Archives For author
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. In other words: an amazing fun tool, but dangerous, so do NOT use this for illegal purposes. Although it is fun to demonstrate to your family how easy it is to get hacked.
Get the package by the use of apt:
apt install beef-xss
Start that nasty (but very nice) command
beef-xss
Output would be something like (where 127.0.0.1 is, ofcourse your loopback)
root@kali:~# beef-xss -h [-] You are using the Default credentials [-] (Password must be different from “beef”) [-] Please type a new password for the beef user:
Feb 21 20:51:06 kali222 beef[12777]: == 24 CreateAutoloader: migrated (0…====
Feb 21 20:51:06 kali222 beef[12777]: == 25 CreateXssraysScan: migrating …====
Feb 21 20:51:06 kali222 beef[12777]: -> 0.0011s
Feb 21 20:51:06 kali222 beef[12777]: == 25 CreateXssraysScan: migrated (…====
Feb 21 20:51:06 kali222 beef[12777]: — create_table(:xssraysscans, {})
Feb 21 20:51:06 kali222 beef[12777]: [20:51:05][*] BeEF is loading. Wait…s…
Feb 21 20:51:06 kali222 beef[12777]: [20:51:06][!] [AdminUI] Error: Coul…_all
Feb 21 20:51:06 kali222 beef[12777]: [20:51:06] |_ [AdminUI] Ensure …H` !
Feb 21 20:51:06 kali222 beef[12777]: [20:51:06][!] [AdminUI] Error: Coul…auth
Feb 21 20:51:06 kali222 beef[12777]: [20:51:06] |_ [AdminUI] Ensure …H` !
Hint: Some lines were ellipsized, use -l to show in full.
[*] Opening Web UI (http://127.0.0.1:3000/ui/panel) in: 5… 4… 3… 2… 1…
In my case it didn’t actually opens in a browser, if so goto http://127.0.0.1:3000/ui/panel
In another tab open another tab:
http://127.0.0.1:3000/demos/butcher/index.html
I couldn’t image why you would like to, but you can stop that nasty bugger:
beef-xss-stop
If you like to see a more enthusiastic way of how to use beEF, check NetworkChucks view on it: https://www.youtube.com/watch?v=3ogyS4KOlXc
Just a quick post! I am following a Python Course from Udemy. https://lnkd.in/dCyiu3n Would you like to follow it too, follow this link to download the torrent: https://lnkd.in/dVVxfqB
.
python linux programmeren technologie pythonprogrammeertaal unix windows shell
You can mount your dropbox by using “Dbxfs” to mount Dropbox. Actually it is a command line dropboxclient, written for Python 3.5+.
It can installed using pip3 package manager. On Debian-based systems, run the following command to install FUSE:
$ sudo apt install libfuse2
On Fedora: $ sudo dnf install fuse
Once you installed all required dependencies, run the following command to install dbxfs utility:
$ pip3 install dbxfs —
When you get an error: lsb release -a returned-non-zero-exit-status-1 —
Just rename /usr/bin/lsb_release (or search where lsb_release file is, and rename it)
Create a mount point to mount your dropbox folder in your local file system.
$ mkdir ~/mydropbox
Then, mount the dropbox folder locally using dbxfs utility as shown below:
$ dbxfs ~/mydropbox
You will be asked to generate an access token: Generate access token 1 Generate access token To generate an access token, just navigate to the URL given in the above output from your web browser and click
Allow to authenticate Dropbox access.
You need to log in to your dropbox account to complete authorization process. Authorize dropbox Authorize dropbox. A new authorization code will be generated in the next screen. Copy the code and head back to your Terminal and paste it into cli-dbxfs prompt to finish the process. You will be then asked to save the credentials for future access. Type Y or N whether you want to save or decline. And then, you need to enter a passphrase twice for the new access token. Finally, click Y to accept “/home/username/mydropbox” as the default mount point. If you want to set different path, type N and enter the location of your choice. Generate access token 2 All done! From now on, you can see your Dropbox folder is locally mounted in your filesystem. Dropbox folder in file manager Dropbox folder in file manager Change Access Token Storage Path By default, the dbxfs application will store your Dropbox access token in the system keyring or an encrypted file. However, you might want to store it in a gpg encrypted file or something else. If so, get an access token by creating a personal app on the Dropbox developers app console. access token Create a new app on the DBX Platform Once the app is created, click Generate button in the next button. This access token can be used to access your Dropbox account via the API. Don’t share your access token with anyone. Create a new app Create a new app on the DBX Platform Once you created an access token, encrypt it using any encryption tools of your choice, such as Cryptomater, Cryptkeeper, CryptGo, Cryptr, Tomb, Toplip and GnuPG etc., and store it in your preferred location. Next edit the dbxfs configuration file and add the following line in it: “access_token_command”: [“gpg”, “–decrypt”, “/path/to/access/token/file.gpg”] You can find the dbxfs configuration file by running the following command: $ dbxfs –print-default-config-file For more details, refer dbxfs help section: $ dbxfs -h As you can see, mounting Dropfox folder locally in your file system using Dbxfs utility is no big deal. As far tested, dbxfs just works fine as expected. Give it a try if you’re interested to see how it works and let us know about your experience in the comment section below. Resource: https://www.ostechnix.com/dbxfs-mount-dropbox-folder-locally-as-virtual-file-system-in-linux/
Sometimes your calendar might stop synching with Exchange.
Well, maybe I’ve got a solution for you:
If you go to Settings, Applications, Active Services, Calendar Storage and select Clear Data, your calendar might start all over with syncing, but it will synch from now on.
If you happen to have the webmail functioning in your orginization, wipe the android device and setup in syncing again in your phone. Sometimes this will work.
Hope it helps you out a bit.
Did you ever feel the desire to show some commands in Unix or Linux to colleagues? Just to demonstrate things? Or, did you ever felt the desire just to show off :-) You can use websites like http://www.screencast-o-matic.com/ or other screencapture software. Maybe the use ffmpeg in Ubuntu/Debian helps you out (p.e: ffmpeg -f x11grab -s wxga -r 25 -i :0.0 -sameq /tmp/out.mpg) But it creates video’s which must be uploaded and may become large. A lot of work and it takes a lot of time to create. http://www.playterm.org/ Could help you out even more. A nice website where you can upload your cool terminal adventures. Type in ttyrec in your terminal, then perform some cool skills in your terminal and to complete this, just type exit. Upload the tty file on http://www.playterm.org/?upload=now and wait to get in the wall of fame on playterm! ttyrec can be installed in Ubuntu by using apt-get. However, there is also a nice alternative, which also works great: shelr. See http://shelr.tv . Full explanation here: http://shelr.tv/about Happy shelling! ;-)
I have to say that i'm quite a newbe to AIX, but i like it very much. @Work i use it and got in a situation where I was wondering which users on a specific system had to change their passwords at next logon. In other words: who has the admchg flag in the /etc/security/passwd file. Especially for the bigger customers with complex password policies on their AIX machine, this can be can be good to know.
Well... I tried to write a nice script to find out who must change their passwords at next logon:
#! /bin/ksh # See Accounts which have the ADMCH flags lsuser -a pgrp groups ALL |awk '{print $1}' >/var/allusers # write usernames in allusers rm /var/*.usr 2>/dev/null # remove old .usr files while read myline # read line in var myline do pwdadm -q $myline | grep ADMCHG > /var/$myline.usr # read flag ADMCHG from $myline into $myline.usr ls -la /var/$myline.usr | awk '{print $5}' 2>/dev/null2>/dev/null # read filesize from $myline.usr into $5 done while read myline2 # read line in var myline2 do grep ADMCHG /var/$myline2.usr >/var/temp if [[ $? == 1 ]]; then rm /var/$myline2.usr 2>/dev/null fi done cd /var 2>/dev/null ls *.usr | sed -e 's/\.[a-zA-Z]*$//' # list *.usr files without .usr extension
(Sorry for the bad title :-)) I'm a big Android fan. Because of it's open character and if I rooted my Android device, it is even better! But, unlike many others I am not an Apple iPhone/iPad hater. I think it also kick ass. The Apple devices have more of fun-factor than most Android devices. And if you Jailbreak it, it opens some more possibilities. I will not discuss them here. Also I will discuss how to Jailbreak your Apple iP* device. If you install an SSH server on your Jailbroken device, there are some nice directories on the device. Here they are: Ringtones: /private/var/stash/Ringtones.adSbWP Photo's: /private/var/mobile/Media/DCIM/100APPLE PodCasts: (do podcasts still exist?) /private/var/mobile/Media/Podcasts Music: /private/var/mobile/Media/iTunes_Control/Music Installed Apps: /private/var/mobile/Applications Voicemail: /private/var/mobile/Library/Voicemail In DB format. Can be opened with SQLite Database Browser Text Messages (SMS): /private/var/mobile/Library In DB format. Can be opened with SQLite Database Browser Mail: /private/var/mobile/Library/Mail In DB format. Can be opened with SQLite Database Browser Calendar: /private/var/mobile/Library/Calendar In DB format. Can be opened with SQLite Database Browser Contacts: /private/var/mobile/Library/AddressBook In DB format. Can be opened with SQLite Database Browser
It looks like there is no alternatve to wireshark or tshark. But never fear... An alternative is here! TCPFLOW. On Ubuntu (ofcourse), you can install it via apt-get install tshark Some examples: → tcpflow -i eth0 -c -e With this one you'll see all the traffic for your network card. Add the -s parameter if you see too many gibberish passing by. It will convert non-printable traffic into periods. → tcpflow -i eth0 -c -e port 80 Only interested in datastreams to port 80, use the command above. Use: → tcpflow -i eth0 -c -e host 192.168.1.1 if you're only interested in traffic from- or ment for 192.168.1.1. But there is more. If you do not use the -c switch, tcpflow will create for each datastream a separate file. Add the -b parameter and the files created can be limited in filesize. Do keep in mind that tcpflow is not in development anymore and it cannot handle fragmented ip packets.
janvanderwijk 