Tuesday, 28 June 2011

tor xchat

Lets connect to IRC using tor :)

yum install xchat -y
echo "mapaddress 10.40.40.40 p4fsi4ockecnea7l.onion" >> /etc/tor/torrc
/etc/init.d/tor restart

Setup xchat to use proxy 127.0.0.1 port 9050

Setup xchat to connect to server 10.40.40.40

Use SSL and accept invalid SSL certs
cd ~/.xchat2/
wget http://freenode.net/sasl/cap_sasl_xchat.pl

Start xchat

Confirm that sasl is loaded by running /sasl
/sasl set server_name nickname password PLAIN
/sasl save

Connect to server_name and done!

Hurray for TOR  :)

Thursday, 23 June 2011

dns enumeration

Quick note on DNS enumeration since I might not remember this tool in the morning..

Fierce will use the hosts.txt file that lives in the directory below to lookup any possible DNS A records
root@bt:/pentest/enumeration/dns/fierce# ./fierce.pl -dns domain.com -threads 5 -wide
DNS Servers for domain.com:
xns1.domain.com
xns2.domain.com

Trying zone transfer first...
Testing xns1.domain.com
Request timed out or transfer not allowed.
Testing xns2.domain.com
Request timed out or transfer not allowed.

Unsuccessful in zone transfer (it was worth a shot)
Okay, trying the good old fashioned way... brute force

Checking for wildcard DNS...
Nope. Good.
Now performing 1895 test(s)...

result snip

Subnets found (may want to probe here using nmap or unicornscan):
127.0.0.0-255 : 1 hostnames found.
194.xxx.xxx.0-255 : 8 hostnames found.
194.xxx.xxx.0-255 : 9 hostnames found.
194.xxx.xxx.0-255 : 19 hostnames found.
194.xxx.xxx.0-255 : 2 hostnames found.
212.xxx.xxx.0-255 : 3 hostnames found.

Done with Fierce scan: http://ha.ckers.org/fierce/
Found 42 entries.

Have a nice day.

Indeed we will :)

lovely sed

If you dont love sed you are not an admin. (non negotiable)

Useful notes:

Lets say we have a file named "files" that has names of rpm packages in them

Removing first character from each filename/string
cat files |sed 's/.\(.*\)/\1/'

Removing last character from each filename/string
cat files |sed 's/\(.*\)./\1/'

Removing the last three characters from every filename
cat files | sed 's/\(.*\).../\1/'

Replacing extensions  from each filename/string
cat files | sed 's/\(.*\).../\1tar/' 

This is an addition to the original post.. I found some old notes on a txt file so...

Clean chars from files
sed -i 's/#//' *
sed -i '/^$/d'
sed -i '/^M/d'


Print file in reverse
cat | filename sed '1!G;h;$!d'


Want even more? Check this and this



:)


Tuesday, 21 June 2011

iscsi trouble

What do we have today!

Netapp is awesome.... (there is always a but! and here it is!) BUT

When configuring an iscsi lun on CentOS we change first of all the initiator name:
echo 'InitiatorName=iqn.1994-05.com.redhat:somenodename > /etc/iscsi/initiatorname.iscsi

after that we try to discover our targets
iscsiadm -m discovery -t sendtargets -p xxx.xxx.xxx.xxx

Well as you would know this end up giving you as many targets as the NetApp filer has interfaces! (pretty much the same lun on all VLANS), which you cant access because you only have 2 NICs (one for the LAN and one for the storage LAN... and in the end of the day thats all you need! Anyway... so we add the interface
iscsiadm -m iface -I eth1 -o new

and change the configuration
sed -i -e '/node.startup/s/automatic/manual/g' /etc/iscsi/iscsid.conf

That is not enough though... the discovered targets are set to automatic already... soooo lets make them all to manual:
iscsiadm -m node -o update -n node.startup -v manual

and make the one we want automatic (so it doesnt take 100mins to start iscsi :P)
iscsiadm -m node -o update -n node.startup -v automatic -p xxx.xxx.xxx.xxx,3260 -I eth1

Now restart iscsi and presto!
service iscsi restart

Wooohoo! Victory!

Many thanks to Pete for helping out with this :)