VirusTotal.com, possible the best malware analysis service on the web, has a application for Windows called “VT Uploader” which sends selected file to VirusTotal.com for analysis. Unfortunately they don’t have a similar program for OSX… Well, here is how I implemented the same functionality using Automator in OSX .

First off you need an API key for VirusTotal.com, which you get by register yourself on the website (found in your Inbox -> Public API).

Second you need the Python script from Bryce Boe that uploads a file to VirusTotal.com. Make sure that you put your API key into the code (API_KEY variable) and run it from the command line to make sure that you have all the Python dependencies:

$ /usr/bin/python virustotal_report.py eicar.com

You can download the simplejson dependency by using the easy_install utility like this:

$ sudo easy_install simplejson

When you have the prerequisites you start a new “Service” project in Automator. Create a new “Run Shell Script” action and choose the shell “/usr/bin/python”. Paste the code from Bryce Boe’s site in the “Run Shell Script” editor.

Select “Pass input: as arguments” on the top right of the action window.

Finally you select “Service receives selected files or folders in Finder”.

Save the project at “Send to Virustotal”, and you have a nice menu item for it in Finder:

Until next time .

I found this cool Automator script for OSX that allows you to paste text from your selection to Pastebin.com.

The steps provided in the original article was a bit difficult to follow at first so here is a visual walkthrough how to do it:

Start the Automator application

Create a new “Service” application

Drag a “Run AppleScript” action to the workflow workspace

Paste in the code from https://gist.github.com/761482 into the “Run AppleScript” code window

Then I created a “Copy to Clipboard” action

Then I made sure that the actions are “Service receives selected text in any application” and “Input is entire selection” with “Output replaces selected text” unchecked.

Finally I saved the file as “Pastebin.bin.workflow”.

when you select some text and right-click you get a nice option of sending the selected text to Pastebin.com:

Many thanks to Marc Abramowitz for his very nice blog entry. I haven’t been looking at Automator before but now I think I will automate a lot of tasks in OSX .

When you go to the ConVirt console you are greeted by a login screen:

The default username and password is admin/admin.

As you can see I have several machines already running. Let’s try out this system migration I talked about in an earlier blog post.

First you select the machine you want to move:

and then you right-click on it

and select “Migrate Virtual Machine”. Select where you want it migrated to:

In this example I will migrate it to “hunter”. Confirm that you want to migrate the virtual machine:

After confirming that you want to move the virtual machine to the other server you just need to sit back and in a few seconds the machine will pop up on “hunter” with almost no down-time at all.

That’s all for this time, join me next time when I discuss more part of my home lab.

This is a quick hack I’ve done on Zynga’s “Vampires” game on the iPhone. One of the parameters of becoming powerful in the game is to have a large clan (friends) in the game. As there is no downside with being clan-member with people outside your normal social sphere (like the loss of privacy) people have published their player IDs on the net in the hope that people will add them.

The thing is that adding members to your clan is a tedious effort, where you can add a member perhaps every 30 seconds if you are really fast. Still, adding hundreds of members is something that I rather not do manually. Luckily for me I didn’t need to.

First off I sniffed the traffic between the iPhone and Zynga’s servers while playing the game and especially took note how the “add player to clan” message looked like. It looked something like this:

{"purchase_level":0,"accept_codes":["PLAYER_TO_ADD"],"zid":"8:14103891","client_version":"1.72","gids":[46],"data":{},"ipid":"IPHONE_ID","gid":46}

The nice thing is that it is not protected against replay attacks, so I can post the same message over and over again with a list of clan members to add.

So lets get the second piece of the puzzle and grab some player IDs. I grabbed almost 1200 player IDs from http://mycodelive.com/vampires#ids and put them in a text-file called “vampires.txt”. I then wrote a little bash-script around curl that looks like this:

#!/bin/bash
for VAMP_ID in `cat vampires.txt`
do
        POST_DATA1='{"purchase_level":0,"accept_codes":["'
        POST_DATA2='"],"zid":"8:14103891","client_version":"1.72","gids":[46],"data":{},"ipid":"IPHONE_ID","gid":46}'
        POST_DATA=${POST_DATA1}${VAMP_ID}${POST_DATA2}


 
        curl \
            --user-agent "Vampires/1.72 CFNetwork/485.13.9 Darwin/11.0.0" \
            --data-binary ${POST_DATA} \
            http://net.iphone.zynga.com/net/group/accept.php?zsig=A79D802A730CE31B1AC5853615AD87A0
done

You need to replace IPHONE_ID with your iPhone ID (you can grab it by sniffing the traffic just like how I did it).

I hope that you will use this successfully and get as large clan as I have now .

PS:

Just to be clear: The player IDs from http://mycodelive.com/vampires#ids are from people who wants to be added to your clan so in their turn get a larger clan for the game (if I add you to my clan I automatically becomes added to your clan as well). The “hack” in this is that I automated the process of adding people to my clan. I am lazy, but in a good way.

I recently blogged on how I “cheated” (a.k.a. automated) on adding members to my clan in Zynga’s Vampire game on the iPhone over at Omegapoint Security Lab blog. Check it out!