000webhost

Web hosting

Friday, February 14, 2020

DNS/Amazon S3/Github/Blogspot/Wordpress Enumeration Pack, Random Stuff, and More

- a while back someone informed me that my blog was getting blocked by a Bluecoat/Symantec firewall type device (I run which is a script that mines Monero cryptocurrency via people's computer when they visit this website. I think a more reliable sign that a site has been hacked is if a large number of them dump their cryptocurrency to the same or a limited number of accounts?). It reminded me of something that some security firms said in the past about websites being taken over and used to mine cryptocurrency. I decided to create another addon scripts to my enumeration pack to see what types of Javascript scripts people were running. You'll like it if you want to know what type of code people are running, how autogenerated code stacks up against manual code, etc... You can download it here:
- description is as follows:
# This is an enumeration "software pack" for DNS, Amazon S3, Github,
# Blogspot, and Wordpress.  It obviously builds on my subdomain_resolve.sh 
# script (which was only designed for DNS).
#
# To enumerate a DNS domain run the relevant script with a wordlist/seclist.
# To enumerate Amazon S3 first enumerate against s3.amazonaws.com via
# subdomain_resolve.sh Then use aws_s3_enum.sh against a relevant
# s3_amazonaws_com-*-results.txt file from the results folder.
#
# To enumerate against Github run github_enum.sh against a relevant
# worldlist/seclist.
#
# To enumerate against Blogspot run blogspot_enum.sh against a relevant
# worldlist/seclist.
#
# To enumerate against Wordpress run wordpress_enum.sh against a relevant
# worldlist/seclist.
#
# I obviously thought about using a more generalised script but realised
# that it wouldn't work across the board. Naming systems often doesn't
# work across all websites and it's easy to create new enumerators by 
# simply substituting the correct parameters so I'll leave individual
# scripts for the time being.
#
# These scripts are obviously very simple but they will give you a 
# good idea into how similar tools work but in a simpler framework.
# They're also pretty harmless because all they really do is look
# for a website/webpage and download that page if and when it's available.
#
# As this is the very first version of the program it may be VERY buggy. 
# Please test prior to deployment in a production environment.
#
- it reminds me a lot of the following stories
cryptoloot website breach
You have to wonder how many of these stories are garbage and are similar to my situation. People who just want to try to make a little money cryptocurrency mining on the side form time to time (if you're wondering it can be very difficult to make money in the cryptocurrency mining world)? You also have to wonder whether or not it's a PSYOP of some sort to stop people from making money via web based cryptocurrencies?
- you'll soon realise that doing this works better then using search engines as well because search engines try to categorise things and don't always return all results. I can just grep stuff that I'm interested in via this mechanism. On top of that the index pages aren't all that big so I could do this for multiple domains just to figure out what's out there or to potentially seed other projects?
- I guess this is a follow on from some of my other work in cybersecurity:
http://dtbnguyen.blogspot.com.au/
https://dtbnguyen.blogspot.com/2020/02/seclist-generator-random-stuff-and-more.html
https://dtbnguyen.blogspot.com/2020/02/web-server-global-sampling.html

Random Stuff:
- as usual thanks to all of the individuals and groups who purchase and use my goods and services
- latest in science and technology
https://www.abc.net.au/news/science/2020-02-14/arrokoth-building-blocks-planets-formed/11962658
https://www.miragenews.com/novel-error-correction-scheme-developed-for-quantum-computers-2/
https://www.zdnet.com/article/australian-universities-tout-development-of-quantum-error-correction-codes/
https://betanews.com/2020/03/12/permanent-cyber-war/
https://www.venafi.com/blog/venafi-survey-results-are-we-permanent-state-cyber-war
https://www.itwire.com/government-tech-policy/new-report-says-f-35-design-flaws-mounting,-but-few-being-fixed.html
https://www.itwire.com/security/avast-forced-to-disable-js-interpreter-after-exploit-detailed.html
http://cyberlaw.stanford.edu/blog/2020/01/earn-it-act-how-ban-end-end-encryption-without-actually-banning-it
https://www.itwire.com/security/is-circumventing-geo-restrictions-piracy.html
https://www.itwire.com/energy/anu-pair-develop-better-solar-cell-for-converting-sunlight-to-energy.html
https://www.itwire.com/government-tech-policy/britain-introduces-2-digital-services-tax-in-2020-budget.html
https://www.space.com/spacex-dragon-space-station-arrival-crs-20.html
https://telegra.ph/Top-10-Best-Programming-Languages-for-Ethical-Hacking-02-12
https://www.rt.com/usa/481859-cosmic-explosion-black-hole/
https://www.xda-developers.com/huawei-search-mobile/
https://www.theregister.co.uk/2020/03/05/robinhood_outage/
https://www.drugtargetreview.com/news/56966/brain-atlas-enables-exploration-of-the-brain-proteome/
https://www.technologynetworks.com/neuroscience/news/atlas-reveals-all-proteins-in-the-human-brain-331739
https://www.itwire.com/security/microsoft-leaks-details-of-wormable-flaws-in-smb-protocol.html
https://www.itwire.com/market/afterpay,-apple-pay,-google-pay-%E2%80%98drive-adoption%E2%80%99-of-new-digital-payment-services.html
https://www.itwire.com/it-industry/here-we-go-again-%E2%80%93-acs-court-case-over.html
https://www.itwire.com/security/european-energy-body-beefs-up-security-after-network-intrusion.html
https://www.itwire.com/security/british-infosec-expert-beaumont-takes-up-billet-with-microsoft.html
https://www.itwire.com/government-tech-policy/govt-departments-unlikely-to-meet-deadline-for-data-move.html
- latest in finance and politics
https://www.msn.com/en-au/news/world/thai-mall-reopens-after-honoring-victims-of-mass-shooting/ar-BBZXSPL?li=BBU4PL8
https://www.abc.net.au/news/2020-03-12/federal-government-coronavirus-economic-stimulus/12042972
https://www.abc.net.au/news/2020-03-12/wealthy-australians-still-owe-the-ato-hundreds-of-millions/12046826
https://www.abc.net.au/news/2020-03-06/how-filipino-president-manuel-quezon-rescued-1200-jews/12009840
https://www.dw.com/en/opinion-lithuanias-independence-still-rattles-vladimir-putin/a-52666948
https://fox4beaumont.com/news/nation-world/russia-freezes-bank-accounts-of-opposition-leader-family
https://www.theguardian.com/commentisfree/2020/mar/10/why-bernie-sanders-lost-michigan
https://www.theguardian.com/us-news/2020/mar/06/male-privilege-female-top-surgery-workplace
https://www.theguardian.com/world/2020/mar/10/what-does-prospect-perpetual-putin-mean-russia-future
https://www.news.com.au/finance/economy/australian-economy/time-is-now-scomo-to-reveal-key-parts-of-coronavirus-stimulus-package/news-story/ac924d058b9ce1fbed3cf18ddd1e2852
https://www.dw.com/en/list-ties-nazis-in-argentina-to-stolen-wealth-in-swiss-bank-accounts/a-52656354
https://www.rt.com/op-ed/482453-facebook-fake-news-election/
https://www.msn.com/en-au/news/australia/cashless-welfare-card-loophole-enables-purchase-of-alcohol/ar-BB10Oi3R?li=AAgfLCP
https://www.dw.com/en/how-asias-official-maps-promote-propaganda/a-52620520
https://www.theguardian.com/world/2020/mar/06/coronavirus-facts-what-is-the-mortality-rate-and-is-there-a-cure-covid-19
https://www.foxnews.com/world/beijing-trump-restricts-chinese-media-outlets-us
https://www.msn.com/en-au/news/australia/power-outages-leave-aboriginal-people-on-nt-islands-with-no-food-fuel-or-phones-for-three-days/ar-BB10HFCU?li=BBU4PL8
- latest in defense and intelligence
- latest in animal news
- latest in music and entertainment
https://mashable.com/article/dinky-one-dating-site-for-small-penises/
https://www.news.com.au/lifestyle/health/coronavirus-bunnings-offers-solution-to-toilet-paper-crisis-with-jumbo-rolls/news-story/38d078521efb2f5c8efa7e2b8b96d204
https://www.9news.com.au/national/coronavirus-melbourne-police-station-offers-free-toilet-paper-amid-panic-buying/d564937e-756c-4468-b614-33714eb28e11
https://www.bandt.com.au/coles-takes-out-full-page-ads-after-restricting-toilet-paper-to-one-per-customer/
https://www.adelaidenow.com.au/lifestyle/a-man-who-filmed-himself-licking-ice-cream-has-been-jailed/news-story/902612d96985128c5ef7702cdb5b7995
https://7news.com.au/lifestyle/health-wellbeing/coronavirus-toilet-paper-panic-prompts-prankster-to-fill-skill-tester-with-precious-prize-c-732671
https://7news.com.au/lifestyle/supermarkets/toilet-paper-reaches-facebook-marketplace-amid-coronavirus-panic-buying-c-727980
https://www.news.com.au/travel/travel-advice/tips-tricks/mum-explains-coke-bottle-trick-that-got-her-a-family-holiday-to-hawaii/news-story/2903229b12ece03241fdbbd5f80a2f21
https://www.dw.com/en/why-do-so-many-fans-hate-dietmar-hopp/a-52608910
https://www.news.com.au/lifestyle/real-life/news-life/woman-allegedly-stabbed-with-syringe-of-semen-while-grocery-shopping/news-story/948c1896758878c659537e2c07494042
https://www.msn.com/en-au/money/personalfinance/27-year-old-millionaire-who-saves-80percent-of-his-income-refuses-to-spend-on-2-things/ar-BB10EKp9

Random Quotes:
- Do oligarchs in eastern Europe produce the power structures or do the power structures produce the oligarchs? Whichever came first, EU funds aggravate the problem, and it's time this was stopped, writes Boris Kalnoky.
- "On the whole, the arc of history is bending towards improvement, but for certain populations within a given place, you are going to have wild divergences," Noveck says.
"I think the issue that we have to worry about is the destabilising effect of social inequality. We are going to see benefits for some and harm for others.
"Many people, because of IT and automation and new technology are going to do very well and are going to get richer. But we are also going to see a lot of people either stagnate, remain poor or get poorer."
- The Indonesian Ulama Council (MUI) justified the ruling by claiming the vaccine contains traces of pork and human cells, which are banned in the Muslim religion.
The organisation is chaired by Ma’ruf Amin, who was recently controversially announced as Indonesian President Joko Widodo’s running mate in next year’s presidential election.
However, the fatwa also states that the use of the product will be allowed for the time being due to the lack of viable alternatives.
“We’ve found ourselves in a position where we have no choice … there has not been a vaccine found to be halal and sacred,” an MUI official told CNN Indonesia.
- Olivia:
So why is this book your favorite book?
Peter:
Because it talks about not depending on other people for answers. You can only find the answers inside yourself. Which given our current situation, it's kinda of amusing, if you think about it.
https://www.quotes.net/show-quote/32679
- “We can afford be to be complacent – the human is the weak link in this puzzle,” Detective Katsogiannis warned.
- Cameron Harris I've seen big guys spend several hundred thousand dollars to obliterate a little guy when the big guy is at fault and the matter could have been settled for a fraction of that cost. Trademark protection is massively stacked in favour of the big end of town.
Hide or report this
Like
Mark Lazarus
Mark Lazarus Cameron Harris you can look at it this way, and yes they have deeper pockets, but you have to look at protecting your brand when you are still small, or else, it will get taken from right under your nose and you will end up having to fight and potentially pay a fortune to keep your brand name and provide evidence of proof of use. I have had clients come to me with cease and desist letters from parties that have stolen their brand because they didn’t want to spend a small initial spend on protecting it. They then had to make a decision as to whether to provide evidence of use and fight the cease and desist or do a complete re-brand. Bear in mind, this is after they were already first to market on the brand. In the end, the cost of litigating was well in excess of the cost to re-brand, and because they were a startup with little money, they had no choice but to re-brand! If you are going to spend time and effort in building your brand, your slogan and your message, you should protect it at all costs, otherwise do you really care about your brand?
Hide or report this
Like
Cameron Harris
Cameron Harris Mark Lazarus I am not advocating that businesses don't register their trademarks and intellectual property, and yes you are right that it is a relatively small cost in the big scheme of things.
I would say that if a large corporation infringes your trademark and decides that they will take the deny, deny, deny and outspend approach to make you go away, you have no chance whatsoever. By the time you even get to the court-mandated mediation, you will have spent an absolute minimum of $30k and they will have spent at least double that with a pinstripe carpet firm.
I may sound a little bitter but it is a lesson that cost me over $50k to learn.

Saving Money (without Sacrificing), Random Stuff, and More

- use price matching when you can to get an extra discount. Note, a lot of companies advertise low prices just to get you through the door. ...