IT: lapkričio 2015

2015 m. lapkričio 21 d., šeštadienis

hping3

#Testing firewall rules with Hping3 - examples
http://0daysecurity.com/articles/hping3_examples.html

#Siunčiam duomenis per hping
sudo hping3 -c 1 -n -V 192.168.11.1 -e "La" -1

#gaudom duomenis

https://danielmiessler.com/study/tcpdump/

#rodo kartu output

tcpdump icmp -l | tee dat
tcpdump -l > dat & tail -f dat

#tcpdump filtravimas
https://support.f5.com/kb/en-us/solutions/public/2000/200/sol2289.html
https://staff.washington.edu/dittrich/talks/core02/tools/tcpdump-filters.txt

#wireshark capture filters
https://wiki.wireshark.org/CaptureFilters

#ICMP
-C --icmptype icmp type (default echo request)
-K --icmpcode icmp code (default 0)

Interesting Parts of an ICMP Message ==================================== icmp[0] type icmp[1] code icmp[2:2] checksum icmp[4...] payload

#siunčia icmp paketą su pasiriktu tipu, kodu ir duomenimis
sudo hping3 -c 1 -n -V 192.168.11.1 -1 -C 8 -K 42 -e "La"

#Filtruoja icmp Type = 8(ping request) ir code = 42
sudo tcpdump -n 'icmp[0] == 8 and icmp[1] == 42'

# Loki Filter pvz

((icmp[0] = 0) || (icmp[0] = 8)) && ((icmp[6:2] = 0xf001) || (icmp[6:2] = 0x01f0)

#sudo tcpdump -vvXn 'icmp[0] == 8 and icmp[1] == 42 and icmp[8:2] = 0x4c61'

0x0010: c0a8 0b01 082a a8ce 3b53 0000 4c61 6261 .....*..;S..Laba
0x0020: 7320 6d61 6e6f 2076 6172 6461 7320 7972 s.mano.vardas.yr
0x0030: 6120 7061 756c 6975 7320 6173 2065 7375 a.paulius.as.esu0x0040: 2069 7320 4c69 6574 7576 6f73 .is.Lietuvos

#Text to hex

#The 0a is the implicit newline that echo produces.
echo "Labas" | od -t x1
0000000 4c 61 62 61 73 0a
0000006

#Hex to txt
cat hex | xxd -r -p

#flood with hping
# -S sync packets
# --flood high emission rate

# -d data size
sudo hping3 -V -c 1000000 -d 120 -S -w 64 -p 445 -s 445 --flood --rand-source <ip>

hping3 <ip> --flood -S -p 445

#Floodas su fake ipu
http://tipstrickshack.blogspot.lt/2012/10/dos-attack-from-linux-using-hping3.html
sudo hping3 -1 --flood 192.168.11.1 -a 192.168.11.112
#mac keitimas
sudo macchanger eth0 -m 00:00:11:11:00:00

#Komunikuojamas su hping su kitu hostu
http://ipositivesecurity.blogspot.lt/2012/01/diy-tools-using-hping.html
#Siuntėjas
sudo hping3 --data 100 --file test.txt -e GOLD 192.168.1.103 -V
#Gavėjas
htping3 --listen GOLD --interface eth1

2015 m. lapkričio 19 d., ketvirtadienis

Kaip formuoti .exe su python

path pridėjimas
C:\Python27\Scripts; pip instaliavimas
python get-pip.py pyinstaller diegimas
pip install pyinstaller exe formavimas
pyinstaller.exe --onefile --windowed app.py
Literatūra:
https://pip.readthedocs.org/en/stable/installing/ - pip instaliavimas
https://bootstrap.pypa.io/get-pip.py - pip raw
https://mborgerson.com/creating-an-executable-from-a-python-script - exe formavimas

2015 m. lapkričio 12 d., ketvirtadienis

UltraVNC MS autoprisijungimas

Problema:

Kiekvieną kartą jungiantis prašo prisijungimo vardo ir slaptažodžio:

Sprendimas:

UltraVNC nuorodoje pridedam /user X ir /password X


C:\Program Files\UltraVNC\vncviewer.exe" /user  user_name /password domain_password

2015 m. lapkričio 8 d., sekmadienis

"Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced."

Klaidos kodas:

"Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced."

Sprendimas:

Pakeisti registro reikšmę:


HKLM\System\CurrentControlSet\Control\Lsa\limitblankpassworduse

change from 1 to 0

Pridėjimas su reg add:


REG ADD "HKLM\System\CurrentControlSet\Control\Lsa" /v limitblankpassworduse /t REG_DWORD /d 0

Literatūra:
http://ccm.net/faq/3296-windows-manage-the-registry-using-the-command-prompt