After a long time I went back to the IPython Shell.
I received some comments telling that it had some issues with IDA Pro 5.5 so I started to play with it.
The issue is not related to the IDA Pro version but with IDAPython version installed.
Starting from IDAPython 1.2 there's a "script timeout" value. This is why there's a little msg box telling you to wait because a script is running.
Since the IPython shell script doesn't end, as soon as you type something in the console, IDA blocks, and you can't move the window or anything.
This timeout value can be increased to avoid blocking IDA, but if you keep the shell opened for a long time, the timeout value may be reached.
Since IDAPython 1.4, you can disable this timeout value and work with the shell without problems. [1]
I've used this script to download all the episodes from the amazing "Social Engineer Podcast" and thought of sharing it with you guys.
#!/usr/bin/env python # Mp3 feed downloader snippet # Modifications by facuman, original script by unutbu from urllib2 import urlopen import re import os import sys # Uncomment the following line and comment the one below if you wish to type the source url #url=sys.argv[1] url="http://socialengineer.podbean.com/feed/" print "Downloading from %s\n\n" % url content=urlopen(url).read() contents=content.split() pat=re.compile('(http://.+?\.mp3)') groups=(pat.search(line) for line in content.split()) tuples=(g.groups() for g in groups if g) for mp3, in tuples:
Hi guys, we've been working on a pet project that we want to share. This is the first release (hopefully the first of many if you find it useful) of a gentoo powered system image for android based phones (and maybe other arm compatible devices) with a selection of tools that a pentester might find useful to have in his/her pocket.
Some of the tools that it includes are:
Because it's based on gentoo is pretty easy to customize and add or remove packages from it (soon we will post a tutorial on that).
Ribadeo is pleased to announce that one of our members, Hernán Segismundo Abbamonte (sector7g) will give a talk about LDAP Injection at the 'OWASP Security conference - Argentina 2010'. Said conference will take place Wednesday 30th of June at 12:30 hs.
If you wish to know more about the conference, you can download the brochure from the following link:
http://eventos.fi.uba.ar/seg-informatica/Jornadas2.pdf (in spanish)
And you can find the presentation's slides here:
http://docs.google.com/present/view?id=d4wh29d_0cqvxp5cv (also in spanish :P)
Notes:
- If you want to find out more about the presenter go to this page: http://www.ribadeohacklab.com.ar/drupal/about
- To find more about OWASP check out their main site: http://www.owasp.org
Today Hack In The Box announced a new issue of their ezine.
The ezine is available at: http://www.hackinthebox.org/misc/HITB-Ezine-Issue-002.pdf
You will find our article about Integrity Policies there!
Also, during these days Hack In The Box Conference took place, and all contents are available online.
Get HITB 2010 Dubai conference material at: http://conference.hitb.org/hitbsecconf2010dxb/materials/
A great job by HITB crew.
Some days ago, Leonardo Pigñer, Founder of BASE4 Security and one of the EkoParty conference organizers, published an article at his blog, with a list of people that "twitt" things related to security.
Ribadeo Hack Lab was mentioned there!
Full post at: http://kungfoosion.blogspot.com/2010/01/twitteros-de-seguridad-en-argent...
Thanks Leonardo for including us on that list.
During January and February the team will be on holidays and also with some final exams at university.
You will notice the site won't be updated too often but we'll come back soon with some more material.
Cheers!
As we mentioned before on an old post, Ribadeo Hack Lab was invited to contribute with and article/paper for the new Hack In The Box magazine.
The article was about "LDAP Injection, attack and defense techniques".
You can get the ezine at: https://www.hackinthebox.org/misc/HITB-Ezine-Issue-001.pdf
You can get the original article (without ezine format) here
In order to write it, we used a lot of material, but not all of it was mentioned in the article.
Here you can find the whole reference used, with which you can gain full knowledge about LDAP in all aspects.
The site has moved to a new web hosting.
The previous one had many problems causing the site to be offline for short periods.
If you find any strange behavior with the site, please let us know.
If you need to do some SQL Server 2005 or 2008 audit activities on DDL and DML operations this tool may help you.
Download: Effective Permissions Tool
In order to use the tool you need sysadmin privileges and xp_cmdshell enabled on the database server.
Before running it, create the following stored procedures on master db:
If you are interested on some more details you can see our slides (only spanish, sorry...)
