a4apphack

This is a quick post about getting an updated (or a specific) version of Python running on your Linux (Backtrack is used here).  A tool called ‘pythonbrew‘ is used for this purpose. It not only lets us download and install required version of python, but also allows us to choose which version needs to be active.

You can install python brew with any of the method mentioned below.

Easy method

This method requires you to have cURL up and running.

$ sudo easy_install pythonbrew

$ pythonbrew_install

Manual Installation

You need to follow this method if cannot get your cURL/ automatic fetch of required resources from various repositories,  to work. This might happen, if you are like me who is trying this installation from behind an enterprise proxy.

Once you installed ‘pythonbrew’ using method 1 or 2, you can follow the steps above (from Python installation part)  and switch to the new version.

Read the rest of this entry »

This Python script by the author ‘sickness’ updates many of the tools present in Backtrack suite, which otherwise would’ve to be updated manually.

Get the script

Screenshot

Backtrack5 Update Script

Source: backtrack-linux.org

Backtrack5 Update Script Info
App Name	Backtrack5 Update Script
License	free
Type	code
App URL
More Info	link

In this post, we talk about using various third party Chart APIs to display a trend graph on any SharePoint site (or a blog). These graphs delivers a quick summary of the vulnerabilities identified during various security assessments. This can be embedded in a Security SharePoint portal or a dashboard which will be accessed by clients/higher management.

For applications that are assessed at the end of every release cycle (version change), from this graph, one can visualize the trend of vulnerability detection. Here severity scale – Critical, High, Medium & Low (Info) is also displayed in the graph.

We will have a look at 2 charting APIs to achieve this – Google Charts and Highcharts

Using Google Charts

By using Google Charts API, we try to embed the following chart on our SharePoint site. Once the code is embedded, user can hover over the data points to get its value and other information.

There are various obvious reasons for choosing a chart API over a static image inserted into the site.

1. Its easy to update. Just need to change the values in the embed code.
2. Less cluttered. As you can see, values of the data points are not displayed in the chart. If anyone needs to know the value, he/she just has to hover over any column.
3. This can later be programmed to update itself from the data available in any SharePoint list.

Read the rest of this entry »

This batch file decompiles an apk to its corresponding java sources. People who are looking forward to do a code review on an android app who’s source code is not readily available can utilize this bat. This batch runs various free tools available on the internet in a sequence to obtain the java source files.

This is not made to encourage piracy/plagiarism in any case.

How To

1. Extract batch file and lib folder to C:\apk2java\ (or any folder that doesnt have space in its path)

2. Backup the target app’s apk from phone to PC via ASTRO Browser (check this post for details)

3. Keep the target apk in the root folder where batch file is present

4. Run ‘apk2java.bat target.apk’ in cmd

c:\apk2java>apk2java.bat target.apk

Read the rest of this entry »

This post talks about process of extracting apk file of any app available in market and then decompiling it to Java source. This can be helpful for those who perform code review (for security vulnerabilities) on apps whose source code is not available. Once Java source code is obtained, we can either do manual code review or run any free/commercial automated code scanners.

Read the rest of this entry »

This post explains about rooting a Tmobile G2/HTC Vision and then installing Cyanogenmod 7 (Gingerbread) while retaining the apps and data that were in use with stock ROM. Entire process from rooting till installation of Cyanogenmod should not take more than half an hour.

Read the rest of this entry »

There might be times when you are accessing your code snippets saved online from your friends PC or from a new workstation. Chances are less that you can get hold of WinMerge or any similar file comparison tool. But we have a simple dual file comparison tool online which gives us the comparison results on click of a button.

Features

• Ability to upload 2 versions of the files to be compared
• Code can even be pasted to the text boxes for comparison
• Automatic Wordwrap

Checkout Diffchecker

DiffChecker Info
App Name	DiffChecker
License	free
Type	online
App URL
More Info	link

Gruyere is a vulnerable application which can be used to learn and understand web vulnerabilities. Detailed documentation is provided on the type of the vulnerabilities present in the application and ways to exploits it.

Update: Jarlsberg is now Gruyere

This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you’ll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you’ll learn the following:

• How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
• How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.

Documentation Here

Read the rest of this entry »

HTML5 is a new and upcoming technology which has enough features to introduce potential security issues if not properly implemented. A new project has been initiated in Google Code to keep developers updated on the security concerns to be kept in mind while developing their apps with HTML5.

Description of Project in Authors Terms,

This project is an attempt to create a well maintained, informative and categorized cheat sheet to highlight HTML5 as well as other client side and related security issues and ways to avoid them. The project is meant to target web developers as well as security researchers and especially browser vendors since many of the problems we found are based on faulty or quirky implementations. Focus is on completeness, comprehensibility and timeliness as well as continuity – benefits many other related cheat sheets don’t exactly provide.

Read the rest of this entry »

This post details about the steps to add Syntax Highlighting Feature to any SharePoint site where you have access to upload files to server. This can help people who embed code snippets in the SharePoint site and share it with their team.

Download and extract SyntaxHighlighter scripts to your PC (Check the download link at the bottom of the post). Now access the SharePoint site and create a folder structure as shown in the below screenshot (i.e. to create ‘scripts’, ‘src’ and ‘styles’ folders inside syntax folder which is present in ‘Shared Documents’). Now upload the syntax highlighter files to appropriate folders.

Upload Scripts Folder Structure

Read the rest of this entry »