Capture SMTP Email
tcpdump -nn -l port 25 | grep -i 'MAIL FROM\|RCPT TO'
Extract HTTP Passwords in POST Requests
tcpdump -s 0 -A -n -l | egrep -i "POST /|pwd=|passwd=|password=|Host:"
Capture FTP Credentials and Commands
AysadKozanoglu
/ wp.config.php
Created
May 30, 2019 19:25
Disable admin-ajax on the front-end of WordPress sites and cache the resulting 404.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if( | |
| strpos( $_SERVER['HTTP_REFERER'], 'wp-admin' ) === false && | |
| strpos( $_SERVER['REQUEST_URI'], 'admin-ajax.php' ) !== false | |
| ) { | |
| header( 'Cache-Control: max-age=30000, must-revalidate' ); | |
| header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', strtotime( '+5000 minutes' ) ) . ' GMT' ); | |
| header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s', strtotime( '-5000 minutes' ) ) . ' GMT' ); | |
| header( $_SERVER["SERVER_PROTOCOL"]." 404 Not Found" ); | |
| die; |
AysadKozanoglu
/ capture Passwords tcpdump.md
Created
February 12, 2019 13:33
get plain passwords with tcpdump
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### KERNEL TUNING ### | |
| # Increase size of file handles and inode cache | |
| fs.file-max = 2097152 | |
| # Do less swapping | |
| vm.swappiness = 10 | |
| vm.dirty_ratio = 60 | |
| vm.dirty_background_ratio = 2 |
This is an example configuration to have nginx output JSON logs to make it easier for Logstash processing. I was trying to get nginx > Filebeat > Logstash > ES working and it wasn't until I connected Filebeat directly to Elasticsearch that I saw the expected data. Google led me to ingest-convert.sh and I realized filebeat setup works for Filebeat > ES but not Filebeat > Logstash > ES. This is because Logstash does not use ingest pipelines by default. You have to enable them in the elasticsearch output block.
Having nginx log JSON in the format required for Elasticsearch means there's very little processing (i.e. grok) to be done in Logstash. nginx can only output JSON for access logs; the error_log format cannot be changed.
Extra fields are output and not used by the Kibana dashboards. I included them in case they might be useful. Since they are not declared in the filebeat setup, their default is "string" when yo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- encoding: utf-8 -*- | |
| # requires a recent enough python with idna support in socket | |
| # pyopenssl, cryptography and idna | |
| from OpenSSL import SSL | |
| from cryptography import x509 | |
| from cryptography.x509.oid import NameOID | |
| import idna | |
| from socket import socket |
AysadKozanoglu
/ rsync_best_fast_muster.md
Last active
July 31, 2019 14:48
rsync best fast file transfer muster (90MB/s on a 1Gbit NIC)
#auhtor: Aysad Kozanoglu
realizing a file transfer over 50MB-90MB/s on 1Gbit NIC
from remote to local
rsync -avHAXx --numeric-ids --progress -e "ssh -T -c arcfour -o Compression=no -x" user@[source]:[source_dir] [dest_dir]
AysadKozanoglu
/ remote_backup_server_data.sh
Created
November 8, 2017 11:22
3 days retain backup solutio n for remote server data
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| #author: Aysad Kozanoglu | |
| # | |
| # | |
| # Directory in which to store the backups | |
| ROOT_DIR=/mnt/backup | |
| REMOTE_USER=root | |
| REMOTE_PATH=/mnt/drbd/var/mail/vmail/espresto.com |
AysadKozanoglu
/ net_scans.txt
Created
October 5, 2017 15:05
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| nbtscan 192.168.1.0-192.168.1.255 | |
| detail info host | |
| nmap -A 192.168.1.8 | |
| get most ports | |
| nmap --script smb-os-discovery 192.168.1.8 | |
| get mac adress ips hostnames | |
| nmap -sP 192.168.1.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort |
AysadKozanoglu
/ using-auto-backup-vim.md
Created
July 19, 2017 11:19
— forked from nepsilon/using-auto-backup-vim.md
Using auto backup with Vim — First published in fullweb.io issue #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # wp-secure.conf | |
| # | |
| # | |
| # This file includes common security considerations for wordpress using nginx. | |
| # | |
| # The goal is to block actions which are usually dangerous to wordpress. | |
| # Additionally, we block direct access to PHP files and folders which should not | |
| # be accessed directly from a browser. | |
| # | |
| # Also have included exceptions for plugins that are known to require this access. |
NewerOlder