Windows:
netsh advfirewall firewall add rule name="IP Block" dir=in
interface=any action=block remoteip=x.x.x.x
MacOS:
sudo echo “block drop from any to x.x.x.x” >> /ect/pf.conf” &&
sudo pfctl -e -f /etc/pf.conf
Wednesday, July 8, 2020
Friday, June 19, 2020
how systemd works?
systemd is 10 years old, but feelings about it in the Linux community
haven’t mellowed—it’s as divisive now as it ever was. Although it’s used
by many major Linux distributions, the hardcore opposition hasn’t
relented.
https://www.howtogeek.com/675569/why-linuxs-systemd-is-still-divisive-after-all-these-years/
https://www.howtogeek.com/675569/why-linuxs-systemd-is-still-divisive-after-all-these-years/
hashcat 6.0 released
The new major features of hashcat 6.0.0:
https://hashcat.net/forum/thread-9303.html
- New plugin interface - for modular hash-modes
- New compute-backend API interface - for adding compute APIs other than OpenCL
- CUDA added as a new compute-backend API
- Comprehensive plugin developer guide
- GPU Emulation mode - for using kernel code on the host CPU
- Better GPU memory and thread management
- Improved auto-tuning based on available resources
https://hashcat.net/forum/thread-9303.html
Saturday, June 6, 2020
allow http/https by using firewall-cmd on RHEL 7
[root@server ~]# firewall-cmd --get-active-zones
public
interfaces: eth0
firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --reload
Saturday, May 30, 2020
Tuning vim for yaml file modifications
When vi detects that you are editing a YAML file, it performs a 2-space indentation when you press the Tab key and autoindents subsequent lines.
autocmd FileType yaml setlocal ai ts=2 sw=2 et
$HOME/.vimrc file:autocmd FileType yaml setlocal ai ts=2 sw=2 et
Saturday, May 16, 2020
IBM QRadar: Internal CA signed certificate configuration
Web browsers give visual cues, such as a lock icon or a green bar, to make sure visitors know when their connection is secured. HTTPS also protects against phishing attacks. A phishing email is an email sent by a criminal who tries to impersonate your website.
Using a signed certificate and a dns entry for QRadar provides an extra security layer between end user and QRadar Web Console interface.
The video content covers these topics:
- Create certificate private key with openssl
- Create certificate sign request (csr)
- Sign certificate with Certification Authority on Windows Server 2012 R2
- Push ca certificate with Active Directory Group Policy on Windows Server 2012 R2
- Create DNS entry on DNS Server on Windows Server 2012 R2
- Import ca certificate on Mozilla Firefox
Reference doc:
https://www.ibm.com/support/knowledgecenter/SS42VS_7.3.2/com.ibm.qradar.doc/c_qradar_adm_ssl.html
Using a signed certificate and a dns entry for QRadar provides an extra security layer between end user and QRadar Web Console interface.
The video content covers these topics:
- Create certificate private key with openssl
- Create certificate sign request (csr)
- Sign certificate with Certification Authority on Windows Server 2012 R2
- Push ca certificate with Active Directory Group Policy on Windows Server 2012 R2
- Create DNS entry on DNS Server on Windows Server 2012 R2
- Import ca certificate on Mozilla Firefox
Reference doc:
https://www.ibm.com/support/knowledgecenter/SS42VS_7.3.2/com.ibm.qradar.doc/c_qradar_adm_ssl.html
dirsearch
# Look on the service IP with the default dictionary for dirs/files with PHP and HTML extension. $ python3 dirsearch.py -u http://159.203.178.9/ -e php,html -f _|. _ _ _ _ _ _|_ v0.3.7 (_||| _) (/_(_|| (_| ) Extensions: php, html | Threads: 10 | Wordlist size: 15054 Target: http://159.203.178.9/ [21:15:20] Starting: [21:15:35] 403 - 304B - /.ht_wsr.txt.html [21:15:35] 403 - 303B - /.ht_wsr.txt.php ... [21:16:33] 200 - 11KB - /README.html [21:19:40] 200 - 597B - /index.html ... Task Completed
Sunday, May 10, 2020
Containers without daemons: Podman and Buildah available in RHEL 7.6 and RHEL 8
When to use Buildah and when to use Podman
Buildah and Podman are two complementary open-source projects that reside on GitHub: Buildah (containers/buildah) and Podman (containers/libpod).
Both Buildah and Podman are command line tools that work on OCI images
and containers. The two projects are related, but differ in their
specialization.
Buildah specializes in building OCI
images. Buildah’s commands replicate all of the commands that are found
in a Dockerfile. Buildah’s goal is also to provide a lower level
coreutils interface to build container images, allowing people to build
containers without requiring a Dockerfile. Buildah’s other goal is to
allow you to use other scripting languages to build container images
without requiring a daemon.
Podman specializes in all of the commands
and functions that help you to maintain and modify those OCI container
images, such as pulling and tagging. It also allows you to create, run,
and maintain those containers. If you can do a command in the Docker
CLI, you can do the same command in the Podman CLI. In fact you can just
alias
podman for docker
on your machine and you can then build, create and maintain container
images and containers without a daemon being present, just as you always
have.
Although Podman uses Buildah’s build
functionality under the covers to create a container image, the two
projects have differences. The major difference between Podman and
Buildah is their concept of a container. Podman allows users to create traditional containers
and the intent of these containers is to be controlled through the
entirety of a container life cycle (pause, checkpoint/restore, etc).
While Buildah containers are really created just to allow content to be
added to the container image. Each project has a separate
internal representation of a container that is not shared. Because of
this you cannot see Podman containers from within Buildah or vice versa.
However the internal representation of a container image is the same
between Buildah and Podman. Given this, any container image that has
been created, pulled or modified by one can be seen and used by the
other.
Some of the commands between the two
projects overlap significantly but in some cases have slightly different
behaviors. The following table illustrates the commands with some
overlap between the projects.
Reference:
https://developers.redhat.com/blog/2018/11/20/buildah-podman-containers-without-daemons/
Additional Resources
- Intro to Podman in Red Hat Enterprise Linux 7.6
- Podman—The next generation of Linux container tools
- Managing containerized system services with Podman
- Podman: Managing pods and containers in a local container runtime
- CRICTL vs Podman
- Building, running, and managing containers – Red Hat Enterprise Linux 8 documentation
- Upstream community sites: buildah.io and podman.io
- GitHub: Buildah (containers/buildah) and Podman (containers/libpod)
docker.sock/v1.40/containers/json: dial unix /var/run/docker.sock: connect: permission denied
Problem:
localuser@ubuntu:~$ docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/json: dial unix /var/run/docker.sock: connect: permission denied
Solution:
localuser@ubuntu:~$ sudo su -
root@ubuntu:~# usermod -g docker localuser
localuser@ubuntu:~$ sudo su
root@ubuntu:/home/localuser# chmod 666 /var/run/docker
docker/ docker.pid docker.sock
root@ubuntu:/home/localuser# chmod 666 /var/run/docker.sock
root@ubuntu:/home/localuser# exit
exit
localuser@ubuntu:~$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
localuser@ubuntu:~$
localuser@ubuntu:~$ docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/json: dial unix /var/run/docker.sock: connect: permission denied
Solution:
localuser@ubuntu:~$ sudo su -
root@ubuntu:~# usermod -g docker localuser
localuser@ubuntu:~$ sudo su
root@ubuntu:/home/localuser# chmod 666 /var/run/docker
docker/ docker.pid docker.sock
root@ubuntu:/home/localuser# chmod 666 /var/run/docker.sock
root@ubuntu:/home/localuser# exit
exit
localuser@ubuntu:~$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
localuser@ubuntu:~$
Phishing templates
Zphisher is an upgraded form of Shellphish. The main source code is from Shellphish . But I have not fully copied it . I have upgraded it & cleared the Unnecessary Files . Zphisher has 37 Phishing Page Templates ; including Facebook , Twitter & Paypal . It also has 4 Port Forwarding Tools
https://github.com/htr-tech/zphisher
https://www.kitploit.com/2020/05/nexphisher-advanced-phishing-tool-for.html
https://github.com/curtbraz/Phishing-API
https://github.com/htr-tech/zphisher
https://www.kitploit.com/2020/05/nexphisher-advanced-phishing-tool-for.html
https://github.com/curtbraz/Phishing-API
Subscribe to:
Posts (Atom)