Security
by AstralSin on 03-15-2008 in Security
Cult of the Dead Cow (cDc) released a program and website called Goolag a few weeks ago, it provides an easy front end to running well known Google Dorks (Google hack strings) against your website to see if you have any of the common vulnerabilities indexed by Google. You can also find out quite a bit about your company's organization if you know what you're doing. It includes scans for server errors, well known files that contain password information, webcams, server errors, well known vulnerable files, and alot more. Unfortunately, the only binary available right now is for Windows but us Linux users can always just fire up a virtual machine and get it to work (it might work in Wine too, with a little tweaking). Its an interesting experiment in using Google to gather information about a target (of a LEGAL penetration test or vulnerability scan).
Check it out
by AstralSin on 03-12-2008 in Security
The great thing about the internet is that you can access all kinds of information at the touch of your fingertips. Some of that information is being broadcast LIVE 24/7 over unsecured webcams. Given, some of them are meant to be open and available to anyone, but then again, some aren't. The great thing is, its legal to look at any of them that don't require you to login! Here's a great list of Google hacks on finding open webcams.
Hacking Internet Web Cameras @ GeniusHackers
by AstralSin on 03-12-2008 in Security
There are a few online MD5sum crackers/search engines. They do the job for alot of md5sums but if you've got a complex password that you wanna crack, you're still better off bruteforcing it. But its still fun to throw a few hashes at it and see what it actually can get. Here are a couple:
by AstralSin on 03-12-2008 in Security
I've written this handy little bash script for simple network enumeration. It pings all the hosts on the specified private network range, then portscans (nmap) and gets Netbios information from them and writes it to a file.
The script requires nmap and nmbstatus be present on the system on which you're using the script. Further documentation can be found in the script's comments.
Get
NetBore!
