recently i have to install symon on the server so we can see the load of the system and here are the steps with a basic configuration and auth over the web server
first installed the packages
symon-2.82 active monitoring tool
syweb-0.60 web frontend to symon
then the configuration
/etc/symon.conf
monitor { cpu(0), mem,
if(lo0),if(bge0),if(re0),
pf,
mbuf,
proc(lighttpd),
proc(mysqld),
proc(named),
proc(pure-ftpd),
io(sd0a), io(sd0j)
} stream to 127.0.0.1 2100
/etc/symux.conf
mux 127.0.0.1 2100
source 127.0.0.1 {
accept {
cpu(0),
mem,
if(lo0),
if(bge0),
if(re0),
pf,
mbuf,
proc(lighttpd),
proc(mysqld),
proc(named),
proc(pure-ftpd),
io(sd0a),
io(sd0j)
}
datadir "/var/www/symon/rrds/localhost"
}
/etc/rc.local
...
if [ "$symon_flags" != "NO" -a -x /usr/local/libexec/symon ];then
printf ' symon -->'; /usr/local/libexec/symon && echo "\t\t [OK]" || echo "\t\t [Failed]" ;fi
if [ "$symux_flags" != "NO" -a -x /usr/local/libexec/symux ];then
printf ' symux -->'; /usr/local/libexec/symux && echo "\t\t [OK]" || echo "\t\t [Failed]" ;fi
$ sudo mkdir -p -m 0755 /var/www/symon/rrds/localhost
$ sudo /usr/local/share/symon/c_smrrds.sh all
configuration on the lighttpd for the auth
...
"mod_auth",
...
auth.backend = "plain"
auth.backend.plain.userfile = "/etc/lighttpd/lighttpd.user"
auth.require = ( "/syweb" =>
(
"method" => "digest",
"realm" => "Authorization",
"require" => "user=sax|user=moxi"
)
)
...
dont forget to put the credentials for the users on lighttpd.user file!
Wednesday, December 18, 2013
Thursday, December 12, 2013
OpenWebmail sending slow not as i guess
Lately i have seen that openwebmail were behaving slow so i change it to speedy_cgi as openwebmail support this one and the problem goes away but at the moment for compose some times takes more than 20s to sending it and some times just take 3s around so why not seeing actually the code for the sendmail wich it is openwebmail-send.pl and ther i see that it actually use the module SMTP so BINGo why not check out postfix if it doint their job well so guess what the answer its not at all.
when i connect to localhost it takes around 20 s to answer
$ telnet localhost 25
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
...
22 sec after
...
220 Postfix EsMtP
quit
221 2.0.0 Bye
Connection closed by foreign host.
$ ????? so i check out the maillog and just see this when the slow answer comes
...
Dec 10 12:28:21 websrv postfix/smtpd[21048]: connect from unknown[127.0.0.1]
Dec 10 12:28:50 websrv postfix/smtpd[21048]: warning: 1.0.0.127.dnsbl.njabl.org: RBL lookup error: Host or domain name not found. Name service error for name=1.0.0.127.dnsbl.njabl.org type=A: Host not found, try again
...
so the problem did not come from openwebmail or apache or lighttpd or cgi or speedy_cgi it comes from my smtp server which it is postfix so for some reason this rbl list its taking too long to answer and just change the order and add permit_mynetworks so the problem goes away after a postfix reload
when i connect to localhost it takes around 20 s to answer
$ telnet localhost 25
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
...
22 sec after
...
220 Postfix EsMtP
quit
221 2.0.0 Bye
Connection closed by foreign host.
$ ????? so i check out the maillog and just see this when the slow answer comes
...
Dec 10 12:28:21 websrv postfix/smtpd[21048]: connect from unknown[127.0.0.1]
Dec 10 12:28:50 websrv postfix/smtpd[21048]: warning: 1.0.0.127.dnsbl.njabl.org: RBL lookup error: Host or domain name not found. Name service error for name=1.0.0.127.dnsbl.njabl.org type=A: Host not found, try again
...
so the problem did not come from openwebmail or apache or lighttpd or cgi or speedy_cgi it comes from my smtp server which it is postfix so for some reason this rbl list its taking too long to answer and just change the order and add permit_mynetworks so the problem goes away after a postfix reload
Thursday, November 21, 2013
Lighttpd basic configuration for OpenWEBMAIL on OpenBSD
In the last days i have been playing with Apache and SpeedyCGI to make openwebmail perl scripts to run faster but until now i havet been able to doit on OpenBSD 4.8 machine, i know i have to UPGRADETHEF...SYS but i ll doit i promise but since i was not able to doit i have to look for alternatives and this one is using lighttpd since its a good example for fast and light webserver now im playing to use at the en nginx since OpenBSD crowd has moved to that server, any way here it is the very very basi configuration for lighttpd.conf for serving openwebmail files
server.modules = (
"mod_rewrite",
"mod_redirect",
"mod_alias",
"mod_access",
"mod_fastcgi",
"mod_cgi",
"mod_accesslog" )
server.document-root = "/var/www/htdocs/"
alias.url = ( "/cgi-bin/" => "/var/www//cgi-bin/" )
accesslog.filename = "/var/www/logs/access.log"
server.errorlog = "/var/www/logs/error.log"
server.use-ipv6 = "enable"
$SERVER["socket"] == "0.0.0.0:80" { }
url.access-deny = ( "~", ".inc" )
$HTTP["url"] =~ "\.pdf$" {
server.range-requests = "disable"
}
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
server.pid-file = "/var/run/lighttpd.pid"
# chroot() to directory
#server.chroot = "/var/www/"
server.user = "www"
server.groupname = "www"
cgi.assign = ( ".pl" => "")
|
{|:{
|
server.modules = (
"mod_rewrite",
"mod_redirect",
"mod_alias",
"mod_access",
"mod_fastcgi",
"mod_cgi",
"mod_accesslog" )
server.document-root = "/var/www/htdocs/"
alias.url = ( "/cgi-bin/" => "/var/www//cgi-bin/" )
accesslog.filename = "/var/www/logs/access.log"
server.errorlog = "/var/www/logs/error.log"
server.use-ipv6 = "enable"
$SERVER["socket"] == "0.0.0.0:80" { }
url.access-deny = ( "~", ".inc" )
$HTTP["url"] =~ "\.pdf$" {
server.range-requests = "disable"
}
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
server.pid-file = "/var/run/lighttpd.pid"
# chroot() to directory
#server.chroot = "/var/www/"
server.user = "www"
server.groupname = "www"
cgi.assign = ( ".pl" => "")
i omit the lines that i did not touch so here is the basic for serving openwebmail but thereis nothing with php or fastcgi or any other
|
{|:{
|
Thursday, November 7, 2013
FIx proxychais-metasploit postgresql connection FAIL
The last days i have been trying to use metasplot with proxychains just to play with and learn a little i have just figure out the basic use of proxychains and metasploit but when i went to use metasploit with proxychains the problems came out:
|S-chain|-<>-127.0.0.1:9050-<><>-127.0.0.1:5432-<--denied
[-] Failed to connect to the database: could not connect to server: Connection refused
Is the server running on host "127.0.0.1" and accepting
TCP/IP connections on port 5432?
so i start reading firs over the internet and found that i have to tweak the proxychain.config file in order to fix the problem i got it from this site:
https://forums.kali.org/showthread.php?17233-Proxychains-and-Metasploit
+
~----> /etc/proxychains.conf:::localnet 127.0.0.1 000 255.255.255.255
use the line above with no luck so i check out if postresql were up, and it ware not so i start it up but the problem still there and after several tries to fix the problem using the localnet configurations none of thease seems to work then i try to set up tor over different network so proxychains does not get confused on when to proxying the request but this does not fix the problem
|
[|:¬(
|
after several tries to fix this problem i have just get it fixed and stated that:
check out tor works ok
$ sudo service tor start|status
check out postgre
$ sudo service postgresql start|status
and finally
$ sudo proxychains msfconsole
BINGO!!!
|
[|:¬)
|
so all the time the problem were this the use of sudo wich means that when proxychains tries to bind up with postgres then the system does not allow it why i could not see this on the logs well i was not checking the logs DAMM! but here is the correction
i found this on the log for tor /var/log/tor/log
Nov 07 13:09:39.439 [warn] Your application (using socks4 to port 5432) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see https://wiki.torproject.org/TheOnionRouter/TorFAQ#SOCKSAndDNS. [1 similar message(s) suppressed in last 5 seconds]
Nov 07 13:09:39.454 [warn] Rejecting SOCKS request for anonymous connection to private address [scrubbed]
Nov 07 13:09:39.462 [warn] Rejecting SOCKS request for anonymous connection to private address [scrubbed]
now using sudo:
Nov 07 13:11:49.728 [warn] Your application (using socks4 to port 53) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see https://wiki.torproject.org/TheOnionRouter/TorFAQ#SOCKSAndDNS.
meaning no complains :0
|S-chain|-<>-127.0.0.1:9050-<><>-127.0.0.1:5432-<--denied
[-] Failed to connect to the database: could not connect to server: Connection refused
Is the server running on host "127.0.0.1" and accepting
TCP/IP connections on port 5432?
so i start reading firs over the internet and found that i have to tweak the proxychain.config file in order to fix the problem i got it from this site:
https://forums.kali.org/showthread.php?17233-Proxychains-and-Metasploit
+
~----> /etc/proxychains.conf:::localnet 127.0.0.1 000 255.255.255.255
use the line above with no luck so i check out if postresql were up, and it ware not so i start it up but the problem still there and after several tries to fix the problem using the localnet configurations none of thease seems to work then i try to set up tor over different network so proxychains does not get confused on when to proxying the request but this does not fix the problem
|
[|:¬(
|
after several tries to fix this problem i have just get it fixed and stated that:
check out tor works ok
$ sudo service tor start|status
check out postgre
$ sudo service postgresql start|status
and finally
$ sudo proxychains msfconsole
BINGO!!!
|
[|:¬)
|
so all the time the problem were this the use of sudo wich means that when proxychains tries to bind up with postgres then the system does not allow it why i could not see this on the logs well i was not checking the logs DAMM! but here is the correction
i found this on the log for tor /var/log/tor/log
Nov 07 13:09:39.439 [warn] Your application (using socks4 to port 5432) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see https://wiki.torproject.org/TheOnionRouter/TorFAQ#SOCKSAndDNS. [1 similar message(s) suppressed in last 5 seconds]
Nov 07 13:09:39.454 [warn] Rejecting SOCKS request for anonymous connection to private address [scrubbed]
Nov 07 13:09:39.462 [warn] Rejecting SOCKS request for anonymous connection to private address [scrubbed]
now using sudo:
Nov 07 13:11:49.728 [warn] Your application (using socks4 to port 53) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see https://wiki.torproject.org/TheOnionRouter/TorFAQ#SOCKSAndDNS.
meaning no complains :0
Tuesday, November 5, 2013
Metasploit on Linux Mint 13
here are the steps i use to install Metasplot framework on Linux Mint 13 i have just use the tutorial by darkoperator http://www.darkoperator.com/installing-metasploit-in-ubunt/ but in practice when i follow the instructions there were some errors so i put all my steps with the changes! here they are no explanations at all if u want the explanation go to darkoperator tuto : p
UPDATEs
$ sudo apt-get update
$ sudo apt-get upgrade
INSTALLs packages needed
$ sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre subversion git-core autoconf postgresql-9.1 pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev ruby1.9.3
$ sudo gem install wirble sqlite3 bundler
NMAP
$ mkdir ~/Development
$ cd ~/Development
$ svn co https://svn.nmap.org/nmap
$ cd nmap
$ ./configure
$ make
$ sudo make install
$ make clean
USERSnDBs
$ sudo -s
$ su postgres
$ createuser msf -P -S -R -D
$ createdb -O msf msf
$ exit
$ exit
Framework
$ cd /opt
$ sudo git clone https://github.com/rapid7/metasploit-framework.git
$ cd metasploit-framework
$ sudo bash -c 'for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done'
$ curl -# -o /tmp/armitage.tgz http://www.fastandeasyhacking.com/download/armitage-latest.tgz
$ sudo tar -xvzf /tmp/armitage.tgz -C /opt
$ sudo ln -s /opt/armitage/armitage /usr/local/bin/armitage
$ sudo ln -s /opt/armitage/teamserver /usr/local/bin/teamserver
$ sudo mkdir -p /usr/local/share/armitage
$ sudo su
# echo java -jar /usr/local/share/armitage/armitage.jar \$\* > /usr/local/share/armitage/armitage
# exit
$ touch /usr/local/share/armitage/teamserver
$ perl -pi -e 's/armitage.jar/\/usr\/local\/share\/armitage\/armitage.jar/g' /usr/local/share/armitage/teamserver
$ bundle install
create the database.yml file that will contain the configuration parameters that will be use by framework:
$ sudo joe /opt/metasploit-framework/database.yml
production:
adapter: postgresql
database: msf
username: msf
password:
host: 127.0.0.1
port: 5432
pool: 75
timeout: 5
provide the password you entered in the user creating step in the password field for the database:
$ sudo su
# sh -c "echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/database.yml" >> /etc/profile
# source /etc/profile
# exit
i did not found the pcaprub on /opt/metasploit-framework/external as the tutorial says so i use git as the git web page of pcabrub says
$ git clone git://github.com/shadowbq/pcaprub.git
$ cd /opt/metasploit-framework/external/pcaprub/
$ sudo ruby ext/pcaprub/extconf.rb
$ sudo make && sudo make install
-oxes ~ $ msfconsole
WARNING: Nokogiri was built against LibXML version 2.8.0, but has dynamically loaded 2.7.8
Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33f
EFLAGS: 00010046
eax: 00000001 ebx: f77c8c00 ecx: 00000000 edx: f77f0001
esi: 803bf014 edi: 8023c755 ebp: 80237f84 esp: 80237f60
ds: 0018 es: 0018 ss: 0018
Process Swapper (Pid: 0, process nr: 0, stackpage=80377000)
Stack: 90909090990909090990909090
90909090990909090990909090
90909090.90909090.90909090
90909090.90909090.90909090
90909090.90909090.09090900
90909090.90909090.09090900
..........................
cccccccccccccccccccccccccc
cccccccccccccccccccccccccc
ccccccccc.................
cccccccccccccccccccccccccc
cccccccccccccccccccccccccc
.................ccccccccc
cccccccccccccccccccccccccc
cccccccccccccccccccccccccc
..........................
ffffffffffffffffffffffffff
ffffffff..................
ffffffffffffffffffffffffff
ffffffff..................
ffffffff..................
ffffffff..................
Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00
Aiee, Killing Interrupt handler
Kernel panic: Attempted to kill the idle task!
In swapper task - not syncing
=[ metasploit v4.8.0-dev [core:4.8 api:1.0]
+ -- --=[ 1216 exploits - 661 auxiliary - 189 post
+ -- --=[ 322 payloads - 30 encoders - 8 nops
msf >
hummmm (}:{)
-oxes ~ $ msfconsole
WARNING: Nokogiri was built against LibXML version 2.8.0, but has dynamically loaded 2.7.8
Call trans opt: received. 2-19-98 13:24:18 REC:Loc
Trace program: running
wake up, Neo...
the matrix has you
follow the white rabbit.
knock, knock, Neo.
(`. ,-,
` `. ,;' /
`. ,'/ .'
`. X /.'
.-;--''--.._` ` (
.' / `
, ` ' Q '
, , `._ \
,.| ' `-.;_'
: . ` ; ` ` --,.._;
' ` , ) .'
`._ , ' /_
; ,''-,;' ``-
``-..__``--`
http://metasploit.pro
=[ metasploit v4.8.0-dev [core:4.8 api:1.0]
+ -- --=[ 1216 exploits - 661 auxiliary - 189 post
+ -- --=[ 322 payloads - 30 encoders - 8 nops
msf >
|
yeay ! {|:)
|
UPDATEs
$ sudo apt-get update
$ sudo apt-get upgrade
INSTALLs packages needed
$ sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre subversion git-core autoconf postgresql-9.1 pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev ruby1.9.3
$ sudo gem install wirble sqlite3 bundler
NMAP
$ mkdir ~/Development
$ cd ~/Development
$ svn co https://svn.nmap.org/nmap
$ cd nmap
$ ./configure
$ make
$ sudo make install
$ make clean
USERSnDBs
$ sudo -s
$ su postgres
$ createuser msf -P -S -R -D
$ createdb -O msf msf
$ exit
$ exit
Framework
$ cd /opt
$ sudo git clone https://github.com/rapid7/metasploit-framework.git
$ cd metasploit-framework
$ sudo bash -c 'for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done'
$ curl -# -o /tmp/armitage.tgz http://www.fastandeasyhacking.com/download/armitage-latest.tgz
$ sudo tar -xvzf /tmp/armitage.tgz -C /opt
$ sudo ln -s /opt/armitage/armitage /usr/local/bin/armitage
$ sudo ln -s /opt/armitage/teamserver /usr/local/bin/teamserver
$ sudo mkdir -p /usr/local/share/armitage
$ sudo su
# echo java -jar /usr/local/share/armitage/armitage.jar \$\* > /usr/local/share/armitage/armitage
# exit
$ touch /usr/local/share/armitage/teamserver
$ perl -pi -e 's/armitage.jar/\/usr\/local\/share\/armitage\/armitage.jar/g' /usr/local/share/armitage/teamserver
$ bundle install
create the database.yml file that will contain the configuration parameters that will be use by framework:
$ sudo joe /opt/metasploit-framework/database.yml
production:
adapter: postgresql
database: msf
username: msf
password:
host: 127.0.0.1
port: 5432
pool: 75
timeout: 5
provide the password you entered in the user creating step in the password field for the database:
$ sudo su
# sh -c "echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/database.yml" >> /etc/profile
# source /etc/profile
# exit
i did not found the pcaprub on /opt/metasploit-framework/external as the tutorial says so i use git as the git web page of pcabrub says
$ git clone git://github.com/shadowbq/pcaprub.git
$ cd /opt/metasploit-framework/external/pcaprub/
$ sudo ruby ext/pcaprub/extconf.rb
$ sudo make && sudo make install
-oxes ~ $ msfconsole
WARNING: Nokogiri was built against LibXML version 2.8.0, but has dynamically loaded 2.7.8
Unable to handle kernel NULL pointer dereference at virtual address 0xd34db33f
EFLAGS: 00010046
eax: 00000001 ebx: f77c8c00 ecx: 00000000 edx: f77f0001
esi: 803bf014 edi: 8023c755 ebp: 80237f84 esp: 80237f60
ds: 0018 es: 0018 ss: 0018
Process Swapper (Pid: 0, process nr: 0, stackpage=80377000)
Stack: 90909090990909090990909090
90909090990909090990909090
90909090.90909090.90909090
90909090.90909090.90909090
90909090.90909090.09090900
90909090.90909090.09090900
..........................
cccccccccccccccccccccccccc
cccccccccccccccccccccccccc
ccccccccc.................
cccccccccccccccccccccccccc
cccccccccccccccccccccccccc
.................ccccccccc
cccccccccccccccccccccccccc
cccccccccccccccccccccccccc
..........................
ffffffffffffffffffffffffff
ffffffff..................
ffffffffffffffffffffffffff
ffffffff..................
ffffffff..................
ffffffff..................
Code: 00 00 00 00 M3 T4 SP L0 1T FR 4M 3W OR K! V3 R5 I0 N4 00 00 00 00
Aiee, Killing Interrupt handler
Kernel panic: Attempted to kill the idle task!
In swapper task - not syncing
=[ metasploit v4.8.0-dev [core:4.8 api:1.0]
+ -- --=[ 1216 exploits - 661 auxiliary - 189 post
+ -- --=[ 322 payloads - 30 encoders - 8 nops
msf >
hummmm (}:{)
-oxes ~ $ msfconsole
WARNING: Nokogiri was built against LibXML version 2.8.0, but has dynamically loaded 2.7.8
Call trans opt: received. 2-19-98 13:24:18 REC:Loc
Trace program: running
wake up, Neo...
the matrix has you
follow the white rabbit.
knock, knock, Neo.
(`. ,-,
` `. ,;' /
`. ,'/ .'
`. X /.'
.-;--''--.._` ` (
.' / `
, ` ' Q '
, , `._ \
,.| ' `-.;_'
: . ` ; ` ` --,.._;
' ` , ) .'
`._ , ' /_
; ,''-,;' ``-
``-..__``--`
http://metasploit.pro
=[ metasploit v4.8.0-dev [core:4.8 api:1.0]
+ -- --=[ 1216 exploits - 661 auxiliary - 189 post
+ -- --=[ 322 payloads - 30 encoders - 8 nops
msf >
|
yeay ! {|:)
|
Friday, October 4, 2013
Little_Script_Series: Phyton version script Count number of Times 4 word on FILE
This is just an example with python with no checking the existence of the file or other and i have to say that i found all of this over the INTERNET i just put the pieces together so there may be many other ways to do this.
At the beggining i tougth that python were not so good because i does not have any hash structure but it has many other it simplifies the perl version of course im talking of my franken_perl_version (:{
#!/usr/bin/python
#Counter:
# A Counter is a container that tracks how many times equivalent values are
# added.It can be used to implement the same algorithms for which other
# languages commonly use bag or multi-set data structures.
import sys;
from collections import Counter;
users = [];
for line in open(sys.argv[1], "r"):
e = line.split();
users.append(e[8]);
c = Counter(users);
for k in users:
print '%s : %d' % (k, c[k]);
At the beggining i tougth that python were not so good because i does not have any hash structure but it has many other it simplifies the perl version of course im talking of my franken_perl_version (:{
#!/usr/bin/python
#Counter:
# A Counter is a container that tracks how many times equivalent values are
# added.It can be used to implement the same algorithms for which other
# languages commonly use bag or multi-set data structures.
import sys;
from collections import Counter;
users = [];
for line in open(sys.argv[1], "r"):
e = line.split();
users.append(e[8]);
c = Counter(users);
for k in users:
print '%s : %d' % (k, c[k]);
Thursday, October 3, 2013
Little_Script_Series: Perl script Count number of Times 4 word on FILE
Ok this is one of the first series on little scripts that i have just used on the work.
Some time ago i was wondering how many users were actually using the mail service either with IMAP or WEBMAIL access so i take parts from the code i found over internet and put it together the perl script needs the name of the file and the word that u want to match the log file that i was working were splitted with blank space so if u need another character just change it!
checkLogin.pl
usage: checkLotin.pl <loginfile.txt> <place of the word a number>
#!/usr/bin/perl
use strict;
use warnings;
my $num_args = $#ARGV+1;
my $c=0;
my %count_of;
my $user;
my $line;
my @val;
my $k;
my $v;
if($num_args == 0 || $num_args <= 1){
print ("wrong arguments\n usage: checkLogin.pl FILE POSITION\n");
}
else{
open(myFH,$ARGV[0]) or die("Cant open log file.");
foreach $line (<myFH>) {
chomp($line); # remove the newline from $line.
# do line-by-line processing.
@val = split(/\s+/,$line);
# select the word by position number.
$user = $val[$ARGV[1]];
$count_of{$user}++;
}
close(myFH);
while ( ($k,$v) = each %count_of ) {
print "$k => $v\n";
}
}
__END__
sorry for my bad programming skills but im a newbie, and for the bad english.
Some time ago i was wondering how many users were actually using the mail service either with IMAP or WEBMAIL access so i take parts from the code i found over internet and put it together the perl script needs the name of the file and the word that u want to match the log file that i was working were splitted with blank space so if u need another character just change it!
checkLogin.pl
usage: checkLotin.pl <loginfile.txt> <place of the word a number>
#!/usr/bin/perl
use strict;
use warnings;
my $num_args = $#ARGV+1;
my $c=0;
my %count_of;
my $user;
my $line;
my @val;
my $k;
my $v;
if($num_args == 0 || $num_args <= 1){
print ("wrong arguments\n usage: checkLogin.pl FILE POSITION\n");
}
else{
open(myFH,$ARGV[0]) or die("Cant open log file.");
foreach $line (<myFH>) {
chomp($line); # remove the newline from $line.
# do line-by-line processing.
@val = split(/\s+/,$line);
# select the word by position number.
$user = $val[$ARGV[1]];
$count_of{$user}++;
}
close(myFH);
while ( ($k,$v) = each %count_of ) {
print "$k => $v\n";
}
}
__END__
sorry for my bad programming skills but im a newbie, and for the bad english.
Life-Facts
Either i know that this post has nothing to do here i just dont want to create another blog so.
My history of yesterday i went at the grocery, i wanted a coffee and a bottle of water i took a cappuccino and went to pay, at that moment a man enter to the grocery and went direct to me asking for one coin he was wearing black pants and black shirt looked a little dirty and disheveled he said "can u please give me a coin so i can bought a beer" he was so honest and made me smile so i give it, he thanks me went for the bottle and when he came back he told me that i was a good man because not everyone wants to give even a coin he smile me and says that he likes to pray to jesus and before i leave the grocery he told me that jesus will give me a hundred for that coin, i smiled to him again and go.
Later on afternoon i go again to grocery and bough a lottery ticket those one has to scratch and bingo i got 3 moons and earned 100 and remembered the guy and just got shocked since then im thinking about it. The man and Jesus.
My history of yesterday i went at the grocery, i wanted a coffee and a bottle of water i took a cappuccino and went to pay, at that moment a man enter to the grocery and went direct to me asking for one coin he was wearing black pants and black shirt looked a little dirty and disheveled he said "can u please give me a coin so i can bought a beer" he was so honest and made me smile so i give it, he thanks me went for the bottle and when he came back he told me that i was a good man because not everyone wants to give even a coin he smile me and says that he likes to pray to jesus and before i leave the grocery he told me that jesus will give me a hundred for that coin, i smiled to him again and go.
Later on afternoon i go again to grocery and bough a lottery ticket those one has to scratch and bingo i got 3 moons and earned 100 and remembered the guy and just got shocked since then im thinking about it. The man and Jesus.
Wednesday, October 2, 2013
How2 Solve compiling gcc -m32 cannot find crt1.o: No such file or directory
Im learning asm stuff so in the future i mean the future i can eventually get at the security field to knowing about xploits so i have a amd64 machine but many examples comes in 32bits asm programs so in my ubuntu based machine MINT i have to compile with 32bits option but i was not sure if i can do this so the google-fu save and check that i need to put the option -m32 on gcc so i try it out
$ gcc -m32 -o example example1.c
but i get:
/usr/bin/ld: cannot find crt1.o: No such file or directory
/usr/bin/ld: cannot find crti.o: No such file or directory
/usr/bin/ld: skipping incompatible /usr/lib/gcc/x86_64-linux-gnu/4.6/libgcc.a when searching for -lgcc
/usr/bin/ld: cannot find -lgcc
/usr/bin/ld: skipping incompatible /usr/lib/gcc/x86_64-linux-gnu/4.6/libgcc_s.so when searching for -lgcc_s
/usr/bin/ld: cannot find -lgcc_s
/usr/bin/ld: cannot find -lc
/usr/bin/ld: skipping incompatible /usr/lib/gcc/x86_64-linux-gnu/4.6/libgcc.a when searching for -lgcc
/usr/bin/ld: cannot find -lgcc
/usr/bin/ld: skipping incompatible /usr/lib/gcc/x86_64-linux-gnu/4.6/libgcc_s.so when searching for -lgcc_s
/usr/bin/ld: cannot find -lgcc_s
/usr/bin/ld: cannot find crtn.o: No such file or directory
collect2: ld returned 1 exit status
$
... so google-fu again and find that i have to actually install multilib for gcc so i check out the version of my gcc and use the GUI to manage the packet but actually in the command will be
$ sudo apt-get install gcc-4.6-multilib
after this
$ gcc -m32 -o example example1.c
and then OK
$ objdump -m intel -d example1
80482d8: 53 push %ebx
80482d9: 83 ec 08 sub $0x8,%esp
80482dc: e8 00 00 00 00 call 80482e1 <_init+0x9>
80482e1: 5b pop %ebx
80482e2: 81 c3 13 1d 00 00 add $0x1d13,%ebx
80482e8: 8b 83 fc ff ff ff mov -0x4(%ebx),%eax
80482ee: 85 c0 test %eax,%eax
$ gcc -m32 -o example example1.c
but i get:
/usr/bin/ld: cannot find crt1.o: No such file or directory
/usr/bin/ld: cannot find crti.o: No such file or directory
/usr/bin/ld: skipping incompatible /usr/lib/gcc/x86_64-linux-gnu/4.6/libgcc.a when searching for -lgcc
/usr/bin/ld: cannot find -lgcc
/usr/bin/ld: skipping incompatible /usr/lib/gcc/x86_64-linux-gnu/4.6/libgcc_s.so when searching for -lgcc_s
/usr/bin/ld: cannot find -lgcc_s
/usr/bin/ld: cannot find -lc
/usr/bin/ld: skipping incompatible /usr/lib/gcc/x86_64-linux-gnu/4.6/libgcc.a when searching for -lgcc
/usr/bin/ld: cannot find -lgcc
/usr/bin/ld: skipping incompatible /usr/lib/gcc/x86_64-linux-gnu/4.6/libgcc_s.so when searching for -lgcc_s
/usr/bin/ld: cannot find -lgcc_s
/usr/bin/ld: cannot find crtn.o: No such file or directory
collect2: ld returned 1 exit status
$
... so google-fu again and find that i have to actually install multilib for gcc so i check out the version of my gcc and use the GUI to manage the packet but actually in the command will be
$ sudo apt-get install gcc-4.6-multilib
after this
$ gcc -m32 -o example example1.c
and then OK
$ objdump -m intel -d example1
80482d8: 53 push %ebx
80482d9: 83 ec 08 sub $0x8,%esp
80482dc: e8 00 00 00 00 call 80482e1 <_init+0x9>
80482e1: 5b pop %ebx
80482e2: 81 c3 13 1d 00 00 add $0x1d13,%ebx
80482e8: 8b 83 fc ff ff ff mov -0x4(%ebx),%eax
80482ee: 85 c0 test %eax,%eax
Friday, July 19, 2013
Absolute OpenBSD SE
I have just finish to read the Book from Michael Lucas "Absolute OpenBSD Second Ed." a few days ago and i really have to say that the book rocks! if some one has just a little experience on Linux and want to move to BSD this is the book for you as u will see having just basic knowledge from command lines Michal will explain u in very efficient way what to expect from OpenBSD, he will guide u from a funny perspective to broad and deeper content of OpenBSD system and will show u how to do a lot of god things with such a great Operative System at the end this book its good enough so u can quickly start using OpenBSD for your future environments, good job Michael!!!
Sunday, June 9, 2013
Shell tips lost n found
this tips are releated to expansion latter will put a lot more since i surf over internet not much explination just tryit and this too for remember im very bad for memory ;)
remember that all of this work with bash; for ksh this will not work i think that same with csh.
$ echo {1,2}
1 2
remember that all of this work with bash; for ksh this will not work i think that same with csh.
$ echo {1,2}
1 2
Saturday, May 18, 2013
Fast look at the process of doing xploits
OK first this is not a total course of writing xploits its more like what i have learn by digging some over google and other, getting some books and some descriptions over the internet so here are my thoughts.
first i have seen that almost all of xploits are totally targeted i mean and xploit its for one exact situation i mean the xploit its for some software that was build with one OS and in one kind of processor so you need to know how the things go deeply inside the computer and basically over the processor this mean
YOU HAVE TO LEARN ASSEMBLER, for this YOU HAVE TO LEARN BASIC FOR THE PROCESSORS FAMILIES so YOU HAVE TO LEARN IA-32 which its the one blue print for Intel and AMD too as they are not related AMD take the INTEL blue print and then produce their own PROCESSOR so its some differences on both by this learning assembler for Intel will not be the same instructions for AMD or any other, the other part its that YOU HAVE TO LEARN OS where u are doing this the same apply its not the same to develop xploits for WINDOWS than doing it for UNIX, Linux or any other so LEARN OPERATIVE SYSTEMS how much THE MORE THE BETTER.
ok at this point u want to continue, well well what can i say u have no life so lets keep moving, one u know what that heck its all of this OS IA-32, ASM, and OS then u have to learn some of debugging and we have a lot of choices around there but there are 4 TOP debuggers first two DBG and OllyDBG are some of the more old ones and there are a lot of information over the internet that will help u to understand the wander full path to the debugging tools and the newest are WinDBG from windows and immunity debugger but of course as there are a lot of people who doesn't have a life there is a lot of info too in learning who to use it, ok so we have the PC architecture, the language, the System and the debugger but guess what its very useful to do some reverse engineering to find out how to debug and what to debug and then u can take a close look at malware analyzes so this can give u a very good idea how can u place your code to work for u and that there are going to be difficult to detect u, and then of course y have to learn the technics that are often used like buffer overflows, heap spray and many other, one last point its that u really need to learn the programming language that the program that u want to xploit was build, how long will all of these take of your time that answer only belongs to u, u are the only one that can answer how much time u have to dedicate to this, and if u are good to do it or just like me an eternal dummy.
Thursday, April 18, 2013
so what is i18n, l10n and all that?
recently i have to install firefox but look at the packages and find this
firefox-13xxx
firefox-i18nxxx
so i dig on internet and find this:
Internationalization (i18n).
Localization (l10n).
Globalization (g11n).
Localizability (l12y).
firefox-13xxx
firefox-i18nxxx
so i dig on internet and find this:
Internationalization (i18n).
Localization (l10n).
Globalization (g11n).
Localizability (l12y).
“Internationalization is the design and development of a product, application or document content that enables easy localization for target audiences that vary in culture, region, or language.
Localization refers to the adaptation of a product, application or document content to meet the language, cultural and other requirements of a specific target market (a locale).”
the explination comes from here:
Thursday, April 11, 2013
block china CIDR please!
for too many days i have been dealing with china as spammer as the get some info of our users so block this ip's have been annoying i have set up a persiste file with this guys but i have just found a web page with CIDR of china so i uploaded this on pf
pfctl -tdammed-hosts -Tadd ==myscrypt==
i use simple perl to get rid of all of the useless information as the file format it is:
here is the web:
http://okean.com/asianspamblocks.html
here is the scrypt:
dont blame me am not a programmer }:)
pfctl -tdammed-hosts -Tadd ==myscrypt==
i use simple perl to get rid of all of the useless information as the file format it is:
#chinese net blocks CIDR #http://www.okean.com/chinacidr.txt #send comments, corrections, and additions to: comments20111127@okean.com #last updated 2013.03.27 0858 PST (UTC -8) 1.0.1.0/24 China 1.0.2.0/23 China 1.0.8.0/21 China 1.0.32.0/19 China
...
so with the scrypt i eliminate all but 1.0.1.0/24 this goes to screen so i just used $(scrypt) to populate pf table
here is the web:
http://okean.com/asianspamblocks.html
here is the scrypt:
dont blame me am not a programmer }:)
#!/usr/sbin/perl
use strict;
use warnings;
open(myFH, $ARGV[0]);
foreach my $line (<myFH>){
chomp$(line);
my @val = split(' ', $line);
print "$val[0]\n";
}
close(myFH);
of course no secury added to the scrypt as it is for my personal and for this situation but it works i have populated 2638 blocks for the pf table
Subscribe to:
Posts (Atom)