Archives 

Show All

  • 2008
    • March
      • Perl tip: URL Decode and Encode
        03/17/08
        Here's a quick perl tip on how to URL Decode and Encode:

        To encode a string to be placed in a URL:

        $string =~ s/([^A-Za-z0-9])/sprintf("%%%02X", ord($1))/seg;

        To decode a URL-encoded string:

        $string =~ s/\%([A-Fa-f0-9]{2})/pack('C'

      • Bash Pitfalls
        03/16/08
        Found this great Wiki on Bash Pitfalls today which should help avoid common bash scripting errors.

      • Upgrading firmware on a Linksys WRT54GS to DD-WRT
        03/16/08
        Recently I upgraded my old linksys WRT54GS from the Linksys suppled firmware to the spiffy DD-WRT linux-based distribution so I could more effectively troubleshoot problems with my pain-in-the-ass cable modem service. Since Linksys has gotten purchased by a certain networking giant, each subsequent

      • Brute force HTTP Basic authentication with authforce
        03/10/08
        Authforce is a very fast tool for brute forcing HTTP Basic Authentication protected URLs. In HTTP Basic authentication the username and password is Base64 encoded and passed along with the HTTP headers from the client to the HTTP server. This means that the credentials are passed over the network in

      • Setup an SSL tunnel with stunnel 3.x
        03/07/08
        Stunnel is a very handy utility for wrapping virtually any service in SSL. In a pentesting perspective its especially handy if you want to use a tool which only speaks HTTP (e.g. a perl LWP script which you are too lazy to make speak SSL, or want to make manual HTTP requests adhoc ;). We can setup a

      • Archive pages on Linux and Wireless (802.11b) are now up!
        03/05/08
        I haven't updated my old Linux & Wireless (802.11b) pages in at least five years (2003) but somehow these wacky people on the Internet still want to read about my ancient experiments getting various wireless cards to work under linux. Your mileage may vary, and I don't vouch for that i

      • OpenBSD pf tip: Examining pf logs
        03/05/08
        OpenBSD's pf was ported to FreeBSD and made part of the base system in FreeBSD 5.3, which caused spontaneous combustion in the minds of firewall geeks everywhere. I don't want to start a flamewar, but prior to FreeBSD 5.3, pf was just about the only feature in OpenBSD that I was really jea

      • How to prevent image hotlinking with mod_rewrite
        03/04/08
        mod_rewrite is a powerful module for Apache for performing URL rewriting on the fly. However sometimes if your regex kung-fu is not up to par, it can be a frustrating and hair-pulling exercise to figure out why your rewrite rules are not working. The solution is to add a couple logging lines into y

      • OpenSSL tip: How to simply encrypt a file
        03/03/08
        As part of a project at work recently, I had to figure out how to easily encrypt a file for one of our brain-dead developers. Luckily for me the excellent OpenSSL Toolkit was available on the Unix host. Here's how you do it:

        To encrypt a file:

        openssl enc -aes-256-cbc -sal

      • cURL tip: How to do a simple HTTP POST
        03/03/08
        cURL is a very useful utility to perform HTTP/HTTPS operations from the command line. Many times during a web application pentest you need to send an HTTP POST to a login form (e.g. brute force a login to the site). Here's the very simple way to do it, assuming you the form parameters are calle

      • welcome
        03/03/08


        Comments are disabled on this blog, mostly because of the toxic trifecta of:
        1) unholy blog spammers
        2) crappy captcha systems
        3) my own laziness