Archives for : Hidden

    Nmap Examples

    Some Nmap examples I thought I would post.

    Scanning past Watchguard Firewalls: nmap -sS -iL targetlist.txt -P0 -sV -T4

    Verbose Scan: nmap -v

    This option scans all reserved TCP ports on the target machine. The -v option enables verbose mode.

    nmap -sS -O /24

    Launches a stealth SYN scan against each machine that is up out of the 256 IPs on “class C” sized network where Scanme resides. It also tries to determine what operating system is running on each host that is up and running. This requires root privileges because of the SYN scan and OS detection.

    nmap -sV -p 22,53,110,143,4564 198.116.0-255.1-127

    Launches host enumeration and a TCP scan at the first half of each of the 255 possible eight-bit subnets in the 198.116 class B address space. This tests whether the systems run SSH, DNS, POP3, or IMAP on their standard ports, or anything on port 4564. For any of these ports found open, version detection is used to determine what application is running.

    nmap -v -iR 100000 -PN -p 80

    Asks Nmap to choose 100,000 hosts at random and scan them for web servers (port 80). Host enumeration is disabled with -PN since first sending a couple probes to determine whether a host is up is wasteful when you are only probing one port on each target host anyway.

    nmap -PN -p80 -oX logs/pb-port80scan.xml -oG logs/pb-port80scan.gnmap

    This scans 4096 IPs for any web servers (without pinging them) and saves the output in grepable and XML formats.

    Instead of limiting ourselves to scanning just one target., let’s broaden our horizon’s to bigger and better things. In example 2 we used our IP address to base a scan against. Using that address again we can get a look at numerous targets in our “community”. At the command line type the following (substituting a valid address of your choice of course):

    nmap -sT -O

    What this does is instruct nmap to scan every host between the IP addresses of and If you happen to find many interesting feedback results from this or a larger scale scan then you can always pipe the output into your choice of a human readable file or a machine parsable file for future reference by issuing the following option:

    To create a human readable output file issue the -oN command into your nmap string so that it would look similar to this:

    nmap -sT -O -oN sample.txt

    Rather have a machine parsable file? Enter the -oM to pipe the output into a machine parsable file:

    nmap -sT -O -oM sample.txt

    *Back when I was becoming aquatinted with all the nmap options, I ran my first large scale scan against 250 consecutive machines using an arbitrary number (nmap -sX -O -oN sample.txt XXX.XXX.XXX.0-250).To my great surprise I was confronted with 250 up and running virgin Linux machines. Another reason why Linux enthusiasts should NEVER become bored.

    -I This is a handy little call that activates nmap’s TCP reverse ident scanning option. This divulges information that gives the username that owns available processes. Let’s take a look (Note that the host has to be running ident). At the command line issue this command against your target, in this case our default Eve running Linux:

    -iR Use this command to instruct nmap to scan random hosts for you.

    -p Port range option allows you to pick what port or ports you wish nmap to scan against.

    -v Use verbosity to display more output data. Use twice (-v -v) for maximum verbosity.

    -h Displays a quick reference of nmap’s calls

    Now that we have looked at nmap’s three basic usage types and some of it’s other options, let’s mix and match them.

    nmap -v -v -sS -O

    This instructs nmap to use a maximum amount of verbosity to run a stealth scan and OS detection against all machines between IP addresses and This command will also require root privileges due to both the -sS and -O calls. Of course this will display a very overwhelming amount of data so let’s log our results into a human readable file for future reference:

    nmap -v -v -sS -O -oN sample.txt

    Now let’s make nmap run a stealth scan and instruct it to look only for machines offering http and ftp services between the addresses of and Once again we will log the output (I’m a log junkie) for future reference into a human readable file called ftphttpscan.txt:

    nmap -sS -p 23,80 -oN ftphttpscan.txt

    Remember the -iR option mentioned previously? Let’s use it to take a random sampling of Internet web servers using the verbatim example from nmap’s man page:

    nmap -sS -iR -p 80

    Last but certainly not least, while gleaning information, don’t forget to nmap yourself. Just type at the command line: nmap This is especially useful and recommended if you’re a newcomer to Linux and connected to the Internet via DSL or cable modem.

    Detect promiscuous network devices or sniffers on a network

    Old versions       nmap –script=promiscuous

    New Versions     nmap -sV –script=sniffer-detect

    Google Helps Find Webcam’s

    The below lines can be placed into Google to find hidden cams on the net.”ViewerFrame?Mode= 2400 video server”Live View / – AXIS” | inurl:view/view.shtml^ (motion-JPEG)”live view” intitle:axis”Network Camera NetworkCamera” intitle:”video server” inurl:LvAppl”EvoCam” inurl:”webcam.html””Live NetSnap Cam-Server feed””Live View / – AXIS””Live View / – AXIS 206M””Live View / – AXIS 206W””Live View / – AXIS 210″ Axis”MultiCameraFrame?Mode=Motion” inurl:cgistart”WJ-NT104 Main Page””MOBOTIX M1″ intext:”Open Menu””MOBOTIX M10″ intext:”Open Menu””MOBOTIX D10″ intext:”Open Menu” inurl:home/ inurl:home/ inurl:home/”sony network camera snc-p1″”sony network camera snc-m1″”Toshiba Network Camera” user login”netcam live image””i-Catcher Console – Web Monitor” changing room index/shtml/home’your frame?mode=motion’”viewframe?mode=refresh” inurl:/view/shtml hacks“inurl:”view from?mode=refresh””nurl:viewerframe?mode=refresh””viewerframe?mode=” naked adult”viewerframe? mode= refresh” inurl”viewframe?mode=refresh””viewerframe?mode=” live webcams”view/index.shtml mobotix camera view school”refresh porn“inurl: /shtml””viewerframe?mode motion” motion

    A link to others

    The EDinburgh Great Shiraz Challenge

    Kerry and I went along to the EDinburgh Cellars Great Shiraz Challenge.

    Between Kerry and I we tasted more than 25 great wines over a harrowing 2.5 hours of hustle and bustle in a huge tent in the ED’s carpark. It was great, we both thought that it was well worth the $30/head entry fee.

    One of the great things was the amount of large and small wine companies presenting their spoils. Refreshingly many of the tasting areas were manned by the wine maker, winery owner or someone of similar stature. This made for great conversations and allowed us to find other great non-mainstream wineries on the day.

    As Kerry (Wine group – 9yrs) and I (Corporate) both worked for SouthCorp (Prior to Fosters), we agreed that we would be looking for the special wines of the day. Well we did grab an RWT on the way out as the last tasting for the day – we are not stupid.

    We had a great day overall and purchased and ordered some great wins at the Cellars after the event.

    It was great catching up with Barb and Karel from Lengs and Cooter Wines and taste some of their great wines. Barb used to work at SouthCorp for many years and Karl worked at Telstra, but Kerry and I agree that they make great wines.

    Of the wines in the winning list below our favourites are:

    2006 Woodstock “The Stocks” Shiraz

    2004 Bullers Caliope Shiraz

    2006 Hentley Farm “The Beast” Shiraz

    2005 d’Arenberg Dead Arm Shiraz

    2006 Glaetzer ‘Bishop’ Shiraz

    Other top votes from us for the day are:

    2008 Mike Press Adelaide Hills Shiraz (It’s been a long time since we’ve tasted such a good cheap wine)

    2007 Honey MoonVineyard Adelaide Hills Shiraz

    2004 Lengs & Cooter Old Vines Shiraz

    2004 Lengs & Cooter Reserve Shiraz

    2005 Artful Dodger Barossa Shiraz

    2007 Veronique Regions Shiraz

    2006 Cape Jaffa La Lune Biodynamic Shiraz

    2006 Ceravolo Sparkling Shiraz

    2007 Yelland & Papps Greenock Shiraz

    Results – Shiraz Challenge

    Shiraz Day 2008 was a massive hit, with a record crowd of over 900 slurping through a field of just over 300 Shiraz. As always, we ask attendees to vote for their favourite wine of the day, and congratulations goes to Clarendon Hills for their superbly compelling 2006 Liandra Shiraz. Here’s the full list of the Top 20:

    2006 Clarendon Hills Liandra Syrah

    2005 Torbreck Factor Shiraz

    2005 Langmeil Freedom 1843 Shiraz

    2006 Hentley Farm ‘The Beast’ Shiraz

    2005 Whistler Reserve Shiraz

    2006 Penfolds RWT Shiraz

    2005 Wild Witch Shiraz

    2005 d’Arenberg Dead Arm Shiraz

    2005 Dutschke St Jakobi Shiraz

    2006 Woodstock ‘The Stocks’ Shiraz

    2006 Brick Kiln Shiraz

    2004 Bullers Caliope Shiraz

    2006 Hentley Farm ‘The Beauty’

    2005 Pikes ‘The E.W.P’ Shiraz

    2004 Paracombe Somerville Shiraz

    2006 Kalleske Greenock Shiraz

    2005 Bendbrook Goat Track Shiraz

    2004 Penfolds St Henri Shiraz

    2004 Bethany Wines GR9 Reserve

    2005 Paxton EJ Shiraz

    TOP 20 UNDER $30:

    2005 Tin Shed Melting Pot Shiraz

    2004 Carlei Estate ‘Green Vineyard’

    2004 Majella Shiraz

    2007 Torbreck Woodcutters Shiraz

    2005 Hugo Shiraz

    2006 Tar & Roses Shiraz

    2004 Whistler Shiraz

    2005 2 Mates Shiraz McLaren Vale

    2005 d’Arenberg Footbolt Shiraz

    2006 Mitolo Jester Shiraz

    2006 Guichen Bay Vineyards Reserve

    2006 Pirathon Shiraz by Kalleske

    2006 Scarpantoni Block 3 Shiraz

    2006 Naked Run Barossa Shiraz

    2006 Bird in Hand Shiraz

    2006 O’Leary Walker Shiraz

    2006 Glaetzer ‘Bishop’ Shiraz

    2007 Paxton Quandong Shiraz

    2006 Trevor Jones ‘Boots’ Shiraz

    2005 Dutschke Gods Hill Road Shiraz


    Secure Application Development links


    I have been putting some secure application development documents together recently and have found some good general tutorials and guidelines which I thought I would post here.

    Best Practices

    Other Resources

    Hidden Skype Emoticons

    Recently I came across a site which had some of the Skype Hidden Emoticons.
    As I was interested in identifying if this was an exhaustive list I loaded the skype.exe file into a HEX editor to have a look around.

    Here is what I found:

    (inlove) (love) (cry) (surprised) (smile) (cool) (wink) (sweat) (sad) (surprised) (speechless) (kiss) (tongueout) (wonder) (snooze) (dull) (inlove) (love) (grin) (talk) (yawn) (puke) (angry) (wasntme) (party) (worry) (mm) (mmm) (mmmm) (nerd) (wave) (hi) (bye) (call) (devil) (angel) (envy) (wait) (hug) (bear) (makeup) (kate) (chuckle) (giggle) (clap) (think) (bow) (rofl) (whew) (happy) (smirk) (nod) (shake) (punch) (emo) (y) (Y) (ok) (yes) (n) (N) (no) (handshake) (skype) (ss) (h) (H) (l) (L) (heart) (u) (U) (brokenheart) (e) (m) (mail) (F) (f) (flower) (rain) (london) (sun) (o) (O) (time) (clock) (music) (~) (film) (movie) (mp) (ph) (phone) (coffee) (pi) (pizza) (cash) (mo) ($) (flex) (muscle) (^) (cake) (beer) (bricklayers) (d) (D) (drink) (dance) (ninja) (*) (star) (mooning) (finger) (bandit) (drunk) (smoking) (smoke) (ci) (toivo) (rock) (headbang) (banghead) (poolparty) (hrv) (swear) (bug) (fubar) (tmi) (heidy) (myspace)

    This is what they look like when included in a Skype message:

    Here are then smilies:
    😀 😀 :=D :d :-d :=d 🙂 🙂 :=) 😎 8=) B-) B=) 😉 😉 ;=) ;( ;-( ;=( (:| :O :-O :=O 😮 😮 :=o 😐 😐 :=| 😛 😛 :=P :p :-p :=p :^) |-) I-) I=) ]:) >:) :& :-& :@ :-@ :=@ x( x-( X( X-( x=( X=( :S :s :-s :-S :=s :=S 8-| B-| 8| B| 8=| B=| 😡 😡 :X :-X :# :-# :=x :=X :=# 😕 😕 :=? o/ :D/ :d/

    References to Skype Flags