My intention is for this to be a place where I post anything that interests my geeky mind. I may not update it often, and you may not find it that interesting.. You've been forewarned.
Don't wanna be here? Send us removal request.
Statistics
We looked inside some of the posts by devalias and here's what we found interesting.
Average Info
Notes Per Post
10
Likes Per Post
9
Reblog Per Post
1
Reply Per Post
0
Time Between Posts
2 months
Number of Posts By Type
Text
16
Quote
1
Last Seen Tumblr Blogs
Fun Fact
Tumblr was the first site to host the blog for President Barack Obama in 2011.
Text
Blog transferred to devalias.net
This is the old Tumblr version of this blog. All of the old content (and everything new) is now available over at http://www.devalias.net/
Hope to see you all there!
2 notes
ยท
View notes
Text
Dogedraw, now with more Nyaan!
Over the last few days I've been mentoring web dev at HS.HACT.IO, inspiring a group of younger kids to get into tech as creators. One of the other mentors showed us a site he previously put together, DogeDraw. After playing around with it for a little, I decided it was a little too manual, so started hacking away in the JS console to make it more fun.
A little while (and far too long typing out pixel art as code) later, and we have nyaan hacks! You can clear a section of the screen with a solid block of colour, or better yet, stamp out some pixel art nyaan cat across the page!
See below the cut for the gist.
https://gist.github.com/alias1/e8bb28726a37854606ad
1 note
ยท
View note
Text
Kiwicon 8 (2014) - Some quick notes
Kiwicon
Schedule
Talks
This was most definitely one of the most interesting, exciting, and downright awesome 'con experiences i've ever had! In the past i've pretty much kept to myself, watched the talks and headed home, but hung out/chatted/discussed with a lot of people over the course of the week, and it was epic! So so so definitely worthwhile!!
Not sure of the best way to go about this, so will just list out the different presentations and anything of interest/note from them.
I assume slides/etc should be up later on, so if something looks interesting, keep an eye out for that.
Thursday
Eve, Mallory, Ocean's 11, and Jack Bauer: Adversaries Real and Imagined
Nice overview of the different kinds of attackers, what they tend to be after, etc
Basically highlighted that you need to know what they are after and what it is worth, and balance security accordingly
Breaking Bricks and Plumbing Pipes: Cisco ASA a Super Mario Adventure
Interesting talk about a plethora of security flaws found in Cisco firewall to gain a pivot point into the network
Asymmetric Defense, and your buyers guide to Threat Intelligence
Essentially talked about how a lot of 'threat intelligence' out there is crap, and treated as 'more is better' rather than 'better is better'
Talked about how there needs to be standardises formats for digitally sharing/consuming threat intelligence
Seeing Blu
Step by step walkthrough and thought process of how he hacked his BluRay player to enable multi region support so he could watch his copy of Hackers.
OneRNG - a verifiable and Open Hardware Random Number Generator from NZ
Small open source/hardware device to generate truly random entropy, to be fed back into a random number generator
Recently released on kickstarter: https://www.kickstarter.com/projects/moonbaseotago/onerng-an-open-source-entropy-generator
Eradicating the Human Problem
Really excellent talk by lady_nerd talking about social engineering and humans as the weak point in security
Talked about how we need a better way to assess and track the human element of security, rather than treating it as too hard/unobtainable
Briefly discussed a tool in development designed to assist with mapping out the social interactions of a company in a way that allows assessing potential risk/etc, and determining the flow of an attack through the social elements of a company
Slides: https://twitter.com/lady_nerd/status/544230404170194945
Security the Etsy way: Effective security in a continuous deployment culture
Excellent talk by Rich Smith about mixing in security people with the general developers, not blocking progress/saying no while still maintaining security, making security liked/approachable, etc.
So many awesome points and discussions, not to mention showing just how epic a place Etsy is to work.
Caught up with him a decent bit after his talk and had some awesome chats, a really cool and down to earth guy
Etsy are a great example of continuous deployment, with upwards of 50 pushes into production every day
One of the big points: Don't hire assholes (they will ruin all of the work you put in to enhance security/etcs image and drag everyone down) https://twitter.com/hypatiadotca/status/542870405514801152
COMSEC - Beyond Encryption
Discussion on maintaining communication security, tools that are good/bad, etc
Almost surprisingly, Apple factime rates pretty highly on the list.
Pond considered THE thing to use https://pond.imperialviolet.org/
MitMing GSM with criminal intent
Discussed the analysis and thinking, and eventual pwning of a GSM enabled home detention ankle monitor
Made front page of the newspaper for the talk: http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11373524
Same guy who broke the NZ transport card system last year
Building a hipster catapult, or how2own your skateboard
Amusing talk about taking over control of a bluetooth controlled electric skateboard, including demonstration
Friday
R00t Causes: complex systems failures and security incident response
Analysis of a bridge collapse and how similar events map into security
Some key points: compartmentalise/isolate
ThruGlassXfer: The TV people? Do you see them?
Interesting proof of concept and discussion on using the pixels on a screen and a video camera, combined with a programmable keyboard to initiate an 'air gapped' bidirectional communications channel.
Proves that if you can see it on the screen, and type into it, then you can basically bypass any other security in your way
http://thruglassxfer.com
Cyberwar before there was Cyber: Hacking WWII Electronic Bomb Fuses
Research/analyse on various types of german bomb fuses, and the evolution of design/defuser used to outsmart each other
BeEF for Vegetarians (Hooked Browser Meshed-Networks with WebRTC)
Pretty cool talk by xntrik (co-author of browser hackers handbook) about creating mesh networks from exploited browsers to minimize detection/etc from communication with the command server
Useful for circumventing/stealthing internal lateral exploration through a network
An Image is Worth 1000 Frauds โ Detecting Fake Images and Videos
Interesting high level runthrough of some methods you can use to detect manipulated images/video
Linked to https://github.com/ebemunk/phoenix a lot
Manipulating Human Minds: The Psychological Side of Social Engineering
Interesting talk by 0xkitty that takes a high level look at some of things involved in social engineering and manipulating the human element of security
Lightning talks (shorter)
Recap of the aftermath of last year's bus hacking
Decent recap of what happened/how the incident was handled (eg. poorly)
The National Cyber Security Strategy and the Connect Smart Partnership
Some goverment guy that wasn't very engaging
I know what you did last Wednesday: exploitation of the humble apartment video intercom
Hacked his embedded linux apartment intercomm system to find exploits that enabled stealth monitoring of EVERY apartment in his building (100's)
Voltron: Defender of the Universe
Terminal based 'GUI' for GDB debugging
https://github.com/snare/voltron
Random() Adventures in Minecrosoftcraft
A practical example of using analyses to defeat insecure 'random' implementations in the context of minecraft
Legal loopholes
Some talk about grey areas of the law/etc
Breaking AV software
Really interesting talk about just how insecure/terrible antivirus/security products in general can be (hint: VERY)
Showed how a large number of the top AV engines can actually end up making your system less secure due to the way they are implemented.
Hackers and Hacks, or: How I Learned to Stop Worrying and Love the MSM
An enlightening talk by the reporters who engaged with 'rawshark' and the process/pitfalls they went through to in securely communicating to release the information.
Made some good points about security being hard for the 'average' person, and how so very major stories (eg. Snowden) were almost missed out on because reporters don't understand how to security well enough
Saturday
Kiwicon SPIT ROAST
We ate lots of meat, in a fortress!!
2 notes
ยท
View notes
Text
MDwiki (and how to get started)
(Note: Original gist can be found here)
If you haven't already heard about it, MDwiki is a cool little CMS/Wiki that runs entirely clientside (HTML5/Javascript) and uses Markdown
Since it's all clientside, we can do really cool things like track our changes in git and then host it all on GitHub Pages. That means super simple forking, contributing and sharing. Yay for open source!
Setting up MDwiki with GitHub
There is an official guide available on the MDwiki site, but I kind of like to do things my own way, so below is how I go about setting up a new site. (I'll assume you're already setup on GitHub and know vaguely how to use it, if not, maybe checkout the guide above)
On GitHub
Create a new repository and name it what you want (eg. my-mdwiki)
Setup initial MDwiki bits
Download the latest MDwiki release
Extract it to a folder (eg. my-mdwiki)
Here you have a choice:
mdwiki.html will give you MDwiki and all of it's libraries packaged as a single file
mdwiki-slim.html (my preference) will give you MDwiki, but load it's libraries from a CDN (content delivery network)
Choose the option you want to use and rename it to index.html
Next we'll need to create a config.json file. You can read about how this works or just use something similar to mine:
{ "useSideMenu": true, "lineBreaks": "gfm", "additionalFooterText": "By <a href='http://www.devalias.net/'>Glenn '/dev/alias' Grant</a><br />", "anchorCharacter": "ยถ", "title": "My Shiny New MDwiki" }
Almost there, create a quick navigation.md (docs) that looks something like
# Your wiki name [Home](index.md) [About](about.md) [Download](download.md)
And create your first page (i'll only show you one, but the process is the same). Create a file called index.md (as specified in your navigation)
# Hello World! This is my first page!
That's it for the basic site setup!
As a little bonus, I like to add a script to run a python SimpleHTTPServer for local testing called run-pyserver.sh (and make sure to make it executable with chmod +x run-pyserver.sh)
#!/bin/bash open http://localhost:8000 python -m SimpleHTTPServer 8000
Now we'll setup our git repo:
Open a terminal window, and navigate to the folder you just created (eg. cd ~/my-mdwiki)
Initialise the git repo: git init
Here we use some magic (from Sean Estabrooks) to tell git to call the initial branch gh-pages instead of master: git symbolic-ref HEAD refs/heads/gh-pages
Add all the files we've created so far: git add .
Commit them: git commit -m "Initial Commit"
Add your GitHub repo as a remote (making sure to replace YOURUSERNAME with your actual username, and my-mdwiki with the name of the repository you created earlier): git remote add origin [email protected]:YOURUSERNAME/my-mdwiki.git
Then push it to github: git push -u origin gh-pages
That's pretty much it! After a short delay, your site should be available at http://YOURUSERNAME.github.io/my-mdwiki
1 note
ยท
View note
Text
Play! Framework - Seperated WS Library
So as we all (should) know, Play! Framework has released v2.3.x
With it comes a whole range of new features, including one that caught my eye:
Play WS
Separate library
The WS client library has been refactored into its own library which can be used outside of Play. You can now have multiple WSClient objects, rather than only using the WS singleton.
This was particularly exciting for me, as I've grown to know, understand and love the simple abstractions the Play WS library provides.
Sweet! So how do I get it in my projects? Had a look over at playframework@Github to no avail (was expecting a new repo)
After a little more digging, I came across the Play! Repositories page, which lead me to finding what I wanted.
A little xml magic later and we have the following for a maven project wanting to use the Java version of the WS library:
<dependencies> <dependency> <groupId>com.typesafe.play</groupId> <artifactId>play-java-ws_2.10</artifactId> <version>2.3.0</version> </dependency> </dependencies> <repositories> <repository> <id>Typesafe Releases</id> <url>http://repo.typesafe.com/typesafe/releases/</url> </repository> </repositories>
Hope this saves you guys some time, and as always, happy hacking!
"There is no started application"
If you end up getting a "There is no started application" message when you try to use WS, you will need to do something like the following:
AsyncHttpClientConfig.Builder builder = new com.ning.http.client.AsyncHttpClientConfig.Builder(); NingWSClient wsClient = new play.libs.ws.ning.NingWSClient(builder.build()); // Instead of this //WSRequestHolder ws = WS.url(url) // Use this WSRequestHolder ws = wsClient.url(url)
See the following for more details:
http://stackoverflow.com/questions/24881145/how-do-i-use-play-ws-library-in-normal-sbt-project-instead-of-play
Scala - Using WSClient: http://www.playframework.com/documentation/2.3.x/ScalaWS
Java - Using WSClient: http://www.playframework.com/documentation/2.3.x/JavaWS
(Note: The tl;dr/raw/likely most up to date notes I made for this are available as a gist)
#Play!#play#play framework#play2#2.3.x#WS#Play.WS#Library#Maven#Typesafe#playframework.com#typesafe.com
0 notes
Quote
Rather than trying to make everybody everywhere adapt their systems to try and handle everything that could possibly ever exist (a monumental task), have a 'new' thing that is flexible enough to be able to interface with everything else. Thinking about it now, it's the exact same way as I look at the transition from legacy silo's to 'the future' of personal clouds/etc. Sure, the ideal is that everything is free and open and interacts perfectly, but the reality is that that's not where we are at today, and there is a very real need for these 'bridging technologies' to ease that transition as we move forward, and give us the wins of the future technology, without having to wait for the lag of general industry to catch up.
Glenn 'devalias' Grant
1 note
ยท
View note
Text
Java/Scala Future/Promise Map *headsplode*
A side by side comparison (now that I finally got it figured out!) of Play Framework v2.2.x promise unwrapping in Java and Scala. Hopefully this will be able to save some of you a bunch of mind numbing ponderings and failures.
Check it out over at GitHub
<3 /dev/alias
1 note
ยท
View note
Text
How to add a Flattr button to your Tumblr posts
Just a quick post today. You may notice the Flattr buttons on posts now. To find out how to add them to your own Tumblr posts check out
http://manuelgrabowski.de/2012/01/03/add-an-individual-flattr-button-to-your-tumblr-posts/
0 notes
Text
Using Lombok with Play! Framework 2.2x
Lombok is a project that removes some of the tediousness of Java by letting you use annotations to replace the verbosity of Getters/Setters (and heaps of other cool things!)
This is mostly a note for me to help save a TON of time screwing around again.
Play 2.2.x works 'out of the box' just by including lombok in your dependencies
libraryDependencies ++= Seq( foo, bar, baz, "org.projectlombok" % "lombok" % "1.12.6" )
Where you run into issues is that play eclipse won't add the correct stuff for lombok to work correctly.
After a lot of messing around, I just went back to the method suggested on the site
Download from http://projectlombok.org/download.html
Run the installer and let it configure Eclipse
Done
<3
0 notes
Text
VLC 2.1.x AC3/5.1 Audio Issues (and how to fix them)
So, just lost an hour or two debugging some audio issues that seemed to crop up in VLC. I have a 5.1 setup, which will disable the speakers when I plug in a 2-channel set of headphones (pretty straightforward). For some strange reason this stopped working sometime recently. I assumed maybe audio drivers (windows update) or something else weird like that, but turns out it was VLC (which I forgot I had upgraded)
Old versions of VLC (pre 2.1.x) allowed you to 'force' a downscale in situations like this through the rAudio -> Audio Device -> Stereo right click menu option. Turns out, this feature was removed (and the menu item repurposed) in VLC 2.1.x. According to Jean-Baptiste Kempf on the VLC forums this feature won't be coming back anytime before 2.2.x
So what do we do in the meantime? If you haven't upgraded to 2.1.x yet and need this feature then don't upgrade. If you already have, downgrade to 2.0.8 (Windows) or 2.0.9 (OSX/Linux)
2.0.8 Win32 (EXE, ZIP)
2.0.8 Win64 (EXE, ZIP)
2.0.9 OSX (DMG)
2.0.9 Linux (XZ)
Hope this saves you guys some time and effort!!
0 notes
Text
Hacking Unicoins for Fun and Profit (Stackoverflow.com April Fools 2014)
Stackoverflow introduced an amusing little April Fools feature called 'Unicoins'. Essentially, this currency (that you can earn by mining rocks, since all of the (rather amusing) payment options are 'currently unavailable') allows you to by silly upgrades for the website. From 'Colorful comments' and 'Guaranteed Answer' through to 'Voting animations' which gives you 'happy unicorn animations everytime you vote'.
Anyways, long story short, I saw a system and wondered how to beat it. Turns out each rock is simply an AJAX request to /unicoin/rock to get a rock ID, and when you sucessfully mine it, you POST back a static fkey (bound to each user I assume?) and the rockId to /unicoin/mine?rock=theRockId
I've put together a little automagical javascript to prevent you all getting RSI over at https://gist.github.com/alias1/9905949 It's for health reasons.. honestly.
Enjoy your unicoins! <3 /dev/alias
1 note
ยท
View note
Text
Y U NO Update Kali?
Not too long ago I was setting up a new pentest machine with Kali. Fairly straightforward a task, though slightly inconvenienced by the fact that the net was down at the time. No matter I thought, continue offline and all should be fine.. apparently not.
When you don't have a live net connection during setup Kali decides not to fill in the server details needed by apt-get to pull down anything more than security updates (no new tools for you!) Thankfully this is a simple and quick fix.
But how?
Having a look over at the Kali documentation we find the instructions and url's required. Basically we just have to..
Edit /etc/apt/sources.list
Add or ensure the following lines are present:
For general Kali repositories (aka everyone)
deb http://http.kali.org/kali kali main non-free contrib deb http://security.kali.org/kali-security kali/updates main contrib non-free
To use the source (aka Jedi's)
deb-src http://http.kali.org/kali kali main non-free contrib deb-src http://security.kali.org/kali-security kali/updates main contrib non-free
And finally for those who like to live (and bleed) on the edge
deb http://repo.kali.org/kali kali-bleeding-edge main #deb-src http://repo.kali.org/kali kali-bleeding-edge main
Now we update!
Once this is done (and saved) we can just do our standard
apt-get update && apt-get upgrade
or
apt-get update && apt-get upgrade
Happy (ethical) hacking!
0 notes
Text
Thecus NAS: /dev/alias says no!
Spent the day today digging around in the deepest and darkest parts of my Thecus NAS, and I can now say absolutely and without a doubt not to waste your money on them.
The filesystem is horrendous, the scripts are hacked together, and it's overall just really quite disgusting for what is meant to be a SMB/Business grade device.
I also have some serious concerns about the validity of the encryption it makes use of ('backing up' the encryption keyfile and password, encrypted with a static key.. pssht, no thanks) Not to mention that the 'bin' config backup file is just a .tar.gz encrypted with, yet again, a static key.
And for funsies, there are a few things that i've seen along the way that I would think are exploitable, at least potentially so. Haven't really had the time/effort/inclination to delve into it further at this stage.
This is all on top of the fact that support has been HORRENDOUS (I basically have to open a new ticket each time I reply, just to get them to look at my original ticket/attempt to do something)
In positive news.. has been interesting to say the least, and I'm pretty sure I have all the components i'll require to string my RAID back together into some form of working state. Just a matter of figuring out just how to fit them together..
I might follow this post up in the future with some interesting findings, recovery steps, exploits or otherwise. Till then!
0 notes
Text
Find your voice and disqus!
Just a little note to say that i've now enabled the Disqus commenting (wasn't aware that it wasn't working before), so you now have a voice to interact back with me through the site!
1 note
ยท
View note
Text
vFeed - Wrapper/Helper Scripts For Speed and Efficiency
Just wanted to share some quick little bash scripts I threw together to make vFeed a little quicker/more efficient for my use.
If you don't know it already, vFeed is an Open Source Cross Linked and Aggregated Local Vulnerability Database put together by the fine folks over at ToolsWatch. You can query it for a whole bunch of information and details that may aid you in your pentests, all from the convenience of a local database.
To make life easier, I throw these scripts in my vFeed directory and symlink them from bin.
cd /path/to/bin ln -s /path/to/vFeed/bin/vfeed.sh vfeed ln -s /path/to/vFeed/bin/vfeedcli.sh vfeedcli ln -s /path/to/vFeed/bin/vfeed_update.sh vfeed_update
Enjoy!
https://gist.github.com/alias1/7554985
0 notes
Text
Sparty - Sharepoint and Frontpage Auditing Tool (Now With More NTLM Authentication!)
I've been doing a little bit of poking around Sharepoint security lately, doing some research and playing with some assessment/pentest tools. One such tool (released this year at Black Hat USA) is called Sparty. Written by 0kn0ck (aka Aditya K Sood) of SecNiche Security Labs, Sparty is a tool designed to assist in auditing sites built on Microsoft Sharepoint and/or Frontpage.
From the official site:
Sparty is an open source tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the complex nature of these web administration software, it is required to have a simple and efficient tool that gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified. A number of automated scanners fall short of this and Sparty is a solution to that.
You can download a copy from the project page (I'll be a good net citizen and won't link directly to the .tar.gz)
I won't dive into usage/etc here as it's still a very early release too (v0.1!) So if you want to find out a bit more about that you should look at the Sparty Usage page over at SecNiche.
Now With More NTLM Authentication!
In playing with the tool there were a few things that I kept running into that gave me some minor annoyance that I had to work around.
Firstly, there was a hard version check for Python 2.6 (I was running 2.7), so before I could even list the help I had to disable that (simple fix)
The next issue was a little more frustrating at first, and took a bit longer to solve. In running the tool, I was only receiving 401 Unauthorized responses. After looking a little further into it, I discovered that this was due to the server requesting NTLM authentication, which the tool was not providing. A bit more hacking around (and a bunch of google/python documentation) and I had a solution that would allow me to enter my authentication credentials (or some I acquired) and then proceed with using the tool as normal.
Sharing is Caring!
As we know, sharing is caring, so i've made my changes (and any others I may make to Sparty in the future) available over at Github.
Click over to alias1/sparty and check it out!
#pentest#hack#tool#sparty#sharepoint#frontpage#secniche#secniche.org#0kn0ck#Aditya K Sood#Black Hat#authentication
0 notes
Text
wp-cli - Like Drush but for Wordpress
So there's this cool little tool I came across, similar in function to Drush (which is an awesome tool for Drupal that you should totally use), but for Wordpress. It's called wp-cli
Installing wp-cli
As seems to be common with tools these days, installation is really quick and painless. Just fire up your favourite shell and enter the following.
curl https://raw.github.com/wp-cli/wp-cli.github.com/master/installer.sh | bash
You might want to install it to a custom path and then link it instead
curl http://wp-cli.org/installer.sh > installer.sh sudo INSTALL_DIR='/usr/share/wp-cli' bash installer.sh sudo ln -s /usr/share/wp-cli/bin/wp /usr/bin/wp
If you're on OSX and running Homebrew then you can use that instead!
brew tap josegonzalez/homebrew-php brew install wp-cli
Using wp-cli to install Wordpress
There are tons of command line options available to wp-cli (and even more that have been contributed by the community), so I will just give the tl;dr version I used to setup a new blog here.
In your favourite shell, cd to the installation directory and download a new copy of Wordpress.
cd /my/site/directory wp core download --version=3.6.1
Next we'll need to set up the options in the config file.
wp core config --dbname=mydatabase --dbuser=myusername --dbpass=mysecurepassword
Finally, run through the install to setup the database and everything else.
wp core install --url=mydomain.example.com --title="My Example Blog" --admin_user=myadminusername --admin_password="myadminpassword" --admin_email="[email protected]"
And that's it! Happy hacking!
0 notes