AysadKozanoglu

<?php 
if(
  strpos( $_SERVER['HTTP_REFERER'], 'wp-admin' ) === false &&
  strpos( $_SERVER['REQUEST_URI'], 'admin-ajax.php' ) !== false
) {
  header( 'Cache-Control: max-age=30000, must-revalidate' );
  header( 'Expires: ' . gmdate( 'D, d M Y H:i:s', strtotime( '+5000 minutes' ) ) . ' GMT' );
  header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s', strtotime( '-5000 minutes' ) ) . ' GMT' );
  header( $_SERVER["SERVER_PROTOCOL"]." 404 Not Found" );
  die;

AysadKozanoglu

Capture SMTP Email

tcpdump -nn -l port 25 | grep -i 'MAIL FROM\|RCPT TO'

Extract HTTP Passwords in POST Requests

tcpdump -s 0 -A -n -l | egrep -i "POST /|pwd=|passwd=|password=|Host:"

Capture FTP Credentials and Commands

AysadKozanoglu

### KERNEL TUNING ###

# Increase size of file handles and inode cache
fs.file-max = 2097152

# Do less swapping
vm.swappiness = 10
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2

NiceGuyIT

Intro

This is an example configuration to have nginx output JSON logs to make it easier for Logstash processing. I was trying to get nginx > Filebeat > Logstash > ES working and it wasn't until I connected Filebeat directly to Elasticsearch that I saw the expected data. Google led me to ingest-convert.sh and I realized filebeat setup works for Filebeat > ES but not Filebeat > Logstash > ES. This is because Logstash does not use ingest pipelines by default. You have to enable them in the elasticsearch output block.

Having nginx log JSON in the format required for Elasticsearch means there's very little processing (i.e. grok) to be done in Logstash. nginx can only output JSON for access logs; the error_log format cannot be changed.

Extra fields are output and not used by the Kibana dashboards. I included them in case they might be useful. Since they are not declared in the filebeat setup, their default is "string" when yo

gdamjan

# -*- encoding: utf-8 -*-
# requires a recent enough python with idna support in socket
# pyopenssl, cryptography and idna

from OpenSSL import SSL
from cryptography import x509
from cryptography.x509.oid import NameOID
import idna

from socket import socket

AysadKozanoglu

#auhtor: Aysad Kozanoglu

realizing a file transfer over 50MB-90MB/s on 1Gbit NIC

from remote to local

rsync -avHAXx --numeric-ids --progress -e "ssh -T -c arcfour -o Compression=no -x" user@[source]:[source_dir] [dest_dir]

AysadKozanoglu

#!/bin/bash
# 
#author: Aysad Kozanoglu
#
#

# Directory in which to store the backups
ROOT_DIR=/mnt/backup
REMOTE_USER=root
REMOTE_PATH=/mnt/drbd/var/mail/vmail/espresto.com

AysadKozanoglu

nbtscan 192.168.1.0-192.168.1.255

detail info host
nmap -A 192.168.1.8

get most ports
nmap --script smb-os-discovery 192.168.1.8

get mac adress ips hostnames
nmap -sP 192.168.1.0/24 | awk '/Nmap scan report for/{printf $5;}/MAC Address:/{print " => "$3;}' | sort

AysadKozanoglu

Using auto backup with Vim

Not using versioning on your configuration files and editing them with Vim? Use Vim’s backup option to automatically keep a copy of past versions:

To put in your ~/.vimrc:

"Turn on backup option
set backup

ethanpil

# wp-secure.conf
#
#
# This file includes common security considerations for wordpress using nginx.
#
# The goal is to block actions which are usually dangerous to wordpress.
# Additionally, we block direct access to PHP files and folders which should not 
# be accessed directly from a browser.
#
# Also have included exceptions for plugins that are known to require this access.