Find Me:
 
Missing C Compiler – Mac OS X - May 3, 2012

In an effort to install Dradis, I have been running into several issues installing Ruby 1.9.3, as required. The official Dradis Mac OS X install guide suggests running the following command to install Ruby 1.9.3 through RVM.

rvm install 1.9.3

However, with this command I have been receiving configuration errors that have not been allowing me to move forward.

johnpoulin$ rvm install 1.9.3

Fetching yaml-0.1.4.tar.gz to /Users/johnpoulin/.rvm/archives

Extracting yaml-0.1.4.tar.gz to /Users/johnpoulin/.rvm/src

Error running ‘tar xmzf /Users/johnpoulin/.rvm/archives/yaml-0.1.4.tar.gz -C /Users/johnpoulin/.rvm/src ‘, please read /Users/johnpoulin/.rvm/log/ruby-1.9.3-p125/yaml/extract.log

Configuring yaml in /Users/johnpoulin/.rvm/src/yaml-0.1.4.

Error running ‘ ./configure –prefix=”/Users/johnpoulin/.rvm/usr”  ‘, please read /Users/johnpoulin/.rvm/log/ruby-1.9.3-p125/yaml/configure.log

Compiling yaml in /Users/johnpoulin/.rvm/src/yaml-0.1.4.

Error running ‘make ‘, please read /Users/johnpoulin/.rvm/log/ruby-1.9.3-p125/yaml/make.log

Database file /Users/johnpoulin/.rvm/config/packages does not exist.

Installing Ruby from source to: /Users/johnpoulin/.rvm/rubies/ruby-1.9.3-p125, this may take a while depending on your cpu(s)…

ruby-1.9.3-p125 – #fetching

ruby-1.9.3-p125 – #extracted to /Users/johnpoulin/.rvm/src/ruby-1.9.3-p125 (already extracted)

ruby-1.9.3-p125 – #configuring

Error running ‘ ./configure –prefix=/Users/johnpoulin/.rvm/rubies/ruby-1.9.3-p125 –enable-shared –disable-install-doc –with-libyaml –with-opt-dir=/Users/johnpoulin/.rvm/usr ‘, please read /Users/johnpoulin/.rvm/log/ruby-1.9.3-p125/configure.log

There has been an error while running configure. Halting the installation.

After Manual inspection of the failed configuration, it seemed that the culprit was a missing C compiler.


./configure –prefix=/Users/johnpoulin/.rvm/rubies/ruby-1.9.3-p125 –enable-shared –disable-install-doc –with-libyaml –with-opt-dir=/Users/johnpoulin/.rvm/usr

configure: WARNING: unrecognized options: --with-libyaml

checking build system type... i386-apple-darwin11.3.0

checking host system type... i386-apple-darwin11.3.0

checking target system type... i386-apple-darwin11.3.0

checking whether the C compiler works... no

configure: error: in `/Users/johnpoulin/.rvm/src/ruby-1.9.3-p125':

configure: error: C compiler cannot create executables

See `config.log' for more details

dakota-marshall-2:ruby-1.9.3-p125 johnpoulin$ gcc

-bash: gcc: command not found

Imagine my surprise, when I noticed that my Macbook of two years didn't have a C compiler. How has this never caused an issue before?

After doing a little research, it looks like a recent uninstall of Xcode may have removed GCC.  To fix this problem I simply reinstalled the most recent version of Xcode (in this case 4.3.2), with hopes that GCC would be magically installed... No luck.

 The solution required me to install the Command Line Tools component available through the Xcode download preference panel.


WXf Rapid Module Reloading - April 24, 2012

One of the largest issue’s I have had with wXf development is testing quick fixes to modules I have written. For example, I’ve been debugging a module and each time I go to run the module I close and re-execute wXf. This becomes annoying quick.

In an attempt to design a solution to this problem, I realized the solution already exists. The reload command does exactly what I was looking for.

 

– Just a quick note :)


WXf PHP Hash Table DoS module - February 7, 2012

An interesting discovery was announced at 28C3 this year that impacts a large number of web-servers across the world. This DoS vulnerability is caused by a poor implementation of Hash Tables across server-side programming languages such as PHP, Java and ASP. For more details watch the presentation here.

That being said, I wrote a wXf module that leverages this vulnerability, and it’s available in the repository, or via download here.

Before executing the module, you will need to set the count option. I recommend setting this to a value of 100 or higher. When running the module you’ll notice it takes several minutes to generate the payload, and after this is complete it will start sending requests.

If the server is configured with a post_max_size >= 4MB this module should spike the servers CPU usage to 99-100%. Give it a try!

Note: There are a few issues with the module. Even though the module spikes the CPU usage, it often doesn’t effectively DoS the entire system. This is currently being researched, however I believe it is attributed to the slow socket connections provided by the native Ruby library.


wXf Site Enumeration Module - November 7, 2011

Over the past couple of weeks I have been working on a module to provide recursive site enumeration for the Web Exploitation Framework. The goal of this plugin was to provide an auxiliary module that allows a tester to recursively build a sitemap for a given website.

The idea behind this module was that websites often contain links to pages that should normally be kept hidden, such as administrative login pages. This module allows a tester to sit down, and analyze linked pages on a given website. The tester can also specify how many times we would like to recurse through pages.

In the future I will be adding email parsing capabilities and also robots.txt parsing. These features will allow a tester to recover some additional information, such as possible usernames, private directories protected by the robots.txt file, etc.

Anyway, take a look at the module.


wXf – Web Exploitation Framework - October 20, 2011

Lately a large portion of my time has been spent contributing to the Web Exploitation Framework (wXf). wXf is a framework geared towards web application penetration testing that provides auxiliary and exploit modules. These modules make the job of a web application penetration tester much easier, because they are easily configured to replicate many of the tedious tasks a tester may face.

 

My focus has been primarially on module development, including auxiliary modules to locate phpMyAdmin on a server and then run a dictionary attack against the authentication vector.

If you’re interested in tracking my contributions, please click find me on github under username forced-request.


Ruby – It is more than a Feeling - December 20, 2010

For a project in my programming languages class (COS 301) we were asked to write a paper which describes functions and methods, including parameter passing.

Abstract:

Ruby was designed as a vision to implement a natural feeling language. This vision is demonstrated through Ruby’s features such as the ability to pass blocks as arguments and the idea that everything is an object. Matz, the designer of Ruby, felt that a programmer should have the opportunity to enjoy their work. It is for this reason that Matz originally had the vision to implement the language we now know as Ruby.

Paper available here: http://john-poulin.com/docs/ruby_functions5.pdf


Statistical Analysis on Blackjack - August 26, 2010

I’ve always been a big fan of Blackjack and since I’m turning 21 in less than a year I figured I would do some statistical analysis on the game and see what I can come up with for odds. What I’ll be doing is designing a blackjack application which allows you to customize the amount of decks you’ll be playing. I’ll set the application to log every move to generate statistics on a per-hand basis.

For example, by the end of 1,000 Games I may find that if I stand on a K 7 I have a 73% chance of winning. Given these statistics it should greatly improve any odds of winning.

The toughest part of an experiment like this is figuring out the best way to capture the data and what data to capture. Our goal is to capture enough data to determine some ball park probabilities on whether a certain action will result in victory based on a given circumstance. We will want to know the players current hand, the dealers card, the players action and the result.

Taking data this way will allow us to easily determine probabilities. For example, if we want to determine which percentage of players HIT with a K 6 while a dealer was showing an Ace we can easily do so.

In order to take unbiased data I will be asking friends and acquaintances of mine to play this as if they were at a real table with real money. This will help simulate different playing styles.

I found a Javascript Based Blackjack (http://tyson1.com/professional/blackjack/default.html) app which I’ll be using for my study (Once I obtain consent from the author). I’ll be using ajax to keep track of statistics. Once I get a working demo up I’ll post it!


Constraints on Hash Functions - May 7, 2010

For my Discrete Structures / Algorithms class we were asked to prepare a final project over material which was relevant to this class. I decided to stray a little farther away from the typical topic and cover Hash Functions which were not covered in class.

In my paper I outline the purpose and necessity of hash functions and also outline their weaknesses based on logic and published research.

My article can be found here http://john-poulin.com/docs/constraints_on_hash_functions.pdf


Twitter API Flaws and Features - March 1, 2010

Anyone who considers themselves an avid twitter user is at least somewhat familiar with the twitter API. The twitter API, which has been the subject of a large portion of twitters funding provides methods to complete almost any task that can be completed on twitter directly.

I recently began developing a web-based twitter client geared towards advertisement, when I fell across several potential flaws in the way they handle their authorization. I was able to hijack my friends twitter account and updated his status, change his background picture or even change his password, all because he trusted me. This was due to their authentication scheme.

API based authorization (OAuth) is a token based authentication scheme that works in the following way:

  1. Application Developer applies for access to the OAuth. Once an application is granted (Almost immediately) a consumer key will be generated.
  2. Users will then be able to connect their twitter account to this application. Once connected, they will have a token and a secret key which are used to verify their identity.
  3. Once a user executes a query, the query will notify the API by saying “Hello this is the application with consumer key *CONSUMER KEY*. I want to execute the “set status” query with parameters “This twitter api is cool!” for user with token *token* and secret *secret*.
  4. Assuming the token, secret and consumer key are all valid, the query will be executed.

The problem with this, is that twitter themselves tell us to store the token and secret in plaintext, probably in some sort of SQL database for easy fetching. So lets step back and think about this….

Typically we use hashes in practice to prevent our passwords from being stored in plaintext. But, doesn’t it seem like these tokens are a password? Well, we can think of these tokens as part of a password. The other part of a password is the consumer key, which is probably tucked away in a global configuration file or database somewhere.

The problem with this methodology is that the twitter developers are assuming the way an application handles their consumer key will be intelligent and secure. This is not always the case. Not to mention, what about disgruntled developers with access to both the user tokens and the consumer key?

I’m not writing this post hoping to see some miraculous changes with twitters security. In fact, months before I’m even writing this post I sent them an email explaining my research. They never responded. Two days later I read a job posting… It was twitter looking for security developers for their API. Coincidence?

I simply want people to know and understand the risk of using twitter applications. You’re not cool if you have 30 twitter applications. As you should now be aware, you’re just a walking vulnerability.

Note: Many websites with fully fledged API’s are also subject to these problems, including, I believe, Facebook. You’ve probably all seen the lovely Facebook viruses that once you click on, it begins sending notifications to your friends. Well, this is an example of abusing the privileges of an API and lack of user knowledge…


Learning a foreign language can be easy…. - February 27, 2010

Learning a foreign language can be easy with the right tools.  Since part of being a college student requires frequently reading your email, I figured the perfect tool to learning a foreign language may take advantage of this.

I’ve been working for a few days on developing a tool that will allow instructors and native speakers to insert verb conjugations and translations, as well as sentences and translations into a database.  What makes this useful is the ability to randomly generate a verb infinitive, gather the verb conjugations and then find random sentences which include some form of that verb. This allows users to see these verbs in context randomly.

This will eventually be setup as an email based application which will allow end users to signup for our mailing list. Each morning an email containing a random verb infinitive + Conjugations and a few example sentences and translations will be sent to our members.

Eventually I plan on implementing the functionality to insert nouns and other grammar rules to the database and randomly select from the verbs/nouns/rules.

Current Demo: http://www.john-poulin.com/ger/index.php




Navigate
Last.FM
View Profile



 
Footer Logo