Geek @ Hong Kong

How geek use raspberry pi (1) - Download BT

by Scott Tse on March 27, 2014

As that’s quite time consuming to go to the torrent site and search bt files from it, the geeks wrote a ’oneliner’ (actually 2 lines) to perform the search:

root@raspberrypi:~# cat /usr/bin/search
#!/bin/sh
lynx -dump "http://thepiratebay.se/search/$@/0/7/0"|grep magnet | sed 'y/+/ /; s/%/\\x/g' | xargs -L 1 echo -e

#transmission-remote -n "transmission:the password lor" -a "magnet:?xt=urn:btih..."

And here is the script to download the torrent with transmission x:

root@raspberrypi:~# cat /usr/bin/download
#!/bin/sh
transmission-remote -n "transmission:okay, you win" -a "$@"

That’s how it looks like for a search:

How geek listen to 903

by Scott Tse on March 12, 2014

Since it is quite troublesome to locate and click an icon or type the link with a browser everyday.

It should be expected that when geek need to listen to the only local radio that Hong Kong have, he will just type “903” to achieve it.

Here we go:

alias 903='ffplay rtsp://maclive.881903.com/cr2 -nodisp'

“The finding was attached as below:”

Git Reference

by Scott Tse on November 15, 2013

Setup self-hosted git remote repository http://kovshenin.com/2011/howto-remote-shared-git-repository/

Git deployment workflow between local, remote repository and web server http://ryanflorence.com/simple-git-deployment/

Git deployment workflow between development and live/production on the same server https://coderwall.com/p/xczkaq

Sync project to repo brainlessly… alias sync=”git add . && git commit -m “changed” && git push”

Blogpost sync between wordpress and blogspot

by Scott Tse on September 3, 2013

With this IFTTT plugin, this blog post will now be sync to this one. http://happypentest.blogspot.hk/

Web security assessment check list. (Black box)

by Scott Tse on September 3, 2013

There are several things we gonna check on building a secure web page. Assumed that the assessment is done on black box. Here we included some steps and procedures for a simple analysis on a web page. The following is from 2010, it take no reference from SANS and OWASP’s checklist, but it contains what comes up my mind at the moment I post.

Check the machine location and route. Is it only accessible through internal network or publicly reachable (Exclude mainland)? Is it behind a low balancer and firewall? Is it located on a distributed network or member of the cloud? Any fingerprint from whois/netcraft?
Check the machine type. Is there any other services running beside port 80 and 443? Scanner like nmap/nessus may help. What OS and server is the machine running? Apache/IIS/WebSphere/Tomcat…? What version is it?
Check the purpose of the web server. Is it a dynamic website with user involvement? Is there a database behind? What version will the database properly be, according to the httpd server? MySQL/Oracle/DB2/… Say if it is running apache most likely it work with LAMP. And if windows is the host, it may have IIS, ASP, Access, IIS database manager… or still WAMP. Will this server further connect to other internal computer for retrieving contents? What are the host properly behind? (You may know it from jobsdb or make a phone call to their datacenter :)
read more