Skip to content

Instantly share code, notes, and snippets.

View ozuma's full-sized avatar

Osumi, Yusuke ozuma

View GitHub Profile
@ozuma
ozuma / squid.conf
Created March 6, 2014 19:51
squidでdenyしたログのみ別ファイルに出す
View squid.conf
acl blacklist_regex url_regex "/usr/local/squid/etc/blacklist.txt"
http_access deny blacklist_regex
...
...
access_log /var/log/squid/access.log squid
access_log /var/log/squid/deny.log squid blacklist_regex
@ozuma
ozuma / osueta.py
Last active August 29, 2015 14:02
OpenSSH User Enumeration Time-Based Attack
View osueta.py
#!/usr/bin/python
# coding: UTF-8
# OpenSSH User Enumeration Time-Based Attack
# https://cureblog.de/2013/07/openssh-user-enumeration-time-based-attack/
# 存在するユーザの場合は数十秒、存在しないユーザならば数秒で終わるため判定可能
import sys
import socket
@ozuma
ozuma / markdown.md
Last active August 29, 2015 14:04
Markdown サンプル
View markdown.md

見出し1

見出し2

見出し3

見出し4

markdownサンプル文章です。ここは地の文です。

@ozuma
ozuma / make_pkcs12.sh
Created July 23, 2014 02:34
PKCS12ファイルの作成
View make_pkcs12.sh
#!/bin/sh
openssl pkcs12 -export -inkey localhost.key -certfile ca-bundle.crt < localhost.crt > server.p12
@ozuma
ozuma / auth-dbd.conf
Created September 19, 2014 13:24
Apacheで直接DBに接続してBASIC認証するサンプル
View auth-dbd.conf
DBDriver mysql
DBDParams host=dbserver,user=dbuser,pass=dbpass,dbname=dbname
DBDPersist Off
<Location /hoge/fuga.cgi>
SSLRequrireSSL
AuthBasicProvider dbd
AuthDBDUserPWQuery "SELECT ENCRYPT('...') ... FROM tablename WHERE id = %s"
AuthName "Basic Auth"
require valid-user
@ozuma
ozuma / irssi.config
Created September 26, 2014 12:30
IRCクライアント:irssiのコンフィグで、ログ自動生成
View irssi.config
settings = {
core = {
real_name = "Unknown";
user_name = "Unknown";
nick = "Neme";
};
"fe-text" = { actlist_sort = "refnum"; };
"fe-common/core" = {
autolog = "yes";
autolog_path = "/home/ozuma/irclogs/%Y/$tag/$0.%m-%d.log";
@ozuma
ozuma / centos6-install.md
Last active August 29, 2015 14:08
Heartbleed/CCS Injection持ちのCentOS6を作る
View centos6-install.md
  • CentOS 6.5のISOファイルをダウンロードしてインストール
# yum --disablerepo=updates,extra install mod_ssl

のように、baseリポジトリからインストールする(そのまま入れるとupdatesから入っちゃう)

  • CentOS 6.4はopenssl 1.0.0なのでheartbleedが無い。
@ozuma
ozuma / ccs-injection-tool.md
Last active August 29, 2015 14:08
CCS Injection: check tool
View ccs-injection-tool.md

Metasploitのモジュールが一番ちゃんとやってるぽい

msf > use auxiliary/scanner/ssl/openssl_ccs
msf auxiliary(openssl_ccs) > set RHOSTS 192.168.204.148
msf auxiliary(openssl_ccs) > exploit

脆弱性があると、こういうメッセージが出る。

@ozuma
ozuma / error-html.txt
Created November 10, 2014 13:17
Apache error template
View error-html.txt
HTTP_BAD_GATEWAY.html.var
HTTP_BAD_REQUEST.html.var
HTTP_FORBIDDEN.html.var
HTTP_GONE.html.var
HTTP_INTERNAL_SERVER_ERROR.html.var
HTTP_LENGTH_REQUIRED.html.var
HTTP_METHOD_NOT_ALLOWED.html.var
HTTP_NOT_FOUND.html.var
HTTP_NOT_IMPLEMENTED.html.var
HTTP_PRECONDITION_FAILED.html.var
@ozuma
ozuma / proxytunnel.txt
Last active August 29, 2015 14:10
openssl + proxy
View proxytunnel.txt
http://stackoverflow.com/questions/3220419/openssl-s-client-using-a-proxy
proxytunnel -p yourproxy:8080 -d www.google.com:443 -a 7000 &
openssl s_client -connect localhost:7000 -showcerts