2009
11.30

New home soon…

My blog will have a new permanent home soon. A friend and I have setup a small website, and I’ll be moving this blog there. Going to be fun, I’ll be able to post screen-shots and better serve the public with my small IT tutorials and everyday sysadmin rants…

At the moment the site is not 100% complete. It does have many links to tools, videos, articles and RSS feeds we find interesting. We also have 2 vulnerable VM images one can practice scans and penetration methods. We hope people will enjoy it.

The site’s purpose is gather as much information relating to IT security and place it in one neat little package. We are fully aware of the fact that many sites like this exists, but one more won’t hurt. If it can help one or two people find an interesting fact on security I’ll be happy. The website will be re-written in French so as to better serve the people in my region… and perhaps even a pod-cast (French). We don’t pretend to be the best in this field, but we are 2 guys willing to learn and share.

So to everyone who actually reads my blog (yes all 2 of you), thanks hope you visit the site.
Kioptrix

2009
11.28

Twas the Night before Christmas…

[Hope you enjoy this one, wasn’t easy]
Original poem

Twas the night before Christmas, when all through the house
Not a creature was stirring, not even a mouse.
The vulnerabilities were left on the system with care,
In hopes no metasploit script would soon be there.

The admins were nestled all snug in their bed,
While visions of security patches danced in their heads.
With project manager in her ‘kerchief’, and I in my cap,
Had just settled our brains to play with ettercap.

When out on the network, there arose such a clatter,
I sprang from my desk to see what was the matter.
Away to the console I flew like a flash,
Tore open the screen and threw up bash.

The logs on the breast of the new-fallen server
Gave a luster of panic on the new hired manager.
When, what to my wondering eyes should behold,
But a miniature script and eight services controlled.

With a little old script, so lively and quick,
I knew in a moment it was an ol’ HDM trick.
More slick than snakes his courses they came,
And he exploited, and rooted, and called them by name!

“Down CUPS! Down Apache, now Samba and Dixie!
On, Muts! On, Bolexx! on, on Dookie and HD!
To the top of the tree! To the edge of the firewall!
Now compile away! Compile away! Using dash wall.”

As fast typists that before the wild hurricane fly,
When they meet with an obstacle, they do not cry.
So up to the firewall the courses they flew,
With a bag full of root-kits, and with Mitnick too…

And then, in a twinkling, I stared at the rack.
The prancing and pwning of each little hack.
As I ran through the office, cursing around,
Down came the server, which was PCI sound.

As it fell to the ground, from RAM to wire,
And its casing had tarnished this I did not desire.
A bundle of overflows thrown on the stack,
The server looked like a peddler, with a hump on its back.

With hard drives dwindling! Its lights not so merry!
Its IO count rising, Its CPU red like a cherry!
Its droll little services all dropping in a row,
The last remnants of the server, stalked by a crow.

With power cable held tight in my crasp,
And the smoke it encircled, it looked like an asp.
It had blown condensers I found on the floor,
That I took and laughed, as I threw out the door.

It was busted and broken, a right jolly old elf,
And I laughed when I trashed it, in spite of myself!
With a wink of my eye, and a twist of my head,
The new manager knew she had something to dread

She spoke not a word, but went straight to her desk.
And looked at the firewall purchase, and then was perplexed.
And laying her face inside her cupped hands,
Unable to move, unable to stand!

As I sprang from the server room, gave the team a whistle,
Away we all went, all flew like down of a thistle.
As we exclaimed while we left, ‘ere we drove out of sight,
“Merry Christmas to all, and to all a good-night!”

2009
11.27

BackTrack Christmas song

On the first day of Christmas my true love gave to me
(And) A copy of the backtrack CD

On the second day of Christmas my true love gave to me
Two short jumps

On the third day of Christmas my true love gave to me
Three local exploits

On the fourth day of Christmas my true love gave to me
Four WEP keys

On the fifth day of Christmas my true love gave to me
FIVE METASPLOIT MODULES….

On the sixth day of Christmas my true love gave to me
Six rainbow-tables

On the seventh day of Christmas my true love gave to me
Seven Window OpCodes

On the eighth day of Christmas my true love gave to me
Eight joomla exploits

On the ninth day of Christmas my true love gave to me
Nine Vista Patches

On the tenth day of Christmas my true love gave to me
Ten zero-days

On the eleventh day of Christmas my true love gave to me
Eleven ruby scripts

On the twelth day of Christmas my true love gave to me
Twelve sa passwords

2009
11.21

Can lack of training cause problems?

A few days ago at work, something extraordinarily stupid happened… The idea of purchasing bigger (more complicated), more powerful servers was suggested to get more performance out of our VMware infrastructure. Logic would agree with that; if you have a bigger hammer you can break bigger stones. Unfortunately in our current situation, we don’t need bigger hammers. We need to better use the hammers we already have.

Training, it seems, is something small/medium business seem to overlook. They tend to think they need to spend whatever little money they have in equipment. Well in some circumstances it can be very useful, but in others simple training and understanding of the current technology can also squeeze out performance out of systems.

Let’s take for example the growing popularity of visualization (I’m not talking about the little VMs home users run with VMplayer or that free VMware server). Let’s face it, it’s not easy to configure correctly. Key word is “correctly”, if by any chance a manager is reading this… Once installed and correctly tweaked, that HP G5 or G6 can really give your money’s worth. Coupled with a good storage system (again properly configured), a few of these machines will give out some good results, and host many virtual systems. Of course the package as a whole needs to be installed and configured correctly. And one way of insuring you get what you deserve out of your setup, is training. If you can’t reap the complete benefits out of your current setup, changing everything won’t change a thing.

So how can lack of training be a problem? Well lack of training leads to misconfiguration. Ill configured systems tend to not to run as well as they should. And let’s face it, there’s bound to be some security issues in something that is not properly configured.

VMware training is a few thousand bucks, and that knowledge stays forever…
New servers and that nice looking EMC will run you up in the tens of thousands…
Simple math really…

This rant has gone on for long enough.

2009
11.16

The new milw0rm… better then before?

Well, the new (or replacement) milw0rm has gone online. As you may, or may not know, the crew of Offensive-Security have taken over. Str0ke was very close to closing the site down. After the initial announcement, Offsec stepped in and offered to relieve him of some of the administrative duties (updates mostly).

So, is the new site better? I mean, how can you improve on such a simple concept. Have an exploit, have a link to said exploit. Well they’ve found a way to not only make it better, but they succeeded in making the site an educational tool.

With Offensive-Security certifications slowly growing in popularity, it makes perfect sense for a security company such as Offsec to maintain the most popular exploit repository on the web today. It’s a great combination; they train you in identifying and using exploits (for defensive purposes) all at the same time guaranteeing the exploit used during the training are available.
Good idea…

But how is the site better. Let’s start off by how everything is organized. It’s separated in few sections. Remote Exploit, local exploit, web application and denial of service. The old milw0rm had a similar organizational schema, and they even had (or have I suppose… it’s still up) a shell code section. Which for me was not very user friendly. What it didn’t have was a web application section, which in my opinion is a good add-on by the Offsec crew. Even if they removed a few of the sections originality found on milw0rm, the new site is very easy to navigate.

The search option is also better all around. Searching by description, author, type (remote/local/DoS/etc), platform and port number. It’s pretty quick too and gives out very good search results. The submit information is revamped and easy to follow to anyone who wishes to submit anything.

This last part is what makes this site stand-out from the rest. They are actually hosting the applications associated with the exploits. Not all of them mind you, but they do have many downloads available. So in time, I’m sure we’ll see lots more vulnerable applications with their respective exploits ready to be transferred in our lab environment.

So in the end, Offensive-Security have legitimized the existence of such a site. With this new avenue, an exploit repository site doesn’t have cater to “blackhats” looking to annoy people or deface websites. They are maintaining and making available a valuable knowledge base for the security professional in training.

Congrats to all that worked on the new site. It’s fresh, good looking and I’m sure it’s going to be around for a long long time…

Check them out:
Offensive-Security
New milw0rm

//* Correction; as I’ve been recently informed milw0rm did have a webapp section. Guess I didn’t noticed it at the time. My mistake.