Wrote a simple script for keeping packages and snaps updated in Ubuntu.
"onion-scraper"
Not the most creative of tool names but literal. Had a need to download evidences of data leaks from Ransomware blog posts so harnessed "Copilot" again to create said script to get work done.
VM for ransomware investigations
My laundry list of tools/software useful when investigating ransomware cases.
Tor: Obviously need this to access Onion sites.
qBittorrent: Download leaked data from Torrent files.
Peazip: Extract archives containing leaked data.
unrar: Extract archives containing leaked data.
LibreOffice: Read leaked documents.
SSH: Transfer files from VM to host.
Any suggestions what other tools you guys use?
dnssecaudit.py
Since I was on a roll with Copilot, I decided to automate DNSSEC auditing with the following Python script. Not the most creative tool name.
Modded script to keep Ubuntu packages and snaps updated.
Used Copilot to update my Ubuntu maintenance script. I did tweak it slightly though since I am running LTS and don't want all packages to be updated to the latest version.
#!/bin/bash
# Function to handle errors
function handle_error {
echo "$1 Exiting."
exit 1
}
# Function to update apt packages
function update_apt {
echo "Updating apt package lists..."
sudo apt update || handle_error "Error updating apt package lists."
echo "Upgrading apt packages..."
sudo apt upgrade -y || handle_error "Error upgrading apt packages."
echo "Cleaning up apt packages..."
sudo apt autoremove -y && sudo apt clean || handle_error "Error cleaning up apt packages."
}
# Function to update snap packages
function refresh_snaps {
echo "Updating Snap packages..."
sudo snap refresh
if [[ $? -ne 0 ]]; then
echo "Refresh failed. Attempting to kill running Snap processes..."
sudo pkill -f snap
sudo snap refresh || handle_error "Error updating Snap packages after killing processes."
else
echo "Snap packages updated successfully."
fi
}
# Function to update Maldet database and run a scan
function run_maldet {
echo "Updating Maldet database..."
sudo maldet -u || handle_error "Error updating Maldet database."
echo "Starting Maldet scan of /home (recent changes, quiet mode)..."
sudo maldet -r -q /home || handle_error "Error running Maldet scan."
SCAN_LOG=$(sudo maldet --report list | tail -n 1 | awk '{print $NF}')
if [[ -n "$SCAN_LOG" ]]; then
echo "Maldet scan log located at: $SCAN_LOG"
else
echo "Could not retrieve Maldet scan log location."
fi
}
# Main script execution
update_apt
refresh_snaps
run_maldet
echo "All done!"
Autobots.py
Had an epiphany to try writing a working "Python" script using "Copilot". I call the following script "Autobots" to help audit the presence of "robots.txt".
VMware Workstation Pro is now free for personal use!!!
VMware Workstation Pro is now free for personal use!!! However, it was not straight forward to install on Ubuntu as I encountered error messages when attempting installation.
After spending a few hours scouring the Internet for answers and troubleshooting, I found the answer and decided to document the steps.
1. Install "make" and "gcc" on Ubuntu.
2. Install VMware Workstation Pro (for personal use) using the bundle downloaded from Broadcom's website.
3. Run the following script to overcome the issue of not being able to build VMware modules due to Ubuntu Kernel version incompatibility.
#!/bin/bash
git clone https://github.com/mkubecek/vmware-host-modules
cd vmware-host-modules
git checkout workstation-17.5.0
sudo make ; sudo make install
Viola! VMware Workstation Pro 17.5.2 should work now. Do note that the version listed above was through trial and error.
Brute force
Been awhile since I've performed a brute force attack. In this demo, I use "Hydra" from "Kali" to attack my test "Virtual Machine" (VM) running "File Transfer Protocol" (FTP).
Simple session hijacking demo
Been a long time since I've had to demo "session hijacking". Picked DVWA as the vulnerable web application to demonstrate "cookie theft" and "session hijacking" using "Burp".
Scenario: A man-in-the-middle (MiTM) scenario is where a "Hacker" positions themselves between a client and server. In a successful MiTM situation, the "Hacker" can use a "web proxy" like "Burp" to intercept traffic between a victim and web application. The "Hacker" is able to capture the victim's post-authentication cookie to impersonate the authenticated victim.
Simple file carving demo
Been awhile since I've done hands on "file carving". I was pleasantly surprised that it is so much easier now to "carve" files from "Wireshark".
Scenario: A "Hacker" is at an open Wi-Fi operated by a Cafe. The "Hacker" uses "Wireshark" to capture network traffic traversing the wireless network. One user transfers an "Excel Spreadsheet" containing personal data onto an FTP server. The "Hacker" is able to successfully "carve" the transferred file from the network packets captured.
"Snap" update issue
"Ubuntu" uses "Snap" for "Firefox" by default since 22.04 which has this annoying "pop-up" warning every other day. I wrote the following script to aid upgrading of "Snap" apps.
#!/bin/bash
sudo killall firefox
sudo snap refresh
echo -e "\nIf specific Snap app is still pending update, please use the following commands.\nsudo snap refresh <appname>\nkill <pid>\nsudo snap refresh"
Subscribe to:
Comments (Atom)
-
This annoying message popped up after I ran the update in avast! in Ubuntu yesterday. avast! crashes every time I attempt to launch it after...
-
I decided to install a digital certificate for my Gmail account. This is simple and free to set up. Apply for a free certificate from Comod...