So a while ago I asked if I was allowed to play with http://www.bravadogaming.com/ and I got a positive response, I kinda looked around at their custom CMS, didnt see anything immediately available, playing with cookies, changing values here and there, got some SQL errors on http://www.bravadogaming.com/articles/%27%20OR%201=1%20#/ but nothing really spectacular:
I looked around some more, nothing really special, played with register and login, seemed okay.. decided to make an account and see what options I had. Please note I did not even REMOTELY test everything, i was really just messing around. First thing I saw was that people where big on blogs, blogs are linked by categories and blogs in the same categories show similar blogs, heres my first blog:
I started looking into messing with stuff, coming from a bit of a webdev background, immediately hit up some jscript, ie <script>alert(‘AndrewMohawk is AWESOME’);</script>.
Sure enough out the bag, xss is firing.
Even better.. XSS is persistent, not only on my entry, but on the titles being pulled from other articles in the same category (uncategorized)…
So now we have that, now what?
So recently we have really been struggling at work with NLP/tags/phrases relating to a specific person/phrase. For example, you put down something like “Maltego” and you would like it to return things like the company (Paterva), Information mining, Open source forensics, etc etc
So i started looking around for NER/NLP API’s online and i found a great writeup by Michael Fagan , anyway after looking at it i figured i’d take a few hours and build something around it. I decided to look at AlchemyAPI , registered an account got an API key and was well on my way.
Initially i started doing all the CURL+POST stuff myself (some of the API calls can be done with GET’s as well, check the bottom of each documentation page), but then i found they had already got libs for most languages (c++,php,c#,etc) that i could use – yeah.. fucking fail andrew.. next time read the site :)
So far the results aren’t amazing (get say Maltego or Paterva) as a person, but they are pretty decent, it definitely works a lot better on news sources (cnn.com,news24.com, and so on), heres a little demo of it for those that are interested, can’t guarantee it will be around for ever, but feel free to give it a go:
An unconference is a facilitated, participant-driven conference centered around a theme or purpose. The term “unconference” has been applied, or self-applied, to a wide range of gatherings that try to avoid one or more aspects of a conventional conference, such as high fees and sponsored presentations.
very informal every talk submitted got a slot ( even mine).
So mine was on TCP/IP DoS, very similar to slowloris (even if i did the research first, he published first and mine is still not coded for distribution), but you can check out my talk below:
I’ll definitely write a post or 2 about it in the near future, hopefully a lot better than my first ever talk^
Not the quickest of cats
on the best of days.