Posts

How to use SSH behind a corporate Proxy

1 minute read Published:

Due to the increase need of security on many companies, it becomes more complex to do normal tasks; tasks that you were used to do on your normal routines. One of these is to be able to reach some of your hosts, outside the company network, through ssh, due to some corporate proxy. We are not really speaking of accessing unauthorized hosts, more than being able to make your tools work with all the software your company is going to use to facilitate their security and optimize their bandwith consumption.

Benchmarking Javascript for computational purposes

18 minute read Published:

Since Javascript at the moment is the simplest way to execute code on any client computer around the world, i thought it could be an interesting exercise trying to figure out how fast it became and if it’s a viable way to use it for a distributed computing platform. From some sources around the Web it appears a lot of work has been done to make Javascript as fast as possible and found this wonderful snippet who claimed:

How to block brute force attacks against your wordpress and live happy

3 minute read Published:

Some time ago i installed on my wordpress a wonderful plugin to help me secure this (and others) blog. it’s named Sucuri Security and it’s from sucuri.net. it scans your wordpress for the most common mistakes and add some interesting features. One of these features it’s the capability of trace failed logins and save them in a log file in JSON format like: {"user_login":"admin","user_password":"","attempt_time":1422522535,"remote_addr":"91.121.48.49","user_agent":false} This made me think of a possible way to exploit this information to temporary block the ip of the attacker so i made a simple script to “abuse” their log and ended up with a simple script in python.

Deobfuscator, decoder for POST urls

1 minute read Published:

While looking in your apache or nginx logs, you could end up finding some entries of attempt to hack your machine. some of these are easily to spot: POST %63%67%69%2D%62%69%6E/%70%68%70?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E but a bit hard to decode. To avoid the pain of looking char by char i’m sharing a really easy python routine to decode them import binascii def parsemi(stri): codes=stri.split('%') stt="" for cc in codes: if len(cc) > 2: stt+=binascii.unhexlify(cc[:2]) stt+=cc[2] else: stt+=binascii.

Kibana and ElasticSearch over Haproxy logs

2 minute read Published:

One of the most interesting things about open source, is the capability of being able to deploy software that can compete with tools more emblazoned or “enterprise” grade appliance. One of these software is HaProxy which, with some tuning and doc reading, can easily sustain 20k-30k connection per seconds on a 1GB dual core virtual machine. Of course, during testing phase and during live you would need to see haproxy logs, in particular error logs but also the access one; since the amount of data is rather big, you’d prefer having another server that has to do with write on the disk and let haproxy only deal with load balancing.