# Grab a given HTTP/HTTPS page from a target website
perl -e 'print "GET / HTTP/1.0\r\n\r\n"' | nc <SYSTEM IP> 80
perl -e 'print "GET / HTTP/1.0\r\n\r\n"' | openssl s_client -connect <SYSTEM IP>:443 -quiet
# Grab SNMP "system" data from target
snmpwalk -v 2c -c public <SYSTEM IP> .1.3.6.1.2.1.1
# List all rpc services offered by target
rpcinfo -p <SYSTEM IP>
# NetBIOS name table for one target
nmblookup -A <SYSTEM IP>
# NetBIOS name table for an entire range of targets
nbtscan <NETWORK>/<CIDR>
# Display Shares and other information for target
smbclient -N -L <SYSTEM IP>
smbclient -A creds.txt -L <SYSTEM IP>
creds.txt:
username = <USER NAME>
password = <USER PASSWORD>
domain = <DOMAIN>
# Show NFS mount information
showmount -e <SYSTEM IP>
showmount -a <SYSTEM IP>
# Play with open X11 sessions
xlsclients -display <SYSTEM IP>:0.0 -l
xwininfo -display <SYSTEM IP>:0.0 -root
xwininfo -display <SYSTEM IP>:0.0 -id <WINDOW ID>
xwd -display <SYSTEM IP>:0.0 -root -silent - | convert - <SYSTEM IP>.png
xwd -display <SYSTEM IP>:0.0 -id <WINDOW ID> -silent - | convert - <SYSTEM IP>.png
Let’s take a look at the problem of calculating the “md5″ sum of every file in a directory including within subdirectories.
Well, we know the “md5sum” command works fine on a single file or for an entire directory. How about we write a short perl script to recurse every directory & subdirectory from a given starting point issuing the “md5sum” command on any files it encounters…
#!/usr/bin/perl
$startDir = $ARGV[0];
if ($startDir =~ /^$/) {
$startDir = ".";
}
printDir($startDir);
sub printDir {
my $baseDir = $_[0];
if ($baseDir !~ /.*\/$/) {
$baseDir = $baseDir . "/";
}
my @files = glob($baseDir . "*");
foreach $file (@files) {
if (-f $file) {
`md5sum $file >> /tmp/md5`;
} else {
printDir($file);
}
}
}
Well, that does work and did not take too long to write, but we could have done it much simpler…
How about we let a system tool build a list of all files (and recurse subdirectories) then we use that file as an input file for md5sum…
find . > files.md5 md5sum -c files.md5
Okay, so that works as well and is much shorter than the script. But I think we can do it in one line…
find . ! -type d -print0 | xargs -0 md5sum
There we go, that works nicely.
Can you do better? let me know.
“Beware of strangers with candy.”
Just as that has always been as good rule to help guide you safely through life, there are also simple rules to help protect you and you home computer while surfing the internet.
By following a few simple guidelines as well as a few precautions you should be safe from the vast majority of dangerous threats you will encounter on the internet.
Precautions: (Safety measures)
- Use a host-based firewall. On Windows, the built-in firewall works fine.
- Use a anti-virus detection application. On Windows, the free Microsoft Security Essentials application works fine.
- Enable automatic download and installation of operating system patches and updates.
- When possible, try to update all of your other programs (firefox, adobe, etc…) to the latest stable versions.
Internet Guidelines:
- Do not go to suspicious websites. (i.e. such as URLs from China “.cn” and Russia “.ru”. Nothing against the countries themselves, but a lot of malicious activities originate from those internet domains.)
- If the website says that you need to install special software in order to view the site, do not do it. Unless it is adobe or java, it is a safe bet that it is a malicious program that they want you to install. Even if it is adobe or java, you should go to the products website to download and install the program instead of following a link on the webpage.
- Practice safe information handling:
- Do not post anything to the internet (Facebook, chat, IM, Myspace, Linkedin, blog, etc…) that you do not want to be viewed by everyone. Once something is on the internet, it is there forever and eventually will be viewable by anyone.
- Do not provide your password(s) to anyone. No valid customer support will require you to provide them your password. They already have it.
- For each internet/website account you have (email, Facebook, banking, etc…) use a different password. This makes it much more difficult for someone to get your banking information if they happen to get you Facebook password.
- Practice safe email handling. It is best if you…
- Do not open (or preview) emails from people you do not know.
- Do not click on any link contained within an email. You must use the link due to something such as an activation code, retype the link into a new web browser window.
- Do not open any document (.pdf, .doc, .xls, etc…) attached to an email. It can be a malicious document that could install dangerous software onto you system.
- Do not respond to spam or scams. If you receive an offer in an email, and it sounds too good to be true, it probably is!!!
- Do not email personal information (SSNs, credit card numbers, etc…).
According to the website:
SSLScan queries SSL services, such as HTTPS, in order to determine the ciphers that are supported. SSLScan is designed to be easy, lean and fast. The output includes prefered ciphers of the SSL service, the certificate and is in Text and XML formats.
SSLScan is a very useful tool to quickly determine the cipher suites support by one or more websites. Below is a screenshot of the output of the command:
# sslscan –no-failed <target>.net:443
Download it from here, or if you are running from Debian or Ubuntu, you can simply issue the command:
# apt-get install sslscan
What is Maltego? Well according to their website, it is:
Maltego is an open source intelligence and forensics application. It will offer you timous mining and gathering of information as well as the representation of this information in a easy to understand format.
What does that mean?
It means that Maltego is a commercial($) tool, that when provided a person’s name, email address, website, etc…, can quickly search for and identify related information from numerous sources on the Internet.
Maltego is particularly useful in scoping for a penetration test or social engineering engagement. Using Maltego one can enumerate employee names, email addresses, phone numbers, postions, as well as alternate websites, dns entries, and so on.
Maltego comes with a number of built-in transforms. A transform is a module which Maltego uses to perform a particular information search. A varied collection of user created transforms can also be found and integrated with Maltego.
So, I have been planning on starting a blog for sometime now. Actually, I have attempted blogs in the past but I have never been able to keep them up. I attribute the fall of all of my previous blogs to disinterest on my part, believing I have nothing useful to say, and not wanting to share what I do know. Yes I am a bit paranoid.
I plan on posting:
- security news that I find of interest
- new tool/script written by me
- security tool, script, or application reviews
- interesting 1-liners (or short/simple scripts) that I find
Hope you all enjoy.
