If you like this, you can use flattr. ;)
- Quickpost: Inspiring Windows software profilers and checkers
- 0x41 - back to bugs
- low footprint/hardware assisted virtualization with Linux and GrSec
- Postfix troubleshooting - a security nightmare
- New content soon
- 0x41 - (weekly) exploitation matters - Vista Heap, scripting debuggers with debug libs and how to learn to use that knowledge
- 0x41 - weekly exploitation matters - Shellcode and frameworks
- Explicit and implicit security in software development - measures and change
- 0x41 - weekly exploitation matters - Heap overflow fundamentals
- 0x41 - weekly exploitation matters - About
- wishinet: http://www.godblock.com/#what "block sexual, and psychologically harmful material" like "holy texts". Protect "from being indoctrinated"
- wishinet: Load average: 23.69 20.11 14.95 - jepp, this is obviously bad.
- wishinet: http://img2.moonbuggy.org/imgstore/ethernet-killer.jpg
- wishinet: According to my 400d stats the most viewed page at my blog is phpids's xss warning. You can do better! :)
- wishinet: I'm super-hungry after some meditation... guess this isn't normal. :-) 0xf000000d
UnprotectedHex - about formal software verification
Sean's blog
Xecurity - a security feed collecter
Reddit RCE group
Freedom To Tinker
Emergent Chaos
Woodmann RCE forums
OpenRCE community forums
SecViz - security data visualization
DAVIX Live - for security metrics
Hex Live
Security Metrics
Immunity's Free Software
Core Security's OpenSouce research
Zynamics Blog
SCAPY - makes TCP/IP 3d
Fri, 07/25/2008 - 18:14 | wishi
txtToday I needed Ubuntu (in VM) because I needed the "visual module" in scapy.py. Scapy is well known, and a brilliant tool. It can visualise the logical structures of the WAN easier than every other solution I know. And you know... it can do much more :). Even this so called "Hacker magazine" hakin9 featured Scapy once. But the magazine is crap, and therefore the Howto was silly. 
What you need:
1. python knowledge - if you don't know python jet, read A Byte Of Python i. e.. That's for free and very good. I personally liked "Programming Python, 3rd Edition by Mark Lutz. But that's an advanced one, aiming for sophisticated programmers. Don't start with that, but if you like Python, keep it in mind.
2. a VM solution or Ubuntu directly installed
3. ten minutes of time (that's what I like apt-get for) - to install, hours of time to get used to it
4. x11, good CPU, networking experience, good Unix/Windows skills
Install vpython via apt-get (search in Synaptic) and of course Scapy. apt-get automatically tracks all dependencies and registers the python modules.
Afterwards go reading through this introduction in Scapy.
You see:
res,unans = traceroute(["www.microsoft.com","www.cisco.com",
"www.yahoo.com","www.wanadoo.fr","www.pacsec.com"],
dport=[80,443],maxttl=20,retry=-2)
res.trace3D()
And you've got the graphics in 3d.
Inguma features Scapy btw. You might like it. And don't think of Backtrack Linux in this case. That's work. Even if you're like me and installed bt3 in a VM solution - for convenience reasons - you won't get slapt-get to install vpython and doing it manually isn't cool in an OS-distribution like bt3. Because it is not meant to be a fully customisable Linux distribution.
If you know a way to install libdnet for python2.5 in MacOS 10.5 (py-libdnet in MacPorts is for python2.4) tell me. Sourcing it worked, but:
Traceback (most recent call last):
File "./test.py", line 6, in
import dnet
ImportError: dlopen(/Library/Python/2.5/site-packages/dnet.so, 2):
Symbol not found: _addr_bcast
Referenced from: /Library/Python/2.5/site-packages/dnet.so
Expected in: dynamic lookup
You can get binaries for vpython (for x11) for osX:
wget http://vpython.org/download/VPython3.2.11_IntelOSX_5.pkg
Just browse the pkg content, if you don't use fink, and copy them into an exported path.
Have fun,
wishi
Post new comment