Please continue to check the Wireless section of this blog for new developments. I will be posting soon about DD-WRT on my linksys(es)!
In the meantime if you want to read about getting aironet, lucent, or prism2 cards to work under linux or the collection of links on wardriving, wep cracking, etc, check it out below at:
Goonda's Old Timey Wireless Shack
Y'all come back now, y'hear?
[ add comment ] ( 1369 views ) | permalink
OpenBSD's pf was ported to FreeBSD and made part of the base system in FreeBSD 5.3, which caused spontaneous combustion in the minds of firewall geeks everywhere. I don't want to start a flamewar, but prior to FreeBSD 5.3, pf was just about the only feature in OpenBSD that I was really jealous of as its probably the most advanced open-source firewall available.
Once enabled, if pf is configured to log, will use the
pflog0 pseudo-device to log packets in libpcap format. This means that trusty tcpdump can be used to view your firewall logs in realtime, like so:
[root@phat /var/log]# tcpdump -n -tttt -e -i pflog0
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes
2008-03-05 20:40:30.293906 rule 12/0(match): pass in on sis0: 192.168.226.140.24951 > 192.168.1.100.22: S 657096168:657096168(0) win 64512 <mss 1460,nop,nop,sackOK>
2008-03-05 20:40:30.322713 rule 13/0(match): pass out on sis0: 192.168.1.100.58585 > 192.168.1.1.53: 47450+[|domain]
If you wanted to read an existing pf logfile rather than in realtime, use the same arguments to
tcpdump as you would normally use to read a pcap file. In this example, I'm specifically looking for blocked igmp traffic:
[root@phat /var/log]# tcpdump -n -tttt -e -r pflog.0 igmp|head -5
reading from file pflog.0, link-type PFLOG (OpenBSD pflog file)
2008-03-05 19:00:52.405159 rule 2/0(match): block in on sis0: 10.1.49.2 > 224.0.0.1: igmp query v2
2008-03-05 19:01:26.748751 rule 2/0(match): block in on sis0: 10.1.49.2 > 224.0.0.1: igmp query v2
2008-03-05 19:03:01.698925 rule 2/0(match): block in on sis0: 10.1.49.2 > 224.0.0.1: igmp query v2
2008-03-05 19:03:36.042609 rule 2/0(match): block in on sis0: 10.1.49.2 > 224.0.0.1: igmp query v2
2008-03-05 19:05:11.018437 rule 2/0(match): block in on sis0: 10.1.49.2 > 224.0.0.1: igmp query v2
[ add comment ] ( 743 views ) | permalink
mod_rewrite is a powerful module for Apache for performing URL rewriting on the fly. However sometimes if your regex kung-fu is not up to par, it can be a frustrating and hair-pulling exercise to figure out why your rewrite rules are not working. The solution is to add a couple logging lines into your httpd.conf or vhost stanza:
RewriteEngine On
RewriteLog "/var/log/apache/rewrite_log"
RewriteLogLevel 9
RewriteCond etc.
Once you've debugged your problem, its advisable to take these lines out as they can generate A LOT of logs. Another thing I noticed is that these RewriteLog directives only seem to work when placed in the main httpd.conf, not in .htaccess files despite "AllowOverride All".
I was trying to prevent hotlinking on this site. Basically that means someone who is linking directly to my images (and not to the page in which it is displayed). Essentially this amounts to bandwidth theft. To prevent this, I implemented the following mod_rewrite rules in .htaccess:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} \.(gif|jpg|js|css)$ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?goonda.org/.*$ [NC]
RewriteRule \.(gif|jpg|js|css)$ - [F]
This code prevents any non-blank referrer which does not originate from my website (goonda.org) to receive a 403 (Forbidden) message. Works great!
[ add comment ] ( 997 views ) | permalink
As part of a project at work recently, I had to figure out how to easily encrypt a file for one of our brain-dead developers. Luckily for me the excellent OpenSSL Toolkit was available on the Unix host. Here's how you do it:
To encrypt a file:
openssl enc -aes-256-cbc -salt -in file.txt -out file.enc
To base-64 encode it, simply add the -a switch (for 'ASCII'):
openssl enc -aes-256-cbc -a -salt -in file.txt -out file.enc
The encryption operation requires that you supply a passphrase.
To decrypt the same file:
openssl enc -d -aes-256-cbc -in file.enc
To decrypt base-64 version, you guessed it, add -a flag :
openssl enc -d -aes-256-cbc -a -in file.enc
The passphrase will be prompted for. You can also supply the passphrase on the command line using the -pass option, or read the passphrase from a file using -pass file:/path/to/file.
Neato. A lot more cool tips at the OpenSSL Command-Line HOWTO.
Sure beats reading the heinously long and complex man pages for openssl! Now we really need a good way to be able to do this for batch jobs *without* having to store the passphrase in cleartext.
[ add comment ] ( 1085 views ) | permalink
cURL is a very useful utility to perform HTTP/HTTPS operations from the command line. Many times during a web application pentest you need to send an HTTP POST to a login form (e.g. brute force a login to the site). Here's the very simple way to do it, assuming you the form parameters are called username and password.
curl -d "username=SOMEUSER&password=SOMEPASS" -k https://some.website.com/loginform.jsp
The "-d" indicates you are including data for a POST, the -k says ignore SSL certificate warnings from the remote site.
Using curl is really only good for doing quick spot checks, to do large scale brute forcing I'd recommend using THC Hydra, the super useful perl module libwww-perl aka LWP, or Nessus which has incorporated Hydra. On Windows, Brutus works.
[ add comment ] ( 1149 views ) | permalink
Calendar
