Saturday, January 27, 2007

coLinux - Cooperative Linux

Some time ago i switched from Ubuntu to Windows XP (in my work computer), mostly because it made my work easier and faster ,but i always missed the linux command line and all the tools. I tried Cygwin, it's not too bad but still is not Linux. Yesterday a co-worker (Ruben) showed me coLinux:

From the coLinux site:
Cooperative Linux is the first working free and open source method for optimally running Linux on Microsoft Windows natively. More generally, Cooperative Linux (short-named coLinux) is a port of the Linux kernel that allows it to run cooperatively alongside another operating system on a single machine.

In short words, it's like Vmware, Parallels, Virtual PC but free, lighter and faster. It take just 4 seconds to boot a debian sarge!!

So now i have a real full linux in my Windows environment :)

Right now there are available Debian, Fedora, Gentoo, Ubuntu, Mandrake and many more OS images.

Best of all you can start coLinux machine as a Windows service an access via SSH through your favorite Terminal emulator (Poderosa, Putty, etc).

Just Great..

coLinux official page
coLinux Wiki

But still not even Windows and Linux together, can beat the MacOs X ;)
There is nothing like MacOs X with Parallels, running windows applications directly in the Os X desktop. (Coherence mode)


Thursday, January 11, 2007

MD5 and SHA1

The other day i needed to crack a MD5 string and i hadn't the Rainbow Tables at hand so a partner show me the web It is very cool, and it also support SHA1, and it looks like google :)

The web does:

-Plaintext --> MD5
-Plaintext --> SHA1

-MD5 --> Plaintext
-SHA1 --> Plaintext

In the future i will add more website that offer this kind of service.

Wednesday, January 10, 2007

SSH Dinamic Port Forwarding

This is a mind note, cause i always forgot the command to create a dinamic port forwarding through ssh. Suppose you want to navigate the web with your browser but you want that the browser connection is made by other machine that has sshd running. So you can access web pages as if from the other machine.

You need to create a connection to the sshd server with the parameter -D and the port number where the local machine will listen to forward the connections. Example:

command>ssh myuser@sshdserver -D 8080

Now you have to configure the web browser to use SOCK Host: localhost Port:8080

In windows you can use putty, and you have to configure

Option: Source Port = 8080
Destination: Dinamic

That's all

Email Harvesting

I made an update to an old but useful tool, "googleharvester". Now the tool also works with msn search. I ported the program to Python because i feel more comfortable with the language and i program faster ;)
You can download the tool: Here

Now the tool is called "theHarvester"

Sunday, January 7, 2007

Ngsec - Game #3 - Brainstorming

Well another Web application hacking game from Ngsec, this time there were 5 levels. The difficulty was very hard at the 2 first levels, and very very easy in the last 3. The order of the levels should have been inverse :) . But with some patience and Mandingo's tips, i finished in 9 hours aprox (not in a row).

It's was good game to kill some time and program a little.

Try it and became a g00r00 ;)

Game #3

Some tips:
Level 1 - I become blind.
Level 2 - Timing, it's all about timing.
Level 3 - Too easy, no tips.
Level 4 - With the tips and clues in the game, plus some tampering should be enough.
Level 5 - Very easy, just google.

Wfuzz 2.2.0 released

I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...