Posts filed under 'Fun'

Cisco ASA hacker tips: Hexadecimal to decimal conversion tool

Do you know that the famous Cisco ASA security appliance can convert hexadecimal to decimal for you ?

Cisco ASA secure your packets. On top of that, ASA has a calc.exe tool that is called PING :>

Continue Reading Add comment octobre 16th, 2008

Virtual PC slow down TFTP file transfer

If you want don’t want to see your TFTP file transfer looking like 259bytes/second between Cisco ASA and your Windows XP workstation, don’t forget to close Virtual PC machine.

Today I initiated a TFTP file transfer from a freshly out-of-the-box Cisco ASA and a Solarwinds TFTP server hosted on a Windows XP workstation. Traffic was very very slow. Show interfaces reported 5 minute output rate 0 pkts/sec, 259 bytes/sec

So what the fuck? I was very skeptical on this issue .. Ran Wireshark and no interface was available except generic dialup. And here comes the idea in my brain: I’m running Debian in Virtual PC. No IT can’t be ?? Yes, don’t blame the network so early in your troubleshooting steps.. VPC was the root problem :)

Click here to see the TFTP transfer speed changing over time !

Wanna dream of QoS rate limiting without adding a unique line of configuration ? Run Virtual PC!

Add comment août 19th, 2008

My routers botnet proof of woot

In this funny video (yeah I like FBI even if I don’t know them), I will show you my IOS botnet proof of woot.
It’s for real but I don’t want to be a security pr0nstar showing my 4ss at conferences nor taking the time to make a perfect proof of concept that everyone in the IT security field dreams about at least a time in his career. Just take some fun with computer glad to my poor programming skills in TCL.
So yeah, I’ve hacked 127.0.0.1 in order to leak my old hard disk for you.

Why now ?
- IOS stuff is breaking news since some months so the most stupid human can understand what I did (or not)
- Holidays, I would like less people see this in order to stop blargz about this and mitigated since long time by Cisco
- I’m clear with Cisco about it and helped the R&D to reproduce the proof of concept
- Definitely not 0-day!

Click here to join #lol

Pète un coup et ça ira mieux …

Add comment août 14th, 2008

FAIL of the day

This morning when I opened my mail inbox, I found this gem and it’s too late for april’s fool :

From: K…. P….. (k…….)
Sent: mardi 29 juillet 2008 22:09
To: blarg-obfuscated (mailer list)
Subject: Reset router

I cannot log into to my router. What is the command to reset the router to factory default?

K…. P….., CISSP, CISA, GSNA, ITIL
Sr Systems Engineer
Security/ Compliance Specialist

Cisco Systems Inc.
13600 Dulles Technology Drive
Herndon Va 20171

Direct 7.. … ….
Mobile 7.. … ….
http://www.cisco.com/go/security

Add comment juillet 30th, 2008

Windows XP telnet.exe funny bug

Irina from Cisco Moscow told me yesterday I am funny. Well, Windows XP is too.
Telnet.exe dislikes cat /dev/mem in socat :-/

Click here to view the Windows XP telnet.exe bug

Add comment juillet 28th, 2008

Le DNS et ta mère

Il faudrait être déconnecté d’Internet, en vacances en Corse ou formateur à SUPINFO, être trop occupé à coder un exploit SMTP qui va rooter toute la planète ou encore travailler chez un ISP pour ne pas avoir entendu parler du buzz de l’été: Dan Kaminsky, Paul Vixie et DNS.
L’Internet étant déjà bien pollué … et histoire de se démarquer des bloggeurs sur la faille DNS qui racontent tous la même chose. Pourquoi pas réaliser une série de ta mère sur le DNS ?

  • Ta mère elle a tellement oublié son cerveau en se réveillant qu’elle croit encore qu’il y a 13 serveurs physiques DNS racines
  • Ta mère a tellement de l’espoir qu’elle dit partout que AAAA c’est l’avenir
  • Ta mère y compris tellement rien dans son archi réseau qu’elle ose pas patcher BIND
  • Ta mère est tellement open qu’elle met en cache powned.doxpara.com
  • Ta mère est tellement moche que Dan ose pas la bruteforcer
  • Ta mère elle a tellement rien à foutre qu’elle a le temps de lire la RFC 2181
  • Ta mère c’est tellement une pigeonne qu’elle croit encore qu’on peut déployer DNSSEC en 6 minutes
  • Ta mère elle veut tellement devenir une star qu’elle fuzz les RR additionnels cet été
  • Ta mère elle est tellement parano qu’elle dig son macbook pro sous MAC OsX
  • Ta mère elle a tellement lu l’autobiographe de Théo qu’elle croit que le BIND de son OpenBSD est safe

Ouais!

Add comment juillet 24th, 2008

SecurityVibes - new IT security community

SecurityVibes is a web2.0 dedicated for IT security and organizational professionals and as you know, I love web2.0 and convinced that’s it’s the most accurate thing to do business today as I’m concerned with such things (back to web1.0) from 2001.
ACZ (Aurélien Cabezon), well known with vulnerabilite.com launch securityvibes in beta-test since two week or so.
At this time of writing, content and people are mostly french but soon open to the world.

The website is organized in some clearly defined parts: buzz, opinions and articles, groups (temporarly down) and events. All this base is shared between users.

Actually, there is 18 users online … ACZ, I wish you the best with this new community!

I’ve some invitations if you are interested …

Add comment juillet 24th, 2008

Previous Posts

Text Size:  Default Text Size  B  Text Large  

Calendar

novembre 2008
L Ma Me J V S D
« oct    
 12
3456789
10111213141516
17181920212223
24252627282930

Posts by Month

Posts by Category

Liens externes

Live Blog Stats