Thursday, July 7, 2022

VBox OpenVAS Appliance


Recently I have been trying to get OpenVAS running, on any thing other than my laptop, tried Raspberry Pi, Docker, then a bare metal install of Ubuntu. No joy at all ever. So I gave up and finally got it running on a Kali install using Virtual Box in my laptop. Did work on the OpenVAS config to get you running faster, exported then and got the VBos image running on my server to confirm. After all the pain and time lost of installing and setup I figured I would export it as an appliance and share with the net. You can get it here


Some notes:

ssh is running on 22022 login is user:asd123 "Change that pw ASAP"
You have to ssh in as user to start OVAS "sudo gvm-start"
Also change root pw as it as asd123 as well
GVM web ui is on port 5050
admin:asd123 "change that pw ASAP"
VBox is set to forward the ports so whatever system you install it on is the IP you need to connect to with the ports set to 22022 for ssh and 5050 for OVAS
Might also be a good idea to ssh in and update the feeds.
tops IP list is top 1000 TCP and top 100 UDP
Full and fast Clone 1 is Full and fast w/o DoS and a few other checks
Profit??
Enjoy :)

Tuesday, February 7, 2012

Sweetness and HTTPS update

Both Sweetness and the HTTPS app have been updated today. Removed in page ads on both apps and a few bug fixes.

Saturday, March 12, 2011

My lame IR copy toy.

I got a sweet arduino for my bday and it kind of just sat around till i got a few things together to start work on my first project. Well i finally got off my ass, got all the shit i needed and got to work! I am about half way done and i thought i would share my progress so far. heres a little video of my toy in action and i go over the operation and components.



Here is a better view of how its put together:


And here is my uber 1337 code :P

#include < IRremote.h >

int IRRECV = 11;
int READYLED = 9;
int PLAYBUTTON = 5;
int IRLED = 3;
int RESETBUTTON = 7;
int PLAYLED = 2;
decode_results results;
IRrecv irrecv(IRRECV);
IRsend irsend;

void setup()
{
Serial.begin(9600);
irrecv.enableIRIn();
pinMode(READYLED, OUTPUT);
pinMode(PLAYBUTTON, INPUT);
pinMode(RESETBUTTON, INPUT);
pinMode(PLAYLED, OUTPUT);
}
int codeType = -1;
unsigned int rawCodes[RAWBUF];
int codeLen;
void rec(decode_results *results)
{
int count = results->rawlen;
codeLen = results->rawlen - 1;
for (int i = 1; i <= codeLen; i++) {
if (i % 2) {
rawCodes[i - 1] = results->rawbuf[i]*USECPERTICK - MARK_EXCESS;
Serial.print(" m");
}
else {
rawCodes[i - 1] = results->rawbuf[i]*USECPERTICK + MARK_EXCESS;
Serial.print(" s");
}
Serial.print(rawCodes[i - 1], DEC);
}
Serial.println("");
digitalWrite(READYLED, HIGH);
}

void play()
{
digitalWrite(PLAYLED, HIGH);
Serial.println(rawCodes[0]);
irsend.sendRaw(rawCodes, codeLen, 38);
delay(800);
digitalWrite(PLAYLED, LOW);
}

void reset()
{
int codeType = -1;
unsigned int rawCodes[RAWBUF];
int codeLen;
digitalWrite(READYLED, LOW);
setup();
}

void loop()
{
if (irrecv.decode(&results) && digitalRead(READYLED) == LOW) {
rec(&results);
irrecv.resume();
}
if (digitalRead(PLAYBUTTON) == LOW && digitalRead(READYLED) == HIGH)
{
play();
}
if (digitalRead(RESETBUTTON) == LOW)
{
reset();
}
}


Ok thats all i got, peace.

Sunday, January 30, 2011

BackupPC 3.2.0 XSS

I dont normally make posts about XSS exploits unless there is some special circumstances. I picked this one because BackupPC is a popular network backup tool that you might find in networks all over the place and because there is no built in security you normally only find it on "secure" trusted networks.

So anyway the issue is in Browse.pm. It gets a num variable passed to it via get request, then displays the unsanitary input back to the user. So heres PoCs of both the vectors i found.

PoC 1: http://target.server/cgi-bin/BackupPC_Admin?action=browse&host=realhostneeded&num=1[XSS] - comes back as a valid request and runs XSS

PoC 2: http://target.server/cgi-bin/BackupPC_Admin?action=browse&host=realhostneeded&num=[XSS] - comes back as ERROR and runs XSS

Like most XSS holes its a easy fix, just edit line 55 in /usr/local/BackupPC/lib/BackupPC/CGI/Browse.pm to read like so:
my $num = ${EscHTML($In{num})};

or download this Browse.pm file and replace it with the one in /usr/local/BackupPC/lib/BackupPC/CGI/ on the installed server.

Ok thats it, peace.

Sunday, January 9, 2011

Poor mans IR filters for phones

At the last dc414 meeting i gave out IR filters for camera phones that i made my self. Most cameras on phones are made really cheaply and do not filter out IR, thats why camp fires and such come out looking a little purple, or pink when us take a pic using a camera phone. This happens because the sensor interprets IR to the human visual spectrum as white. To make the filters i went to walgreens, got some 35mm film, opened it up and exposed the entire role to bright light, rolled it back up into its container and asked the kind ppl at the one hour photo counter to develop my role. I also informed them that i didnt want any prints, just the negatives. Then of course i had to explain to them what it was i wanted. You can see how this might seem to be a odd request so be expecting to take a little extra time if you choose to go this route, it will take some explaining.

So why IR filters? Well taking pics with these little guys makes stuff like envelopes transparent, as well as some plastics and CLOTHES!! Making this every nerds dream! lol.

Heres a pic of the IR filters "film":


Heres a pic a took of my stove top:

Saturday, January 1, 2011

Re-DROID with stock 2.2.1

Over the holidays i dropped my phone "A Motorola DROID" in some salt filled slush in the parking lot of walmart :( It still worked kind of, buttons seemed to go crazy however. Hitting just one button did multiable things. So i took it to my local verizon store, they informed me that i would be getting a new phone in the mail in the next week or so :( Luckily for me i only had to wait four days or so, but they sent me the wrong fucking phone. Again i go back to Verizon to bitch but this time they have my phone in stock...ok. Sweet i got my new old phone.

My new old phone is nice but i found that it came with Android 2.2.1 and not 2.1 like it did before. I gave the old update.zip root i had from my old phone a try but it didn't do shit. So i took to the net to find a new setup. After a few failed attampts i found this thread about a app called SuperOneClick. I had to use cmoney's XP desktop and install .NET 3.5 form M$. That was all i need to get the SuperOneClick software to run on the desktop. To get the pc to phone data connection going at the level that the app needed i had install the Motorola Phone USB drivers. Now all i had to do was make sure USB debugging was enabled on my phone. Plug in the USB cable from the PC to my phone, hit the root button and wait for it to do its thing! Thanx to everyone involved in the SuperOneClick software, you did a awesome job!! I am now enjoying my new old rooted DROID :D There is still more work to be done on this but that will be later.

Friday, December 24, 2010