h4ck (hacked in 5 minutes)

published: December 3rd, 2007

I don’t want to brag about it but this project was slashed in 5 minutes and this is not due to some amazing tech wizardy. It is mainly due to the powerful Java development platform and the tones of development information resources, Java coders have on their hands. I just made use of them. This morning I had some thoughts around the Metasploit and w3af projects and how the GNUCITIZEN team can contribute some modules to make both of them even more powerful. While looking for some info and meanwhile ripping off w3af subversion, I stumbled upon some articles on Apache Ant. Wait a minute!

I’ve been playing with ant before and I must say I like it, although it is just XML, but I still like it. I started digging into Ant and realized that these ant tasks can be also scripting through scripts written in any language supported by BSF (Bean Scripting Framework). So, I grabbed the sources. Compiled a few binaries. Resolved some dependencies and created a nice directory structure. Before I realized it, I had a powerful scripting framework in under 12M uncompressed. Sweet! Slashed in 5 minutes.

It shouldn’t come this as a surprise to you but we are mainly going to use this tool for security related projects. It is very easy to extend and it actually makes a perfect sense development wise. And it can be scripting by my favorite languages. Ain’t that just perfect. In order to extend the core functionalities you need to drop a simple jar file within the lib folder. Withing tasks you can show place your ant scripts. The tools comes with a shell which is more or less like the Metasploit’s meterpreter. Give it a try and let us know what do you think.

If you have any correction, question or proposal, please let us know via our contact page.

» more | » comments rss | posted by pdp | syndication and integration ( )

Comments

Andres responds:

This morning I had some thoughts around the Metasploit and w3rf projects and how the GNUCITIZEN team can contribute some modules to make both of them even more powerful.

I suppose that w3rf is a typo of w3af, if I’m right, I must say that all the contributions that you guys can make to w3af are welcome.

Please contact me privately if you wish to contribute with plugins. Some ideas:
- an attack plugin to exploit XSS vulnerabilities ?
- attackAPI integrated with w3af ?
- beEF ported to python ?

I would really enjoy working with “the javascript guys”.

pdp responds:

:) javascript guys?, javascript is just my latest toy… but I will contact you if I have something solid, though I was just brainstorming.

Megaemce responds:

Maybe it’s guilt of my computer, but it’s not working. When I looked at error messages I can’t say anything except: this program is leaky like a Dutch’s cheese

pdp responds:

Megaemce, absolutely. It is Feta cheese. Nevertheless, I though that the implementation is interesting mainly because it opens many doors for developing many diverse systems on the top of it, etc. The reason why you fail to run the framework is probably because of path issues. You need the JDK as your JAVA_HOME as well.

benny responds:

hackblood

jacksmadi responds:

an attack plugin to exploit XSS vulnerabilities , already exists :P

we need more advance sir , anyway damn nice project i like it

pdp responds:

well, I am just brainstorming here. but yes, the potentials are there. though, someone needs to take over this project as I practically don’t have any time.

Respond

In order to preserve the high standards of GNUCITIZEN, before you post a comment, please take note of the following guidelines:

Commenting is provided as a courtesy only.
Please be brief and relevant to the post.
Please be polite even in disagreement with us or others.
Support claims you wish to make using sources and links.
No personal attacks, name calling, or commercial commenting.
Anyone creating false or multiple identities will be banned.
If you don't have a cogent argument, you will be censored.
If you are purposefully deceptive, you will be censored.
No spamming or flooding.

We appreciate your time and effort in contributing to GNUCITIZEN.

name: (required)

mail: (required)

website:

comment:

GNUCITIZEN Products

	Blogsecurify is a division of GNUCITIZEN. The initiative was established to provide social media security services through our free automated testing engine. The Blogsecurify team is also engaged to deliver quality content on issues concerning social media technologies.
	Netsecurify is a division of GNUCITIZEN. The initiative was established to provide network security services through our free automated testing engine. The service is still in private-beta.
	Websecurify is a division of GNUCITIZEN. The initiative was established to provide a free web application security framework for automated and manual penetration testing. The service is still in private-beta.
	Secapps serves as an application directory of all online tools which the GNUCITIZEN team has built over the years.
	Securls serves as an information security intelligence tool, combining news and articles from the best information security resources online.

Visit the GNUCITIZEN Network for a complete listing of all GNUCITIZEN initiatives, products and partnering organizations.

GNUCITIZEN

Navigation