Category: code

  • Brocade brute forcer

    During a pentest, I needed to test a Brocade SAN Switch. Since the Java webstart was quite slow, and I couldn’t find another script – I quickly coded this together to brute force passwords: brocade_brute.rb

  • the state of Mixed Mode

    When a browser grabs a webpage over HTTPS, *nobody* (aside from revelations that governments can see our SSL traffic) can see what’s happening between your browser and the target webserver.  You are protected against the prying eyes of an evil network admin, proxy admin or even government. Modern websites often import JavaScripts files from multiple…

  • Rails, what’s wrong with serving static JS and CSS files?

    For a new web project, I’ve been looking at Rails 3.1, the latest update of the popular Ruby on Rails web application framework. Although I just started on it, and haven’t seen all the goodness, one thing that raised my eyebrows is how static content a la CSS and JavaScript is handled, through an asset…

  • JQlog: JQuery Keylogger, or why not to trust your proxy admin.

    Note that this post is for awareness and educational purposes only. I do not encourage, and cannot be held responsible for malicious actions using these tools. The Internet, as it is today, is a mash-up of JavaScript enabled services, often included from external websites. Internet companies offer so-called widgets, which are JavaScript tools that can…

  • JQuery AJAX with Rails’ authenticity token

    In Ruby on Rails, authenticity tokens are generated to prevent CSRF (Cross Site Request Forgery) attacks. These tokens generate a unique “identifier” to prevent other website from making requests on your behalf, or so-called “session riding”. In Ruby on Rails, to have this identifier available for you, you need to put in your view, usually…

  • Spaces, or parentheses are important

    In Rails, j = points.size -1 is not equal to j = points.size – 1 Wouldn’t it be easier if Parentheses were mandatory, so that we could see the difference between: j = points.size -1 and j = points.size(-1)

  • FacebookError: OAuthException – Invalid OAuth access token

    On places.ae, we got notified of some issues with Facebook signups and logins. All of the sudden, when the Facebook OAuth service pushed us back to our redirect-page, the HyperGraph Gem threw the following error: FacebookError: OAuthException – Invalid OAuth access token This is often thrown because the Access Token could contain a | (pipe)…

  • nnscfgmaker.sh: a nagios/nsclient++ cfg maker

    Dear all, We are in the process of changing the monitoring system on part of our network from Zenoss to Nagios. This is not a Zenoss vs. Nagios debate, as both products are awesome and do the things they are designed for very well. We (Christian and myself) use a combination of Cacti for bandwith…

  • Find “similar things” in Ruby

    For several Ruby on Rails projects I had to come up with “similar” results. These are often results (video’s, products,places, hobbies, etc) with the greatest number of tags. Say, you are tagging car pictures on a website, and have the following: image1.jpg -> [“honda”,”s2000″,”convertible”,”black”] image2.jpg -> [“honda”,”civic”,”blue”] image3.jpg -> [“lexus”,”is300″,”blue”] image4.jpg -> [“s2000″,”honda”,”convertible”,”silver”] image5.jpg ->…

  • Tar based incremental backups

    A small bash script I wrote to have incremental backups done on a unix server, and then pushed to a Windows File system. On the fileserver, we add this directory to the normal backup. This is on a mail server, where emails are stored in MailDir format. We create weekly full backups on sunday, and…