Repo Dorks

Here’s a handy list of Google Dorks for use when searching through (github) source code repositories to find sensitive data

  • SSH hosts and keys: inurl:“known_hosts”“ssh-rsa”
  • Private encryption keys: inurl:“id_rsa” -inurl:“pub”
  • Test configuration info: inurl:“test” filetype:config
  • Ruby on Rails secure token: inurl:secret_token.rb
  • Windows Azure account keys: “;AccountKey=”filetype:config
  • Database connection config: “;User Id=” filetype:config
  • Amazon Web Service access key (Java): “AWS_ACCESS_KEY_ID” filetype:properties
  • Amazon Web Service access key (Other): “AWS_ACCESS_KEY_ID” filetype:config
  • Bash command history: filetype:bash_history
  • Account config data: filetype:xml inurl:accounts.xml
  • SQL containing passwords: filetype:sql where password
  • Django settings file:

rabbitmq basics

A quick guide to some basics of running a RabbitMQ server:

Start the service:
service rabbitmq-server start

Remove the default ‘guest’ user:
rabbitmqctl delete_user guest

Set up a new user for administrative purposes:
rabbitmqctl add_user <admin_user> <password>
rabbitmqctl set_user_tags <admin_user> administrator

Set up a new user for the specific instance (vhost) you’ll be using:
rabbitmqctl add_vhost <vhostname>
rabbitmqctl add_user <username> <password>
rabbitmqctl set_permissions -p <vhostname> <username> "^<username>.*" ".*" ".*"

Check that everything looks OK:
rabbitmqctl list_vhosts
rabbitmqctl list_users
rabbitmqctl list_permissions -p dev
rabbitmqctl status


notes on using Kali Linux – KDE version

For some reason, the folks at Offensive Security removed the KDE build of Kali from their download list (the Enlightenment, XFCE, and LXDE versions are still there, but KDE is absent). Since KDE is my preferred window manager, this made me sad, until I found out you can grab them in the weekly and daily builds.

Once I had Kali/KDE up and running, the first thing I noticed was there was no GUI way to manage network interfaces. Having a background in Linux sysadmin, that wasn’t a huge obstacle – ifconfig, iwconfig, wpasupplicant, all were there and working. However, anyone that’s ever had to configure a WPA2/PSK interface by hand can testify that this is one of the few places where having a simple GUI management interface is just plain nice to have. I did some digging, and discovered that the problem was the plasma-nm applet was not installed. A simple apt-get install plasma-nm took care of that problem – and handily pulled in all the required dependencies for the rest of the KDE network management tools as well.

Other than that, the rest of the stuff I like about KDE was there, along with all the usual Kali tools and resources. Finally, I get the best of both worlds!