I set-up a web server over the weekend.

You can choose an official Ubuntu machine, type in the official Ubuntu user ID when doing a search for machines.

The web server is just Apache with a htaccess file that contains modrewrite rules to reply with 200 responses instead of 404s.

I'm just going to monitor the access logs from now and then. It might yield somethign interesting, it may not, hasn't cost anything.

I was thinking the exact same thing and Google led me here.

Even though it is against their TOS, how would they know you were hosting a honeypot?

I've never used Amazon EC2 before so I'm not sure how it works.

I guess they do some monitoring on the boxes traffic for malicious activity? Even if they did, with the amount of boxes they are hosting, would they have the time to take any action?

(just thinking out loud and sorry to resurrect an old thread)

Edit---

I was thinking about using something like this;
https://hub.turnkeylinux.org/

Edit---

TurnkeyLinux Hub doesn't allow you to use the free 1 year micro server offered by Amazon and their registration process is ridiculous.

Problem solved!

VIEWSTATE and EVENTVALIDATION values need to be URL encoded. I thought I had done this before however I wasn't doing it properly.

Hi,

I am testing a ASP.NET application that uses viewstate and eventvalidation.

I want to use a custom tool written in Ruby which uses the net/http library to authenticate to the application.

This is what the tool is doing:

1. GET /login.aspx
2. POST /login.aspx

1) Get login.aspx and parse response.
2) Send post request to login.aspx with eventvalidation and viewstate from 1.

The above results in an error.

Is there something obvious I am missing here? Most black box web app scanners deal with the application fine. I just can't replicate a valid request on my own.

I have tried URL encoding the viewstate and eventvalidation. Ensured that they are being sent correctly. Sending all cookies with 2 that 1 sets.

Thanks in advance,
Ryan

"No. I will not hack your boyfriends facebook."

"Scrip Kiddies now have someone to look down on... #ligatt"

"I'm a PCI check box checker enabler"

"> Money != > Security"

"while(1) { print 'www.ethicalhacker.net'; }"

Awesome! Thanks! 

Wasn't sure where to put this, I thought 'Tutorials' may be appropriate.

For those of you who missed the event and the live stream here are the videos.

Enjoy! 

http://blog.brucon.org/2010/11/brucon-2010-videos-released.html

P.S. They are looking for mirrors

I'm not 100% sure on this particular line of output but it could be referring to this: http://www.w3schools.com/TAGS/tag_object.asp

If it is referring to the above, it is just alerting you to the fact that there is some kind of embedded media in the page.

"The <object> tag is used to include objects such as images, audio, videos, Java applets, ActiveX, PDF, and Flash."

I have a sneaky suspicion you may be looking at the wrong output. Here is the page you should be viewing to interpret the findings: http://upload.wikimedia.org/wikipedia/commons/1/1e/W3af-screenshot.png ('Results' rather than 'Log')

I see you 

Here! In the Seccubus workshop. 

Maybe post the individual log outputs which you are unsure of?

I'm trying to implement this vulnerability into the up and coming DVWA LiveCD.

httpd.conf:


Apache is running as user 'nobody' in the 'nogroup' group.

I can connect but not execute any commands.Using a webdav client 'cadaver' I get an internal server error 500 when trying to execute any commands.

I assumed this was down to permissions so I changed the permissions as such:


Still no joy.

The DavTest tool also connects but fails on MKCOL and any PUT requests.

Any ideas?

EDIT:--

Apache 2.2.14, PHP 5.3.1, Ubuntu server 10.04 minimal

EDIT:--

Got it working.

DavLockDB needs a file name not folder directory. So changed this:

for this:

Take it back, I didn't solve the cipher.  There's more to it than I originally thought!

I will be at BruCON this year giving a workshop. Never made it last year. Was considering going to SOURCE Barcelona but it overlaps with my BruCON travel plans. Looks like SOURCE have an awesome line up as well. 

I will also be attending OWASP Appsec Ireland, also in September. Tickets are relatively cheap, good if your on a budget.

I started college when I was 21 with the intent of getting into the security industry, I started university not long after doing an undergraduate degree in Ethical Hacking for Computer Security.

I am now doing my placement (internship) with an awesome sec company based in the UK. I have one year left at university after my placement.

Looking back I absolutely made the right decision. Luckily for me though, the English government supply students with loans and grants which meant I didn't have to pay anything up front. Just means I will have debt when i graduate, which I can tolerate as i will be hopefully earning a good salary and be doing what I love.

By no means is college/university the right decision for everyone however being able to dedicate 100% of my time to learning and being in the academic environment, made the process for me a lot quicker.