Hackerific

last update:

Since finishing my PhD and leaving the world of academia I’ve moved from doing most dev work locally using TextMate to using remote VMs and using vim. I’ve also spent less time hacking outside of work, and so a few of the projects I used to spend a fair amount of time on have fallen by the wayside. One of these poor languishing projects was the Gnuplot TextMate bundle. A lot has happened to TextMate in the six years(!

iTerm2 is the best terminal emulator currently available on Mac OSX, I use it daily for development and sysadmin work and rarely regret running unstable builds. One of my favoute features in iTerm is its tabs. As you’d probably expect, ⌘T opens a tag – with a new shell – and you can drag and detach them just like you would in other applications. Earlier today I was reading its documentation and I came across this page about the proprietary escape codes it supports.

Template Toolkit is an excellent and popular templating language for perl. Here’s a quick tip about how to avoid cross-site scripting vulnerabilities when using it to write web apps. Suppose you have a page in your app which takes some user input and displays it, like this: <input name="user_supplied_input" value='[% input | html %]'> The input could come from POSTing a form, or from a URL parameter, like: https://example.com/app?user_supplied_input=test You could be forgiven for thinking that because you’ve used the HTML filter your user supplied input will be safely encoded, but in this case you’d be wrong!

Over a year has now passed since I started playing with the Kippo honeypot, so a quick second post about my findings is long overdue! I ran Kippo on an overpriced cheap VPS with two-IPs pretty much continuously from between April and September 2013. That’s 5 months (154 days). I wrote a short post near the beginning of that time. In my original post on this subject I waffled a bit about how almost all of the attacking traffic I saw was from Chinese IPs and mentioned a few attempted passwords with high entropy.

Bed Against The Wall inspired me to try running kippo, an SSH honeypot on a spare CentOS VPS I ended accidentally paying for. So far, I’ve completed a very basic installation by using an iptables rule to redirect traffic from kippo’s default port of 2222 to 22 on the VPS’ second IP address, created an unprivileged user to run the kippo scripts then started kippo.sh as that user. At the moment, I’m just watching the logs and I’ve left the default kippo credentials in place (root/123456) for about a week.