[geeks] Appropos of nothing...

velociraptor velociraptor at gmail.com
Mon Jun 27 15:56:07 CDT 2005


I really like *nix.

Even though it would take me at least a day to figure
out the code to do this myself--regex is not my forte--
 in about 1 hour I managed to:

* convert an system audit report from pdf to text
* find a shell script to convert that to html
* find a shell script to parse the URLs out of the html
  (tried a few other things and that seemed the
   quickest solution)
* used an ssh tunnel to connect to the backend
  port of the server the report came from
* used sed to convert the hostname in the URLs to
  localhost:port
* used wget to fetch all the URLs and show that all
  the negative "cgi vulnerabilities" in the report were
  actually 404s

I wonder how long that would take a Windows geek
unless they had Cygwin installed?  Most of my time
was taken up tracking down the two scripts.  It's very
cool that people share so expertise in the *nix world.

Of course, this begs the question of why the auditors
are using a misconfigured tool that throws so many
false positives, but ours is not to reason why.  We do
so much cool stuff for so many wrong reasons, it
kinda makes you wonder what we could get done if
we were doing things for the right reasons.

=Nadine=



More information about the geeks mailing list