Archive for the ‘Shell Script’ Category

« Older Entries

xmitm: xml man in the middle

Sunday, December 16th, 2007

This post is a result of ideas and tools developed during the review of client-side applications that use the XMPP protocol to communicate with a server (opening a raw socket, not using HTTP as a transport).

The only way we could think of getting our hands on the communication was to write a small set of scripts to trick the client and encapsulate the communication inside HTTP requests that we could then manipulate using standard proxy tools such as burp.

Although the information and scripts described in this post are focussed on intercepting a XML communication, the same principles apply to man in the middle any ASCII protocol such as smtp, ftp or pop.

update: slides available here
(more…)

Popularity: 54% [?]

Posted in Networking, Ruby, Security, Shell Script | 2 Comments »

check for robots.txt

Tuesday, October 23rd, 2007

Some times it is useful to check if a given HTTP server has a robots.txt file in it. If it exist it may disclose interesting information, useful for a pentest :)
(more…)

Popularity: 29% [?]

Posted in Networking, Security, Shell Script | No Comments »

rComic: comic strip downloader

Tuesday, October 23rd, 2007

rComic is a small script to download and display Internet comic strips. To add new strips, you only need to modify the config file. And it is an interesting exercise to play with the Net::HTTP and YAML libraries.
(more…)

Popularity: 22% [?]

Posted in Ruby, Shell Script | No Comments »

ninja iptables for your server

Friday, September 14th, 2007

Security is often about layers on top of layers on top of layers… And one of these layers is usually an iptables firewall installed in your server. Let’s create a small script to provide our server with the kung-fu fighting techniques needed to defeat the black hats!!
(more…)

Popularity: 28% [?]

Posted in Networking, Security, Shell Script | No Comments »

ruby bot: email processing

Tuesday, August 7th, 2007

Pinky: Gee, Brain, what are we going to do tonight?
Brain: The same thing we do every night, try to take over the world!

Have you ever wanted to have the ability to send commands to your box using email? Use RubyBot, the brand new plugin-driven ruby script that makes the task of taking over the world a bit easier!
(more…)

Popularity: 20% [?]

Posted in Ruby, Shell Script | 2 Comments »

send files through email from the command line

Wednesday, December 20th, 2006

Every now and then I need to send by email some file to a friend or coworker or even myself. I have found that the easiest way to do this is just having a shell script that do the hard work for you.

After some research I found a set of scripts that actually do what I want (credit goes to Heiner Steven). The bad news is that this is not a full-bash solution. The scripts use the metasend command to send files as MIME atachments.

(more…)

Popularity: 28% [?]

Posted in Networking, Shell Script | No Comments »

matar: bloodlust

Friday, December 15th, 2006

Here is a tiny script that can be usefull to terminate (kill -9) all the programs which contain a certain string (i.e.: kill all the running copies of ping).

#!/bin/bash

for foo in `ps aux | grep $1 | awk '{print $2}'`;  do kill -9 $foo; done

Just run: matar <program name> and that’s it. They are all gone.

Popularity: 20% [?]

Posted in Shell Script | No Comments »

icmp timestamps

Thursday, December 14th, 2006

The Timestamp is an ICMP (rfc792) message which is used for time synchronization. The Timestamp Reply message consists of the originating timestamp sent by the sender of the Timestamp as well as a receive timestamp and a transmit timestamp.

If your machine answers ICMP Timestamp messages an attacker can learn the date which is set on your machine. This may help him to defeat all your time based authentication protocols.

(more…)

Popularity: 22% [?]

Posted in Networking, Security, Shell Script | No Comments »

replace spaces in filename

Thursday, December 14th, 2006

Just a quick tip!

You have to use the bash function ${foo//string1/string2}. Check the Advanced Bash-Scripting Guide for a complete list of string manipulating functions.

for foo in *; do mv "$foo" ${foo// /_}; done

Popularity: 20% [?]

Posted in Shell Script | No Comments »

kde desktop background auto change

Thursday, December 14th, 2006

Much in the way we did with xfce here is the way to implement de auto change feature in KDE.

This is an easy one. Although you can perform background auto change from KDE control center, it may be usefull to have a script to do the task. You can use this script to create a link in your desktop to change the background image when you want.

The KDE applications can be controlled by scripts via the DCOP mechanism. From the Wikipedia:

DCOP, which stands for Desktop COmmunication Protocol, is a light-weight interprocess and software componentry communication system. The main point of this system is to allow applications to interoperate, and to share complex tasks. Essentially, DCOP is a ‘remote control’ system, which allows an application or a script to enlist the help of other applications. It is built on top of the X Window System’s Inter-Client Exchange protocol.

(more…)

Popularity: 30% [?]

Posted in Shell Script, X Windows | No Comments »

« Older Entries