Gustavo Adolfo Arellano

Recon-ng es una poderosa herramienta, la cual permite realizar recopilación de información y reconocimiento de objetivos en la red de manera automática y simple.

En este post instalo recon-ng, pero DOCKERIZADO y luego hago algunos experimentos con el.

Crear un servidor ubuntu en AWS con la llave de initial-pruebas.pem (t3-xlarge)
ssh -i initial-pruebas.pen ubuntu@192.168.100.10


sudo sh -c "echo 'LC_ALL=en_US.UTF-8\nLANG=en_US.UTF-8' >> /etc/environment"
sudo apt-get update
wget -qO- https://get.docker.com/ | sh
sudo gpasswd -a ${USER} docker
exit


ssh -i initial-pruebas.pen ubuntu@192.168.100.10

docker info
mkdir -p /home/ubuntu/ceh/data
cd ceh
chmod 777 data
git clone https://github.com/znb/Docker.git
docker run -d -p 80:80 -v /home/ubuntu/ceh/data:/usr/share/nginx/html nginx
cd Docker/Recon-ng
docker build . -t recon-ng
docker run --rm -ti -v /home/ubuntu/ceh/data:/data  recon-ng

********************** 12 *********************
show modules
help
shell ls /opt/recon-ng
workspaces
workspaces list
workspaces add Goose
workspaces list
add domains certifiedhacker.com
show domains
search netcraft
load recon/domains-hosts/netcraft
run
load bing
load recon/domains-hosts/bing_domain_web
load brute
load recon/domains-hosts/brute_hosts
load reverse
load recon/hosts-hosts/reverse_resolve
run
show hosts
load reporting
load reporting/html
show options
shell ls /opt/recon-ng/.recon-ng/workspaces/Goose
set CREATOR Gustavo Adolfo Arellano Sandoval
set CUSTOMER itera
show options
run
shell ls /opt/recon-ng/.recon-ng/workspaces/Goose
shell cat  /opt/recon-ng/.recon-ng/workspaces/Goose/results.html | grep Gusta
********************** 13 *********************
workspaces list
workspaces add reconnaissance
add domains facebook.com

load whois
load recon/domains-contacts/whois_pocs
show info
show options
set SOURCE facebook.com
run
back
load recon/profiles-profiles/namechk
set SOURCE MarkZuckerberg
run
back
load profil
load recon/profiles-profiles/profiler
set SOURCE MarkZuckerberg
run
back
load repo
load reporting/html
set CREATOR Goose
set CUSTOMER Tavo
shell ls /opt/recon-ng/.recon-ng/workspaces/Tavo
run
shell ls /opt/recon-ng/.recon-ng/workspaces/Tavo
shell cat /opt/recon-ng/.recon-ng/workspaces/Tavo/results.html | grep Goose
shell cp /opt/recon-ng/.recon-ng/workspaces/default/results.html /data
exit
********************** 13 *********************
check http://192.168.100.10/results.html

Supongamos que mi amigo me ha dado su dirección BTC de depósito, que dicho sea de paso, es pública

1JjzZ4jV7DofjBrpResHNVAM2neyHbgrNj

1) Crear una nueva transaccion

bitcoin-cli createrawtransaction '[]' '{"1JjzZ4jV7DofjBrpResHNVAM2neyHbgrNj": 0.0025}'

response:

02000000000190d00300000000001976a914c29ba6c282f49e27a62c2b4b20db49b6f6f1bff088ad00000000

2) Fondear la transaccion creada

bitcoin-cli fundrawtransaction 02000000000190d00300000000001976a914c29ba6c282f49e27a62c2b4b20db49b6f6f1bff088ad00000000 '{"changeAddress": "1FxheDG9WGFWqZNx1iYdUjzrUwXpMm1Tbm"}'

response:

{
  "hex": "02000000019765371867474687d56c80309796eef78da477be4159fd7eeddbd1d9e70290a10100000000feffffff0290d00300000000001976a914c29ba6c282f49e27a62c2b4b20db49b6f6f1bff088ac91380200000000001976a914a41a90937a12d31015d534deba4bcd22fdd4572e88ad00000000",
  "changepos": 1,
  "fee": 0.00001141
}

3) Firmar la transaccion firmada

bitcoin-cli signrawtransaction 02000000019765371867474687d56c80309796eef78da477be4159fd7eeddbd1d9e70290a10100000000feffffff0290d00300000000001976a914c29ba6c282f49e27a62c2b4b20db49b6f6f1bff088ac91380200000000001976a914a41a90937a12d31015d534deba4bcd22fdd4572e88ad00000000

response:

{
  "hex": "02000000019765371867474687d56c80309796eef78da477be4159fd7eeddbd1d9e70290a1010000006a4730440220108f6e4023a005ad06ea970f24974157064448cf0b06711857ecba6ff8ee288602202bda4122ea4fddb5668f5a4a4f6971ca14d43f95d8524b88a06c5b540dab841f0121027326b49fd65f9ef1fa6d6e77fa1c9da01914d7acc7e38aa2d8e521480fd18b91feffffff0290d00300000000001976a914c29ba6c282f49e27a62c2b4b20db49b6f6f1bff088ac91380200000000001976a914a41a90937a12d31015d534deba4bcd22fdd4572e88ad00000000",
  "complete": true
}

4) Enviar la transaccion firmada

bitcoin-cli sendrawtransaction 02000000019765371867474687d56c80309796eef78da477be4159fd7eeddbd1d9e70290a1010000006a4730440220108f6e4023a005ad06ea970f24974157064448cf0b06711857ecba6ff8ee288602202bda4122ea4fddb5668f5a4a4f6971ca14d43f95d8524b88a06c5b540dab841f0121027326b49fd65f9ef1fa6d6e77fa1c9da01914d7acc7e38aa2d8e521480fd18b91feffffff0290d00300000000001976a914c29ba6c282f49e27a62c2b4b20db49b6f6f1bff088ac91380200000000001976a914a41a90937a12d31015d534deba4bcd22fdd4572e88ad00000000

response:

c66c42320de78bf7437d1be4d31eb58069aa5d568ce628ab0d7ea04751123dd5

Checar status en

https://blockchain.info
Usando la dirección de depósito inicial: 1JjzZ4jV7DofjBrpResHNVAM2neyHbgrNj

Nota Importante:

Si el BTC está a 200k, entonces el “fee” de 0.00001141 es aproximadamente 2 pesos con 30 centavos.
Eso fue lo que me costó mandar 0.0025 btc = 500 pesitos de mi cartera a otra cartera

Este post está dedicado a ejemplificar cómo logré automatizar la creación de instancias de EC2 con un script Ansible.

Primeramente, realicemos algunas actividades de rutina:

    1  sudo nano /etc/hosts
    2  sudo sh -c "echo 'LC_ALL=en_US.UTF-8\nLANG=en_US.UTF-8' >> /etc/environment"
    3  sudo apt-get update 
    4  sudo apt-get install ansible
    5  sudo apt-get install python-pip
    6  pip install -U boto
    7  nano  ~/.boto

El archivo .boto debe contener la access_key_id y la secret_access_key obtenidas de AWS y terminará viéndose mas o menos asi:

[Credentials]
aws_access_key_id = AK1AK3KG3SWPY67RTHIQ
aws_secret_access_key =  TbYfgMzkXb35vyZG6EfgUk62gP425vF8XgAbZ1M+    

Favor de usar SUS PROPIAS credenciales, ya que las que puse NO son reales.

El archivo ~/.ansible.cfg debe contener lo siguiente:

[defaults]
host_key_checking = False    

Ahora, vamos a crear un directorio llamado asi: /home/gustavo/prueba-ansible-aws/ con el siguiente contenido:

.
|-- ec2_vars
|   `-- webservers.yml
|-- meta.pem
|-- provision-ec2.yml
`-- roles
    `-- provision-ec2
        `-- tasks
            |-- main-original.yml
            `-- main.yml    

El archivo ec2_vars/webservers.yml se debe ver asi:

ec2_keypair: "meta"
ec2_security_group: "sg-fbb77f8b"
ec2_instance_type: "t2.micro"
ec2_image: "ami-40d28157"
ec2_subnet_ids: ['subnet-9fa80ce9','subnet-390df813']
ec2_region: "us-east-1"
ec2_tag_Name: "Webserver"
ec2_tag_Type: "webserver"
ec2_tag_Environment: "production"
ec2_volume_size: 16

Usar sus propios datos, ya que estos son sólo de prueba.

El archivo provision-ec2.yml se debe ver asi:

---
 - hosts: localhost
   connection: local
   gather_facts: false
   user: root
   pre_tasks:
    - include_vars: ec2_vars/{{type}}.yml
   roles:
    - provision-ec2

 - hosts: launched
   name: Pre-instalaciones... Incluye Python y variables de lenguaje
   gather_facts: false
   pre_tasks:
     - raw: sudo sh -c "echo 'LC_ALL=en_US.UTF-8\nLANG=en_US.UTF-8' >> /etc/environment"
     - raw: sudo apt-get update 
     - raw: sudo apt-get -y install python
     - raw: wget -qO- https://get.docker.com/ | sh   
     - raw: sudo gpasswd -a ubuntu docker

 - hosts: launched
   name: Instalando Servidor de Apache
   gather_facts: true
   user: ubuntu
   sudo: yes
   tasks:
     - name: Install apache2
       apt: name=apache2 state=latest
     - raw: docker pull gustavoarellano/jdk18

Los tasks que mandé ejecutar remotamente pueden ser otros.
Yo, a manera de ejemplo, instalé doker, apache y bajé una imagen de docker que tiene java 1.8

El archivo roles/provision-ec2/tasks/main.yml se debe ver así:

---
 - name: Provision EC2 Box
   local_action:
     module: ec2
     key_name: "{{ ec2_keypair }}"
     group_id: "{{ ec2_security_group }}"
     instance_type: "{{ ec2_instance_type }}"
     image: "{{ ec2_image }}"
     vpc_subnet_id: "{{ ec2_subnet_ids|random }}"
     region: "{{ ec2_region }}"
     instance_tags: '{"Name":"{{ec2_tag_Name}}","Type":"{{ec2_tag_Type}}","Environment":"{{ec2_tag_Environment}}"}'
     assign_public_ip: yes
     wait: true
     count: 1
     volumes:
     - device_name: /dev/sda1
       device_type: gp2
       volume_size: "{{ ec2_volume_size }}"
       delete_on_termination: true
   register: ec2

 - debug: var=item
   with_items: ec2.instances

 - add_host: hostname={{ item.public_ip }} groupname=launched 
   with_items: ec2.instances

 - name: Wait for the instances to boot by checking the ssh port
   wait_for: host={{item.public_ip}} port=22 delay=60 timeout=320 state=started
   with_items: ec2.instances     

Y listo !!!!!
Ya podemos correr nuestro playbook de esta manera:

ansible-playbook -vv -i localhost, -e "type=webservers" provision-ec2.yml

Por cierto, es posible usar 4 “v” asi: -vvvv para obtener mas info.

Cheers,
Gus

Go Immutable,
Go Serverless,
Go Stateless,
Go Single thread,
Go Fail Fast,
Be Agile

=>

Get HA, (Load Balancing, Fault Tolerance, Resiliency)
Get Elastic Grow, (High Scalability)
Get Distributed Deploy,
Get Modularity,
Get Infrastructure Usage Optimization


docker run -d -p 6666:1521 -p 8181:81 -v /home/ubuntu/h2-store:/opt/h2-data --name=H2Instance oscarfonts/h2

Que fácil, NO?

Esta secuencia es la requerida para instalar java 8 manualmente:

mkdir /home/ubuntu/tempporal
cd /home/ubuntu/temporal


wget http://gustavo-arellano.com/jdk-8u121-linux-x64.gz
tar -xzvf jdk-8u121-linux-x64.gz
sudo mkdir /usr/java
sudo mv jdk1.8.0_121 /usr/java/
cd /usr/java/
sudo ln -s jdk1.8.0_121 current
sudo update-alternatives --install "/usr/bin/java" "java" "/usr/java/current/bin/java" 1
sudo update-alternatives --install "/usr/bin/javac" "javac" "/usr/java/current/bin/javac" 1


cd /home/ubuntu/temporal


wget http://www-us.apache.org/dist/maven/maven-3/3.3.9/binaries/apache-maven-3.3.9-bin.tar.gz
tar -xzvf apache-maven-3.3.9-bin.tar.gz
sudo mkdir /usr/maven
sudo mv apache-maven-3.3.9 /usr/maven/
cd /usr/maven/
sudo ln -s apache-maven-3.3.9 current
sudo update-alternatives --install "/usr/bin/mvn" "mvn" "/usr/maven/current/bin/mvn" 1


cd /home/ubuntu/
java -version
javac -version
mvn -version

Cheers,
Goose

Contenedor Docker para Jomla

docker run -v /home/ec2-user/temporal:/var/www/html -p 10003:80 -e JOOMLA_DB_HOST=54.205.148.178:3306 -e JOOMLA_DB_USER=garellano -e JOOMLA_DB_PASSWORD=secreto -d gustavoarellano/joomla-1

Los siguientes comandos fueron probados únicamente en UBUNTU 16.10:

openssl genpkey -algorithm RSA -out rafaCA.key -pkeyopt rsa_keygen_bits:1024
(genera rafaCA.key —> que es la llave privada)

openssl rsa -pubout -in rafaCA.key -out rafaCA.pem
(con rafaCA.key genera rafaCA.pem —> que es la llave pública)

openssl req -key rafaCA.key -new -out rafaCA.csr
(con rafaCA.key genera rafaCA.csr —> Request del certificado… Este paso no es realmente necesario para efectuar el siguiente)

openssl req -key rafaCA.key -new -x509 -days 365 -out rafaCA.crt
(con rafaCA.key genera rafaCA.crt —> Certificado)

Lo anterior genera los siguientes 4 archivos.
Los importantes son: .key, .pem y .crt

Listo !!!!

Cheers,
Goose

PD
También me ha servido: (y creo que mas)
openssl req -new > llave.csr
openssl rsa -in privkey.pem -out llave.key
openssl x509 -in llave.csr -out llave.cer -req -signkey llave.key -days 1001

When asking a question about a problem caused by your code, you will get much better answers if you provide code people can use to reproduce the problem. That code should be…

…Minimal – Use as little code as possible that still produces the same problem
…Complete – Provide all parts needed to reproduce the problem
…Verifiable – Test the code you’re about to provide to make sure it reproduces the problem

Minimal

The more code there is to go through, the less likely people can find your problem. Streamline your example in one of two ways:

Restart from scratch. Create a new program, adding in only what is needed to see the problem. This can be faster for vast systems where you think you already know the source of the problem. Also useful if you can’t post the original code publicly for legal or ethical reasons.
Divide and conquer. When you have a small amount of code, but the source of the problem is entirely unclear, start removing code a bit at a time until the problem disappears – then add the last part back.

Minimal and readable

Minimal does not mean terse – don’t sacrifice communication to brevity. Use consistent naming and indentation, and include comments if needed to explain portions of the code. Most code editors have a shortcut for formatting code – find it, and use it! Also, don’t use tabs – they may look good in your editor, but they’ll just make a mess on Stack Overflow.
Complete

Make sure all information necessary to reproduce the problem is included:

Some people might be prepared to load the parts up, and actually try them to test the answer they’re about to post.
The problem might not be in the part you suspect it is, but another part entirely.

If the problem requires some server-side code as well as an XML-based configuration file, include them both. If a web page problem requires HTML, some JavaScript and a stylesheet, include all three.
Verifiable

To help you solve your problem, others will need to verify that it exists:

Describe the problem. “It doesn’t work” is not a problem statement. Tell us what the expected behavior should be. Tell us what the exact wording of the error message is, and which line of code is producing it. Put a brief summary of the problem in the title of your question.

Eliminate any issues that aren’t relevant to the problem. If your question isn’t about a compiler error, ensure that there are no compile-time errors. Use a program such as JSLint to validate interpreted languages. Validate any HTML or XML.

Ensure that the example actually reproduces the problem! If you inadvertently fixed the problem while composing the example but didn’t test it again, you’d want to know that before asking someone else to help.

It might help to shut the system down and restart it, or transport the example to a fresh machine to confirm it really does provide an example of the problem.

mvn archetype:generate -B \
	-DarchetypeGroupId=mx.com.metasoft \
	-DarchetypeArtifactId=skeleton-archetype \
	-DarchetypeVersion=2.0.17-RELEASE \
	-DarchetypeRepository=http://52.91.168.238:8081/repository/maven-releases \
	-DgroupId=uk.org.queen \
	-DartifactId=king \
	-Dversion=0.0.1-SNAPSHOT \
	-Dpackage=uk.org.queen.king
© 2019 Goose Workshop Suffusion theme by Sayontan Sinha