Manually crafted HTTP requests

If you want to mangle HTTP requests you are better of with tools like Paros or the Burp Suite. Have a look at the OWASP page for further info. However, if you would like to send them manually with telnet you can use the template below.

Warning! This template worked for me, you should adjust it for your case.

I created a small python script, http-py, available on Github do the manually queries.

PwnPi, The Pen Test Drop Box Distro for the Raspberry Pi

I recently discovered a new penetration testing distribution called PwnPi, “The Pen Test Drop Box Distro for the Raspberry Pi”.

Although the distribution itself is already very interesting, the list of tools provided by the distro is even more interesting. It is the ideal starting point if you want to build your own toolset.

6tunnel – TCP proxy for non-IPv6 applications aircrack-ng – WEP/WPA cracking program amap – a powerful application mapper arp-scan – arpRead more.

The Linux password file, /etc/passwd

The /etc/passwd file stores crucial information which is required during login on Linux systems.

A line in /etc/passwd is one entry for a user account. The fields are separated by a colon (:).

The format is as follows (note that for the purpose of formatting the display, the line is split. A real /etc/passwd file would have all the data on one line).

If the password field (2) contains an X then the encryptedRead more.

Nmap scan through TOR

TOR (https://www.torproject.org/) is a great project if you want to take care of your privacy. You can use TOR to proxy your nmap scans making it very difficult for the scanned network to find the source.

First check that you have TOR installed. It should be listening on a local network port tcp/9050.

You also need to install a package called proxychains that will proxy all the traffic through TOR. Proxychains has its configuration fileRead more.

Update ddclient

An older script that I use on OpenBSD to update ddclient hostnames. The script should run with minor modifications on Linux.

If you are unable to get your public IP from a local interface then you can use dyndns.org.

Use Dropbox with encrypted volume for backups

I use Dropbox to have online backups of my files. Dropbox already provides a good set of protection mechanisms (Two-step verification, …). If you need an additional level then Boxcryptor is worth having a look.

Unfortunately Boxcryptor is not available on Linux but it is compatible with encfs. The blog of Boxcryptor has a post describing in details how you can setup encfs on Ubuntu.

The blog post lacks some useful additional details.

Read more.

Upgrading Redmine 1.3 to 2.2

The documentation of Redmine describes the upgrade process. I upgraded from Redmine 1.3.1 to Redmine 2.2.2. On an older Ubuntu (10.04.4 LTS) the upgrade steps described in the documentation were not sufficient.

Extract the latest redmine file in your web root. I use a symlink pointing redmine to the latest version. This allows you to keep different version and provides an easy way to switch between versions. You then have to copy the different configurationRead more.

Red October – Indicators of compromise

“Red October” is a high-level cyber-espionage campaign that has been active for over 5 years and the discovery was announced on January 14, 2013 by Kaspersky Lab.

Below is a list of domains and IPs used in the attack. These lists can help system administrators spot infections on their network. The information is taken from the PDF at http://www.securelist.com/en/blog/208194092/Red_October_Indicators_of_compromise.

Tourists maps for a visit to Brugge

I live in Brugge and I’m a member of Couchsurfing, I’m always interested in every initiative that provides tourists with interesting city information.

Recently I found a map from Use-It with some interesting “things to do”. I’ve put the map in my Evernote notes.

Verify a network for open dns resolvers

DNS amplification attacks have become pesky (see below for pointers on these kind of attacks). There’s an easy way to verify if there are nameservers on your network that allow recursive queries for the “world”

Do this from a machine outside of your network (if you’d launch it from a machine inside your network chances are high that your IP is part of an ‘allowed’ list in the NS-config, thus falsifying your results).

The toolRead more.