KellyKeeton dot Com v3.0 reverse engineering life

15Jul/090

incident response timestamp notepad

I had a need for a tool that I couldnt find that worked like I wanted. So I just builtone. Here is a incident responce notepad, basically it will time stamp every entryinto a file in real time. This is for incident responce teams (IRT) to deal with acrisis but take good notes at the same time for later analysis and review. I dealwith this a lot and always have some notepad files that are in consistant and messy,or papers all over my work area, very unsecure and hard to deal with.

To use the application just load it up, enter some notes and press enter to save yournote No need to save the file ever, as its realtime writing to the file. ToolTextwill help you with the buttons I dont do Icons.

Features of the IRT Notepad 1.01

-time stamp notes to a flat file

-add IR contacts to flat file

-add time accounting to flat file for billing

File Attachment:IRT Notepad.zip (47 KB)

requires .net, there is moderate bug catching do deal with things that can cause problems.If you find something you want added or a good bug let me know. I know it works onXP/Vista with .net if it dont work for you patch your OS. This is a private programthat I am providing for feedback and just a google hit.

28Jun/090

phpVisistorBadge software

I updated my phpVisitorBadge software page and code to fix some errors and add some screenshots to the page. Still too lazy to put php on my webserver and put up a live demo that can be hacked to crap.

27May/090

open source visitor badge software

I recently had a requirement to build a visitor badge system but didn't have any cash.So i created my own software! I build what I am calling for lack of a better termphpvisitorbadge. Runs on PHP has a SQL backed and will catalog and log your visitorsfrom multiple locations and also give you a sign out ability. I actually reverseengineered the idea from someone but came out with a dandy product. So if you havea LAMP like install sitting around let me know what you think. IN the next week ifI get time I will set up a demo site with the server software running. I added somesecurity to the page but not a lot as its intended for internal use only. HoweverI am curious on how much people could hack it if I let them.

http://www.kellykeeton.com/phpvisitorbadge/

Filed under: HowTo, Software No Comments
13Apr/090

Speed Up FireFox

Create a user.js file in your Profile directory for firefox(%APPDATA%\Mozilla\Firefox\Profiles\xxxxxxxx.default\)Dump this following code into that file.

//Speed Tweaks FF3
user_pref("config.trim_on_minimize", true);
user_pref("content.interrupt.parsing", true);
user_pref("content.max.tokenizing.time", 2250000);
user_pref("content.maxtextrun", 8191);
user_pref("content.notify.backoffcount", 5);
user_pref("content.notify.interval", 500000);
user_pref("content.notify.ontimer", true);
user_pref("content.switch.threshold", 250000);
user_pref("network.http.max-connections", 48);
user_pref("network.http.max-connections-per-server", 32);
user_pref("network.http.max-persistent-connections-per-proxy", 20);
user_pref("network.http.max-persistent-connections-per-server", 20);
user_pref("network.http.pipelining", true);
user_pref("network.http.pipelining.firstrequest", true);
user_pref("network.http.proxy.pipelining", true);
user_pref("network.http.pipelining.maxrequests", 8);
user_pref("nglayout.initialpaint.delay", 100);
user_pref("network.http.keep-alive", true);
user_pref("network.http.keep-alive.timeout", 600);
user_pref("network.http.request.max-start-delay", 10);
user_pref("network.dnsCacheExpiration", 3600);
user_pref("network.dnsCacheEntries", 1000);
user_pref("browser.sessionhistory.max_total_viewers", 3);
//set following to false if you find that FireFox is slow to maximize from the tray.
user_pref("config.trim_on_minimize", true);
//security tweeks
user_pref("browser.cache.disk_cache_ssl", false);
user_pref("browser.microsummary.enabled", false);
user_pref("browser.microsummary.updateGenerators", false);
//memory cache  Physical RAM Memory Cache (in KB)
//32 MB 2048
//64 MB 4096
//128 MB 6144
//256 MB 10240
//512 MB 14336
//1 GB 18432
//2 GB 24576
//4 GB 30720
//8 GB and up 32768
user_pref("browser.cache.memory.capacity", 18432);

Got this code from a post on DSLReports page, copy here formy own notes.

>

Filed under: Software No Comments
14Dec/080

DasBlog Update

I was a little behind schedual but there was a release of dasblog2.2 in october that was the same time my server died. Good news is Dasblog 2.2 runs great with no hacking on IIS7

Filed under: Software No Comments
30Oct/080

Election 2008

I opened up my netflix flyer today and in the part with advertisement had a ad forCNN. The Ad read “Watch History Unfold” sheesh, those jackals will enterpriseon anything. I wonder how much Ad space will cost for election day coverage, in 4years will we have remembered the commercials of Nov4 past?

I will tell you my prediction for watch history unfolding…

My prediction, for election 2008 is that something “crazy” will happen.

  • Voter data scandal, the data for voters will be tampered with, stolen, lost etc etcetc
  • Voting means nothing, america will vote for B.O. but J.M. will become the presidentbecause of electoral vote process.
  • We see attacks on people voting

glass half full, but hey, prove me wrong america. I would be happy with that.

vote for me as a write in, I will make recess longer and pop cheaper

Filed under: News, Software No Comments
13May/080

a windows CVS ‘how-to’

I recently was working with some shared code and didnt like the regulations or the publicity of SourceFourge, so I set up a home CVS server to distro the code. Like another individual I googled out and found a bunch of documentation from linux users, no offence but I dont have time to read 30 pages to edit a password file. so I duplicated notes from here -http://www.adp-gmbh.ch/blog/2004/november/3.html- in case its ever removed and added my own commentary and edited some things for the new version of cvsnt.

Wih the server I also just checked out TortoiseCVS (formallyI used wincvs) I dont like how much its lockedinto explorer but its so easy that I dumped wincvs and only use the turtle.

Installation

The installation turns out to be quite straight forward. Starting the installer takescare of the entire installation.
The default installation installs two windowsservices: the cvsnt service (named CVSNT) and the cvsnt lock (namedCVSNT Locking Service) service. Additionally, it also installs a default certificate.
The cvs.exe was installed into C:\Program Files\cvsnt. Installalso adds to your path statment.

Creating a repository

A repository needsa root directory under which both the files under version control and auxiliary filesfor use by CVS server are stored. I created this directory manually:
C:> mkdir c:\CVSSERVER
However, this is not a CVS repository by itself; the CVS server needs to be told touse this directory as a repository. The CVS server (or service, respectively) is administeredthrough a service control panel that can be invoked in the dos prompt likeso: (or via start menu)
C:\> cvsnt.cpl 
Now, with cvsnt.cpl, one can go to the Repositories tab and add the created repository.I chose /test for the name of the repository.

A dialog informed me: C:/CVSSERVER, but is not a valid CVS repository.
Do you want to initialise it?

And yes, of course, that's what I wanted.
Then I pressed apply.
The initialization basically created a CVSROOT directory beneath c:\CVSSERVERand put some 55 files and yet another directory into CVSROOT.

Adding a user

After creating the repository, I needed to create a user that can access (that isstore and retrieve files) the repository.
C:\>cvs -d:sspi:localhost:/test passwd -asome_user
Adding user some_user@localhost
New password: ******
Verify password: ******
cvs server: *WARNING* CVS user 'some_user' will not be able to log in until they arealiased to a valid system user.
The password that I have specified (and is hidden in the console) was password.
This command created \CVSSERVER\CVSROOT\passwd with the following content:
some_user:AuC4s3kI8ixcs
Now, some_user needs to be aliased (according to the warning returned by cvs) to avalid NT system user:
C:\>cvs -d:sspi:localhost:/test passwd -r SYSTEM\administrator some_user
Changing repository password for some_user@localhost
New password: ******
Verify password: ******
Although this seems a bit redundant, it looks like one has to give the password again.This is the password for the CVS user not the system account. The SYSTEM\administratoris the NT-FQ name of the local admin in this example.

Creating a module

Now, it was time to create a module which I named test_module:
C:\CVSSERVER\>mkdir test_module
C:\CVSSERVER\>cd test_module
For the beginning, I only stored one file, README.txt, into this module. (one fileis required to start the module)
C:\CVSSERVER\test_module\>notepad README.txt
Here's the content of README.txt:
test_module
===========
This is some dummy text.
C:\CVSSERVER\test_module\>cvs -d:pserver:some_user:password@localhost:/test import TestModuleno-vendor initial-release
I didn't specify the -m flag, so CVS opened the default editor likely notepad (asthe environment variable CVSEDITOR is not set) to enter a message. 
CVS: ----------------------------------------------------------------------
CVS: Enter Log. Lines beginning with `CVS:' are removed automatically
CVS:
CVS: ----------------------------------------------------------------------

just say C for continue
.. and CVS answered with:
N tm/README.txt

No conflicts created by this import
The N obviously indicates that tm/README.txt is a new file.
Now, let's see what happened in C:\CVSSERVER>.
C:\CVSSERVER\test_module\>cd \..

C:\CVSSERVER>dir
Directory of C:\CVSSERVER
02.11.2004 23:35 <DIR> .
02.11.2004 23:35 <DIR> ..
02.11.2004 15:53 <DIR> CVSROOT
02.11.2004 23:35 <DIR> TestModule
Indeed, it added a new directory called TestModule What's in there?
C:\CVSSERVER\test_module\tm>dir
Directory of C:\test_repository\tm

02.11.2004 23:35 <DIR> .
02.11.2004 23:35 <DIR> ..
02.11.2004 23:35 <DIR> CVS
02.11.2004 23:35 506 README.txt,v
It contains a CVS directory (again, used for CVS use) and the README.txt (with a ,vsuffix)
Now, the repository is ready to be used.

so in the end to connect
cvs -d:pserver:some_user:password@localhost:/test /TestModule

Filed under: HowTo, Software No Comments
20Mar/080

change VMware disk size

recently found a good use of VM Converter to change the disk size and no need to messaround in command line

 1) if you own a copy of converter thats a cheat

http://www.vmware.com/products/converter/

 if all else fails

http://www.ebswift.com/OpenSource/VMDiskSize/

then use diskpart (cmd tool with windows)

run the following commands…(on a different box)

diskpart

list disk

list volume

select volume=(your volume)

extend

list volume (check your work)

Filed under: HowTo, Software No Comments
5Mar/080

Visual Studio 2008

One thing I love about MSDN subscriptions is the ability to get Visual Studio. NowI dont program much but I did have a lot of fun with VB back in the day and when VS2002went to .net I must admit that I lost interest as the code changed a lot.

Then comes VS2005 with all its cool context help.

Then comes VS2008, I must say this is the most impressive dev studio I have ever seen.Just like office2007 and ability to think what I want before I want. VS08 allows someonewho just knows how to program, convert to .net and program up things that are awesome.Seriously the context help and auto-complete in VS2008 are way cool. If you are aprogrammer or have MSDN and did old c or vb then check out the new application itsworth the time.

30Nov/070

Browser Plug-In’s

I wanted to make a list of browser plug-ins that I use and find quite importantto security and daily ops work.

First, for IE (I accidently upgraded to 7.0 and didn't feel like un-installing thebehemoth)

  • Bayden Systems' TamperIE offersHTTPS form-tampering
    • sort of a mac-daddy tamper application to change your post data on the fly, must have.
  • Microsoft's IEDeveloper Toolbar
    • Change values on the fly also get header info and more right away
  • Microsoft's IEPowertoys for WebDevs
    • was cool but appears the highlight and show source dont work with IE7, however stillworks for DOM data so I keep it.

Now the giant list for FireFox (where all the 31337 users are)

  • AdBlockPlus
    • This is like going from dial up to DSL, the internet all the sudden becomes “sweet”
  • BlogJet
    • This is also in my IE, its my blogger application
  • DOM Inspector
    • handy for webdev and de-construction
  • DownloadThemAll
    • I dont like to click and this is a price-less tool for saving clicks.
  • GoogleBrowserSynch
    • I dont like how big google is and I dont like the idea of google watching what I browse,this was just an interesting tool since I am on lots of computers, I just dont havethe guts to sign-in yet.
  • GoogleToolBar
    • this is a must, duh.
  • HttpHeaders
    • handy for webdev and de-construction
  • ModifyHeaders
    • handy for webdev and de-construction, and user-agent mods
  • NoScript
    • The only “security” leo laporte knows with out steve giving him a script. Handy forhacking things.
  • RefControl
    • spoof the referrer to the server.
  • PDF Download
    • sometime I like to download pdf’s sometimes I like to view them live, this lets mechoose.
  • Tamper Data
    • same as TemperIE but for zilla
  • ULRParms
    • Different type of TamperData type plugin
  • User Agent Switcher
  • WebDev
    • This tools is mostly a must for anyone, you can quickly shut on and off and mod partsof sites.

Update June2008:
some good hack tools
http://www.securitycompass.com/exploitme.shtml