Archive for pasteLert

So i finally got round to putting the source together and writing this out. We’ve been really busy with Blackhat training at work and so on and i’m generally just lazy. Also releasing now mostly because the mysql database on my linode keeps crashing, its just too small a box to keep *all* pastebin entries. The code is messy, so expect arb/no commenting but its pretty straight forward, feel free to shoot through any questions you have. Also i messaged pastebin to see if they’d implement something like this or let me do it, but i didnt get any responses to any of the messages :(

Anyway, here is the basic rundown:

  • Setup your mysql, create a database ‘pastebin’ – Google will give you this info :D
  • Drop the structure in, its in the archive as pastebinStructure.sql. mysql -u root -p pastebin < pastebinStructure.sql
  • Extract the archive to its own directory in your webroot, preferably ‘pasteLert’ :)
  • Change the setdb.php file to your mysql details. Edit alerts.php to include your email and location information rather than mine
  • Setup the crons as below


Basically there are 4 cron jobs that you need to add:

  • pullPastebin.php – this will go to http://www.pastebin.com/archive.php and get the pasteIDs and add them to `pastebin`.`pastebin`, I generally run this every 2 minutes and my cron looks like this:
    • */2 * * * * php /var/www/html/andrewmohawk.com/pasteLert/pullPastebin.php
  • pullPastes.php – this script then goes and pulls each paste with a random delay between 0-5 seconds (see line 14 if you want to change that). I generally let this run every 10 minutes and looks as follows:
    • */10 * * * * php /var/www/html/andrewmohawk.com/pasteLert/pullPastes.php
  • sendAlerts.php – this script sends out the alerts via email, this is really up to you, obviously as close to 10 minutes means its as close to when you have the data, mines at 15 mins:
    • */15 * * * * php /var/www/html/andrewmohawk.com/pasteLert/sendAlerts.php

Cron Part 2!
So the reason my box was falling over was that every day i’d push all the pastebin’s from that day into another table (pastebinOldData). Essentially i have now changed mine to stop doing this and rather truncated the daily log instead of saving the data.  You however hopefully have a bigger box and can store all the data, or you can always just truncate the data, so you need to pick one of the two files, either truncPastes.php or rotatePastes.php.

0 1 * * * php /var/www/html/andrewmohawk.com/pasteLert/truncPastes.php

0 1 * * * php /var/www/html/andrewmohawk.com/pasteLert/rotatePastes.php

I think that pretty much covers it, feel free to mail in what you are looking for if you need any help.


ANDREW I DONT CARE ABOUT YOUR STORIES! JUST GIVE ME THE LINK! >> http://andrewmohawk.com/pasteLert/

Hey guys,

So here is my latest project, extending from the previous pasteScraper to do something a little different with the pastebins. Essentially i recreated google alerts but with a bit more searchiness (yes, i make up words now too).

How it Works

  • I enumerate all new pastes from http://www.pastebin.com/archive/ every minute and add them to a ‘download’ queue.
  • New pastes are then downloaded to a local database
  • Alerts are periodically cron’d
  • Search functionality is via a fulltext search of pastes

What does it give me?

  • The ability to search for *anything* on pastebin.com
  • Semi-realtime searches
  • Email alerts when your term is hit!
  • RSS feeds for searches
  • The ability to search with AND keywords in pastebins

How it is all going to fall apart

I dont really see this as a long term project, merely something that shows a PoC for how much stuff is leaking out via PasteBin.com and how cool it really is. Some issues i see that may happen with this:

  • People will switch to more secure pastebins that don’t allow indexing, don’t have archive pages and arent indexed by search engines
  • My small linode will fall to pieces because the fulltext like queries are painfull
  • Pastebin.com will not be impressed with me doing this and start blocking it


http://andrewmohawk.com/pasteLert/, feel free to play/comment/etc :)



p.s. Thanks to Chris Hadnagy and Roelof Temmingh :D

So this is the only entry i have where i’ve built an app that wont work from day 1.

“Oh why andrew, why?” you might say, but as I shrug, this was not my fault. So a while back Samy Kamkar produced his geolocation proof of concept code which works awesomely at being able to take an AP MAC Address to GPS Co-ordinates. Sadly now however Google location services seem to be broken at the moment with both Samy’s and my code being horribly broken with the results either being the same GPS Co-ordinates or 0,0.

This happened of course only *after* i had completed my app (had to do multithreading and slap a design on it) .

But anyway, here is the basic idea of it:

  • Recieve in a NON GPSd airodump-ng csv file
  • Parse out all of the AP MAC Addresses
  • Take these to GPS co-ordinates to street addresses via opennominatim
  • Return this response either as a KML file (plotted on google earth)
  • OR as a text file to simply display the results

So anyway, you can have a look at the application over at http://andrewmohawk.com/airodumpvsgeo/ . Currently still in my shite naming ‘convention’ this one is called “AirodumpvsGEO”.


So i was chatting to Chris Hadnagy and he was having a bit of an issue getting an API key for yahoo BOSS and it seemed troublesome.

So i popped off a mail to yahoo to ask how i could get a key to share and they basically said i can just use mine. So i quickly repackaged the pasteScraper with my key so now its as simple as extracting the zip in your webroot directory and browsing to it :)

Get the new one here

Of course you can still use the one on my site over at http://www.andrewmohawk.com/pasteScrape/


Click here to search the VMWare user database!

So last week some time Chris Hadnagy linked me to the following URL: http://info.vmware.com/content/opt-out which was pretty interesting last week. Basically it allowed someone to full in their email address to manage their VMWare subscriptions, i noticed a couple of things from the next pages:

  • The fields auto populated with details like Name, Phone Number etc (i know, without auth and only an email address – worriedface)
  • Another tab became available that allowed you to update your details – again, no auth, scary

So i whipped out the good old firebug and started looking through the ajax calls till i came across this little gem:


and the resulting page looked something like:

function GetElqContentPersonalizationValue(strDataField)
var strTemp = '';
//alert('Data Field: ' + strDataField);
if(strDataField == 'C_EmailAddress' || strDataField == 'EmailAddress')
{strTemp = 'andrewmohawk\x40gmail.com';}
if(strDataField == 'C_FirstName' || strDataField == 'FirstName')
{strTemp = 'Andrew';}
if(strDataField == 'C_LastName' || strDataField == 'LastName')
{strTemp = 'MacPherson';}

Yeah, great info straight in that.. EEEK! So being the script kiddie (seriously, scripting languages FTW) i wrote a tiny PHP application to pull this info and display.

However the issue was that if you could update someones account, then you could simply change their email address, do a password reset and gain access to a commercial account giving people access to software that someone else paid loads for — this isnt cool so i didnt put the link out. However this week VMWare have removed the update page and the auto-populating fields — yet my scraper still works so i figured i’d put it out.

I’ve specifically left out the sessionkey to make it at least not a trivial cut and paste to get info yourself since it may still be possible to update from that code.

Just another leak i guess. But if anyone has any other links/ideas/stuff for me to play with, contact form’s on the left :)


Click here to search the VMWare user database!

Yeah im really lazy, so im not gonna write a lot about it, basically, if you wanna use it on my site hit it up at http://www.andrewmohawk.com/pasteScrape/ otherwise feel free to download it and run it yourself from this archive

Basically, go to http://www.andrewmohawk.com/pasteScrape/ and try some of these:

  1. “gmail/facebook Password” – free facebook/gmail/whatever accounts
  2. “rbot” – find rbot config files, including the passwords and the irc network that it connects to, ie, if you have an irc client you get a free botnet
  3. “enable password” – Cisco goodness
  4. “BEGIN PGP” – pgp keys anyone?
  5. “DB_PASSWORD” – loads of database passwords
  6. “Shellcode” or “Exploit”

You get the idea :)


Enjoy my readme  after the break :D
1 // What is PasteBinScraper?
2 // How does it work?
3 // How do i use it?
4 // How do i install?
5 // Extending
6 // TODO
7 // Thanks
Read more »

So its been ages since i last blogged, and i am determined to try do this more regularly since it will probably get me onto doing more stuff!

This is pretty much the first thing i built with the Arduino – the idea was to make a budget IPCam with a web interface that i could connect to from anywhere and have the ability to pan and tilt my camera. Since i was in the budget price range i did also look at what was available off the shelf — and it sucks, bad quality, slow response time, no lose wires to show, all things i’m not really interested in.

I’ve split this into 3 sections just to make sure that this doesnt become a massively long blogpost:

This is that cool part where you watch the video, unfortunately i haven’t got round to making one yet.. but when i do, its going here! For now, its in pictures (the webinterface and the actual device):

The web interface for the camThe Physical Device

So i’ve commented most of the lines and you should be able to easily follow what has happened in the code. Leave a comment if there are any questions :)

Code after the break!
Read more »

So i see its been forever since i have posted anything, figured its about time, and i wanted to show some of the stuff ive done with my Arduino. The first thing i tried to do with it was create my own budget IPCam with a webcam and some arduino parts.

Basic stuff that make up the IPCam:

  • 2x Servo Motors
  • 1x LCD (16×2)
  • 1x LED
  • 1x Potentiometer (used for LCD)
  • Bits of random Meccano
  • 2x Small lifting weights ( hey, we all knew i wouldnt use them to get in shape anyway )
  • Tape/Glue/Random stuff

So first off, this is a hack, i havent done pretty much anything properly, i just pieced it together, tied in bits of code and got it working :)

This is what the circuit looks like:
Arduino IPCam CircuitArduino IPCam CircuitArduino IPCam CircuitArduino IPCam Circuit

Read more »

ANDREW I DONT CARE ABOUT YOUR STORIES! JUST GIVE ME THE LINK! >> http://andrewmohawk.com/facefall/

So its been a long weekend, but i had a lot of time to myself this weekend, and decided to play a bit with some of the side projects i’ve been interested in.

With regards to the previous posts, the code has been updated and fixed, ill update the post a little later — but hopefully we (@Paterva) will be releasing the transforms to the public this week so everyone can play!

One of the first ones i wanted to tackle was faceFall — essentially twitterfall for the facebook graphAPI, so you can quickly search for a topic and watch the status messages / links fall down as they arrive :)

So check it out: http://andrewmohawk.com/facefall/ ( yes i realise the UI looks like ass, but i cant get a nice design to work.. if you have one or want to build one, PLEASE let me know!)

Some stuff id need to fix:

  • Removing doesn’t work well ( probably my lame ass jscript )
  • Doesnt do any correlation (like same person featured on x Topics)
  • Needs more info — only does status/links atm

If anyone wants this and wants to help, feel free to comment msg me!

I also cleaned the whiteboard:

Technical Info after the break!
Read more »

Recent Posts


Not the quickest of cats
on the best of days.

Tag cloud


For electronics/other to play with:


Created by Site5 WordPress Themes.
Experts in WordPress Hosting.