NTP reflected ddos list and iptables ruleset

Just a list if you are looking to build your own botnet out of servers badly managed running unsecure NTP daemon installations that can be exploited to deliver reflected ddos attacks.

iptables filtering ruleset (when not running an ntp daemon)

iptables -t raw -I PREROUTING -p udp --dport 123 -j DROP

870 hosts totalling 2.5gbit/sec, full list follows

Continue reading “NTP reflected ddos list and iptables ruleset”

Google cloud SQL – adding a new user with GRANT privilege

Google cloud sql does not support the

GRANT ALL PRIVILEGES on * . *

command…

in order to create a new user with (almost) all the privileges access the cloud sql console and run these commands:

CREATE USER 'newuser'@'%' IDENTIFIED BY 'newpassword';
GRANT ALL ON `%`.* TO 'newuser'@'%' IDENTIFIED BY 'newpassword';

Those will create a user named “newuser” with password “newpassword” able to connect from every host and able to create new users while granting them access to other databases

Convert Prestashop tables from mysisam to innodb using phpmyadmin

First run this query replacing databasetoconvert with the database name you want to convert

SELECT CONCAT('ALTER TABLE ', table_name, ' ENGINE=InnoDB;') AS sql_statements 
FROM information_schema.tables AS tb 
WHERE table_schema = 'databasetoconvert' 
AND `ENGINE` = 'MyISAM' 
AND `TABLE_TYPE` = 'BASE TABLE' 
ORDER BY table_name DESC LIMIT 0, 10000 ;

then copy the output and run it again against the database you want to convert

whmcs {php}base64decode tickets

create a .php file with this content:

<?php 
$checkvars = array('subject','message'); 
foreach ($checkvars AS $checkvar){
	if(strpos($_REQUEST[$checkvar],'{php}') !== false){
		header('Location: http://www.interpol.int/');
		die('now'); 
		exit;
	}
}
?>

and place it into whmcs /includes/hooks/ directory

Processing mysql dumps in hurry (convert single insert to extended insert)

Most time there’s little time, sometime there’s NO TIME!

A few days ago I had no time, and had to manipulate a badly exported database (2million+ single myisam insert statements) tuning mysqld was useless, insert delayed useless, increasing buffers useless… and so on… import was taking hours (many hours) on the target box due to impressively high disk io!

So I just fired up a vmware instance with 32gb of ram, 10gb hdd and 8cpu cores (of a xeon L56xx) and did everything in ram.
What was going to take hours on the target box took just 2minutes on the vmware instance…
Then I did a proper “mysqldump –opt” and imported it back into the target box in just 20seconds 😀

yum upgrade -y
wget -q -O - http://www.atomicorp.com/installers/atomic | sh
mkdir -p /var/lib/mysql && mount -v -t tmpfs -o size=24G none /var/lib/mysql
yum install mysql mysql-server -y
nano -w /etc/my.cnf

tune it up a little, in my case

thread_concurrency=16

was enough 🙂

service mysqld restart
mysql_secure_installation

and you are good to go!

import the bad export and after that export it making use of all the proper settings (extended queries, locking and so on) … –opt handles all of them by default 🙂

So yes… sometime I make use of “the cloud” too :O

PS: I do the same (storage on ramdisk) when I’ve to compile a linux kernel.

wget ftp download specific directory content – no recursion

This one command allows you to download the content of a directory to a local directory without doing recuirsive searches

wget -np -N --cut-dirs=1 -A .dem ftp://user:password@host.tld/tf2/orangebox/tf/*

specifically this one downloads all the “.dem” (-A .dem) (team fortress demo files) located into the remote “/tf2/orangebox/tf/” directory.
Files are saved into the current directory (–cut-dirs=1)

Additionally it makes use of timestamping (-N) in order to not download already existing files when doing a subsequent run.

Map a network – PTR / reverse DNS values [php]

<?PHP
 
$start = '149.3.176.1';
$end = '149.3.177.254';
 
$first_ip = ip2long($start);
$last_ip = ip2long($end);
$current_ip = ip2long($start);
 
if($last_ip <= $first_ip){
	die('I saved you from an infinite loop.');
	exit;
}
 
echo "IP\t\tREVERSE\n";
while ($current_ip < $last_ip){
	echo long2ip($current_ip)."\t\t".gethostbyaddr(long2ip($current_ip))."\n";
	$current_ip++;
}
 
?>

Telecom Italia making use of ARIN / AT&T networks for internal private routing

C:\Users\Marco>tracert -w 100  172.15.5.233
 
Traccia instradamento verso 172.15.5.233 su un massimo di 30 punti di passaggio
 
  1    &lt;1 ms    &lt;1 ms    &lt;1 ms  internet.gateway [192.168.0.200]
  2     *        *        *     Richiesta scaduta.
  3     9 ms     9 ms     9 ms  172.17.81.21
  4     9 ms     9 ms    10 ms  172.17.80.9
  5    18 ms    19 ms    20 ms  172.17.6.181
  6    17 ms    15 ms    15 ms  172.15.5.233
 
Traccia completata.

More amusing traceroutes can be seen here:
https://www.google.it/search?q=telecom+italia+tracert+”172.15.5.233″

NetRange:       172.0.0.0 - 172.15.255.255
CIDR:           172.0.0.0/12
OriginAS:       AS7132
NetName:        SIS-80-8-2012
NetHandle:      NET-172-0-0-0-1
Parent:         NET-172-0-0-0-0
NetType:        Direct Allocation
RegDate:        2012-08-20
Updated:        2012-08-20
Ref:            http://whois.arin.net/rest/net/NET-172-0-0-0-1

Are they aware that only 172.16.0.0/12 is reserved for private use and not the whole 172/8 as per RFC1918?

You are copying the bad things of fastweb… We want FTTH connections not RFC violations!

Continue reading “Telecom Italia making use of ARIN / AT&T networks for internal private routing”