Arquivo mensal: maio 2014

Mudando IP e Porta no Dradis Server para Kali

Publicado por firebits em

Se você for usar Dradis (http://dradisframework.org/), geralmente você irá procurar na documentação oficial do projeto (http://dradisframework.org/documentation.html), para mudar alguma configuração.

O problema é quando é algo totalmente modificado (via git), com por exemplo a equipe do Kali faz.

Então, ou você pergunta no forum em busca de alguém que já passou por isso, ou faz como eu fiz, procura no próprio código do Dradis dentro do Kali.

E deu certo. Vou fazer novas revisões deste post no futuro, mas para não perder tempo, vejam:

Essa Gem está dando erro, mas sem problemas por enquanto:

Gem Error
/usr/lib/dradis/server/vendor/bundle/ruby/1.9.1/gems/RedCloth-4.2.8/lib/redcloth.rb:10: Use RbConfig instead of obsolete and deprecated Config.

Start Server
/etc/init.d/dradis start

Abrir com VIM em:
/usr/lib/dradis/server/script/rails

#!/usr/bin/env ruby
# vim /usr/lib/dradis/server/script/rails
# This command will automatically be run when you run “rails” with Rails 3 gems i$

require ‘rubygems’
require ‘rails/commands/server’
require ‘rack’
require ‘webrick’
require ‘webrick/https’

module Rails
class Server 8080,
#:Port => 3004,
#:Host => “127.0.0.1”,
:Host => “192.168.0.22”,
# hopefully this closes #17
# ref: http://stackoverflow.com/questions/1156759/
:DoNotReverseLookup => nil,
:environment => (ENV[‘RAILS_ENV’] || “development”).dup,
:daemonize => false,
:debugger => false,
:pid => File.expand_path(“tmp/pids/server.pid”),
:config => File.expand_path(“config.ru”),
:SSLEnable => true,
:SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
:SSLPrivateKey => OpenSSL::PKey::RSA.new(
File.open(File.expand_path( ‘../../config/ssl/server.key.i$
:SSLCertificate => OpenSSL::X509::Certificate.new(
File.open(File.expand_path(‘../../config/ssl/server.crt’, $
:SSLCertName => [[“CN”, WEBrick::Utils::getservername]]
})
end
end
end

Mudar de:

:Port => 3004,
:Host => “127.0.0.1”,

Para (ou IP ou porta que você desejar)

:Port => 8081,
:Host => “192.168.0.10”,

Salvar o arquivo

Parar o server:
/etc/init.d/dradis stop

Subir o server novamente
/etc/init.d/dradis start

Pronto! Agora é só testar numa VM ou na sua própria máquina.

@firebitsbr

Script Shell “Quick, N00b and Dirty” para Download de exploits YY-MM do PacketStorm

Publicado por firebits em

Vou revisar e melhorar depois, mas precisei fazer bem simples e rápido.

#!/bin/bash
# Mauro Risonho de Paula Assumpção AKA firebits
# Auto Downloader exploits PackerStormSecurity.net
# Rev01

echo “Year 2005 – packetstormsecurity”
echo “…downloading”
wget http://dl.packetstormsecurity.net/0501-exploits/0501-exploits.tgz
wget http://dl.packetstormsecurity.net/0502-exploits/0502-exploits.tgz
wget http://dl.packetstormsecurity.net/0503-exploits/0503-exploits.tgz
wget http://dl.packetstormsecurity.net/0504-exploits/0503-exploits.tgz
wget http://dl.packetstormsecurity.net/0505-exploits/0505-exploits.tgz
wget http://dl.packetstormsecurity.net/0506-exploits/0506-exploits.tgz
wget http://dl.packetstormsecurity.net/0507-exploits/0507-exploits.tgz
wget http://dl.packetstormsecurity.net/0508-exploits/0508-exploits.tgz
wget http://dl.packetstormsecurity.net/0509-exploits/0509-exploits.tgz
wget http://dl.packetstormsecurity.net/0510-exploits/0510-exploits.tgz
wget http://dl.packetstormsecurity.net/0511-exploits/0511-exploits.tgz
wget http://dl.packetstormsecurity.net/0512-exploits/0512-exploits.tgz

echo “Year 2006 – packetstormsecurity”
echo “…downloading”
wget http://dl.packetstormsecurity.net/0601-exploits/0601-exploits.tgz
wget http://dl.packetstormsecurity.net/0602-exploits/0602-exploits.tgz
wget http://dl.packetstormsecurity.net/0603-exploits/0603-exploits.tgz
wget http://dl.packetstormsecurity.net/0604-exploits/0603-exploits.tgz
wget http://dl.packetstormsecurity.net/0605-exploits/0605-exploits.tgz
wget http://dl.packetstormsecurity.net/0606-exploits/0606-exploits.tgz
wget http://dl.packetstormsecurity.net/0607-exploits/0607-exploits.tgz
wget http://dl.packetstormsecurity.net/0608-exploits/0608-exploits.tgz
wget http://dl.packetstormsecurity.net/0609-exploits/0609-exploits.tgz
wget http://dl.packetstormsecurity.net/0610-exploits/0610-exploits.tgz
wget http://dl.packetstormsecurity.net/0611-exploits/0611-exploits.tgz
wget http://dl.packetstormsecurity.net/0612-exploits/0612-exploits.tgz

echo “Year 2007 – packetstormsecurity”
echo “…downloading”
wget http://dl.packetstormsecurity.net/0701-exploits/0701-exploits.tgz
wget http://dl.packetstormsecurity.net/0702-exploits/0702-exploits.tgz
wget http://dl.packetstormsecurity.net/0703-exploits/0703-exploits.tgz
wget http://dl.packetstormsecurity.net/0704-exploits/0703-exploits.tgz
wget http://dl.packetstormsecurity.net/0705-exploits/0705-exploits.tgz
wget http://dl.packetstormsecurity.net/0706-exploits/0706-exploits.tgz
wget http://dl.packetstormsecurity.net/0707-exploits/0707-exploits.tgz
wget http://dl.packetstormsecurity.net/0707-exploits/0707-exploits.tgz
wget http://dl.packetstormsecurity.net/0709-exploits/0709-exploits.tgz
wget http://dl.packetstormsecurity.net/0710-exploits/0710-exploits.tgz
wget http://dl.packetstormsecurity.net/0711-exploits/0711-exploits.tgz
wget http://dl.packetstormsecurity.net/0712-exploits/0712-exploits.tgz

echo “Year 2008 – packetstormsecurity”
echo “…downloading”
wget http://dl.packetstormsecurity.net/0801-exploits/0801-exploits.tgz
wget http://dl.packetstormsecurity.net/0802-exploits/0802-exploits.tgz
wget http://dl.packetstormsecurity.net/0803-exploits/0803-exploits.tgz
wget http://dl.packetstormsecurity.net/0804-exploits/0803-exploits.tgz
wget http://dl.packetstormsecurity.net/0805-exploits/0805-exploits.tgz
wget http://dl.packetstormsecurity.net/0806-exploits/0806-exploits.tgz
wget http://dl.packetstormsecurity.net/0807-exploits/0807-exploits.tgz
wget http://dl.packetstormsecurity.net/0808-exploits/0808-exploits.tgz
wget http://dl.packetstormsecurity.net/0809-exploits/0809-exploits.tgz
wget http://dl.packetstormsecurity.net/0810-exploits/0810-exploits.tgz
wget http://dl.packetstormsecurity.net/0811-exploits/0811-exploits.tgz
wget http://dl.packetstormsecurity.net/0812-exploits/0812-exploits.tgz

echo “Year 2009 – packetstormsecurity”
echo “…downloading”
wget http://dl.packetstormsecurity.net/0901-exploits/0901-exploits.tgz
wget http://dl.packetstormsecurity.net/0902-exploits/0902-exploits.tgz
wget http://dl.packetstormsecurity.net/0903-exploits/0903-exploits.tgz
wget http://dl.packetstormsecurity.net/0904-exploits/0903-exploits.tgz
wget http://dl.packetstormsecurity.net/0905-exploits/0905-exploits.tgz
wget http://dl.packetstormsecurity.net/0906-exploits/0906-exploits.tgz
wget http://dl.packetstormsecurity.net/0907-exploits/0907-exploits.tgz
wget http://dl.packetstormsecurity.net/0908-exploits/0908-exploits.tgz
wget http://dl.packetstormsecurity.net/0909-exploits/0909-exploits.tgz
wget http://dl.packetstormsecurity.net/0910-exploits/0910-exploits.tgz
wget http://dl.packetstormsecurity.net/0911-exploits/0911-exploits.tgz
wget http://dl.packetstormsecurity.net/0912-exploits/0912-exploits.tgz

echo “Year 2010 – packetstormsecurity”
echo “…downloading”
wget http://dl.packetstormsecurity.net/1001-exploits/1001-exploits.tgz
wget http://dl.packetstormsecurity.net/1002-exploits/1002-exploits.tgz
wget http://dl.packetstormsecurity.net/1003-exploits/1003-exploits.tgz
wget http://dl.packetstormsecurity.net/1004-exploits/1003-exploits.tgz
wget http://dl.packetstormsecurity.net/1005-exploits/1005-exploits.tgz
wget http://dl.packetstormsecurity.net/1006-exploits/1006-exploits.tgz
wget http://dl.packetstormsecurity.net/1007-exploits/1007-exploits.tgz
wget http://dl.packetstormsecurity.net/1008-exploits/1008-exploits.tgz
wget http://dl.packetstormsecurity.net/1009-exploits/1009-exploits.tgz
wget http://dl.packetstormsecurity.net/1010-exploits/1010-exploits.tgz
wget http://dl.packetstormsecurity.net/1011-exploits/1011-exploits.tgz
wget http://dl.packetstormsecurity.net/1012-exploits/1012-exploits.tgz

echo “Year 2011 – packetstormsecurity”
echo “…downloading”
wget http://dl.packetstormsecurity.net/1101-exploits/1101-exploits.tgz
wget http://dl.packetstormsecurity.net/1102-exploits/1102-exploits.tgz
wget http://dl.packetstormsecurity.net/1103-exploits/1103-exploits.tgz
wget http://dl.packetstormsecurity.net/1104-exploits/1103-exploits.tgz
wget http://dl.packetstormsecurity.net/1105-exploits/1105-exploits.tgz
wget http://dl.packetstormsecurity.net/1106-exploits/1106-exploits.tgz
wget http://dl.packetstormsecurity.net/1107-exploits/1107-exploits.tgz
wget http://dl.packetstormsecurity.net/1108-exploits/1108-exploits.tgz
wget http://dl.packetstormsecurity.net/1109-exploits/1109-exploits.tgz
wget http://dl.packetstormsecurity.net/1110-exploits/1110-exploits.tgz
wget http://dl.packetstormsecurity.net/1111-exploits/1111-exploits.tgz
wget http://dl.packetstormsecurity.net/1112-exploits/1112-exploits.tgz

echo “Year 2012 – packetstormsecurity”
echo “…downloading”
wget http://dl.packetstormsecurity.net/1201-exploits/1201-exploits.tgz
wget http://dl.packetstormsecurity.net/1202-exploits/1202-exploits.tgz
wget http://dl.packetstormsecurity.net/1203-exploits/1203-exploits.tgz
wget http://dl.packetstormsecurity.net/1204-exploits/1203-exploits.tgz
wget http://dl.packetstormsecurity.net/1205-exploits/1205-exploits.tgz
wget http://dl.packetstormsecurity.net/1206-exploits/1206-exploits.tgz
wget http://dl.packetstormsecurity.net/1207-exploits/1207-exploits.tgz
wget http://dl.packetstormsecurity.net/1208-exploits/1208-exploits.tgz
wget http://dl.packetstormsecurity.net/1209-exploits/1209-exploits.tgz
wget http://dl.packetstormsecurity.net/1210-exploits/1210-exploits.tgz
wget http://dl.packetstormsecurity.net/1211-exploits/1211-exploits.tgz
wget http://dl.packetstormsecurity.net/1212-exploits/1212-exploits.tgz

@firebitsbr