November 29, 2011 0

C to Ruby!

By in Programming

Over the last few months I have tried to code in Ruby for anything instead of my usual C or shell scripts. I started using metasploit adding wee tweaks here and there, I then started using it for simple scripts. It was so much quicker to write in Ruby, you know when you just want to get something done and not want to faff about too much!

As a fan of terminals over GUI’s I always have a bunch of scripts running doing mundane tasks such as checking for the latest Boffer sell-off item![1] or generating the charts for the honeypot project, really starting to hate PHP these days. I think my biggest script I have ever wrote was a POP3 fuzzer for metasploit but it was mostly just hack of other scripts tbh. I have tried to think of another project to get my teeth into to develop my Ruby skills (any ideas?), really nice language to know I think.

[1] Updates when the latest Boffer sell off item changes.

A few random things:

Anyone know of secuirty/programming/linux meetups that happen in the Glasgow area or even Edinburgh a part from LUG meetups (never been)?

I am trying to expand my Linkedin “network” so add me if you want :-)

Tags: ,

November 27, 2011 0

Slrn disconnecting after authenticating ?

By in Slackware

After going back to Slackware I have been gradually setting up various software that I use, one of them in particular gave me a bit of bother, slrn a Usenet reader.

After setting up slrn to use authentication it would just hang then eventuality disconnect while authenticating. After enabling debugging (–debug debug.log) it turns out it looked like it would disconnect after trying to see if the Usenet server allowed posting:


!Connecting to server...
<200 Welcome Message (newsfeeed1)
>MODE READER
>
<201 Welcome Message (newsfeeed1) (No Posting)
>AUTHINFO USER myusername
>
<381 PASS required
>AUTHINFO PASS mypassword
>
<281 Welcome to myusenet server (Posting Allowed)
>POST
>
<340 Send Article to be Posted
>.
!Disconnecting from server.
!Closing the server connection.

Checking the slrn website showed that I had the latest stable version installed (slrn 0.9.9p1) but luckily a development version is available on sourceforge. After checking it out and viewing the changelog I came across this revision:


Revision 324
Modified Mon Sep 6 22:41:04 2010 UTC
src/nntplib.c: slrn user "narke" discovered that his server will
disconnect if an attempt is made to post an empty body. slrn does
this after authenticating with the server to verify that posting
is possible. As a work-around, the response comment from the
AUTHINFO command is parsed.

Thats the bugger! Now to download and install the SVN version in Slackware:


svn co https://slrn.svn.sourceforge.net/svnroot/slrn/trunk slrn-svn
cd slrn-svn

./configure --with-ssl --with-slanginc=/usr/include/slang --with-slanglib=/usr/lib64 --prefix=/usr --with-slrnpull=/var/spool/slrnpull --with-server-file=/etc/nntpserver

make
su
make install

If you don’t compile slrn with the slanginc and slanglib flags on a 64bit CPU (i think its only 64bit) you will get the following error:


configure: error: unable to find the slang library and header file slang.h

And that’s it the latest slrn installed and working great! It took me a wee bit of time to get this working as intended so I hope this post is helpful to someone :-)

Tags:

November 18, 2011 0

Honeypot – View monthly graphs

By in Honeypot, Security

Just a quick update!

As promised you can now view the current months graph on the main page of the honeypot. You can also now view the graphs of monthly attack history of the honeypots too!

All graphs show the total attacks, failed and successful, for each day on the month all the way back to March 2011.

Tags: ,

November 16, 2011 0

Linux Mint fantastic! but..

By in Linux, Slackware

Over the last 4 months I got rid of Slackware as my main Linux distribution and replaced it with Linux Mint 11 LDXE.

Linux Mint was fantastic, all hardware worked out of the box, sound, mouse scroll wheel, X11 keyboard layout – check! even installing ATI drivers was just a click of the mouse away to get dual monitors up and running. Installing software was a dream with the apt-get front-end software manager, oh look at all them games I can install! So what was the problem?

Well it was just all to easy for my liking, I like to tinker with things, I want to see how things work, I want low memory foot print, what is X process for, why do they need X or Y libraries installed, seeing what updates are for. Sure, I could most likely find out all that information by digging around a wee bit but meh why bother it works, just click yes or update… I got lazy and distracted easily (oh shiny things).

It was time to go back to the Linux distribution I know and love! Download the Slackware -current latest ISO build, dd the ISO a USB stick and I was ready to go! This time around I wanted to change at least one thing around.. out with Fluxbox in with Openbox! Configure and install my favorite software:

Email – Mutt
Web -Firefox
Music – MPD/Ncmpcpp
RSS Reader – Canto
Video – Mplayer
Games – Only minecraft, honest!

Don’t get me wrong I think Linux Mint is great, I would recommend it to anyone but it’s just not for me. I think it would be perfect for someone trying out Linux or migrating away from Windows. Hopefully it doesn’t go the way of Ubuntu.

Honeypot Trends

Since the change back to Slackware I have started working on a Ruby script for displaying graphs/trends with the honeypots. I did have a script written in PHP to generate graphs using the Google API on the fly but because of increase traffic to the site the server load was up and down like a yoyo. The plan is to get script to dump and trends and graphs hourly but I can see how it goes.

There has been some interesting SSH attacks which is worth a read. Unfortunately it was during the time I was moving back to Slackware and I was kinda late to the thread.

As always anyone who has ideas/suggestions for the honeypot project let me know.

Tags: , , ,

November 4, 2011 0

Kippo SVN update

By in Honeypot, Security

Over the last week there has been a very nice feature added to the Kippo SVN, the ability to interact with anyone connected to the honeypot via a telnet based session management interface!

To get the new interactive telnet session follow these instructions:

1. Download the SVN version

svn checkout http://kippo.googlecode.com/svn/trunk/ kippo

Copy the example configuration to the live one:

cp kippo.cfg.dist kippo.cfg

Edit the configuration file and change the section of the file relating to the management to the following:

interact_enabled = true
interact_port = 5123

Start Kippo (./start) and you should now be able to telnet to port 5123. You must firewall this port as there is no authentication needed, add something similar to the following to IPTABLES assuming you reject the rest of the traffic:


-A INPUT -s -p tcp -m state --state NEW -m tcp --dport 5123 -j ACCEPT

Tags: , , ,