Technology Insights

Static Source Code Audit On Terminal Using Bash Functions

For anyone that has done a long source code audit is not about really finding the easy/low hanging fruit stuff that can be slow and sometimes a bit “frustrating”. I recently had a nice 660,000 lines of code source code audit to be done in less than 2 weeks, the language was Java, so the first thing that was to be done (they had already hit fortify and other tools with it) and were looking for a bit of more interesting stuff apparently. This raised some specific problems while working and finding the vulnerabilities and exploitability of them.

Code Snippets

Add New Item To Backtrack Linux Backtrack Menu

I recently wrote an article about how to fix btscanner in Backtrack Linux and realized after the article was completed that some people may prefer to launch btscanner via the menu in Backtrack Linux instead of the command terminal by typing btscanner. This article specifically explains how to add btscanner back to the menu in Backtrack Linux under Backtrack > Information Gathering > Wireless Analysis > BlueTooth Analysis > btscanner. The information could however apply to any tools you wanted to manually add to the Backtrack menu by modifying each variable accordingly.

Technology Errors

Backtrack creepy Error – ImportError: No module named osmgpsmap

When attempting to launch creepy via the Backtrack menu (Backtrack > Information Gathering > Network Analysis > OSINT Analysis > creepy) the starting creepy window will show in the taskbar however it simply disappears after a couple seconds without any action. If you investigate the menu item you will see that the menu item executes creepymap and when you attempt to execute creepymap you will see some Python errors. Below the error is described in more detail along with instructions on how to get creepy working properly.

Code Snippets

RightScale RightScript To Add SSH Users To Linux Nodes On Boot

The below code snippet was used to add SSH users to RackSpace cloud CentOS Linux nodes being used as application servers and managed via RightScale. The SSH users were required during a testing phase so they could look through logs and make modifications to specific configuration files, etc. There are three things that have to happen to create the SSH user, allow them to login, and provide them the necessary rights on the server to accomplish their tasks which include adding the user, modifying the sshd config to allow password logins, and update the sudoers file to enable sudo access for wheel group users.

Code Snippets

Represent A Tab When Using sed Find/Replace

The other day I needed to create a RightScript shell script that would update a couple configuration files on a server that was being launched in the RackSpace Cloud via RightScale. I decided to use SED to find and replace content within the configuration files. The first pass at the script failed because what I thought were spaces ended up being tabs. Use the information below to represent a tab within a shell script when using sed.