All Posts

SPF DNS Lookup check for Nagios

Did you know that there is a max number of DNS lookups that can be done for an SPF lookup. The number is 10 and that includes any a or mx records along with includes to different hosts. I noticed this when I ran a SPF check on a domain and noticed it was 12. One of the errors is how Zendesk sets up their SPF record. For example their doc says use the following

No more apt-get prompts

Sometimes you might be installing a package and don’t want it to prompt at all. Apt will prompt you a lot sometimes if you just do an apt-get install packageName. For example If you want to install, if there are multiple packages</span> * Accept package from a signed repo that you don&#8217;t have the key for * If you want to keep the old config So you can run the following

grep only stderr from a command

So sometimes you have a command where you want to only grep stderr. For example I use Cronic to manage all my cronjobs. It’s really nice since it sends a nicely formatted email back to you if a command returns anything in stderr. Crontab alone will email me if anything in stdout/stderr is printed out from a command. There is a problem with cronic though. There’s an app called s3cmd which uploads files to s3 and on large files this output can happen

Remove internal hosts in postfix

A proper way to setup your network is to have a postfix relay server sitting somewhere on your network that every other server has access to via port 25. Now your relay server(s) are the only ones that should have outside access to port 25. All other servers should be firewalled off!  So for example say your email chain looks like this for a new signup web1.domain.com -> mailserver.domain.com -> internet -> user's mailbox If the user views the email source they will see that the email started at web1.

How many bits per point in a whisper file in graphite

Tweet This is an easy one. You do an ls over a whisper file and get something like 1.1M -rwxr-xr-x 1 root root 1.1M Aug 9 11:06 Active.wsp Now you are planning to save more metrics in your graphite server or want more points in your retention so you want to plan how much space you’ll need given an estimated guess of your metric count out 6 months from now.

Google Authenticator with OpenVPN for 2 factor auth

Tweet This post will describe how to get it working with Ubuntu 12.04. It should work with other versions along with other Linux distros. The only difference is the package names might change. Install the packages Run the following command apt-get -y install openvpn libpam-google-authenticator Setup OpenVPN Place the cert key helps mkdir /etc/openvpn/easy-rsa/ cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/ Then you need to edit the following file

Stripe CTF 2.0 Level 3

Tweet About Here is a python level. They claim this one is more secure and it is a bit more but not really. Hint Given There really is no hint given other then in the code Problem in the code So take a look at line #86 query = """SELECT id, password_hash, salt FROM users WHERE username = '{0}' LIMIT 1""".format(username) cursor.execute(query) So that is taking a username and pulling out data to see if the user/password combo is correct.

Stripe CTF 2.0 Level 2

Tweet About This is another PHP level where they emulate a little social network where you can upload a image of to use for your profile. This level goes into what is wrong if you don’t force an output file type for uploaded content. Hint Given The hint really is that you can upload a file to use as an image. Problem in the code The problem in the code is really how they handle the upload.

Stripe CTF 2.0 Level 1

Tweet About In this level you are given a form where you have to “guess” the secret password to get the password to the next level. This level is in PHP and requires you to really looking at the code to figure out an attack point. Hint Given I don’t think there are any real hints in this level in the description. Problem in the code So here is the following section of code that has a problem.

Stripe CTF 2.0 Level 0

Tweet About This is the first level of Stripe’s challenge. You start off in an app that stores secret passwords for users and you have an option to store a password or retrive a password. Hint Given So the following hint that is given on the page is as follows. It turns out that the password to access Level 1 is stored within the Secret Safe. If only you knew how to crack safes…