I got a bit tired of not finding that one IT book I wanted in kindle format. The following script will go thought Amazon.s IT Books and auto check the link to request a kindle version. Warning, This was a quick and dirty solution. Your mileage may vary.

The Python Code

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#!/usr/bin/python

import urllib, urllib2
import sys
from BeautifulSoup import BeautifulSoup

def main():
  for i in range(100):
  url = urllib2.urlopen('http://www.amazon.com/s?ie=UTF8&rh=n:5&page=%s' % (i))
  html = url.read()

  soup = BeautifulSoup(html)

  url_list = []
  for tag in soup.findAll('a', href=True):
  if "/dp/" in tag['href']:
    if "http://" in tag['href']:
      if not tag['href'] in url_list:
        url_list.append(tag['href'])
        print "testing : %s" % tag['href']
        item_url = urllib2.urlopen(tag['href'])
        item_html = item_url.read()

        item_soup = BeautifulSoup(item_html)
        for item_tag in item_soup.findAll('a', href=True):
          if "request-kindle-edition" in item_tag['href']:
            print "Found kindle url...Requesting Now..."
            print "Opening http://www.amazon.com%s" % (item_tag['href'])
            idk_opener = urllib2.build_opener()
            idk_opener.addheaders = [('User-agent', 'Mozilla/5.0')]
            idk_html = idk_opener.open("http://www.amazon.com%s" % (item_tag['href'])).read()
            #print idk_html
            if "kindleRequestThank" in idk_html:
              print "Request Worked"

if __name__ == '__main__':
  main()

How I got Android Tools working in Kali and Raspbian

Step 1:

The Setup

1
2
sudo mkdir /opt/android && cd /opt/android
sudo echo "deb-src http://debian.ens-cachan.fr/ftp/debian/ sid main contrib non-free" >> /etc/apt/sources.list

Step 2:

The Installation

1
2
3
4
sudo apt-get update
sudo apt-get -y build-dep android-tools
sudo apt-get -y source --build android-tools
sudo dpkg -i android-tools-*.deb

Step 3:

The Cleanup

1
2
3
4
5
cd ~
sudo rm -rf /opt/android
sudo sed -i 's/.*cachan\.fr.*//' /etc/apt/sources.list
sudo apt-get update
sudo apt-get clean

Today I woke up to an unresponsive website. When I started to look at the Apache access.log file I found a ton of IPs trying to bruteforce my wp-admin.php creds. I knew they weren.t going to get anywhere (thank you google auth), but it was doing a good job at DDOS.

Below is the oneliner I used to quickly end their fun.

1
tail -f /var/log/apache2/access.log | while read line; do echo "$line" | grep -i "post /wp-login.php" | cut -d " " -f1 | xargs -r iptables -I INPUT -j DROP -s; done

Lets get our call sceening on with our Raspberry Pi.

Assumeptions:

  1. You have a Raspberry Pi with a default Raspbian install.
  2. You have a Trendnet USB Modem from Amazon.

Step 1:

Install needed pre-packaged software

1
sudo apt-get -y install vim gcc tmux screen

Step 2:

Download and setup jcblock software

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
cd /usr/src
wget http://jcblock.cvs.sourceforge.net/viewvc/jcblock/?view=tar -O jblock.tar.gz
cd jcblock
mv jcblock/ ../jcb
cd ..
rm -rf jcblock
cd jcb

mv blacklist.dat.example blacklist.dat
mv whitelist.dat.example whitelist.dat
mv callerID.dat.example callerID.dat

vim jcblock.c
change: #define DO_TONES to //#define DO_TONES

vim makejcblock
comment out the existing gcc command and replace it with..
gcc -o jcblock jcblock.c truncate.c -lm

chmod +x makejcblock
./makejcblock

Step 3:

Fixup the default lists.

1
2
3
4
5
vim whitelist.dat
Comment out the two default whitelisted numbers (They are missing "?" at the end of the number and will crash the software")

vim blacklist.dat
Add your phone number but watch out for the special formatting and don't forget the "?" at the end.

Step 4:

Start the software

1
/usr/src/jcb/jcblock -p /dev/ttyACMO

Testing Call your home line from your cell phone. If all goes well it may ring once or twice and then pickup and then hangout on your cell phone while allowing all over numbers in normally.

Additional Notes

I had you install screen and/or tmux so that you can run the software, and then detach the console and allow the software to run.

I was on hacker hotshots today. I was asked: Will any of the code make it into Kali?. It didn.t even occur to me that some of the code I.m using would be useful to others. After a few moments of thought ‘gitrecon’ was born.

http://github.com/wick2o/gitrecon

This tool assumes you have git installed and in your path. I.ve tested this on Linux and that.s about it.

It will allow you to specify a Github username and the number of threads to use. Then it will download/clone all of their repositories.

UPDATE

This tool will now spit out a dirs.txt and files.txt for easy burp scanning.