May 252012
 

I do things the easiest way that gets the job done.  Someone asked me recently about mounting a shared windows drive in Linux from bash.  They stated they normally mount it through dolphin using:

smb://username:password@ip_address/SHARED_DRIVE

That works until you need to copy files via rsync or some other bash method.  The solution is actually very simple:

mount -t cifs //ip_address/SHARED_DRIVE /mnt/directory -o user=username,password=user_password_on_windows_share,uid=500,gid=500

Just be sure you replace uid=500 with the users id in linux and gid=500 with the users group id in linux in order to be able to write files/directories with the proper permissions.  Of course the mount directory, /mnt/directory, also must exist.

If you get an error about “mount error(12): Cannot Allocate Memory

the fix is:

Edit the windows registry

Set “HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\LargeSystemCache” to “1″.
 
Set “HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\Size” to “3″.
 
Restart the “server” service.

May 152012
 
#!/bin/bash
 
# By Ed Wiget
# This script sets up a proxy so that you can audit web servers anonymously over tor
# 20111113 - initial script (better method)
# enable next line for debugging
#set -x
 
echo "Please enter the ip address of the target host or a domain name"
read dom
 
# this checks to see if we set a domain name or ip address
# it sets the variable IP to the ip address of domain or ip entered
# if you are auditing more than .com, .net, .org, .edu addresses, you need to add them below
if [ "`echo ${dom} | egrep 'com|net|org|edu' | wc -l`" = "1" ]; then
		IP=`tor-resolve ${dom}`
	else
		IP=${dom}
fi
 
# for debugging to make sure we are setting IP correctly
#echo ${IP}
 
# here we set up a socat proxy listening on localhost port 8080
# it forwards any tcp requests to ${IP} port 80
# via the socks tor listening on localhost 9050
sudo socat TCP4-LISTEN:8080,fork SOCKS4:127.0.0.1:${IP}:80,socksport=9050 &
 
# the sleep is required or the check for listening fails below
sleep 2
 
if [ "`sudo netstat -ptane | grep 8080 | wc -l`" = "1" ]; then
	echo "proxy started successfully"
else
	echo "proxy not running"
	exit
fi
 
# here we are going to check port 80 for a web server which will likely tell us the
# operating system too via the results
sudo proxychains nmap -sT -PN -n -sV ${IP} -p80
 
# here we need to set up w3af_gui running as root in order to connect to our proxy
echo "when w3af opens, click on advanced target settings"
sleep 1
echo "set the target ip in w3af to http://127.0.0.1:8080"
sleep 1
echo "set the targetos and targetframework in w3af as returned by the nmap check above"
sleep 1
sudo /pentest/web/w3af/w3af_gui &

 

So now you can audit a web app using w3af.  If you wanted to use nessus or metasploit, just plug in the address as 127.0.0.1:8080

Apr 112012
 

When I reviewed memcached previously, I got faster performance with wp-cache than memcached…..but that was about 16 months ago.  So I decided to give it another run for the money on a few sites.  The installation is pretty simple….especially since I scripted most of it for you…..

Continue reading »

Feb 202012
 

If you run fix-splash on a backtrack installation and get:

$ sudo fix-splash
[*] Fixing Initrd
[*] Extracting Initrd
181100 blocks
cpio: File ./initrd grew, 46361600 new bytes not copied
181100 blocks
[*] Reboot and bask in the joys of BootSplash

The fix is really simple…..

Continue reading »

Feb 112012
 

Lets face it, John the Ripper has been around a long time and the reason its been around a long time is because its damn good at cracking passwords.  Yea, hashcat and oclhashcat are great for gpu cracking, but it doesn’t support as many algorithms as JTR.  So, imagine my surprise when I fire up John The Ripper on backtrack 5 64 bit and find out it is using a single CPU.  That is letting a potential 75% of my system sit there wanting to do something.  Luckily the fix is easier than fixing a sandwich.

If you already have jtr installed, you may want to see my john tips article.

First, lets grab the jumbo sourcecode….

Continue reading »

Feb 052012
 

When you upgrade pacman, you will get a message that says “run pacman –init” and when you do from a console (like on a remote server), you will then be presented with the following message:

# pacman-key --init
gpg: Generating pacman keychain master key...
 
Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 282 more bytes)

Continue reading »

Feb 042012
 

I created this because I always forget the command to enumerate snmp and I am often too lazy to read man pages 🙂

#!/bin/bash
 
# By Ed Wiget
# This script takes an input ip or domain and performs a snmpwalk using common community strings
# 20120204 - initial script
 
function proghelp (){
	echo ""
	echo ""
	echo "Help:"
	echo "./eds-smtpwalk.sh ip_address"
	echo ""
	echo "Example:"
	echo "./eds-smtpwalk.sh 127.0.0.1"
	echo ""
	echo ""
}
 
if [ $# -ne 1 ]
then
clear
proghelp
exit
fi
 
# set up the first input value
if [ "$1" == "" ]; then
 
        echo "What is the ip address to query?"
        read SVRIP
else
        SVRIP=$1
fi
 
if [ -f wordlist-common-snmp-community-strings.txt ]; then
	for COMSTG in `cat wordlist-common-snmp-community-strings.txt`
		do
# removed below in favor of auto list
# set up the second input value
#if [ "$2" == "" ]; then		
#        echo "What is the community string?"
#        read COMSTG
#else
#	COMSTG=$2
#fi
 
		snmpwalk -v2c -c ${COMSTG} $1 system
	done
 
else
 
echo "wordlist-common-snmp-community-strings.txt does not exist.......fetching now......please wait"
echo ""
wget http://fuzzdb.googlecode.com/svn/trunk/wordlists-misc/wordlist-common-snmp-community-strings.txt
echo ""
echo "please run again....."
fi

Jan 262012
 
#!/bin/bash
 
# By Ed Wiget
# This fixes dropbox sync issues on linux
 
# get a list of files executable now
find ~/Dropbox -type f -perm -u+x > /tmp/dropbox_files-`date +%Y%m%d`
 
# fix the permissions
sudo chown -R $USER ~/Dropbox
sudo chmod -R u+rw ~/Dropbox
sudo chown -R $USER ~/.dropbox
sudo chmod -R u+rw ~/.dropbox
 
# remove any conflicting files from the file list above step 1
grep -v -e "conflicted copy" -e "Case Conflict" /tmp/dropbox_files-`date +%Y%m%d` > /tmp/dropbox_files-`date +%Y%m%d`.txt
# set the executable permissions back
for files in `echo /tmp/dropbox_files-\`date +%Y%m%d\`.txt` ; do chmod u+x "${files}" ; done
 
# remove any files that are in conflict
find ~/Dropbox -type f -name \*"conflicted copy"\* -exec rm -f "{}" \;
find ~/Dropbox -type f -name \*"Case Conflict"\* -exec rm -f "{}" \;
 
# remove temp files
rm -f /tmp/dropbox_files-`date +%Y%m%d`
rm -f /tmp/dropbox_files-`date +%Y%m%d`.txt
Sometimes you will run into an issue where you have multiple computers that mysteriously stop syncing with dropbox. What I have found is it is almost always caused by 1 of 2 things……file permissions, conflicts. I have 8 devices syncing to my dropbox, and every single one of them are linux except for one. It seems as though anytime I use my sole Windows computer to add something to dropbox….the others mess up. I suspect an issue with linux file permissions and windows ntfs drives.

Anyways, this script will fix the problems. Make sure you adjust the path if your linux install does not have dropbox at ~/Dropbox.

Nov 302011
 

I have set up many laptops and netbooks with linux and have always used either full-disk encryption or ~/ encrypted.  Its really easy to do and ANY laptop/netbook/tablet/pad/whatever_next mobile device should be encrypted.  I won’t get into the mechanics of why, just do it.  The last article I wrote about this is no longer online (Maysville Linux Users Group, circa 2007) and it was much harder to accomplish back then, often requiring custom kernels to be compiled, etc.  Backtrack has “nearly” everything it takes right on the live cd.

Prerequisites

  1. A laptop
  2. bootable media (backtrack on usb stick, cdrom, some other distro, etc)
  3. Internet connection (backtracks only requirement is to download two files)

Continue reading »

Nov 232011
 

I have been using cluster ssh on and off for some time now but I have never written about it.  So first, let me tell you what my definition of it is……a huge time saver for multiple like tasks that need completed across many servers or systems.

As an example, lets say a critical update comes in and it affects 25 web servers, a lot of people will log into each web server, perform the update, log out, go to the next one, etc until completed.  That’s a huge waste of time….assuming it takes 5 minutes to log in, run the update, log out, log into the next one….that is 25 x 5 or roughly 125 minutes, slightly more than 2 hours.

Continue reading »