New Lab box, Finally! hp N36L with ESXi 4.1

YES! After really long time, I finally decided to go for it.

I was looking for something really particular:

a) small size (mac mini or shuttle like)

b) fan less or very little noise

c) low power consumption

After a little bit of research, several folks were talking about this new micro server compatible with ESXi out of the box, the HP N36L microserver.

I went for it, it comes with an useless 1GB ram which now I use it use it as dart!, so I got it working with the max of ram which is 8GB with 2x4GB Kingston KVR133/PC3-10600.

did I mention it does not come with optic unit? yeah pity, so I had to make a cheap USB Stick bootable with ESXi 4.1 in order to install the server, here is where the pain begins...

I looked at few tutorials out there and none of them worked, on top of that I ran in every single problem you can imagine:

• USB Stick didn't boot
• when It booted it didn't recognize the kickstart file
• when I solved the kickstart file configuration issue It didn't see the hardisks to install (
• error: /tmp/ks.cfg: line 6: auto part --firstdisk specified, but no suitable disk was found)
• then I managed to solved that and....
• It didn't work because I was now getting an "md5 sum mismatch error", which by the way I solved re-copying by *zillion times the 4,1 files into the USB Stick.
• So I did it! I got ESXi 4.1 working, and this is the log how i created the USB installer stick:

I didn't have any other Linux box other than the actual backtrack 4r2, its based on ubuntu, so anyways:

root@bt:~# fdisk /dev/sdb1

The number of cylinders for this disk is set to 31999.

There is nothing wrong with that, but this is larger than 1024,

and could in certain setups cause problems with:

1) software that runs at boot time (e.g., old versions of LILO)

2) booting and partitioning software from other OSs

(e.g., DOS FDISK, OS/2 FDISK)

Command (m for help): d

Partition number (1-4): 1

Command (m for help): d

Partition number (1-4): 2

Command (m for help): d

Partition number (1-4): 3

Command (m for help): d

Selected partition 4

Command (m for help): d

No partition is defined yet!

Command (m for help): n

Command action

e extended

p primary partition (1-4)

p

Partition number (1-4): 1

First cylinder (1-31999, default 1):

Using default value 1

Last cylinder, +cylinders or +size{K,M,G} (1-31999, default 31999):

Using default value 31999

Command (m for help): a

Partition number (1-4): 1

Command (m for help): t

Selected partition 1

Hex code (type L to list codes): b

Changed system type of partition 1 to b (W95 FAT32)

Command (m for help): w

The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 22: Invalid argument.

The kernel still uses the old table.

The new table will be used at the next reboot.

WARNING: If you have created or modified any DOS 6.x

partitions, please see the fdisk manual page for additional

information.

Syncing disks.

root@bt:~# umount /dev/sdb1

root@bt:~# mkfs.vfat -n BOOT -F 32 /dev/sdb1

mkfs.vfat 2.11 (12 Mar 2005)

root@bt:~# syslinux -s /dev/sdb1

root@bt:~# dd if=/usr/lib/syslinux/mbr.bin of=/dev/sdb

0+1 records in

0+1 records out

404 bytes (404 B) copied, 0.0147531 s, 27.4 kB/s

root@bt:~# mount /dev/sdb1 /root/usb

root@bt:~# cp -r /media/cdrom0/* /root/usb/

root@bt:~# cd /root/usb/

root@bt:~/usb# rm isolinux.bin

root@bt:~/usb# mv isolinux.cfg syslinux.cfg

This box can manage easily a couple of VMs of low CPU needs, I'll probably get XBMC or freeNAS running besides some *nix boxes to play around with.

as FPSrussia! says..... as usual, have nice day! hahahaha.

Converting password/string to Phonetic Alphabet [Python]

So, every time my buddies stop by, ask, what's the WIFI's password? then I usually give them a piece of paper with a 160 Bit password of 20 Characters like:

{[Ck~Yv~xV9~-R9EMi-k so they go like: can you read this back to me?

So as I've been doing some code, I wanted to be lazy and get my generated passwords in the phonetic alphabet in order to make it easy to pass on:

and this is the result:

#!/usr/bin/python

import sys




if len(sys.argv) < 2:

print "[-] Nothing to do, please provide the password or string: python script.py myPa$$w0rd""

sys.exit()




d = {"a":"alpha","b":"bravo","c":"charlie","d":"delta","e":"echo","f":"foxtrot","g":"golf","h":"hotel","i":"india","j":"juliett","k":"kilo","l":"lima","m":"mike","n":"november","o":"oscar","p":"papa","q":"quebec","r":"romeo","s":"sierra","t":"tango","u":"uniform","v":"victor","w":"whiskey","x":"x-ray","y":"yankee","z":"zulu","-":"dash","0":"Zero", "1":"One", "2":"Two", "3":"Three", "4":"Four", "5":"Five", "6":"Six", "7":"Seven", "8":"Eight", "9":"Nine"}




print("[*] Your password/string of lenght:%d can be read as follows:\n" % (len(sys.argv[1])))

for char in sys.argv[1]:

if char.lower() in d:

if char.lower() == char:

print d[char]

else:

print d[char.lower()].upper()

else:

print char




----

output example:




$ python passToWords.py {[Ck~Yv~xV9~-R9EMi-k

[*] Your password/string of lenght:20 can be read as follows:

{

[

CHARLIE

kilo

~

YANKEE

victor

~

x-ray

VICTOR

Nine

~

dash

ROMEO

Nine

ECHO

MIKE

india

dash

kilo

Getting HTTP headers and searching for X pattern in the body content with Python

I've done this small script to get the HTTP headers, get the server response and then look for x text:

#!/usr/bin/python
import sys
import httplib
from urlparse import urlparse

#Initializing some vars
target_address=""
resource = ""
conn = ""
res = ""


def UserInput():
global target_address
global resource
i = 0

while True:
if i >= 2:
print "[-] Don't try to be sneaky if you want to test, provide a valid URL, I'm exiting..."
sys.exit();

url = raw_input("Enter a valid URL to Test: ")
if url and "http://" not in url:
print "[-] you need to follow RFC 1808 when working with URLs, but not worries, I've corrected it for you"
url = "http://" + url
o = urlparse(url)
#Validating that user's input has a resource to GET /something.some
if not o.path or o.path == "/":
print "[-] Nothing to do, you need to provide a valid URL and RESOURCE to test i.e http://www.test.com/resource.htm, I'm exiting..."
sys.exit()
#all good and set so lets assign them
target_address = o.netloc
resource = o.path
break
i +=1


def Connection():
global conn
global res
print "\n[?] Trying to connect to: " + target_address
print "[?] Trying to GET: " + resource
conn = httplib.HTTPConnection(target_address,timeout=5)
conn.request("GET", resource)
res = conn.getresponse()
#Goal 1: Print the response of the server:
print "[*] Server Response: " + str(res.status) + " Details: " +res.reason
#Goal 2: Print the response of the server:
print "\n[*] Server HEADER Response:"
for i, (header, value) in enumerate(res.getheaders()):
print "%s: %s" % (header.capitalize(), value.capitalize())

def CheckXSS():
#Goal 3: check if there is an XSS in the body
xss = "alert---document.cookie---" # <- i had to modify the actual text since it seems blogger doesn't like script tags
if xss in res.read():
print "\n[*] WARNING: XSS detected in HTTP response body!, this guy knows to how to get it done!"
else:
print "\n[*] XSS was not found in the body. "

try:
UserInput()
Connection()
#if there is a valid resource and exists, we check it.
if res.status == 200:
CheckXSS()
else:
print "\n[-] Nothing to do, you need to provide a valid URL and RESOURCE to test i.e http://www.test.com/resource.htm, exiting"
conn.close()
print "[*] Done!"
except Exception as msg:
print ("\n[-] There is a Problem, Check OSI tier 8 and try again\n[-] Error Details: %s" % msg)






As always, feedback is appreciate, cut me some slack though, I dont code everyday just from time to time.

Bash script to put all the info from separate files in one

So, I had this directory tree full of python scripts I've written but I wanted to put them all in one file to make it easy to read/find stuff, so I was trying to think a way to cut myself some slack, so I ended up writing this small piece of code in bash to get it done:


#!/bin/bash
for filex in $(ls *.py);do
echo "working on file: $filex"
echo -e "\n----------$filex-------------------\n" >> allTheCode.txt
cat $filex >> allTheCode.txt
echo -e "\n-----------------------------------\n" >> allTheCode.txt
done