Click here to search the VMWare user database!

So last week some time Chris Hadnagy linked me to the following URL: http://info.vmware.com/content/opt-out which was pretty interesting last week. Basically it allowed someone to full in their email address to manage their VMWare subscriptions, i noticed a couple of things from the next pages:

• The fields auto populated with details like Name, Phone Number etc (i know, without auth and only an email address – worriedface)
• Another tab became available that allowed you to update your details – again, no auth, scary

So i whipped out the good old firebug and started looking through the ajax calls till i came across this little gem:

http://now.eloqua.com/visitor/v200/svrGP.aspx?pps=50&amp;siteid=524&amp;DLKey=<strong>&lt;sessionkey&gt;</strong>&amp;DLLookup=%3CC_EmailAddress%3E<strong>&lt;email_address&gt;</strong>%3C/C_EmailAddress%3E&amp;ms=59

and the resulting page looked something like:

function GetElqContentPersonalizationValue(strDataField)
{
var strTemp = '';
//alert('Data Field: ' + strDataField);
if(strDataField == 'C_EmailAddress' || strDataField == 'EmailAddress')
{strTemp = 'andrewmohawk\x40gmail.com';}
if(strDataField == 'C_FirstName' || strDataField == 'FirstName')
{strTemp = 'Andrew';}
if(strDataField == 'C_LastName' || strDataField == 'LastName')
{strTemp = 'MacPherson';}

Yeah, great info straight in that.. EEEK! So being the script kiddie (seriously, scripting languages FTW) i wrote a tiny PHP application to pull this info and display.

However the issue was that if you could update someones account, then you could simply change their email address, do a password reset and gain access to a commercial account giving people access to software that someone else paid loads for — this isnt cool so i didnt put the link out. However this week VMWare have removed the update page and the auto-populating fields — yet my scraper still works so i figured i’d put it out.

I’ve specifically left out the sessionkey to make it at least not a trivial cut and paste to get info yourself since it may still be possible to update from that code.

Just another leak i guess. But if anyone has any other links/ideas/stuff for me to play with, contact form’s on the left :)

Cheers,
Andrew

Click here to search the VMWare user database!

Yeah im really lazy, so im not gonna write a lot about it, basically, if you wanna use it on my site hit it up at http://www.andrewmohawk.com/pasteScrape/ otherwise feel free to download it and run it yourself from this archive

Basically, go to http://www.andrewmohawk.com/pasteScrape/ and try some of these:

1. “gmail/facebook Password” – free facebook/gmail/whatever accounts
2. “rbot” – find rbot config files, including the passwords and the irc network that it connects to, ie, if you have an irc client you get a free botnet
3. “enable password” – Cisco goodness
4. “BEGIN PGP” – pgp keys anyone?
5. “DB_PASSWORD” – loads of database passwords
6. “Shellcode” or “Exploit”

You get the idea :)

Enjoy my readme  after the break :D
INDEX
————-
1 // What is PasteBinScraper?
2 // How does it work?
3 // How do i use it?
4 // How do i install?
5 // Extending
6 // TODO
7 // Thanks
Read more »

So its been ages since i last blogged, and i am determined to try do this more regularly since it will probably get me onto doing more stuff!

This is pretty much the first thing i built with the Arduino – the idea was to make a budget IPCam with a web interface that i could connect to from anywhere and have the ability to pan and tilt my camera. Since i was in the budget price range i did also look at what was available off the shelf — and it sucks, bad quality, slow response time, no lose wires to show, all things i’m not really interested in.

I’ve split this into 3 sections just to make sure that this doesnt become a massively long blogpost:

• The Physical Section – the base, stand and circuit
• The Arduino Section – the code to make it do what i want
• The PHP Interface – the web interface to use with the IPCam – soon!

This is that cool part where you watch the video, unfortunately i haven’t got round to making one yet.. but when i do, its going here! For now, its in pictures (the webinterface and the actual device):

So i’ve commented most of the lines and you should be able to easily follow what has happened in the code. Leave a comment if there are any questions :)

Code after the break!
Read more »

So i see its been forever since i have posted anything, figured its about time, and i wanted to show some of the stuff ive done with my Arduino. The first thing i tried to do with it was create my own budget IPCam with a webcam and some arduino parts.

Basic stuff that make up the IPCam:

• 2x Servo Motors
• 1x LCD (16×2)
• 1x LED
• 1x Potentiometer (used for LCD)
• Bits of random Meccano
• 2x Small lifting weights ( hey, we all knew i wouldnt use them to get in shape anyway )
• Tape/Glue/Random stuff

So first off, this is a hack, i havent done pretty much anything properly, i just pieced it together, tied in bits of code and got it working :)

This is what the circuit looks like:

Read more »

ANDREW I DONT CARE ABOUT YOUR STORIES! JUST GIVE ME THE LINK! >> http://andrewmohawk.com/facefall/

So its been a long weekend, but i had a lot of time to myself this weekend, and decided to play a bit with some of the side projects i’ve been interested in.

With regards to the previous posts, the code has been updated and fixed, ill update the post a little later — but hopefully we (@Paterva) will be releasing the transforms to the public this week so everyone can play!

One of the first ones i wanted to tackle was faceFall — essentially twitterfall for the facebook graphAPI, so you can quickly search for a topic and watch the status messages / links fall down as they arrive :)

So check it out: http://andrewmohawk.com/facefall/ ( yes i realise the UI looks like ass, but i cant get a nice design to work.. if you have one or want to build one, PLEASE let me know!)

Some stuff id need to fix:

• Removing doesn’t work well ( probably my lame ass jscript )
• Doesnt do any correlation (like same person featured on x Topics)
• Needs more info — only does status/links atm

If anyone wants this and wants to help, feel free to comment msg me!

I also cleaned the whiteboard:

Technical Info after the break!
Read more »

So a while back facebook released their graph API a way for websites and other to integrate with facebook, things like:

• Searching
• Profile enumeration ( status / feed / info )
• Friend enumeration

You can read the entirety of the functions at the Graph API documentation section on facebook.

So the first thing you notice is that certain functions are immediately limited ( call it the juicy section if you want ) such as viewing friends or getting full profile information, for these you need to auth , which immediately limits them from use in the public space ( unless of course we ask for username and password everytime – perhaps in the future ).

So we are left with search, and after a bit of messing with it, it turns out its a *super* method for searching public data on facebook, eg: if you want to search for something like ‘Maltego’ you can simply go to: https://graph.facebook.com/search?q=%22Maltego%22

Then you get a basic JSON reply and from there its game over, what IS interesting however is that if you look at the JSON you notice that it shows the user information as well:

"data": [
      {
         "id": "<ID>",
         "from": {
            "name": "<name>",
            "id": "<ID>"
         },
         "message": "I learned about this program in a security class
I took yesterday...It's amazing what you can find out there on the
internet. I suggest you keep your personal info as safe as
possible :)",
         "picture": "http://external.ak.fbcdn.net/safe_image.php?
d=35edd425da4428331e33664fc02a9544&w=90&h=90&url=
http%3A%2F%2Fwww.paterva.com%2Fweb5%2Fimg%2Fchicken.png",
         "link": "http://www.paterva.com/web5/",
         "name": "Maltego 3",
         "caption": "www.paterva.com",
         "icon": "http://static.ak.fbcdn.net/rsrc.php/zD/r/
aS8ecmYRys0.gif",
         "type": "link",
         "created_time": "2010-10-08T15:37:50+0000",
         "updated_time": "2010-10-08T16:21:50+0000"
      }

So now not only can you view what was said about term <x> on facebook, but you can ALSO see who said it, so why is this interesting for use with Maltego? Well imagine you had a few phrases you were searching for, resulting in say 255 ‘facebookObjects’ ( like the one above ) for each phrase. Well then using a spreadsheet or some other non graphical form would take forever, however with Maltego you would very quickly be able to identify people who are talking about all of your phrases.

Read more »

So i figured i’d drop a quick update on what i’ve been messing around with, firstly ZACon II was awesome! I’m really dissapointed i didn’t submit a better talk and get a chance again, however i did win the badge competition and get to make my own cool badge:

Rock Paper Scissors Lizard Spock!

Some of the talks i really liked:

• Who can forget Roelof Temminghs talk, especially when one of the sections is “5 things Andrew didn’t implement in his free time” :P
• Ollie Whitehouse on UNCON and how their group runs ( and drinks :P )
• RC1140/Jameel‘s talk on Powershell
• Todor/UKJ‘s talk on DNSSEC ( but really guys 800 requests at once, that needs to be fixed/mitigated first!)
• Ross Simpsons iPhone Hackery ( can’t wait for 4.1 JB to be out )
• Ian de Villiers JAR reversing talk
• Haroon Meer‘s FIG talk :)

Secondly i KNOW i probably should have put up code and stuff for the arduino project i built, basically its a webapp that shows the webcam and allows you to move the cam around. The Arduino is connected to two servo’s to do vertical / horizontal movement, and it can be controlled via the webapp:

CAM CAM CAM

Oh yeah, it also lets you send text to an LCD and blink an LED ( but these aren’t nearly as cool ).

So after doing this i wanted to look at motion tracking and see if i could get the camera to automagically follow someone around a room with facial/object recognition, and in the little time i have had to play today it seems easily doable with the likes of OpenCV , so far today ( besides battling c++ – its been over 5 years since I’ve touched the stuff, so there were some issues :P ) I’ve managed to get it to do some pretty cool facial recognition with the Haar classification and the provided definition – haarcascade_frontalface_alt2.xml. I’ve also given it a bit of a window to try move into and it seems to work pretty well. The only issue i saw was that at the default resolution of the camera ( 640×480) it absolutely ATE my 3ghz dual core, so i had to halve the image size and now it works real-time-ish, check out the pic:

Webcam Facial Detection

I’ve also been playing around with Facebook’s graphAPI and i am hoping to provide some cool new search functionality both to Maltego and as an RSS feed that people can use to monitor what has been said about a specific topic in the public on the social networking giant.

I’ll try start putting out a little more.

Cheers,
Andrew

p.s. yeah, the mohawks been gone for a month now, now if only i had a new alias that wasn’t taken on the net :)

MusicBee

IF YOU DONT CARE ABOUT WHAT HAPPENED AND JUST WANT THE PLUGIN CLICK HERE
So i have recently switched over to the wonderful musicBee ( www.getmusicbee.com ), phenomenal application, nearly amarok for windows :) Some of the features i like:

• Quick search (type in the search bar, library adjusts by searching all available fields intelligently)
• Notifications across MSN and Last.fm and the like
• Fantastic tagging per track and per album
• Downloading of art and lyrics
• Looks good :P

One of the features i have always used in my previous media players has been the now-playing-plugin for mIRC which i use on this machine.

Unfortunately i could not find any for musicBee, so yesterday i took a few hours to figure out how to make one.Let me preface this section by saying the last time i coded C++ was around 5 years ago at university, so i could be horribly wrong for some of this, but i’m just saying what i saw – also if the code is horrid, well, atleast it works :)

Read more »

So a while ago I asked if I was allowed to play with http://www.bravadogaming.com/ and I got a positive response, I kinda looked around at their custom CMS,  didnt see anything immediately available, playing with cookies, changing values here and there, got some SQL errors on http://www.bravadogaming.com/articles/%27%20OR%201=1%20#/ but nothing really spectacular:

I looked around some more, nothing really special, played with register and login, seemed okay.. decided to make an account and see what options I had. Please note I did not even REMOTELY test everything, i was really just messing around. First thing I saw was that people where big on blogs, blogs are linked by categories and blogs in the same categories show similar blogs, heres my first blog:

I started looking into messing with stuff, coming from a bit of a webdev background, immediately hit up some jscript, ie <script>alert(‘AndrewMohawk is AWESOME’);</script>.

Sure enough out the bag, xss is firing.

Even better.. XSS is persistent, not only on my entry, but on the titles being pulled from other articles in the same category (uncategorized)…

So now we have that, now what?

Read more »