…..pixie dust pixie dust every where you look
…..pixie dust pixie dust every where you look
This is a silly script but you would be surprised how many times a day I have to do this and no matter how many times I type the command, I always get it wrong (or more than likely I forget to escape something). Its also interesting to note that the scripts I find silly are usually the ones that are the most popular on this site….so here it is.
Basically, if you copy and paste this script into a file and run it, it will give you the exact date and time in the sed command to run to search all lines in a log file from the previous hour to now and save it to another file.
I generally do most everything from a shell. I also generally script things when I can. However, I wanted to see changes made to arachni web interface and it had been a while since I used it. I’m not sure if this is automated via the links included in kali linux or not, I just know that when I went to fire up arachni_web it failed and this is how I fixed it.
I have been using this script for a long time (maybe 13 years) with only very slight changes. It was probably one of the first cool ideas I had for a way to track laptops issued to employees that might possibly be stolen. Granted, today, we use full disk encryption and other cool things that almost makes this script obsolete….but in the event something does get stolen, we can always track it.
The script only requires a crontab entry and a way to send mail (I use ssmtp btw).
I often review various vulnerability scanners. When I review them, I look at several different things:
This is a really simple fix which will block the user enumeration on a wordpress site (like the method by wpscan).
Before I get into this, I am very well aware of the IfIsEvil page on nginx wiki. But it also says on this page, “The only 100% safe things which may be done inside if in location context are: return and rewrite as the last statement in a location block” With that in mind, we are going to use ONLY rewrite as the last statement in our location block.
If you get these errors…..
insserv: warning: script 'S85vpnagentd_init' missing LSB tags and overrides insserv: warning: script 'vpnagentd_init' missing LSB tags and overrides insserv: There is a loop between service rmnologin and mountnfs if started insserv: loop involving service mountnfs at depth 7 insserv: loop involving service networking at depth 6 insserv: There is a loop between service rmnologin and mountnfs if started insserv: Starting vpnagentd_init depends on rmnologin and therefore on system facility `$all' which can not be true! insserv: Starting vpnagentd_init depends on rmnologin and therefore on system facility `$all' which can not be true! insserv: Starting vpnagentd_init depends on rmnologin and therefore on system facility `$all' which can not be true! insserv: Max recursions depth 99 reached insserv: loop involving service nfs-common at depth 4 insserv: loop involving service pulseaudio at depth 13 insserv: exiting now without changing boot order!
The fix is….
This is a trick I learned a long time ago. I used to teach it in my linux administration, digital forensics, and ethical hacking courses I taught at college. It has been one of the most useful commands I ever learned. So the scenario goes like this: lets assume you have a user you suspect is doing something nefarious…maybe even a hacker has a shell on your server. You would like to be able to see exactly what they are doing. Wouldn’t it be nice to be able to connect to their shell without them knowing so you can watch what they are doing?
Here is how it is done…..
A long time ago, I created a database to hold passwords and their respective hashes for some 16 various hash types. It has approximately 310,261,848 passwords for each type and is growing nearly every day as more password lists become available. I found a pretty quick way to generate the hashes for these wordlists and wanted to share how it is done. These hashes only work with unsalted/unpeppered passwords.
First, lets look at my table schema, which is very simple and very effective. It uses an index on the hash + password column so there can not be any two hashes+passwords that are the same. The types table is a simple lookup table that references data.type 1 to a name like DES. The primary key is on the name column. I don’t claim to be a db administrator so if you spot any errors, let me know.
So one thing you learn pretty quick once you move into the cloud, is that what you normally would do to stop bots, rogue traffic, hackers, etc doesn’t quit work…even at the packet level. What I mean is this, you have a web server sitting behind an aws load balancer and its under attack. You are running linux. First thing you do is set up an iptables rule to drop connections from that ip address. The problem is, iptables never sees that ip address. Iptables can’t look into packets. Instead, it sees the load balancer ip address. The ip address of the user is hidden in the x-forward-for. So first thing you need to do is enable x-forward-for logging in your web server. I will use nginx as an example: