My l3g3nd

There is no spoon

Nginx With Microsoft AD Authentication and FastCGI Load Balancing

| Comments

Nginx is an open source fast performing web server and is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption”. Nginx has two versions one of which is open source while other (Nginx Plus) is available with paid support. I have used the open version for all my testing. Instead of writing multiple posts I have combined all that I have learned in this long post.

Error: Certificate Not Trusted.? (27) on XChat Azure

| Comments

By Default at least on Mac OS X Snow Leopard, OpenSSL is not configured to use the trusted root certificates. In order to get that working we can follow up instructions from this blog. However, the Gandi root/intermediate certificate thats being used by XChat Azure by default is not being added to Keychain Access of Mac OS X. If we try to enable SSL on XChat Azure it will fail with Connection failed. Error: certificate not trusted.? (27) error message.

Scapy - Network Enumeration (Part II)

| Comments

Its been a while since I worked on this but I have made some progress in last few days. I have added the SYN scan functionality and also added couple of lines of code to reduce the output on the terminal when the programme is executed. I will explain those at the end of this post.

SYN Scan

In this script I have defined 2 functions “synscan” and “synscan2”to provide ability to specify port range as well as specific ports to be scanned.

Authenticating Linux Machines Against Active Directory

| Comments

There are several ways to authenticate Linux servers against Microsoft Active Directory such as Samba/Winbind, Centrify, etc. During my research I came across another tool called Power Broker Identity Service (PBIS) by Beyond Trust. Beyond Trust took over a company previously known as Likewise Open and rebranded it as PBIS Open. They have released Enterprise and Community edition of PBIS. I am using Open Source edition for active directory bridging.

Scapy - Network Enumeration

| Comments

Scapy is a very powerful API that can be used to “easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery” and more can be read here. I have decided to put all together with the help of Python and create a program that can be used to enumerate any network.

This will obviously require some time so I have planned to complete the project in phases. In this initial commit I have created couple of modules that will do the ICMP ping and ARP ping.

Sending Authenticated and Encrypted Email With Python

| Comments

This script is very generic and can be used anywhere to send an authenticated email. The email is also secure because it creates a STARTTLS session making sure no one can snoop in (except NSA I guess). Also it has a logging capability which logs errors and exceptions in /var/log/syslog but then the script has to be executed with root privileges. Obviously this can be changed and logging can be enabled in any other file if running as a root in not an option. Script is pretty much self explanatory but feel free to ask if you have any questions.

SFTP File Download Script

| Comments

I have written scripts that can download files from regular FTP (unencrypted) sites using BASH and/or Python. This always left me wondering how would I do same thing if it was a SFTP (FTP via SSH) site. Since recently I bought couple of VPS (virtual private servers) so decided to set my own SFTP server and give this a shot. After lots of researching and reading I was able to download successfully from a SFTP site. I used Python’s Paramiko module to connect to server and retrieve files.

I have uploaded it to my github and sharing here as well. Feel free to modify and share it. Please let me know if something is not clear and I will be happy to assist.

OSCP - My Chronicle

| Comments

There are number of blog posts about the Offensive Security Certified Professional (OSCP) challenge but why I am writing another one? Because I had many sleepless nights, completed the daunting 24 hour challenge and above all I TRIED HARDER. I earned it!

SFTP File Upload Script

| Comments

Following is the script that can be used to upload a file to a secure ftp (SFTP) when there is a limitation of sharing ssh keys and it is okay to pass the password in the script. With above in mind additional package SSHPASS needs to be installed. SSHPASS is in the Fedora repo however it can be installed on CentOS 5.x x86_64:

1
2
3
wget -O epel.rpm https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm # Download latest  epel-release rpm
sudo rpm -Uvh epel.rpm # Install the package
sudo yum install sshpass # Install sshpass

Once everything is OK following script can be used: