I ran into an issue while installing Google Authenticator on Ubuntu 18 and although the solution is simple, it's given me an opportunity to discuss three items.

    First, the issue:

    You attempt to install Google Authenticator using the following:

    sudo apt install libpam-google-authenticator

    And you're presented with the following error:

    E: Unable to locate package libpam-google-authenticator

    A common practice I see from time to time that makes me cringe -- documents titled "passwords" which contains passwords.  It's fairly simple to hunt those down though.  Files containing sensitive data such as social security numbers and credit card numbers are a harder due to not so obvious filenames and the numeric formatting possibilities.  I was originally intending to go with two different scripts but ended up combing them.

    This test script searches recursively for .txt files, hunts for both social security numbers and credit card numbers, with dashed and non-dashed variations, and then it spits out the number with the corresponding filename and path.    

    import re
    import sys
    import glob
    folder_path = './'
    for filename in glob.iglob(folder_path + '**/*.txt', recursive=True):
        file = open(filename, 'r',errors='ignore')
        for line in file:
            if re.match(r'\b(?:\d[ -]*?){13,16}\b', line):
            elif re.match(r'^\d{3}-?\d{2}-?\d{4}$|^XXX-XX-XXXX$', line):

    I've never really understood the purpose of Pastebin from a practical sense.  I think I get the concept, I just don't know why you'd use it.  That being said, its darker side is breach data dumping for the world to see.  

    Yesterday, I was thinking about the API and wondering if I wanted to write a script to search the pastes for client email addresses.  While digging around on the site, I checked out a few pastes.  Lots of people dumping code snippets and then I saw something.  Among the code snippets, I saw what looked to be base64.  I grabbed it, decoded it, and what I saw looked to be binary gibberish.  I thought it was going to be something clever like a message but that's just me playing too much CTF.  But then I did a Google search for "What is the purpose of Pastebin?" and I saw a search result talking about base64 encoded malware.  What!?!?  After reading the article, I was left with only a partial picture.  Perhaps the author didn't want to spell things out completely?  I don't know.  So I started working it through on my own.

    While playing around with a couple of other scripts, I got this idea that I wanted to incorporate extracting data from PDFs.  Nothing fancy here, just a recursive search for PDFs, we're extracting the text, and we're writing it out to a text file:  output.txt

    import glob
    import PyPDF2
    folder_path = './'
    for filename in glob.iglob(folder_path + '**/*.pdf', recursive=True):
        file = open(filename, 'rb')
        pdfReader = PyPDF2.PdfFileReader(file, strict=False)
        pageObj = pdfReader.getPage(0)
        f1=open('./output.txt', 'a+')

    I tried writing this with fewer lines of code using a list of passwords and another attempt with IGNORECASE but neither worked or worked with 100% accuracy.  Rather than spin my wheels, I just went this route with elif.  

    We're recursively searching inside of Word docx files for either:  password, Password, or PASSWORD

    When we get a match, we print the document location and the line containing our string match. 

    Storing passwords in a Word document is a bad practice -- this script shows you why it's a bad practice and why you should use a password manager.

    import os
    import re
    import docx
    document_list = []
    for path, subdirs, files in os.walk(r"./"):
        for name in files:
            if os.path.splitext(os.path.join(path, name))[1] == ".docx":
                document_list.append(os.path.join(path, name))
    for document_path in document_list:
        document = docx.Document(document_path)
        for paragraph in document.paragraphs:
            if "password" in paragraph.text:
            elif "Password" in paragraph.text:
            elif "PASSWORD" in paragraph.text:

    I have a Raspberry Pi implant that I can drop on a network.  When connected, it will grab an address from DHCP but I won't know its address.  I could have it open up an SSH connection but I don't want a persistent outbound connection.  What I would like is for it to get its internal address, ping something, and relay its IP back to me.  Something as simple as a single GET request hitting the logs on a server from which I can parse it out.  

    The supposed logical method is to use:  socket.gethostbyname(socket.gethostname())

    The problem with that method in most modern nix installs is the response:  ''

    © 2020 sevenlayers.com