blog
Table des matières
- 2026:
- 2025:
1 billet(s) pour avril 2026
| Notes ping ICMP | 2026/04/03 23:01 | Jean-Baptiste |
JTR - John The Ripper
Contrairement à hashcat par défaut John est mono core !
Voir : https://www.openwall.com/john/
Voir aussi :
- hashcat
Source http://www.octetmalin.net/linux/tutoriels/john-the-ripper.php
unshadow /etc/passwd /etc/shadow > pass.txt john -users=john pass.txt -show
Les MDP sont enregistrés ici ~/.john/john.pot
john -incremental:alpha pass.txt (Seulements les lettres) john -incremental:digits pass.txt (Seulements les chiffres) john -incremental:lanman pass.txt (Chiffres, lettres et certains caractères scpéciaux) john -incremental:all pass.txt (Tous les caractères)
To continue an interrupted session, run:
john --restore
Benchmark
john --test
Multicore
Voir :
- john-omp
https://www.openwall.com/john/doc/OPTIONS.shtml
Ici il est question d'une option --forks
--fork=N fork N processes
MPI
Voir :
apt-get install openmpi-bin libopenmpi-dev
mpirun -np {nombre de core utilisés} {commande}
john -test mpirun -np 4 /usr/bin/john -test
Alternatives à John the Ripper
Hashcat
grep john /etc/shadow |cut -d: -f2 >hash.txt hashcat -a 3 -m 1800 hash.txt ?l?l?l?l?l?l
Dico
zxcvbnData
Jmeter - notes
bin/jmeter.properties
summariser.name=summary
summariser.out=true
bin/jmeter -n -t Requête\ HTTP.jmx bin/jmeter -n -t testplan.jmx -l testplan_01.jtl -j testplan_01.log
Voir :
bzt Requête\ HTTP.jmx
bzt NonGuiTestMonitoring.jmx -report
JMeter HTTP Proxy Server derrière un proxy HTTP
bin/jmeter --proxyHost 192.168.1.171 --proxyPort 8080 --username $USER --password "$(get_pass_ldap)"
BeanShell
ResponseCode = prev.getResponseCode(); log.info(ResponseCode); print(ResponseCode);
Ansible script shell command exemple pvresize idempotent
Voir :
M(community.general.lvg)
ansible/playbook.yml
#! /usr/bin/env ansible-playbook --- - name: exemple hosts: all become: True vars: lvmconfig: [ { lv: root, sz: '40g' }, { lv: var, sz: '10g' }, { lv: log, sz: '100g' }, { lv: opt, sz: '10g' } ] roles: - lvm-resize
ansible/roles/lvm-resize/tasks/main.yml
--- # tasks file for roles/lvm-resize - name: pvresize needed ? script: files/pvresize_check.sh /dev/xvdk changed_when: false check_mode: false failed_when: - pvresize_check.rc != 0 # OK - pvresize_check.rc != 101 # Change to do register: pvresize_check - name: pvresize command: pvresize /dev/xvdk when: pvresize_check.rc == 101 - name: resize volume group lvg: vg: vg_os pvs: /dev/xvdk - name: configure sizes for each LVM partition lvol: vg=vg_os lv={{ item.lv }} size={{ item.sz }} state=present shrink=no resizefs=yes with_items: "{{ lvmconfig }}"
ansible/roles/lvm-resize/files/pvresize_check.sh
#!/bin/bash set -e set -o nounset DEV=$(basename "$(readlink -f "$1")") isNonEmptyStr () { echo "$@" | grep -q -v "^$" } # SIZE IN GB BLKDEV_SIZE=$(($(cat /sys/class/block/"$DEV"/size) * 512 / 1024 / 1024 / 1024)) PV_SIZE=$(pvs --noheadings /dev/"$DEV" |awk '{print $5}' |sed 's/^[^0-9]\+//' |sed 's/[^0-9].*//g') isNonEmptyStr "$BLKDEV_SIZE" ||exit 3 isNonEmptyStr "$PV_SIZE" ||exit 4 if [ "$BLKDEV_SIZE" -eq "$PV_SIZE" ] then exit 0 else exit 101 fi
Notes
Voir également
parted -s /dev/xvdk print free
pvs --noheadings -o pv_size --units b --nosuffix /dev/sdb vgs --noheadings -o pv_size --units b --nosuffix vg_data
Iptables log avec date au format json
La conf ci-dessous a été faite avec une ancienne version de Rsyslog. Pour une version plus récente voir : https://www.rsyslog.com/doc/master/configuration/templates.html?highlight=template et rechercher jsonf
Pour tester les regex : https://regex101.com
/etc/rsyslog.d/40-iptables.conf
$Template file_reset,"%msg:R,ERE,0,DFLT:LOG_S_([A-Za-z0-9\_\>\.]+).*--end%\n" if ($syslogfacility-text == 'kern' and $syslogseverity-text == 'info') then /var/log/iptables.log;file_reset & stop
/etc/rsyslog.d/41-iptables-json.conf
###########################
###### INPUT FILES ########
###########################
module(load="imfile" mode="inotify")
input(type="imfile"
File="/var/log/iptables.log"
Tag="pf_plop/env_prod/profile_iptables/svcid_iptables/app/reset.json"
Severity="info"
)
#################################
###### OUTPUT TO LOGHOSTS #######
#################################
#if $msg contains 'PROTO=TCP' and $msg contains 'DPT=10023' then /var/log/plop.log;DPT10023
#& stop
#if $msg contains 'PROTO=TCP' and $msg contains 'DPT=10024' then /var/log/plop.log;DPT10024
#& stop
#if $msg contains 'PROTO=TCP' then /var/log/plop.log;DPT
#& stop
#set $.format = $msg;
#if ( $msg contains 'DPT=10023' ) then set $.dpt = 'PLOP10023';
#if ( $msg contains 'DPT=10024' ) then set $.dpt = 'PLOP10024';
#else set $.dpt = '';
template(name="json_iptables" type="list" option.json="on") {
constant(value="{")
constant(value="\"timestamp\":\"")
property(name="timereported" dateFormat="rfc3339")
constant(value="\",\"host\":\"")
property(name="hostname")
constant(value="\",\"severity\":\"")
property(name="syslogseverity-text")
constant(value="\",\"facility\":\"")
property(name="syslogfacility-text")
constant(value="\",\"syslog-tag\":\"")
property(name="syslogtag")
# constant(value="\",\"DPT_LABEL\":\"")
# property(name="$.dpt")
constant(value="\",\"LOG_LABEL\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="^(LOG.*)IN=.*$")
constant(value="\",\"IN\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="IN=([a-z0-9]+)")
constant(value="\",\"SRC\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="SRC=([0-9\\.]+)")
constant(value="\",\"DST\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="DST=([0-9\\.]+)")
constant(value="\",\"LEN\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="LEN=([0-9]+)")
constant(value="\",\"TOS\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="TOS=([0-9a-hx]+)")
constant(value="\",\"PREC\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="PREC=([0-9a-hx]+)")
constant(value="\",\"TTL\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="TTL=([0-9]+)")
constant(value="\",\"SPT\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="SPT=([0-9]+)")
constant(value="\",\"DPT\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="DPT=([0-9]+)")
constant(value="\",\"WINDOW\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="WINDOW=([0-9]+)")
constant(value="\",\"RES\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="RES=([0-9a-hx]+)")
constant(value="\",\"FLAGS\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="^.*RES=0x00 (.*) URGP=0")
constant(value="\",\"URGP\":\"")
property(name="msg" regex.type="ERE" regex.submatch="1" regex.nomatchmode="BLANK" regex.expression="URGP=([01])")
constant(value="\"}\n")
}
if $syslogtag == 'pf_plop/env_prod/profile_iptables/svcid_iptables/app/reset.json' then /var/log/plop.log;json_iptables
& stop
Test
rsyslogd -N1 systemctl restart rsyslog iptables -A INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 10024 -j LOG --log-prefix "RST_127.0.0.1:3000::" --log-level 6 iptables -A INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 10024 -j REJECT --reject-with tcp-reset hping3 -RS 127.0.0.1 -p 10024 -c 1
# tail -1 /var/log/iptables.log
RST_127.0.0.1:3000::IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=2739 PROTO=TCP SPT=1651 DPT=10024 WINDOW=512 RES=0x00 RST SYN URGP=0
# tail -1 /var/log/plop.log |jq .
{
"timestamp": "2021-06-02T12:47:40.685581+02:00",
"host": "vmdeb1",
"severity": "info",
"facility": "local0",
"syslog-tag": "pf_plop/env_prod/profile_reset/svcid_reset/app/reset.json",
"LOG_LABEL": "RST_127.0.0.1:3000::",
"IN": "lo",
"SRC": "127.0.0.1",
"DST": "127.0.0.1",
"LEN": "40",
"TOS": "0x00",
"PREC": "0x00",
"TTL": "64",
"SPT": "1651",
"DPT": "10024",
"WINDOW": "512",
"RES": "0x00",
"FLAGS": "RST SYN",
"URGP": "0"
}
{{tag>Brouillon} Réseau}
iptables - redirection de ports
Source : https://silentkernel.fr/utiliser-iptables-pour-une-redirection-de-port/
# Autorisation du forward IPV4 echo 1 > /proc/sys/net/ipv4/ip_forward # Masquerade permet de gérer correctement les "routes" de renvoyer à la # bonne personne la réponse du serveur iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # Notre règle de Forward on redirige le port 80 vers le port 80 de la # machine distante: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination xx.xx.xx.xx:80 # Et on autorise le forward de ce port :) iptables -A FORWARD -i eth0 -p tcp --dport 80 -j ACCEPT
Autres
blog.txt · Dernière modification : de 127.0.0.1