The Paragon of Design and Security
Site about Data Infrastructures
Blog Posts
Open Source Routing
milworm
counterplane guy's blog
RootSecure
hello
welcome to my site
DataFlip Blog
This Weeks Observations
I was continuing my research as planned and came across the discovery that wget and google do not get along. They did for about 30 seconds then google had a hissy fit and gave me the 503 sorry page. It also gave the page out to my roomates.
The catch is that after I did the captua in my browser, my browser worked and wget didn't. I tried a new querey and user agent string. no luck. I tried importing my cookies from my browser and still no luck. I might have done the cookies thing wrong, but either way this only got me more intriegued.
How can google tell my wget from my browser coming from the same ip?
12 Hours later, i still need get 503 pages.
In conclusion:
For people interested in automating google search, it is best to keep it cool and do it at a reasonable rate. Distributing queries across hosts and time would be the best idea. If I feel motivated I was thinking about writing some random user agent, random proxy script. But first i need to USE TOR!!!!
on a side note, i got freaked out and use other search enginines. The amount of info google already knows about me is scarey.
http://www.pbs.org/cringely/pulpit/2005/pulpit_20051117_000873.html
bleeding edge autosploit tech forbidden outside the NSA
Google Regular expression for IP address "("1..255"\."1..255"\."1..255"\."1..255")"
Google cache is vulnerable to xss. I've only played with this a bit and realized you can't change the payload...
http://74.125.93.132/search?q=cache:B9YyogHZA2EJ:optimalbrowser.com/optimal.php%3Furl%3D%25253Cscript%25253Ealert(String.fromCharCode(88,83,83))%25253C/script%25253E
© 2009 Ben of Dataflip
The database of sploitable boxes is out there, it's just a matter of normalizing and validating the entries.
"All information flows back to public domain." -PsyPhii
more to come...
Image by G a r r y via Flickr
Image via Wikipedia
Image via Wikipedia
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=f2be1a87-14c9-46fe-af38-80786b8e3eda)
spidering google dorks .2
Teaching the web to hack itself.
Ya, so ah i guess this is old skool... but the catch is I wanna get the web services to do the dirty work for me.
http://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#Auger
and regarding googling, it seems I noticed that the chinese and cuban google give different results. I think I read something about using different user agents. check this gem out:
http://spreadsheets.google.com/pub?key=pIzQTTVqsCXUILVB7BtxjJA for some reason, google, does not publish their regionals.
Image by Ekler via Flickr
Image via Wikipedia
Image by Getty Images via Daylife
Image by MrClean1982 via Flickr
Image via Wikipedia
Image via Wikipedia
Image via Wikipedia
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=6aa01d7b-ffd8-4b39-bdaf-ba1b259d13c7)
Yahoo: Web Tarantula
I watched a blackhat presentation recently that said you should use web services for dirty work.
Enter Yahoo. Yahoo has introduced yahoo pipes along with a developer kit. Running regular expressions on search queries is one thing but this also will spider. so get this:
programming logic:
spider security focus for latest vulnerabilities
if vulnerability is on web ap
spider for exploit
spider google/yahoo search for vulnerable url
use yahoo spiders to execute exploit
output vulnerable site with newly granted shell credentials to rss
I have been developing this with interesting results. Anybody else?
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=6ca114ce-0323-4e62-8e81-387275df5ed5)
Bottomf33d3rs Xo
i deal a lot with network professionals of smaller networks. some of them are there by de facto and some were hired. most seen networking misnomers:
1. You can use any IP addressing scheme on the internal net.
RFC 1918 is very simple but never understood. It is important because it protects against rpf. It stops angry foreigners from calling you regarding your internal messaging traffic.
2. You need your perimeter firewall to allow traffic between the same subnet.
no you dont. follow me here... By definition, a router routes routes. and by definition a route is between 2 places right... And when routers are applied to computer networks, they route between networks or parts of the network called subnets. but for sure, a network router can not route traffic when there isn't 2 different entities to have a route between. and if you cant route the traffic with a router you cant apply access control lists...
© 2009 Created by Ben on Ning. Create Your Own Social Network
