You are viewing jackal

Agnus Dei's Journal

> recent entries
> calendar
> friends
> profile
> previous 20 entries

Friday, May 8th, 2015
8:59 pm
test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready"

(comment on this)

Sunday, May 3rd, 2015
9:27 pm - How to get the number of physical CPU's on a mac

$ sysctl -n hw.physicalcpu

4

$ sysctl -n hw.ncpu

8

(comment on this)

Saturday, April 25th, 2015
10:42 pm - How to delete your google search history

Step 1: Sign into your Google account.

Step 2: View your Web & App Activity

Step 3: In the top right corner of the page, click the cog icon and select “Remove Items.”

Step 4: Choose time period for which you want to delete items. To delete your entire history, select “The Beginning of Time.”

Step 5: Click “Remove.”

(comment on this)

Thursday, April 16th, 2015
3:48 pm - Script for getting IOPS of AWS Volume
https://github.com/jackal242/brads_scripts/blob/master/get_aws_volume_iops.sh

(comment on this)

11:45 am - How to get VolumeWriteOps in units of Ops/s from AWS CloudWatch from the command line.
# export PERIOD=3600; aws cloudwatch get-metric-statistics --metric-name VolumeWriteOps --start-time `date -d '1 hour ago' "+%Y-%m-%dT%H:%M:%S"` --end-time `date "+%Y-%m-%dT%H:%M:%S"` --period $PERIOD --namespace AWS/EBS --statistics Sum --dimensions Name=VolumeId,Value=vol-XXXXXXXX --region us-east-1 | grep Sum | egrep -o [0-9.]* | awk -v PERIOD=$PERIOD {'print $1/PERIOD'}
340.86

(comment on this)

Thursday, March 26th, 2015
3:45 pm - So if it's "headless" on a remote server, then why does it have an X11 requirement?
This is the sort of thing that makes me bang my head into my desk.

Trying to convert a bunch of .doc files to .pdf's. I want to use libreoffice to convert them.

I ssh into the remote box and run the command and I get a X11 error:
[%]$ libreoffice --headless --invisible --convert-to pdf --outdir /tmp /tmp/test.doc
/usr/lib64/libreoffice/program/soffice.bin X11 error: Can't open display:
   Set DISPLAY environment variable, use -display option
   or check permissions of your X-Server
   (See "man X" resp. "man xhost" for details)


Once I enabled X11 Forwarding to the remote server, reconnect with a new session, and it works:
[%]$ libreoffice --headless --invisible --convert-to pdf --outdir /tmp /tmp/test.doc
Gtk-Message: Failed to load module "canberra-gtk-module"
convert /tmp/test.doc -> /tmp/test.pdf using writer_pdf_Export


So if it's "headless" on a remote server, then why does it have an X11 requirement?

(comment on this)

Monday, March 23rd, 2015
11:42 am - Script for getting AWS drive information
Script for getting AWS drive information
[~]# cat /usr/local/devops/bin/get_aws_drive_info
#!/bin/bash
 
for i in `wget -q -O - http://169.254.169.254/latest/meta-data/block-device-mapping/`; do 
 if [ "$i" == "ami" ] ; then
  continue
 fi
 wget -q -O - http://169.254.169.254/latest/meta-data/block-device-mapping/$i; 
 echo : $i; 
done



Results Example:
[~]# /usr/local/bin/get_aws_drive_info
sdf: ebs1
sdg: ebs2
sdh: ebs3
sdw: ebs4
sdx: ebs5
sdy: ebs6
sdz: ebs7
sdb: ephemeral0
sdc: ephemeral1
/dev/xvda: root

(comment on this)

Thursday, March 19th, 2015
5:06 pm - GHOST (note to self)
This is the good write up on GHOST you are looking for:

http://www.openwall.com/lists/oss-security/2015/01/27/9

(comment on this)

Monday, March 16th, 2015
8:56 am - Reformatting the output of tripwire to make it human friendly
The output of tripwire is very difficult to deal with. It makes for pretty reports, and yes I know there's an XML option, but I just wanted a very simple output that's easy to read. Enter sed for the solution:


/usr/sbin/tripwire --check  | sed '/:$/h;/^".*"$/!d;G;s/^"\(.*\)"\n\(.*\)/\2\1/' | sort
Added:/etc/rc.d/init.d/0
Added:/etc/rc.d/init.d/atop
Added:/etc/rc.d/init.d/blk-availability
Added:/etc/rc.d/init.d/boundary-meter
Added:/etc/rc.d/init.d/cloud-config
Modified:/proc/self
Modified:/usr/sbin/accton
Modified:/usr/sbin/addgnupghome
Modified:/usr/sbin/alternatives
Modified:/usr/sbin/anacron
Modified:/usr/sbin/apachectl
Removed:/usr/sbin/makewhatis
Removed:/usr/sbin/tunelp
Removed:/usr/lib/rpm/fileattrs/maven.attr
Removed:/usr/lib/rpm/fileattrs/osgi.attr

(comment on this)

Monday, March 9th, 2015
5:35 pm - Following a series of 302 redirects
# curl -s -L -v www.espn.com 2>&1 |  egrep "Location|HTTP"
> GET / HTTP/1.1
< HTTP/1.1 301 Moved Permanently
< Location: http://espn.go.com/
> GET / HTTP/1.1
< HTTP/1.1 200 OK

(comment on this)

Saturday, February 21st, 2015
11:47 pm - Sort a file by last name / last column

awk '{print $NF, $0}' /tmp/foo |sort | sed 's/[^\ ]*//' |sed 's/[^a-zA-Z]*//'

(comment on this)

Thursday, February 5th, 2015
12:49 pm - Commands needed to Automate Addition of Encrypted EBS LVM volume
I wrote a perl script to do all this automatically for you  ---> https://github.com/jackal242/brads_scripts/blob/master/attach_encrypted_volume.pl



Keep in mind what Amazon calls /dev/sdp will get renamed to /dev/xvdp under the Linux kernel.

There are just the commands needed.  And the reason you see ec2-describe-volumes repeated is because i keep running it until i see it's online.  And then again inside a loop until I see it's "Attached".


/usr/local/ec2/bin/ec2-create-volume -s 60 --region us-west-2 --encrypted -t gp2 -z us-west-2a              
/usr/local/ec2/bin/ec2-create-tags --region us-west-2 vol-90210abc --tag "Name=hostname-foo-01:/dev/sdp:60GB-volume"
/usr/local/ec2/bin/ec2-describe-volumes --region us-west-2 vol-90210abc
/usr/local/ec2/bin/ec2-describe-volumes --region us-west-2 vol-90210abc
/usr/local/ec2/bin/ec2-attach-volume vol-90210abc -i i-abcdefgh --region us-west-2 -d /dev/sdp
/usr/local/ec2/bin/ec2-describe-volumes --region us-west-2 vol-90210abc
/usr/local/ec2/bin/ec2-describe-volumes --region us-west-2 vol-90210abc
ssh -l root hostname-foo-01 fdisk -l |grep -A5 /dev/xvdp
ssh -l root hostname-foo-01 /sbin/pvcreate /dev/xvdp
ssh -l root hostname-foo-01 /sbin/pvscan
ssh -l root hostname-foo-01 /sbin/vgcreate autovg00 /dev/xvdp
ssh -l root hostname-foo-01 /sbin/lvcreate -l 100%VG -n lv00 autovg00
ssh -l root hostname-foo-01 /sbin/mkfs -t ext4 /dev/autovg00/lv00
ssh -l root hostname-foo-01 /usr/bin/file -sL /dev/autovg00/lv00
ssh -l root hostname-foo-01 mkdir -p /encrypted
ssh -l root hostname-foo-01 /bin/mount /dev/autovg00/lv00 /encrypted

(comment on this)

Thursday, January 29th, 2015
9:38 am - Office Fan
Worlds best office fan.  Super Super Super quiet.

http://www.amazon.com/O2-Cool-Battery-Operated-Portable/dp/B00CAO2VQK/ref=sr_1_7?ie=UTF8&qid=1422542156&sr=8-7&keywords=o2-cool+fan

(comment on this)

Tuesday, January 27th, 2015
1:20 am - Facebook is down
Facebook is down.

Completely down down down.

(comment on this)

Saturday, January 10th, 2015
11:15 pm - Get your Edit Privacy URLS


STEP 1:

Testing 2010-01-11 (1263186000 to 1263272400)


# curl -s -b cookie.txt -c cookie.txt "https://m.facebook.com/807540200/allactivity?timeend=1263186000&timestart=1263272400" | egrep -o "a class[^<]+" |grep "Edit Privacy" |egrep -o "/privacyx[^\"]+" |  sed "s/amp;//g"
/privacyx/selector/?redir=https%3A%2F%2Fm.facebook.com%2F807540200%2Fallactivity%3Ftimeend%3D1263186000%26timestart%3D1263272400&ci=295437952648&ct=4&as=1&gfid=AQDwiEZYWJ6oonti
/privacyx/selector/?redir=https%3A%2F%2Fm.facebook.com%2F807540200%2Fallactivity%3Ftimeend%3D1263186000%26timestart%3D1263272400&ci=304176123102&ct=4&as=1&gfid=AQAHrbp9uRZXtvzj
/privacyx/selector/?redir=https%3A%2F%2Fm.facebook.com%2F807540200%2Fallactivity%3Ftimeend%3D1263186000%26timestart%3D1263272400&ci=310596156214&ct=4&as=1&gfid=AQA0p1GaaGqt-A85
/privacyx/selector/?redir=https%3A%2F%2Fm.facebook.com%2F807540200%2Fallactivity%3Ftimeend%3D1263186000%26timestart%3D1263272400&ci=279089747694&ct=4&as=1&gfid=AQBwh-DzkNd4md_I
/privacyx/selector/?redir=https%3A%2F%2Fm.facebook.com%2F807540200%2Fallactivity%3Ftimeend%3D1263186000%26timestart%3D1263272400&ci=282013462469&ct=4&as=1&gfid=AQAqGDL_7b0SwPgw
/privacyx/selector/?redir=https%3A%2F%2Fm.facebook.com%2F807540200%2Fallactivity%3Ftimeend%3D1263186000%26timestart%3D1263272400&ci=321065103708&ct=4&as=1&gfid=AQCKG9i02iE6BexA
/privacyx/selector/?redir=https%3A%2F%2Fm.facebook.com%2F807540200%2Fallactivity%3Ftimeend%3D1263186000%26timestart%3D1263272400&ci=318409680568&ct=4&as=1&gfid=AQBZIzdS-KTrHVkn
/privacyx/selector/?redir=https%3A%2F%2Fm.facebook.com%2F807540200%2Fallactivity%3Ftimeend%3D1263186000%26timestart%3D1263272400&ci=316021305129&ct=4&as=1&gfid=AQDv7Z6211lrrQjB
/privacyx/selector/?redir=https%3A%2F%2Fm.facebook.com%2F807540200%2Fallactivity%3Ftimeend%3D1263186000%26timestart%3D1263272400&ci=310989246557&ct=4&as=1&gfid=AQAifFiqUsnL_j0o
/privacyx/selector/?redir=https%3A%2F%2Fm.facebook.com%2F807540200%2Fallactivity%3Ftimeend%3D1263186000%26timestart%3D1263272400&ci=276772527701&ct=4&as=1&gfid=AQDoCnTN1Yk_h2sW

STEP 2

# curl -s -b cookie.txt -c cookie.txt "https://m.facebook.com/privacyx/selector/?redir=https%3A%2F%2Fm.facebook.com%2Fbrad.allison%3Fv%3Dfeed&ci=10155163058820201&ct=4&sel=300645083384735&as=1&gfid=AQA2_qXa3wowH6FI&refid=17&_ft_" | egrep -o "Friends.*Only Me" | egrep -o "/a/privacy[^\"]+" | sed "s/amp;//g"
/a/privacy/?px=286958161406148&cnf=10155163058820201&rd=https%3A%2F%2Fm.facebook.com%2Fbrad.allison%3Fv%3Dfeed&ist=4&gfid=AQCmxT1xPFZEaoyh

STEP 3

# curl -s -b cookie.txt -c cookie.txt "https://m.facebook.com/a/privacy/?px=286958161406148&cnf=10155163058820201&rd=https%3A%2F%2Fm.facebook.com%2Fbrad.allison%3Fv%3Dfeed&ist=4&gfid=AQCmxT1xPFZEaoyh

(comment on this)

11:02 pm - Changing the privacy settings to Only Me
# curl -s -b cookie.txt -c cookie.txt "https://m.facebook.com/privacyx/selector/?redir=https%3A%2F%2Fm.facebook.com%2Fbrad.allison%3Fv%3Dfeed&ci=10155163058820201&ct=4&sel=300645083384735&as=1&gfid=AQA2_qXa3wowH6FI&refid=17&_ft_" | egrep -o "Friends.*Only Me" | egrep -o "/a/privacy[^\"]+" | sed "s/amp;//g"
/a/privacy/?px=286958161406148&cnf=10155163058820201&rd=https%3A%2F%2Fm.facebook.com%2Fbrad.allison%3Fv%3Dfeed&ist=4&gfid=AQCmxT1xPFZEaoyh

(comment on this)

10:43 pm - Deleting any facebook post:
Deleting any facebook post:

$ curl -s -b cookie.txt -c cookie.txt "https://m.facebook.com/delete.php?perm&story_permalink_token=S%3A_I807540200%3A10155162973905201" | egrep -o "/a/[^\"]+" | sed "s/amp;//g"
/a/delete.php?perm&story_permalink_token=S%3A_I807540200%3A10155162973905201&gfid=AQDCGe6rHXBjMk14

Then call that URL that's returned and the post is deleted.

(comment on this)

12:26 am - fbcmd foo
fbcmd savepref -update_branch=beta

fbcmd update


fbcmd go access

fbcmd go auth

fbcmd auth XXXXXX

fbcmd savepref -show_id=1

fbcmd savepref -stream_show_postid=1

fbcmd FSTREAM -sid=1 firstname.lastname 1

fbcmd COMMENT 100004059631009_617554901723159 "Brad was here"

fbcmd LIKE 100004059631009_617554901723159

(comment on this)

Thursday, January 8th, 2015
1:46 am - How to bypass Facebook's Multifactor Authentication (MFA).
PREFACE:

Before going into how to bypass Facebook's Multifactor Authentication, I just need to point out I did contact and report this issue to Facebook via their "Bug Bounty" program. The security administrators at Facebook reviewed it and said this was not an exploit, and things were functioning "as expected."

That said, I'm free to move forward with writing up what I found.

CONTEXT:

Facebook has implemented MFA IMHO incorrectly. The set it up so you can enable MFA via a third party application on your phone like Google's "Google Authenticator."

They've implemented it on a per "Trusted Browser" basis, which leads Facebook users into a false since of security. The idea is that if someone were to steal your password, they would not be able to access your account from another location (Non-Trusted Browser) because it would prompt them for your MFA Token, and only you can generate that via the Google Authenticator app on your phone.

THE PROBLEM:

The problem is they are misleading their users. They are not really allowing it on a "Trusted Browser" basis and location is not even a factor in determining whether or not to prompt the user for a MFA Token.

What they are calling a "Trusted Browser" is really a cookie file. So if you steal the cookie file, you can log into your account as you and steal personal information (private posts) from any location (like a hacker would do) and even though you've enabled MFA on your account, the hacker would never be prompted for a MFA Token.

That's why I reported it.

THE EXAMPLE/HOW-TO:

1- First you'll need to log into facebook and have a valid session ID saved in your cookie file. For this example, we'll use Firefox as our Browser.

2- Then, once you've logged into Firefox, we steal the cookies. For this example just export the cookie file. I wrote a script a while back that does this: get_cookie_file.sh .

3- Once you have the cookie file you can do anything you want to access, pull information from the account from anywhere and at no point will you be prompted for a MFA Token.

Here's an example (username replaced with "username" because it's not relevant to the example):


Notice in this example, I'm using curl as my client which is NOT in my "Trusted Browser" list to call the cookie.txt file to log into m.facebook.com and pull my PRIVATE "ONLY ME" Facebook posts for the timestart=1259654400 until timeend=1262332799 which is in EPOCH TIME for start time of "Tue, 01 Dec 2009 08:00:00 GMT" until end time of "Fri, 01 Jan 2010 07:59:59 GMT."

Notice how at no time did it prompt me for my MFA Token.

(comment on this)

Monday, December 8th, 2014
10:04 am - Sample Perl script for saving and retrieving last run time stamps

#!/usr/bin/perl
####################################################
####################################################
####################################################
use Storable qw/store retrieve/;


####################################################
# my's
####################################################
my $debug=1;
my $this_time_stamp=`/bin/date +%s%3N`;  #Epoch time in milliseconds
chomp($this_time_stamp);
my $run_time_file="/var/tmp/mysample_last_run_timestamp.dat";  # File to save into


################################################################
# Main
################################################################
retrieve_last_run_timestamp();
save_this_run_time_stamp();


################################################################
# Save this run time stamp
################################################################
sub save_this_run_time_stamp {
        if (defined $this_time_stamp) {
                print "DEBUG: SAVING : This time stamp = $this_time_stamp \n" if ($debug);
                defined store \$this_time_stamp, $run_time_file or die( "could not save time to '$run_time_file'\n" );
                print "DEBUG: SAVED : saved this run time file data: $run_time_file\n" if ($debug);
        } else {
                print "ERROR: no last time stamp to save.\n" if ($debug);
        }
}



################################################################
# Retrieve last run timestamp
################################################################
sub retrieve_last_run_timestamp {
        if ( -e $run_time_file ) {
                print "DEBUG: RETRIEVING:  reading in last run time file data: $run_time_file\n" if ($debug);
                $last_run_time = $ {retrieve $run_time_file} ;
                print "DEBUG: RETRIEVED: Last run time stamp = $last_run_time\n" if ($debug);
        } else {
                print "DEBUG: No last run time file for $log_file\n";
        }

}

(comment on this)


> previous 20 entries
> top of page
LiveJournal.com