Profile cover photo
Profile photo
ian watts
About
Posts

Post has attachment
cron job for doublepulsar detection, burning, metasploit scan, and email of results
double pulsar is a major drag. it is a nasty worm that hangs out and acts as a backdoor on a system. it is propagated by smbv1 trans2 calls. fun stuff. i needed to figure out how to automate discovery, burning, and identification of vulnerable systems. o...
Add a comment...

Post has attachment
nis master server settings on cloned system
i need to change nis master server settings on cloned system. don't even ask.

commands:
# domainname <newdomainname>
# mv /var/yp/<domainname> to <newdomainname>

edit:
/etc/hosts change <hostname> to <newhostname> ; <ip> to <newip>
...
Add a comment...

Post has attachment
put pubkeys on a lot of hosts
i need to zap authorized_keys all over the place
this concatenates a file which contains sever id_rsa.pub keys.

nodes is a long list of ip addresses.

#!/bin/bash

for i in `cat nodes` ; do
cat authorized_keys.add | ssh -o Conn...
Add a comment...

Post has attachment
when crond is using /bin/sh
crond uses sh by default. that last cron script i posted, well tee is broke in sh. do this:

0 12 * * * root script.sh 2>&1 | bash -c 'tee >(/usr/bin/logger -p local6.notice -t script_tag ) >(mail -s "script output" me@here) >/dev/null'
Add a comment...

Post has attachment
debug rsyslogd
why isn't rsyslogd sending anything out?

window 1 $ tcpdump -u dst port 514
window 2 $ logger -n 6.6.6.6 -P 514 "hello god"

<no answer>

hmm. let's debug rsyslogd

$ export RSYSLOG_DEBUGLOG="/tmp/debuglog"
$ export RSYSLOG_DE...
Add a comment...

Post has attachment
dump cron script output from stdin into remote syslog & mail
dump cron script output from stdin into remote syslog & mail

because i feel important the more mail i delete (but really need to archive it on a syslog server because, well, you know).

0 12 * * * root script.sh | cat | tee >(/usr/bin/logger -p...
Add a comment...

Post has attachment
svn logs to syslog
make svn logs human readable and send off to a syslog server

in /etc/apache2/sites-enabled/000-svn

# set customlog variable
LogLevel warn
LogFormat "%{%Y-%m-%d %T}t %u@%h %>s repo:%{SVN-REPOS-NAME}e %{SVN-ACTION}e %B Bytes in %T Sec" svn...
Add a comment...

Post has attachment
apache logs to syslog
get those apache logs to a remote syslog server

syslog

in /etc/apache2/sites-enabled/000-site

ErrorLog "|/usr/bin/tee -a /var/log/apache2/error.log | /usr/bin/logger -thttpd -plocal6.err"
CustomLog "|/usr/bin/tee -a /var/log/apache2/...
Add a comment...

Post has attachment
autosploit... one more thing to worry about
yay autosploit ! for making things interesting.

this is a nice addition to the tools i have on my kali instance.
the important thing to do is:

pip install shodan
pip install blessings

if you want to be a script kiddie and hack IoT regi...
Add a comment...

Post has attachment
import ldap db dump
you have an ldap db dump called import.ldif . you need to replace
an existing ldap database with import.ldif . do this:

!/bin/bash

TIMESTAMP=$(date '+%Y%m%d%H%M')

/etc/init.d/slapd stop ;
mv /var/lib/ldap /var/lib/ldap-$TIMESTAMP ...
Add a comment...
Wait while more posts are being loaded