Another quick and dirty (useless?) bash for loop

The MacOS command /usr/bin/say can be a pretty useful command to read output to the end user, or for pranking your friends. But finding the right voice to use can be kind of exhausting. You would have to run the following command

Then to hear the voice you would have to run each name to test.

This is boring and takes a long time

I wrote this silly for loop to do the work for me.

I listened to this play through the names three times while writing this post. 😐

Have fun out there.

Don’t Cry

I had intended on posting this a couple weeks ago, but never got to it.

I took my last post and added a little bash wrapper around it. I thought this would help automate some of the scanning for me. As well as notify me.

The entire repo is on my Github page here

Sample of the output:


Here is the code:

In its current state, this script will also email you the output above if a vulnerability is found. If you want to email after every scan just uncomment out last line in the else block.

The nmap scan is pulling from a text file. So either create that text file on your machine, or change the nmap arguments and remove the -iL ip_pools.txt and replace it with your ip address or range if ip addresses.

If you read through the code in the Globals section you can see that you need to specify a directory to run out of. I use ~/wannaCry but you can add that anywhere.

I recommend aiming this at whatever windows ip ranges or individual windows machines you have and put it on a cron.

Apply this CRITICAL patch MS17-010 if you find yourself vulnerable.

In the likely discovery of a bug or a if a patch is needed, head on over to Don’t Cry and submit a pull request. And yes, I am aware that line 65 is terrible 🙂

See ya next time.

Also I am not sure I need to say this or not, but this was intended for defensive uses only. If you do anything crazy with it, its on you. 


A Quick Petya / WannaCry Vuln Scan

Hey everyone! Another quick post, this one is about scanning hosts or networks for systems vulnerable to WannaCry or Petya.

First things first update your version of nmap. For me I had installed it through Homebrew. So a quick verification of the version number.

Confirm that you are running the latest version, at this moment version 7.50 is the current.

If you don’t see Version 7.50 run the following

Great so we are all ready to go and updated.

Here is the command we will run.

Here is the sample output of two machines I scanned one vulnerable and the other not.

Then from there you can gather your output and patch the vulnerable systems for MS17-010

See ya next time!

Quick and dirty

I am going to try and get a few more posts out soon. Tagging them as Quick and dirty.

One example:
Want to list out all users crontab on OSX?


This will get all the accounts on the systems including the internal accounts.  See ya next time.

ALEXCTF TR4: Doesn’t our logo look cool?

This was the logo in question..


This second wave of challenges. So I saw this towards the end. I found it really easy. But for some reason wanted to make this difficult on myself. I noticed that most of the characters were special characters. There were a handful of actual letters in there too. What do you know, a curly brace or two also. 🙂

I wrote this script.

Ran it here…

It sure does… Anyway another fun challenge.

AlexCTF CR1: Ultracoded 50 points

CR1: Ultracoded.

Fady didn’t understand well the difference between encryption and encoding, so instead of encrypting some secret message to pass to his friend, he encoded it!
Hint: Fady’s encoding doens’t handly any special character

They provide you a file called zero_one.

Welp I imagine this is going to be a game of .replace('ZERO','0').replace('ONE','1')

Sure enough after I convert that to binary, and covert that to ascii, it returns base64. Ok ok easy output.decode('base64') and thats it right? WRONG it returns morse code. I was about 95% done writing a python dictionary for this, then decided to pip install morse-talk

that returned ALEXCTFTH15O1SO5UP3RO5ECR3TOTXT hmm something something special characters. A little replace('O', '_') and were good to go right? Pretty much. Except no curly brackets.

Here is a silly script I wrote for this challenge. (sure I could have ran all of this through a web page to do it for me. But whats the fun in that, right? right?)

After running that you would get the following output.

That was fun thanks ALEXCTF!

MAC Address Lookup

Hey everyone! I haven’t forgot about this place. Here is a quick little function I wrote up for another project. I thought it might be a interesting to some.

This function will do a hardware lookup using a systems mac address.

Other useful info I am only asking for the org value in my script. But you can get granular also. If you remove .org from the oui.registration().org you get the following output.

The try block will catch if the mac address is not registered and just return the error associated.

Anyway thanks for stopping by!