0x0Lab Blog Just another damn blog


DNS Brute Force

Posted by neuro

This python program, bfdomain.py, was written to identify valid hosts of a domain that deny zone transfers.
Tagged as: Continue reading


Posted by cirrus

I've always wondered why Nmap didn't have a DNS brute-forcing script. Some months ago I decided to have a look at the scripting engine, and make one.

Tagged as: , , Continue reading

Oracle Auditing Toolkit

Posted by neuro

The Oracle Auditing Toolkit can be used to audit security within Oracle database servers. The toolkit consists of the following tools, written in Python:

  • Sidguesser
  • deforabf
  • orabf
Filed under: Security Continue reading

HDD Kicker

Posted by sque

Circuit Overview

Last month I experienced one of the worst but most common feeling of people relying too much on computers. I had a hard disk failure. It started with a few bad sectors and like a cancer, HDD became almost inoperable. I used ddrescue to backup the contents of the disk to another one, but quite often the disk stuck, and every following action resulted only to a new entry at /var/log/messages with "Hardware Failure" KQC. The only solution was to unplug the power from the HDD and replug it, so that ddrescue could continue backing up the disk. After 30 times doing this, I understood that due to the frequency of this hardware failures, it was impossible for me to monitor the system and reset hard disk.


Apple Ping Privacy Concerns

Posted by cirrus

After the launch of the new iTunes and the brand new music social network, I decided while trying it, to check out the privacy settings, and what kind of HTTP requests are send.



Posted by sque


Its early morning, I woke up and I crawl to the kitchen. The only thing that comes in my mind is a warm milky coffee! I start making the coffee, and heat up some milk at the microwave oven. I don't know the reason but this would not be an ordinary day for me. Suddenly, the microwave oven does a weird sound, the light starts to flicker and a nasty smell came out of this fucking piece of metal! No warm milky coffee for this day!


Cables intelligence

Posted by zero

Wikileaks started publishing leaked cables from US embassies around the globe. They say that a total of 251,287 cables will be made public. 0x0lab started looking at the contents!!


SSH honeypot

Posted by cirrus

I've been running an SSH honeypot for around a month now.
So let's have a look at the stats.

Filed under: Security Continue reading

Iraq War Logs In Numbers (2004-2009)

Posted by neuro

From Wikileaks.org web site:

"At 5pm EST Friday 22nd October 2010 WikiLeaks released the largest classified military leak in history. The 391,832 reports ('The Iraq War Logs'), document the war and occupation in Iraq, from 1st January 2004 to 31st December 2009 (except for the months of May 2004 and March 2009) as told by soldiers in the United States Army. Each is a 'SIGACT' or Significant Action in the war. They detail events as seen and heard by the US military troops on the ground in Iraq and are the first real glimpse into the secret history of the war that the United States government has been privy to throughout."

In this post I present this endless insane war in numbers (again). All numbers were taken from "Iraq War Logs" and manipulated using a MySQL database. It must be noted that "Iraq War Logs" was the largest classified military leak in history.

Filed under: General Continue reading

HackAri – HackBar for Safari

Posted by cirrus

I've been using the excellent HackBar add-on for Firefox for some time now.