Pauldotcom Episode 185 from PaulDotCom on Vimeo.
http://pauldotcom.com/2010/01/draft—heres-what-you-missed.html
http://www.offensive-security.com/metasploit-unleashed/Java-Applet-Infection-Method
Category Archives: Posts
HEAD requests on multiple web servers, all with a one liner
If you need a quick way of getting server versions and you want to do this with a one liner here’s your solution:
for i in $(cat websites); do printf "HEAD / HTTP1/.0\n\r\n" | nc -vv ${i} 80; done
‘websites’, would be a file that contains a list of websites either by domain names or IP addresses. You could also enumerate an array of websites for cases where you have stored output into an array. i.e.
array=($(cat /var/log/apache2/access.log | awk '{print $1}' | sort | uniq));
for i in ${array[@]}; do printf "HEAD / HTTP/1.0\n\r\n" | nc -vv ${i} 80; done
Lastly, a while back, I wrote a python script that does pretty much the same thing:
Plain text:
http://zitstif.no-ip.org/webEnum.txt
tar archive:
http://zitstif.no-ip.org/webEnum.tar
MD5sum: dcb02fff9e69fb004c8e6456ed82c424
Blocking your wp-admin log in page from strangers..
######Redirect strangers away from the page#######
$client = $_SERVER['REMOTE_ADDR'];
$reg = "/192\.168\.10\.*/";
$home = `printf $(cat /location to where you can get your WANIP/)`;
if (preg_match($reg, $client))
{
echo "";
}
elseif (mb_ereg($home, $client))
{
echo "";
}
else
{
header("Location: http://yoursite");
}
Wanting to cut off access from strangers to my wp-admin login page, I spent a night toiling around with a few possible solutions, while repairing a laptop for a client, whom was quite computer illiterate. I would consider myself illiterate in the sense of programming in assembly language. Ergo, at some level, in all things we are ignorant, which is the deviated point I’m trying to establish. Sorry to meander..
Considering the fact that if you don’t have SSL setup on your server , and even if you do, you still are susceptible to MITM attacks via programs like Ettercap-ng, in certain scenarios. (i.e. Malicious networks) So for my own sense of peace, decided to block of access to the rest of the world to my wp-admin page. You might be able to still access it if you can modify your HTTP requests to make yourself look like me….
If you want to use this, I put this piece of code at about line 25, and I would test it from different proxies just to be safe. More info and tutorials to come.
Let me know if you have any questions, comments or concerns.
A very informal video that sheds new light on network architecture weaknesses that can be exploited.
You can download the whole file here:
ftp://ftp.ccc.de/congress/26c3/mp4/26c3-3596-de-cat_procsysnetipv4fuckups.mp4
Cool Perl prompt
#!/usr/bin/env perl
do
{
print "perl#: ";
chop($_ = <>);
eval($_);
}
while ($_ ne "exit")
There are times when I get an itching to start writing perl programs and tonight was no exception. I was curious as to how perl handled exceptions and so forth. After doing some reading on line I found a merely 9 lines of code that will serve you as an interactive perl prompt (think typing in python without any arguments.. and you’ll understand what I’m saying, or just give this piece of code a try yourself.)
http://feyd.ldc.usb.ve/docs/perl/practical-perl/www.cs.cf.ac.uk/Dave/PERL/node114.html