Skip to content

Christian Mehlmauer
FireFart

Organizations

@rapid7 @wpscanteam @BSidesVienna
FireFart commented on issue wpscanteam/wpscan#903
@FireFart

@Veraxus could you maybe provide the site in private to team@wpscan.org so we can have a look into this?

FireFart commented on issue wpscanteam/wpscan#902
@FireFart

Hm I think the current code in master is correct. Because every response on wp-content/plugins other than 404 is a hit (a forbidden, auth required,…

FireFart commented on issue wpscanteam/wpscan#902
@FireFart

nope it doesn't handle 403's correct....currently looking into it :D

FireFart commented on issue wpscanteam/wpscan#902
@FireFart

What do you think of smth like this? def wp_plugins_dir_exists? resp = Browser.get(@uri.merge(wp_plugins_dir).to_s) if resp.code != 404 hash = WebS…

@FireFart

Here is a screenshot of another small python project using postgres and multiprocessing. So there is a lot more disk io :) (I don't know the actua…

@FireFart

also: (env) [firefart@arch bin]$ ./import --import-parts test.sqlite3 ../../mod_sec_logs/ also adding parts! Traceback (most recent call last): Fil…

@FireFart

I just tried your changes from the directories branch with sqlite3 on my laptop: as you can see, IO and CPU are really low so I think there is sti…

@FireFart

also i think the cipher order ctx.ciphers='HIGH!ADH:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!SSLv2:!DES:!3DES' may kill IE6 support. Maybe it's better to o…

@FireFart

@OJ it depends on the patch version of XP if TLS1.0 is supported. For example XP with IE6 does not support TLS: https://www.ssllabs.com/ssltest/vie…

@FireFart

wanted to try it but the importer only takes a filelist as an argument - for a good test there are too many arguments. Is there a way to also speci…

@FireFart
404 checking
FireFart deleted branch new_urls at wpscanteam/wpscan
FireFart opened pull request wpscanteam/wpscan#901
@FireFart
add new urls
1 commit with 3 additions and 3 deletions
FireFart created branch new_urls at wpscanteam/wpscan
@FireFart

BTW travis is currently failing

@FireFart

discussion should move to #5 :)

@FireFart
Multiprocessing
9 commits with 326 additions and 113 deletions
FireFart commented on pull request rapid7/metasploit-framework#6530
@FireFart

Should we use the Filedropper mixin in the exploit method to register this file for cleanup after successfull exploitation?

@FireFart

The IO is based on your session commit rate. If you keep it low you will use more memory, but performance will be better. For tests just create som…

@FireFart

Then you need to return the object for example by using a second queue and insert them in the main process. For CPU intensive stuff like the file p…

@FireFart

why not use a connection per process? What's the problem with multiple connections? That's what a database is buit for. Of course you can do it in …

@FireFart

Having a new session per thread is actually a good thing otherwise there would be a lot of race conditions. If you don't have any unique constraint…

@FireFart

You can use Pool.map for a simple map: https://docs.python.org/3.5/library/multiprocessing.html#multiprocessing.pool.Pool This removes the overhead…

FireFart deleted branch multiprocessing2 at FireFart/mod_security_importer
FireFart deleted branch multiprocessing at FireFart/mod_security_importer
@FireFart

also missing the commit counter....committing the session on every entry is very time consuiming when processing a lot of data. Python is very neat…

@FireFart

this way you can only process one file at all

@FireFart

this does not work. you have to get a job in an endless loop and break when none is received. see my original implementation

@FireFart
Dockerfile tab not updated
Something went wrong with that request. Please try again.