Archive

Archive for October, 2016

LibreOffice Base to View Access DB

October 20, 2016 Leave a comment

This is a summary of a post found on askubuntu.com.  Useful for opening up an acquired accdb file on Debian/Ubuntu.

One-time setup:

  1. Make sure LibreOffice Base is installed – sudo apt-get install libreoffice-base
  2. Download UCanAccess and extract it – http://ucanaccess.sourceforge.net/site.html
  3. Launch LibreOffice (not Base, just the main launcher)
  4. Tools > Options > Advanced > Class Path
  5. Add Archive: /root/Downloads/UCanAccess-3.0.7-bin/loader/ucanload.jar
  6. Close LibreOffice Launcher

Per-Database setup:

  1. Launch Base
  2. Connect to an existing DB (JDBC)
  3. Datasource URL – jdbc:ucanaccess:///path/to/.accdb/file
  4. JDBC driver class – net.ucanaccess.jdbc.UcanloadDriver
  5. Next, leave blank
  6. Finish/Save
Categories: linux Tags: ,

Spear Phishing Setup with IceDove/Thunderbird

October 19, 2016 Leave a comment

For spear phishing I’ve recently found quite a few benefits with using IceDove on Kali (similar to Thunderbird, same settings below should apply). If you register a domain name with namecheap.com, you can get free email for two months, WHOISGuard is free, and Premium DNS is an extra $5, a rather inexpensive setup.  Adding a new account is pretty straightforward as well.  However, when you add the account, you have to set up your name as the email address at first.  Once it’s setup, you can go back and change it to display whatever name you want.

icedove_newaccount

Once that’s setup, you can also change how the email address actually appears in your target recipient’s mailbox.  The following will show up as coming from bill.gates@microsoft.com.  If the person chooses to reply (or look closer at the email headers), the reply message will be sent to the Reply To address (and will be displayed in the To address of the reply email):

icedove_replyto

One other beneficial feature is the Send Later Add-on (Tools > Add-ons) that will allow you to queue up emails to be sent at whatever odd hours are required to get your phish in the desired email box at a reasonable time in the target time zone:

icedove_sendlater

Categories: Security Tools, Social Engineering Tags:

Format Long String for VBA with Python

October 15, 2016 Leave a comment

The following python script was useful when I had a long payload that I needed to add into a VBA macro.  It takes the string and then breaks it up into lines that can be added to the VBA.  VBA rules won’t let you have more than 25 line continuations and there’s also a certain length of string that can be in there as well.  The solution largely came from one of the responses here – http://stackoverflow.com/questions/9475241/split-python-string-every-nth-character .  The ‘320’ value is the number of characters I decided to make each line, you could easily make the script figure out how many characters per line were needed to keep within VBA’s boundaries.

text = "superlongstringtobreakup"

def split_by_n( seq, n ):
    """A generator to divide a sequence into chunks of n units."""
    while seq:
        yield seq[:n]
        seq = seq[n:]

commandlist = list(split_by_n(text,320))

f = open('powershell32_vba.txt', 'w')

for line in commandlist:
    f.write('& "' + line + '" _\n')
Categories: Scripting Tags: , , , ,