain how our framework is structured and how it does the searching as well as the vulnerability assessment in an automated way. So everybody who is interested will be able to implement his own version or adapt certain ideas for his projects. Besides just telling you how it could work, we will also present our framework that performs all of the steps described above automatically in a demo.
-
22:36
»
SecDocs
Authors:
Fabian Mihailowitsch Tags:
web application intelligence Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: For years, we tried to identify vulnerable systems in company networks by getting all the companies netblocks / ip addresses and scanning them for vulnerable services. Then with the growing importance of web applications and of course search engines, a new way of identifying vulnerable systems was introduced: "Google hacking". However this approach of identifying and scanning companies ip addresses as well as doing some Google hacking for the (known) URLs of the company doesn't take all aspects into account and has some limitations. At first we just check the systems which are obvious, the ones that are in the companies netblocks, the IP addresses that were provided by the company and the URLs that are known or can be resolved using reverse DNS. However how about URLs and systems that aren't obvious? Systems maybe even the company in focus forgot? Second, the current techniques are pretty technical. They don't take the business view into account at any point. Therefore we developed a new technique as well as framework to identify companies’ web pages based on a scored keyword list. In other words: From zero to owning all of a company’s existing web pages, even the pages not hosted by the company itself, with just a scored keyword list as input. Systems that are hosted by third parties, web pages that were just released for a marketing campaign, maybe even by a third party marketing company but within the name of the company we want to check? Possibly not even the company does remember all the web applications and domains that are running under his name. These systems/applications won’t be detected using traditional techniques and thus impose a potential security risk for the company. Second, the current techniques are pretty technical. They don't take the business view into account. That means, we try to identify certain applications using technical information like version banner or the comapnies ip addresses in order to identify his systems. But how about the other way around, trying to identify applications and systems by using the company’s business data (e.g. product names, company names, tax identification numbers, contact persons, …) and then test the identified systems and applications for vulnerabilities? That is what we did. The idea is to build up a scored keyword list for the company in focus. This list contains general keywords like the company name, product names, more detailed keywords like an address contained in imprints and very specific keywords like the companies tax number. Every keyword in that list is then rated by human intelligence. Which means specific keywords do have a higher scoring than general keywords. In the next step a spider uses these keywords to query search engines like bing, google, etc. for the keywords and stores all the web sites URLs identified in a database with their scoring. If a web site that already is in the database is found for another keyword, just the score of that entry is increased. At the end, we get a list of websites that contained one or more of the keywords, along with a scoring for each web site. Then the URL is taken and checked whether it contains one of the keywords (e.g. company name). If this is the case, the scoring of the page is increased again. Then for each entry the FQDN as well as the ip is resolved and a whois query is executed. If that whois record does contain the company name, the scoring is increased again. Furthermore the country codes are used to remove results which are not in the target country. At the end of that process, we do have a list of URLs and FQDNs that could be found using company specific key words. Furthermore that list is scored. Since during that process you get (based on your keyword list) hundred thousands of unique hits, you have to minimize that list. Therefore we did some research on the results generated and found a decent way to minimize the results to an amount that can be checked manually by a human. Then those identified company web pages are passed to a crawler that just extracts external links from those pages, with the idea that correct company pages might link to other company pages, and integrates them to the results list. Using these technique in practice it is possible to identify a lot of web sites hosted (even by third parties) for one company. During the crawling process not just external links are extracted but all forms, HTTP parameters as well as certain parts of the web content are stored. Thus besides a list, we do have a "mirror" of the web page as well as the forms and dynamic functions that pose an attack surface. The information collected can then be used as input to special analysis modules. For some of our projects we integrated WAFP (Web Application Finger Printer), SQLMap and other well known tools as well as some other self written fuzzers and fingerprinters into that process. This way the whole process, from identifying web pages belonging to a certain company up to analyzing those for vulnerabilities can be totally automated. In other words: From zero to owning all of a company’s existing web pages, even the pages not hosted by the company itself, with just a scored keyword list as input. During our talk we will present our idea as well as our approach of identifying vulnerable web applications that belong to a certain company, based on business data. Furthermore we will explain how our framework is structured and how it does the searching as well as the vulnerability assessment in an automated way. So everybody who is interested will be able to implement his own version or adapt certain ideas for his projects. Besides just telling you how it could work, we will also present our framework that performs all of the steps described above automatically in a demo.
-
22:36
»
SecDocs
Authors:
Fabian Mihailowitsch Tags:
web application intelligence Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: For years, we tried to identify vulnerable systems in company networks by getting all the companies netblocks / ip addresses and scanning them for vulnerable services. Then with the growing importance of web applications and of course search engines, a new way of identifying vulnerable systems was introduced: "Google hacking". However this approach of identifying and scanning companies ip addresses as well as doing some Google hacking for the (known) URLs of the company doesn't take all aspects into account and has some limitations. At first we just check the systems which are obvious, the ones that are in the companies netblocks, the IP addresses that were provided by the company and the URLs that are known or can be resolved using reverse DNS. However how about URLs and systems that aren't obvious? Systems maybe even the company in focus forgot? Second, the current techniques are pretty technical. They don't take the business view into account at any point. Therefore we developed a new technique as well as framework to identify companies’ web pages based on a scored keyword list. In other words: From zero to owning all of a company’s existing web pages, even the pages not hosted by the company itself, with just a scored keyword list as input. Systems that are hosted by third parties, web pages that were just released for a marketing campaign, maybe even by a third party marketing company but within the name of the company we want to check? Possibly not even the company does remember all the web applications and domains that are running under his name. These systems/applications won’t be detected using traditional techniques and thus impose a potential security risk for the company. Second, the current techniques are pretty technical. They don't take the business view into account. That means, we try to identify certain applications using technical information like version banner or the comapnies ip addresses in order to identify his systems. But how about the other way around, trying to identify applications and systems by using the company’s business data (e.g. product names, company names, tax identification numbers, contact persons, …) and then test the identified systems and applications for vulnerabilities? That is what we did. The idea is to build up a scored keyword list for the company in focus. This list contains general keywords like the company name, product names, more detailed keywords like an address contained in imprints and very specific keywords like the companies tax number. Every keyword in that list is then rated by human intelligence. Which means specific keywords do have a higher scoring than general keywords. In the next step a spider uses these keywords to query search engines like bing, google, etc. for the keywords and stores all the web sites URLs identified in a database with their scoring. If a web site that already is in the database is found for another keyword, just the score of that entry is increased. At the end, we get a list of websites that contained one or more of the keywords, along with a scoring for each web site. Then the URL is taken and checked whether it contains one of the keywords (e.g. company name). If this is the case, the scoring of the page is increased again. Then for each entry the FQDN as well as the ip is resolved and a whois query is executed. If that whois record does contain the company name, the scoring is increased again. Furthermore the country codes are used to remove results which are not in the target country. At the end of that process, we do have a list of URLs and FQDNs that could be found using company specific key words. Furthermore that list is scored. Since during that process you get (based on your keyword list) hundred thousands of unique hits, you have to minimize that list. Therefore we did some research on the results generated and found a decent way to minimize the results to an amount that can be checked manually by a human. Then those identified company web pages are passed to a crawler that just extracts external links from those pages, with the idea that correct company pages might link to other company pages, and integrates them to the results list. Using these technique in practice it is possible to identify a lot of web sites hosted (even by third parties) for one company. During the crawling process not just external links are extracted but all forms, HTTP parameters as well as certain parts of the web content are stored. Thus besides a list, we do have a "mirror" of the web page as well as the forms and dynamic functions that pose an attack surface. The information collected can then be used as input to special analysis modules. For some of our projects we integrated WAFP (Web Application Finger Printer), SQLMap and other well known tools as well as some other self written fuzzers and fingerprinters into that process. This way the whole process, from identifying web pages belonging to a certain company up to analyzing those for vulnerabilities can be totally automated. In other words: From zero to owning all of a company’s existing web pages, even the pages not hosted by the company itself, with just a scored keyword list as input. During our talk we will present our idea as well as our approach of identifying vulnerable web applications that belong to a certain company, based on business data. Furthermore we will explain how our framework is structured and how it does the searching as well as the vulnerability assessment in an automated way. So everybody who is interested will be able to implement his own version or adapt certain ideas for his projects. Besides just telling you how it could work, we will also present our framework that performs all of the steps described above automatically in a demo.
-
-
14:16
»
Hack a Day
Wardriving started out as a search for unprotected WiFi access points before hot spots were prevalent. And so this ZigBee protocol wardriving hardware which [Travis Goodspeed] put together really gives us a sense of nostalgia for that time. Don’t get us wrong, we love our pervasive WiFi access and don’t wish to go back to simpler [...]
-
-
9:33
»
Packet Storm Security Recent Files
These are the presentation slides from a talk called Threat Modeling Cloud Applications: What You Don't Know Will Hurt You as presented at the OWASP AppSec USA 2011 conference.
-
9:33
»
Packet Storm Security Misc. Files
These are the presentation slides from a talk called Threat Modeling Cloud Applications: What You Don't Know Will Hurt You as presented at the OWASP AppSec USA 2011 conference.
-
-
14:45
»
Hack a Day
At Hack a Day, we don’t throw the term genius around lightly. We’re obligated to bestow that title on [Don Gilmore] for his amazingly simple self-tuning piano. To appreciate [Don]‘s build, you need to realize that just because a piano has 88 keys, that doesn’t mean it has 88 strings. Treble notes have three strings per [...]
-
-
5:53
»
Hack a Day
So your hard drive quit working. Don’t despair, with a “little” work your disk can be repurposed into a clock like the one seen above. I made this clock after several iterations of various success, including the first revision, which was simply the platter with a clock kit from a hobby store screwed into the [...]
-
-
20:23
»
Hack a Day
There was a recent announcement that G+ opened the doors to businesses and organizations for g+ pages. This means we can have an official G+ page with google’s blessing. We’ve opened one up here. We plan on having “hangouts” from time to time so people can show off what they’ve done. Don’t worry if you’re [...]
-
-
15:01
»
Hack a Day
Finally, the USB port on the back of your television can be tapped for something useful. [Don] is using this add-on device to automatically cut the power to his Ambilight clone. Initially, he got tired of unplugging the power adapter each time he shut off the television, so he added a switch. But laziness overcame [...]
-
-
7:01
»
Hack a Day
Don’t you hate that feeling, the one you get when you have just realized that you have no clue where you may have left your keys? If you are unlucky enough to have lost them in a public place, odds are they are as good as gone. Pumping Station One member [celtwolf] thought it would [...]
-
-
11:01
»
Hack a Day
[Don] put together a guide that will help you build your own Ambilight Clone for about $40 plus the cost of an Arduino. He’s using it with the HTPC seen above, and utilized modular concepts in building it so that you can easily disconnect your Arduino board when you want to use it for prototyping. For RGB [...]
-
-
15:53
»
Hack a Day
If you’ve always wanted a 3D printer, here’s your chance to win one. Makerbot Industries wants the Internets to design a new mascot for them. The contest winner will receive a Makerbot Thing-o-matic. Don’t worry about a chicken or egg situation with this contest. You don’t actually need to print your design (although printability is [...]
-
-
9:01
»
Hack a Day
When [Liu] decided he wanted one of the new iPads, rather than fork out the cash he decided to build his own tablet Mac. His creation functions just as you would expect any tablet PC with some nice extra features such as running on Windows XP for any of you Microsoft lovers. [Lui’s] tablet apparently [...]
-
-
12:42
»
Hack a Day
Softboxes are often considered a must-have piece of equipment when doing any sort of portrait or studio photography. While they are not the most expensive photography accessory, they can be built far cheaper than you would pay for an off the shelf model. [Don] needed a softbox for his studio, and he ended up constructing [...]
-
-
5:55
»
Carnal0wnage
I've created a video on how to use the latest module addition to the buby family of modules in wXf. The purpose behind the module is to search Burp's history and seek out parameters in requests to an application which match our list of keywords. The keywords are basically parameters that might warrant manual analysis.
Consider we've made the following requests:
http://www.example.com/welcome.php
http://www.example.com/resource.php?accountid=
http://www.example.com/help.php?page=1
Most folks would agree that the request with a parameter of
accountid warrants some manual analysis. On a larger scale (think thousands of requests), this can be tedious to search and then send to intruder or repeater. So the idea is that we have a keyword list to help speed things up, when a match is found, an alert is sent to burp and the request is sent over to repeater & intruder for manual analysis.
As of now the keyword list in wXf isn't huge but I plan on adding to it over the next few days. If you'd like to utilize GitHub's fork/edit/merge function to contribute interesting parameter names please fork the following
file.
If you have a personal keyword list that you'd like to use privately that is okay too. The video shows you how to add a file under the datum directory and reload the list of "lfiles" (files under the datum directory).
Don't forget that if you have questions on usage, installation or anything else we've provided documentation
here .
Lastly, here is the video:
wXf module buby/keyword_search_send from cktricky on Vimeo.
-
-
5:11
»
Hack a Day
[Patrick McCabe] enjoys the challenge of playing chess against the computer but he wasn’t satisfied with the flat experience of on-screen gaming. No problem, he just built his own gantry-style chess robot that he can play against. Don’t be confused, he still doesn’t have to touch the pieces, but instead uses the dedicated control board [...]
-
-
4:00
»
Hack a Day
Hackaday reader [Danukeru] sent us a video featuring a box-based robot with an interesting personality. The box is fairly simple and from the outside seems to consist only of a switch and an LED. When the switch is flipped however, the box comes to life. When the box is activated, the lid opens, and a [...]
-
-
8:01
»
Hack a Day
[Patrick McCabe's] latest offering is a well-built maze-solving bot. This take on the competitive past-time is a little more approachable for your common mortal than the micro-bot speed maze solving we’ve seen. Don’t miss seeing the methodical process play out in the clips below the fold. The playing field that [Patrick's] robot is navigating is made up [...]
-
-
19:14
»
Carnal0wnage
So first a disclaimer, i didnt listen to the referenced podcast, this is based solely of this blog post:
http://newschoolsecurity.com/2011/04/data-driven-pen-testsSo I’m listening to the “Larry, Larry, Larry” episode of the Risk Hose podcast, and Alex is talking about data-driven pen tests. I want to posit that pen tests are already empirical. Pen testers know what techniques work for them, and start with those techniques.
What we could use are data-driven pen test reports. “We tried X, which works in 78% of attempts, and it failed.”
We could also use more shared data about what tests tend to work.
Thoughts?
Dre's response to the post was surprising to me, he listed a bunch of tools that seem to do correlating of pentest results into a portal so you can trend over time. Cool idea, i'll give the people that. But to me when we start jumping into repeatable metrics driven stuff we are in Vulnerability Assessment land, not pentesting land.
Here is the comment I left:
I like the idea and i think it could be useful.However, they need to drop the pentest part. you are solidly into the vulnerability assessment part of things when you are talking about “ok, i tried 1,2,3,4,5 and 1 & 3 worked” ok on to the next set of tests… thats vulnerability assessment (with exploitation if you want to get technical) and not pentesting.
pentesting is about that human looking at the problem and figuring out how to break it, not some scanner, thats going to be very hard to standardize and put hard numbers on and i dont think its going to be possible without tying up your tester’s time with bullshit.
I'm all for "repeatable" pentests. You should have a methodology for each type of test, but when you are paying for human's time you should be paying for them to go after the site like a human would and not how a scanner would or not in a way where i'm worried about religiously following some checklist because if i don't the metrics get all fucked up. Your pentest should come after you have thrown the kitchen sink at it scanner wise.
as an added bonus this post was right below the new school post in my Google reader:
http://coding-insecurity.blogspot.com/2011/04/developing-good-methodology-part-3.htmlThis post and really any methodology document you will ever read or write will have gaps, because no document on this subject can ever really be 100% all inclusive of every vulnerability and the myriad of variations that exist for many of these.
I think it drives the point home as well.
-CG
-
-
6:05
»
Hack a Day
Don’t get us wrong, printable whistles are cool and all, but these printable header shrouds make us think that filament printers like the Makerbot and RepRap might just be worth their salt. This utilitarian purpose is a departure from the souvenirs, toys, and art that we’re used to seeing from the expensive development toys tools. The six and [...]
-
-
6:05
»
Hack a Day
In need of an amplifier for his home entertainment system [Afroman] decided to build an amp rather than buying one. If nothing else, doing it himself allowed for a form factor that can’t just go out and buy. He designed the project on two separate boards, one for the power supply and the other for [...]
-
-
7:54
»
Hack a Day
You can make those buttons on your steering wheel much more functional if you have a way of monitoring them. Don’t even think of cracking open the factory finish to get to the solder points, just tap into the CAN bus and monitor the data traffic. The small board seen above is the result of [...]
-
-
4:03
»
Hack a Day
Need an oscilloscope? Want to see the music? Don’t have money, but do have a old TV? Then this TV to oscilloscope mod may be right up your alley. Now don’t go running off just yet, when you’re working inside of a CRT device you are exposed to mains current, high voltage, and high frequency, [...]
-
-
11:01
»
Hack a Day
The latest robot out of Nolebotic is Al.I.S.E, or Aluminum, Infrared Scanning Entity. Don’t let the name fool you, its a pretty simple take on the classic hexapod walking platform using a crank arm and leavers made into the legs. The body of the robot is made out of aluminum which is pretty easy to [...]
-
-
12:00
»
Hack a Day
Don’t just build a UAV, use it to blow things up. In this case a tri-copter seeks out colored balloons and pops them using low-grade fireworks. We’ve seen this type of flying armament before, but not in a ‘copter form factor. It looks like the targeting and firing is done by an operator, and is [...]
-
-
7:03
»
Hack a Day
Don’t reach for a sticky note when you need to leave a message for your office mates, write it down on a 12 foot LED marquee. [Kitesurfer1404] built this for his home office, but we’re sure he’ll find fun stuff to use it for. The display has 512 LEDs driven by plain old 595 shift [...]
-
-
5:00
»
Hack a Day
[Simon Inns] has put together a lesson in digital logic which shows you how to build your own gates using transistors. The image above is a full-adder that he fabricated, then combined with other full adders to create a 4-bit computer. Don’t know what a full adder is? That’s exactly what his article is for, [...]
-
-
13:40
»
Hack a Day
[Don't stop the clock] is doing some work with a projector, a camera, and the Kinect. What he’s accomplished is quite impressive, combining the three to manipulate light with your body. The image above is a safer rendition of the Hadouken from the Street Fighter video games, throwing light across the room instead of fire. [...]
-
-
12:00
»
Hack a Day
It turns out that hacking together a security keypad is remarkably simple if you know what you’re doing. [Don] needed to add a keypad with an RFID reader on it. He had previously built a USB RFID reader and thought he could integrate those concepts into the new unit. He once again started with a [...]
-
-
10:00
»
Hack a Day
Tired of hearing that flat sounding wireless doorbell when visitors happen to come by? Don’t get rid of it, improve it by adding a real bell. This hack rigs up a small hand bell to the wireless doorbell receiver. It was prototyped using LEGO pieces to shake the sound out of the bell, but the [...]
-
6:30
»
SecDocs
Authors:
Dave Kennedy Tags:
social engineering Event:
Hack3rCon 2010 Abstract: The Social-Engineer Toolkit (SET) has become a standard when it comes to social-engineering attacks and new and innovative ways in attacking the end-user. This talk will cover SET and its capabilities as well as introduce some new features and a new release. SET combines multiple attack vectors into an easily drivable interface that allows the attacker to perform advanced social-engineering attacks and compromise the intended host. Metasploit browser exploits, Custom-built Java Applet attacks, E-Mail Spear-Phishing, and much more is all integrated into the toolkit. Don't miss this talk on how to hack the human mind and utilize one of the most powerful social-engineer tools ever made.
-
-
21:06
»
SecDocs
-
-
9:33
»
Hack a Day
Don’t steal. It’s a lesson that children are taught from the youngest age and a core principle in every society. The PSGroove sets out to follow this mantra in several ways. It is an open source implementation of the PSJailbreak hardware we covered a couple of weeks back. It’s difficult to find a definitive source [...]
-
-
23:31
»
remote-exploit & backtrack
What is the name of the tool/feature
REMOTE PENETRATION OS
What is the URL of the home page of the tool/feature
LINK IS NOT ABLE TO POST BECAUSE I HAVE NOT 15 POST BUT TYPE MY NAME ASHIKALI IN GOOGLE YOU WILL FIND MY WEBSITE OR JUST ATTACH .COM BEHIND MY NAME THAT IS MY WEBSITE
What is the link to the source of the tool/feature
LINK IS NOT ABLE TO POST BECAUSE I HAVE NOT 15 POST JUST GO ON MY WEB THERE IN OPERATING SYSTEM SECTION YOU WILL BE ABLE TO FIND THIS TOOL
Why should we include this tool/feature
REASON 1> RPOS IS GIVING TOTAL WEBSITE PENETRATION TESTING CONCEPT
REASON 2> RPOS IS THE TOOL WHICH IS WORKING BASED ON PROPAR PENETRATION TESTING SYSTEM
REASON 3> EASY AND FAST PENETRATION TESTING OF WEB APPLICATION VULNERABILITY
REASON 4> EASY TO USE
REASON 5> 116 DIFFERENT TASK FOR PENETRATION TESTING
REASON 6> A COMBINATION OF TOOL
REASON 7> CAN INSTRUCT TO OS
REASON 8> FULLY CUSTOMIZABLE
REASON 9> 11 HIDDEN TASK FOR 11 TYPES OF USERS
REASON 10> GENERATE PENETRATION REPORT
REASON 11> COVERED ALL MOST ALL THE WEB HACKING TECHNIQUES
REASON 12> FAST PROCESS BECAUSE OF THREADING
Is there already a tool which provides the same functionality
I DON'T THINK THAT THERE IS ANY TOOL IS AVAILABLE ON INTERNET WHICH ARE PROVIDE SAME FUNCTIONALITY OF THIS TOOL THIS IS UNIQUE TOOL
What sort of licensing does the tool have
GPL V3
Can we contact the author if needed for questions/patch's
YOU MAY CONTACT ME AT ASHIKALI1208[AT]YAHOO[D0T]COM
Is the tool still maintained? Does the site look active?
THE TOOL IS COMPLETED AND SITE IS ACTIVE
FOR MORE INFORMATION AND TOOLS FUNCTION READ HERE
NEW FEATURES [UPDATES] [CHANGE LOG]
-----------------------------
1> NOW TOOL HAS JUMPING PROXY SUPPORT SO ONCE YOU ACTIVATE THIS TASK AFTER EACH OF THE TASK WILL BE USE DIFFERENT PROXY YOU NO NEED TO CHANGE ITS MANUALLY.
2> NEW FUNCTION ADDED FOR REMOTE DESKTOP BRUTE FORCING NOTE: THIS TASK IS PERFORMED BY TSGRIENDER
3> THE COOLEST FUNCTION IS THAT IT HAS ADDED RDP BRUTE FORCING FROM RANGE OF IP. FIRST TOOL WILL COLLECT ALL THE IP WHICH HAVE PORT3389 IS OPEN AND THEN IT WILL BRUTE FORCE IT
4> NOW YOU CAN CRACK ENCRYPTION USING 2 MORE METHODS , ONLINE AND ALSO BY AUTO WORDS PATTERN
5> NOW ALL THE OUTPUT WILL BE STORED IN FILE
6> I HAVE FILTERED FEW OUTPUT
7> CREDIT SECTION UPDATED
8> HELP SECTION UPDATED
9> OS FINGERPRINTING, SSL FINGERPRINTING, AND DATABASE FINGERPRINTING ADDED.
10> AUTO UPDATE MESSAGE WILL DISPLAY IF UPDATES ARE AVAILABLE.
11> FIXED FEW ERRORS
11> BELOW TUTORIAL UPDATED
OLD FEATURES []
-------------------------
SO WHAT IS RPOS? RPOS IS THE TOOLS OF MANY SCRIPTS. BASICALLY IF YOU ARE NEW IN HACKING OR PENETRATION TESTING THEN THIS TOOL CAN BE VERY HELP FULL TO YOU. BECAUSE THIS TOOL FOLLOW PROPER SEQUENCE OF PENETRATION TESTING METHODS. THIS IS POWERFUL SECURITY SHELL WHICH CAN BE PENETRATE ANY OF THE WEB APPLICATION. BUT IF YOU ARE EXPERIENCED HACKER OR PENETRATION TESTER THEN USING THIS TOOL YOU CAN MAKE YOUR PENETRATION PROCESS MORE FAST AND EASY. THIS TOOL IS COVERING ALMOST ALL THE HACKING AND PENETRATION TECHNIQUES
FUNCTION
PROXY
1> Getproxy
2> Testproxylist
3> Testproxy
4> Autoproxy
5> Jumping
6> Loadproxy
7> removing
8>Changing
FOOT PRINTING
9> ip getting
10> smtp address grabbing
11> tracing the rough
12> identifying technology of server (header information)
13> full server header info gathering
14> crawling emails from search engines (capability to track tricky emails too)
15> website crawling (fussing links of same directory)
16> login page finder (support for asp,aspx,php,cfm,jsp,html,htm with no of payloads)
17> sub domain enumeration
18>host name qualification from ip range
19> web server service analysis
20> website structure fingerprinting
21> who is look up
22> reversing
23> enumerates server users
24> daemon foot printing
25> operating system foot printing
26> SSLcheck (by this task you can test ssl cipher)
27> DBcheck (by this task you can test database)
28> web server monitoring
ANALYSIS
29> getting port information +service info (using thread so very fast)
30> sql injection scan
30.1-> auto scanning url
30.2->auto creating exploitable url
30.3->auto cheacking version
30.4-> auto fuzing table
31> blind injection scan
32>lfi scan
33> rfi scan
34> rce scan
35> xss scan (support HTTPS also)
36> cgi scan (more vuln paths)
37> cms scan (support joomla, membo etc...)
38> custom scan
39> full scan
BRUTE FORCING
40> bruiting ftp (first will check for anonymous login)
41> bruiting smtp
42> bruiting imap
43> bruiting nntp
44> bruiting pop3
45> bruting RDP
46> Bruting rdp from ip range
ENCRYPTION
47> Hashid
48> Onlinehash
49> Autohash
50> Md5
51> Sha1
52> Sha256
53> Sha384
54> Sha512
55> Base64enc
56> Base64dec
SUPPORT
57> wordlist builder using custom combination
58> extracting ip addresses from files
59> extracting emails from files
60> crawling words from any of the web which is given by you
61> wget utility
SERVER TASK
62> getting port information +service info (using thread so very fast)
63> sql injection scan
63.1-> auto scanning url
63.2->auto creating exploitable url
63.3->auto cheacking version
63.4-> auto fuzing table
64> blind injection scan
65> lfi scan
66> rfi scan
67> rce scan
68> xss scan (support HTTPS also)
69> cgi scan (more vuln paths)
70> cms scan (support joomla, membo etc...)
71> custom scan
72> full scan
VERBOUS TASK
73> getting port information +service info (using thread so very fast)
74> sql injection scan
74.1-> auto scanning url
74.2->auto creating exploitable url
74.3->auto cheacking version
74.4-> auto fuzing table
75> blind injection scan
76>lfi scan
77> rfi scan
78> rce scan
79> xss scan (support HTTPS also)
80> cgi scan (more vuln paths)
81> cms scan (support joomla, membo etc...)
82> custom scan
83> full scan
FORENSIC
84> maleware analysis
85> trojan analysis (very stupid task)
86> exe to batch
87> Fileanalysis
88> Iptrace
PENTEST (WORKING ON FEW TASK)
89> Penmysql
90> Penpostgray
91> Penmssql
92> Penoracle
93> Penaccess
EXPLOIT (NOT TESTED ALL)
94> Expsearch
95> Milexpgrab
96> Pacexpgrab
97> Mad
98> Boa
99> Buletftp
100> Cesarftp
101> Efs
GOOGLE DORK (FEW TASK HAS PROBLEM WORKING ON IT)
102> Dorkscan
103> Subscan
104> Gvscan
105> Shellscan
106> Ranker
107> Usergrab
108> Dorkcreator
109> Cmsscan
ROOT (UNDER DEVELOPMENT)
110> Bandtest
111> Flooding
112> Honeypot
113> Chat
114> Games
115> Ids
116> Automachine
REQURENMENT
INTERNET CONNECTION : MORE THEN 256 K.B.P.S
ONLY TESTED ON WINDOWS X.P CANT SAY ABOUT OTHER OS BUT IT SHOULD BE RUN I THINK
TUTORIAL:
FOR HELP TYPE -H
FOR ENTERING ANY DIRECTORY ENTER "in <directory name>." FOR EXAMPLE "in proxy"
FOR EXECUTING ANY FILE ENTER exe <file name> FOR EXAMPLE "exe getproxy"
FOR CREDITS TYPE -C
more function
all penetration out put will be log into a file name pentest.txt you can
change this file how? see in help by typing "-h"
FOR VIEW DIRECTORY ENTER "show"
FEATURES
1> fake user agent
2> proxy support
3> verbose mode option
SIZE 8.04 MB
FILE TYPE : RAR (WINDOWS COMFORTABLE BINARY)
and after downloading enter this command "i am the root" don't worry you need do enter this command only one it will activate all the hidden features LIKE ROOT, SERVERTASK, VERBOUSTASK ETC...
NOTE :- THIS TOOL CONTAIN TSGRIENDER WHICH WAS DETECTED AS A VIRUS BY MY AV. OTHER ALL FILE ARE VIRUS RESISTANCE YOU MAY USE IT WITHOUT ANY OF THE FEAR.
SCREEN SHOTS
-
-
3:06
»
remote-exploit & backtrack
Hi
Would anyone care to explain to me how web filter Work and i go about it to bypass them... Anyone have a Video link or a tutorial...
But i don't only want a quick fix... I would like to understand it and grasp the concept... Don't wanna be another Script kiddy on the play ground.
Thank you:D
-
-
14:19
»
Hack a Day
Reader [Eric] sent us a powerfully informative, yet super simple hack for the MindFlex toy. Don’t worry, it’s not another worthless shock ‘game’, And it’s using an actual interface instead of the built-in LEDs.
With two wires for the serial protocol, and an Arduino, you’ll be able to view “signal strength, attention, meditation, delta, theta, low [...]
-
-
6:42
»
remote-exploit & backtrack
Salve a tutta la comunità,da un pò di tempo a questa parte,il toolkit social engineering mi da qualke errore e di conseguenza il mancato corretto funzionamento ! cerco di creare un clone di un sito web,iniettando un applet java,quindi scelgo di caricare il payload,poi scelgo il metodo per bypassare le difese di un computer(shingata ganai),ed infine scelgo la porta da mettere in ascolto,subito dopo digitando la porta e dando conferma mi compaiono queste scritte :
/pentest/exploits/framework3/lib/rex/parser/ini.rb:144:in `readlines': Input/output error - /root/.msf3/modcache (Errno::EIO)
from /pentest/exploits/framework3/lib/rex/parser/ini.rb:144:in `read_groups'
from /pentest/exploits/framework3/lib/rex/parser/ini.rb:90:in `from_file'
from /pentest/exploits/framework3/lib/msf/core/module_manager.rb:435:in `set_module_cache_file'
from /pentest/exploits/framework3/lib/msf/base/simple/framework.rb:102:in `simplify'
from /pentest/exploits/framework3/lib/msf/base/simple/framework.rb:70:in `create'
from /pentest/exploits/framework3/msfpayload:36
ciò ke prima non comparivano,vabbè poi vado avanti:
[-] Encoding the payload 4 times to get around pesky Anti-Virus. [-]
/pentest/exploits/framework3/lib/rex/parser/ini.rb:144:in `readlines': Input/output error - /root/.msf3/modcache (Errno::EIO)
from /pentest/exploits/framework3/lib/rex/parser/ini.rb:144:in `read_groups'
from /pentest/exploits/framework3/lib/rex/parser/ini.rb:90:in `from_file'
from /pentest/exploits/framework3/lib/msf/core/module_manager.rb:435:in `set_module_cache_file'
from /pentest/exploits/framework3/lib/msf/base/simple/framework.rb:102:in `simplify'
from /pentest/exploits/framework3/lib/msf/base/simple/framework.rb:70:in `create'
from /pentest/exploits/framework3/msfencode:157
************************************************** ******
Do you want to create a Linux/OSX reverse_tcp payload
in the Java Applet attack as well?
************************************************** ******
Enter choice yes or no: no
e POI questo :
************************************************** *
Web Server Launched. Welcome to the SET Web Attack.
************************************************** *
[--] Tested on IE6, IE7, IE8 and FireFox [--]
[*] Launching MSF Listener...[*] This may take a few to load MSF...[*] Don't tase me bro!
/pentest/exploits/framework3/lib/rex/parser/ini.rb:144:in `readlines': Input/output error - /root/.msf3/modcache (Errno::EIO)
from /pentest/exploits/framework3/lib/rex/parser/ini.rb:144:in `read_groups'
from /pentest/exploits/framework3/lib/rex/parser/ini.rb:90:in `from_file'
from /pentest/exploits/framework3/lib/msf/core/module_manager.rb:435:in `set_module_cache_file'
from /pentest/exploits/framework3/lib/msf/base/simple/framework.rb:102:in `simplify'
from /pentest/exploits/framework3/lib/msf/base/simple/framework.rb:70:in `create'
from /pentest/exploits/framework3/lib/msf/ui/console/driver.rb:96:in `initialize'
from /pentest/exploits/framework3/msfconsole:92:in `new'
from /pentest/exploits/framework3/msfconsole:92
in conclusione,il webserver non parte e ritorna automaticamente al menù,ho provato ad aggiornare il toolkit ma niente da fare ! qualcuno ha qualke suggerimento?
-
-
11:00
»
Hack a Day
[Dmritard96] built this automated watering system to keep his garden growing while he’s out-of-town. It uses rain barrels, which capture and store rainwater, as a source. These barrels provide very low water pressure so he’s added a battery-powered pump along with a solar array for recharging. Don’t worry, if the rain barrels run dry there’s [...]
-
-
14:29
»
Hack a Day
We can only imagine how amazing this coffee burning car smells at it speeds down the highway at a maximum of 60mph. Don’t jump out of your seat so quick to get your own, while the idea sounds fantastic, the mileage will bring you back to earth rather quick. At 3 miles per kilo of [...]
-
-
15:37
»
Hack a Day
[Daniel] wrote up a quick tutorial on interfacing with the MQ-3, or better known Breathalyzer from SparkFun with Arduino. While we would have used perhaps an op-amp/comparator based system and kept it in a much smaller package, the idea was so quick and simple and enjoyable we hoped an article might keep some hackers from [...]
-
-
8:12
»
Wirevolution
Google announced that it is going to wire a select few communities with gigabit broadband connections. This could be huge.
Something is wrong with broadband access in the US. It was ranked 15th in the world in 2008 on a composite score of household penetration, speed and price.
Google is setting out to demonstrate a better way, though other countries already offer such demonstrations. The current international benchmark for price and speed is Stockholm at $11 per month for 100 mbps. There are similar efforts in the US, for example Utopia in Utah. One of the key features of these implementations of fiber as a utility is that the supplier of the fiber does not supply content, since this would impose a structural conflict of interest.
Google does supply content, so it will be interesting to see how it deals with this conflict. I doubt there will be any problems in the short term, but in the long term it will be very hard to resist the impulse to use all the competitive tools available; “Don’t be evil” isn’t a useful guideline to a long, gentle slope.
OK, it’s easy to be cynical, but at least Google is trying to do something to improve the broadband environment in the US, and it may be a long time before the short term allure of preferred treatment for its own content outweighs the strategic benefit of improved national broadband infrastructure. And this initiative will undoubtedly help to accelerate the deployment of fiber to the home, if only by goading the incumbents.
I touched on the issue of municipal dark fiber a while back.
-
-
7:53
»
remote-exploit & backtrack
First of all I would like to excuse myself if I'm double posting but I realized I was posting in a 3 year old thread so it probably hasn't as many views as it will have here.
In a nut shell the title of this post says it all.
I used to be able to use the -3 attack in aircrack in BT3, no other method used to work, for example Korek complained about Centrino chipset
Steps that I tried:
Code:
aireplay-ng -9 wlan0
Reports injection capable (same for mon0 interface)
Wifi card is "Intel 3495 ABG" or similar name
I even tried to install old ipwraw drivers from BT3 but when I to load them with
Code:
modprobe ipwraw
It returns that ipwraw.ko is invalid format or something like that.
I reported this in the aircrack forum but they thought it would be better to post where....:eek::eek::D:D... my thoughts exactly... lol
I've stumbled in every wall, and every wall that I climb another one appears...
Can anyone help? Don't tell me I'm the only one that came across this dificulty...
Thanks everyone.
-
-
12:01
»
remote-exploit & backtrack
OK so I was heading away on holidays and I wanted to keep my luggage to a minimum. I didn't want to bring my laptop with me, but I still wanted to have full access to all my files, my programs, my entire operating system.
So I figured hey, I can take the hard disk out of my laptop, stick it in a USB enclosure, and then just bring the hard disk around with me. The idea was I could take my hard disk and connect it into any computer and then just boot off it.
Before I went away, my Grub entry for booting Linux was as follows:
Code:
title Main Linux OS
root (hd0,2)
kernel /boot/vmlinuz-2.6.31-17-generic root=/dev/sda3 ro quiet splash
initrd /boot/initrd.img-2.6.31-17-generic
quiet
So I went away on holidays and I hooked my hard disk up to a computer via USB and then booted off it. The Grub menu appeared, and I simply hit Enter to boot into Linux. It booted up fine and everything worked.
But with some computers, there was complications.
If you look at my Grub entry above, you'll see that it makes two references to the partition on which Linux resides:
Reference 1: (hd0,2)
Reference 2: /dev/sda3
The first reference never seems to cause any problems, reason being that "hd0" will always refer to the hard disk which Grub has just booted off (or at least that's how it seems).
The second reference however can cause problems. On some of the computers I used, the Grub menu appeared, I hit Enter, and then Linux failed to load. The problem was that my own hard disk was being given the designation of
sdb instead of
sda. I had a workaround for this. When the Grub menu appeared, I would press E to edit the entry, and I would change the following line:
Code:
kernel /boot/vmlinuz-2.6.31-17-generic root=/dev/sda3 ro quiet splash
to:
Code:
kernel /boot/vmlinuz-2.6.31-17-generic root=/dev/sdb3 ro quiet splash
After I made that change, I pressed B to boot up Linux, and it booted up fine. (I didn't need to change
root (hd0,2) to
root (hd1,2)).
Here's what my
fstab file looked like:
Code:
proc /proc proc defaults 0 0
/dev/sda3 / ext3 relatime,errors=remount-ro 0 1
As you can see, my Linux partition was referred to as "/dev/sda3" in my fstab file. Even on the computers where my hard disk was designated as
sdb at boot-time, this fstab entry didn't cause any problems (you'd think I would have had to change it to
sdb!). Even though my own Linux partition was designated as
sdb3 at boot-time, it appears as though it was known as
sda3 by the time it came to mounting the root filesystem. (Don't ask me, I haven't got a clue either).
I wanted to find the best way of making my Linux installation fully portable so that I could bring my hard disk around and boot it on different computers.
...and that's when I discovered UUID's :cool:
UUID's solve the problem of hard disks being given different designations on different systems (e.g. sda VS sdb VS sdc). Every Linux partition (e.g. ext2 ext3 ext4) has its own unique UUID. You can use this UUID to refer to the partition instead of using "/dev/sda3". To make use of UUID's, I had to change two files on my hard disk: my Grub file and my fstab file. I changed them as follows.
Here's my Grub file:
Code:
title Main Linux OS
uuid 8c5055d5-75e5-5f57-9585-5a5525551524
kernel /boot/vmlinuz-2.6.31-17-generic root=UUID=8c5055d5-75e5-5f57-9585-5a5525551524 ro quiet splash
initrd /boot/initrd.img-2.6.31-17-generic
quiet
And here's my fstab:
Code:
proc /proc proc defaults 0 0
UUID=8c5055d5-75e5-5f57-9585-5a5525551524 / ext3 relatime,errors=remount-ro 0 1
After I made those changes, it booted every time on every computer. Notice, in these two files, that there's no reference to the hard disk number or even the partition number. You can move this Linux partition around however you like, you can change the partition order on your current hard disk, or you can move the Linux partition to a different hard disk. Your Linux installation should still boot right away without a problem because it's working off the UUID of the partition.
Anyway I thought this was pretty cool when I got it working right, and I just had to share it... this is the kind of stuff that makes me really love Linux :rolleyes:
If you wanna find out the UUID's of your partitions, do the following:
Code:
sudo blkid | sort
Also, another little cool thing I found is the "/dev/disk" folder. Navigate into that folder and take a look around!
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Darknet
The Exploitant
