There is a quote I read today by Haruki Murakami that really made me sit back and think about how I handle all my daily task and projects. Especially with my obsession lately for absolute peak performance in my life.
“When I’m in writing mode for a novel, I get up at four a.m. and work for five or six hours. In the afternoon, I run for ten kilometers or swim for fifteen-hundred meters (or do both), then I read a bit and listen to some music. I go to bed at nine p.m. I keep to this routine every day without variation. The repetition itself becomes the important thing; it’s a form of mesmerism. I mesmerize myself to read a deeper state of mind. But to hold to such a repetition for so long-six months to a year-requires a good amount of mental and physical strength. In that sense, writing a long novel is like survival training. Physical strength is as necessary as artistic sensitivity.”
Nishang is a framework and collection of scripts and payloads which enables usage of Windows PowerShell for offensive security and post exploitation during Penetraion Tests. The scripts are written on the basis of requirement by the author during real Penetration Tests.
PAYLOADS It contains many interesting scripts like download and execute, keylogger, dns txt pwnage, wait for command and much more.
HELP All payloads and scripts are Get-Help compatible. Use “Get-Help -full” on a PowerShell prompt to get full help details.
CHANGELOG for version 0.2.7 – DNS_TXT_Pwnage, Time_Execution and Wait_For_Command can now be stopped remotely. Also, these does not stop autmoatically after running a script/command now. – DNS_TXT_Pwnage, Time_Execution and Wait_For_Command can now return results using selected exfiltration method. – Fixed a minor bug in DNS_TXT_Pwnage. – All payloads which could post data to the internet now have three options pastebin/gmail/tinypaste for exfiltration. – Added Get-PassHashes payload. – Added Download-Execute-PS payload. – The keylogger logs only fresh keys after exfiltring the keys 30 times. – A delay after success has been introduced in various payloads which connect to the internet to avoid generating too much traffic.
So don’t ask me why but I decided to run FreeBSD 6.0 on an older Dell Latitude laptop. Install goes fine. But now I’ve got an issue. When trying to install a package I get the troublesome ftp error (cannot find this location dummy). But this was quickly resolved with the following.
You can also see which ftp directory your FreeBSD system is currently using by reading the error received when you try to install a bogus package:
# pkg_add -r test Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-release/Latest/abc.tbz: File unavailable (e.g., file not found, no access) pkg_add: unable to fetch ‘ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6-release/Latest/abc.tbz’ by URL
In this case, the system is using packages-6-release/Latest which contains the 6.9 version of xorg instead of packages-6-stable which contains the latest or 7.2 version of xorg. Take a peek in both directories on the ftp site, you’ll see for yourself.
You can ask pkg_add to go to a different location by modifying the PACKAGESITE environmental variable by typing this as one line:
This is a great little article that I came across talking about stopping FTP brute force attacks in OpenBSD or FreeBSD (both of my favorite OS’s). It assumes that your using PF as your firewall (which you should!).
You can easily stop bruteforce attacks by limiting connections per IP using pf firewall under FreeBSD or OpenBSD.
# vi /etc/pf.conf
Update it as follows:
# the lists of known FTPD attackers table persist file “/etc/pf.ftp.block.list”
# block all incoming connections from attackers on FTPD block in quick on $ext_if from
# Let us allow FTP with bruteforce protection pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 21 keep state (max-src-conn-rate 5/40, overload flush global)
Above will block FTP connections more than 5 times in 40 seconds. Also append the following line to /etc/rc.shutdown to keep changes after the reboot:
So I’ve been getting up @ 5am to workout and I must say that I’m pretty psyched about it. Well not the getting up at 5 part. But I’m pretty happy that I’ve been consistently going to the gym lately. My six-pack is just a few short months away from finally arriving!! I’m working on my diet as well which if doesn’t kill me will hopefully make me ripped. Here it is essentially, Daniel and I call the AC Slater diet.
After morning workout – Protein Shake 11am – Protein Shake Noon – Tuna sandwich, banana 3pm – Protein Shake or cheese 5pm – Apple 7pm – Protein Shake
So I’ve had my Nokia 770 for awhile now and I love this thing. I recently upgraded the memory in mine to 2Gigs which really improved it’s performance. I generally use it to check my email and check on quotes for various stocks and such. It’s pretty sweet.