Step #1: install RubyGems:
apt-get install rubygems

Step #2: update RubyGems:
gem install rubygems-update --version=1.3.4

Step #3: get Rails 2.3.5:
gem install rails --no-rdoc --no-ri

Popularity: unranked [?]

However, every now and then, we stumble upon more complex scenarios, for instance, an application whose code has been obfuscated causing decompilation errors. In that case it will no longer be enough to decompile, modify the code and compile again, we would need some other technique. Patching the .class file at the bytecode level sounds like a reasonable approach.

Popularity: unranked [?]

It turned out that an osvdb project already existed in RubyForge so we have submitted our code there.

There are no releases so far but the code in the repository is working. In order to get it:

svn checkout http://osvdb.rubyforge.org/svn/trunk osvdb

As well as implementations for the ‘Find by Microsoft Security Bulletin ID’ and ‘OSVDB ID Lookup’ queries, the repository contains test cases and a Rakefile to generate RDoc documentation for the library.

Stay tuned for updates.

Popularity: unranked [?]

The org.jboss.resource.security.SecureIdentityLoginModule from jboss-jca.jar can be used to encrypt database passwords rather than using clear text passwords in the DataSource configuration. [...]

Which in principle, is a great thing. The problem being that usually database credentials end up being placed in the web application configuration file in clear text. However:

[...] It uses a hard-coded password to encrypt/decrypt the DataSource password.

Bottom line, anyone using the SecureIdentityLoginModule to encrypt their password in the configuration file is doing it with a Blowfish algorithm and well known key. So if during an engagement you find a configuration snippet similar to the one below:

<policy>
[...]
  <!-- Example usage of the SecureIdentityLoginModule -->
  <application-policy name="EncryptDBPassword">
    <authentication>
      <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
      <module-option name="username">sa</module-option>
      <module-option name="password">5dfc52b51bd35553df8592078de921bc</module-option>
      <module-option name="managedConnectionFactoryName">[...]</module-option>
    </login-module>
  </authentication>
</application-policy>
[...]
</policy>

You should be able to reverse the encryption and get the credentials in clear text. JBoss.java can help you with this, it is now available in usefulfor’s repository at GitHub.

Popularity: unranked [?]

The truth is that you would need 2 or 3 duplicates to get to do all the stuff that you want to do. There are just too many talks, contests and random stuff going on that it is not possible to cover it all. Anyway, below is a breakdown of the talks I managed to get in.

Popularity: unranked [?]

Generate the certificate using OpenSSL:-

$ openssl genrsa 1024 > foo.key
$ openssl req -new -x509 -nodes -sha1 -days 7300 -key foo.key > foo.crt
$ openssl pkcs12 -export -out foo.p12 -in foo.crt -inkey foo.key -name "your name"

You will need the .p12 file (contains key and certificate) to configure Burp. And the .crt file to add it to the Java keystore used by the client. Checkout Burp’s help page for instructions on how to get the first done.

Create a Java keystore, import the certificate

Straightforward enough (just remember the password you entered):

keytool.exe -import -file foo.crt -keystore usefulfor.jks -alias burpcert

Run the application and point it to your keystore

java \
  -Djavax.net.ssl.trustStore=usefulfor.jks \
  -Djavax.net.ssl.trustStorePassword=password \
  -Djavax.net.debug=all  \
  com.usefulfor.Demo

Other interesting properties that you may need in order to further tweak the SSL configuration are javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword.

Popularity: unranked [?]

Tools are provided to create your own certificates and also to use the certificates you have created in SSL communications. The information in this article should be valuable in understanding the certificate format and useful if you need to work with certificate parsing, SSL implementations or fuzzing of the related technologies.

Popularity: unranked [?]

Update (2009-04-09): Checkout the new import/export plugin generators at dradis community forums.

Popularity: unranked [?]

Popularity: unranked [?]

In this post I’ll be looking at what an extension is, how it fits into the dradis framework and how to write your own extensions.

You are welcome to jump ahead to the How do I write my own extension? if that is the only part that you are interested in.

Popularity: unranked [?]

It is not the final solution, and it is not integrated with the web interface, but hopefully it will give you an idea of how easy is to get your own exporting modules for dradis.

Popularity: unranked [?]

• Make one of the components compulsory to install.
• We will look at a way to write our script in such a way that it can be reused for future releases of MyApplication.
• A few extra tips and tricks.

Popularity: unranked [?]

• Ruby (the target machine that our application is installed on requires Ruby)
• MyGem (our application is dependent on this fictitious gem)
• MyApplication (this is our application to be installed)

In this part we will look at how we will let the installer take care of the Ruby and MyGem components.

Popularity: unranked [?]

The old site consisted of 20 static pages or so, which was nice and easy but a real pain to maintain or restructure. So we thought that letting Rails do the heavy lifting for us would be a good idea, but we did not want to set up a Rail environment in the server…

What we finally did is use Rails as a tool to create a static site that we could .tar.gz and upload to the server. As a starting point we used a post in www.chuckvose.com and this is how we completed it to fit our needs.

Follow up (2009-03-23): do not miss how to integrate your rails-static site with Rake and Subversion in the second article of this series: Use Rails to Create a Static Site: Rake and Subversion.

Popularity: unranked [?]

I am using HM NIS editor and IDE for NSIS to make the task a little easier. To get out of the blocks a little quicker I used the HM NIS wizard to create a simple framework from where I will progress.

Popularity: unranked [?]

We have been working as hard as one can work: over 487 commits since then (check the stats), we went to DEFCON 16 where a pre-release of the new dradis v2.0 was showcased… But finally we are here, there is a new release ready for you to try and get addicted to!

Lots of new features: new web interface (+10 neatness, +20 usability), new internal architecture (+30 flexibility), new built-in modules (+10 usefulness)…

Popularity: unranked [?]

Popularity: unranked [?]

I was invited to present my ‘Behind Enemy lines’ research, which mainly focused on different attack techniques that are currently affecting a large number of administrative web interfaces.

The slides of this presentation can be found here: [1]

More information about this research can be found in the following white paper: [3] [4]

Popularity: unranked [?]

What are you waiting for? Follow us on twitter.com/usefulfor (also available through RSS).

If you stumble upon any interesting article, tutorial or piece of news that you think can be of interest to the community, do not hesitate in sending it to us to contribute[ {at} ]usefulfor{ [dot] }com.

Popularity: unranked [?]

The information is split into three files:

• rules file: Contains the rules, each one takes about 72 lines (rules have many properties, each property is written in a separate line). Rules match source hosts with destination hosts and services, no surprise there, but the value of any of this three key fields can be an alias.
• hosts file: in this file the aliases for host groups are defined.
• services file: service groups are defined here.

So the challenge here is: how do we merge this three files into something meaningful?

I know that purists can do this with a bash one-liner that uses grep, awk and sed, but ruby is my weapon of choice, so I created the lucent_metaparser.rb script. It basically takes the three files and applies some regular expressions to extract the information and store it into data structures and then outputs the rules in format that is easy to go through. Here is an example:-

1047: (CH43) 10.0.1.12 ---(both)--- RF400 [permit https - change 43] - enabled | pass
CH43: tcp/443/* ()
10.0.1.12
RF400: 192.168.1.140-192.168.1.145;192.252.1.155;192.252.1.120;
1048: (tcp/80) RF132 ---(both)--- PK012 [web traffic to the dmz - change 74] - enabled | pass
tcp/80
RF132: 172.0.1.38-172.0.1.226 (external reverse proxies)
PK012: 10.15.2.1;10.15.2.2; (internal servers)

I know that it is not perfect and there is room for improvement, but the idea is that the script can be used as a starting point for the review process, and hopefully this will save us some time in the future

Popularity: unranked [?]