Archive for January, 2010

So there I was exploiting a LFI, only problem being I hit a brick wall. I did not see any possible way to leverage my LFI so that I could get RCE or even leverage it in such a way that I would be able to view the source of other PHP files. Now WTF should I do I asked myself?


This is just some quick script I hacked up to scan TCP ports using different source ports. The aim of the script is to find badly configured firewalls that allow traffic from certain source ports. This is for instance explained in the NMAP book. I’ve done it in scapy (yeah I know python ones again) and still admire scapy, it’s a wonderful piece of software. Here are some nice references if you decide to write your own networking stuff in scapy:

#   –
#   –
#   –

You can find the source here.

I chose manual output analysis, this means that the script doesn’t have any logic whatsoever and you will have to decide, if it allows or doesn’t allow traffic from different source ports yourself. Example output:

Received 34 packets, got 8 answers, remaining 28 packets
srcport, dstport, flags, humanflags
20,80,18,[‘SYN’, ‘ACK’]
20,443,18,[‘SYN’, ‘ACK’]
53,80,18,[‘SYN’, ‘ACK’]
53,443,18,[‘SYN’, ‘ACK’]
67,80,18,[‘SYN’, ‘ACK’]
67,443,18,[‘SYN’, ‘ACK’]
88,80,18,[‘SYN’, ‘ACK’]
88,443,18,[‘SYN’, ‘ACK’]

Hope it’s also useful for someone out there.

So I took on a new challenge, understanding how to develop your own Master Boot Record (MBR). So how do you start to develop your own bootloader? The first answer that came into mind was the setup of a development environment. No development environment , no bootloader. Actually that’s my thought on every new coding project I undertake. In this blog post I’m going to explain the steps I went through and why I finally choose for a somewhat rather basic development environment. Anyways let’s get started.

p.s. Happy New Year