Creating Password Hashes From Wordlists And Storing Them In a Database

 Debian, Hå¢kïñg, Kali, Lïñµx, Rê§êår¢h, Uncategorized, §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ, †êå¢hïñg, †µ†ðrïål§  No Responses »
May 182013
 

A long time ago, I created a database to hold passwords and their respective hashes for some 16 various hash types.  It has approximately 310,261,848 passwords for each type and is growing nearly every day as more password lists become available.  I found a pretty quick way to generate the hashes for these wordlists and wanted to share how it is done.  These hashes only work with unsalted/unpeppered passwords.

First, lets look at my table schema, which is very simple and very effective.  It uses an index on the hash column so there can not be any two hashes that are the same.  The types table is a  simple lookup table that references data.type 1 to a name like DES.  I don’t claim to be a db administrator so if you spot any errors, let me know.

Continue reading »

Dotster Service

 Uncategorized, §¥§†êm ÄÐmïñ阮rå†ïðñ  No Responses »
Apr 192013
 
edwiget.name-dotster1

I have used dotster.com for dns registration since about 1999.  About two years ago, I transferred most of my domains to godaddy due to poor service.  I recently needed to update dns records for this domain, edwiget.name.  Godaddy doesn’t support .name tld’s so I had to leave this domain at dotster.  I had used dotster strictly for dns registration, and always pointed to my own name servers.  I needed to update nameserver information yesterday and it has turned into a nightmare.

Continue reading »

The wordpress botnet attack

 Apache, Hå¢kïñg, Lïñµx, ñgïñx, wordpress, §¥§†êm ÄÐmïñ阮rå†ïðñ  No Responses »
Apr 182013
 

Some of the posts I am seeing on the internet regarding the wordpress password crack via botnet is pretty funny as various people offer suggestions to fix the problem.  The quickest fix is simple and although it protects the wp-admin page, it wont protect you from the inbound traffic or sql injection.

Continue reading »

One of the things I hate about hybrid graphics in linux

 Lïñµx, §¥§†êm ÄÐmïñ阮rå†ïðñ  No Responses »
Apr 062013
 

I am all about performance and speed.  I even go so far as to test various ways of doing things in bash (or other programming languages) to optimize the code so it runs faster or more efficiently.  I optimize services in the same matter.  With my fairly new laptop, it has one of the hybrid graphics cards – intel + nvidia.  It works with bumblebee….and cuda….for the most part.  Simply running ‘optirun command’ switches to the nvidia graphics card which gives much better performance, not only in graphics intensive stuff…..but even bash shell.

Example:  running a simple ‘time ls -la’ in a directory containing  1590 items

real	0m0.095s
user	0m0.012s
sys	0m0.008s

Example 2: running ‘optirun xterm’ and then running the same command ‘time ls -la’ in the same directory in the new nvidia xterm:

real    0m0.015s
user    0m0.000s
sys     0m0.012s

And even the glx tests are much faster:

$ glxspheres 
Polygons in scene: 62464
Visual ID of window: 0xa4
Context is Direct
OpenGL Renderer: Mesa DRI Intel(R) Ivybridge Mobile 
60.131595 frames/sec - 67.106860 Mpixels/sec
31.846655 frames/sec - 35.540867 Mpixels/sec
31.377641 frames/sec - 35.017447 Mpixels/sec
31.636594 frames/sec - 35.306439 Mpixels/sec

and:

$ optirun glxspheres 
Polygons in scene: 62464
Visual ID of window: 0x21
Context is Direct
OpenGL Renderer: GeForce GTX 660M/PCIe/SSE2
153.415397 frames/sec - 171.211583 Mpixels/sec
158.583456 frames/sec - 176.979136 Mpixels/sec
161.016123 frames/sec - 179.693993 Mpixels/sec
158.156824 frames/sec - 176.503015 Mpixels/sec

To me, this is enough of a performance improvement to use the nvidia graphics card always.  Except, there is no way to do that in the new laptop…..at least that I have figured out.

Kali: Add kernel 3.8.5 to fix bbswitch issue

 Hå¢kïñg, Kali, Lïñµx  No Responses »
Apr 052013
 

bbswitch is not compatible with the kernel included with kali linux.  The easiest fix is simply to upgrade to kernel 3.8.5 from debian experimental to fix this issue:

Basically I downloaded these packages manually:

initramfs-tools_0.110_all.deb
linux-headers-3.8-trunk-all-amd64_3.8.5-1~experimental.1_amd64.deb
linux-headers-3.8-trunk-amd64_3.8.5-1~experimental.1_amd64.deb
linux-headers-3.8-trunk-common_3.8.5-1~experimental.1_amd64.deb
linux-headers-3.8-trunk-common-rt_3.8.5-1~experimental.1_amd64.deb
linux-headers-3.8-trunk-rt-amd64_3.8.5-1~experimental.1_amd64.deb
linux-image-3.8-trunk-amd64_3.8.5-1~experimental.1_amd64.deb
linux-kbuild-3.8_3.8.2-1~experimental.1_amd64.deb

Then installed them:

sudo dpkg -i *.deb

Rebooted and all was well.

 

nginx: How to stop requests from specific ip to nginx sitting behind aws elb

 ÇlðµÐ, Diagnostics, Lïñµx, Monitoring, ñgïñx, §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ  No Responses »
Mar 162013
 

So one thing you learn pretty quick once you move into the cloud, is that what you normally would do to stop bots, rogue traffic, hackers, etc doesn’t quit work…even at the packet level.  What I mean is this, you have a web server sitting behind an aws load balancer and its under attack.  You are running linux.  First thing you do is set up an iptables rule to drop connections from that ip address.  The problem is, iptables never sees that ip address.  Iptables can’t look into packets.  Instead, it sees the load balancer ip address.  The ip address of the user is hidden in the x-forward-for.  So first thing you need to do is enable x-forward-for logging in your web server.  I will use nginx as an example:

Continue reading »

nginx: show active connections like apache status

 Diagnostics, Lïñµx, Monitoring, ñgïñx, §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ  No Responses »
Mar 092013
 

As I use nginx more and more, one of the things I miss is being able to see who is connecting to the server and the request they are making.  This is often helpful in determining attacks.  So, I basically wrote this script which does it.

#!/bin/bash
 
# By Ed Wiget
# This shows active GET and POSTS to port 80
# One of the things i hate about nginx is the lack of an apache style status page showing requests
# hence I wront this script....which does it at a network layer, using ngrep
 
# 20130308 - original script
 
## grep all HTTP GET or POST requests from network traffic on eth0 interface  ##
# sudo ngrep -l -q -d eth0 "^GET |^POST " tcp and port 80
 
if [ `which ngrep | head -1 | wc -l` == "0" ]; then
	echo "missing ngrep....please install"
	exit
fi
 
thing=1
 
until [ $thing = "0" ]; do
	# uncomment top line if you dont need x-forward-for
        #sudo ngrep -l -q -d eth0 "^GET |^POST " tcp and port 80
        # use the next line if you do need x-forward-for
	sudo ngrep -q 'X-Forwarded-For' tcp and port 80
	echo
	sleep 1;
done

Auto script: graylog2 + elasticsearch + mongo + passenger phusion for central logging

 Apache, Central Logging, Diagnostics, Lïñµx, Monitoring, Redhat, §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ  4 Responses »
Mar 062013
 

This was tested on centos 6.3.  It is running at approx 900 – 3,000+ log events per second from approx 30 hosts.

Current load is about 900 messages per second:  load average: 1.57, 1.35, 1.29 with 8GB memory.

With the above in mind, there was approx 165GB of log data after running for 4 days.

graylog.org web site

elasticsearch web site

mongo db

passenger phusion web site

logstash web site

I wrote a script in order to install a graylog2 central log server.  Its a one shot run and be done kinda thing…..

CHANGES20130309 – see notes in script

Continue reading »

Pyrit: Testing New Laptop vs Desktop

 Backbox, Hå¢kïñg, Lïñµx, Rê§êår¢h, ßå¢k†rå¢k, §¥§†êm ÄÐmïñ阮rå†ïðñ  No Responses »
Feb 102013
 

My desktop computer is a couple of years old.  It serves me well for what I do.  I just got a new laptop.  In terms of hardware, the laptop is much different.  The desktop is a quad-core AMD 900 series with an ATI 4500 series gpu running backtrack 5r3.  It has 8GB of memory and standard SATA drives.  The laptop is an Intel i7 cpu, with SSD drive, NVIDIA 660M gpu, and 8GB memory running backbox 3.  The internal SATA drive is slow as fuck (just putting that out there).  I have the OS on the SSD drive and my home folder on the SATA drive.

Here are the specs as seen by pyrit list_cores from each along with the benchmark tests:

Continue reading »

Backbox Linux: Making Update Downloads Faster

 Backbox, Lïñµx, §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ  No Responses »
Feb 092013
 

One thing I can’t stand is waiting on software to download.  I mean, I have a blazingly fast internet connection and I expect everything I do to be blazingly fast also.  So, one thing I noticed was my backbox linux installation was taking forever to download updates.  Looking into why, I noticed there were static addresses used in the /etc/apt/sources.list for ubuntu software repositories.

So here is how to fix it so that you always get the mirror closest to you:

Continue reading »

 Older Entries