Thursday, 20 June 2019

Clear up space, remove old ubuntu packages:

Clear up space, remove old ubuntu packages:

sudo apt-get update && sudo apt-get autoclean && sudo apt-get clean && sudo apt-get autoremove

Friday, 28 December 2018

Simple systemd / systemctl

A basic systemd file:




The file /home/andy/test must begin with: 
#!/bin/sh -
The core systemd commands: Not type systemctl not systemd
  • sudo systemctl status test       
  • sudo systemctl restart test
  • sudo systemctl stop test
For when you add something to: /etc/systemd/system
  • sudo systemctl daemon-reload     
Sending logs to syslog from services started by systemd:
Taken from here:
Use the following properties in your systemd service unit file:
SyslogIdentifier= # without any quote
Then, assuming your distribution is using rsyslog to manage syslogs, create a file in /etc/rsyslog.d/.conf with the following content:
if $programname == '' then /path/to/log/file.log
& stop
restart rsyslog (sudo systemctl restart rsyslog)

Monday, 5 March 2018

CTF notes

Notes on doing some CTFs:

How to setup Vbox:

Grab an ubuntu image from
user:  osboxes 

Inside your vmm, Install open ssh on your slave:
sudo apt-get install openssh-server

Open the right ports on host:
VBoxManage modifyvm asdf --natpf1 "ssh,tcp,,3022,,22"
ssh/sftp in:
ssh -p 3022 osboxes@
 sftp -P 3022 osboxes@

How to wget / curl:

curl url

wget posting data and saving/loading data to/from cookie

wget url --post-data="password=ee&user=hr" --save-cookies sc.txt
wget url --load-cookies=sc.txt

Also don't forget simple developer mode and google chrome.

Vulnerabilities check:

File Loading:

* Look for files that load other files or data
* Look for string replacing that can be bypassed


* Check for session state not being cleared properly.

File Execution:

* Check the execution path: Add things to the path.

Disassemble files:

* objdump -d  file > raw
* gdb file
  • r (run)
  • c (contine)
  • b X (breakpoint at function X)
  • si (step one place forwards)
  • info registers (what is in my registers

nginx configuration

server {
        listen 80;
        server_name_in_redirect off;
        root /srv/www/;
        access_log /srv/www/;
        error_log /srv/www/;
        rewrite  ^/$  /andyboot.html  permanent;
        rewrite ^/favicon.ico$ /img/favicon.ico last;
        # Dont expose hidden files to the web
        location ~ /\. {
                return 404;
I want to talk about my old nginx config file.
  • server_name = What urls it should listen to
  • root = where to serve static files from
  • rewrite = These are interesting - if a client asks for X we redirect them to Y instead. - Here it was used in a desperate attempt to get more SEO juice by redirecting / to my name.

Wednesday, 7 February 2018

How to make things start automatically upstart

To run things on boot with upstart add a conf file to /etc/init/
Here is my windowfunctions conf file on my linode:

start on runlevel [2345]
stop on runlevel [!2345]

 chdir /home/andy/window_funcs/
 export PATH="/root/.cargo/bin:$PATH"
 export ROCKET_ENV="prod"
 echo "path is: $PATH"
 exec cargo +nightly run --release .
end script

To view the logs for upstart, all logs are stored in /var/log/upstart/:

cat /var/log/upstart/windowfunctions.log

Try adding to:

Friday, 19 January 2018

track read & writes of a grep

listen to read & write calls mac:
sudo rwsnoop -n grep
 listen to read & write calls linux:
sudo strace -n grep

Wednesday, 8 March 2017


To see system calls.

Primary resource for sysdig examples:

Get 5 seconds of system calls:
  • sudo timeout 5s sysdig -w hi.cap

Analise the file [use tab completion there are loads of functions]:
  •  IO reads & No. reads that failed: 
    • sysdig -r hi.cap evt.type=read
    • sysdig -r hi.cap evt.type=read and evt.failed = true | wc -l                    
  • Calls to IP:
    • sysdig -r hi.cap fd.ip=IP
  •  Top sys calls:
    • sysdig -r hi.cap -c topscalls
  • Speed of sys calls:
    • sysdig  -c spectrogram
 Or call sysdig directly without the snapshot file:
  • See http calls:
    • sudo sysdig -c httplog        
  • See busy containers
    •  sudo sysdig -c topcontainers_cpu    
  • See the top processes in terms of network bandwidth usage 
    • sysdig -c topprocs_net
  • View the list of containers running on the machine and their resource usage
    • sudo csysdig -vcontainers


* sudo strace
eg: to see calls made by a command:
*  sudo strace touch foo