Diving in PG Island Philippine 2015 (Puerto Galera Island)

毒男s Diving log in Philipine

7th Sept 2015

• 15:00 Sabang Wreck 12M

8th Sept 2015

• 9:00 Monkey Beach 12M
• 11:30 Fantasea 18M
• 15:30 Kilima Steps 18M

9th Sept 2015

• 9:00 Hole in the Wall
• 11:30 Alma Jane Wreck 30M
• 15:30 La Laguna
• 18:00 Sabang Beach (Night dive)

10th Sept 2015

• 9:00 Dugon Wall
• 11:30 The Hill
• 15:30 Sabang Wreck

Thanks for the Video “V2” by Felix Ko

How geek use raspberry pi (1) – Download BT

As that’s quite time consuming to go to the torrent site and search bt files from it, the geeks wrote a ‘oneliner’ (actually 2 lines) to perform the search:

root@raspberrypi:~# cat /usr/bin/search
#!/bin/sh
lynx -dump “http://thepiratebay.se/search/$@/0/7/0″|grep magnet | sed ‘y/+/ /; s/%/\\x/g’ | xargs -L 1 echo -e

#transmission-remote -n “transmission:the password lor” -a “magnet:?xt=urn:btih…”

And here is the script to download the torrent with transmission x:

root@raspberrypi:~# cat /usr/bin/download
#!/bin/sh
transmission-remote -n “transmission:okay, you win” -a “$@”

That’s how it looks like for a search:

root@raspberrypi:~# search harvard business school
25. magnet:?xt=urn:btih:19ce84592aec23ca73f017f7643fb21b9b22dce2&dn=Harvard Business Review – 10 Must Reads on Strategy x5BPDFx5D x5BQwert&tr=udpx3Ax2Fx2Ftracker.openbittorrent.comx3A80&tr=udpx3Ax2Fx2Ftracker.publicbt.comx3A80&tr=udpx3Ax2Fx2Ftracker.istole.itx3A6969&tr=udpx3Ax2Fx2Ftracker.ccc.dex3A80&tr=udpx3Ax2Fx2Fopen.demonii.comx3A1337
30. magnet:?xt=urn:btih:8b7a78d69ba037175d3ac4c2fe91fa8269eb183e&dn=Harvard Business Review – April 2014 USA&tr=udpx3Ax2Fx2Ftracker.openbittorrent.comx3A80&tr=udpx3Ax2Fx2Ftracker.publicbt.comx3A80&tr=udpx3Ax2Fx2Ftracker.istole.itx3A6969&tr=udpx3Ax2Fx2Ftracker.ccc.dex3A80&tr=udpx3Ax2Fx2Fopen.demonii.comx3A1337
36. magnet:?xt=urn:btih:20a0ea7c101eee5f67f25e9d4ff30873e8b5f9a3&dn=Harvard Business Review – February 2014 USA&tr=udpx3Ax2Fx2Ftracker.openbittorrent.comx3A80&tr=udpx3Ax2Fx2Ftracker.publicbt.comx3A80&tr=udpx3Ax2Fx2Ftracker.istole.itx3A6969&tr=udpx3Ax2Fx2Ftracker.ccc.dex3A80&tr=udpx3Ax2Fx2Fopen.demonii.comx3A1337
42. magnet:?xt=urn:btih:6a3d4a510ab735efd98905aec2bf74bd0ad50cfe&dn=Harvard Business Review – March 2014 USA&tr=udpx3Ax2Fx2Ftracker.openbittorrent.comx3A80&tr=udpx3Ax2Fx2Ftracker.publicbt.comx3A80&tr=udpx3Ax2Fx2Ftracker.istole.itx3A6969&tr=udpx3Ax2Fx2Ftracker.ccc.dex3A80&tr=udpx3Ax2Fx2Fopen.demonii.comx3A1337<—snip—>

Here is how we download:

root@raspberrypi:~# download “magnet:?xt=urn:btih:8b7a78d69ba037175d3ac4c2fe91fa8269eb183e&dn=Harvard Business Review – April 2014 USA&tr=udpx3Ax2Fx2Ftracker.openbittorrent.comx3A80&tr=udpx3Ax2Fx2Ftracker.publicbt.comx3A80&tr=udpx3Ax2Fx2Ftracker.istole.itx3A6969&tr=udpx3Ax2Fx2Ftracker.ccc.dex3A80&tr=udpx3Ax2Fx2Fopen.demonii.comx3A1337”
localhost:9091/transmission/rpc/ responded: “success”

How geek listen to 903

Since it is quite troublesome to locate and click an icon or type the link with a browser everyday.

It should be expected that when geek need to listen to the only local radio that Hong Kong have, he will just type “903” to achieve it.

Here we go:

alias 903=’ffplay rtsp://maclive.881903.com/cr2 -nodisp’

“The finding was attached as below:”

Git Reference

Setup self-hosted git remote repository
http://kovshenin.com/2011/howto-remote-shared-git-repository/

Git deployment workflow between local, remote repository and web server
http://ryanflorence.com/simple-git-deployment/

Git deployment workflow between development and live/production on the same server
https://coderwall.com/p/xczkaq

Blogpost sync between wordpress and blogspot

With this IFTTT plugin, this blog post will now be sync to this one. http://happypentest.blogspot.hk/

Web security assessment check list. (Black box)

There are several things we gonna check on building a secure web page. Assumed that the assessment is done on black box. Here we included some steps and procedures for a simple analysis on a web page. The following is from 2010, it take no reference from SANS and OWASP’s checklist, but it contains what comes up my mind at the moment I post.

1. Check the machine location and route. Is it only accessible through internal network or publicly reachable (Exclude mainland)? Is it behind a low balancer and firewall? Is it located on a distributed network or member of the cloud? Any fingerprint from whois/netcraft?
2. Check the machine type. Is there any other services running beside port 80 and 443? Scanner like nmap/nessus may help. What OS and server is the machine running? Apache/IIS/WebSphere/Tomcat…? What version is it?
3. Check the purpose of the web server. Is it a dynamic website with user involvement? Is there a database behind? What version will the database properly be, according to the httpd server? MySQL/Oracle/DB2/… Say if it is running apache most likely it work with LAMP. And if windows is the host, it may have IIS, ASP, Access, IIS database manager… or still WAMP. Will this server further connect to other internal computer for retrieving contents? What are the host properly behind? (You may know it from jobsdb or make a phone call to their datacenter 🙂
4. Check vulnerable third party (close /open source) code. Do they use 3rd party code in their web server? How are they vulnerable? Do they store those code on their own server or ask your client browser to connect to them? If the client’s DNS is poisoned and retrieve third party codes from badguys, will Charlie say thats really hurt? Is there any dynamic links to other page contents which can be polluted? e.g. Email server may execute contents from sender, Sammy worm move around on MySpace.
5. Check Client side code. Will the client side expose any information that they don’t want to disclose to you? Any keywords like test, fix, password and comments? Any server code exposed on the client side?
6. Check client side injection. Is there any known injections can be done on client side? XSS/TAG injection/… Can they bypass server and client side filtering by changing encoding method?
7. Check server side injection. Is there any known injections / vulnerability exist on the server side? (Blind) SQL injection / BOF / … Can we further bypass the server side defense mechanism? HPP on web application firewall? Buffer overflow on HTMLEntities?
8. Check cross domain issue. Can a CSRF attack be launched on that site? Any crossdomain.xml file? Do they accept XHR/XDR request from third party site? Do they check origin header / referrer header?
9. Do they aware/care their site being cloaking by other domain? Any risk if someone rewrap their contents? Who cares about clickJacking?
10. Check Design / implementation flaw. Can a normal user escalate their privilege by tampering request parameter / Obtaining next session ID / manipulate their cookies / … Any broken page that expose server information or functions not working?
11. Check for performance. Yslow?

Greeting according to different location (IP)

Imagine when you carry your own notebook to do assessment in different client sites. You would like to run several scripts and have to put different configuration files for different sites. I found its quite useful when you can notify to yourself what IP you current have and change your working directory to certain folder. Here is the script to put in the ~/.profile when you are using a Mac

#Check if I am at office

networksetup -getinfo Wi-Fi| grep -x “Router: 123.123.123.123” > /dev/null && cd /Users/anony/      Documents/work && \

toilet -f mono12 -F metal Office

It works if you are running OS X 10.7.2 with the program ‘toilet’ installed. You can grep one by “sudo port install toilet”.

Here is the result when I am in Office with IP 123.123.123.123

Have fun 🙂

Manage multiple clients with scripts

For a penetration test, most checking procedures are standardized and routine. Don’t you ever feel tired by typing nmap, Nessus, or Saint by your own hand? Are you still feeling safe and rational to type ‘CD’ a thousand times to change directory to manage your clients? Even if you upgraded yourself proudly and start using some funny GUI interface from Nexpose or Tenable, you will still suffer from managing them manually. Those automated tools will no longer helpful or customizable when you meet an standard crappy IPS that blocks typical scanning.

Manual assessment is your own value position to distinguish yourself from others in terms of skills, knowledge and speed! But the term “manual” are often over used by companies. It doesn’t mean you have to spend your time and effort to keep typing ls and cd on the keyboards with your bloody hand but your mental power to think of an alternate route to penetrate into the system. Here is a handy script I written for myself to save my time, make a penetration test in a more organized manner and help you focus on a real hacking but not typing.

  With this script, you can create your client folder (when not exist), make standard directories to store scanning results, findings, ip list and etc by just typing:

client my_client_name

 Happy hacking!

p.s. Yahoo is not my client, yet.

Add multiple user in linux

http://www.cyberciti.biz/tips/linux-how-to-create-multiple-users-accounts-in-batch.html

for i in `seq 1 30`;
do
echo -n “group$i:group$i:”
echo -n $i | awk ‘{printf 1;printf “%03d”, $1;}’
echo :506:Student user:/home/user$i:/bin/bash

done

Google API and XHR request

Google api:
http://code.google.com/apis/ajax/playground/

XHR request:

function loadXMLDoc(url)
{
        if (window.XMLHttpRequest)
        {// code for IE7+, Firefox, Chrome, Opera, Safari
                jsonhttp=new XMLHttpRequest();
        }
        else
        {// code for IE6, IE5
                jsonhttp=new ActiveXObject("Microsoft.XMLHTTP");
        }
        jsonhttp.open("GET",url,false);
        jsonhttp.send(null);
        document.write("Response from mysql:</br>");
        document.write(jsonhttp.responseText);
        return(JSON.parse(jsonhttp.responseText));
}
var result = loadXMLDoc('the_request.php');