Blog Archives
#MacOsX : Web Hacking with Burp Suite
This is a legendary tool developed by the author of The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws (2nd edition).
Unfortunately there is no native Mac Os X version but Corsaire packed one. Since they updated the site, the link to download it provided in the aforementioned book is broken, so I will provide a new working one of the recently released version 1.5 1.6 of Burp Suite Free.
All rights reserved to Corsair and Portswigger.
The version at this link
DOWNLOAD HERE
is now outdated (it also requires JDK 6, which is no longer supported).
A free binary version for Mac OS has been made available:
Burp Suite Free Edition
See also here for a [much less powerful] alternative.
#MacOsX : Turn Off File Locking
Mac OS X Lion has introduced automatic file locking for files that hasn’t been edited recently.
To Disable File Locking:
- open System Preferences > Time Machine
- click on Options
- uncheck the box next to “Lock documents [2 weeks] after last edit” or modify the value as preferred
- done 🙂
#CryptDB : HOWTO Compile on Ubuntu Linux [UPDATE 2]
First, what is CryptDB.
A SHORT PRESENTATION, very useful to understand how it works.
Second, reference system: Ubuntu Linux LTS 12.04.x 32bit 64bit (see this comment).
Third, [NEW] installation:
sudo apt-get udatesudo apt-get install git rubygit clone -b public git://g.csail.mit.edu/cryptdbcd cryptdbsudo ./scripts/install.rb .Done. It’s that simple now 😎
If it fails to compile, see THIS comment.
If you still do not succeed see THIS comment.
With recent version of Ubuntu (14.04 and 16.04) you might need to downgrade Bison, see THIS comment.
[OLD] installation:
- install needed packages:
sudo apt-get install automake bison bzr cmake flex g++ git gtk-doc-tools libaio-dev libbsd-dev libevent-dev libglib2.0-dev libgmp-dev liblua5.1-0-dev libmysqlclient-dev libncurses5-dev libntl-dev libssl-dev - create a directory, then download software to compile:
mkdir $HOME/cryptdb-inst
cd $HOME/cryptdb-inst
git clone -b public git://g.csail.mit.edu/cryptdb
wget http://es.csail.mit.edu/mysql-5.5.14.tar.gz
bzr branch lp:mysql-proxy - compile mysql-proxy:
cd mysql-proxy
sh ./autogen.sh
./configure --enable-maintainer-mode --with-lua=lua5.1
make
sudo make install - build CryptDB on MySQL:
cd $HOME/cryptdb-inst
tar xzf mysql-5.5.14.tar.gz
cp -R cryptdb/parser/mysql_mods/* mysql-5.5.14/
rm mysql-5.5.14/sql/sql_yacc.{cc,h}
cd mysql-5.5.14
mkdir build
cd build
cmake -DWITH_EMBEDDED_SERVER=ON ..
make
sudo make install
cd /usr/local/mysql
sudo chown -R mysql .
sudo cp support-files/my-medium.cnf /etc/my.cnf
sudo scripts/mysql_install_db --user=mysql --basedir=/usr/local/mysql/
sudo /usr/local/mysql/bin/mysqld_safe --lc-messages-dir="/usr/local/mysql/share/english/"
/usr/local/mysql/bin/mysqladmin -u root password 'letmein'
- Build CryptDB:
cd $HOME/cryptdb-inst/cryptdb
cp conf/config.mk.sample conf/config.mk
sed -i'' -e"1s%/home/nickolai/build%$HOME/cryptdb-inst%" conf/config.mk
make
sudo make install
- now, it’s time to read
cryptdb/doc/README, enjoy! 😉
NOTE1: you should create a user mysql to run DBMS for security reasons:
sudo groupadd mysql
sudo useradd -r -g mysql mysql
NOTE2: be very careful on each step and you wont fail.
#VMware Fusion : Fix Ubuntu Linux “Host SMBus controller not enabled!” [UPDATED]
Ubuntu guest instances in VMware sometimes come up with the boot error message:
piix4_smbus 0000:00:007.3: Host SMBus controller not enabled!This error is being caused because VMware doesn’t actually provide that level interface for CPU access, but Ubuntu try to load the kernel module anyway.
How to fix it:
-
sudo nano /etc/modprobe.d/blacklist.conf - add the line:
blacklist i2c-piix4 - reboot
NOTE: for older versions use blacklist i2c_piix4 instead.
NOTE: it works both in VMWare Fusion 5 and 6, and Ubuntu LTS 12.04 and 14.04
#WP7 : LG Optimus 7 Unlock + Interop Unlock + Root Tools
If you want install XAP files without a developer account you can do it by modifying some registry keys:
- First go to MFG and follow the path 7.Engineer Menu > 6.Other Settings > Edit Registry
- Set the following fields:
- Select ROOT_PATH: HKEY_LOCAL_MACHINE
- Input SUB_PATH: Comm\Security\LVMod
- Input KEY and Select data type: DeveloperUnlockState DWORD
- Input data: 1
- Click Set button
To avoid Zune undo to default settings:
- Go to MFG and follow the path 7.Engineer Menu > 6.Other Settings > Edit Registry
- Set the following fields:
- Select ROOT_PATH: HKEY_LOCAL_MACHINE
- Input SUB_PATH: Software\Microsoft\DeviceReg
- Input KEY and Select data type: PortalUrlProd DWORD
- Input data: leave this field empty
- Click Set button
- Go to MFG and follow the path 7.Engineer Menu > 6.Other Settings > Edit Registry
- Set the following fields:
- Select ROOT_PATH: HKEY_LOCAL_MACHINE
- Input SUB_PATH: Software\Microsoft\DeviceReg
- Input KEY and Select data type: PortalUrlInt DWORD
- Input data: leave this field empty
- Click Set button
From now on your device is unlocked in developer mode, but you cannot install homebrew apps that modify registry keys. You need Interop Unlock:
- Go to MFG and follow the path 7.Engineer Menu > 6.Other Settings > Edit Registry
- Set the following fields:
- Select ROOT_PATH: HKEY_LOCAL_MACHINE
- Input SUB_PATH: Software\Microsoft\DeviceReg\Install
- Input KEY and Select data type: MaxUnsignedApp DWORD
- Input data: 300
- Click Set button
NOTE1: if you want install very nasty apps then you need WP7 Root Tools.
NOTE2: Unlock & Interop Unlock works on WP7 Tango too.
NOTE3: to lock device again set DeveloperUnlockState to 0 (zero).
#MacOSX : IP Scanner Pro, Network Scanning for Dummies
You are accustomed to incomprehensible command line tools???
Finally I have the right solution: IP Scanner Pro
It’s all about friendlyness!!! You can ping, wake up, insert into whitelist, etc all the devices found with just one click.
I will show you just an image, you don’t need anything else! 😉
NOTE: I have hidden MAC address.
#MacOSX : Taking Screenshots
You will be surprised but even without stamp key on the keyboard you can take screenshots whitout 3rd party apps! 😀
There are several keyboard combinations that can be used to take screenshots in Mac OS X. The SystemUIServer process handles these commands.
- Command-Shift-3: take a screenshot of the screen, and save it as a file on the desktop.
- Command-Shift-4, then select an area: take a screenshot of an area and save it as a file on the desktop.
- Command-Shift-4, then space, then click a window: take a screenshot of a window and save it as a file on the desktop.
- Command-Control-Shift-3: take a screenshot of the screen, and save it to the clipboard.
- Command-Control-Shift-4, then select an area: take a screenshot of an area and save it to the clipboard.
- Command-Control-Shift-4, then space, then click a window: take a screenshot of a window and save it to the clipboar.
From Mac OS X Leopard and later, the following keys can be held down while selecting an area (via Command-Shift-4 or Command-Control-Shift-4):
- Space: to lock the size of the selected region and instead move it when the mouse moves.
- Shift: to resize only one edge of the selected region.
- Option: to resize the selected region with its center as the anchor point.
NOTE: different versions of Mac OS X have different formats for screenshots.
NOTE2: in Mac OS X 10.4 and later, the default screenshot format can be changed, by opening Terminal app and typing :
defaults write com.apple.screencapture type image_format
killall SystemUIServer
Where image_format is one of jpg, tiff, pdf, png, bmp or pict (among others). If you omit the second line, you will need to log out and in again for the change to take effect.
#MacOSX : Xlog, Logs As The Desktop Background [OUTDATED]
Ok, this is for sys admin and paranoid people.
If you want see system logging in real time on your desktop there exist an amazing app: Xlog
Here you can see a beautifull screen on how it looks like:
Sadly, Xlog is no longer available in the App Store and stopped working since Mac OS El Capitan.
NOTE: you can set Xlog preferences to start it automatically on login. 😉
NOTE2: you can choose text & background color and transparency.
#MacOSX : Quick Look
Quick Look is a powerfull feature of Mac OS X which is activated when hitting space after file(s) selection; let’s see why:
- Multiformat Support: can open an amusing number of file format including, but not limited to:
PDFs, HTML, QuickTime readable media, plain text and RTF text documents, Apple Keynote, Pages and Numbers, ODF documents, Microsoft Word, Excel, and PowerPoint files (including OOXML), RAW camera images. - Plugins: support for additional formats can be achieved via use of 3rd party plug-ins.
- Index Sheet: if you select multiple files before activating Quick Look, you’ll just be shown a preview of the first file. Clicking Index Sheet is just like using exposé, only with the previews rather than windows.
- Slideshow Mode: when using Quick Look on multiple images, there is a play button at the bottom to start a slideshow.
- Zooming: if you activate Quick Look on an image, hold down the Option key and you will notice that the cursor changes to a magnifying glass. Now, using the scroll wheel you can zoom in and out.
- Keyboard Navigation: while you are previewing a file with Quick Look, you can still use the keyboard to navigate to other files. In column view this is easily done with the arrow keys. In the other views, use Cmd-DOWN and Cmd-UP to go into and out of folders.
- Trashed Files: can preview trashed files without moving them out.
NOTE1: Quick Look has been introduced in Mac OS X Leopard and it is still present in Mac OS X Lion.
NOTE2: Quick Look is just enough to prefer Mac OS X over Windows! 😛
whitehatty 