Archive for the ‘Uncategorized’ Category

« Older Entries

Secure remote packet capture and analysis with Wireshark, netcat and SSH

Saturday, November 14th, 2009

I was looking for a reliable way to use Wireshark to monitor(sniff) traffic on several of my remote servers.  Sure there was using tcpdump and then transferring them over and bringing into Wireshark.  Not exactly real time or time saving.

I found some references but not many, and most did not cover the issue of sending pcaps back across insecure connections.  You can’t trust Uncle Sam (or anyone else for that matter) to not peek at your traffic as it passes through peering points.  Eat it, Mr. Fed.  Encryption rocks.

I solved this issue with some port forwarding and netcat.  SSH is incredibly resilient to connectivity interruptions and secure.

You’re going to need to have the following packages installed on both the server and your local workstation.  Use apt-get, yum, aptitude, whatever your distribution warrants.

  1. netcat (http://netcat.sourceforge.net/)
  2. ssh (http://www.openssh.com/)

Wireshark is only needed on your local workstation;

  1. Wireshark (http://www.wireshark.org/)

We have two machines, one the remote host, we’ll call this REMOTE and your local workstation will be LOCAL

At your LOCAL machine, use the following command to setup the necessary ports;

ssh -R 127.0.0.1:3000:127.0.0.1:3000 $REMOTE

Basically, we’re telling ssh to forward port 3000 on localhost on REMOTE to LOCAL at port 3000.  You can choose any combination of ports you desire.  Check the ssh man page for more information and a better explanation.

Open a new terminal window on LOCAL and enter the following;

nc -l 127.0.0.1 3000 | wireshark -k -i -

So what we’ve done here is create a listening socket on LOCAL’s localhost on port 3000 and we’re piping that output to wireshark, which we have told to begin capturing immediately ( -k ) and to use STDIN for input ( -i – ).   You should see wireshark startup, and present a message along the lines of “Waiting for capture to begin…” or something.  This is good.

Now we can wander back to REMOTE and issue the following command;

sudo /usr/sbin/tcpdump -i eth0 -w - not host $YOUR_IP | nc 127.0.0.1 3000

Finally, we fire up tcpdump, instructing tcpdump to listen for traffic on eth0, to write it’s output to STDOUT ( -w – ) and to ignore packets that are to or from $YOUR_IP.  We pipe that into netcat (nc) on localhost on port 3000.

At this point, Wireshark should begin to show signs of life.  If you didn’t do so hot then you should double check the commands and try again.

So in a nutshell, we’re using SSH to reverse port forward a port from the remote machine to your local machine, then start a listening socket using netcat, piping it’s output to Wireshark.  Back on the remote machine, tcpdump is started and the output piped to netcat to send over our SSH connection.  How cool is that?

One point I forgot to mention, remember that you will effectively be doubling your traffic for as long as you’re running tcpdump, as you are sending a copy of EVERY packet across the SSH tunnel to Wireshark, well, really only packets that meet your filter criteria, but I’m sure you get the point.

Tags: ,
Posted in Tools, Uncategorized | No Comments »

Resolving Sansa Media Player issues under Ubuntu 9.04

Saturday, April 25th, 2009

Even tho Ubuntu 9.04 (Jaunty Jackalope) was released only a few days ago, I’ve been running it without issue on most of my systems since alpha (What can I say, I like to live on the edge). Well, nearly without issue.

When plugging in my Sansa e260 into either my Thinkpad or desktop systems the Sansa would not mount in either mode.

Tailing /var/log/syslog/ (tail -f /var/log/syslog) revealed this;
Apr 25 10:04:34 hkb-jaunty kernel: [ 874.500098] usb 1-5: new high speed USB device using ehci_hcd and address 4
Apr 25 10:04:34 hkb-jaunty kernel: [ 874.556334] hub 1-0:1.0: unable to enumerate USB device on port 5
Apr 25 10:04:43 hkb-jaunty kernel: [ 882.804067] usb 1-5: new high speed USB device using ehci_hcd and address 5
Apr 25 10:04:43 hkb-jaunty kernel: [ 883.667500] usb 1-5: configuration #128 chosen from 1 choice
Apr 25 10:04:43 hkb-jaunty kernel: [ 883.689289] scsi7 : SCSI emulation for USB Mass Storage devices
Apr 25 10:04:43 hkb-jaunty kernel: [ 883.689653] usb-storage: device found at 5
Apr 25 10:04:43 hkb-jaunty kernel: [ 883.689657] usb-storage: waiting for device to settle before scanning

After some digging around, I found a bug report at https://bugs.launchpad.net/ubuntu/+bug/345916 points to the modification of a file under /usr/share/hal/fdi/preprobe/10osvendor/. Looks easy enough…

  1. Open a Terminal window (Accessories > Terminal)
  2. cd /usr/share/hal/fdi/preprobe/10osvendor/
  3. sudo cp 20-libgphoto2.fdi 20-libgphoto2.fdi.backup
  4. sudo nano 20-libgphoto2.fdi
  5. Remove all entries between line 6633 and line 6764
    You can use the shortcut Ctrl-k to cut lines.  Make sure the <match> tags are correctly nested and closed otherwise we’ll get all sorts of weird errors.
  6. Use Ctrl-x to save and exit nano

Now reconnect the Sansa.  If you’re still tailing syslog then you should see something like this;
Apr 25 10:10:25 hkb-jaunty kernel: [ 1225.396100] usb 1-5: new high speed USB device using ehci_hcd and address 6
Apr 25 10:10:25 hkb-jaunty kernel: [ 1225.452256] hub 1-0:1.0: unable to enumerate USB device on port 5
Apr 25 10:10:34 hkb-jaunty kernel: [ 1233.980091] usb 1-5: new high speed USB device using ehci_hcd and address 7
Apr 25 10:10:35 hkb-jaunty kernel: [ 1234.847610] usb 1-5: configuration #128 chosen from 1 choice
Apr 25 10:10:35 hkb-jaunty kernel: [ 1234.867573] scsi8 : SCSI emulation for USB Mass Storage devices
Apr 25 10:10:35 hkb-jaunty kernel: [ 1234.867934] usb-storage: device found at 7
Apr 25 10:10:35 hkb-jaunty kernel: [ 1234.867939] usb-storage: waiting for device to settle before scanning
Apr 25 10:10:40 hkb-jaunty kernel: [ 1239.864675] usb-storage: device scan complete
Apr 25 10:10:40 hkb-jaunty kernel: [ 1239.865794] scsi 8:0:0:0: Direct-Access SanDisk Sansa e260 PQ: 0 ANSI: 0
Apr 25 10:10:40 hkb-jaunty kernel: [ 1239.866774] scsi 8:0:0:1: Direct-Access SanDisk Sansa e260 PQ: 0 ANSI: 0
Apr 25 10:10:40 hkb-jaunty kernel: [ 1239.870983] sd 8:0:0:0: [sdb] 7854080 512-byte hardware sectors: (4.02 GB/3.74 GiB)
Apr 25 10:10:40 hkb-jaunty kernel: [ 1239.871834] sd 8:0:0:0: [sdb] Write Protect is off
Apr 25 10:10:40 hkb-jaunty kernel: [ 1239.871840] sd 8:0:0:0: [sdb] Mode Sense: 45 00 00 00
Apr 25 10:10:40 hkb-jaunty kernel: [ 1239.871846] sd 8:0:0:0: [sdb] Assuming drive cache: write through
Apr 25 10:10:40 hkb-jaunty kernel: [ 1239.874596] sd 8:0:0:0: [sdb] 7854080 512-byte hardware sectors: (4.02 GB/3.74 GiB)
Apr 25 10:10:40 hkb-jaunty kernel: [ 1239.875469] sd 8:0:0:0: [sdb] Write Protect is off
Apr 25 10:10:40 hkb-jaunty kernel: [ 1239.875474] sd 8:0:0:0: [sdb] Mode Sense: 45 00 00 00
Apr 25 10:10:40 hkb-jaunty kernel: [ 1239.875479] sd 8:0:0:0: [sdb] Assuming drive cache: write through
Apr 25 10:10:40 hkb-jaunty kernel: [ 1239.875485] sdb: sdb1 sdb2
Apr 25 10:10:40 hkb-jaunty kernel: [ 1239.880717] sd 8:0:0:0: [sdb] Attached SCSI removable disk
Apr 25 10:10:40 hkb-jaunty kernel: [ 1239.880842] sd 8:0:0:0: Attached scsi generic sg2 type 0
Apr 25 10:10:40 hkb-jaunty kernel: [ 1239.883016] sd 8:0:0:1: [sdc] Attached SCSI removable disk
Apr 25 10:10:40 hkb-jaunty kernel: [ 1239.883120] sd 8:0:0:1: Attached scsi generic sg3 type 0
Apr 25 10:10:40 hkb-jaunty hald: mounted /dev/sdb1 on behalf of uid 1000

After preforming updates, you might have to re-edit the 20-libgphoto2.fdi file, as your changes may be over written by newer packages.

As always, your mileage may vary.

Related Links:

Tags: , , ,
Posted in Tools, Uncategorized | No Comments »

Installing netqmail-1.06, vpopmail 5.4.25 and Dovecot on CentOS 5.2

Thursday, December 18th, 2008

Before I start any installation of any software, I like to create a working folder, where all the packages and patches and such will live.

mkdir /home/kurth/qmail

Next we grab the packages for netqmail and vpopmail.

wget http://www.qmail.org/netqmail-1.06.tar.gz
wget http://shupp.org/patches/netqmail-1.05-tls-smtpauth-20070417.patch
wget http://superb-east.dl.sourceforge.net/sourceforge/vpopmail/vpopmail-5.4.25.tar.gz

And get a few patches
http://inoa.net/qmail-tls/netqmail-1.05-tls-20070408.patch

Uncompress netqmail-1.06 and vpopmail-5.4.25 tarballs.

tar zfvx netqmail-1.06.tar.gz
tar zfvx vpopmail-5.4.25.tar.gz

Apply Patches
cd netqmail
patch -p1 < patch

Before we can compile and install netqmail, we'll need to create system users for the qmail daemons to run as.

sudo /usr/sbin/groupadd nofiles
sudo /usr/sbin/useradd qmaild -g nofiles -d /var/qmail -s /nonexistent
sudo /usr/sbin/useradd alias -g nofiles -d /var/qmail/alias -s /nonexistent
sudo /usr/sbin/useradd qmaill -g nofiles -d /var/qmail -s /nonexistent
sudo /usr/sbin/useradd qmailp -g nofiles -d /var/qmail -s /nonexistent
sudo /usr/sbin/groupadd qmail
sudo /usr/sbin/useradd qmailq -g qmail -d /var/qmail -s /nonexistent
sudo /usr/sbin/useradd qmailr -g qmail -d /var/qmail -s /nonexistent
sudo /usr/sbin/useradd qmails -g qmail -d /var/qmail -s /nonexistent

With the users created, proceed to compile and install netqmail-1.06.

cd netqmail-1.06
sudo make setup check
sudo ./config

That’s it. Yes. netqmail is installed. Not running or configured, but installed. Onwards to vpopmail!

Like qmail, vpopmail requires local groups and users to run under. Create them now.

sudo /usr/sbin/groupadd -g 89 vchkpw
sudo /usr/sbin/useradd -g vchkpw -u 89 vpopmail

Then enter the vpopmail-5.4.25 dir, compile and install.

cd ../vpopmail-5.4.25
sudo ./configure --enable-roaming-users
sudo make install

You many want to review the INSTALL file in the vpopmail-5.4.25 dir for additional configure options. The configure script requires root access, so it must be run with root privs. That should be it. vpopmail should be installed.

Now we need to create netqmail’s control files.
sudo su
echo '20' > /var/qmail/control/concurrencyincoming
echo './Maildir' > /var/qmail/control/defaultdelivery
echo 'my.domain.tld' > /var/qmail/control/defaultdomain
echo 'my.domain.tld' > /var/qmail/control/me
echo 'my.domain.tld' > /var/qmail/control/locals
echo 'my.domain.tld' > /var/qmail/control/rcpthosts
echo 'domain.tld' > /var/qmail/control/plusdomain
exit;

notice that I put the full local name in the locals file. This allows me to send email to root@my.domain.tld and have it delivered to the local root user.

Create the /var/qmail/rc file.

#!/bin/sh
# Using stdout for logging
# Using control/defaultdelivery from qmail-local to deliver messages by default
exec env - PATH="/var/qmail/bin:$PATH" \
qmail-start "`cat /var/qmail/control/defaultdelivery`"

Make the script executable
chmod 755 /var/qmail/rc

Setup system aliases. Replace ‘kurth’ with your email address or user.

sudo su
echo kurth > /var/qmail/alias/.qmail-root
echo kurth > /var/qmail/alias/.qmail-postmaster
echo kurth > /var/qmail/alias/.qmail-mailer-daemon
echo kurth > /var/qmail/alias/.qmail-abuse
chmod 644 /var/qmail/alias/.qmail-*

Remove sendmail evil. Replace with a softlink to netqmail’s sendmail replacement.
sudo yum remove sendmail
sudo ln -s /var/qmail/bin/sendmail /usr/lib
sudo ln -s /var/qmail/bin/sendmail /usr/sbin

Create the supervise scripts for qmail-smtpd, qmail-send and qmail-smtpd-submission

Create /service/qmail-send/run. This file simply starts the /var/qmail/rc under supervise.
#!/bin/sh
exec /var/qmail/rc

Start logging /service/qmail-send/log/run
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail

Create the /service/qmail-smtpd/run. Notice the softlimit amount has been increased to 20 Megabytes.
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
exec /usr/local/bin/softlimit -m 20000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /var/qmail/bin/qmail-smtpd 2>&1

Enable smptd /service/qmail-smtpd/log/run
#!/bin/sh
exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail/smtpd

Create /service/qmail-smtpd-submission/run. Submission (port 587) is often used by roaming clients to bypass provider blocks on normal smtp (port 25).
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
exec /usr/local/bin/softlimit -m 30000000 \
/usr/local/bin/tcpserver -v -H -R -l "$LOCAL" -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 587 \
/var/qmail/bin/qmail-smtpd recordio /home/vpopmail/bin/vchkpw /usr/bin/true 2>&1

Enable logging by creating /service/qmail-smtpd-submission/log/run containing the following.
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
export PATH
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-smtpd-submission 2>&1

Make files executable.

chmod 755 /service/qmail-send/run
chmod 755 /service/qmail-send/log/run
chmod 755 /service/qmail-smtpd/run
chmod 755 /service/qmail-smtpd/log/run
chmod 755 /service/qmail-smtpd-submission/run
chmod 755 /service/qmail-smtpd-submission/log/run

At this point svscan should have picked up the newly created run scripts. After all this I like to pull down all /service/qmail-* services and restart them.

svc -t /service/*

We need a daemon to provide IMAPS and POP3S. dovecot is popular and supports ./Maildir/ out-of-the-box.

sudo yum install dovecot

Now we can finally create our first domain!

sudo /home/vpopmail/bin/vadddomain domain.tld password
domain.tld added!
sudo /home/vpopmail/bin/vadduser kurth@domain.tld password
and user kurth@domain.tld with password of password has been added. At this point you should send a test email to the account to ensure everything is working.

I use the tail command to watch all the logs at once.
sudo tail -f /var/log/qmail/current /var/log/qmail/smtpd/current /var/log/qmail/qmail-smtpd-submission

OK, we’re ready to create the init script and fire up your netqmail server for the first time! This is the init script I have used for quite a while. I believe it might be from The Qmail Handbook by Dave Sill, but I forgot long ago.

#!/bin/sh
PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin
export PATH
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
case "$1" in
start)
echo "Starting qmail"
if svok /service/qmail-send ; then
svc -u /service/qmail-send /service/qmail-send/log
else
echo "qmail-send supervise not running"
fi
if svok /service/qmail-smtpd ; then
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
else
echo "qmail-smtpd supervise not running"
fi
if [ -d /var/lock/subsys ]; then
touch /var/lock/subsys/qmail
fi
;;
stop)
echo "Stopping qmail..."
echo " qmail-smtpd"
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo " qmail-send"
svc -d /service/qmail-send /service/qmail-send/log
if [ -f /var/lock/subsys/qmail ]; then
rm /var/lock/subsys/qmail
fi
;;
stat)
svstat /service/qmail-send
svstat /service/qmail-send/log
svstat /service/qmail-smtpd
svstat /service/qmail-smtpd/log
qmail-qstat
;;
doqueue|alrm|flush)
echo "Flushing timeout table and sending ALRM signal to qmail-send."
/var/qmail/bin/qmail-tcpok
svc -a /service/qmail-send
;;
queue)
qmail-qstat
qmail-qread
;;
reload|hup)
echo "Sending HUP signal to qmail-send."
svc -h /service/qmail-send
;;
pause)
echo "Pausing qmail-send"
svc -p /service/qmail-send
echo "Pausing qmail-smtpd"
svc -p /service/qmail-smtpd
;;
cont)
echo "Continuing qmail-send"
svc -c /service/qmail-send
echo "Continuing qmail-smtpd"
svc -c /service/qmail-smtpd
;;
restart)
echo "Restarting qmail:"
echo "* Stopping qmail-smtpd."
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo "* Sending qmail-send SIGTERM and restarting."
svc -t /service/qmail-send /service/qmail-send/log
echo "* Restarting qmail-smtpd."
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
;;
cdb)
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
chmod 644 /etc/tcp.smtp.cdb
echo "Reloaded /etc/tcp.smtp."
;;
help)
cat < stop -- stops mail service (smtp connections refused, nothing goes out)
start -- starts mail service (smtp connection accepted, mail can go out)
pause -- temporarily stops mail service (connections accepted, nothing leaves)
cont -- continues paused mail service
stat -- displays status of mail service
cdb -- rebuild the tcpserver cdb file for smtp
restart -- stops and restarts smtp, sends qmail-send a TERM & restarts it
doqueue -- schedules queued messages for immediate delivery
reload -- sends qmail-send HUP, rereading locals and virtualdomains
queue -- shows status of queue
alrm -- same as doqueue
flush -- same as doqueue
hup -- same as reload
HELP
;;
*)
echo "Usage: $0 {start|stop|restart|doqueue|flush|reload|stat|pause|cont|cdb|queue|help}"
exit 1
;;
esac
exit 0

Posted in Uncategorized | 1 Comment »

Super useful SSH option (Quick and dirty SOCKS Proxy with SSH)

Thursday, October 16th, 2008

Reading the ssh manpage with my morning tea, and I read this:


-D [bind_address:]port
Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file.

IPv6 addresses can be specified with an alternative syntax: [bind_address/]port or by enclosing the address in square brackets. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of “localhost” indicates that the listening port be bound for local use only, while an empty address or ‘*’ indicates that the port should be available from all interfaces.


SOCKS proxy you say? Neat!

At a terminal:
hkb@voyagerone:~$ ssh -D 5050 kurth@my.proxy.host

You will be asked to login as normal, using your password or key and then placing you at your default shell.

Then modify your system proxy settings, or just your Firefox settings to use a SOCKS proxy on port 5050. You can use any port, as long as it’s above 1024, I just chose 5050.

I’ve noticed that doing this from within a firewalled network I noticed a significant speed increase in my surfing using the proxy then using without. YMMV.

EDIT:  Added Screenshots from Firefox.

Edit > Preferences > Network Tab > Settings

Firefox Preferences Window

Firefox Preferences Window

Your settings should look something like this.

Firefox Proxy Settings Window

Firefox Proxy Settings Window

Posted in Other Random Stuff, Tools, Uncategorized | No Comments »

Interesting bit from security-basics mailing list

Thursday, October 16th, 2008

On Wed, Oct 15, 2008 at 6:21 AM, Craig Wright
wrote:
> > The simple answer is that it does not matter. A single wipe (done
> > correctly) will make it infeasible for ANYONE (even governments) to
> > recover information.
> >
> > If you go to the page:
> > http://seclab.cs.sunysb.edu/iciss08/program.html
> >
> > There is a paper being presented:
> > “Overwriting Hard Drive Data: The Great Wiping Controversy”
> > Craig Wright, Dave Kleiman and Shyaam Sundhar R.S..
> >
> > The paper details this issue. A few people have seen it already. It
> > will be available (published) in Dec in the Springer Verglag LNCS
> > series. We hope that this paper will finally put some of the silly
> > myths to rest.
> >
> > Regards,
> > Craig Wright GSE-Malware, GSE-Compliance
> >

Don’t mislead. Allow me to explain in more depth. A bit on a hard
drive is, in theory, either a 0 or a 1. If this is true, then one wipe
will be more than enough. However, in reality 0 or 1 in charge are
rarely achieved. For example, a bit may be charged to 0.34 or 0.8.
Changing the bit from 0 to 1 will in fact most probably either add or
subtract 0.7 (roughly that for the drives I’ve worked with on this),
which is more than enough for the head to read it as either a 1 or 0.
However, an established change rate (the ~0.7) can be established for
the drive in question, researchers may be able to recover at least one
history back, sometimes even two or three generations back.

For this reason, several runs are necessary.


Razi Shaban

Posted in Uncategorized | No Comments »

Unable to access the internet properly after upgrade to Ubuntu 8.10

Tuesday, September 30th, 2008

Just upgraded to Ubuntu 8.10 last night. Everything went smoothly, however after rebooting I found I couldn’t get Firefox to load any websites. Sometimes the page would begin to load, then hang, and eventually fail the pageload. I also found I couldn’t access any repositories via apt-get.

While I’m cannot be sure if this value would have changed, I resolved this issue with the following command.

kurth@theship:~$ sudo /sbin/ifconfig eth0 mtu 1492

The default value is 1500b, which is too large for PPPoE payload. 1492b is smaller and therefore fits within the payload area.

Edit your /etc/network/interfaces file and add the following;

mtu 1492

The setting will now remain between reboots.

Tags: , , ,
Posted in Uncategorized | No Comments »

THC discloses ePassport cloning

Monday, September 29th, 2008

That’s right.

http://blog.thc.org/index.php?/archives/4-The-Risk-of-ePassports-and-RFID.html and http://freeworld.thc.org/thc-epassport/

Get to work kids.  For a few hundred dollars in gear, you too can now clone and possibly generate fake, but valid passports for all your terrorist friends. :^)

Interesting times indeed.

Tags: , , ,
Posted in Uncategorized | No Comments »

As seen on I-89S

Monday, September 29th, 2008
Seen on I-89S

Back Window Text: 1) Hey EXXON Mobil! 2) Wheres the vaseline? 3) It's beginning to hurt!

Posted in Uncategorized | No Comments »

If this is my fellow American, you can let me out right here, thanks.

Saturday, September 27th, 2008

Take a look at this video:

Wow.  Well informed public?  Not here.

I guess I’m amazed that there is a single person that believes that Republican smear bullshit.  Don’t worry lady,  the rest of us, will informed, teeth having citizens will ensure your reproductive rights remain intact….even though I’m pretty sure you shouldn’t be reproducing….at all….regardless of who the father^H^H^H^Hfamily member is.

Posted in Uncategorized | No Comments »

The Great Gig In The Sky

Tuesday, September 16th, 2008

I just learned from Reddit (of all places) that Rick Wright has passed away of cancer.

How depressing.  Pink Floyd, the ultimate band, will never sound the same again.  I should really take the chance to see them next time they’re touring in the U.S.

To the best of my knowledge, this is the original Us and Them video,

I also like this version, with scenes from 2001: A Space Odyssey.

Posted in Uncategorized | 1 Comment »

PCWorld’s Cyber Crime Hall of Fame.

Monday, September 8th, 2008

PCWorld has a piece about the top nine or ten “cyber crimes” of all time.

While the article gives enough to wet your appetite, reading their wikipedia pages will provide a better idea for the kind of talent these guys have.  Here they are, in PCWorld order..

Posted in Uncategorized | No Comments »

Installing Backtrack 3 to a harddrive

Saturday, August 30th, 2008

So it took me some googling, but I eventually found partial instructions over at http://www.remote-exploit.com. I found them lacking and omitting a few steps, like reconfiguring fstab before reboot. So, here are my notes.

I started with a clean drive, so you might have to manipulate your partition tables. I’m going to assume that you’re comfortable working with partition tables. If not, work on your google-fu.

Here’s the steps I took to install Backtrack 3 on to my laptop harddrive

  1. Boot system from Backtrack 3 CD.
  2. Once booted, open a terminal and type; cfdisk
  3. Re-configure your partitions. I made several; / , /boot, /var, /tmp, /home, swap. Be sure to set your / or /boot partition to be bootable.
  4. When your changes are complete, use the write option and type YES to confirm the changes.
  5. Reboot, booting from the Backtrack 3 CD again.
  6. When the system restarts, open a terminal and enter preform the following;
    bt~# mkswap /dev/sda5
    bt~# swapon /dev/sda5
    This formats and enables swap space. You’ll need this later
  7. Create directories needed to mount up the partitions you just created. I used the following;
    bt~# mkdir -p /mnt/backtrack/{boot,home,tmp,var}
  8. Now format and mount the partitions you created earlier in steps 1-4. I used the following commands;
    bt~# mkfs.ext3 /dev/sda6
    bt~# mount /dev/sda6 /mnt/backtrack/
    bt~# mkfs.ext3 /dev/sda7
    bt~# mount /dev/sda7/mnt/backtrack/var
    bt~# mkfs.ext3 /dev/sda8
    bt~# mount /dev/sda8 /mnt/backtrack/tmp
    bt~# mkfs.ext3 /dev/sda9
    bt~# mount /dev/sda9 /mnt/backtrack/home
  9. Once all targets are mounted, use the following command to copy the live cd to your harddrive;
    cp --preserve -R /{bin,dev,pentest,root,usr,etc,lib,opt,sbin}
  10. Create additional directories
    bt~# mkdir /mnt/backtrack/{mnt,proc,sys,tmp}
  11. Mount up /mnt/backtrack/dev
    bt~# mount --bind /dev /mnt/backtrack/dev
  12. Mount slash proc!
    bt~# mount -t proc proc /mnt/backtrack/proc
  13. Copy our Linux Kernel into place
    bt~# cp /boot/vmlinuz /mnt/backtrack/boot
  14. Use choot to your new Backtrack 3 installation.
    bt~# chroot /mnt/backtrack /bin/bash
  15. Edit /etc/lilo.conf
    bt~# nano /etc/lilo.conf
    and ensure both the boot and root reflect your local installation. I used options similar to the following;
    boot /dev/sda
    root /dev/sda5
  16. When your changes are complete, write the file and exit nano.
  17. Install lilo on /dev/sda
    bt~# lilo -v
  18. Almost done! Edit /etc/fstab to reflect your partition layout. It should be pretty simple to copy and modify existing entries. Check and double check. If this file is wrong, your system may not boot.
  19. Once done, exit your chrooted environment
    bt~# exit
  20. Reboot! Remove the CD from the drive. If everything has gone properly, your system should boot Backtrack 3. I had to login as root and use the startx command to start KDE.

YMMV.

Tags: ,
Posted in Notes, Tools, Uncategorized | No Comments »

Examine your screenshots. Not like orangelabel.com

Wednesday, August 27th, 2008

Posted in Uncategorized | 3 Comments »

KDevelop on Ubuntu 8.04.1 SSH/SFTP issues

Tuesday, August 26th, 2008

After installing Ubuntu 8.04.1 on my Toshiba laptop, I installed KDevelop, then attempted to use ssh to access files on a remote server.  After typing “ssh://kurth@kurthbemis.com” into the “File Selector” location field, KDevelop responded with this dialog.

The resolution is fairly simple.


hkb@voyagerone:~$ sudo apt-get install kdebase-kio-plugins

and that should be it.  Start, or restart KDevelop and attempt to sftp into a box.  Another workaround would be to use sshfs and simply browse the remote server as if they were local files.  Maybe this is the topic of another post.

Tags: , ,
Posted in Uncategorized | 2 Comments »

Sonicwall can suck nut

Monday, August 25th, 2008

That’s right, suck nut.

Client’s Sonicwall TZ170 is no longer starting, or replying to network requests.  As far as I can tell, it’s a brick, but it does start in safe mode! Safe mode works OK, except the webinterface contains broken javascript bullshit, so I cannot choose the proper firmware and config to use.  Regardless, I set off to attempt to get some assistance in getting this device into a usable state, as it previously was, before it was replaced with an iptables box.

So…

After spending a 45 minutes on hold, playing with phone system menus, I speak to customer service, located in Bangladesh, who informed me that I to speak to technical support, I would have to purchase a support contract.  The support contract would also “allow” the client to receive firmware updates, bulletins (SPAM) and most of all, support. He also stated that there was nothing he was allowed to do but connect me to the sales department if I wanted to speak to someone about this “issue”. I accepted. More holding.

When I finally spoke to a woman in customer service, made every attempt to get her to pass me to tech support, but she wouldn’t. I finally made a comment about Sonicwall’s extortion techniques, and that now I have a $700 brick that I couldn’t get support on without having the client shell out $300+ for support. I told her I was going to throw this piece of shit away, like I should have done long ago. She didn’t say anything, so I hung-up.

What a business practice! Sell closed proprietary hardware, running proprietary software (that is lacking to be nice about it), to people who don’t know any better, then when they attempt to contact tech support to resolve a problem with this proprietary hardware, soak them for additional coin.

I will never again recommend Sonicwall devices to any clients, nor will I willfully use a Sonicwall device. Screw their extortion attempts and shitty hardware. ’nuff said.

Tags: , ,
Posted in Uncategorized | No Comments »

« Older Entries