These are the firefox URLs for different settings. Just paste them into the browser and bang, there you go:

chrome://pippki/content/getpassword.xul
chrome://pippki/content/PrefOverlay.xul
chrome://pippki/content/pref-ssl.xul
chrome://pippki/content/pref-certs.xul
chrome://pippki/content/pref-ciphers.xul
chrome://pippki/content/cipherinfo.xul
chrome://pippki/content/ssl2ciphers.xul
chrome://pippki/content/ssl3tlsciphers.xul
chrome://pippki/content/ssl3tlsciphers2.xul
chrome://pippki/content/PageInfoOverlay.xul
chrome://pippki/content/cacertexists.xul
chrome://pippki/content/CAOverlay.xul
chrome://pippki/content/WebSitesOverlay.xul
chrome://pippki/content/OthersOverlay.xul
chrome://pippki/content/MineOverlay.xul
chrome://pippki/content/viewCertDetails.xul
chrome://pippki/content/certpicker.xul
chrome://pippki/content/certDump.xul
chrome://pippki/content/load_device.xul
chrome://pippki/content/pref-validation.xul
chrome://pippki/content/pref-masterpass.xul
chrome://pippki/content/createCertInfo.xul
chrome://pippki/content/formsigning.xul
chrome://pippki/content/changepassword.xul
chrome://pippki/content/resetpassword.xul
chrome://pippki/content/newserver.xul
chrome://pippki/content/downloadcert.xul
chrome://pippki/content/certManager.xul
chrome://pippki/content/editcacert.xul
chrome://pippki/content/editemailcert.xul
chrome://pippki/content/editsslcert.xul
chrome://pippki/content/deletecert.xul
chrome://pippki/content/getp12password.xul
chrome://pippki/content/setp12password.xul
chrome://pippki/content/domainMismatch.xul
chrome://pippki/content/serverCertExpired.xul
chrome://pippki/content/clientauthask.xul
chrome://pippki/content/certViewer.xul
chrome://pippki/content/device_manager.xul
chrome://pippki/content/choosetoken.xul
chrome://pippki/content/escrowWarn.xul
chrome://pippki/content/crlManager.xul
chrome://pippki/content/serverCrlNextupdate.xul
chrome://pippki/content/crlImportDialog.xul
chrome://pippki/content/pref-crlupdate.xul
chrome://pippki/content/getpassword.xul
chrome://pippki/content/PrefOverlay.xul
chrome://pippki/content/pref-ssl.xul
chrome://pippki/content/pref-certs.xul
chrome://pippki/content/pref-ciphers.xul
chrome://pippki/content/cipherinfo.xul
chrome://pippki/content/ssl2ciphers.xul
chrome://pippki/content/ssl3tlsciphers.xul
chrome://pippki/content/ssl3tlsciphers2.xul
chrome://pippki/content/PageInfoOverlay.xul
chrome://pippki/content/cacertexists.xul
chrome://pippki/content/CAOverlay.xul
chrome://pippki/content/WebSitesOverlay.xul
chrome://pippki/content/OthersOverlay.xul
chrome://pippki/content/MineOverlay.xul
chrome://pippki/content/viewCertDetails.xul
chrome://pippki/content/certpicker.xul
chrome://pippki/content/certDump.xul
chrome://pippki/content/load_device.xul
chrome://pippki/content/pref-validation.xul
chrome://pippki/content/pref-masterpass.xul
chrome://pippki/content/createCertInfo.xul
chrome://pippki/content/formsigning.xul
chrome://pippki/content/changepassword.xul
chrome://pippki/content/resetpassword.xul
chrome://pippki/content/newserver.xul
chrome://pippki/content/downloadcert.xul
chrome://pippki/content/certManager.xul
chrome://pippki/content/editcacert.xul
chrome://pippki/content/editemailcert.xul
chrome://pippki/content/editsslcert.xul
chrome://pippki/content/deletecert.xul
chrome://pippki/content/getp12password.xul
chrome://pippki/content/setp12password.xul
chrome://pippki/content/domainMismatch.xul
chrome://pippki/content/serverCertExpired.xul
chrome://pippki/content/clientauthask.xul
chrome://pippki/content/certViewer.xul
chrome://pippki/content/device_manager.xul
chrome://pippki/content/choosetoken.xul
chrome://pippki/content/escrowWarn.xul
chrome://pippki/content/crlManager.xul
chrome://pippki/content/serverCrlNextupdate.xul
chrome://pippki/content/crlImportDialog.xul
chrome://pippki/content/pref-crlupdate.xul 

I was just browsing away when I stumbled upon Johnny Long’s GooScan. He says that this is a Linux only tool but it seems to compile (not without problems though) on cygwin.
I kept getting the following errors:

L:\tools\gooscan-v1.0.9>gcc gooscan.c
gooscan.c: In function `inet_send':
gooscan.c:575: error: `MSG_WAITALL' undeclared (first 
                       use in this function)
gooscan.c:575: error: (Each undeclared identifier is 
                       reported only once
gooscan.c:575: error: for each function it appears in.)

Then I read somewhere that MSG_WAITALL is not defined for Cygwin and that instead of that zero would work. There are many neater solutions to this…but I’m a hacker and I’ll do the stuff that’s easiest and hassle-free.
Some people say that the following will work:
#ifdef __CYGWIN__
#define MSG_WAITALL 0

So in order to compile this bad boy, you need to goto line 574 in your favorite editor.
It looks like this:
recv(sock, recvbuf, sizeof(recvbuf), MSG_WAITALL);

You need to make it look like this:
recv(sock, recvbuf, sizeof(recvbuf), 0);//MSG_WAITALL);

You are all set:
gcc gooscan.c -o gooscan.exe

Compilation works! But then I observed that the results were not coming well. However, if you run it through a local proxy such as burp it still works…I bet it has something to do with socket establishment and receiving and being incompatible with the MSG_WAITALL flag.
But as long as you can get the results … who cares? If someone figures out exactly how to make this work, please post it as a comment.

This is not a post but nostalgia. This post is actually a transcript of the first interview of my life. It was for a top Indian Software Consultancy Company (referred to as “XYZ” from now on). I remember that it was July 9th, 2001 and it was a really rainy day in Bombay. While coming to the college I was totally drenched and was looking rather distraught! I cleared the aptitude test and then came the Big One – The Interview!
I went to the interview thinking that i wanted to completely screw up the interview (coz I was interested in some other company) so i went there casually dressed with a demonic smile on my face >:-) . In hindsight, I think the way I appeared for this interview was really gutsy for me and I probably couldn’t have done that had I been craving to get a job in this company. Here is the transcript of the interview.

XYZ: So Mr Rajat … tell me about urself and ur family in *short*
Me : In the year 1980 i was born in allahabad and spent the initial yrs of mylife in blah blah blah ….and completed my schooling in Shree Ram Welfare Society’s High School, Andheri(W), Mumbai . therafter i went to Sathaye College….(blah blah blah) and i came to this college thinking that this college would be good.
XYZ: & how did u find this college?
Me : (thinkin for a while and then with a heavy heart ) ok !
XYZ: Rajat y did u chose our company (XYZ) instead of other companies.
Me : i did not choose XYZ i’ve just come for this interview ! In fact u guys have come to our college (for on-campus placements) i haven’t come for this interview.
XYZ: but would u like to join our co.?
Me: i’ve come for this interview ! what does this indicate to u?
XYZ: give me one reason why u want to join XYZ?
Me: i don’t want join XYZ… i’ll goto any other co. that comes next…as a matter of fact any other co. will take me!
XYZ: Mr Rajat in this form (these guys had given us a form to fill in whichwe were supposed to write the salary we desired which i forgot to fill… oops faux pas ? well not quite) which we have given to u , uhaven’t mentioned the salary u want…. what r ur expectations?
Me : I want more!
XYZ: MORE !%#$%$#$ y do u want more?
Me: because i know i’m worth it!
XYZ: u say so but it is for us to see whether u r worth it!
Me: put me to test and i’ll prove i’m worth it !
XYZ: but why do u want more ?
Me : everybody wants more so what is wrong if i want more!(the guy seems to be pissed off to my delight)
XYZ: but u must be having some expectations , don’t u?
Me : yes of course , i have . but u r not gonna live up to them. u had made it quite clear the salary u’ll be offering to us … so it doesn’t matter what my expectations are u r gonna give only what *you* want to give us , so there rests the matter.
XYZ: tell me about this person whom u know & works in XYZ.
Me : He is my cousin and he stays at andheri.
XYZ: so what have u heard from him about our co. ?
Me : NOTHING!
XYZ: but u might have heard something at least!!!!!
ME : we meet at social gatherings and the last thing we want to speak about is XYZ!!!
XYZ: ok tell me about ur project … this assembler
Me : blah blah blah
XYZ: ok … so in ur form u write u want “A GOOD NETWORKING PROJECT PREFERABLY BASED ON NETWORK SECURITY” . what do u know about networking?
Me : NOTHING!
XYZ: (a very surprised Mr. Sleepy said) NOTHING !?!? then how can u say u want a project in it?
Me: well , i’ve attended a few seminars @ IIT and it ensured me that that was the only field i’m interested in.
XYZ: then ur interest may change after studying the subject!
Me : No, it won’t change!!!!
XYZ: wat do u know bout networkin?
Me: latest happenings … blah blah blah
XYZ: suppose that we don’t have a project in network securities for you then what will u do?
Me: i have written that it is my ambition to work on a networking project…AMBITIONS ARE NOT ALWAYS FULFILLED.
XYZ: Rajat … there is a rule in ur college that if u get 1 co. u r noteligible for the rest.we offer u 16k .. so if tomorrow infosys comes and offers u 20k wat will u do?
Me : I WILL GO !!!!!
XYZ: u’ll go !?! that means you are after money ?
Me : who said that !? i never said that ! i want more money but more important than that is the work environment & the kind of projects i get. if i getbetter projects there i’ll go money is secondary but still important .
XYZ: (as if trying to juistify a lesser salary) u know rajat that on paper their (Infosys) salary may look large but 20% blah blah blah ….. 12.5 % blahblah blah …6% blah blah blah … (and lots more statistics which lasted foran eternity as far as my viewpoint goes)
XYZ: do u realise that XYZ has a 3yr. service agreement or u r chargedRs.50,000/- . what are your feelings about that?
Me : it is absolutely wrong.
XYZ: why?
Me: The word “bond” itself says that u r “bound” to the co. no matter what.
XYZ: that is why we don’t call it a “bond” we call it a “service agreement”.
Me: ok…that’s just another name for it. i personally think that instead of”binding” people to ur co. u should create such an environment that people like to stay in ur co. with their wishes and so the co. will benefit if peoplework with their wishes.
XYZ: do u havre any questions for us?
Me: yes , sir i do! in ur qns a few minutes back u mentioned infosys and in ur pre-placement talks u said u r no.1 software co. of india. how can u say thatwhen all that we see in the newspapers is infosys and with u comparing urself to infosys?
XYZ: infosys is 12% blah blah blah … 19% blah blah blah …(and lots morestatistics that made me feel as miserable as our indian cricket team witheverything out of control)does that answer ur qn?
Me: ya! sir may i ask another question ?
XYZ: ya sure! (with some uneasiness)
Me: sir, this yr. we have seen our seniors get whole lot of “back out” letters! what r ur feelings about that?
XYZ: OUR FEELINGS !!??!
Me: i mean r u people going to do the same with us?
XYZ: (i think this was it and he lost his complete cool and he pointed to me & said sternly) till this date our company has not given any “back-out” letters to anybody.
Me: Thank u .sir. it was a pleasure!

This was the first interview of my life and I ended up getting selected for this company. It was a great experience working there and I realized that money is not everything! At the end of it I think I was not rude but dangerously honest in giving my answers and this plan could have backfired on me but it didn’t … may be I was lucky or may be this was destiny!

I started downloading rainbow tables LM Hashes for all symbols. They were 120 GB big and were available for download via torrent. But I’d been stuck at 92.2% of the download forever thinking that there were no seeders. As it turns out, the problem was in the torrent file. The torrent for the 120 GB LM Hashes all symbols can be obtained from 120 GB LM Hashes [all english characters] Rainbow Tables.

I finally got a new home for my blog.  www.rajatswarup.com will be my new homepage.   In the coming days, I’ll continue blogging while also improving the look & feel of my website.  Any suggestions would be appreciated.

I’ll be attending the Shmoocon in Washington, DC from Feb 6th-8th. Hope to see all you h4X0rs out there!

I was looking at some Oracle databases recently and I saw that the Oracle Auditing Tool (OAT) is an awesome toolset but you just need to download the classes12.zip which are the Oracle JDBC drivers for Java into that same directory. I downloaded the classes12.zip from the Oracle site and placed it into the same folder as OAT. On linux, the .sh files will then need some editing. Just replace classes111.zip to classes12.zip and off you go.
Patrik Karlsson has done an awesome job of providing these tools. You can do the whole gamut of operations using this tool from first guessing the Oracle SID to checking for default passwords using opwg.sh.
sudo ./opwg.sh -s 192.168.1.101
The above command will give you the Oracle SID for the remote database.
Once you have the sid and the credentials you can run queries using oquery.sh
sudo ./oquery.sh -s 192.168.1.101 -u DBSNMP -p DBSMP -d db_sid_found -q "select 1 from dual"
The source of the OAT is also provided here: http://www.cqure.net/tools/oat-source-1.3.1.zip. I found an interesting decompiler for Java too (when I overlooked that the sources existed on cqure.net website) and it’s called jd-gui. It works wonderfully on linux.