moomba's blog

Using PowerShell to get Awk like results

In this example we want to convert dns or computer names to a single ip and write that single ip to a file so we can import that file into a scanner like nessus or nexpose.  Typically this would be a job for awk however, now that windows 7 comes with powershell we can utilize that to simulate awk.  
Put your computer names into the file named computernames.txt.  Next create a bat file with the following code in there.
 

Installing and Initial setup of OpenVAS on Ubuntu

First off I need to say this is just like installing the old nessus client and server, so if you are familar with that this should be a breeze for you.

 

I am running Ubuntu 10.10

start by using the apt-get installer

$ sudo apt-get install openvas-client openvas-server

 

Interesting results when using Chrome

What I used to perform this test
Chrome
Terminal from Ubuntu
Arin.net website from a different computer so I don't disturb the results.
Another terminal to gedit the results file.

So lets see what happens when you use Chrome and go to a bank
So lets use a bank that I don't use like Bank of America.
First I create my watch of the traffic.

$ watch -n 2 'netstat -nat | grep EST'

Next bring up Chrome. Type in www.bankofamerica.com.
Now check your output on your terminal. Mine looked like this.

Some Good Sites to Check for Malicious Content

I really like McAfee's http://trustedsource.org and BrightCloud located at http://www.brightcloud.com. I paste the ip that I think is bad or malicious into their reputation database. Then I can block accordingly in my firewall. To look for a particular ip address in your apache logs type the following.
grep {ip} /var/log/httpd/*

Typically your apache logs are all located in /var/log/httpd/

I also like this site. If your business does not need access to overseas or no one needs to connect to these netblocks you can use these in a block list as well.

Check your wysiwyg editors in Drupal to make sure you are running the current version

Drupal presents a false sense of Security when using wysiwyg editors.

The reason I say this is that wysiwyg module can run different editors.  For example fckeditor and ckeditor can be included in the libraries directory which is where wysisyg editor module calls editors from.   It will be located in your drupaldir/sites/all/libraries

[-] Exploit exception: Permission denied - bind(2) in Ubuntu for Metasploit

If you get this error in Ubuntu for Metasploit you need to run msfconsole as root.

so....
sudo msfconsole

The reason for this error is because you need root-permissions to bind to a port that is less than 1024.

Good Birthday Gifts

If anyone is looking for good birthday gifts for me. Here are some that I would like.

Web Application Hacker's Handbook

Natting Cisco with IOS 8.3.1

I have a situation where we merged with another institution and they use the same RFC 1918 network as we do.  We both use 172.16.x.x, subnets are a little different but the issue they need access to our network and our 172.16 will not route back to them.  

Plan:  We will use a 10 network that both institutions do not use, both parties will have a cisco 5520 running 8.3.1 code.  The reason for this write up is because the new IOS code is completely different for writing nat rules.

Access Cisco's ASDM via Linux Ubuntu

First you need to install the following if its not already installed 

sudo apt-get install gcj openjdk-6-jre cacao gij jamvm 

Now go to the management interface 192.168.1.1 or whatever you re-ip'ed it to. 

Click Run ASDM - if OpenjDK is not in the Open With then save the asdm.jnlp to your home directory. 

After that downloads you can 

chmod +x asdm.jnlp 

javaws asdm.jnlp