…..pixie dust pixie dust every where you look
Mar 172016
Feb 172016
This is a silly script but you would be surprised how many times a day I have to do this and no matter how many times I type the command, I always get it wrong (or more than likely I forget to escape something). Its also interesting to note that the scripts I find silly are usually the ones that are the most popular on this site….so here it is.
Basically, if you copy and paste this script into a file and run it, it will give you the exact date and time in the sed command to run to search all lines in a log file from the previous hour to now and save it to another file.
Mar 162015
I used rips for many years to help with auditing source code. Lets face it, anytime you can automate a mundane task such as source code auditing, you free up time for other things to be done…..plus if you have ever stared at source code for 14+ hours straight reading line by line by line ….. you know how well automation helps save your vision.
Anyways, today I found a new project at github and wanted to document how I set it up. One thing to keep in mind is that this is a relatively new project, and with any new project of this size and scope … we can generally expect a few things …. lots of development changes and false positives. Even with this being known, I still love the direction the project is already moving … so lets begin.
Feb 262014
I generally do most everything from a shell. I also generally script things when I can. However, I wanted to see changes made to arachni web interface and it had been a while since I used it. I’m not sure if this is automated via the links included in kali linux or not, I just know that when I went to fire up arachni_web it failed and this is how I fixed it.
Continue reading »
Dec 042013
I often review various vulnerability scanners. When I review them, I look at several different things:
- were they able to find a vulnerability I previously missed?
- are they accurate in their findings?
- how quickly do they complete an audit compared to “insert some other vulnerability scanner here”?
- sometimes I will also grab the tcpdumps of the audits for even further analysis
- how accessible and easy are they to use by “skiddies”?
- based on the tcpdumps + noise generated on the server logs, are the audit signatures of wapiti easy to detect?
Oct 272013
This is a really simple fix which will block the user enumeration on a wordpress site (like the method by wpscan).
Before I get into this, I am very well aware of the IfIsEvil page on nginx wiki. But it also says on this page, “The only 100% safe things which may be done inside if in location context are: return and rewrite as the last statement in a location block” With that in mind, we are going to use ONLY rewrite as the last statement in our location block.
Jun 062013
This is a trick I learned a long time ago. I used to teach it in my linux administration, digital forensics, and ethical hacking courses I taught at college. It has been one of the most useful commands I ever learned. So the scenario goes like this: lets assume you have a user you suspect is doing something nefarious…maybe even a hacker has a shell on your server. You would like to be able to see exactly what they are doing. Wouldn’t it be nice to be able to connect to their shell without them knowing so you can watch what they are doing?
Here is how it is done…..
May 182013
A long time ago, I created a database to hold passwords and their respective hashes for some 16 various hash types. It has approximately 310,261,848 passwords for each type and is growing nearly every day as more password lists become available. I found a pretty quick way to generate the hashes for these wordlists and wanted to share how it is done. These hashes only work with unsalted/unpeppered passwords.
First, lets look at my table schema, which is very simple and very effective. It uses an index on the hash + password column so there can not be any two hashes+passwords that are the same. The types table is a simple lookup table that references data.type 1 to a name like DES. The primary key is on the name column. I don’t claim to be a db administrator so if you spot any errors, let me know.
Feb 102013
My desktop computer is a couple of years old. It serves me well for what I do. I just got a new laptop. In terms of hardware, the laptop is much different. The desktop is a quad-core AMD 900 series with an ATI 4500 series gpu running backtrack 5r3. It has 8GB of memory and standard SATA drives. The laptop is an Intel i7 cpu, with SSD drive, NVIDIA 660M gpu, and 8GB memory running backbox 3. The internal SATA drive is slow as fuck (just putting that out there). I have the OS on the SSD drive and my home folder on the SATA drive.
Here are the specs as seen by pyrit list_cores from each along with the benchmark tests:
Feb 052013
So I wrote this script because I often need to run tcpdump on a remote host and then view it in wireshark. The old method was to run tcpdump on remote host, scp/rsync the file back to my local machine, open it in wireshark, view it. This script saves a lot of time. It assumes you are logging in as root and will need modified if you are running as a normal user (change root to your username and make sure you have sudo privileges for tcpdump)
#!/bin/bash
# By Ed Wiget
# This runs tcpdump on a remote hosts and pipes it back locally to wireshark to view in realtime
# 20130205 - original script
if [ $1 == "" ]; then
echo "What is the remote host by fqdn, i.e. server1.domain.com"
read RHOST
else
RHOST=$1
fi
wireshark -k -i <( ssh -l root ${RHOST} /usr/sbin/tcpdump -i eth0 -w - )
# after you kill wireshark, the tcpdump still runs on remove host...we need to kill it
PIDOF=`ssh root@${RHOST} "ps aux | grep [t]cpdump" | awk -F" " '{print$2}'`
echo "killing pid ${PIDOF} on ${RHOST}...please wait...."
ssh root@${RHOST} "pkill tcpdump"
# now we make sure it is killed
PIDOF2=`ssh root@${RHOST} "ps aux | grep [t]cpdump" | awk -F" " '{print$2}'`
if [ ${PIDOF2} == "" ]; then
echo "pid check returns ${PIDOF2}"
else
echo "pid check returns ${PIDOF2}"
fi