2/11/2011

kush.id.au

Got the kush.id.au domain and parked it over the kush.com.fj domain. So all subdomains and e-mail addresses should resolve for the id.au domain.Need to make some changes to the website to allow for this. Also need to upload some new Python scripts that I wrote.
No comments:
Labels: , , , ,

12/03/2010

iCTF - UCSB International Capture The Flag

I was fortunate enough to be invited to join the QUT iCTF team. The objective of the contest is to ensure that a set of required services remain available and un-compromised. In preparation for this task, I decided to setup a dedicated laptop for the contest. I would have been far easier to install a distribution such as BackTrack, but I decided to take the painful path.

First, a friend sold me his old laptop, which was far better than my current notebook. It was a Sony VAIO SZ34GP. I installed CentOS 5.5 on this notebook, just a base install with development libraries and tools. The instructions below provide a brief list of tools and their associated configurations. 

Repositories
There's a need to set-up some additional repositories for CentOS to enable the installation of additional thir party applications. For more information refer to References 3Section.

  1. sudo bash
  2. cd /etc/yum.repos.d/
  3. wget -q -O - http://www.atomicorp.com/installers/atomic |sh
  4. wget http://dries.eu/pub/dries-el.repo
  5. wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-1.el5.rf.i386.rpm
  6. rpm -ivh rpmforge-release-0.5.1-1.el5.rf.i386.rpm
  7. yum update
Installation

Install tools to be used for the competition. Most of the tools are penetration testing tools I have used in the past. I made a point of installing the development libraries and tools during the CentOS installation. This would be useful for developing and testing possible exploits.

  1. sudo yum -y install nmap
  2. sudo yum -y install amap
  3. sudo yum -y install hydra
  4. sudo yum -y install aide
  5. sudo yum -y install snort
  6. sudo yum -y install nikto
  7. sudo yum -y install ntop
  8. sudo yum -y install fail2ban
  9. sudo yum -y install tcptrack
  10. sudo yum -y install dsniff
  11. sudo yum -y install ngrep
  12. sudo yum -y install fragroute
  13. sudo yum -y install hping
  14. sudo yum -y install scapy
  15. sudo yum -y install tcptraceroute
  16. sudo yum -y install firewalk
  17. sudo yum -y install iptraf
  18. sudo yum -y install kismet
  19. sudo yum -y install ettercap
ChaosReader
  1. Download latest version from source forge (http://chaosreader.sourceforge.net)
  2. sudo mkdir -p /opt/chaosreader
  3. sudo cp chaoreader0.94 /opt/chaosreader/
  4. sudo chmod 755 /opt/chaosreader/chaoreader0.94
  5. sudo ln -s /opt/chaosreader/chaoreader0.94 /usr/local/bin/
John the Ripper
  1. wget http://www.openwall.com/john/g/john-1.7.6.tar.gz
  2. tar zxvf john-1.7.6.tar.gz
  3. cd john-1.7.6
  4. cd src
  5. make
  6.  clean linux-x86-any
  7. sudo mv ../run /opt/john-1.7.6
  8. sudo chown -R root:root opt/john-1.7.6
  9. mv /opt/john-1.7.6/john.conf /opt/john-1.7.6/john.ini
  10. sudo ln -s /opt/john-1.7.6/john /usr/local/sbin/
  11. sudo ln -s /opt/john-1.7.6/john.ini /usr/local/sbin/
OpenVAS
  1. sudo yum -y install openvas-server openvas-client openvas-scanner
  2. sudo openvas-mkcert
  3. sudo /usr/sbin/openvas-nvt-syn # Add as a cron job - refer to OpenVAS documentation
  4. sudo /etc/rc.d/init.d/openvas-scanner restart
  5. sudo /usr/sbin/openvas-adduser # Add rules "default accept" if unsure
Skipfish
  1. wget http://skipfish.googlecode.com/files/skipfish-1.81b.tgz
  2. tar zxvf skipfish-1.81b.tgz
  3. sudo mv skipfish-1.81b /opt/
  4. sudo ln -s /opt/skipfish-1.81b/skipfish /usr/local/sbin/
  5. sudo ln -s /opt/skipfish-1.81b/sfscandiff /usr/local/sbin/
  6. sudo chown -R root:root /opt/skipfish-1.81b
VMWare Server
  1. Download the latest VMWare Server, at the time of this blog it was version 2.0.2
  2. tar zxvf VMware-server-2.0.2-203138.i386.tar.gz
  3. cd vmware-server-distrib
  4. sudo ./vmware-install.pl
References:

  1. http://ictf.cs.ucsb.edu/
  2. http://rpmrepo.org/RPMforge
  3. http://www.backtrack-linux.org/
  4. http://wiki.centos.org/AdditionalResources/Repositories
  5. http://www.openvas.org/
  6. http://www.alienvault.com/free_nessus_feed.php
  7. http://www.hacktoolrepository.com/
No comments:
Labels: , , , , , , , , , , , , ,

11/23/2010

Installing Metasploit Framework on Ubuntu

Recently, I had to install Metasploit Framework on Ubuntu. I thought I would document the instructions here. Be sure to check the downloads page on the Metasploit website (http://www.metasploit.com) to get the current version. At the time of this blog the latest version was 3.5.0.

  1. wget http://updates.metasploit.com/data/releases/framework-3.5.0.tar.bz2
  2. bunzip2 framework-3.5.0.tar.bz2
  3. tar xvf framework-3.5.0.tar
  4. sudo cp -a msf3 /opt/msf3
  5. sudo ln -sf /opt/msf3/msf* /usr/local/bin/
  6. sudo svn update /opt/msf3/
  7. sudo crontab -e -u root # Enter "1 * * * * /usr/bin/svn update  /opt/msf3/ >> /var/log/msf3update.log 2>&1"
 References:
  1. http://www.metasploit.com/redmine/projects/framework/wiki/Install_Ubuntu
  2. http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
No comments:
Labels: , , , , , , ,

11/12/2010

Fake ARP Daemon

The Fake ARP Daemon, or FARPD, provides the implementation of a fake ARP daemon for use with HoneyD. It responds to ARP requests for IP addresses modelled using HoneyD, to a specific interface MAC address. FARPD is required to set up HoneyD networks on the test bed. However it has been initially develop for the BSD platform, as a result installation on SysV systems needs a bit of work if compileing from a source tar ball.


  1. wget http://farpd.sourcearchive.com/downloads/0.2-10/farpd 0.2.orig.tar.gz
  2. wget http://farpd.sourcearchive.com/downloads/0.2-10/farpd 0.2-10.diff.gz
  3. tar zxvf farpd 0.2.orig.tar.gz
  4. gunzip farpd 0.2-10.diff.gz
  5. cd farpd-0.2
  6. patch -p1 ¡ ../farpd 0.2-10.diff
  7. mkdir -p /usr/lib/bin
  8. ln -s /usr/bin/dnet-config /usr/lib/bin/dnet-config
  9. ln -s /usr/bin/dnet-config /usr/lib/bin/dumbnet-config
  10. ./configure –with-libdumbnet=/usr/lib –with-libevent=/usr
  11. ln -s /usr/include/dnet.h /usr/include/dumbnet.h
  12. make
  13. sudo make install
Actual unpublished research project can be found at http://eprints.qut.edu.au/39098/
No comments:
Labels: , , , , , ,

11/03/2010

Chinese Cheapness... me likey vely much

I finally decided to get a tablet. I already have a laptop for all my usual work requiring mobility, and have a dual screen workstation for heavy work at home. I could not justify spending a couple of hundred dollars on a gadget. Even though I would like to develop application for the Android platform, software emulators would do just as well for testing and deployment evaluation, but I got an Android tablet anyway... not one that is a high end, high quality and thus having a high price tag attached to it... I got a Chinese Cheapness... an Eken M0021 to be exact, off of eBay!



In all honesty, given the budget and the reviews, expectations were low. I was surprised when I got the box. Initially I thought I was shipped the incorrect model, as the box depicted an Eken M001 tablet and not the expected Eken M002. However once I opened the box, I discovered the correct unit inside. The packaging was slightly damaged, I suspected this may have happened during transit. The box contained an AC charging adapter, a small manual, which was promptly discarded back into the box, a small stylus and a 30 pin USB cable similar to the standard iPhone or iPod cable.

I pressed the power button, checked out settings, etc. to make sure the unit was working properly. Left the seller my feedback on eBay. I knew that the Android Market application was not installed. Fortunately I was prepared, and had downloaded the latest firmware previously2. Since the unit did not arrive with any SD card, I used an old 2GB card I had lying about. I flashed the firmware as per the instructions on the slatedroid.com site without any issues.

Screen
The unit is features a nice durable aluminium body. This gives it a nice feel. The 7" resistive touch screen provides 800x480 16:9 display and input. Since it's a resistive screen, this means no multi-touch. The bootup process seems to take a good minute or two one minute and thirty seconds. Probably because of the low 128MB RAM running at 800 Mhz and light weight VIA MW8505 CPU running at 533Mhz. The touch screen itself appeared very poor. It seems to be more sensitive in one corner and less on the other corner.

A close examination revealed that there is a slight ripples/buldge across the screen, as though a large screen was forced into a small case, instead of being completely smooth. The unit appeared to perform better to a human touch rather than prompting and provocation by the mechanical stylus.

Capacity
The internal storage is only appears to be only 1GB. As previously mentioned I am running the unit with a 2GB SD card, the product website seems to claim it can support up to 32GB. So will update the blog when I run out of space on the current card, which seems unlikely.

Battery
Since I'd already read the reviews, I wasn't expecting much in terms of runtime. Unlike the iPad which delivered between 10hrs to 12hrs runtime, the M002 would give you between 1hr to 2hrs depending on what you were running.


Ports
On the base of the unit you have several ports, one for the SD card, the 30pin USB port, 3.5mm head phone jack, the power adapter port and a small pin hole labelled MR, which I assumed meant master reset. Without hesitation a conveniently located paper clip was straightened and inserted, and the unit reset. Also the USB port seems to fit upside-down.

Networking
I've seen picture of adapter that plug into the 30pin USB port and provide an RJ45 connection. However the unit natively supports 802.11B and 802.11G, capable of working with WPA2. This is very simple to set up and worked without issues.


Camera
I didn't even bother checking the resolution. The image appears to be so low resolution it reminded me of the camera on my old Nokia 2760 phone. This is exactly what I had expected for the dollars spent. If you want HD just get an iPad.


Android Market
The main reason for the firmware upgrade was to get access to the Android Market. Since its a toy, all the useful applications were installed, i.e. Facebook, Dolphin Browser, anti virus (not sure why), WeatherBug, Blogaway, Touiteur, Kindle, RealCalc, eBay, Dropbox, mAnalytics, Speed Test, ConnectBot and Wifi Analyser, Ping, Pinger, AndroidVNC, Remote RDP Lite, SecurityInfo.com Net Audit.

Performance

  • The resolution of the YouTube video play back does not seem the best, but gets the job done. 
  • The Home screen keeps crashing so I get "Sorry! Activity Home (in process android.process.acore) is not responding", this is annoying to say the least. I installed Home++, things are much better now
  • Using the USB port does not appear to charge the unit, so I need to have the AC plugged in to charge. 
  • The orientation changing from landscape to portrait and visa-versa is not very response at time, am not sure if this a software issue with Android or hardware issue with the accelerometer.
  • The Skype client does not support Skype over the Wifi link, so cannot make voice calls using Skype.
Issues

The battery runtime leaves a lot to be desired, but I knew this before I got the unit. Issues, the unit does tend to overheat to the extent that it's not comfortable holding it in the palm of your hand for prolonged periods of time. This overheating issue is the only one that I was not aware off. The bottom line is that I was prepared for, and knew what I was getting. For anyone considering a tablet for regular use for anything other than recreation, this unit is not for you, and you should probably wait for Google gPad.

When I have some more time, I will try to see if there is a better custom firmware and run that to see if it makes a difference.

References

  1. http://www.ekengroup.com/en/products/show.asp?id=17
  2. http://www.slatedroid.com/eken-m002-firmware-development/8279-[-piece-software-flashed-device-expand-its-functionality]-m002s-2-0-plus.html
No comments:
Labels: , ,

10/24/2010

Mildly Amusing

It's only mildly amusing but perhaps more of a disappointment what people are passing off as blogs these days.

Sure everyone has a right to their opinions and an equal right to express them on blogs, but the pretentious content expressed on some blogs is simply misleading and in my opinion an abuse of trust.

Blog readers vest a certain level of trust in bloggers to accurately represent their perception of the common truth. It's simply unbecoming when bloggers make up facts just to support their opinions and claims.

There should definitely some form of blog peer review to rank blogs for their content. Possible criteria proposed could be Factual, Opinion, Technical, etc. or TA for bloggers talking out of their bottoms.

So until some form of peer review, approval and/or ranking is implemented please file this one under Opinion or TA, whichever takes your fancy...


- Posted using BlogPress from my iPhone 3GS
2 comments:
Labels: , ,

10/09/2010

MSOHTMED.EXE and MSOXMLED.EXE

When attempting to edit a HTML document, the Microsoft XML editor may be used. However occasionally this may not function correctly and result in high CPU usage by the MSOHTMED.EXE and MSOXMLED.EXE processes. Using Windows TaskManager to kill the processes may not work also.

To correct this change the HTML document editor specified in Internet Options.
Control Panel - Internet Option - Programs tab - HTML editor field

Reverting back to the original setting also work, but I prefer using Vim for Windows to edit my HTML documents anyway :)
5 comments:
Labels: , , ,

10/06/2010

"Spellling" in gVim

To enable spell check in gvim
:set spell spelllang=en_au


To correct highlighted word
z=


To disable spell check
:set nospell
No comments:
Labels: , , , , ,

9/12/2010

if (Indians || Endians) {...

As part of my research project have been working on some network code in C++. Ran into a couple of issues, which were tracked down to incorrect endian orientation, i.e. big-endian vs. little-endian. While testing a couple of theories, came up with a demo app which may be useful to someone.

#include
#include

#include // printf
#include // atoi

using std::cout;
using std::endl;
using std::string;

/**
 * Declare an integer and check if the high order byte is used or not
 * If the high order byte is used then it's little endian based machine
 * else its using big endian. The function isBigEndian is
 * define as a macro for inline substitution at compile time.
 */
const int ENDIAN = 1;
#define isBigEndian() ((*(char*)&ENDIAN) == 0)

// function prototypes
int reverseInt( int );
void usage();
/**
 * main entry point into the endian demo application. The application accepts
 * an integer from the command-line arguments and displays it as an int, as a
 * hex value and then finally the raw bytes. If the machine is a little-endian
 * based processor then details of the int is also displayed.
 *
 * @param argc - int specifying the number of command line
 *               arguments
 * @param argv - char ** containing the actual command line
 *               arguments
 * @return int - 0 on success, else non-zero value
 */
int main( int argc, char **argv ) {
  // check command line arguments
  if ( argc != 2 ) {
    usage();
    return -1;
  }

  // parse and process command line arguments
  int x = atoi( argv[1] );                  // get the int
  unsigned char *ptr = (unsigned char *)&x; // byte array pointer to int
  int y = 0;                                // variable to hold the reverse int

  // display the int size
  cout << "sizeof(int) = " << sizeof(int) << endl << endl;

  // display info on the int
  printf("dec: %d\n", x);
  printf("hex: 0x%x\n", x);
  printf("bytes: ");
  for (int i=0; i < sizeof(int); i++) {
    printf("0x%x ", ptr[i] ); // using cout is too anoying for formatting!!
  }
  cout << endl;
  string str(( const char * ) ptr );
  cout << "str: " << str << endl;

  // determine endian orientation of machine
  if ( isBigEndian() ) {
    cout << "Big Endian Machine!!!" << endl;
  } else {
    cout << "Little Endian Machine!!!" << endl;
    y = reverseInt(x); // reverse the int
    printf("dec: %d\n", y);
    printf("hex: 0x%x\n", y);
    printf("bytes: ");
    ptr = (unsigned char *)&y;
    for (int i=0; i < sizeof(int); i++) {
      printf("0x%x ", ptr[i] ); // using cout is too anoying for formatting!!
    }
    cout << endl;
    str = (const char *)ptr;
    cout << "str: " << str << endl;
  }

  return 0;
}

/**
 * Should only be called on little endian processers. Reverses the int byte
 * order for little endian machines.
 *
 * @param iNum - int to reverse
 * @param int - the reversed int
 */
int reverseInt( int iNum ) {
  unsigned char *rev = new unsigned char[sizeof(int)];
  for ( int i = 0; i < sizeof(int); i++ ) {
    rev[i] = (iNum >> (8*i)) & 255;
  }

  int ret = 0;
  for ( int i = 0; i < sizeof(int); i++ ) {
    ret += (int)rev[i] << ((sizeof(int) - (i+1)) * 8);
  }

  return ret;
}

/**
 * usage displays the demo program usage information. The usage
 * information is output to stdout.
 */
void usage() {
  cout << "Usage: endian INT" << endl;
  cout << "Endian demo application to check and manipulate int for endian use";
  cout << endl << endl;
  cout << "  INT\t- int value";
  cout << endl << endl;
  cout << "Example:" << endl;
  cout << "  endian 65535" << endl;
}
No comments:
Labels: , , , ,

9/01/2010

Google yourself - Self-googling as a tool for privacy protection

Due to the growth of recent social networking web application such as Facebook, Twitter, etc. its not un-common to unknowingly disclose personal details into the public domain. The use of seach engines such as Google is a popular way to find out if you have increased the potential vulnerability of identity theft. 


Whilst "self‐googling, can be the theory of narcissism,"2 its also a good way to investigate personal, and related information about oneself. The consequences of having an unwanted Internet presence can be quite serious, not only from an information security perspective, but also from a social one. Once you have identified the appropriate information you need to remove them, this is the hard part. Google Webmaster tools provide several guidelines for this.


Digital presence create cyber footprint which are not always so easy to get rid off, and can follow the unsuspecting cyber citizen home!!! So perhaps Googling yourself every once in a while is a healthy thing and no so bad after all. 


References:

  1. http://www.google.com/webmasters/tools/removals
  2. http://www.citeulike.org/user/thiemehennis/article/6895338
  3. http://www.stopcyberbullying.org/take_action/google_yourself.html
  4. http://www.time.com/time/business/article/0,8599,1893965,00.html
  5. http://www.wikihow.com/Ungoogle-Yourself
No comments:
Labels: , ,
Subscribe to: Posts (Atom)