May 312013

Mostly doing this article as a note for the correct way to install java jdk or runtime for kali or debian wheezy.

Download either the jdk or jre tar.gz package from oracle

Install the java-package from debian

apt-get install java-package

Continue reading »

May 182013

A long time ago, I created a database to hold passwords and their respective hashes for some 16 various hash types.  It has approximately 310,261,848 passwords for each type and is growing nearly every day as more password lists become available.  I found a pretty quick way to generate the hashes for these wordlists and wanted to share how it is done.  These hashes only work with unsalted/unpeppered passwords.

First, lets look at my table schema, which is very simple and very effective.  It uses an index on the hash + password column so there can not be any two hashes+passwords that are the same.  The types table is a  simple lookup table that references data.type 1 to a name like DES.  The primary key is on the name column.  I don’t claim to be a db administrator so if you spot any errors, let me know.

Continue reading »

Feb 052013

So I wrote this script because I often need to run tcpdump on a remote host and then view it in wireshark.  The old method was to run tcpdump on remote host, scp/rsync the file back to my local machine, open it in wireshark, view it.  This script saves a lot of time.  It assumes you are logging in as root and will need modified if you are running as a normal user (change root to your username and make sure you have sudo privileges for tcpdump)

# By Ed Wiget
# This runs tcpdump on a remote hosts and pipes it back locally to wireshark to view in realtime
# 20130205 - original script
if [ $1 == "" ]; then
	echo "What is the remote host by fqdn, i.e."
	read RHOST
wireshark -k -i <( ssh -l root ${RHOST} /usr/sbin/tcpdump -i eth0 -w - )
# after you kill wireshark, the tcpdump still runs on remove host...we need to kill it
PIDOF=`ssh root@${RHOST} "ps aux | grep [t]cpdump" | awk -F" " '{print$2}'`
echo "killing pid ${PIDOF} on ${RHOST}...please wait...."
ssh root@${RHOST} "pkill tcpdump"
# now we make sure it is killed
PIDOF2=`ssh root@${RHOST} "ps aux | grep [t]cpdump" | awk -F" " '{print$2}'`
if [ ${PIDOF2} == "" ]; then
	echo "pid check returns ${PIDOF2}"
	echo "pid check returns ${PIDOF2}"

Oct 312012
# By Ed Wiget
# This script grabs the latest nmap, zenmap, ncat, nping in rpm format and converts them to deb
# 20121031 - original script
# the version we are grabbing
# the architecture we are using
# our working dir
# check if it exists and if not, create it
if [ ! -d ${TEMP_DIR} ]; then
	mkdir -p ${TEMP_DIR}
# check to make sure alien is installed and if not, install it
if [ ! -f /usr/bin/alien ]; then
	sudo apt-get install alien
# cd to the working dir
cd ${TEMP_DIR}
# 386 files
# x86_64 files
# no arch
# grab the files
wget -O ${TEMP_DIR}/nmap-${VER}.${ARCH}.rpm${VER}.${ARCH}.rpm
wget -O ${TEMP_DIR}/ncat-${VER}.${ARCH}.rpm${VER}.${ARCH}.rpm
wget -O ${TEMP_DIR}/nping-0.${VER}.${ARCH}.rpm${VER}.${ARCH}.rpm
wget -O ${TEMP_DIR}/zenmap-${VER}.noarch.rpm${VER}.noarch.rpm
# remove any deb files currently in this dir
rm -f *.deb
# convert the downloaded files to deb
sudo alien nmap-${VER}.${ARCH}.rpm
sudo alien ncat-${VER}.${ARCH}.rpm
sudo alien nping-0.${VER}.${ARCH}.rpm
sudo alien zenmap-${VER}.noarch.rpm
# install the packages
sudo dpkg --install *.deb

Jul 272012

Glastopf is a web application honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications.  The principle behind it is very simple:  Reply the correct response to the attacker exploiting the web application.

This article is mostly to cover the installation, setup, usage, etc


Continue reading »