Tagged: script

Hakology – How to grab openweathermap data using python.

I’ve been playing with the openweathermap api thought i’d share a little code, the following pulls the json and constructs a string containing the location, temp, tax temp, min temp and humidity. You will need to sign up for an API key and free user account 1st. The free account at the time of writing this allows 50k calls a day so if you’re writing for a small personal project 50k calls should be fine.

Copy the code below to a file
eg. displayweather.py

chmod the file if needed …
sudo chmod +x displayweather.py

run the file using …
python displayweather.py

import requests
r = requests.get('http://api.openweathermap.org/data/2.5/forecast/city?id=YOURCITYIDGOESHERE&APPID=YOURAPIKEYGOESHERE')
data = r.json()
mystring = ""
mystring = mystring + data['city']['name'] + " "
mystring = mystring + "Temp:" + str(int(data['list'][0]['main']['temp'] - 273.15)) + "C "
mystring = mystring + "Max:" + str(int(data['list'][0]['main']['temp_max'] - 273.15)) + "C "
mystring = mystring + "Min:" + str(int(data['list'][0]['main']['temp_min'] - 273.15)) + "C "
mystring = mystring + "Hum:" + str(data['list'][0]['main']['humidity']) + "% "
print mystring

Click here to download the file.

Hakology VBLOG (D84) – Digishell … persistent netcat shell using a digistump and vbs

Full episode on this coming soon.
Creates a persistent netcatshell on target machine.
Using digistump to download vbs stager which then downloads and excutes netcat. Currently running from Startup folder for current user thinking about adding a registry key or delayed service that starts after boot … but meh wtf it compiles and does what it says on the tin lol, enjoy 🙂

Download digispark digistump digishell source code

Hakology Day 5 : Blog Entry

Nothing like a fresh coffee to start the day.

First tech support call to configure a printer, nice and easy start. Still have a DVD drive to repair and another person that wants some security advice but ill get on those next week. Time to start recording some stock footage and get editing.


Background noise.


Recharging cameras and having a brew.

Key-framing, key-framing, key-framing … and listening to a little drum and bass.

Pastebin for the steam controller install script.

Best analytics data to date …

Can you imagine the disappointment when whoever discovered it was a 3D printed leg for a dog.

More stock footage recorded just transferring the files and going to get back to editing and compiling.

Still editing and chopping stock footage, quite boring stuff but im making progress. Need to edit the audio in two locations and add a little more information but everything is coming together quite nicely. Then its Friday … game time and off to see a few friends, whoot. Planning a late night mumble if you want to join message me for the connection details, we’ll be hacking all the things.

LEEROY MOTHER F%$£ING JENKINS Its time to stop for a while and blast the s&%$ out of some evil demons on the computer!!! BOOM HEAD SHOT, BOOM HEAD SHOT, BOOM HEAD SHOT, BOOM HEAD SHOT. BOOM! HEAD! SHOT!

Well after a little gaming and a little sleep, I think its time for a coffee and some work. Then some more games hehe 🙂

So I’ve kind of finished the first edit, doing a quick VBLOG, then some serious gaming till the wee hours.



Hakology Day 4 : Blog Entry

Chores done and I’m online. Going to get busy, goals for today, get steam controller working on retro pie, re-record retropie audio, and re-render using better stock footage including steps to configuring. Then if I have any time get back on the SDR work.

Spent as much time working on retropie as I want for now. Just uploading WIP on the hakology VBLOG channel. Tea, food & SDRs.



Background noise.


Steam controller working in retropie … whoot.

Written an automated installation script. Finding bash in raspbian has some unusual defult settings regarding echo. If any one knows how to get echoes to display …

Testing and debugging script. Being a noob. Making silly mistakes. Correcting them. NTS: tput setaf 1; is a great way to set echo output in bash 🙂

Finished …. taking a break. – Managed to brick emulationstation in the process, now have to recover script and reimage.

Turns out if you boot the pi with a cronjob for the steam pad drivers it’ll crash emulationstation if you dont have the dongle inserted.


echo This script is designed intended for retro pie running raspbian and python 2.7
echo This script will now install the drivers and files required to use the steam controller with retropie
echo Ensure your pi has an internet connection prior to running.
echo Moving to home directory
cd /home/pi
echo Installing dependancies Python package manager and git
sudo apt-get install python-pip git
echo Installing – libusb1
sudo pip install libusb1
echo Installing – enum34
sudo pip install enum34
echo Cloning steam controller files.
git clone https://github.com/ynsta/steamcontroller.git
echo Moving to steam controller files directory
cd steamcontroller
echo Intsalling steam controller files
sudo python setup.py install
echo Setting up udev rules
echo SUBSYSTEM==\”usb\”, ATTRS{idVendor}==\”28de\”, GROUP=\”games\”, MODE=\”0660\” >> /etc/udev/rules.d/99-steam-controller.rules
echo KERNEL==\”uinput\”, MODE=\”0660\”, GROUP=\”games\”, OPTIONS+=\”static_node=uinput\” >> /etc/udev/rules.d/99-steam-controller.rules
echo Reloading udev
sudo udevadm control –reload
tput setaf 1;echo All operations complete
echo Update crontab …
echo crontab -e
echo Add the following to crontab …
echo @reboot /usr/local/bin/sc-xbox.py start
echo Ensure the steam usb dongle is inserted when you reboot otherwise emulationstation might not load.
echo If you need to run the script more than once besure to clean the udev rules found in:
echo /etc/udev/rules.d/99-steam-controller.rules
Will post a better a link to the file later when i’ve finished tinkering.


Random pic for the day, great tool all round esp when it comes to cabling new pc builds or finding that tiny screw you just dropped on the floor, cree LED with recharagable 18650s and adjustable focus.


Final retropie video posted to the hakology main youtube channel.




Signing off.

Hakology : How to block youtube users/channels from your yt search results.

I wrote this tutorial because the greasemonkey script is slightly broken …

1. Install grease monkey for firefox. (Available via the plugins menu)
2. Restart firefox.
3. Install this script in to grease monkey by clicking the install button on the page.
4. Go to the grease monkey icon and choose edit userscripts.
5. Click on options
6. Click on Edit this user script.
7. Find this line :
var blocks = GM_getValue(‘savedblocks’, ‘PewDiePie,TobyGames,Smosh Games’);
8. Edit the line and add the channel you want to block like this.
var blocks = GM_getValue(‘savedblocks’, ‘PewDiePie,TobyGames,Smosh Games,channeliwanttoblock’);
9. Add more if required make sure you use a comma to separate the values and enclose values in the single quotes.
10. Save the script
11. Restart firefox
12. Enjoy 😀

After writing the tutorial I found a fix for not being able to see the block list on youtube …

1. Open the script for editing again
2. Find the line that looks like this …
var settingsDiv = ‘<div style=”padding:10px;”
3. Edit the line so it looks like this …
var settingsDiv = ‘<div style=”margin-top:100px;margin-left:250px;padding:20px;”
4. Leave the rest of the code on that line exactly the way it is.
5. Click save
6. Restart firefox

Now all the functionality of the original script should be working in your browser.

Hakology – Zeya linux installation (HTML5 streaming music)

*repost for archiving purposes*

# Notes:
# Requirements
# Python 2.5+ (2.6+ recommended) tested on 2.7 (worked fine)
# python-tagpy (critical : boost lib)
# python-simplejson (critical : boost lib)
# oggenc (critical : ogg encoder for streaming)
# mpg123 (optional : for decoding MP3 files) (you will want this)
# flac (optional : for decoding FLAC files) (you might want this)

echo "Hakology - Zeya installation script for linux."
echo "Zeya is a client for streaming audio from a central servernto any device that supports html5"
echo "Zeya - web.psung.name/zeya/"
echo "Hakology - youtube.com/hakology"
echo "Visit the youtube channel for more coolness"

cd ~
sudo apt-get install python git mpg123 flac python-tagpy vorbis-tools faad python-simplejson
sudo git clone http://web.psung.name/git/zeya.git

echo "############################################"
echo "Installation complete"
echo "############################################"
echo "To run :";
echo "./zeya.py --path=/path/to/music";
echo "To add to crontab (crontab -e) add the following to start on reboot";
echo "@reboot /full/path/to/zeya.py --path=/path/to/music";
echo "You should add a htaccess file to use this on the web";
echo "./zeya.py --basic_auth_file=/path/to/.htpasswd --path=/to/your/music/";
echo "You can also run on a different port";
echo "./zeya.py --port=9000";

Scanning the scanners … coding counter measures

When I was playing about with kippo the other night I had this idea to counter attack people who were scanning / trying to access my server. If someone connected to port 2222 without permission could I use the logs to automate a counter attack / perform some recon. After a quick look at the log files I decided that coding counter measures for a SSH honey pot would be pretty useless as the honey pot isn’t providing / holding any important information. I then turned my attention to another server that hosts some statistical data for other sites I contribute to.

Initially I wanted to look at any 404 errors because I could see people looking for default program paths and directories to exploit. This would be a good approach but there were also legitimate 404 errors where things like the favicon.ico or just simple stuff like unintentionally malformed URLs. I looked at the log files again and noticed everytime someone nmaps port 80 they leave a really obvious finger print.

debian.home:80 xxx.xxx.xxx.xxx – – [09/Jul/2013:15:45:13 +0100] “OPTIONS / HTTP/1.1” 200 188 “-” “Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)”

Present on every nmap scan I can see logged to the server. (There must be a param to disable/change this somewhere in nmap)
I came up with the script below which when executed will nmap anyone who has nmapped port 80 and save it all to a file 🙂

# fire all the lasers
# bash apache counter recon tool

echo ‘Gathering logfile data n’
cat /var/log/apache2/*.log | grep nmap | awk ‘{ print $2 }’ > nmappers.txt
cat nmappers.txt

echo ‘Filtering unique ips …n’
sort nmappers.txt | uniq > ips.txt

echo ‘Scanning the scanners …n’
nmap -v -T4 -A -iL ips.txt > recon.txt

echo ‘Cleaning up …n’
rm ips.txt
rm nmappers.txt

echo ‘Results …n’
cat recon.txt

Conclusion and thoughts:
This is just the beginning, really enjoyed coding this script will look to expand on it soon. Possibly combining this with kali linux & metasploit. Lots of room for improvement as this could also be used to look at failed login attempts on other services / ports … the nmap finger print could greatly be expanded on too using failed exploits from the log file. (Geolocation / Automatic notification to isps that their users are up to no good? etc.)

EDIT : big update coming to this script tehe 😀

Defcon auto download script (2012)


I found this script floating about on the web I wonder if it could be adapted/used to suite this years defcon. Defcon is the worlds largest hacking conference now in its 21st year. The conference starts this year August 1st and runs till the 4th tickets for a 4 day pass are $180 and the conference will be held at the Rio Hotel in Las Vegas! What happens in Vegas, usually ends up on youtube a few months later

## $ ddl-rss-media https://www.defcon.org/podcast/defcon-20-slides.rss
# ddl-rss-media RSS_LINK {would download all media enclosed at current dir}
enclosures=`curl -k -s -L $@ | cat | grep enclosure | sed ‘s/.*enclosures*url=”//’ | sed ‘s/”.*//’`
for url in `echo $enclosures | xargs -L1`;
if [ ! -z $url ];
filename=`echo $url | sed ‘s/?.*//’ | sed ‘s/.*///’`
echo “Downloading $filename…”
wget -c -O $filename $url