Comments for /Gregular Expressions/

Comment on Using ClamAV to find php shells and other nasties by Dmitry Sherman

Dmitry Sherman — Sun, 25 Mar 2012 18:29:22 +0000

I also just scanned one of my centos servers with clamscan, i am not sure if it can find any php eval(base64 or any other packed shells or backdoors…. so far it didnt find anything.

Now scanning one other machine.

Anyway recently i found some other nice script lookforbadguys.php
just google it, it comes from some nice guy who explains how to use it and look for backdoors etc’

Comment on Install Metasploit Framework 3 on Fedora by Greg

Greg — Sun, 22 Jan 2012 09:36:44 +0000

Hi Yumer,

It looks like you don’t have ‘ruby’ installed on your machine, it’s a requirement of metasploit. Did you have any trouble with the earlier steps mentioning it?

yum install ruby
http://rubygems.org/pages/download

Greg.

Comment on Install Metasploit Framework 3 on Fedora by yumer

yumer — Sat, 21 Jan 2012 15:47:58 +0000

hi,
I tried this guide in fedora 16, so good.
But when I run “/opt/metasploit/msf3/msfconsole” I just get “/usr/bin/env: ruby: File or directory does not exist”
What can I do?

Sorry for the translation done with Google

Comment on Use a SSH tunnel as a (Mac) system-wide SOCKS proxy to secure your traffic or bypass firewalls. by Greg

Greg — Tue, 10 Jan 2012 22:05:19 +0000

Yes, I’ve found that annoyingly the Terminal seems to be ignoring it.. I’ve got a post on StackOverflow about it.

Comment on Use a SSH tunnel as a (Mac) system-wide SOCKS proxy to secure your traffic or bypass firewalls. by ctrl alt dileep

ctrl alt dileep — Tue, 10 Jan 2012 22:01:26 +0000

Excellent stuff. Not all applications honour global proxy settings on the mac though.

Comment on Setup RSA Keys for password-less SSH login by Use a SSH tunnel as a (Mac) system-wide SOCKS proxy to secure your traffic or bypass firewalls. | /Gregular Expressions/

Sat, 01 Oct 2011 14:42:53 +0000

[...] at host 111.112.113.114. If you’ve already put one of my previous posts about SSH keys into practice then you’ll be connected, otherwise you’ll have to enter your [...]

Comment on DNS Spoofing with Ettercap & BackTrack by Greg

Greg — Tue, 19 Apr 2011 21:55:01 +0000

Hi MMDeveloper,

I believe the ARP poisoning will only work within your local network so if the target machine has got specific DNS servers set (eg Google’s) and is not using the router provided ones via DHCP then the poisoning will fail.

DHCP is the default for most OS but there’s not any way to ARP poison external DNS lookups. The best you could probably do is convince the target that you’re the gateway (because this is a local address and still susceptible) and sniff all their traffic.

Greg

Comment on DNS Spoofing with Ettercap & BackTrack by MMDeveloper

MMDeveloper — Tue, 19 Apr 2011 21:19:25 +0000

Doesn’t seem to work for me either. I have an XP SP3 machine in the back that I use solely for learning how to use Backtrack 4 r2 (which is installed on my laptop). I follow these steps to a “T” and the target machine just wont load the site I’m trying to spoof.. It will just sit there and try and eventually “time out”. If I hit my laptop via direct IP the apache “It Works” page loads fine.

Just appears the dns spoof isn’t “taking”.

Comment on Setup RSA Keys for password-less SSH login by Setup RSA Keys for password-less SSH login « /Gregular Expressions/

Setup RSA Keys for password-less SSH login « /Gregular Expressions/ — Tue, 09 Nov 2010 15:01:08 +0000

[...] I have migrated my blog to dedicated hosting, you can find this post here [...]

Comment on Disable Version Info Showing in Apache Banner by Disable Version Info Showing in Apache Banner « /Gregular Expressions/

Disable Version Info Showing in Apache Banner « /Gregular Expressions/ — Mon, 08 Nov 2010 16:27:23 +0000

[...] I have migrated my blog to dedicated hosting, you can find this post here [...]