Wednesday, July 8, 2020

Block malicious IP on Windows-MacOS commandline

Windows:
netsh advfirewall firewall add rule name="IP Block" dir=in
interface=any action=block remoteip=x.x.x.x

MacOS:
sudo echo “block drop from any to x.x.x.x” >> /ect/pf.conf” &&
sudo pfctl -e -f /etc/pf.conf

Friday, June 19, 2020

how systemd works?

systemd is 10 years old, but feelings about it in the Linux community haven’t mellowed—it’s as divisive now as it ever was. Although it’s used by many major Linux distributions, the hardcore opposition hasn’t relented.

https://www.howtogeek.com/675569/why-linuxs-systemd-is-still-divisive-after-all-these-years/

hashcat 6.0 released

The new major features of hashcat 6.0.0:

  • New plugin interface - for modular hash-modes
  • New compute-backend API interface - for adding compute APIs other than OpenCL
  • CUDA added as a new compute-backend API
  • Comprehensive plugin developer guide
  • GPU Emulation mode - for using kernel code on the host CPU
  • Better GPU memory and thread management
  • Improved auto-tuning based on available resources


https://hashcat.net/forum/thread-9303.html

Saturday, June 6, 2020

allow http/https by using firewall-cmd on RHEL 7


[root@server ~]# firewall-cmd --get-active-zones
public
  interfaces: eth0




firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload

Saturday, May 30, 2020

Tuning vim for yaml file modifications

When vi detects that you are editing a YAML file, it performs a 2-space indentation when you press the Tab key and autoindents subsequent lines.

 $HOME/.vimrc file:
autocmd FileType yaml setlocal ai ts=2 sw=2 et

Saturday, May 16, 2020

IBM QRadar: Internal CA signed certificate configuration

Web browsers give visual cues, such as a lock icon or a green bar, to make sure visitors know when their connection is secured. HTTPS also protects against phishing attacks. A phishing email is an email sent by a criminal who tries to impersonate your website.

Using a signed certificate and a dns entry for QRadar provides an extra security layer between end user and QRadar Web Console interface. 

The video content covers these topics:
- Create certificate private key with openssl 
- Create certificate sign request (csr) 
- Sign certificate with Certification Authority on Windows Server 2012 R2 
- Push ca certificate with Active Directory Group Policy on Windows Server 2012 R2 
- Create DNS entry on DNS Server on Windows Server 2012 R2 
- Import ca certificate on Mozilla Firefox 



Reference doc:
https://www.ibm.com/support/knowledgecenter/SS42VS_7.3.2/com.ibm.qradar.doc/c_qradar_adm_ssl.html

dirsearch

# Look on the service IP with the default dictionary for dirs/files with PHP and HTML extension.
$ python3 dirsearch.py -u http://159.203.178.9/ -e php,html -f
 _|. _ _  _  _  _ _|_    v0.3.7
(_||| _) (/_(_|| (_| )

Extensions: php, html | Threads: 10 | Wordlist size: 15054

Target: http://159.203.178.9/

[21:15:20] Starting:
[21:15:35] 403 -  304B  - /.ht_wsr.txt.html
[21:15:35] 403 -  303B  - /.ht_wsr.txt.php
...
[21:16:33] 200 -   11KB - /README.html
[21:19:40] 200 -  597B  - /index.html
...

Task Completed

Sunday, May 10, 2020

Containers without daemons: Podman and Buildah available in RHEL 7.6 and RHEL 8


When to use Buildah and when to use Podman

Buildah and Podman are two complementary open-source projects that  reside on GitHub: Buildah (containers/buildah) and Podman (containers/libpod). Both Buildah and Podman are command line tools that work on OCI images and containers. The two projects are related, but differ in their specialization.
Buildah specializes in building OCI images. Buildah’s commands replicate all of the commands that are found in a Dockerfile. Buildah’s goal is also to provide a lower level coreutils interface to build container images, allowing people to build containers without requiring a Dockerfile. Buildah’s other goal is to allow you to use other scripting languages to build container images without requiring a daemon.
Podman specializes in all of the commands and functions that help you to maintain and modify those OCI container images, such as pulling and tagging. It also allows you to create, run, and maintain those containers. If you can do a command in the Docker CLI, you can do the same command in the Podman CLI. In fact you can just alias podman for docker on your machine and you can then build, create and maintain container images and containers without a daemon being present, just as you always have.
Although Podman uses Buildah’s build functionality under the covers to create a container image, the two projects have differences. The major difference between Podman and Buildah is their concept of a container. Podman allows users to create traditional containers and the intent of these containers is to be controlled through the entirety of a container life cycle (pause, checkpoint/restore, etc). While Buildah containers are really created just to allow content to be added to the container image. Each project has a separate internal representation of a container that is not shared. Because of this you cannot see Podman containers from within Buildah or vice versa. However the internal representation of a container image is the same between Buildah and Podman. Given this, any container image that has been created, pulled or modified by one can be seen and used by the other.
Some of the commands between the two projects overlap significantly but in some cases have slightly different behaviors. The following table illustrates the commands with some overlap between the projects.

 Reference:

https://developers.redhat.com/blog/2018/11/20/buildah-podman-containers-without-daemons/

Additional Resources

docker.sock/v1.40/containers/json: dial unix /var/run/docker.sock: connect: permission denied

Problem:
localuser@ubuntu:~$ docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/json: dial unix /var/run/docker.sock: connect: permission denied

Solution:

localuser@ubuntu:~$ sudo su -
root@ubuntu:~# usermod -g docker localuser

localuser@ubuntu:~$ sudo su
root@ubuntu:/home/localuser# chmod 666 /var/run/docker
docker/      docker.pid   docker.sock 
root@ubuntu:/home/localuser# chmod 666 /var/run/docker.sock
root@ubuntu:/home/localuser# exit
exit
localuser@ubuntu:~$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
localuser@ubuntu:~$

Phishing templates

Zphisher is an upgraded form of Shellphish. The main source code is from Shellphish . But I have not fully copied it . I have upgraded it & cleared the Unnecessary Files . Zphisher has 37 Phishing Page Templates ; including Facebook , Twitter & Paypal . It also has 4 Port Forwarding Tools



https://github.com/htr-tech/zphisher

https://www.kitploit.com/2020/05/nexphisher-advanced-phishing-tool-for.html

https://github.com/curtbraz/Phishing-API