000webhost

Web hosting
Showing posts with label DNS. Show all posts
Showing posts with label DNS. Show all posts

Friday, February 14, 2020

DNS/Amazon S3/Github/Blogspot/Wordpress Enumeration Pack, Random Stuff, and More

- a while back someone informed me that my blog was getting blocked by a Bluecoat/Symantec firewall type device (I run which is a script that mines Monero cryptocurrency via people's computer when they visit this website. I think a more reliable sign that a site has been hacked is if a large number of them dump their cryptocurrency to the same or a limited number of accounts?). It reminded me of something that some security firms said in the past about websites being taken over and used to mine cryptocurrency. I decided to create another addon scripts to my enumeration pack to see what types of Javascript scripts people were running. You'll like it if you want to know what type of code people are running, how autogenerated code stacks up against manual code, etc... You can download it here:
- description is as follows:
# This is an enumeration "software pack" for DNS, Amazon S3, Github,
# Blogspot, and Wordpress.  It obviously builds on my subdomain_resolve.sh 
# script (which was only designed for DNS).
#
# To enumerate a DNS domain run the relevant script with a wordlist/seclist.
# To enumerate Amazon S3 first enumerate against s3.amazonaws.com via
# subdomain_resolve.sh Then use aws_s3_enum.sh against a relevant
# s3_amazonaws_com-*-results.txt file from the results folder.
#
# To enumerate against Github run github_enum.sh against a relevant
# worldlist/seclist.
#
# To enumerate against Blogspot run blogspot_enum.sh against a relevant
# worldlist/seclist.
#
# To enumerate against Wordpress run wordpress_enum.sh against a relevant
# worldlist/seclist.
#
# I obviously thought about using a more generalised script but realised
# that it wouldn't work across the board. Naming systems often doesn't
# work across all websites and it's easy to create new enumerators by 
# simply substituting the correct parameters so I'll leave individual
# scripts for the time being.
#
# These scripts are obviously very simple but they will give you a 
# good idea into how similar tools work but in a simpler framework.
# They're also pretty harmless because all they really do is look
# for a website/webpage and download that page if and when it's available.
#
# As this is the very first version of the program it may be VERY buggy. 
# Please test prior to deployment in a production environment.
#
- it reminds me a lot of the following stories
cryptoloot website breach
You have to wonder how many of these stories are garbage and are similar to my situation. People who just want to try to make a little money cryptocurrency mining on the side form time to time (if you're wondering it can be very difficult to make money in the cryptocurrency mining world)? You also have to wonder whether or not it's a PSYOP of some sort to stop people from making money via web based cryptocurrencies?
- you'll soon realise that doing this works better then using search engines as well because search engines try to categorise things and don't always return all results. I can just grep stuff that I'm interested in via this mechanism. On top of that the index pages aren't all that big so I could do this for multiple domains just to figure out what's out there or to potentially seed other projects?
- I guess this is a follow on from some of my other work in cybersecurity:
http://dtbnguyen.blogspot.com.au/
https://dtbnguyen.blogspot.com/2020/02/seclist-generator-random-stuff-and-more.html
https://dtbnguyen.blogspot.com/2020/02/web-server-global-sampling.html

Random Stuff:
- as usual thanks to all of the individuals and groups who purchase and use my goods and services
- latest in science and technology
https://www.abc.net.au/news/science/2020-02-14/arrokoth-building-blocks-planets-formed/11962658
https://www.miragenews.com/novel-error-correction-scheme-developed-for-quantum-computers-2/
https://www.zdnet.com/article/australian-universities-tout-development-of-quantum-error-correction-codes/
https://betanews.com/2020/03/12/permanent-cyber-war/
https://www.venafi.com/blog/venafi-survey-results-are-we-permanent-state-cyber-war
https://www.itwire.com/government-tech-policy/new-report-says-f-35-design-flaws-mounting,-but-few-being-fixed.html
https://www.itwire.com/security/avast-forced-to-disable-js-interpreter-after-exploit-detailed.html
http://cyberlaw.stanford.edu/blog/2020/01/earn-it-act-how-ban-end-end-encryption-without-actually-banning-it
https://www.itwire.com/security/is-circumventing-geo-restrictions-piracy.html
https://www.itwire.com/energy/anu-pair-develop-better-solar-cell-for-converting-sunlight-to-energy.html
https://www.itwire.com/government-tech-policy/britain-introduces-2-digital-services-tax-in-2020-budget.html
https://www.space.com/spacex-dragon-space-station-arrival-crs-20.html
https://telegra.ph/Top-10-Best-Programming-Languages-for-Ethical-Hacking-02-12
https://www.rt.com/usa/481859-cosmic-explosion-black-hole/
https://www.xda-developers.com/huawei-search-mobile/
https://www.theregister.co.uk/2020/03/05/robinhood_outage/
https://www.drugtargetreview.com/news/56966/brain-atlas-enables-exploration-of-the-brain-proteome/
https://www.technologynetworks.com/neuroscience/news/atlas-reveals-all-proteins-in-the-human-brain-331739
https://www.itwire.com/security/microsoft-leaks-details-of-wormable-flaws-in-smb-protocol.html
https://www.itwire.com/market/afterpay,-apple-pay,-google-pay-%E2%80%98drive-adoption%E2%80%99-of-new-digital-payment-services.html
https://www.itwire.com/it-industry/here-we-go-again-%E2%80%93-acs-court-case-over.html
https://www.itwire.com/security/european-energy-body-beefs-up-security-after-network-intrusion.html
https://www.itwire.com/security/british-infosec-expert-beaumont-takes-up-billet-with-microsoft.html
https://www.itwire.com/government-tech-policy/govt-departments-unlikely-to-meet-deadline-for-data-move.html
- latest in finance and politics
https://www.msn.com/en-au/news/world/thai-mall-reopens-after-honoring-victims-of-mass-shooting/ar-BBZXSPL?li=BBU4PL8
https://www.abc.net.au/news/2020-03-12/federal-government-coronavirus-economic-stimulus/12042972
https://www.abc.net.au/news/2020-03-12/wealthy-australians-still-owe-the-ato-hundreds-of-millions/12046826
https://www.abc.net.au/news/2020-03-06/how-filipino-president-manuel-quezon-rescued-1200-jews/12009840
https://www.dw.com/en/opinion-lithuanias-independence-still-rattles-vladimir-putin/a-52666948
https://fox4beaumont.com/news/nation-world/russia-freezes-bank-accounts-of-opposition-leader-family
https://www.theguardian.com/commentisfree/2020/mar/10/why-bernie-sanders-lost-michigan
https://www.theguardian.com/us-news/2020/mar/06/male-privilege-female-top-surgery-workplace
https://www.theguardian.com/world/2020/mar/10/what-does-prospect-perpetual-putin-mean-russia-future
https://www.news.com.au/finance/economy/australian-economy/time-is-now-scomo-to-reveal-key-parts-of-coronavirus-stimulus-package/news-story/ac924d058b9ce1fbed3cf18ddd1e2852
https://www.dw.com/en/list-ties-nazis-in-argentina-to-stolen-wealth-in-swiss-bank-accounts/a-52656354
https://www.rt.com/op-ed/482453-facebook-fake-news-election/
https://www.msn.com/en-au/news/australia/cashless-welfare-card-loophole-enables-purchase-of-alcohol/ar-BB10Oi3R?li=AAgfLCP
https://www.dw.com/en/how-asias-official-maps-promote-propaganda/a-52620520
https://www.theguardian.com/world/2020/mar/06/coronavirus-facts-what-is-the-mortality-rate-and-is-there-a-cure-covid-19
https://www.foxnews.com/world/beijing-trump-restricts-chinese-media-outlets-us
https://www.msn.com/en-au/news/australia/power-outages-leave-aboriginal-people-on-nt-islands-with-no-food-fuel-or-phones-for-three-days/ar-BB10HFCU?li=BBU4PL8
- latest in defense and intelligence
- latest in animal news
- latest in music and entertainment
https://mashable.com/article/dinky-one-dating-site-for-small-penises/
https://www.news.com.au/lifestyle/health/coronavirus-bunnings-offers-solution-to-toilet-paper-crisis-with-jumbo-rolls/news-story/38d078521efb2f5c8efa7e2b8b96d204
https://www.9news.com.au/national/coronavirus-melbourne-police-station-offers-free-toilet-paper-amid-panic-buying/d564937e-756c-4468-b614-33714eb28e11
https://www.bandt.com.au/coles-takes-out-full-page-ads-after-restricting-toilet-paper-to-one-per-customer/
https://www.adelaidenow.com.au/lifestyle/a-man-who-filmed-himself-licking-ice-cream-has-been-jailed/news-story/902612d96985128c5ef7702cdb5b7995
https://7news.com.au/lifestyle/health-wellbeing/coronavirus-toilet-paper-panic-prompts-prankster-to-fill-skill-tester-with-precious-prize-c-732671
https://7news.com.au/lifestyle/supermarkets/toilet-paper-reaches-facebook-marketplace-amid-coronavirus-panic-buying-c-727980
https://www.news.com.au/travel/travel-advice/tips-tricks/mum-explains-coke-bottle-trick-that-got-her-a-family-holiday-to-hawaii/news-story/2903229b12ece03241fdbbd5f80a2f21
https://www.dw.com/en/why-do-so-many-fans-hate-dietmar-hopp/a-52608910
https://www.news.com.au/lifestyle/real-life/news-life/woman-allegedly-stabbed-with-syringe-of-semen-while-grocery-shopping/news-story/948c1896758878c659537e2c07494042
https://www.msn.com/en-au/money/personalfinance/27-year-old-millionaire-who-saves-80percent-of-his-income-refuses-to-spend-on-2-things/ar-BB10EKp9

Random Quotes:
- Do oligarchs in eastern Europe produce the power structures or do the power structures produce the oligarchs? Whichever came first, EU funds aggravate the problem, and it's time this was stopped, writes Boris Kalnoky.
- "On the whole, the arc of history is bending towards improvement, but for certain populations within a given place, you are going to have wild divergences," Noveck says.
"I think the issue that we have to worry about is the destabilising effect of social inequality. We are going to see benefits for some and harm for others.
"Many people, because of IT and automation and new technology are going to do very well and are going to get richer. But we are also going to see a lot of people either stagnate, remain poor or get poorer."
- The Indonesian Ulama Council (MUI) justified the ruling by claiming the vaccine contains traces of pork and human cells, which are banned in the Muslim religion.
The organisation is chaired by Ma’ruf Amin, who was recently controversially announced as Indonesian President Joko Widodo’s running mate in next year’s presidential election.
However, the fatwa also states that the use of the product will be allowed for the time being due to the lack of viable alternatives.
“We’ve found ourselves in a position where we have no choice … there has not been a vaccine found to be halal and sacred,” an MUI official told CNN Indonesia.
- Olivia:
So why is this book your favorite book?
Peter:
Because it talks about not depending on other people for answers. You can only find the answers inside yourself. Which given our current situation, it's kinda of amusing, if you think about it.
https://www.quotes.net/show-quote/32679
- “We can afford be to be complacent – the human is the weak link in this puzzle,” Detective Katsogiannis warned.
- Cameron Harris I've seen big guys spend several hundred thousand dollars to obliterate a little guy when the big guy is at fault and the matter could have been settled for a fraction of that cost. Trademark protection is massively stacked in favour of the big end of town.
Hide or report this
Like
Mark Lazarus
Mark Lazarus Cameron Harris you can look at it this way, and yes they have deeper pockets, but you have to look at protecting your brand when you are still small, or else, it will get taken from right under your nose and you will end up having to fight and potentially pay a fortune to keep your brand name and provide evidence of proof of use. I have had clients come to me with cease and desist letters from parties that have stolen their brand because they didn’t want to spend a small initial spend on protecting it. They then had to make a decision as to whether to provide evidence of use and fight the cease and desist or do a complete re-brand. Bear in mind, this is after they were already first to market on the brand. In the end, the cost of litigating was well in excess of the cost to re-brand, and because they were a startup with little money, they had no choice but to re-brand! If you are going to spend time and effort in building your brand, your slogan and your message, you should protect it at all costs, otherwise do you really care about your brand?
Hide or report this
Like
Cameron Harris
Cameron Harris Mark Lazarus I am not advocating that businesses don't register their trademarks and intellectual property, and yes you are right that it is a relatively small cost in the big scheme of things.
I would say that if a large corporation infringes your trademark and decides that they will take the deny, deny, deny and outspend approach to make you go away, you have no chance whatsoever. By the time you even get to the court-mandated mediation, you will have spent an absolute minimum of $30k and they will have spent at least double that with a pinstripe carpet firm.
I may sound a little bitter but it is a lesson that cost me over $50k to learn.
at
Labels: , , , , , , , , , ,

Sunday, January 26, 2020

DNS/Amazon S3/Github Enumeration Pack, Seclists, and More

- as I said previously, I've been finding a lot of good and free books via open Amazon S3 buckets and Github. The problem is that it feels like search engines often miss out on crawling everything that may be relevant to what you want and you can never be certain with software built by others that they've covered off the areas that you want. I wanted to see how difficult it would be to build enumeration tools for Amazon and Github by using my subdomain resolving script as a starting point just to see what I may be missing out on?
https://en.wikipedia.org/wiki/GitHub
https://en.wikipedia.org/wiki/Amazon_Web_Services
https://en.wikipedia.org/wiki/Shodan_(website)
aws public s3 bucket search engine
- you can download my DNS/Amazon S3/Github enumerator pack here:
- description is as follows:
# This is an enumeration "software pack" for DNS, Amazon S3, and Github
# and obviously builds on my subdomain_resolve.sh script (which was only
# designed for DNS).
#
# To enumerate a DNS domain run the relevant script with a wordlist/seclist.
# To enumerate Amazon S3 first enumerate against s3.amazonaws.com via
# subdomain_resolve.sh Then use aws_s3_enum.sh against a relevant
# s3_amazonaws_com-*-results.txt file from the results folder.
#
# To enumerate against Github run github_enum.sh against a relevant
# worldlist/seclist.
#
# These scripts are obviously very simple but they will give you a 
# good idea into how similar tools work but in a simpler framework.
# They're also pretty harmless because all they really do is look
# for a website/webpage and download that page if and when it's available.
#
# As this is the very first version of the program it may be VERY buggy. 
# Please test prior to deployment in a production environment.
- if you want to build something like:
then you're better off enumerating first. Thereafter, you being to crawl and see what else is also available. The reason is because crawling is often much slower then enumerating. All you need to do is combine some of my previous work and do a tiny little bit more work

- one key to getting good enumeration results is getting good seclists/wordlists to start with. Ironically, these are often available via open source repositories such as Github
seclists
- you can also create good seclists as well. I was going to post a script to convert books into seclists but it needs a little bit of cleaning up so another time?
- as an aside, just because a company has a good reputation doesn't mean that they've covered all bases, aren't lazy, that they are actually good at their job, haven't had to make compromises, etc... Nobody is perfect. The converse is also true, a tiny company with no resources could have the greatest security in the world as well

Random Stuff:
- as usual thanks to all of the individuals and groups who purchase and use my goods and services
- latest in science and technology
Explore Heavens, Solar System, and more!
Human-Chimp DNA Comparison
https://www.itwire.com/security/apple-backflip-on-end-to-end-encryption-for-icloud-report.html
https://www.dw.com/en/german-military-laptop-with-classified-data-sold-on-ebay/a-52791809
https://www.dw.com/en/coronavirus-code-computer-modeling-could-help-fight-the-virus/a-52795025
https://www.theportugalnews.com/news/restrictions-at-shopping-centres-restaurants-and-bars/53358
https://www.abc.net.au/news/2020-03-08/coronavirus-bulk-buying-leaves-low-income-families-struggling/12034522
https://dailygalaxy.com/2020/03/quantum-death-human-cells-carry-quantum-information-that-exists-as-a-soul-weekend-feature/
https://en.kali.tools/all/
https://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/
https://serverfault.com/questions/661978/displaying-a-remote-ssl-certificate-details-using-cli-tools
https://azure.microsoft.com/en-au/blog/learning-from-cryptocurrency-mining-attack-scripts-on-linux/
https://www.itwire.com/open-sauce/nbn-will-face-stern-test-as-employees-are-forced-to-work-remotely.html
https://www.itwire.com/space/kleos-finalises-launch-preparations-for-scouting-mission-satellites.html
https://www.itwire.com/business-technology/nokia-bell-labs-claims-world-record,-innovation-in-fibre-optics.html
https://psychcentral.com/news/2020/03/15/opioids-for-pain-after-tooth-pulled-may-not-be-needed/154941.html
https://www.bbc.com/worklife/article/20200313-the-most-successful-companies-are-also-the-luckiest
https://www.abc.net.au/news/2020-03-15/child-school-bag-should-weigh-10-per-cent-of-body-weight/12032558
https://www.abc.net.au/news/2020-03-14/genetically-modified-cows-no-horns-in-australia/12018078
https://edition.cnn.com/2020/03/15/us/scholastic-coronavirus-students-trnd/index.html
https://www.news.com.au/technology/environment/teen-develops-genius-prawn-shell-landfill-compostable-alternative-to-tackle-plastic-waste/news-story/d1599bf4e1120bee1d898f2d3542793c
https://www.abc.net.au/news/rural/2020-03-16/australian-pulse-farmers-visiting-pakistan/12049498
https://www.dw.com/en/coronavirus-code-computer-modeling-could-help-fight-the-virus/a-52795025
- latest in finance and politics
US billionaires' group calls for wealth tax
Young, mega-rich - and demanding to pay more tax
https://www.rt.com/op-ed/478795-bbc-director-general-hall/
https://www.theguardian.com/us-news/2020/mar/15/trump-offers-large-sums-for-exclusive-access-to-coronavirus-vaccine
https://www.rt.com/op-ed/482952-india-caa-mainstream-hypocrisy/
https://www.theguardian.com/commentisfree/2020/mar/15/the-hunt-movie-satire-too-real
https://www.starobserver.com.au/news/anti-lgbtqi-legislation-opposed-by-40-us-companies/193581
https://www.nytimes.com/2020/03/14/style/milk-dairy-marketing.html
https://www.abc.net.au/news/2020-03-14/coronavirus-scott-morrison-stimulus-package-public-confidence/12054014
https://www.rt.com/op-ed/483197-aoc-coronavirus-panic-katie-williams/
https://www.news.com.au/finance/business/retail/how-two-melbourne-mates-turned-their-side-hustle-into-a-global-electronics-business/news-story/c0e3af12fa289419cb65668fa3b7fd9f
https://www.news.com.au/finance/economy/australian-economy/coronavirus-dark-side-to-scott-morrisons-750-virus-stimulus-cash-handout/news-story/9732d797bfe482b097d20dc319e21ef3
https://www.businessinsider.com/turkmenistan-leader-gurbanguly-berdymukhamedov-biography-2020-1
https://www.zerohedge.com/markets/more-violent-more-persistent-market-fear-worse-now-2008-man-who-inspired-vix-says
https://www.abc.net.au/news/2020-03-15/coronavirus-toilet-paper-on-sale-covid-19-unlikely-history/12054636
- latest in defense and intelligence
https://www.naroomanewsonline.com.au/story/6423650/ancient-history-swept-away-in-turkey/?cs=7180
https://www.abc.net.au/news/2020-03-16/new-allegations-unarmed-civilians-killed-by-sas-in-afghanistan/12028448
https://www.weeklyblitz.net/tech/russia-accuses-china-of-technology-theft/
https://www.presstv.com/Detail/2020/03/14/620825/Washington-Post-fake-news-coronavirus-burial-Iran
https://www.dailymail.co.uk/news/article-8109399/Rescued-Labrador-begs-adoption-having-waited-SEVEN-years-new-home.html
https://www.businessinsider.com.au/mossad-red-sea-resort-arous-ethiopian-jews-escape-photos-2020-3
https://www.news.com.au/technology/science/animals/golden-retriever-rae-the-oneeared-unicorn-dog-captures-hearts-on-instagram/news-story/027c64c9a8474bbbf90ac62dd384b684
https://www.dw.com/en/row-between-kenya-and-somalia-reaches-new-low/a-52725856
https://www.rt.com/news/482942-us-military-nuclear-microreactor/
https://www.presstv.com/Detail/2020/03/10/620564/Yemeni-army-forces,-allies-shoot-down-Saudi-led-reconnaissance-drone-in-Hudaydah
https://sputniknews.com/military/202003141078569764-russias-marshal-shaposhnikov-destroyer-to-receive-cutting-edge-sea-stealth-armament/
https://sputniknews.com/military/202003091078516406-arrows-of-misfortune-us-missile-defence-system-in-dire-need-of-upgrade---forbes-analytic-/
https://www.dw.com/en/no-commitment-to-taliban-prisoner-exchange-afghan-government/a-52594411
https://www.news.com.au/finance/business/retail/everyone-needs-to-calm-down-chaotic-scenes-as-coronavirus-panic-buyers-swamp-supermarkets/news-story/d9e718c507d9e7df617fb1ebebfbc32d
- latest in animal news
- latest in music and entertainment

Random Quotes:
- “The Tories have spent the last decade stripping back workers’ rights and overseeing an era of insecure work. There are almost a million people on zero-hours contracts and wages are still lower than they were before the financial crisis.
“A Labour government will bring about real change, giving all workers equal rights from day one, introducing an immediate £10 an hour living wage and putting power back in the hands of workers.”
- “Science is all about iteration and repeatability. But iteration is a luxury that is not always possible in the field of university research because you are often working against the clock to meet a deadline,” said Scott Yockel, director of research computing at Harvard University’s Faculty of Arts and Sciences.
- In 1983, poorest 80% of US households owned only 19% of total US household wealth; by 2016, that share fell to 10%. Over same years, wealth of richest 1 % rose from 34 to 40%. Wealth redistribution for the richest.
- "The truth is told by those left standing"
- Leon Lin I don’t know how we get these ABS figure with retail sales growth. When every major retailer are reporting lower sales...
Paul Towers I haven't dived deep into the data but at a high level, I'd say, retailers, are increasingly in a perpetual state of discounting. 
The discounting is compressing margins and crunching profits, more so than revenue (at least at this stage).
The retailers we have seen close recently were most likely already operating on thin margins (i.e. fast fashion, in particular, is a tough, lower margin sub-sector within retail) so when they experience even a small decline, the bottom falls out of the business.
In addition, I don't think its quite at the stage where Shopping Centre owners are caving to demands of retailers for rent reduction. I.e. instead of trying to retain the tenant and cut the rent to make the business more sustainable, the centre owner is gambling that they can get rid of the tenant and find a new one at the same rent.
The centre also often is between a rock and a hard place because if they cut rent, even in only a handful of stores, then they are saying to the market that instead of rent being $x psqm, its now $x - y%. This flows on to affect the potential value of the centre as a how and in turn can mean that the centre own breaches debt covenants in their loan agreement.
A similar thing happened with Property Trusts during the GFC. I.e. They have offices they were trying to rent for $300 p sqm, there was a crunch and they could only get $200 sqm, so the value of the building dropped, the loan terms were breached and they had to recapitalise to keep the LVR in check.
- This is the latest in a series of own goals by the United States. A senior Senate staffer told the authors last year: "US politics are toxic. This is self-inflicted decline — the country may be on the verge of being ungovernable."
- James Barr : There's this guy. He's a kind of cop, at least he used to be. He doesn't care about proof, he doesn't care about the law, he only cares about what's right. He knows what I did. You can't protect me. No one can.
- if you find 403 Forbidden while testing. Try X-Original-URL and X-Rewrite-URL Headers to bypass restrictions
- "It's the oldest scheme since the Pharaohs built the pyarminds, private the gains, socialize the loses" - A wise man
“Don’t get it twisted,” Rev. William Barber told a crowd. “We are not left, we are not right, we are not conservative or liberal.”
at
Labels: , , , , , , , , , ,
Subscribe to: Posts (Atom)

Endless Energy, Endless Food, Endless Resources, and More

- after my last post I had to wonder whether or not we starving, freezing/burning, living without power for no reason in many parts of the w...