Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Demo new tool + video.
Posted by: Skyphire
Date: April 01, 2011 09:58PM

Hi.

Just launched a preview of my new tool: Photon Suite, it's an extension for Firefox with some useful tools such as a port-scanner, reconnaissance tools, a DNS tool, directory miner, application tester, source code analyzer, cryptographic tools, converters and a full blown console.

I've demoed it on some idiot who tried to attack a client of mine last night, and now I pretty much own all his boxes. To see the video check it here:

http://www.youtube.com/watch?v=BCeAigdixTM

I will not release it at the Mozilla add-on website, because I don't think they will accept such extension, it's pretty wicked stuff. It's release will be next month, since I need to work on it a bit more. I'll post it here when I'm ready. Hope you'll enjoy it.

Cheers,

Sasha.

Options: ReplyQuote
Re: Demo new tool + video.
Posted by: lightos
Date: April 03, 2011 12:31AM

Looking forward to it!

Options: ReplyQuote
Re: Demo new tool + video.
Posted by: Skyphire
Date: April 03, 2011 03:50PM

Just added a new tab, a real time network tracer, it doesn't intercept yet. But later on it will be possible to tamper with requests too from the command line :)

Couple of screenshots:








Options: ReplyQuote
Re: Demo new tool + video.
Posted by: Gareth Heyes
Date: April 03, 2011 05:00PM

Looks nice!

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Demo new tool + video.
Posted by: Skyphire
Date: April 03, 2011 05:18PM

Thanks Gaz. You know we talked about this a long time ago :) have been running it ever since, but with less tabs actually. Was about time to finish this thing. XD

Options: ReplyQuote
Re: Demo new tool + video.
Posted by: thornmaker
Date: April 04, 2011 01:27AM

your demo video was nice. interception would be cool too. keep us posted :)

Options: ReplyQuote
Re: Demo new tool + video.
Posted by: SW
Date: April 04, 2011 02:56AM

Nice

Options: ReplyQuote
Re: Demo new tool + video.
Posted by: lightos
Date: April 04, 2011 05:22AM

I know this is probably too much, but it would be pretty awesome if it could connect with hackvertor and use all of its different functions.

Options: ReplyQuote
Re: Demo new tool + video.
Posted by: Skyphire
Date: April 04, 2011 07:01AM

If it's HV is one large .js file, I could simply include it and make a new tab with a bunch of interactive buttons. Not sure if Gareth would like that though :D

Options: ReplyQuote
Re: Demo new tool + video.
Posted by: Gareth Heyes
Date: April 04, 2011 07:29AM

@Skyphire

That's not a problem, I would be happy to include it this extension appears to rock :)

I have a export option in HV but I could provide you with a full export which extracts the tag conversion too, the only problem you might have is when tags use an external Yahoo pipe or ideone API such as the assembler compile.

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Demo new tool + video.
Posted by: Skyphire
Date: April 04, 2011 07:48AM

Yeah the general un-sandboxed xmlhttprequest might be an issue. I do it like so:

	xhr: function(method, uri, progress) {
		try {
			var xml = Components.classes["@mozilla.org/xmlextras/xmlhttprequest;1"].createInstance(Components.interfaces.nsIXMLHttpRequest);
			if (progress) {
				xml.onprogress = gui.onprog(progress);
			}
			xml.open(method, uri, false);
			xml.overrideMimeType("text/plain");
			xml.channel.loadFlags |= Components.interfaces.nsIRequest.LOAD_BYPASS_CACHE;
			xml.send(null);
			return xml;
			} catch(e) {
			return false;
		}
	}

It's a bit different. Then you have to build new functions for it to work. Or we simply could bind our own xml object to:

var req = window.Hackvertor.createXHR();

And leave the original object out?

But we also have eval instances which are quite security prone in extensions, not sure how to tackle those then.

We could do this:
Components.utils.evalInSandbox

Or simply:

eval("(function() { return " + js + " })");

Any suggestions?

Options: ReplyQuote
Re: Demo new tool + video.
Posted by: Gareth Heyes
Date: April 04, 2011 08:27AM

All the code in HV is original javascript before it's sandboxed so you could include it in your extension without having to sandbox the code provided you look for backdoors in any of the files.

The Yahoo pipes and Ideone stuff uses a very simple php api to send the request, you could use change the functionality to be js based since you will have x-domain access in your extension. For yahoo pipes you just need to provide a "getPipe" server side call that returns the JSON of the pipe output, I make a request to http://pipes.yahoo.com/pipes/pipe.run? and the query string comes from the tag code.

The ideone API uses SOAP in PHP to create a submission that executes the code, the only problem you'll have here is exposing the creds used to create a entry as you're making the call with extension code, to be honest it might not even be worth using it as most of the useful stuff doesn't work like extensions in perl or php are not enabled. It's nice to execute code in different languages but it isn't really ideal and they have limits on the "free" API.

Whatever you wanna do I'll help just let me know what you need, I can provide the tags with or without the external calls.

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: Demo new tool + video.
Posted by: Skyphire
Date: April 04, 2011 08:43AM

For simple requests I use a xmlhttprequest, but for portscanning for example I use sockets. I can use both. So that's really neat. :) Yeah, we might consider only some parts from HV, instead of an exact copy. I try to limit remote requests to a bare minimum.

If I'm correct, you only use remote calls on the "web" tab right? I could port the encode, decode & xss tabs, those provide most HV functionalities correct? We could make another tab in the extension and provide those functions readily, and maybe through the console as well.

Options: ReplyQuote
Re: Demo new tool + video.
Posted by: Gareth Heyes
Date: April 04, 2011 09:44AM

Yeah so "Web" uses Yahoo pipes and "Execute" uses ideone, there are some tags which use HTML/JS sandboxing such as execjs in "Encode" which you might want to restrict or exclude

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote


Sorry, only registered users may post in this forum.