VVV multiple projects with vagrant share

The vagrant share command is totally underused and working in a remote company it’s also totally necessary. Nearly everyday I’m asked to troubleshoot a piece of code or help figure out a bug. Usually I need some context in order to help so I say “can you share your screen” or “would you mind pushing that up to staging and I’ll have a look at it later”. That’s just no good because it creates a time gap where I can’t help them. And oftentimes by the times I get around to taking a look they’ve already given up or went another route. That just sucks and there has to be a better way right? Well, there is and it’s called vagrant share. But there is one issue and that is by default it shares the default configuration for the VM which working in VVV is the default screen which isn’t very useful in debugging a site. But there is hope yet.

Luckily with the vagrant share command you can specify a port as one of the flags. So this got me thinking I wonder if… You setup a site with it’s own port you could theoretically access each site like it was it’s own box right? I just blew my own mind in the process. Oh the possibilities.

So I added this to my Vagrantfile

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
    config.vm.network "forwarded_port", guest: 85, host: 8085

And then I changed my nginx port to listen on port 85 like so

listen 85;`

So now I’m thinking cool let’s fire this up and see if it works so I type

vagrant share --http 85

And that works just fine if you take WordPress out of the situation but that defeats the purpose here since I work with primarily with WordPress. So, what do I do now? We’re getting passed all of the checkpoints on this except for WordPress and the reason is it’s determining the home and site url either by the DB or the wp-config file. What we need to do here is make the install URL agnostic so that it will work with any domain.

We we need to either change tht in the DB or update the config. Updating the config is much easier so let’s just do that.

define('WP_HOME',    "http://{$_SERVER['HTTP_HOST']}/");
define('WP_SITEURL', "http://{$_SERVER['HTTP_HOST']}/");

Bam! we are in business you type up vagrant share --http 85 and everything runs cool as ice.

But what about images? And other things? Just throw in a proxy pass like in the example below and everything works wonderfully.

server {
    listen       85;
    listen       443 ssl;
    server_name  site.dev *.site.dev;
    root         /srv/www/site;
    include      /etc/nginx/nginx-wp-common.conf;

    location ~* \.(js|css|png|jpg|jpeg|gif|ico|mp3|mov|tif|tiff|swf|txt|html)$ {
        expires 24h;
        log_not_found off;
        try_files $uri $uri/ @production;

    location @production {
        proxy_pass http://www.site.com/$uri;

Now anyone you share that with will be able to help checkout your local machine without any trouble they can even login and poke around the admin.

Composer and wpackagist commercial plugins

With composer and wpackagist sometimes you want to include a package that isn’t listed nor does it have a composer.json file. This could be a commercial plugin or something else that might live in a repo or a zip somewhere on the web. It seems like information for this would be fairly easy to find but from what I could tell there wasn’t anything to connect all the dots for doing this. I’ve noticed that most people will include the publicly available ones in their composer file and leave everything else out leaving other engineers to scramle together finding the dependancies they need and installing them manually. This leaves me to believe that they have given up on finding a solution to the problem otherwise they would just include it in the first place.

It turns out it’s relatively straightforward but the information is disjointed and difficult to find. The trick is you have to define the package from within your composer file. They will then be included as wpackagist plugins just the same as public ones.


VVV PHP Code Sniffer with WordPress

Unbekownst to a lot of people that use VVV even on a daily basis is that there is a built in code sniffer or CS integrated into the machine that can be really useful if your committing code and want to maintain a higher standard. If you’ve provisioned the box then sitting inside your www directory there should be another directory called phpcs which stands for “PHP Code Sniffer”.

Sniffing Code from the console

After you’ve booted up the vm you’ll want to vagrant ssh into the box and check if phpcs is installed by typing which phpcs which should return the its executable path which is something like /srv/www/phpcs/scripts/phpcs. If nothing is returned then you need to add the executable to your path but it should be there by default when you provision the machine.

Using the built in php code sniffer with WordPress is easy. Once we’ve verified that phpcs is on the box and it’s executable then we need to test out a file to see if it’s up to coding standard. Let’s check out our wp-config.php file by running phpcs /srv/www/wordpress-default/wp-config.php . This should return results similar to those below.

Keep in mind that this sniffed using the default PEAR standard for the file and since we are working with WordPress we want a standard that is more our ballgame but to see which ones are installed type phpcs -i After that pick a standard listed, I’m going to use WordPress phpcs /srv/www/wordpress-default/wp-config.php --standard=WordPress

Notice now that the results are slightly different since we are using the WordPress standard to sniff our code. That’s a lot of errors though and I don’t want to manually go through and find them all fixing them on by one. That would be so boring and take way too long so let’s fix them in one go. Notice the message at the bottom of that command output.


Fixing Code

Is totally something you don’t want to miss and is just as easy to use as phpcs. If you don’t already have a patch or diff application setup for phpcbf then you’ll probably want to pass the flag –no-patch along with this next command otherwise you will most likely get an error. phpcbf --standard=WordPress --no-patch /srv/www/wordpress-default/wp-config.php

Now those errors should be all fixes to that coding standard. If you were to run the **phpcs **command again then the errors in question should no longer show up in the sniff results.

You can also fix entire directories using these tools but just be warned that though it works pretty well sometimes you just don’t get all of the perfect code that you expected.

As a note for those that work with VIP QuickStart the same packages are installed on the Vagrant box as well and can be used in the same fashion. If your a vim user I’ve found that this plugin works well.

Kali Linux use dnsdict6 to scan IPv6/IPv4

In Kali Linux there comes a tool called dnsdict6 that is used for DNS enumeration for a domain. It will use a dictionary file if supplied otherwise it uses a built in list. You can use this tool to gather information from a website seeing otherwise hidden or hard to find sub-domains. Sometimes you can find legacy domains that are no longer actively being used but could be a potential attack vector.

Do a quick scan to see what sort of tool this is and what results we can expect. dnsdict6 google.com

By running that command above your should see something similar so now we know sort of how this works. Let’s dig into it a bit deeper and learn about what options we can use with dnsdict6. Type in either dnsdict6 or dnsdict6 --help and the flags for this command will show up.

But what do those flags mean really and how can we use them?

-4: Will also yield IPv4 addresses which are reserved for private networks and multicast addresses.

-t: # Will determine how many threads your willing to use for the search. It can add some speed to the process but the task will get done nonetheless. Threading does make a difference if your using a larger list usually around 20 is a good number.

-D: Doesn’t do any scanning and will dump the current built in wordlist that the utility uses by default.

-d: Will display the IPv6 information on NS records which are basically which nameservers the domain points to and the MX records are mail servers that belong to the attached domain.

-S: Will list services that are used by the domain such as jabber and xmpp.

-[smlxu]: Will change the size of the dictionary that you’ll use for the scan. You will get more results sometimes but it will also take more time to dig through all of these dictionary terms.

How is this useful?

Planning is key to a successful attack and without information planning is all theoretical. We need to limit the amount of theoretical approaches to our attack therefore we rule them out by gathering information. The domains collected using this utility could be used later as attack vectors or further investigation of exploits in those domains. For instance you can find strictly ftp designated domains or a dedicated domain for a database such as mssql.google.com. If a domain has a wildcard configured you may get a warning such as Warning: wildcard domain configured (2nd test) Which is usually not a big deal but can sometimes take a very long time to complete or it will get hung up altogether.

Enumerate DNS with dnsenum in Kali Linux

dnsenum is a multithreaded perl script that can enumerate DNS information for a domain and discover non-contiguous ip blocks. We want to use dnsenum to gather even more information about the target domain. What we are mainly after with this tool is the private IP addresses. How do we get those sometimes takes some creative process but not much. We aren’t going to go through all of the option variations because it’s dependent upon what type of results your looking for and how thorough you want to be in your search. It collects basic information like host addresses, name servers, and mail hosts but also extracts useful information like bind versions and unlisted sub-domains. It also has reverse DNS lookup utilities that can be used  for C class network ranges. If your using this tool without a dictionary then you aren’t using it to it’s potential.

You can see in the example above that we are performing a search on google.com using a dict as well as a few other options. In the end we check the xml file that we save the info to which can be saved to our information bank and/or used later with another application such as magictree. This tool takes some time to run if your using a lot of options so be weary of that in your information gathering.

This tool isn’t to be ran around on every site on the internet and actually violates the terms of service for google which is why the scrape option doesn’t always work. Google has become rather intelligent in blocking automated tools so you will most likely get blocked if other countermeasures aren’t taken. If you do become blocked it can last for days sometimes.

Git Hooks

What is a git hook?

Git hooks are surprisingly something developers know nothing about or have even heard of.  Which is weird because it’s one of those things that you should no doubt be using in your git workflow. If utilized they will take out some of those redundant tasks that you just hate doing or completely forget about. They can also improve code quality across projects with specific needs. I can’t stress enough how happy you will be by learning how to us git hooks and integrating them into your project.

A git hook is a bash script that is ran at certain periods in the execution process when you are working with git. For instance if you are about to push there is the hook pre-push which can be used to execute a script before a push occurs. The script can do anything you want really. You can check your codebase for certain flaws, send out a tweet, or anything to your liking really.

Configure your first hook

By default git has it’s own hooks and init dir which is dependent on your system. These hooks are included in every repo that you create on your system by default and you can check them out by having a look at your .git dir in one of your projects. There are also sample hooks in the .git/hooks dir by default so you can have a look at those for more insight.

To start we’ll need to create a custom directory where we want to store our git templates. I keep any custom code on my machine in my home directory under ~/.code/ so I have mine configured like so

git config --global init.templatedir '~/.code/.git_template'

If we check our globals for git we should see something like

git config -l

The directory can be named anything you want really and doesn’t have to be named the same as mine. After you set your global template directory you will need to add a hooks directory under that.

cd ~/.code/.git_template && mkdir hooks

Now you should see a hooks directory and we will need to set the proper permissions to make the scripts executable.

chmod ug+x ~/.code/.git_template/hooks/*

Next we will want to create a hook inside that hooks dir and we are going to keep is simple. What we are going to do is write a simple bash script that will prepend the current branch name to our commit message. This is useful if your working with multiple branches and want to have a hard reference to that branch name after it has been merged into other branches. I use if for feature branch on occasion and it has proven useful.

touch ~/.code/.git_template/hooks/prepare-commit-msg

If you like here is a sample of that code. What it does is simply get the branch name and checks if we are on master or develop. If we aren’t on either of those branches then it will prepend the current branch wrapped in square brackets to our commit message.


# This way you can customize which branches should be skipped when prepending the commit message.

if [ -z "$BRANCHES_TO_SKIP" ]; then
 # Define the branches to skip if your on an of these branches
 BRANCHES_TO_SKIP=(master develop)

BRANCH_NAME=$(git symbolic-ref --short HEAD)

BRANCH_EXCLUDED=$(printf "%s\n" "${BRANCHES_TO_SKIP[@]}" | grep -c "^$BRANCH_NAME$")
BRANCH_IN_COMMIT=$(grep -c "\[$BRANCH_NAME\]" $1)

if [ -n "$BRANCH_NAME" ] && ! [[ $BRANCH_EXCLUDED -eq 1 ]] && ! [[ $BRANCH_IN_COMMIT -ge 1 ]]; then
 sed -i.bak -e "1s/^/[$BRANCH_NAME] /" $1

Adding your hooks to your project

After you’ve created your git hook navigate to a project that you don’t mind testing out this nifty new script on and type.

git init

This should pull in your new hooks configuration into that repo for you to use. If you want to verify that they are there you can navigate to the .git/hooks directory in your project and check if the files are there and current. Sometimes it doesn’t initialize properly so just be weary of that. Create a new branch and name it anything you like as long as it’s not in that list of BRANCHES_TO_SKIP. Once you complete your changes write up your commit message as usual and you should see the branch name appended to the commit message the you just typed up.

Really that’s it! You can get as creative as you like with these scripts. For instance you can check for debugging chunks of code or keywords such as console.log or var_dump that should probably be excluded from your production code.

Go forth and work smarter not harder!

More information on git hooks

What is Kali Linux

##What is Kali Linux?
Kali Linux previously known as Backtrack is a custom Linux distro maintained by Offensive Security Ltd. It’s main purpose is for digital forensics and penetration testing. It comes with all the tools you need to start hacking and takes some getting to know before you can actually do anything with it. It’s designed as out of the box OS solution that will quickly get you up and hacking from nearly any type of device quickly.

##What Kali Linux is not.
It is not a push button solution that will hack anything at the push of a button. It is not for beginners that don’t understand how computers work. You should have a decent understanding of computers and the internet before you can even dream of doing anything with Kali. It’s not for what you might call a “Script Kiddy”. It’s also not for people that don’t understand the basic fundamentals of computer programming, Linux, once again the internet and how it works. If you don’t have those skills locked down then move along until you do because the truth is there isn’t much you can do besides play around with the OS until you do understand those things. However playing is how you learn so why not try it? Just don’t get frustrated when you can’t push the “Hack Google” button because there isn’t one. If you want to learn more about Kali Linux you can check out the [website]( http://kali.org){:target=”_blank”} for more info.

Update Kali Linux

Kali Linux is by far one of the most awesome and battle tested penetration testing OS’s out there. But sometimes it needs a little love to keep things operating smoothly and just like any OS when you update your getting new features as well as security updates that will keep your system safe from recent security breaches. `apt-get update && apt-get upgrade`

Alternatively you can add the following flag to that command and it will fix any packages that are broken or partially installed on the system. `apt-get update && apt-get upgrade –fix-missing`

Kali will ping the Kali web server checking for new packages listed on their servers now check it’s webservers for updates. If it finds any that need updated then it should ask if you want to install them.

Patiently wait for all of the packages to update, go make a coffee or whatever floats your boat.

No more GUI’s

I’ve decided to throw all all of my GUI dev tools. Which means no more DB, code, or SCM apps for me. All they do is take up space and limit the power of the command line. Aside from the browser and the obvious OS essential apps like Mail I’m strictly working in the console now.

Back to Vim

I’m making the move back to Vim and it’s blows everything else out of the water. I’ve had about a two year period of time where I’ve been trying other editors as my primary and they all seem to offer promise but in the end they fall short of what you can do with Vim and it just suits my needs. It’s already installed in nearly every OS, is configurable, quick, and intuitive ( once you learn the ropes anyways )