Burp Extension Development

Thanks to Al for helping me to compile this. General For debugging (and modularity in general), be sure to separate out your logic from the file with the BurpExtender class, which is what Burp needs for the thing to work. This file should be stripped down to the bare essentials. Jython Install Jython obviously. You’ll find classes you can import from Burp’s extender tab. To import a class, use from burp import <name_here>...

July 19, 2018 · Jayson Grace

Splunk Notes

URI Path for web application If you want to look at the information associated with a specific uri path for a web application: sitetolookat.com sourcetype=<the sourcetype you have for web stuff> url="/uri/path/file.php*" Add image to dashboard <dashboard> <row> <html> <h1>HTML Panel Example</h1> <p>The HTML panel displays inline HTML.</p> <img src="picture.jpg"/> </html> </row> </dashboard> Resource: https://answers.splunk.com/answers/136162/add-picture-to-dashboard.html View internal splunk logs index=_internal source="*.log" Resource: https://answers.splunk.com/answers/575570/where-can-i-find-the-internal-logs-in-the-splunk-5.html tail -f functionality After running a query, be sure to change the presets for real-time to a window, such as a 5 minute window to show all events that match the input criteria in the past 5 minutes....

July 19, 2018 · Jayson Grace

HashiCorp Vault Research

Nice introduction: https://mycodesmells.com/post/introduction-to-vault Fun write-up: https://www.davidbegin.com/cubbyhole-backend-and-response-wrapping/ Token info: https://www.vaultproject.io/docs/concepts/tokens.html Cool dev implementation series with OSX and lastpass: https://blog.alanthatcher.io/fun-and-profit-with-vault-2/ https://blog.alanthatcher.io/fun-and-profit-with-vault-part-2/ https://blog.alanthatcher.io/fun-and-profit-with-vault-part-3/ Single-use implementation: https://www.slalom.com/thinking/managing-secrets-using-hashicorp-vault How-to on Ubuntu: https://www.digitalocean.com/community/tutorials/how-to-securely-manage-secrets-with-hashicorp-vault-on-ubuntu-16-04

July 2, 2018 · Jayson Grace

Python Notes

This will encompass things that I find useful and end up looking up later when I haven’t coded in a while. Useful functions Read file line-by-line and print each line def print_lines(file): with open(file) as f: for line in f: print(line) Read file into list def return_list(file): with open(file) as f: list = f.readlines() return list Remove line from a file containing a specified string def remove_line_containing_string(file): f = open(file, 'r') contents = f....

January 3, 2018 · Jayson Grace

Old: Modernizing Techvomit

This site used to run on Ghost. I decided to keep this article despite now using Hugo for posterity. Begin old article: I made this decision a couple of years ago on a 4 hour plane ride when I was bored, and wanted to kill two birds with one stone: start learning how some of the AWS services worked, and get a website going. At the time I didn’t really make the site very easy to maintain, and had to learn a couple of lessons over the years as a result....

October 2, 2017 · Jayson Grace

Vulnhub - Sedna

These are my notes from running through the Sedna vulnerable VM. Run discover content in Burp to map the application out. You can also run Nikto to try and find any vulnerabilities. Observe /license.txt - it will inform us that the target web application is running BuilderEngine. Search for an exploit we can use: searchsploit builderengine View the source for the exploit: searchsploit -x 40390 Copy the exploit code into exploit....

March 27, 2017 · Jayson Grace

Mongo Cheatsheet

robomongo is an awesome GUI clicky tool. Connect to the DB: mongo <target> Get host information: db.adminCommand({ hostInfo: 1 }); Show users: db.runCommand({ usersInfo: 1 }); Show roles: show roles Show databases: show dbs Use a database: use <db name> Show tables: db.getCollectionNames() // or show tables // or show collections Get data in a table: db.<table name>.find() Get version of mongo: db.version(); Get json dump of the data Create export....

February 17, 2017 · Jayson Grace

Abusing HTTP PUT

Detection of vulnerability Run Nikto: nikto --host <target ip>:<target port> If it returns this: + OSVDB-397: HTTP method 'PUT' allows clients to save files on the web server. You are potentially in business. Use davtest to get a backdoor This tool runs all of the payloads that it has, sends backdoors if exploitation is successful, and cleans up after itself. davtest -url "http://${TARGET_IP}:${TARGET_PORT}" -sendbd auto -cleanup PHP Backdoor with Burp Capture a request and send it to repeater....

February 17, 2017 · Jayson Grace

Pentesting notes and snippets

Nmap Host discovery via Ping Sweeping IP_RANGE='192.168.0.0' SUBNET_MASK='/24' nmap -sn -oA onlineHosts "${IP_RANGE}/${SUBNET_MASK}" -sn: Use ping scan for host discovery (don’t run a port scan) -oA: Store output in normal, XML, and grepable file formats Parse IP Addresses from gnmap file grep "^Host: " onlineHosts.gnmap | grep "Status: Up" | \ cut -d " " -f 2 | sort -n | uniq Host discovery while skipping ping checks Use this when targets don’t respond to ping:...

February 14, 2017 · Jayson Grace

Screen Cheatsheet

Create Screen Session screen -S <name> Attach Screen Session screen -x <name> Background Screen Session ctrl a d

December 7, 2015 · Jayson Grace