e-axe`s small home :: blog

-------------------------------------------------------------------------
 menu :: blog | projects | books | wishlists | about :: prev | next 
-------------------------------------------------------------------------

 pushed back old content... [Mon Aug 29 9:27:53 CEST 2011]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 hey!
 
 i finally found some time to push the old content back online.
 that means you are able to download all the tools and stuff again ;)
 
 
 nothing else!
 e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 new cms launched... [Thu Apr 1 18:16:04 CEST 2010]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 hey out there,
 
 welcome to the new cms... i just had to put this online before i
 would have done normaly because the old server got shut down.
 
 thats the reason why you might miss some of the latest content...
 i still have to port it to the new cms.
 
 if you find any bugs or vulnerabilites please get in contact with
 me... thanks ;)
 
 
 greetings,
 e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 WAFP - just released [Fri Jan 8 22:41:47 CET 2010]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 i just gave a quick talk about web application fingerprinting with
 a tool called WAFP - on the 26c3.
 
 enjoy:
 project page -> http://mytty.org/wafp/
 slides -> http://www.mytty.org/wafp_26c3_richard-sammet.pdf
 
 
 so long,
 e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 query detailed system info via ntp... [Fri Jan 8 22:40:53 CET 2010]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 which are the services you see most on internal networks?
 
 thats the question i asked myself and out of the results of the
 hundreds of security assessments and penetration tests i performed
 in history i came to the conclusion that one of those services
 absolutely is ntp. its running and also bound to an interface reachable
 over the network on most unix systems and network devices if not
 hardened properly.
 
 so i decided to give it a try and wrote a nmap nse script which
 performs a ntp rl query if port 123 is open or the ntp protocol
 gets detected by nmap and you choose to perform a script scan.
 
 http://mytty.org/nopaste/?pid=1823
 
 a sample output looks like this:
 
  123/udp open ntp
  | ntp-info:
  |  version: ntpd 4.2.4p6@1.1549-o Thu Oct 22 21:58:37 UTC 2009 (1)
  |  processor: i686
  |  system: Linux/2.6.31-15-generic
  |  stratum: 3
  |_ refid: 91.189.94.4
 
 
 enjoy,
 e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 "new" pics online... [Fri Jan 8 22:39:44 CET 2010]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 well, yes, i just uploaded some new images! ;)
 take a close look at the vegas_08/ pics - then you will be able to get
 free internet access and to own the tv control machine of the las vegas
 hilton...
 
 http://mytty.org/pics/
 
 
 have fun,
 e-axe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------------------------- search :: :: prev | next -------------------------------------------------------------------------
there is always something stupid to do...