Jay Kelath and I will be presenting at ClubHack 2008. Our topic is “Snake in the Eagle’s Shadow: Blind SQL Injection” and it is about using Blind SQL Injection on Oracle, MSSQL (and possibly MySQL) to get content of remote databases and also using out of band mechanisms on Oracle database and blind sql injection to pilfer database information.
I’ve also written up a tool that I’ll be presenting with Jay to show how to exploit blind SQL injection to remotely download files. The technique I’m presenting is different from the time delay techniques as have been presented in the past using the waitfor delay statements. Traditionally, using the waitfor delay statement one can download database contents as was shown using tools such as Absinthe, SQLBrute, Blind SQL Brute Forcer. I just try to automate the “virtual” file downloading using BULK insert on MSSQL Server and download files. To do this you do not need any firewall allowances. The technique I use is if you can “infer” every byte of a file then you don’t need to download the file using a TCP connection, you can re-create the file yourself (you already know every byte of the file). The only limitation being that the data rates are pretty slow using this technique. However, since you do not rely on time delays it’s still faster than time delay techniques.

Yesterday the whole day was spent in trying to go through the Nutch source code. Chris and Ashish helped me out alongwith this link
Dissecting the Nutch Crawler. This showed me that :
The file Fetcher.java has a reference to the “content” variable (which is of type Content). I found that initially only the URLs are stored during the crawl, then a request is sent. Then based on the MIME type of the content returned, the ParserFactory class creates a parser (html parser, pdf parser etc.). The code for these parsers can be found at nutch-0.6/src/plugin/. These plugins do the parsing and get the content as a “Parse” object. Using the Parse.getText() method (which we also felt was interesting) we can get the text content of any page!!!!!

I had to wipe my existing OS and had to reinstall Nessus on the new BT5R3 image. However, I still wanted all my previous scan data and users to be unaffected in the new OS. So how did I do that? Here’s how:

Take a backup and restore the following folders on the new install:

1. Users Folder (/opt/nessus/var/nessus/users)
2. Master.key (/opt/nessus/var/nessus/master.key)
3. Policies.db (/opt/nessus/var/nessus/policies.db)

If you do get an error after this follow these steps to get rid of errors and just reactivate the nessus feed as follows:

1. service nessusd stop
2. /opt/nessus/sbin/nessus-fix –reset
3. /opt/nessus/bin/nessus-fetch –register [activation code]
4. /opt/nessus/sbin/nessusd -R
5. service nessusd start

I have used Michal Zalewski’s Ratproxy on Google code. I like it a lot. But I also like to have it on Windows. But it seems that the makefile that comes with ratproxy is not really compatible with cygwin.
If you have the gcc, make, openssl, openssl-dev packages installed on cygwin, all you need to do is remove the -Wno-pointer flag from the CFLAGS entry from the Makefile.
So my Makefile’s CFLAGS line looks like:

CFLAGS  = -Wall -O3 -D_GNU_SOURCE

I also replaced $(CC) with gcc just because I felt like it. 🙂
Compile it with make command.
Do not forget to dos2unix the ratproxy-report.sh otherwise you will get some errors with ‘\r’ and some other random stuff when you run the report generator shell scripts.
Run ratproxy as :
c:\tools\ratproxy>ratproxy.exe -p 8000 -v c:\testdir -w ratlog -d example.com -extifscfjmXCk
Once you have the log to generate a nice looking pretty report:
bash$ ./ratproxy-report.sh ratlog >reportname.html

Update 06/20/2012:
If you get the error shown below:
ratproxy.c: In function `listen_loop':
ratproxy.c:1635:5: error: incompatible type for argument 2 of `waitpid'
/usr/include/sys/wait.h:43:7: note: expected `__wait_status_ptr_t' but argument
is of type `unsigned int *'
Makefile:30: recipe for target `ratproxy' failed
make: *** [ratproxy] Error 1

Do the following:
1. Go to line # 1635 and change the line to while (waitpid(-1,(int*)&x,WNOHANG) > 0);
2. Goto the command line and type

make

You should be able to compile ratproxy.

Using watermarks in word documents looks really cool. But the problem occurs when the documents become too big. In such cases, the document becomes exceedingly slow to react to scrolling. Adobe PDF conversion is an even bigger problem.
To remove the watermark it is simple enough : Format -> Background -> Printed Watermark. Then click on “No watermark” and you are golden (or you should be golden).
I’ve observed that the watermark does not get removed many times when you have too many sections in the document.
In such cases: Goto View -> Header and Footer. Click on “Show/Hide Document Text”.
You should see that all your text has disappeared except the watermark. Click on the watermark and you should be able to select it like a floating image. Press the “delete” key and lo! behold! the watermark is gone.
This took me a while to figure out and it was quite frustrating. I hope this post helps someone!

If you use Windows 8 x64 and when you launch the Cisco VPN Client adapter and you see the following error:
Reason 442: Failed To Enable Virtual Adapter Here’s how to fix it.
Open your command prompt in Administrator mode by right clicking at the left lower corner of the screen and going to “Command Prompt (Administrator)”. You will have to log in as an administrator. Launch registry editor by typing “regedit.exe”. Browse to “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CVirtA“. In the DisplayName key, you will see something like @oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter. Edit that to just say Cisco Systems VPN Adapter. Try to connect again by launching the VPN Client. It should work!

I recently got a Sansa e260 4 GB MP3 player just for kicks to check it out. Seems like the hardware runs a stripped down Windows install having FAT32 file system on it. What was interesting was, that somehow my files got corrupted and had to format the drive (My Computer -> eSansa(G:) -> Right click to “Format..”). All the folders disappeared and when I restarted they reappeared. What seemed to crash it was the presence of a few folders that I created not realizing that Sansa did not support folders as the HelpDesk person told me. Makes me wonder what kind of unstable condition would a folder creation have caused. I think I’ll need to further research this error.