twice in the last week i have needed to send a quick email from the command line. here’s how:

telnet 1.2.3.4 25

HELO domain.name
MAIL FROM: test@domain.name
RCPT TO: recepient@domain.name
DATA
Subject:subject line here

this is the
body of your
email.
.
QUIT

note: there has to be a blank line under the subject line.

source: http://www.yuki-onna.co.uk/email/smtp.html


read more

i needed to mount a windows share from my ubuntu box the other day, and while this is quick and easy from the gui, i wanted to do it from the command line (just in case).

to mount a windows share from the command line (this is on ubuntu 10.04), you can running the following command:

sudo mount -t cifs //1.2.3.4/c$ /media/smb_mount/ -o username=domain/user,iocharset=utf8,file_mode=0777,dir_mode=0777

obviously your mount point of /media/smb_mount would have to exist.


read more

recently i spoke at a conference about a network upgrade i did at a previous job.

the upgrade was a very difficult, but rewarding process, and has become one of my favorite topics to speak about.

topics i covered included the basics/easy stuff:

  • anti-virus
  • content filtering
  • password policies
  • firewalls

all the way to the not so common or more complex:

  • egress firewall rules
  • patching (system & OS)
  • running with user rights
  • software restriction policies/GPO’s

here is the prezi from the talk:


read more

vlan abuse

this is a quick post about vlan hacking abuse.

specifically, this post will cover how to abuse cisco switches and the DTP (dynamic trunking protocol).

why is this important? typically, most environments segment out servers, workstations, management, etc, into different vlans. if they (mis)configure the switch, you could potentially jump onto the management subnet (where things are usually much less protected) from a user subnet.

in a nutshell, we are taking advantage of a misconfigured switch, not really doing any “hacking”.


read more

every once in a while i run into an issue where i have some log file on a microsoft sql server that has not been properly configured and is taking up a hundred gigs.

and inevitably, i end up spending the next 20 minutes to find a proper example of how to truncate the logs. so, instead of searching again, i am posting it on my site ;)

WARNING: don’t do this unless you have backups or you really, really don’t want to roll your database back. your deleting transaction logs, so while it won’t hurt your working database, it will prevent you from rolling back to yesterday. ye be warned.

in this case, i am running these commands on a microsoft sql server 2005 install, but i would presume it to work on sql 2008 or 2012, although i haven’t tested it.

here is the code:

-- specify database and show database & log statistics
use dbname
exec sp_helpfile

-- truncate the log
USE dbname
GO
BACKUP LOG dbname WITH TRUNCATE_ONLY
GO
DBCC SHRINKFILE (dbname_log, 1)
GO
DBCC SHRINKFILE (dbname_log, 1)
GO

--show statistics after truncating
exec sp_helpfile

reference/disclaimer: this code is from http://www.sqlcleanup.com/2008/sql-2005-truncating-log-files-and-recovering-space/ and is not my work, i just can’t always find it in a pinch.


read more

recently i was asked to implement a solution to mirror a massive amount of traffic (2-8Gbps of sustained traffic) to several different locations for further analysis.

after comparing gigamon, netoptics, and network critical, i opted for netoptics to fill the roll (because of time i could not do a proof of concept, so the evaluation through reading specs, talking to a few techs, and some googling).

i have spent time over the last few weeks configuring the netoptics and thought it would be worth sharing my experience for someone else’s benefit.


read more

i was recently asked to do a presentation for a local conference. i like coming up with new things to research and investigate and decided to pursue passwords (and how bad they are). below is my presentation and code for the talk:

title: passwords: you can’t do it right
description: some say you’re doing it wrong. i argue you can’t do it right (but some do it better than others). see how ineffective passwords are at protecting your accounts and ways of decreasing the chance of anyone using your passwords to achieve total domination.

 

#!/usr/bin/python
#
# password_stats_03.py

import re
import sys

if (len(sys.argv) != 2):
	print """
	password stats 0.03
	usage: password_stats_03.py
	"""
	exit()

# assign arguments to variable
file_passwords_all = sys.argv[1] 

# create empty vars
passwords_all = 0
passwords_unique = 0
password_numeric = 0
password_alpha_lower = 0
password_alpha_upper = 0
password_alpha_mixed = 0
password_alpha_lower_numeric = 0
password_alpha_upper_numeric = 0
password_alpha_mixed_numeric = 0
password_everything_else = 0

# create empty list(s)
list_password_length = []

# create empty dictionary(s)
dict_password_count = {}

# save all passwords to a list
file_passwords_all = open(file_passwords_all, 'r')
list_passwords_all = []

for line in file_passwords_all:
	list_passwords_all.append(line)
	passwords_all += 1
	password_length = len(line)
	list_password_length.append(password_length)
	if re.search("^[0-9]+$", line):
		password_numeric += 1
	elif re.search("^[a-z]+$", line):
		password_alpha_lower += 1
	elif re.search("^[A-Z]+$", line):
		password_alpha_upper += 1
	elif re.search("^[a-zA-Z]+$", line):
		password_alpha_mixed += 1
	elif re.search("^[a-z0-9]+$", line):
		password_alpha_lower_numeric += 1
	elif re.search("^[A-Z0-9]+$", line):
		password_alpha_upper_numeric += 1
	elif re.search("^[a-zA-Z0-9]+$", line):
		password_alpha_mixed_numeric += 1
	else:
		password_everything_else += 1

file_passwords_all.close()

# save unique passwords to a list
list_passwords_unique = set(list_passwords_all)

# put unique passwords and the number of times seen in a dictionary
for item in list_passwords_unique:
	dict_password_count[item] = list_passwords_all.count(item)
	passwords_unique += 1

# calculate how many unique passwords there are
passwords_unique_percent = (float(passwords_unique)/float(passwords_all)) * 100

# display total and unique passwords
print
print 'all passwordstt= ' + str(passwords_all)
print 'unique passwordst= ' + str(passwords_unique) + "tt%% %.02f" % passwords_unique_percent
print

# print out password lengths and number of times seen
print 'password length(s): '
for number in range(31):
	password_item = number + 1
	password_length_total = list_password_length.count(password_item)
	length_percentage = (float(password_length_total)/float(passwords_all)) * 100
	print str(number) + " chart =>t " + str(password_length_total) + "tt%% %.02f" % length_percentage

# print out complexity of the passwords and number of times seen with percentages
dict_password_complexity_options = {password_numeric: 'all numeric          ', password_alpha_lower: 'all alpha lower', password_alpha_upper: 'all alpha upper', password_alpha_mixed: 'all alpha mixed', password_alpha_lower_numeric: 'alpha lower & numeric', password_alpha_upper_numeric: 'alpha upper & numeric', password_alpha_mixed_numeric: 'alpha mixed & numeric', password_everything_else: 'everything else'}

print
print "password complexity: "
for item, description in dict_password_complexity_options.iteritems():
	print "%s tt " % description + str(item) + "t%% %.02f" % ((float(item)/float(passwords_all)) * 100)
sum = password_numeric + password_alpha_lower + password_alpha_upper + password_alpha_mixed + password_alpha_lower_numeric + password_alpha_upper_numeric + password_alpha_mixed_numeric + password_everything_else
print "sumtttt " + str(sum)
print

# print out the ten most common passwords with number of times seen
print "most common passwords:"
counter = 9
for key,value in sorted(dict_password_count.iteritems(), key=lambda item: -item[1]):
        if counter > 0:
		if len(key) < 6:
			print "password: " + str(key).strip() + "tttcount: " + str(value).strip()
		else:
			print "password: " + str(key).strip() + "ttcount: " + str(value).strip()
            	counter-=1

read more