7MS #586: DIY Pentest Dropbox Tips – Part 8
7 Minute Security25 Aug 2023

7MS #586: DIY Pentest Dropbox Tips – Part 8

Today, sadly, might be the last episode of DIY pentest dropbox tips for a while because I found (well, ChatGPT did actually) the missing link to 100% automate a Kali Linux install! Check episode #449 for more info on building your Kali preseed file, but essentially the last line in my file runs a kali.sh script to download/install all the pentest tools I want. The "missing link" part is I figured out how to get Kali to reboot and then run a script one time to complete all the post-install stuff. So at the bottom of my kali.sh is this:

sudo wget https://somesite/kali-docker.sh -O /opt/kali-docker.sh sudo chmod +x /opt/kali-docker.sh sudo touch /flag sudo wget https://somesite/docker.service -O /etc/systemd/system/mydocker.service sudo systemctl daemon-reload sudo systemctl enable mydocker.service

The contents of docker.service are:

[Unit] Description=Docker install [Service] Type=simple ExecStart=/opt/kali-docker.sh [Install] WantedBy=multi-user.target

The beginning and end snippets of kali-docker.sh are:

#!/bin/bash flag_file="/flag" if [ -e "$flag_file" ]; then # get bbot sudo docker run -it blacklanternsecurity/bbot:stable --help # Do a bunch of other install things...

So essentially the work flow is: kali.sh runs, downloads and installs kali-docker.sh, and also installs a service that runs kali-docker.sh on each reboot. But when kali-docker.sh runs, it checks for the presence of a file called /flag. If /flag exists, all the post-install commands will run. If it does not exist, those commands won't run. Simple, yet genius I think!

Avsnitt(684)

7MS #243: ZOMG Logo Design Contest!

7MS #243: ZOMG Logo Design Contest!

Here are today's show notes!

2 Feb 20179min

7MS #242: Bye Bye Dream Job - Part 4

7MS #242: Bye Bye Dream Job - Part 4

We've reached the end of this series, and I come into this final chapter bearing good news: I have a job! So in today's episode, I just wanted to kick back and share some cool things I'm working on as I ramp up in this new adventure (and that will also provide good topics for future episodes): Webapp pentest tool bake-off In the next week I'll be evaluating the following for a more general/automatic Webapp scans: Netsparker HP WebInspect Qualys AppSpider SIEM comparison We're looking at several tools to do both on-prem and managed SIEM solutions. If you've got recommendations or experiences to share I would love to hear them - please contact me. Thanks in advance!

26 Jan 201710min

7MS #241: Bye Bye Dream Job - Part 3

7MS #241: Bye Bye Dream Job - Part 3

Show notes are here

19 Jan 201713min

7MS #240: Bye Bye Dream Job - Part 2

7MS #240: Bye Bye Dream Job - Part 2

Show notes are here.

12 Jan 201712min

7MS #239: Bye Bye Dream Job - Part 1

7MS #239: Bye Bye Dream Job - Part 1

Show notes: https://7ms.us/7ms-239-bye-bye-dream-job-part-1

5 Jan 20179min

7MS #238: Network Monitoring 101 - Part 2: NMAP, Papertrailapp and OpenCanary

7MS #238: Network Monitoring 101 - Part 2: NMAP, Papertrailapp and OpenCanary

Show notes: https://7ms.us/7ms-238-network-monitoring-101-part-2-nmap-papertrailapp-and-opencanary

30 Nov 20168min

7MS #237: Network Monitoring 101 - Part 1: Nessus

7MS #237: Network Monitoring 101 - Part 1: Nessus

Show notes: https://7ms.us/7ms-237-network-monitoring-101-part-1-nessus

23 Nov 20168min

7MS #236: From "Derp!" to Domain Admin with MOVEit Central

7MS #236: From "Derp!" to Domain Admin with MOVEit Central

Show notes: https://7ms.us/7ms-236-from-derp-to-domain-admin-with-moveit-central

17 Nov 201611min

Populärt inom Politik & nyheter

p3-krim
svd-dokumentara-berattelser-2
rss-krimstad
flashback-forever
olyckan-inifran
rss-viva-fotboll
aftonbladet-daily
rss-vad-fan-hande
svenska-fall
rss-sanning-konsekvens
krimmagasinet
rss-expressen-dok
motiv
fordomspodden
svd-nyhetsartiklar
dagens-eko
rss-frandfors-horna
blenda-2
spar
spotlight