Wednesday, May 20, 2015

pentest: plecost

What's Plecost?

Plecost is a vulnerability fingerprinting and vulnerability finder for Wordpress blog engine

Installation

Install Plecost is so easy:
$ python3 -m pip install plecost
Scan a web site si so simple:
$ plecost http://SITE.com

pentest: mz - mausezahn

Mausezahn is a free fast traffic generator written in C which allows you to send nearly every possible and impossible packet. It is mainly used to test VoIP or multicast networks but also for security audits to check whether your systems are hardened enough for specific attacks.

Mausezahn can be used for example:
  • As traffic generator (e. g. to stress multicast networks)
  • To precisely measure jitter (delay variations) between two hosts (e. g. for VoIP-SLA verification)
  • As didactical tool during a datacom lecture or for lab exercises
  • For penetration testing of firewalls and IDS
  • For DoS attacks on networks (for audit purposes of course)
  • To find bugs in network software or appliances
  • For reconnaissance attacks using ping sweeps and port scans
  • To test network behaviour under strange circumstances (stress test, malformed packets, ...)

As of version 0.38, Mausezahn supports the following protocols:
  • ARP
  • BPDU or PVST
  • CDP
  • LLDP
  • IP
  • IGMP
  • UDP
  • TCP (stateless)
  • ICMP (partly)
  • DNS
  • RTP optionally RX-mode for jitter measurements
  • Syslog

multicast test traffic:
# mz eth1 -c 0 -d 0 -A rand -a rand -B 226.1.1.1 -t udp dp=123 -P "Multicast test packet"


Linux: dropped packet stats

ifconfig

 ... 
 RX packets:522 errors:0 dropped:0 overruns:0 frame:0
 TX packets:406 errors:0 dropped:0 overruns:0 frame:0
 ...

cat /proc/net/dev

Inter-| Receive ... 
 face | bytes packets errs drop fifo frame ... 
 eth0:  87689 785 0 0 0 0 ...
 ...

cat /proc/net/udp

 so local_address rem_address ... drops
 277: 00000000:0044 00000000:0000 ... 0 
 ...

cat /proc/net/snmp

...
Tcp: ...
Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors
Udp: 453 0 0 452 0 0
...
You can also see this on a per-process basis using:

cat /proc/<pid>/net/{udp,dev,snmp}

Thursday, May 7, 2015

github command line: remember credentials for a while

$ git config --global credential.helper "cache --timeout=3600"

Howto compile Bernstein’s daemontools on Ubuntu 14.04.2 LTS

aokanx@aokanx-VirtualBox:~/Downloads/admin/daemontools-0.76$ ./package/install
Linking ./src/* into ./compile...
Compiling everything in ./compile...
sh find-systype.sh > systype
rm -f compile
sh print-cc.sh > compile
...
./load envdir unix.a byte.a
/usr/bin/ld: errno: TLS definition in /lib/x86_64-linux-gnu/libc.so.6 section .tbss mismatches non-TLS reference in envdir.o
/lib/x86_64-linux-gnu/libc.so.6: error adding symbols: Bad value
collect2: error: ld returned 1 exit status
make: *** [envdir] Error 1


Solution:
Add gcc parameter: -include /usr/include/errno.h to admin/daemontools-0.76/src/conf-cc

Compile:
aokanx@aokanx-VirtualBox:~/Downloads/admin/daemontools-0.76$ sudo ./package/install
[sudo] password for aokanx:
Linking ./src/* into ./compile...
Compiling everything in ./compile...
make: Nothing to be done for `default'.
Copying commands into ./command...
Creating symlink daemontools -> daemontools-0.76...
Making command links in /command...
Making compatibility links in /usr/local/bin...
Creating /service...
Adding svscanboot to /etc/rc.local...
Reboot now to start svscan.






Startup settings:
aokanx@aokanx-VirtualBox:~/Downloads/admin/daemontools-0.76$ cat /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

exit 0

csh -cf '/command/svscanboot &'

Wednesday, May 6, 2015