xeuledoc

xeuledoc is a tool (hacking?) that can determine the owner of a google doc and often the name and email are available. I’ve been testing it and it seems to work well! Although it seems to only work with publicly shared documents.

The interesting thing is that you may not want your name and email address available to every one! Ever shared info via a google doc? You may be exposing at least your name and email to people who are unscrupulous – might be time to think about all the docs you may have shared! Is it a good thing that your email address and name are linked to this data?

It also seems to work with the “Security setting” anyone who has this link. It will be interesting to see if google “fix” this, and how long it might take.

Note this above example is included in the application as published by its owner.

Github link to application
https://github.com/Malfrats/xeuledoc

Apparently it can also work on
Google Docs – Google Spreadsheets – Google Slides – Google Drawning – Google My Maps – Google Apps Script – Google Jamboard

From my Spells book No1 Tcpdump

So I have a number of journals one of which I call “Spells” ! It’s just a collection of scripts commands etc. But for years now I’ve been thinking about putting together some short snappy articles about each of them – so finally hear we go!

Tcpdump is a “data-network packet analyser computer program”
What does it do? It lets you look at network traffic and see what is coming into and out of your computer.

Typically this can be useful if you want to see what is going on with a particular application (it might be a web server or a mail server – you might want to look at DNS traffic).

Usage is fairly straight forward 

ie “sudo tcpdump” Will give you pretty much everything coming in and going out of the machine. It’s interesting to run this and if you look closely you can get an idea of web page construction – live connectivity all sorts of interesting stuff. But it is sometimes a lot of information (use control command key combination to stop the session).

sudo tcpdump port 53
Will give you an idea of whats going on with regards DNS
If your running a web server “sudo tcpdump port 80” or “sudo tcpdump port 443” will give you a good picture of whats going on.

It’s even useful just to see if the network is up – for example you can bring up a couple of terminal windows
“sudo tcpdump icmp” in one window and “ping 8.8.4.4” in another, will give you feedback like this and indeed prove that your computer is infact on the interweb!

Tcpdump and icmp running in seperate terminal windowss!

If you want to actually capture data to a file try something like this
“sudo tcpdump -s 0 -w dumpfile host 8.8.8.8” and then “ping 8.8.8.8” that will create a packet dump in a format that can be read via tcpdump or something like wireshark if you want to view things in a GUI.
 
Although this is just a basic introduction to packet tracing, tcpdump is the grandaddy of all packet tracers and it’s a good skill to have. 

One word of warning though, is that you should not run tcpdump on a network that is not yours! Ie check if your doing this at work, as in some situations it could be considered not appropriate or verging on hacking. Use with caution!

Long pass phrases!

Yarn bike

Don’t use a pass word! Use a pass phrase . Twelve or more letters, the odd number and lower and upper case letters, make it something you can remember but long and easy for you to remember is the most important thing.

For example I like dogs, bentley cars and pingpong I might write a sticky note that says
*_*
Fave animal
Fave car
Fave sport

and the pass phrase might look like

Dog*_*bentley*_*pingpong

This is a good pass phrase
But think of it like this

To quote From the TheGreatContini who posts on stackoverflow.
While discusing “How long to brute force 16 character secret key

There are 62 possibilities for each character, and 16 characters. This translates to 62^16 (47672401706823533450263330816) trials worse case, or half of that on average. If the attacker can do a billion trials per second, that means 47672401706823533450 seconds, which is about 1511681941489 years. I think that’s pretty good protection. You could even chop off a few characters and still feel pretty safe.

Probably best not to put your exact pass phrase in this (just in case some one nasty sniffs if across the net work or the interweb) but have a play with this site it’s fun and gets the point home.

The other thing is don’t use the same pass phrase for all accounts!
What you might say do I have to remember lots of pass phrases? Well the next thing to do is start using the keychain, but I’ll talk more about this in another exciting episode!

Have fun and be safe on the interwebs

Why it’s important to monitor logs

A while back I wrote sshfail. It’s a script to look at attempts on the ssh protocol on servers. You can find it up on git hub if your interested and want to install in your self. https://github.com/nevetsanderson/sshfail .

The interesting thing is that even if you use a non standard port to run ssh on (which is what this data relates to) it’s only a matter of time before modern hackers or bots or some Bs8dutard’s find that information and it gets propergated. Have a look at this raw data.

DateAttemptsips
1/3/20202828
1/4/2020239129
1/5/2020204125
1/6/2020337106
1/7/2020322167
1/8/2020386142
1/9/2020452195
1/10/2020273169
1/11/20205873197
1/12/20204346116
1/13/20208892191
1/14/20206192128
1/15/202000

As you can see things got ugly after about 11 days… from 28 to 5873 attempts on the server per day and within 2 weeks. Also worth considering is how did things go from weeks of no one being able to detect this, to 28 ip address suddenly finding my machine on the same day and then it increasing to 195 (Jan 3-9). I’d love to know what’s going on in the background. How is information is being propergated?

So as you can also observe on the 15 th, I changed the port and things have been have quiet since then but the issue is… If I hadn’t been observant and actually looked at the numbers then I’d be giving the bad guys a chance at reeking havok…

Stay safe out there people, and actually look at your log data!