Click here to search the VMWare user database!

So last week some time Chris Hadnagy linked me to the following URL: http://info.vmware.com/content/opt-out which was pretty interesting last week. Basically it allowed someone to full in their email address to manage their VMWare subscriptions, i noticed a couple of things from the next pages:

• The fields auto populated with details like Name, Phone Number etc (i know, without auth and only an email address – worriedface)
• Another tab became available that allowed you to update your details – again, no auth, scary

So i whipped out the good old firebug and started looking through the ajax calls till i came across this little gem:

http://now.eloqua.com/visitor/v200/svrGP.aspx?pps=50&amp;siteid=524&amp;DLKey=<strong>&lt;sessionkey&gt;</strong>&amp;DLLookup=%3CC_EmailAddress%3E<strong>&lt;email_address&gt;</strong>%3C/C_EmailAddress%3E&amp;ms=59

and the resulting page looked something like:

function GetElqContentPersonalizationValue(strDataField)
{
var strTemp = '';
//alert('Data Field: ' + strDataField);
if(strDataField == 'C_EmailAddress' || strDataField == 'EmailAddress')
{strTemp = 'andrewmohawk\x40gmail.com';}
if(strDataField == 'C_FirstName' || strDataField == 'FirstName')
{strTemp = 'Andrew';}
if(strDataField == 'C_LastName' || strDataField == 'LastName')
{strTemp = 'MacPherson';}

Yeah, great info straight in that.. EEEK! So being the script kiddie (seriously, scripting languages FTW) i wrote a tiny PHP application to pull this info and display.

However the issue was that if you could update someones account, then you could simply change their email address, do a password reset and gain access to a commercial account giving people access to software that someone else paid loads for — this isnt cool so i didnt put the link out. However this week VMWare have removed the update page and the auto-populating fields — yet my scraper still works so i figured i’d put it out.

I’ve specifically left out the sessionkey to make it at least not a trivial cut and paste to get info yourself since it may still be possible to update from that code.

Just another leak i guess. But if anyone has any other links/ideas/stuff for me to play with, contact form’s on the left :)

Cheers,
Andrew

Click here to search the VMWare user database!

Yeah im really lazy, so im not gonna write a lot about it, basically, if you wanna use it on my site hit it up at http://www.andrewmohawk.com/pasteScrape/ otherwise feel free to download it and run it yourself from this archive

Basically, go to http://www.andrewmohawk.com/pasteScrape/ and try some of these:

1. “gmail/facebook Password” – free facebook/gmail/whatever accounts
2. “rbot” – find rbot config files, including the passwords and the irc network that it connects to, ie, if you have an irc client you get a free botnet
3. “enable password” – Cisco goodness
4. “BEGIN PGP” – pgp keys anyone?
5. “DB_PASSWORD” – loads of database passwords
6. “Shellcode” or “Exploit”

You get the idea :)

Enjoy my readme  after the break :D
INDEX
————-
1 // What is PasteBinScraper?
2 // How does it work?
3 // How do i use it?
4 // How do i install?
5 // Extending
6 // TODO
7 // Thanks
Read more »

So its been ages since i last blogged, and i am determined to try do this more regularly since it will probably get me onto doing more stuff!

This is pretty much the first thing i built with the Arduino – the idea was to make a budget IPCam with a web interface that i could connect to from anywhere and have the ability to pan and tilt my camera. Since i was in the budget price range i did also look at what was available off the shelf — and it sucks, bad quality, slow response time, no lose wires to show, all things i’m not really interested in.

I’ve split this into 3 sections just to make sure that this doesnt become a massively long blogpost:

• The Physical Section – the base, stand and circuit
• The Arduino Section – the code to make it do what i want
• The PHP Interface – the web interface to use with the IPCam – soon!

This is that cool part where you watch the video, unfortunately i haven’t got round to making one yet.. but when i do, its going here! For now, its in pictures (the webinterface and the actual device):

So i’ve commented most of the lines and you should be able to easily follow what has happened in the code. Leave a comment if there are any questions :)

Code after the break!
Read more »

So i see its been forever since i have posted anything, figured its about time, and i wanted to show some of the stuff ive done with my Arduino. The first thing i tried to do with it was create my own budget IPCam with a webcam and some arduino parts.

Basic stuff that make up the IPCam:

• 2x Servo Motors
• 1x LCD (16×2)
• 1x LED
• 1x Potentiometer (used for LCD)
• Bits of random Meccano
• 2x Small lifting weights ( hey, we all knew i wouldnt use them to get in shape anyway )
• Tape/Glue/Random stuff

So first off, this is a hack, i havent done pretty much anything properly, i just pieced it together, tied in bits of code and got it working :)

This is what the circuit looks like:

Read more »

ANDREW I DONT CARE ABOUT YOUR STORIES! JUST GIVE ME THE LINK! >> http://andrewmohawk.com/facefall/

So its been a long weekend, but i had a lot of time to myself this weekend, and decided to play a bit with some of the side projects i’ve been interested in.

With regards to the previous posts, the code has been updated and fixed, ill update the post a little later — but hopefully we (@Paterva) will be releasing the transforms to the public this week so everyone can play!

One of the first ones i wanted to tackle was faceFall — essentially twitterfall for the facebook graphAPI, so you can quickly search for a topic and watch the status messages / links fall down as they arrive :)

So check it out: http://andrewmohawk.com/facefall/ ( yes i realise the UI looks like ass, but i cant get a nice design to work.. if you have one or want to build one, PLEASE let me know!)

Some stuff id need to fix:

• Removing doesn’t work well ( probably my lame ass jscript )
• Doesnt do any correlation (like same person featured on x Topics)
• Needs more info — only does status/links atm

If anyone wants this and wants to help, feel free to comment msg me!

I also cleaned the whiteboard:

Technical Info after the break!
Read more »

So i figured i’d drop a quick update on what i’ve been messing around with, firstly ZACon II was awesome! I’m really dissapointed i didn’t submit a better talk and get a chance again, however i did win the badge competition and get to make my own cool badge:

Rock Paper Scissors Lizard Spock!

Some of the talks i really liked:

• Who can forget Roelof Temminghs talk, especially when one of the sections is “5 things Andrew didn’t implement in his free time” :P
• Ollie Whitehouse on UNCON and how their group runs ( and drinks :P )
• RC1140/Jameel‘s talk on Powershell
• Todor/UKJ‘s talk on DNSSEC ( but really guys 800 requests at once, that needs to be fixed/mitigated first!)
• Ross Simpsons iPhone Hackery ( can’t wait for 4.1 JB to be out )
• Ian de Villiers JAR reversing talk
• Haroon Meer‘s FIG talk :)

Secondly i KNOW i probably should have put up code and stuff for the arduino project i built, basically its a webapp that shows the webcam and allows you to move the cam around. The Arduino is connected to two servo’s to do vertical / horizontal movement, and it can be controlled via the webapp:

CAM CAM CAM

Oh yeah, it also lets you send text to an LCD and blink an LED ( but these aren’t nearly as cool ).

So after doing this i wanted to look at motion tracking and see if i could get the camera to automagically follow someone around a room with facial/object recognition, and in the little time i have had to play today it seems easily doable with the likes of OpenCV , so far today ( besides battling c++ – its been over 5 years since I’ve touched the stuff, so there were some issues :P ) I’ve managed to get it to do some pretty cool facial recognition with the Haar classification and the provided definition – haarcascade_frontalface_alt2.xml. I’ve also given it a bit of a window to try move into and it seems to work pretty well. The only issue i saw was that at the default resolution of the camera ( 640×480) it absolutely ATE my 3ghz dual core, so i had to halve the image size and now it works real-time-ish, check out the pic:

Webcam Facial Detection

I’ve also been playing around with Facebook’s graphAPI and i am hoping to provide some cool new search functionality both to Maltego and as an RSS feed that people can use to monitor what has been said about a specific topic in the public on the social networking giant.

I’ll try start putting out a little more.

Cheers,
Andrew

p.s. yeah, the mohawks been gone for a month now, now if only i had a new alias that wasn’t taken on the net :)

MusicBee

IF YOU DONT CARE ABOUT WHAT HAPPENED AND JUST WANT THE PLUGIN CLICK HERE
So i have recently switched over to the wonderful musicBee ( www.getmusicbee.com ), phenomenal application, nearly amarok for windows :) Some of the features i like:

• Quick search (type in the search bar, library adjusts by searching all available fields intelligently)
• Notifications across MSN and Last.fm and the like
• Fantastic tagging per track and per album
• Downloading of art and lyrics
• Looks good :P

One of the features i have always used in my previous media players has been the now-playing-plugin for mIRC which i use on this machine.

Unfortunately i could not find any for musicBee, so yesterday i took a few hours to figure out how to make one.Let me preface this section by saying the last time i coded C++ was around 5 years ago at university, so i could be horribly wrong for some of this, but i’m just saying what i saw – also if the code is horrid, well, atleast it works :)

mIRC and DLLs

Essentially mIRC communicates with dll’s by calling the DLL ( which you specify ), the function within the DLL and some data that is sent from mIRC as per the documentation (mIRC help) the function looks as follows:

The routine in the DLL being called must be of the form:
int __stdcall procname(HWND mWnd, HWND aWnd, char *data, char *parms, BOOL show, BOOL nopause)

*my function was showSong

All DLLs also require a sort of reference file that tells mIRC exactly what functions are available like so:

LIBRARY "musicBeePlugin"
EXPORTS
showSong @ 1
* showSong is the function i created

Essentially i followed this guide to get setup, fantastic little how-to setup a mIRC plugin in VC++: http://purplespore.com/main/?p=46 and for just the guide: http://purplespore.com/main/wp-content/uploads/2008/10/mytutorial3.html

MusicBee and Songs

So after doing that i noticed that musicBee displays the current artist and song within the window title ie:

Alt Tab - MusicBee

Code

So now i just had to write some simply code to go through all the currently available windows and then find the one that matches “MusicBee”. Sure i could have used regular expressions, but i didnt wanna push my very limited C++ skills to get this done by overcomplicating something. None the less the code looks like this:

#include <windows.h>
#include <string>
using namespace std;
string finaldata = "";

BOOL CALLBACK MyEnumProc(HWND hWnd, LPARAM lParam)
{
   char buff[255];
   if (!hWnd)
   {
      return TRUE; // Not a window
   }
   if (!::IsWindowVisible(hWnd))
   {
      return TRUE; // Not Visible?
   }
   GetWindowText(hWnd, buff, 255);
   string windowTitle = buff;
   string windowToFind = "- MusicBee";
   basic_string <char>::size_type titlePos;
   titlePos = windowTitle.find(windowToFind);
   if(titlePos != string::npos)
   {
      finaldata += windowTitle.substr(0,titlePos);
   }
   return TRUE;
}

int __stdcall showSong(HWND mWnd,HWND aWnd, char *data, char *parms, BOOL show, BOOL nopause)
{
   EnumWindows(MyEnumProc, 0);
   strcpy(data,finaldata.c_str());
   return 3;
}

Some of the things that had me stuck:

SWITCH YOUR APP TO MULTIBYTE SUPPORT or you cannot use the char within GetWindowText — to do this:

• Select project (not solution)
• Project->properties
• Character set->Use Multibyte Character Set

VC++ Project Properties

Download and Use

musicBeePlugin for mIRC — download .zip

Extract the above zip into your mirc directory, and add this to the alias file ( alt + r, click Aliases ).

/F4 //me is listening to: $dll(“musicBeePlugin.dll”,showSong,a) [ MusicBee ]

You can then press F4 to have your song playing:

mIRC with nowPlaying and Aliases

So a while ago I asked if I was allowed to play with http://www.bravadogaming.com/ and I got a positive response, I kinda looked around at their custom CMS,  didnt see anything immediately available, playing with cookies, changing values here and there, got some SQL errors on http://www.bravadogaming.com/articles/%27%20OR%201=1%20#/ but nothing really spectacular:

I looked around some more, nothing really special, played with register and login, seemed okay.. decided to make an account and see what options I had. Please note I did not even REMOTELY test everything, i was really just messing around. First thing I saw was that people where big on blogs, blogs are linked by categories and blogs in the same categories show similar blogs, heres my first blog:

I started looking into messing with stuff, coming from a bit of a webdev background, immediately hit up some jscript, ie <script>alert(‘AndrewMohawk is AWESOME’);</script>.

Sure enough out the bag, xss is firing.

Even better.. XSS is persistent, not only on my entry, but on the titles being pulled from other articles in the same category (uncategorized)…

So now we have that, now what?

Read more »

So recently we have really been struggling at work with NLP/tags/phrases relating to a specific person/phrase. For example, you put down something like “Maltego” and you would like it to return things like the company (Paterva),  Information mining, Open source forensics, etc etc

So i started looking around for NER/NLP API’s online and i found a great writeup by Michael Fagan , anyway after looking at it i figured i’d take a few hours and build something around it. I decided to look at AlchemyAPI , registered an account got an API key and was well on my way.

Initially i started doing all the CURL+POST stuff myself (some of the API calls can be done with GET’s as well, check the bottom of each documentation page), but then i found they had already got libs for most languages (c++,php,c#,etc) that i could use – yeah.. fucking fail andrew.. next time read the site :)

So far the results aren’t amazing (get say Maltego or Paterva) as a person, but they are pretty decent, it definitely works a lot better on news sources (cnn.com,news24.com, and so on), heres a little demo of it for those that are interested, can’t guarantee it will be around for ever, but feel free to give it a go:

http://www.andrewmohawk.com/AlchemyTest/