Category: Security

Posted on

xeuledoc

xeuledoc is a tool (hacking?) that can determine the owner of a google doc and often the name and email are available. I’ve been testing it and it seems to work well! Although it seems to only work with publicly shared documents.

The interesting thing is that you may not want your name and email address available to every one! Ever shared info via a google doc? You may be exposing at least your name and email to people who are unscrupulous – might be time to think about all the docs you may have shared! Is it a good thing that your email address and name are linked to this data?

It also seems to work with the “Security setting” anyone who has this link. It will be interesting to see if google “fix” this, and how long it might take.

Note this above example is included in the application as published by its owner.

Github link to application
https://github.com/Malfrats/xeuledoc

Apparently it can also work on
Google Docs – Google Spreadsheets – Google Slides – Google Drawning – Google My Maps – Google Apps Script – Google Jamboard

Posted on

Terminal escape injection techniques

It’s interesting in that shell scripts (small one’s) seem just like friendly bits of code that you can run. That’s not always the case, it’s probably never a good idea to just download a script and run it (esp using curl or wget). I discovered this very interesting article the other day about terminal escape injection and it works on pretty much every platform – mac, windows linux and even within python!

When in dought use cat -v in fact cat -v may be my new default for viewing code!

https://www.infosecmatter.com/terminal-escape-injection/

Posted on

Why it’s important to monitor logs

A while back I wrote sshfail. It’s a script to look at attempts on the ssh protocol on servers. You can find it up on git hub if your interested and want to install in your self. https://github.com/nevetsanderson/sshfail .

The interesting thing is that even if you use a non standard port to run ssh on (which is what this data relates to) it’s only a matter of time before modern hackers or bots or some Bs8dutard’s find that information and it gets propergated. Have a look at this raw data.

DateAttemptsips
1/3/20202828
1/4/2020239129
1/5/2020204125
1/6/2020337106
1/7/2020322167
1/8/2020386142
1/9/2020452195
1/10/2020273169
1/11/20205873197
1/12/20204346116
1/13/20208892191
1/14/20206192128
1/15/202000

As you can see things got ugly after about 11 days… from 28 to 5873 attempts on the server per day and within 2 weeks. Also worth considering is how did things go from weeks of no one being able to detect this, to 28 ip address suddenly finding my machine on the same day and then it increasing to 195 (Jan 3-9). I’d love to know what’s going on in the background. How is information is being propergated?

So as you can also observe on the 15 th, I changed the port and things have been have quiet since then but the issue is… If I hadn’t been observant and actually looked at the numbers then I’d be giving the bad guys a chance at reeking havok…

Stay safe out there people, and actually look at your log data!

Posted on

Your machine and it’s code

So I’ve been thinking a lot of late about machines, exploits and how to stop this sort of thing. I’ve been in situations where developers have created “stuff” on production machines and then left the company. The problem then becomes interesting if that code does not work with an up dated version of the software say wordpress, drupal or the operating system.

Urban dross

Your then in a situation (if the machine is a web server or open and available on the net) where about the only thing you can do is lock down the firewall and harden the old un patched OS and hope that no one finds a way in / attacks the machine.

It’s always good to have at least 2 people who understand custom code in any company especially if you have a number of web servers to mange. But even then re building something and re creating that functionality is not always easy – and management need to be aware of the fact that this will take time and cost money.


So if that keen shiny developer comes along one day promising you a widget that will sell your own grandmother and only cost you a few hundred bucks worth of con-sultan fees, my advice is to run screaming from the room.

The up shot I’m trying to put to you? Have the ability to own your own code – because if you don’t and if it gets hacked or is found to be vulnerable it’s going to cost you!

A simple approach is best – easier management and long term savings.