About these ads

David Vassallo's Blog

If at first you don't succeed; call it version 1.0

Hackathon notes and links

I recently had the opportunity to participate in (my team won as it turned out… Special thanks to Ian Attard and Godwin Caruana) the Malta Information Technology Agency (MITA) Hackathon, organized by TrustedSec. I learnt a lot, thanks to David Kennedy and my team mates. I also did quite a lot of research beforehand and there is a treasure trove of information on the web that i’d like to make a note of for future reference. Maybe others will find the information here of use. Full credit goes to the respective authors of the articles:

Interesting Articles and Links:

Notes:

  • Startup nessus: /etc/init.d/nessusd start, link: http://localhost:8834
  • List SMB shares on a target from linux command line: smbclient -L 1.2.3.4
  • Connect to SMB share “Users” with guest account: smbclient \\\\192.168.12.54\\Users -U guest -N
  • Web application scanners I didn’t know of: w3af , arachni
  • Searchsploit is your friend :) http://www.securitygeeks.net/2013/01/how-to-search-for-exploits-using.html. On kali just type “searchsploit [search terms]
  • Since it’s your friend, you should update it :) here’s my script to do just that:

  • To add a new exploit that has been written for metasploit but not currently included in the framework (in Kali):
    • Create a directly called “exploits” under ~/.msf4/modules (note the name must be exploits, else metasploit won’t pick up your scripts)
    • Create a new directory of your choice under ~/.msf4/modules/exploits for example:

      mkdir ~/.msf4/modules/exploits/hackathon

    • Find the exploit you need, maybe using serchsploit, and copy into your newly created folder for example:
      Selection_015
    • Startup msfconsole and search for your exploit (I normally search for the folder name – hackathon – since I pretty much know what I placed in there)
      Selection_016
    • Run the exploit :)
About these ads

Nugget Post: Raspberry Pi: Auto starting a program on login

As part of our effort to use Raspberry Pis as SOC monitors, we eventually needed to make sure that on reboot, a browser automatically starts up showing the appropriate information. We cannot simply add this to /etc/rc.local  or /home/pi/.bashrc, since there is no GUI to actually start the browser.

The solution is to add a line to the file : /etc/xdg/lxsession/LXDE/autostart

The code to add would be similar to this:

chromium --kiosk 'http://nagiosadmin:[email protected]/check_mk'

I purposely chose the above example to illustrate another trick: you can use the format “http://username:password@serverIP” to automatically login to a site using BASIC HTTP authentication

References:

Follow

Get every new post delivered to your Inbox.

Join 160 other followers