You can do this stuff with netcat and inetd
apt-get install openbsd-inetd (netcat is installed by default)
nano /etc/inetd.conf
LOCALIP:443 stream tcp nowait root /bin/nc nc REMOTEIP 443
/etc/init.d/openbsd-inetd restart
Have fun!
By: Thomas Faddegon
You can do this stuff with netcat and inetd
apt-get install openbsd-inetd (netcat is installed by default)
nano /etc/inetd.conf
LOCALIP:443 stream tcp nowait root /bin/nc nc REMOTEIP 443
/etc/init.d/openbsd-inetd restart
Have fun!
Sometimes you want to test a mail application without spamming the internet with your garbage. Use can user Papercut to local test your mail application.
URL: https://github.com/ChangemakerStudios/Papercut/releases
My web hosting company don’t support subdomain SSL certificates. And because Google’s Chrome in July is required HTTPS on all websites (otherwise you get an error your website isn’t safe) I had some deadline to make my blog HTTPS. Cloudflare is a nice reverse proxy solution and the basic plan is free to use also.
So what I did was create a cloudflare account and put my website behind it. After I did that I forced the HTTPS and voila my website was HTTPS. The steps you must take.
Note: this trick will also work if you want to use cloudflare as a reverse proxy to prevent DDoS, to optimize your site security, hide your hosting party backend and make your website a lot faster. If you use a raspbery Pi for example at your home location you can put cloudflare between the visitor and your home IP and save you a lot of trouble.
Now everything is done and your website is fully HTTPS at the frontend (with automatic HTTP > HTTPS URL rewrites). Because my backend don’t have an SSL certificate all the data between cloudflare and my hosting company is still unencrypted. So this is a nasty workaround but you don’t have any problem with Chrome HTTPS problems in the near future anymore.
If you follow these steps you can create a self signed certificate with the following specifications:
Be aware that self-signed certificates can manipulate by a man-in-the-middle. You should not use this in critical production environments.
Please use windows 10 powershell in admin mode. Otherwise you will get errors
New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname *.domain.local -NotBefore $([datetime]::now.AddDays(-15)) -NotAfter $([datetime]::now.AddDays(3560))
Now export the certificates. Before you copy/paste change the thumbprint with the thumbprint you get from the above command.
$CertPassword = ConvertTo-SecureString -String "YourPassword" -Force –AsPlainText Export-PfxCertificate -Cert cert:\LocalMachine\My\C6B46CEB7D3A40DB08E78B19FEDD3A24EA7A7919 -FilePath C:\test.pfx -Password $CertPassword Export-Certificate -Cert Cert:\LocalMachine\My\C6B46CEB7D3A40DB08E78B19FEDD3A24EA7A7919 -FilePath C:\tstcert.cer
Now you can import the PFX with IIS and bind the certificate in IIS.
And import the *.CER in your MMC > Certificates > Computer account > trusted root Certification authority > Certificates
Have fun with your certificate the next 10 years 😀
Export the Private Key:
# openssl pkcs12 -in filename.pfx -nocerts -out key.pem
Remove the password from the SSL certificate (unencrypted is needed for plesk):
# openssl rsa -in key.pem -out server.key
Export the certificate:
# openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
Now upload the certificate:
And bind the certificate in your hosting settings:
There is a nice cross-platform open source tool to find out what the best DNS server is for your internet connection.
This benchmark takes some time. About +/- 15 minutes. Then you get the results in your browser:
201% faster name query performance!!! WOW!
When everything is setup you can check your DNS settings with a nice website: https://www.dnsleaktest.com/
To find the best DNS server for you start the tool at different times during the day.
Happy resolving 🙂
When you have network performance issue’s you often use speed test websites to check the network bandwidth. But mostly of the time you want to monitor the network bandwidth between two specific servers. There is a cross platform speed test utility you can use to monitor the bandwidth. The name of the tool is iperf
How it works:
If you have any connection problems with iperf try temporary turn of you firewall on both server and client. You can also play with different window sizes with the iperf -c IPSERVER -r -w 40000
For a lot of tips and tricks (even a graphical interface called jperf) check: http://openmaniak.com/iperf.php
Happy troubleshooting 😀
I had 2x HP DL 380 G6 servers with Windows 2012 R2 whit the same problem. When I start a download (I try a lot of different sites) the download drops and fluctuate. When I connect my laptop or another server on the same cable the download is stable. So my conclusion was the onboard nic.
What I tried:
Bandwidth during download:
I thought the problem must be the NIC so I added an intel pro to my server with the same result 🙁
Then I found the command netsh interface tcp show global
Output:
C:\Windows\system32>netsh interface tcp show global Querying active state... TCP Global Parameters ---------------------------------------------- Receive-Side Scaling State : enabled Chimney Offload State : disabled NetDMA State : disabled Direct Cache Access (DCA) : disabled Receive Window Auto-Tuning Level : enabled Add-On Congestion Control Provider : none ECN Capability : enabled RFC 1323 Timestamps : disabled Initial RTO : 3000 Receive Segment Coalescing State : enabled Non Sack Rtt Resiliency : disabled Max SYN Retransmissions : 2
I dived in to these settings and I found the “Receive Window Auto-Tuning Level on enabled”. So I disabled the setting with:
netsh int tcp set global autotuninglevel=disabled
After that setting the network connection to the internet was stable 🙂
I found an article on the net that Cisco PIX IOS 8.0 doesn’t support “TCP Window Scaling”. Source: http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/71613-iosfw-tcp-scaling-ts.html
So I use the workaround to disable the Automatic Windows Scaling in Windows because I can’t update our old PIX.
Problem solved 😀
When you have too many events in your zenoss environment the zenoss webinterface will be very sloooooooow. And you get all kind of errors:
When you start top you see alot of java executables when you click on the Infrastructure zenoss button. Java sometimes take 350% CPU.
java -Djetty.host=localhost -server -XX:+HeapDumpOnOutOfMemoryError -DZENOSS_COMMAND=zeneventserver -DZENHOME=/opt/zenoss -Djetty.home=/opt/zenoss -Djetty.logs=/opt/zenoss/log -Dlogback.configurationFile=/opt/zenoss/etc/zeneventserver/logback.xml -Xmx1024m -DZENOSS_DAEMON=y -jar /opt/zenoss/lib/jetty-start-7.5.3.v20111011.jar --config=/opt/zenoss/etc/zeneventserver/jetty/start.config --ini=/opt/zenoss/etc/zeneventserver/jetty/jetty.ini --pre=etc/zeneventserver/jetty/jetty-logging.xml
I’ve read a lot of zenoss documentation on the internet but didn’t found a nice article to get rid of all the events. So here is an article how I fixed it.
Basic steps:
Detailed steps:
# su zenoss
$ /opt/zenoss/bin/zenbackup -v10
$ zenoss stop
nano /opt/zenoss/bin/zeneventserver-create-db
$ zeneventserver-create-db --force --dbtype=mysql
rm -rf $ZENHOME/var/zeneventserver/*
Now some tricky part. Zenoss change some MySQL passwords when you do a restore. This result in a access denied for user zenoss@localhost during a restore. There is a fix for this problem. Reset the zenoss@’localhost’ and zenoss@’%’ MySQL passwords before you do a restore.
First get the current mysql from the global.conf file (yellow). This password is the password you need for the restore.
$nano /opt/zenoss/etc/global.conf
Tip: Too check the password (encrypted). You can do the same after you change the password:
$ mysql -uroot -p
mysql> select * from mysql.user;
Now reset the password
SET PASSWORD FOR 'zenoss'@'localhost' = PASSWORD('BEagPxxxxxxxxxxxxxxx');
SET PASSWORD FOR 'zenoss'@'%' = PASSWORD('BEagPxxxxxxxxxxxxxxx');
When you check the permissions now you see another encryption:
$ mysql -uroot -p
mysql> select * from mysql.user;
(I don’t have an image example because this is an production enviroment)
Optional: To check the zenoss user permissions:
mysql> SELECT user, host, db, select_priv, insert_priv, grant_priv FROM mysql.db;
Optional: When you still have errors or the above rights ain’t good try these two MySQL scripts:
mysql> CREATE USER 'zenoss'@'%' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'zenoss'@'localhost'
-> WITH GRANT OPTION;
mysql> CREATE USER 'zenoss'@'%' IDENTIFIED BY 'some_pass';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'zenoss'@'localhost'
-> WITH GRANT OPTION;
Ok, now everting is set do a restore. The -v stands for verbose and with the no-eventsdb you don’t restore all the events. That’s exactly what we want
zenrestore --file=/opt/zenoss/backups/zenbackup_2014013 -v --no-eventsdb
Now start zenoss
$zenoss start
That’s it. Enjoy the performance and set some parameters that your events ain’t that big any more in the future.
Source: http://www.nickyeates.com/technology/zenoss/useful_commands_zenoss4
Source: http://community.zenoss.org/docs/DOC-3048
Finally I found a nice project for my Raspberry PI 🙂 I’ll write down some notes in this post to make it easier to find back some linux commands. Please use this documentation only as a white hat hacker and for learning purposes only!!!!
First:
To break in a WPS compatible wireless access point:
Now configure the wireless with your credentials
auto lo iface lo inet loopback iface eth0 inet dhcp allow-hotplug wlan0 iface wlan0 inet manual wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf iface default inet dhcp
auto lo iface lo inet loopback iface eth0 inet dhcp iface wlan0 inet dhcp wpa-ssid "L0g0ff" wpa-psk "SomePassword" allow-hotplug wlan0 iface wlan0 inet dhcp #wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf iface default inet dhcp
Now the wireless setup is done we make our PI an IP forwarding server. So that we can do man in the middle attacks.
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 666
(needed to forward all HTTP traffic to SSLStrip)
Now the proxy is running we want to ARP spoof so that we can redirect all traffic to our PI
And now all things are set the sniffing can begin 🙂
The only thing left now is wait that the victim is going to log in a website and the username and password will write in to the ettercap.log file. With the command cat ettercap.log |grep USER you can see all the login credentials.
What did we learn?
Sources:
http://www.ikwashetniet.blogspot.nl/2012/01/wps-van-handig-hulpmiddel-naar-gapend.html
http://www.hackavision.com/2011/07/sniffing-passwords-over-wifi-connection.html