a4apphack

Archive for April, 2010

13 Portable Visual Disk Space Analyzers Compared

Posted by rajivvishwa On April - 22 - 2010

There are various harddisk space analyzers which gives us a graphical representation of the files/folders which eats up our harddisk. These tools even provide options to visually navigate through the folders to view the space occupied by its subfolders. Here, we talk about few popular disk analyzers which are portable and worth giving a shot.

Comparison of all those are presented in a table at the end of this post.

Security Perspective: If you are an info sec guy, esp. in forensics, you can utilize the features of the these tools to identify the presence of hidden large files/archives which might possibly contain some sensitive data in it. Most of the time secret truecrypt files are hidden inside some OS folders to make it look genuine.

Note: Most of the apps mentioned here can be downloaded in a portable format. The others can be made portable using the method mentioned here

Comparison Table – here.

Read the rest of this entry »

Featured, Portable, System Tools

Running BackTrack Security Distro In VMWare

Posted by rajivvishwa On April - 12 - 2010

Backtrack is the most popularly used security distro used while during pentests. While we can partition our harddisk, install this OS and dual boot with our default OS; things can be made simpler by running BackTrack VM within our default OS. Using a security distro in a VM gives us few advantages like, portability & ability to quickly restore/duplicate the instances as required.

Running Backtrack

BackTrack4 VM can be downloaded from the backtrack site (link at the end of the post) and to run the VM, we need the free VMWare Player.

Install the VMWare Player and open the BT VM with it. We are good to go with the default configuration unless we have more RAM to spare (Its recommended to provide 512MB of RAM if you have around 2GB).

Adjust Backtrack VM RAM

Adjust Backtrack VM RAM

Default Credentials

Backtrack VM comes with the default login credentials (which can be changed later, ofcourse)

bt login:  root
Password:  toor
. . .
root@bt:~#  startx

Read the rest of this entry »

Featured, Security, Tips

Add Syntax Highlighting to SharePoint Sites

Posted by rajivvishwa On April - 9 - 2010

This post details about the steps to add Syntax Highlighting Feature to any SharePoint site where you have access to upload files to server. This can help people who embed code snippets in the SharePoint site and share it with their team.

Syntax Highlight Screenshot


Step 1

Download and extract SyntaxHighlighter scripts to your PC (Check the download link at the bottom of the post). Now access the SharePoint site and create a folder structure as shown in the below screenshot (i.e. to create ‘scripts’, ‘src’ and ‘styles’ folders inside syntax folder which is present in ‘Shared Documents’). Now upload the syntax highlighter files to appropriate folders.

Upload Scripts Folder Structure

Upload Scripts Folder Structure

Read the rest of this entry »

Featured, Tips & Tricks

Googles SkipFish – Web App Security Scanner

Posted by rajivvishwa On April - 5 - 2010

Skipfish is an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active (but hopefully non-disruptive) security checks. The final report generated by the tool is meant to serve as a foundation for professional web application security assessments.

Installation on Ubuntu/BackTrack (via Redspin)

Use the following commands in the terminal windows to install and run Skipfish. Replace OUTPUT_FOLDER and TARGETSITE with the domain name and the target’s URL respectively. Also change the wget URL to the URL of the latest version of Skipfish download available.

wget http://skipfish.googlecode.com/files/skipfish-1.29b.tgz
tar zxvf skipfish-1.01b.tgz
sudo apt-get install libidn11-dev
cd skipfish
make
cp dictionaries/default.wl skipfish.wl
./skipfish -o OUTPUT_FOLDER http://www.TARGETSITE.com

Trial Run

Installed SkipFish and ran on the target site, specs below.

Guest OS : BackTrack4 VM

Host OS : Windows Vista

RAM : 512MB

Application Size : Medium ( < 1000 Unique Pages )

Internet Speed : 1 MBPS

Skipfish Verbose

Skipfish displays the scan run statistics continuously during the run. Once the scan run is complete, we get to see the scan summary (shown in the below screenshot).

Skipfish Running

Skipfish Console (Click to Enlarge)


Read the rest of this entry »

Featured, Security, Tools

Websecurify – Free Web Application Vulnerability Scanner

Posted by rajivvishwa On April - 2 - 2010

Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. This tool automatically identifies web application vulnerabilities by using advanced discovery and fuzzing technologies.

WebSecurify is available in major OS platforms – Windows, Mac and Linux. Its even available as a Chrome extension.

Post Updated:

  • Target site that requires authentication
  • Info on Chrome Plugin

Wensecurify Scan in Progress

Read the rest of this entry »

Featured, Tools

Subscribe RSS
Follow me on TwitterTechnoratiYoutube VidsLinkedIn ProfileDelicious

    Popular Posts

    Most Commented

    Recent Posts

    Recent Comments