Tried to update my Xcode today and ran into an issue. The Mac App store updated all the applications requiring updates except for Xcode.
When I tried to manually update the application, a message box with the below message appeared.
Message: “To update this application, sign in to the account you used to purchase it”
I only have a single apple account and have always used it to download my applications.
After some experimenting, I was able to fix the issue by performing the below steps.
1. Close the Mac AppStore application
2. Navigate to the applications directory
3. Delete the Xcode (4.5) application
4. Open Mac App Store application
5. Try to install Xcode again (Button now showed Install instead of Update)
Many many times my machine has performed Windows updates that lead to an automatic reboot of the machine. Although installing the updates is important, it had become a bit annoying to lose my work that was open on the machine.
After some research, I was able to identify that the a value can be changed in the registry to disable the automatic reboot.
Go to the registry editor and navigate to the following registry key:
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
The wireless pineapple, is a very nifty device to have and experiment with. Many times on my assessment work, I am interested in seeing if an application is making any network calls using HTTP. The pineapple and URLSnarf make this task very easy to check.
I know, I know… I could launch BurpSuite or any other proxy, update the proxy settings in the device and lauch the application. Although this would work, it is not as quick as just connecting to the pineapple over karma and then starting the URLSnarf infusion!
The infusion is simple, easy, and effective. Prior to starting the infusion, there is a simple configuration that must be performed. The appropriate interface to listen on must be configured. Many times I had forgotten to update the interface and wondered why the infusion did not function properly.
Steps to use the infusion
1. Begin by powering up the pineapple and waiting for WAN, LAN, and USB LEDs to illuminate.
2. Through the testing device, connect to the administration panel of the pineapple.
In a browser navigate to: 172.16.42.1 and authenticate using the username root and the password which you configured. The default password is: pineapplesareyummy
3. Navigate to the Pineapple bar where you can find a list of all the infusions avaialble. If URLSnarf is not already installed, follow the instructions to install it. Click on the URLSnarf link to navigate to the infusion.
4. Ensure that the appropriate interface is selected. The interface that should be shown is br-lan. This assumes that you have the pineapple hooked up to a PC and the interface on the PC is bridged to another interface with ICS enabled.
5. Click the start button to start executing the infusion. The Output tab will show a message urlsnarf is running.
6. Start an application on your mobile device. If all goes well, the traffic will be shown. The URL at least :)
Have you made any updates to your OpenWRT device and it is acting up? Well you have a chance to fix it by entering into the failsafe mode. Follow the steps below and you can telnet into the device if required to make modifications to the configuration.
Short instructions are:
1. Configure windows PC with address
IP Address: 192.168.1.10
Subnet Mask: 255.255.0.0
Gateway: 192.168.1.1
2. Opened a command prompt window and ran PING -t -w 5 192.168.1.1
3. Pulled the power cable from the router and then hooked it up again.
4. Your PC will get some replies from the router… look out for the DMZ LED lighting up.
5. Hold the Reset button for a few seconds….
6. If it works, you will continue to get responses from your router and you will see in your command prompt window
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
7. When the responses come and don’t stop… Then you are in failsafe mode and you can telnet in, else repeat the process…
I love infographics, they present a log of information in a concise easy to understand visual that is both educational and entertaining. I ran into the below infographic from ThreatMetrix and thought it applied to many of us, as we frequently visit various coffee shops in our neighborhoods.
Creating arbitrarily large text files using command line
Description
Based on business need web applications allow end-users to upload various types of files. The applications must have controls in place to accept allowed file type extensions and must have file size limitations to prevent nefarious users from attacking a system’s availability or legit users from uploading large files accidentally which can impact the system’s availability.
Ever need to download a series of files which have a similar name, indexed with a number, but did not want to save each one, one at a time?
Writing a for loop in Bash can help solve this issue very quickly.
In my case, wget was not available on my machine, thus curl was used to download the files.
The bash command looked as follows, where URL was the sites path where the images were stored:
for i in {1..59}; do curl -o “slide—$i—1024.jpg” “<URL>/slide-$i-1024.jpg”; done
Capture filters for Wireshark when reviewing 802.11 packets.
The frames are broken up into types and subtypes.
Frame type Filter Statement
Management Frames wlan.fc.type == 0
Control Frames wlan.fc.type == 1
Data Frames wlan.fc.type == 2
Frame sub type Filter Statement
Association Request wlan.fc.type_subtype == 0
Association Request wlan.fc.type_subtype == 1
Probe Request wlan.fc.type_subtype == 4
Probe Response wlan.fc.type_subtype == 5
Beacon wlan.fc.type_subtype == 8
Authentication wlan.fc.type_subtype == 11
De-authentication wlan.fc.type_subtype == 12
iPhone Unlocking Instructions:
1. Press *#06# to find your iPhone’s IMEI number; the number will be 16 characters long
2. Provider your IMEI to an unlocking service and wait for a response that your device is unlocked.
3. Now do the following below:
- - Then, install last version of iTunes
- - Make sure your itunes is the latest version
- - Connect phone to iTunes with not accepted (not valid) SIM
- - Wait until itunes detects phone
- - Now disconnect your iPhone and then reconnect after 10 seconds.
- - Phone Unlocked. Once unlocked, your device will show the below image
Note: In some cases the device may not show the above screen and may ask for to be re-activated when you insert the new SIM.
Don’t worry if the above screenshot is not displayed, you phone will still be unlocked after it completes the activation process.
Java’s unlimited supply of zero day exploits raises the question if we need to have Java on our machines. The most likely answer is probably no, however there are many reasons to have Java running on your machine.
If Java has to be installed on your device, then ensure that the Java plugin is not enabled within your browser. This is important because, if your system is running an older version of Java or an up to date version of Java, which may have zero days, then your system is at risk of being compromised. As a user, all it takes is to browse to a site that uses a Java applet to provide some functionality. This can be the entry way for the bad guys into your system.
