Gentoo, W3AF, Python and scapy

Hello there,

In this little tutorial, I will show how install scapy to coexists with multiple versions of python under gentoo linux.

The “big”problem is that W3AF is designed to run under python 2.6. and sometimes your default python can be other.

You can check which versions of python your system have typing:

# eselect python list

Well as set which will be your default.

By example: your default python is: 2.7, so if you compile scapy , it will be optimezed to be used with 2.7 and not with 2.6.
To resolve this little problem lets edit the ebuild of scapy and put this:

# vim /usr/portage/net-analyzer/scapy/scapy-2.2.0-r1.ebuild

PYTHON_DEPEND="2:2.6"
SUPPORT_PYTHON_ABIS="1"
RESTRICT_PYTHON_ABIS="3.*"

and in pkg_setup() function comment this:

#       python_set_active_version 2

It is relative easy to do.

now generate new digest, because if you try compile, md5sum will be differ.

# ebuild /usr/portage/net-analyzer/scapy/scapy-2.2.0-r1.ebuild digest

now compile

# emerge scapy

now run W3AF

# python2.6 ./w3af_gui

 

 

Posted in Information | Tagged , , , | Leave a comment

How to block TOR Network with OpenBSD and PF

1 – Fetch tor master nodes ( Used for tor clients fetch exit node list )

* Trick viewed on Network Security Hacks – #hack 53

Download tor source: and edit the following file.

mybox@knights ~/tor-0.2.1.26 $ vi src/or/config.c

look for the function below: 

dd_default_trusted_dir_authorities(authority_type_t type)
{
int i;
const char *dirservers[] = {

“moria1 orport=9101 no-v2 ”
“v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 ”
“128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31”,

“tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 ”
“86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D”,

“dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 ”
“194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755”,
….
NULL
};

so the master tor nodes are: 128.31.0.39, 86.59.21.38, 192.109.206.212, …..

2 – now, we need a list of tor exit nodes, this can be obtained by the follow way:

Directly from tor website: 

$ wget -q -O - --no-check-certificate https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=YOUR_IP_ADDRESS > index.html

or by the below url, there is no need to supply your IP address ( I’m not sure how it works ) but the exit nodes are the same as the one on Tor website.

$ wget -q --no-check-certificate https://213.160.111.20/torlist/
( https://www.dan.me.uk/torlist/ )

The list is update every hour. A good way would be to place the command in the crontab, we now have the tor master nodes and the tor exit nodes

lets enable the rules on OpenBSD/PF ( pf.conf )

table <tormaster> { 128.31.0.39, 86.59.21.38, 192.109.206.212 }

* remember exists more tor master, I put some.

table <tornodes> persist file "/path/of/your/index.html"

the rules:

block in quick on $int_if to { <tormaster>, <tornodes> }
block in quick from { <tormaster>, <tornodes> }

* Don't forget to reload rules every one hour after get new exit nodes.

Happy Block

 

 

 

Posted in Network, OpenBSD | Tagged , , | Leave a comment

Configuring WPAD under OpenBSD

Hello there,

First of all, what is wpad ?

WPAD is acronym to Web Proxy Autodiscovey Protocol, it is reponsible for automatic detecting of proxy under web browsers.

I will assume that you know OpenBSD, know configure a basic DHCP Server, and know configure Apache.

First step:

create a file named “wpad.pac” with this content:

function FindProxyForURL(url, host)
{
if( shExpMatch(url, “!ftp:*”) || isPlainHostName(host) || dnsDomainIs(host, “.example.com”) isInNet(host, “127.0.0.1”, “255.255.255.255”))
{
return “DIRECT”;
} else {
return “PROXY proxy.example.com:3128; DIRECT”;
}
}

Put this file under your DocumentROOT of your Apache

example : /var/www/htdocs/wpad.pac

Understanding the javascript :

  • shExpMatch(str, shellexp) True if str matches the shell expression (not regexp) shellexp. E.g. shExpMatch(“a/b/c”,”*/b/*”) is true
  • isPlainHostName(host) Returns true if host contains no dots (“.”).
  • dnsDomainIs(host, domain) True if domain is in host.
  • isInNet(host, pattern, mask) True if the IP address or hostname in host is in the network specified by pattern and mask.
  • If these conditions are true, so You will access directly without proxy, else you will use proxy.

    Now, the configuration of Apache.

    Virtual Host Configuration:

    ServerAdmin postmaster@example.com
    DocumentRoot /var/www/htdocs
    Servername www.example.com
    ErrorLog logs/default_error
    CustomLog logs/default_access common
    AddType application/x-ns-proxy-autoconfig .pac

    Reload your apache doing:

    # apachectl restart

    Now it’s time to configure DHCP

    Put this into your dhcpd.conf

    option autoproxy-script “http://www.example.com/wpad.pac”;

    Kill you dhcp server:

    # pkill dhcpd && sleep 3 && dhcpd

    Ok, All configuration are done 🙂

    Internet Browsers, must have AutoDetection Proxy option enabled:

    Internet explorer -> Internet Options/Conections TAB/Lan Settings : “Automatically detect settings” check box. must be checked

    Troubleshoting:

    Internet Explorer -> Internet Options/Advanced TAB/Reset
    Mozilla Firefox -> Set manually address of pac file, in case of us, http://www.example.com/wpad.pac
    Google Chrome: Same of Firefox

    On Microsoft OS, Skype, Messenger etc will catch configuration very fine 🙂

    Now block at your firewall the rule to port { www https }

    References:
    http://www.wlug.org.nz/WPAD
    http://www.sxlist.com/techref/app/inet/wpad_dat.htm
    http://wiki.squid-cache.org/Technology/WPAD
    http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol
    http://homepage.ntlworld.com./jonathan.deboynepollard/FGA/web-browser-auto-proxy-configuration.html

    Until next time 🙂

    Like it? Comment

    Posted in Network, OpenBSD | Tagged , , , | Leave a comment

    Imspector MSN report – words by hour

    Hello there 🙂

    I wrote a little shell script under OpenBSD that catch the log conversation of user and generates number of messages and words by hour.

    the script can be found here: http://stuffresearch.tor.hu/tools/spec_log

    Instructions:

    copy the script under /usr/bin and then do : chmod +x /usr/bin/spec_log

    put under cron: * 23 * * * /usr/bin/spec_log 2>&1 > /dev/null

    Script will execute every day at 23h.

    Feel free to modify and improve 🙂

    Posted in OpenBSD, Tools | Tagged , , , | Leave a comment

    Rss and Twitter

    Just add to Menu rss and twitter

    Posted in Information | Tagged , | Leave a comment

    Skype Log Viewer

    Hello there,
    A person found my blog, and looking at tool’s section, her saw the tool called. Skype Log Viewer.
    This person, improved the tool in a fantastic way 🙂
    You can run it, by command line and see logs at your web browser or GUI .

    to obtain this, do :

    # git clone https://github.com/machinalis/skypelogviewer.git

    Web Site of tool : https://github.com/machinalis/skypelogviewer

    Thank you Machinalis !

    Posted in Tools | Tagged , , , | Leave a comment

    HOWTO boot backtrack-linux from usb stick under Vmware

    Hello,
    I want share a trick to boot your backtrack-linux that be on usb stick.

    first download Plop Boot Manager from here: http://www.plop.at/en/bootmanager.html#download

    After create or edit existent VM and put USB controller, select plop iso image and boot it, and then select usb, and voilá ! your backtrack-linux will boot from your usb stick

    🙂

    Like it ? comment

    Happy boot

    Posted in Information | Tagged , , | Leave a comment

    IP and MAC Address Association on OpenBSD

    On this tutorial, I will show how associate mac and ip address and filter it on OpenBSD 4.8.

  • Create a bridge
    1. # ifconfig bridge0 create
  • Assuming that your LAN network card is rl0, add this to bridge and block non ip address
    1. # ifconfig bridge0 add rl0
      # ifconfig bridge0 blocknonip rl0
  • Now, create rules to MAC that you want pass through firewall and tag it
    1. # ifconfig bridge0 rule pass in on rl0 src 00:11:22:33:44:55 tag signedmac
      Add your rules and when you finish, block all
      # ifconfig bridge0 rule block in on rl0
  • Now it’s time to associate the tagged mac with IP address, for this put a rule under pf.conf
    1. pass in on rl0 proto tcp from 10.20.30.40 tagged signedmac

    5 – How you can see, on bridge the mac are signed with tag and on filter ip address is associated with tagged

    Reload your pf rules and enjoy !

    Extra : Configuring during startup :

      # cat /etc/hostname.bridge0
      add rl0
      blocknonip rl0
      rulefile /etc/brrules.conf
      # cat /etc/brrules.conf
      # customer
      pass in on re0 src 00:11:22:33:44:55 tag signedmac

      # customer2
      pass in on re0 src 66:77:88:99:00:01 tag macsigned

      # BLOCK ALL
      block in on re0

    Gift: : Script to reload brrules after add rule into brrules.conf

    # cat /usr/sbin/flushbr


    #!/bin/ksh
    ifconfig bridge0 flushrule rl0
    ifconfig bridge0 rulefile /etc/brrules.conf

    Not forget to reload pf.conf too, after created filter rule

    “How do a bridge on linux? you will need to make 3 spells and go to a crossroad and kill two chicken but on OpenBSD you can do with one line!”

    Posted in OpenBSD | Tagged , , , | Leave a comment

    Stay Anonymous

    Proxychains is a beautiful tool that permit you use more of two proxy to connect on target.
    This tool can be founded at: http://proxychains.sourceforge.net

    Can be installed on gentoo using :

    # emerge proxychains

    Debian based distros

    # apt-get install proxychains

    On Back|Track linux, this tool already installed 😉

    So … think that you want connect over tor on target … but this target block’s tor network
    Use proxychains !

    Here a example of proxychains.conf

    code:

    snip ———–

    strict_chain
    proxy_dns
    tcp_read_time_out 15000
    tcp_connect_time_out 8000

    [ProxyList]
    socks4 127.0.0.1 9050 # <---------- TOR Listen on localhost and port 9050 ( default ) socks4 10.20.30.40 1080 # another proxy that will receive connection from TOR snip ------------------------------------ now is time to connect under target Example using ssh: # proxychains -f /etc/proxychains.conf ssh victim.com

    Output will be something thus:

    ProxyChains-3.1 (http://proxychains.sf.net)
    |S-chain|-<>-127.0.0.1:9050-<>-10.20.30.40:1080-<>-victim.com:22-<><>-OK
    youruser@victim.com' s password:

    Using Firefox

    # proxychains -f /etc/proxychains.conf firefox

    Use your imagination and your favorite tools over PROXY !

    Be Happy not have price 😀

    Posted in Network, Tools | Tagged , , | Leave a comment

    Pass Phrase Cracking tool

    Overview:

    phrasen|drescher is a modular and multi processing pass phrase cracking tool.

    In this tutorial, I will show how crack MSSQL passwords.

    You can download file here: https://labs.portcullis.co.uk/application/phrasen-drescher/
    or here: http://stuffresearch.tor.hu/tools/phrasendrescher-1.1.1.tar.gz

    Instalation Instructions:

    First, install libssh2.

    Gentoo:

    # emerge libssh2

    Debian based:

    # apt-get install libssh2-1-dev

    Compiling:

    # tar zxvf phrasendrescher-1.1.1.tar.gz ; cd phrasendrescher-1.1.1; ./configure --with-plugins
    # make ; cd src ; export PD_PLUGINS=plugins/
    #./pd mssql -w 2 -H 0x01006d75a401ba0a8bfc2beab5b86efc930300d1a2561a783aace6237cf01f98b490ef56f57b2b8c0ed82b8675f9

    More examples how use it: Read REAME file
    and
    Of course, John the Ripper can be used for this

    Posted in Tools | Tagged , , , | Leave a comment