Syma - X8HW

Regalo di Natale Graditissimo!!!

Un bellissimo Syma X8HW.

Il mio primo drone è stato un syma e questo regalato da Cinzia dimostra come si sono evoluti negli ultimi 4 anni. Abbiamo una stabilità per i filmati ottima, è quasi impossibile schiantarlo per una manovra sbagliata facendolo ribaltare in aria. La stabilità data dalle dimensioni delle eliche e dalle dimensioni è formidabile, certo non è paragonabile ad un 250 da race ma per filmati da molta affidabilità paragonata al prezzo.

Ecco un video fresco fresco...

Il mantenimento dell'altitudine è buono, essendo molto leggero una bava di vento laterale lo rende meno manovrabile e meno stabile. A mio parere per panoramiche a 360 gradi è utile usarlo in assenza di vento per avere un discorso di stabilità laterale.

WpScan - Trovare le criticità del vostro blog in Wordpress

Stavo cercando un tool per analizzare le criticità esposte di un Wordpress.
Cosa di meglio di WpScan compreso nella distribuzione linux Kali...
I risultati sono stupefacenti quanto paurosi....

	root@kali:/usr/share/wordlists# wpscan --url www.<site>.com --enumerate u
	_______________________________________________________________
	__ _______ _____
	\ \ / / __ \ / ____|
	\ \ /\ / /| |__) | (___ ___ __ _ _ __
	\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
	\ /\ / | | ____) | (__| (_| | | | |
	\/ \/ |_| |_____/ \___|\__,_|_| |_|
	WordPress Security Scanner by the WPScan Team
	Version 2.9.1
	Sponsored by Sucuri - https://sucuri.net
	@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
	_______________________________________________________________
	[+] URL: http://www.<site>.com/
	[+] Started: Wed Aug 17 10:53:20 2016
	[+] robots.txt available under: 'http://www.<site>.com/robots.txt'
	[+] Interesting entry from robots.txt: *
	[+] Interesting entry from robots.txt: http://www.<site>.com/$
	[+] Interesting entry from robots.txt: http://www.<site>.com/page/*/$
	[+] Interesting entry from robots.txt: http://www.<site>.com/wp-content/sitemaps/sitemap-news.xml
	[+] Interesting header: SERVER: Apache/2.2.22 (Debian)
	[+] Interesting header: X-POWERED-BY: PHP/5.4.39-0+deb7u1
	[+] This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)
	[i] WordPress version can not be detected
	[+] Enumerating plugins from passive detection ...
	[+] Name: contact-form-7
	| Latest version: 4.4.2
	| Location: http://www.<site>.com/wp-content/plugins/contact-form-7/
	[!] We could not determine a version so all vulnerabilities are printed out
	[!] Title: Contact Form 7 <= 3.7.1 - Security Bypass Vulnerability
	Reference: https://wpvulndb.com/vulnerabilities/7020
	Reference: http://www.securityfocus.com/bid/66381/
	Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2265
	[i] Fixed in: 3.7.2
	[!] Title: Contact Form 7 <= 3.5.2 - File Upload Remote Code Execution
	Reference: https://wpvulndb.com/vulnerabilities/7022
	Reference: http://packetstormsecurity.com/files/124154/
	[i] Fixed in: 3.5.3
	[+] Name: dynamic-cookie-blocker
	| Location: http://www.<site>.com/wp-content/plugins/dynamic-cookie-blocker/
	[+] Name: simple-share-buttons-adder
	| Latest version: 6.1.5
	| Location: http://www.<site>.com/wp-content/plugins/simple-share-buttons-adder/
	[!] We could not determine a version so all vulnerabilities are printed out
	[!] Title: Simple Share Buttons Adder 4.4 - options-general.php Multiple Admin Actions CSRF
	Reference: https://wpvulndb.com/vulnerabilities/6045
	Reference: https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/
	Reference: http://packetstormsecurity.com/files/127238/
	Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4717
	Reference: https://www.exploit-db.com/exploits/33896/
	[i] Fixed in: 4.5
	[!] Title: Simple Share Buttons Adder 4.4 - options-general.php ssba_share_text Parameter Stored XSS Weakness
	Reference: https://wpvulndb.com/vulnerabilities/6046
	Reference: https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/
	Reference: http://packetstormsecurity.com/files/127238/
	Reference: https://www.exploit-db.com/exploits/33896/
	[i] Fixed in: 4.5
	[!] Title: Simple Share Buttons Adder <= 6.0.0 - Reflected Cross-Site Scripting (XSS)
	Reference: https://wpvulndb.com/vulnerabilities/8021
	Reference: https://wordpress.org/plugins/simple-share-buttons-adder/
	[i] Fixed in: 6.0.1
	[+] Name: w3-total-cache - v0.9.4.1
	| Latest version: 0.9.4.1 (up to date)
	| Location: http://www.<site>.com/wp-content/plugins/w3-total-cache/
	| Readme: http://www.<site>.com/wp-content/plugins/w3-total-cache/readme.txt
	| Changelog: http://www.<site>.com/wp-content/plugins/w3-total-cache/changelog.txt
	[+] Enumerating usernames ...
	[+] Identified the following 8 user/s:
	+----+---------------------+----------------+
	| Id | Login | Name |
	+----+---------------------+----------------+
	| 1 | username1 | |
	| 2 | username2 | |
	| 5 | username3 | |
	| 6 | username4 | |
	+----+---------------------+----------------+
	[+] Finished: Wed Aug 17 10:56:47 2016
	[+] Requests Done: 77
	[+] Memory used: 38.652 MB
	[+] Elapsed time: 00:03:27

view raw wpscan.log hosted with ❤ by GitHub

Bilanciare due Tomcat con apache 2.4

Capita spesso di dover realizzare un servizio session-less che punti a due o più nodi di tomcat pilotati da un classico balancer di apache2.

Ecco l'esperimento su una macchina virtuale.

	#su una Ubuntu 15.04 server
	##Install java 8
	sudo add-apt-repository ppa:webupd8team/java
	sudo apt-get update
	sudo apt-get install oracle-java8-installer
	sudo apt-get install oracle-java8-set-default
	##Verificare se è dispinibile la versione 2.4 di apache
	sudo apt-get -s install apache2
	##se disponibile
	sudo apt-get install apache2
	##start apache2
	sudo /etc/init.d/apache2 start
	##test via browser
	http://192.168.1.13/
	##Tomcat 8
	##nuovo utente Tomcat
	sudo adduser --system --shell /bin/bash --gecos 'Tomcat Java Servlet and JSP engine' --group --disabled-password --home /home/tomcat tomcat
	##download tomcat 8
	cd /opt/
	sudo wget http://mirror.nohup.it/apache/tomcat/tomcat-8/v8.0.32/bin/apache-tomcat-8.0.32.zip
	sudo unzip apache-tomcat-8.0.32.zip
	sudo chown -R tomcat:tomcat apache-tomcat*
	cd apache-tomcat-8.0.32/bin
	sudo chmod +x *.sh
	##edit file on conf/tomcat-user.xml
	<role rolename="manager-gui"/>
	<role rolename="manager-script"/>
	<role rolename="manager-jmx"/>
	<role rolename="manager-status"/>
	<user username="tomcat" password="tomcat" roles="manager-gui,manager-script,manager-jmx,manager-status"/>
	##move folder to *_NODE1
	mv apache-tomcat-8.0.32 apache-tomcat-8.0.32_NODE1
	##create 2 tomcat node, clone folder
	cp -a apache-tomcat-8.0.32_NODE1 apache-tomcat-8.0.32_NODE2
	##edit apache-tomcat-8.0.32_NODE2/conf/server.xml
	modify <Connector port="8080" protocol="HTTP/1.1"...
	to <Connector port="8081" protocol="HTTP/1.1"
	##test tomcat
	#switch to tomat user
	sudo chown -R tomcat:tomcat apache-tomcat*
	sudo su - tomcat
	/opt/apache-tomcat-8.0.32_NODE1/bin/startup.sh
	/opt/apache-tomcat-8.0.32_NODE2/bin/startup.sh
	##via browser
	http://192.168.1.13:8080/
	http://192.168.1.13:8081/
	##tomcat manager
	usr:tomcat
	pwd: tomcat
	http://192.168.1.13:8080/manager/html
	http://192.168.1.13:8081/manager/html
	##test page
	http://192.168.1.13:8080/examples/jsp/jsp2/simpletag/hello.jsp
	http://192.168.1.13:8081/examples/jsp/jsp2/simpletag/hello.jsp
	##create sample page test
	apache-tomcat-8.0.32_NODE2/webapps/examples/balancer.html
	with:
	<html>
	<body>
	<h1>NODE 2</h2>
	</body>
	</html>
	##and
	apache-tomcat-8.0.32_NODE1/webapps/examples/balancer.html
	with:
	<html>
	<body>
	<h1>NODE 1</h1>
	</body>
	</html>
	##test it:
	http://192.168.1.13:8081/examples/balancer.html
	http://192.168.1.13:8080/examples/balancer.html
	##edit apache2conf
	edit /etc/apache2/sites-available/001-test-balance.conf
	<VirtualHost *:80>
	ServerName test.bal
	<Proxy "balancer://mybal">
	BalancerMember "http://127.0.0.1:8080"
	BalancerMember "http://127.0.0.1:8081"
	</Proxy>
	ProxyPass "/" "balancer://mybal/examples/"
	ProxyPassReverse "/" "balancer://mybal/examples/"
	ErrorLog ${APACHE_LOG_DIR}/balancer_error.log
	CustomLog ${APACHE_LOG_DIR}/balancer_access.log combined
	</VirtualHost>
	sudo a2ensite 001-test-balance.conf
	sudo a2dissite 000-default.conf
	sudo a2insmod proxy_http
	sudo a2insmid lbmethod_byrequests
	sudo a2insmid proxy_balancer
	sudo apache2ctl restart
	##edit server virtual hosts
	sudo joe /etc/hosts
	##add
	127.0.0.1 test.bal
	##edit local client virtual hosts
	192.168.1.13 test.bal
	test from browser
	http://test.bal//balancer.html
	or
	http://192.168.1.13/balancer.html

view raw test_balancer_with_tomcat.txt hosted with ❤ by GitHub

MongoDB - Backup di grandi db

Nasce, molte volte, il problema di eseguire un backup su una grande mole di dati.

Uno dei modi possibili (vedi doc) è prendere i file dei db di mongo e semplicemente copiarli.

Il nostro problema nasce che non tutti i db devono essere backuppati per essere ribaltati, e il nome dei file di archivio di mongo non sono parlanti.

Una soluzione e configurare ogni db in una singola cartella con i parametri di configurazione

storage.directoryPerDB

un'altro parametro ottimo è:

storage.wiredTiger.engineConfig.directoryForIndexes

i db vengono archiviati in cartelle separate e divisi in due cartelle collections e index così eventualmente in fase di copia dei dati è possibile escludere le folder degli indici risparmiando spazio e tempo.

Questa configurazione necessita di un mongodump e un mongorestore. In caso di ReplicaSet basta fermare il primario, svuotare le cartelle, cambiare le conf e attendere che si replichi con il secondario che è diventato primario. Al termine il primario diventa nuovamente secondario e viceversa.

MongoDB version 3.0.7

MongoDB - Script to Delete all collection with exclusion

Semplice script per eliminare tutte le collection di un db ad esclusione di una lista di collection.

	function deleteAllCollection(dbName,excludeCollection){
	var dbOne = db.getSisterDB(dbName);
	for(var colName in dbOne.getCollectionNames()){
	var collectionName = dbOne.getCollectionNames()[colName];
	if(!collectionName || collectionName == "")
	continue;
	if(excludeCollection.indexOf(collectionName) > -1)
	continue;
	dbOne[collectionName].drop();
	};
	};
	deleteAllCollection("<dbName>",["<exclude_col_name_1>","<exclude_col_name_2>","<exclude_col_name_N>"]]);
	//run with
	// mongo --host <host_name> --port <port_name> DropCollectionInDB.js

view raw DropCollectionInDB.js hosted with ❤ by GitHub

MongoDB - Script per eseguire una purge di dati dalle varie collection di log

Capita alle volte di voler svuotare delle collection che contengo informazioni di log.

Questo script partendo dal nome del server ricerca tutti i db che iniziano con un certo nome, cicla tutte le collection (ad esclusione di quelle specificate), esegue una query per conteggiare i record che devono essere eliminati e poi elimina in base al numero di giorni che vogliamo mantenere sui log a partire da oggi.

Il campo di controllo di data è chiamato ts.

	/*
	la funzioanlità ricerca nel server tutti i db like <db_like_name> e per ogni collecion presente nel singolo db
	esegue una eliminazione per spurgare i log.
	per eseguire lo script
	./mongo --host <indirizzo_host> --port <porta> PurgeLogCollection.js --quiet --eval "var deleteData=false;var beforePurgeDay=200;"
	parametri in eval
	deleteDate = true|false (se false visualizza solo questo che dovrà fare senza eliminare default false)
	beforePurgeDay = indica i giorni indietro da oggi che deve eliminare, default 365.
	*/
	//set to True to enable DEBUG
	var debug = false;
	//name db inde of
	var dbNameIndexOf = "<db_like_name>";
	//Collection to exclude
	var excludeCollection = ['local','<collection_name_to_eclude_tio_purge>'];
	if(!deleteData)
	var deleteData = false;
	if(typeof(db) === 'undefined' || !db){
	print('ERROR --> specify serve name --host <host> --port <port>');
	quit(1);
	}
	if(typeof(beforePurgeDay) === 'undefined' || !beforePurgeDay){
	var beforePurgeDay = 365;
	print('INFO --> set default beforePurgeDay = ' + beforePurgeDay + ' to change add var beforePurgeDay=200; to eval');
	}
	function print_debug(pretext, text){
	if(!debug)
	return;
	if(text === 'object' || typeof text === 'object' || text === '[object Object]')
	print(pretext + "==>" + JSON.stringify(text));
	else
	print(pretext + "==>" + text);
	}//print_debug(pretext, text)
	function convertDate(d) {
	function pad(s) {
	return (s < 10) ? '0' + s : s;
	}
	return [pad(d.getDate()), pad(d.getMonth()+1), d.getFullYear()].join('/');
	}//convertDate(d)
	if(!deleteData){
	print("****************************************************");
	print("****************************************************");
	print("DEBUG IS ENABLE NO DELETE DATA");
	print('to remove DEBUG use --eval "var deleteData=true"')
	print("****************************************************");
	print("****************************************************");
	print("****************************************************");
	}//if(!deleteData)
	for(name in db.getMongo().getDBNames()){
	var dbName = db.getMongo().getDBNames()[name];
	if(dbName.indexOf(dbNameIndexOf) === -1){
	print("db " + dbName + " is not a " + dbNameIndexOf);
	continue;
	}//if(dbName.indexOf(dbNameIndexOf) === -1)
	var dbObj = db.getSisterDB(dbName);
	for(var colName in dbObj.getCollectionNames()){
	var collectionName = dbObj.getCollectionNames()[colName];
	if(excludeCollection.indexOf(collectionName) > -1)
	continue;
	print("DB Name => " + dbName);
	print("collection Name => " + collectionName);
	print("start analyze...");
	var coll = dbObj[collectionName];
	var maxminDateAggregate = coll.aggregate([ {$group: {_id:"1",max:{$max:"$ts"}, min:{$min:"$ts"} } } ]);
	print_debug("DEBUG",maxminDateAggregate);
	var dateMin = maxminDateAggregate.toArray()[0].min;
	var dateMax = maxminDateAggregate.toArray()[0].max;
	print_debug("DEBUG dateMax",dateMax);
	var deleteFrom = new Date();
	deleteFrom.setDate(dateMax.getDate()-beforePurgeDay);
	print_debug("DEBUG deleteFrom ",deleteFrom);
	print("Max Date in log => " + convertDate(dateMax));
	print("Delete all before day: -" + beforePurgeDay);
	print("Delete ==> from " + convertDate(dateMin) + " to " + convertDate(deleteFrom));
	var query = {"ts" : {"$lte" : deleteFrom }};
	print_debug("DEBUG query to delete: ",query);
	var count = coll.count(query);
	print("Tot to delete => " + count);
	if(deleteData){
	var start = new Date().getTime();
	print("running...");
	var result = coll.remove(query);
	print("RESULT ==>", result);
	var end = new Date().getTime();
	var time = end - start;
	print("Tot time => " + time);
	}//if(deleteData)
	}//for(var colName in dbObj.getCollectionNames())
	}//for(name in db.getMongo().getDBNames())

view raw PurgeLogCollection.js hosted with ❤ by GitHub

MongoDB - Migrazione da ReplicaSet a Singolo Nodo

Alle volte capita di dover demolire una replica e riportare i dati su un singolo nodo del MongoDB.

ecco la procedura testata su MongoDB 3.0.8

	mongoserver:PRIMARY> rs.status();
	{
	"set" : "mongoserver",
	"date" : ISODate("2016-02-02T10:47:07.510Z"),
	"myState" : 1,
	"members" : [
	{
	"_id" : 3,
	"name" : "192.168.1.10:37017",
	"health" : 1,
	"state" : 2,
	"stateStr" : "SECONDARY",
	"uptime" : 1195281,
	"optime" : Timestamp(1454409817, 1),
	"optimeDate" : ISODate("2016-02-02T10:43:37Z"),
	"lastHeartbeat" : ISODate("2016-02-02T10:47:07.230Z"),
	"lastHeartbeatRecv" : ISODate("2016-02-02T10:47:07.194Z"),
	"pingMs" : 0,
	"syncingTo" : "192.168.1.10:27017",
	"configVersion" : 16
	},
	{
	"_id" : 4,
	"name" : "192.168.1.10:47017",
	"health" : 1,
	"state" : 7,
	"stateStr" : "ARBITER",
	"uptime" : 1195281,
	"lastHeartbeat" : ISODate("2016-02-02T10:47:06.225Z"),
	"lastHeartbeatRecv" : ISODate("2016-02-02T10:47:07.238Z"),
	"pingMs" : 0,
	"configVersion" : 16
	},
	{
	"_id" : 5,
	"name" : "192.168.1.10:27017",
	"health" : 1,
	"state" : 1,
	"stateStr" : "PRIMARY",
	"uptime" : 1195286,
	"optime" : Timestamp(1454409817, 1),
	"optimeDate" : ISODate("2016-02-02T10:43:37Z"),
	"electionTime" : Timestamp(1453214750, 1),
	"electionDate" : ISODate("2016-01-19T14:45:50Z"),
	"configVersion" : 16,
	"self" : true
	}
	],
	"ok" : 1
	}
	##Remove Secondary
	mongoserver:PRIMARY> rs.remove("192.168.1.10:37017")
	{ "ok" : 1 }
	mongoserver:PRIMARY> rs.remove("192.168.1.10:47017")
	{ "ok" : 1 }
	mongoserver:PRIMARY> rs.status();
	{
	"set" : "mongoserver",
	"date" : ISODate("2016-02-02T10:48:23.214Z"),
	"myState" : 1,
	"members" : [
	{
	"_id" : 5,
	"name" : "192.168.1.10:27017",
	"health" : 1,
	"state" : 1,
	"stateStr" : "PRIMARY",
	"uptime" : 1195362,
	"optime" : Timestamp(1454410079, 1),
	"optimeDate" : ISODate("2016-02-02T10:47:59Z"),
	"electionTime" : Timestamp(1453214750, 1),
	"electionDate" : ISODate("2016-01-19T14:45:50Z"),
	"configVersion" : 18,
	"self" : true
	}
	],
	"ok" : 1
	}
	stop all mongo service
	/etc/init.d/mongod1 stop
	/etc/init.d/mongod2 stop
	/etc/init.d/mongod3 stop
	comment replicaset info in /etc/mongod1.conf
	#replication:
	# replSetName: mongoserver
	restart single node
	/etc/init.d/mongod_single start
	connect to mongo
	> use local
	switched to db local
	> db.dropDatabase();
	{ "dropped" : "local", "ok" : 1 }
	restart mongo
	/etc/init.d/mongod_single stop
	/etc/init.d/mongod_single start
	##Delete old folder data

view raw downgrade_Mongodb_replica_to_standalone.txt hosted with ❤ by GitHub

MongoDB Script per current operations

Script molto utile per analizzare le operazioni in esecuzione sul Mongo Server.

Ottimo per prevedere la creazione di eventuali indici senza utilizzare il profile standard.

	while(1) {
	var c = db.currentOp();
	if(c && c.inprog && c.inprog.length > 0 && c.inprog[0].op == 'query') {
	var el = c.inprog[0];
	if( el.ns == 'admin.$cmd' || el.ns == 'local.$cmd' || el.ns == '')
	continue;
	print("on:" + el.ns);
	if(el.microsecs_running && el.microsecs_running.floatApprox)
	print("time:" + el.microsecs_running.floatApprox);
	print("query: " + JSON.stringify(el.query));
	print();
	};
	};

view raw curretOp.js hosted with ❤ by GitHub

risultato:

on:<dbname>.<collectionname>
time:12968
query: {"_id":{"str":"54b64c9ee4b009e7c6df0f40"}}

on:<dbname>.<collectionname>
time:18489
query: {"_id":{"str":"54b64c9ee4b009e7c6df0f40"}}

on:<dbname>.<collectionname>
time:131
query: {"field1":"515c785c9ccb3d8e563baf32","field2":"AAA","field1":"BBB"}