Fork me on GitHub
Its the Code garbage collector. Mind dumps of daily coding antics from a frustrated silly little man. VBS, PHP, TCL, TK, PERL, C++, JAVA....what now? Ruby?
No Wait.. It should be just RUBY!

20080926

Command Line Capistrano Forked

#!/usr/local/bin/ruby

# Command Line Capistrano Forked
# (Forked version)
# written by Scott MacGregor - 2008

require 'rubygems'
require 'capistrano/configuration'
require 'stringio'
require 'optparse'
require 'syslog'


#Gather list of hosts and create capistrano role string
def monitorlist(hostlist)
commandstring = "role :sensor, "
if hostlist.respond_to? :last
hostlist.each do |hosttarget|
hosttarget == hostlist.last ? commandstring << "\"#{hosttarget.strip}\"" : commandstring << "\"#{hosttarget.strip}\", "
end
else
commandstring << "\"#{hostlist.strip}\""
end
return commandstring
end

#Perfom desired login method
def logit (outputIO, logmethod)
if logmethod
Syslog.open('monitord')
outputIO.string.each {|line|

#ignore monitord information lines
if line.include?("\[monitord\]")
next
end


#strip out tty special characters
# ^\[[33m
line.gsub!(/\^\[\[[0-9]+m/,"")
# \e[37m
line.gsub!(/\e\[[0-9]+m/,"")
# \033[31m
line.gsub!(/\\[0-9]+\[[0-9]+m/,"")

#strip out preceding stars
line.gsub!(/^\s*[*]*/,"")

line.strip!

#uncomment this line if you want STDOUT while SYSLOGING
#p line

if line.downcase.include?("fail")
Syslog.crit(line)
else
Syslog.notice(line)
end
}
end
end

# Run Forked Process
def tick(queryhost, outputIO, logmethod)
pid = fork {

pidhost = Capistrano::Configuration.new
if OPTIONS[:syslog]
pidhost.logger = Capistrano::Logger.new(:output => outputIO)
else
pidhost.logger = Capistrano::Logger.new
end
pidhost.load(File.dirname(File.expand_path(__FILE__)) + "/capfile")
pidhost.load(:string => monitorlist(queryhost.strip))

# pidhost.set :user, 'capistrano'
# pidhost.ssh_options[:username] = monitord'
# pidhost.ssh_options[:host_key] = 'ssh-dsa'
# pidhost.ssh_options[:paranoid] = false

pidhost.logger.level = OPTIONS[:debug_level]
begin
#Call the Capistrano Namespace & command to fork
pidhost.monitor.default
rescue Exception => e
puts "\t[" + queryhost.strip + "] " + " Failed to establish connection."
outputIO.puts "\t[" + queryhost.strip + "] " + " Failed to establish connection."
end

logit(outputIO, logmethod)

}
Process.waitpid(pid, Process::WNOHANG)
end


# Set default options and initializations
OPTIONS = {
:file => "monitorlist",
:syslog => false,
:debug_level => 0,
:dest => File.expand_path(File.dirname($0)),
:hostslist => ""
}
hosts=[]

#Read Command Line Options
ARGV.options do |o|
script_name = File.basename($0)

o.set_summary_indent(' ')
o.banner = "Usage: #{script_name} [OPTIONS]"
o.define_head "Run capistrano command forked from outside capistrano with additional options.\nWritten by: Scott MacGregor 2008"

o.separator ""
o.separator "Monitord options:"
o.on("-R", "--read=[val]", String,
"Read monitor host list from file",
"Default: #{OPTIONS[:file]}") { |OPTIONS[:file]| }
o.on("-L", "--hosts=[val]", String,
"List of comma seperated hosts. Encased in double quotes.", "(*OVERRIDES -R option)" ) { |OPTIONS[:hostslist]| }
o.on("-S", "--syslog",
"SYSLOG all output") { |OPTIONS[:syslog]| }

o.separator ""
o.separator "Common Usage: "
o.separator "\t./monitord --hosts=\"hostname1, hostname2\""
o.separator "\t./monitord -R \"customhosts.txt\""

o.separator ""
o.separator "Common options:"
o.on("--debug=[0-3]", Integer,
"Debug verbosity level",
"Default: #{OPTIONS[:debug_level]}") { |OPTIONS[:debug_level]| }
o.on_tail("-h", "--help", "Show this help message.") { puts o; exit }

begin
o.parse!
rescue OptionParser::InvalidOption => e
abort "-h --help Show this help message."
end

end

if OPTIONS[:hostslist] == ""
#Read standard Capistrano Role string configuration file.
File.open(File.dirname(File.expand_path(__FILE__)) + "/#{OPTIONS[:file]}").each { |line|
hosts = line[(line.index(",")+2)..-1].gsub("\"","").strip.split(',') if not line =~ /^\s*#/
}
else
#Read env option string
hosts = OPTIONS[:hostslist].split(',')
end

# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#Begin Main Loop

outputIO = StringIO.new
logmethod = OPTIONS[:syslog]

for host in hosts
tick(host.strip, outputIO, logmethod)
end

# End Main Loop
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Posted by shadowbq at 15:49 0 comments
Labels:

20080728

DNS version attempts & tools

There has been some DNS junk flying around again.. so refresh.

Dont forget how easy it is to do a DNS version attempt.

dig @ns.example.com -c CH -t txt version.bind


Make sure your BIND/Named is obfuscated/disabled with custom message..


options
{
version "Generic DNS Server";
}


Not that it helps much with fpdns around.

anonymous@:~$ fpdns -D google.com
fingerprint (google.com, 216.239.34.10): ISC BIND 8.3.0-RC1 -- 8.4.4
fingerprint (google.com, 216.239.36.10): ISC BIND 8.3.0-RC1 -- 8.4.4

Perl: (Fingerprint.PM)


Make sure your read basic DNS information like

Cisco's: DNS Best Practices, Network Protections, and Attack Identification

And understand the principles laid out in Secure BIND configurations such as:
http://www.cymru.com/Documents/secure-bind-template.html

Look into DNS Debug tools such as DNSwalk, dlint, & DOC

And for reverse lookups use where there is no PTR record try A record caches like:
Passive DNS Replication @
http://cert.uni-stuttgart.de/stats/dns-replication.php
Posted by shadowbq at 18:16 1 comments
Labels:

20080605

Simple http get request... snooze.

Lets get some basic headers using sbd.exe, nc, telnet whatever..

telnet www.microsoft.com 80
nc www.microsoft.com 80
sbd -c off www.microsoft.com 80


Enter default HTTP / GET|OPTIONS|PUT|POST|HEAD|TRACE Command
(Using Host header is only important when there is vhosting on the IP/hostname)
GET / HTTP /1.1
Host: www.microsoft.com
Press Enter twice


(Windows telnet lameness.. Turning on local echo..)
Type "Ctrl+]"
Type "set localecho"
Press Enter twice
Posted by shadowbq at 15:02 0 comments
Labels:

20080427

Digg + Idiots + RapidShare = p0wn3d


God damn it.. dumb ideas just stay around for far too long.

Ok we all know what the hell rapidshare is. It's a waste of internet space. One thing though a couple of years ago somebody dugg an article on a way to get around restrictions using a server script called rapidleech. Ok all in good fashion, but come on... you leave this open on apache server which can process php files.. and allow public upload to your server from any url.. (r57.php c99/100.php the list just goes on and on.. ) Renaming the file really helped huh..?

Just look at the multiversion google dork:
[2 years later and still 117+ zombies waiting to happen]
"Bugs Report to Rapidget.bug"

Digg idiots: http://digg.com/tech_news/RapidLeech
Posted by shadowbq at 04:51 0 comments
Labels: , , , , ,

20080416

Capistrano with highline menu.

Example Capistrano file using the highline menu system..

(Capistrano really needs some better docs.)


#example capistrano menu using highline menu system
# Published under BSD license
# written by:shadowbq - http://shad0wbq.blogspot.com
# verified on: capistrano 2.2.0 & highline 1.4.0

role :comps, "localhost"

desc "Example Highline menu"
task :menu do
Capistrano::CLI.ui.say("\nThis is with a different layout...")
Capistrano::CLI.ui.choose do |menu|
menu.layout = :one_line

menu.header = "Execute"
menu.prompt = "Application? "

menu.choice :hello do
helloworld
end
menu.choices(:skip, :exit) do
Capistrano::CLI.ui.say("Choose not to run..")
end
end

end

task :helloworld do
run "echo helloworld."
end
Posted by shadowbq at 21:05 1 comments
Labels:

20080325

Mozilla Prism & Pen-testing


Mozilla Prism , one in a series of recent site-specific-browsers(ssb) has become a fairly useful tool for me. I can run the web applications under different users (run as.. ). This allows limiting access and resources to the web application. It also allows running multiple different cookie sets at one time.

Simple example is having multiple gmail accounts logged in at one time. A more complex example is cookie manipulation while authenticated during access level enumeration.

Prism allows for the fine tuning of ssb to accommodate multiple pentesting angles.In the past I've rebranded Firefox and done similar things as running as guest users, but it was never this easy.

Prism and Flash on Windows
Its is pretty simple to enable your plugins (not talking extensions here.. ) on Prism on a windows system. All you have to do is copy your {program files}\Mozilla Firefox\plugins directory to your {program files}\Prism\Plugins directory. The Prism plugins directory doesnt exist by default and needs to be created. You may also want to copy the files into the XULRunner plugins directory. XUL runner handles any XUL apps that may depend on those plugins as well.
Posted by shadowbq at 14:57 0 comments
Labels: , ,
Subscribe to: Posts (Atom)