Monday, 23 September 2019

Slicing giant files



Use 'dd' to copy (in this case 3) blocks of data from the giant file to the output:

dd  if=giant.json count=3 of=output.json

trucate could also work.

For JSON jq is a great tool:

Here we are catting json and selecting entries with messages length > 0
cat ~/giant.json  | jq -cn --stream 'fromstream(1|truncate_stream(inputs))' | jq 'select((.messages | length) > 0)

Tuesday, 30 July 2019

Use of * in bash

Bash will parse and expand special args before your commands.

Hence echo * will list files in your dir like ls.


Consider the following interresting case copied from SO. A directory has these contents:
  • test (regular file)
  • test1 (directory)
  • test2 (directory)
  • test3 (directory)
If you then type `mv *` something seemingly weird happens: test3 is there, but the rest is gone. While weird at first, it makes sense once you understand what bash actually passes to `mv`. Because of the asterisk, bash interprets mv * as mv test test1 test2 test3, and when mv gets that list, it'll assume that the last arguement is the destination, which is where all of the files would've been moved.

Thursday, 20 June 2019

Clear up space, remove old ubuntu packages:

Clear up space, remove old ubuntu packages:

sudo apt-get update && sudo apt-get autoclean && sudo apt-get clean && sudo apt-get autoremove

Friday, 28 December 2018

Simple systemd / systemctl

A basic systemd file:

[Unit]
Description=test

[Service]
User=andy
Type=simple
ExecStart=/home/andy/test

[Install]
WantedBy=multi-user.target

The file /home/andy/test must begin with: 
#!/bin/sh -
The core systemd commands: Not type systemctl not systemd
  • sudo systemctl status test       
  • sudo systemctl restart test
  • sudo systemctl stop test
For when you add something to: /etc/systemd/system
  • sudo systemctl daemon-reload     
Sending logs to syslog from services started by systemd:
Taken from here:
https://stackoverflow.com/questions/37585758/how-to-redirect-output-of-systemd-service-to-a-file
           
Use the following properties in your systemd service unit file:
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier= # without any quote
Then, assuming your distribution is using rsyslog to manage syslogs, create a file in /etc/rsyslog.d/.conf with the following content:
if $programname == '' then /path/to/log/file.log
& stop
restart rsyslog (sudo systemctl restart rsyslog)

Monday, 5 March 2018

CTF notes

Notes on doing some CTFs:

How to setup Vbox:

Grab an ubuntu image from osboxes.org
user:  osboxes 
pass:  osboxes.org

Inside your vmm, Install open ssh on your slave:
sudo apt-get install openssh-server

Open the right ports on host:
VBoxManage modifyvm asdf --natpf1 "ssh,tcp,,3022,,22"
ssh/sftp in:
ssh -p 3022 osboxes@127.0.0.1
 sftp -P 3022 osboxes@127.0.0.1

How to wget / curl:

curl url

wget posting data and saving/loading data to/from cookie

wget url --post-data="password=ee&user=hr" --save-cookies sc.txt
wget url --load-cookies=sc.txt

Also don't forget simple developer mode and google chrome.

Vulnerabilities check:

File Loading:

* Look for files that load other files or data
* Look for string replacing that can be bypassed

Login:

* Check for session state not being cleared properly.

File Execution:

* Check the execution path: Add things to the path.



Disassemble files:

* objdump -d  file > raw
* gdb file
  • r (run)
  • c (contine)
  • b X (breakpoint at function X)
  • si (step one place forwards)
  • info registers (what is in my registers

nginx configuration

server {
        listen 80;
        server_name nuclearcarrot.co.uk www.nuclearcarrot.co.uk;
        server_name_in_redirect off;
        root /srv/www/nuclearcarrot.com/nuclearcarrot/;
        access_log /srv/www/nuclearcarrot.com/logs/access.log;
        error_log /srv/www/nuclearcarrot.com/logs/error.log;
        rewrite  ^/$  /andyboot.html  permanent;
        rewrite ^/favicon.ico$ /img/favicon.ico last;
 
        # Dont expose hidden files to the web
        location ~ /\. {
                return 404;
        } 
I want to talk about my old nginx config file.
  • server_name = What urls it should listen to
  • root = where to serve static files from
  • rewrite = These are interesting - if a client asks for X we redirect them to Y instead. - Here it was used in a desperate attempt to get more SEO juice by redirecting / to my name.

Wednesday, 7 February 2018

How to make things start automatically upstart

To run things on boot with upstart add a conf file to /etc/init/
Here is my windowfunctions conf file on my linode:


start on runlevel [2345]
stop on runlevel [!2345]

script
 chdir /home/andy/window_funcs/
 export PATH="/root/.cargo/bin:$PATH"
 export ROCKET_ENV="prod"
 echo "path is: $PATH"
 exec cargo +nightly run --release .
end script

To view the logs for upstart, all logs are stored in /var/log/upstart/:

cat /var/log/upstart/windowfunctions.log

Try adding to:
/etc/rc0.local