#!/zitstif.no-ip.org/

If you need a quick way of getting server versions and you want to do this with a one liner here’s your solution:

for i in $(cat websites); do printf "HEAD / HTTP1/.0\n\r\n" | nc -vv ${i} 80; done

‘websites’, would be a file that contains a list of websites either by domain names or IP addresses. You could also enumerate an array of websites for cases where you have stored output into an array. i.e.

array=($(cat /var/log/apache2/access.log | awk '{print $1}' | sort | uniq));
for i in ${array[@]}; do printf "HEAD / HTTP/1.0\n\r\n" | nc -vv ${i} 80; done

Lastly, a while back, I wrote a python script that does pretty much the same thing:
Plain text:
http://zitstif.no-ip.org/webEnum.txt

tar archive:
http://zitstif.no-ip.org/webEnum.tar
MD5sum: dcb02fff9e69fb004c8e6456ed82c424

######Redirect strangers away from the page#######

  $client = $_SERVER['REMOTE_ADDR'];
  $reg = "/192\.168\.10\.*/";
  $home = `printf $(cat /location to where you can get your WANIP/)`;

  if (preg_match($reg, $client))
   {
        echo "";
   }
  elseif (mb_ereg($home, $client))
   {
        echo "";
   }
  else
   {
     header("Location: http://yoursite");
   }

Wanting to cut off access from strangers to my wp-admin login page, I spent a night toiling around with a few possible solutions, while repairing a laptop for a client, whom was quite computer illiterate. I would consider myself illiterate in the sense of programming in assembly language. Ergo, at some level, in all things we are ignorant, which is the deviated point I’m trying to establish. Sorry to meander..

Considering the fact that if you don’t have SSL setup on your server , and even if you do, you still are susceptible to MITM attacks via programs like Ettercap-ng, in certain scenarios. (i.e. Malicious networks) So for my own sense of peace, decided to block of access to the rest of the world to my wp-admin page. You might be able to still access it if you can modify your HTTP requests to make yourself look like me….

If you want to use this, I put this piece of code at about line 25, and I would test it from different proxies just to be safe. More info and tutorials to come.

Let me know if you have any questions, comments or concerns.

A very informal video that sheds new light on network architecture weaknesses that can be exploited.

You can download the whole file here:

ftp://ftp.ccc.de/congress/26c3/mp4/26c3-3596-de-cat_procsysnetipv4fuckups.mp4

#!/usr/bin/env perl

do
  {
     print "perl#: ";
     chop($_ = <>);
     eval($_);
  }
while ($_ ne "exit")

There are times when I get an itching to start writing perl programs and tonight was no exception. I was curious as to how perl handled exceptions and so forth. After doing some reading on line I found a merely 9 lines of code that will serve you as an interactive perl prompt (think typing in python without any arguments.. and you’ll understand what I’m saying, or just give this piece of code a try yourself.)

http://feyd.ldc.usb.ve/docs/perl/practical-perl/www.cs.cf.ac.uk/Dave/PERL/node114.html

After taking a few months to dilly about with python and learn the ins and outs of it to a certain extent, I decided to write a program that does dictionary attacks on mysql.

Plain text:
http://zitstif.no-ip.org/mysqldict.txt

Tar archive:
http://zitstif.no-ip.org/mysqldict.tar
MD5Sum: f0e07ca29cc783c6c27f3829f579d37e

The beauty of this program, is that it actually does a test on the remote host and tells you whether or not that the remote host allows remote MySql authentication.

Here’s a quick peek of mysqldict.py in action used inside of a bash shell script (IP addresses hidden of course):

:~/for i in $(httplast | egrep -v "${WANIP}|127.0.0.1|192.168."  | awk '{print $1}' | sort | uniq); do nc -z -w1 ${i} 3306; if [[ "$?" == "0" ]]; then ./mysqldict.py -t ${i}; fi; done
mysqldict.py:
Port 3306 on 115.##.##.#1 appears to be open..
A connection has been made and here are the results of the test:
This host does not allow remote administration on MySQL
mysqldict.py:
Port 3306 on 62.##.##.#1 appears to be open..
A connection has been made and here are the results of the test:
This host is open to MySQL dictionary attacks!
mysqldict.py:
Port 3306 on 66.##.##.#1 appears to be open..
A connection has been made and here are the results of the test:
This host is open to MySQL dictionary attacks!

If you’re wondering what the command ‘httplast’ is, let me explain. I’m too lazy to type out: cat /var/log/apache2/access.log , so I created an alias to do handle this for me.

The tool itself, I feel is pretty self explanatory, but if you have any questions feel free to leave a comment or shoot me an e-mail.