Goofile is a command line tool written in python to perform google searches. The searches are specific to file types within a given domain. I used TheHarvester for inspiration for this project.
The idea came about while I was doing some searches for curiosity and decided there must be another way than just using google.
I hope you find this tool helpful!
So after taking PWB, my thirst to learn and explore this world of security became great. What I found interesting I was not doing at my job and I knew I had to keep these skills sharp if I ever wanted to use them. So I started fuzzing everything and anything I could get my hands on.
There when I found Inetserv. Inetserv is an SMTP program written by A-V Tronics. I created a series of SPIKE scripts to run through the various commands and fuzz them.
What I ended up finding was this exploit.
Finding my first crash was exciting. I did a whole mess of research on format strings to better understand why this is happening and how it is being exploited.
While working at the ISP, I received a complaint from an unusual source. The report came from an IP belonging to a gas station/car wash located not too far way from where I was. This was the second time we received a report from this place, which doesn’t make the call any easier.
I called the gas station and received an attendant. The woman was actually quite knowledgeable and told me she had her IT person come out the last time there was a problem and took a look at their only PC. She told me they removed a virus. I told her we were still seeing spam traffic coming from her IP.
We went through a whole bunch of troubleshooting and came to the point where I told her to unplug the computer from the network to verify what could be sending the spam. After unplugging the computer, I still saw the spam come through the flow logs.
Very confused, I asked her to trace any other connections coming from her router. She told me the only other connection was the car wash. That was where the problem was!
The computer controlling the car wash unit had been infected! She told me she could only contact the car wash vendor as her IT person was not permitted to touch that equipment.
In my time there we didn’t receive another report after that one. It really surprises me how many unpatched/unsecured windows computers are left to automated functions. They are then given direct access to the internet!
This course is by far the most challenging and rewarding class I have ever taken. Information about the class can be found here:
I signed up for the class with 60 day lab access. I figured this would be enough time for me to get through what I needed to prepare for the exam.
The training materials and videos are fantastic. The course is very well planned out and the combination of the PDF and the videos helped a lot with me understanding the topics. I followed along and made a point to complete each exercise I came to before I moved on to the next section. This helped a lot to understand the topics.
The buffer overflow chapter was by far the best. I understood the basics of an overflow but finally working one out really helped me to understand what was going on.
The labs are where this class shines. The Offsec crew put together a gauntlet of networks and machines for one to explore. I did not get as far as I thought I would in the labs; I only root’d 20 machines. Some of them took a long time and many of them made me wonder if I knew anything about computers and security at all.
What I found most intriguing in the labs were the web servers to exploit. I only knew about SQL injection and XSS attacks. After taking the course I know so much more about the kinds of attacks that can occur on a web server.
For the final exam, you get presented into a network with 5 unknown computers that you need to compromise and the Offsec crew give you 24 hours to complete it. I was able to get a passing score within 8 hours. If you take a deep breath, think, and rest the exam is very doable.
Overall it was a great experience and I am very proud of my OSCP status. Now if I can only get my employer to pay for the Cracking the Perimeter course!
The company I work at has an old Cisco ASA 5510. The support and warranty on the device expired and my boss tasked me with getting a replacement. The goal was to have redundant units in our main location for failover, a similar unit in our colo facility and the reuse the 5510 in our branch office.
At the time, my boss wanted to stick with Cisco. We contacted our vendor and we were told there was a 5 month lead time on any Cisco ASAs. This lead time would have pushed back a number of projects. I had previous Sonicwall experience and my boss asked if they would be meet our needs. We agreed to try them out.
We ended up buying 2 NSA 4500s, one with an HA unit. We then purchased a TZ 210 for our branch office. Not only did the Sonicwalls meet our technical needs, the price was FAR below what Cisco would have cost us.
After a few mishaps with our vendor, I was able to get the new units install in our main office and configured. The Sonicwall GUI is very straight forward and I was able to get them up and running in a short time. After awhile I migrated all inbound/outbound traffic through the Sonicwalls and the Cisco ASA is left in place for legacy VPN needs.
With coming from a Cisco world, my boss was a little unsure about the firewalls. After they were in place and he used them a little bit, he became quite comfortable with using them as our primary units. They have been in place for several months now and have been rock solid.
Good news! I have recently completed training and am now a Certified Sonicwall Security Administrator(CSSA)! With my company moving to Sonicwall’s products; my boss felt it necessary to have the staff properly trained.
The class itself wasn’t too bad and the trainer was very interesting. Getting direct access to their level 2 support is definitely worth it.
Being in the Healthcare industry; my company has a need to be able to send confidential information over email. To do this, obviously, we must encrypt the data. Since we used PGP for our whole disk encryption, we went with their Gateway Email solution to handle our secure email.
Installing PGP Gateway Email was simple. We fired up another VM and installed PGP Universal Server 3.0. I created a policy to allow only certain users to send encrypted email(licensing issues). I also specified in the policy to allow outside users to only access the secure email via a web portal.
PGP Gateway Email had everything we wanted. Our employees simply put a certain phrase into the subject line of an email and it will be encrypted by our server. So far everything has worked well and our staff has welcomed the ability to email the information instead of fax!
The company I work for has an office in shared space in a county building. Previously they have been using VPN client software to connect back to our main office to access our main application. They shared this internet with the rest of the building and was very slow. We were able to convince the IT Dept to allow us to bring in our own internet access and our own equipment.
The goal was to provide a secure connection back to our main site instead of have several VPN connections. We purchased a Sonicwall TZ210, a Dell Switch, and a server for the location.
Since it is a shared office space, we needed to be sure that only our equipment would have access the network we set up. I found several documents on 802.1x configuration for wired networks and decided that this would be our best bet.
I configured the Windows XP SP3 clients with Wired Authentication. These clients, when connected to the switch, ask to be authenticated. The switch takes the requests, using RADIUS, and passes them to the server. If the machine or user part of our AD domain, they will be granted access on our network.
I installed Windows Server 2008 R2 Standard to act as the RADIUS server. I had to install Certificate Services, Active Directory Services, and Network Policy and Access Services in order for this to work.
I created a Connection Request Policy to accept RADIUS requests from the switch. The server was also configured to accept PEAP and EAP-MSCHAPv2 requests for network access. The Network Access Policy I created allowed any Domain User or Domain Computer to be granted access.
For PEAP to work, there needs to be a RAS Certificate issued by a Certificate Authority. This was throwing me for a loop for awhile until I got this to work. Since we didnt have a Certificate Authority, I installed the Role as a stand-alone server.
The switch was very easy to configure. Under management I had to specify our RADIUS server and under Port Based Authentication I specified to use RADIUS to authenticate. I then set the node ports to Auto, which sets the state of either Authorized or Denied based on the RADIUS response from the server.
On the switch I also had to set the ports to be Multi-Host. We had a few weird issues on a couple PCs and that fixed the problem.
The nodes were even easier to configure. The Wired Autoconfig service needed to be started and set to automatic. Then in the network properties for the LAN adapter, had set PEAP to not validate the server certificate. This was because we used self-signed certificates.
After this all was done everything worked quite well. The staff were also very pleased with the improvements we had made!
Well it looks like Symantec bought PGP and Guardian Edge; two very popular encryption suites. As a user of PGP’s products, I am very worried about what will happen to the functionality of the product, but also to the brand as well.
PGP has a long history of turmoil. I fear that symantec will treat PGP like they did Backup Exec; make it huge and bloated.
While many say that they plan on taking Guardian Edge’s products and putting them under PGP’s management structure; I will wait to see what comes of this.
I’m sure licensing costs are about to go up as well.
Recently McAfee released an update that crippled many Windows XP machines running SP3. The update caused svchost.exe to be flagged as a virus. I am just in shock that such a large company didn’t do thorough enough testing to stop this from happening.
I’m glad I stayed away from McAfee’s products.
