tag:blogger.com,1999:blog-63487998222689826332024-03-14T09:31:44.085+05:30Reverse ShellFree spirit as in Freedom.k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.comBlogger40125tag:blogger.com,1999:blog-6348799822268982633.post-35954333019201034722024-02-26T05:53:00.000+05:302024-02-26T05:53:25.826+05:30Not everyone who wanders is lost<p> My last post came almost about 10 years back. I loved this little space that I created for myself. After 10 years, I feel I can channel out my inner thoughts. A lot of hard work went into that. And a certain sense of finding oneself. I was a seeker, I am a seeker and I will be a seeker for centuries to come. </p>k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com0tag:blogger.com,1999:blog-6348799822268982633.post-62349532743028213832014-12-02T10:42:00.001+05:302014-12-02T10:42:14.428+05:30Can't locate Config/IniFiles.pm in @INC - SSLAudit<div dir="ltr" style="text-align: left;" trbidi="on">
<b>SSLAudit </b>needs a few modules to be installed.<br />
<b><br /></b>
<b>aditya@ubuntu:~$ perl SSLAudit.pl </b><br />
Can't locate Config/IniFiles.pm in @INC (you may need to install the Config::IniFiles module) (@INC contains: /etc/perl /usr/local/lib/perl/5.18.2 /usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl .) at SSLAudit.pl line 9.<br />
BEGIN failed--compilation aborted at SSLAudit.pl line 9.<br />
<br />
aditya@ubuntu:~$ sudo cpan install Config::IniFiles<br />
<br />
<br />
=========<br />
<br />
<b>aditya@ubuntu:~$ perl SSLAudit.pl </b><br />
Can't locate Time/ParseDate.pm in @INC (you may need to install the Time::ParseDate module) (@INC contains: /etc/perl /usr/local/lib/perl/5.18.2 /usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl .) at SSLAudit.pl line 13.<br />
BEGIN failed--compilation aborted at SSLAudit.pl line 13.<br />
<br />
<br />
===========<br />
<br />
aditya@ubuntu:~$ sudo cpan install Time::ParseDate<br />
<br />
<br />
===========<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-C6lEg41VKMA/VH1J8FafkTI/AAAAAAAAbsg/cFsw5WISy9Y/s1600/sslaudit.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-C6lEg41VKMA/VH1J8FafkTI/AAAAAAAAbsg/cFsw5WISy9Y/s1600/sslaudit.png" height="301" width="320" /></a></div>
<br /></div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com0tag:blogger.com,1999:blog-6348799822268982633.post-79314052705059504682014-11-28T17:24:00.001+05:302014-11-28T17:24:59.129+05:30CVE-2014-2309 - ICMPv6 Router Advertisement flood Denial of service<div dir="ltr" style="text-align: left;" trbidi="on">
CVE reference: <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309" target="_blank">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309</a><br />
<br />
I guess it works only if your Linux box accepts IPV6 router advertisement packets. Do you want to check if your Linux accepts router advertisement packets?<br />
<br />
Check the kernel settings for IPV6:<br />
<br />
<a href="http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/proc-sys-net-ipv6..html" target="_blank">http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/proc-sys-net-ipv6..html</a><br />
<br />
Check in <b>/proc/sys/net/ipv6/conf/<interface>/accept_ra</interface></b> setting, if 0 means disabled, if 1 means setting is enabled.<br />
<br /></div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com0tag:blogger.com,1999:blog-6348799822268982633.post-49390240538223178592014-10-28T17:45:00.001+05:302014-10-28T17:45:54.971+05:30Mysql TLSv1 capture using Wireshark<div dir="ltr" style="text-align: left;" trbidi="on">
I installed mysql and enabled SSL on it. And I was just wondering how to see if the encryption is really working. I dont know what SSL protocol mysql uses for encryption.<br />
<br />
So I started wireshark and captured login using a remote machine.<br />
<br />
The default capture will show you the protocol as mysql,<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-SR1_O_Uk-30/VE-H9ZrjD8I/AAAAAAAAbfg/HnhqcyLno-k/s1600/mysql_normal.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-SR1_O_Uk-30/VE-H9ZrjD8I/AAAAAAAAbfg/HnhqcyLno-k/s1600/mysql_normal.PNG" height="122" width="320" /></a></div>
<br />
<br />
<br />
but inorder to see the SSL/TLS you need to decode the packets as SSL. The SSL handshake does not occur first, but is followed after a few mysql packet exchanges.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-4UrCh2q2x3Y/VE-IF6GG1wI/AAAAAAAAbfo/J7OvWN6nP90/s1600/Mysql_decodeasSSL.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-4UrCh2q2x3Y/VE-IF6GG1wI/AAAAAAAAbfo/J7OvWN6nP90/s1600/Mysql_decodeasSSL.PNG" height="99" width="320" /></a></div>
<br /></div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com0tag:blogger.com,1999:blog-6348799822268982633.post-39339667858153104112014-10-28T17:34:00.000+05:302014-10-28T17:47:12.456+05:30[Ubuntu 14.04] mysql with SSL: ERROR 2026 (HY000): SSL connection error: protocol version mismatch<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
I was trying to enable SSL on mysql in Ubuntu 14.04 and it was not easy.<br />
<br />
1. Install simply, apt-get install mysql-client mysql-server and set a strong root password.<br />
2. Generate openssl certs and enable SSL configurations in /etc/mysql/my.cnf like this:<br />
<br />
#For the client: (localhost only)<br />
<br />
[client]<br />
port = 3306<br />
socket = /var/run/mysqld/mysqld.sock<br />
ssl=1<br />
ssl-ca = /etc/mysql/ca-cert.pem<br />
<div>
<br /></div>
[mysqld]<br />
<div>
....</div>
ssl=1<br />
ssl-ca=/etc/mysql/ca-cert.pem<br />
ssl-cert=/etc/mysql/server-cert.pem<br />
ssl-key=/etc/mysql/server-key.pem<br />
ssl-cipher=DHE-RSA-AES256-SHA<br />
<div>
<br /></div>
<div>
Restart mysql, thats it. But while trying to connect (mysql -u root -p), I faced an error:</div>
<br />
<i><span style="color: #660000;"><b>ERROR 2026 (HY000): SSL connection error: protocol version mismatch</b></span></i><br />
<br />
Later I figured out, it was due to Bad certificates (well kind of..),<br />
<br />
So generate the certificates using the commands here:<br />
<a href="http://askubuntu.com/questions/194074/enabling-ssl-in-mysql" target="_blank">http://askubuntu.com/questions/194074/enabling-ssl-in-mysql</a><br />
<br />
Once you connect, you can /s to confirm that your cipher is on:<br />
<br />
--------------------------------------------------------------------------------------------<br />
<br />
mysql -u root -p<br />
Enter password:<br />
Welcome to the MySQL monitor. Commands end with ; or \g.<br />
Your MySQL connection id is 36<br />
Server version: 5.5.38-0ubuntu0.14.04.1 (Ubuntu)<br />
<br />
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.<br />
<br />
Oracle is a registered trademark of Oracle Corporation and/or its<br />
affiliates. Other names may be trademarks of their respective<br />
owners.<br />
<br />
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.<br />
<br />
mysql> \s<br />
--------------<br />
mysql Ver 14.14 Distrib 5.5.38, for debian-linux-gnu (i686) using readline 6.3<br />
<br />
Connection id:<span class="Apple-tab-span" style="white-space: pre;"> </span>36<br />
Current database:<span class="Apple-tab-span" style="white-space: pre;"> </span><br />
Current user:<span class="Apple-tab-span" style="white-space: pre;"> </span>root@localhost<br />
SSL:<span class="Apple-tab-span" style="white-space: pre;"> </span>Cipher in use is <b><span style="color: #cc0000;">DHE-RSA-AES256-SHA</span></b><br />
Current pager:<span class="Apple-tab-span" style="white-space: pre;"> </span>stdout<br />
Using outfile:<span class="Apple-tab-span" style="white-space: pre;"> </span>''<br />
Using delimiter:<span class="Apple-tab-span" style="white-space: pre;"> </span>;<br />
Server version:<span class="Apple-tab-span" style="white-space: pre;"> </span>5.5.38-0ubuntu0.14.04.1 (Ubuntu)<br />
Protocol version:<span class="Apple-tab-span" style="white-space: pre;"> </span>10<br />
Connection:<span class="Apple-tab-span" style="white-space: pre;"> </span>Localhost via UNIX socket<br />
Server characterset:<span class="Apple-tab-span" style="white-space: pre;"> </span>latin1<br />
Db characterset:<span class="Apple-tab-span" style="white-space: pre;"> </span>latin1<br />
Client characterset:<span class="Apple-tab-span" style="white-space: pre;"> </span>utf8<br />
Conn. characterset:<span class="Apple-tab-span" style="white-space: pre;"> </span>utf8<br />
UNIX socket:<span class="Apple-tab-span" style="white-space: pre;"> </span>/var/run/mysqld/mysqld.sock<br />
Uptime:<span class="Apple-tab-span" style="white-space: pre;"> </span>11 days 1 hour 4 min 49 sec<br />
<br />
Threads: 1 Questions: 109 Slow queries: 0 Opens: 171 Flush tables: 1 Open tables: 41 Queries per second avg: 0.000<br />
--------------<br />
<br />
mysql><br />
<div>
<br /></div>
--------------------------------------------------------------------------------------------<br />
<br />
Now if you want to see mysql SSL in action using wireshark,<br />
<br />
<a href="http://rhosted.blogspot.in/2014/10/mysql-tlsv1-capture-using-wireshark.html" target="_blank">http://rhosted.blogspot.in/2014/10/mysql-tlsv1-capture-using-wireshark.html</a><br />
<br />
More references:<br />
http://askubuntu.com/questions/194074/enabling-ssl-in-mysql<br />
<br /></div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com0tag:blogger.com,1999:blog-6348799822268982633.post-22408070545261079642014-10-18T18:30:00.000+05:302014-10-18T19:35:47.251+05:30Eclipse plugin list<div dir="ltr" style="text-align: left;" trbidi="on">
1. <b>Python development</b><br />
<br />
pydev - Python development on eclipse.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-JA_rZkJ7vuw/VBBftmocCcI/AAAAAAAAbd4/29TYdQs17lQ/s1600/python.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-JA_rZkJ7vuw/VBBftmocCcI/AAAAAAAAbd4/29TYdQs17lQ/s1600/python.PNG" height="187" width="320" /></a></div>
<br />
<br />
<a href="http://pydev.org/" target="_blank">http://pydev.org/</a><br />
<br />
<br />
2. <b>Shell script development</b><br />
<br />
<a href="http://sourceforge.net/projects/shelled/" target="_blank">http://sourceforge.net/projects/shelled/</a><br />
<br />
Yeah, I know what you have been thinking. IDE for shell scripts, vi or the Linux editors are the best thing to write a shell script. However, if you want to keep a project like structure for shell scripts for reference and to show or explain the shell script to anyone, this eclipse editor comes in handy. Not a replacement for vi though. Another limitation for windows users is that you do not have anything to run and test the shell script if you are on windows.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-wrt__2ry4-w/VBBfM3MztVI/AAAAAAAAbdw/6RHSSD0Snvo/s1600/shell.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-wrt__2ry4-w/VBBfM3MztVI/AAAAAAAAbdw/6RHSSD0Snvo/s1600/shell.png" height="171" width="320" /></a></div>
<br />
<br />
3. <b>Linux tools for eclipse</b><br />
<a href="http://www.eclipse.org/linuxtools/" target="_blank">http://www.eclipse.org/linuxtools/</a><br />
<br />
This works pretty well with Shelled, when you are on windows but you want to refer to the man pages in Linux. That was the only use I could find in windows.<br />
<br />
4.<b> Remote Systems Explorer</b><br />
Although using eclipse to access remote file systems through SSH/telnet/RDP sounds crazy but this is very handy while working with shell scripts using the shell script editor shelled. You can readily scp the files to your test machine and execute the scripts right from the eclipse console.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-aFWT5lw680s/VBBcR2RFcqI/AAAAAAAAbdk/XtgoY6h4d8Q/s1600/RSE.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-aFWT5lw680s/VBBcR2RFcqI/AAAAAAAAbdk/XtgoY6h4d8Q/s1600/RSE.PNG" height="231" width="320" /></a></div>
<br />
<br />
You can find it on the eclipse market place.<br />
<br />
<a href="http://marketplace.eclipse.org/content/remote-system-explorer-ssh-telnet-ftp-and-dstore-protocols#.VBBalPmSysw" target="_blank">http://marketplace.eclipse.org/content/remote-system-explorer-ssh-telnet-ftp-and-dstore-protocols#.VBBalPmSysw</a><br />
<br />
5.<b> JADclipse</b><br />
The Java decompiler -<br />
<a href="http://sourceforge.net/projects/jadclipse/" target="_blank">http://sourceforge.net/projects/jadclipse/</a><br />
<br />
6. <b>Eclipse color themes</b><br />
<a href="http://eclipsecolorthemes.org/?view=plugin" target="_blank">http://eclipsecolorthemes.org/?view=plugin</a><br />
<br />
wombat:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-n7C3Y3lBd3g/VBBgl-GmCZI/AAAAAAAAbeE/J9dgPF0CyJ8/s1600/color.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-n7C3Y3lBd3g/VBBgl-GmCZI/AAAAAAAAbeE/J9dgPF0CyJ8/s1600/color.PNG" height="194" width="320" /></a></div>
<br />
7. <b>Maven eclipse plugin, m2eclipse</b><br />
<br />
<a href="https://www.eclipse.org/m2e/" target="_blank">https://www.eclipse.org/m2e/</a><br />
<br />
8. <b>StartExplorer:</b> Starts an explorer or a command prompt at the location of the file in eclipse.<br />
<br />
<a href="http://marketplace.eclipse.org/node/641101#.VBEnufmSyig" target="_blank">http://marketplace.eclipse.org/node/641101#.VBEnufmSyig</a><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-UheWtLnvieQ/VBEodoMDM1I/AAAAAAAAbeU/nWLYpNk2ERA/s1600/startexplorer.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-UheWtLnvieQ/VBEodoMDM1I/AAAAAAAAbeU/nWLYpNk2ERA/s1600/startexplorer.png" height="203" width="320" /></a></div>
<br />
<br />
9. Browsing databases (Oracle, mysql and postgresql) using Toad Extension:<br />
<br />
<a href="http://marketplace.eclipse.org/content/toad-extension-eclipse#.VBE68PmSyig" target="_blank">http://marketplace.eclipse.org/content/toad-extension-eclipse#.VBE68PmSyig</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-Ie_P30nVEvc/VBE7M4XsGwI/AAAAAAAAbeo/vLfL7Yscj9Q/s1600/ToadDB.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-Ie_P30nVEvc/VBE7M4XsGwI/AAAAAAAAbeo/vLfL7Yscj9Q/s1600/ToadDB.PNG" height="185" width="320" /></a></div>
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-smwTGMDDXg4/VBE7LzV2GgI/AAAAAAAAbek/sOG5U881alU/s1600/toad_openpers.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-smwTGMDDXg4/VBE7LzV2GgI/AAAAAAAAbek/sOG5U881alU/s1600/toad_openpers.PNG" height="320" width="262" /></a></div>
<br /></div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com0tag:blogger.com,1999:blog-6348799822268982633.post-32913727484754810932014-09-29T17:01:00.000+05:302014-10-18T18:40:10.857+05:30Shellshock: Patching GNU bash from source<div dir="ltr" style="text-align: left;" trbidi="on">
Bash compilation notes, if you want to compile bash yourself. If you have an older version of bash and do not want to wait for your vendor, and you do not want to upgrade to the most latest version like 4.3. The patches for shellshock or CVE-2014-6271 are available for all the bash versions. However, early fixes have not been stable and the attack vectors are still evolving, so we still need to keep an eye on the developments.<br />
<br />
Check what version you have by:<br />
bash --version<br />
<br />
Let's say I am running an old version of bash v 3.00<br />
<br />
Before patching, I see that the trailing code after the function definition is getting executed:<br />
<br />
<blockquote class="tr_bq">
<br />
[test@test ~]# env x='() { :;}; echo vulnerable' bash -c 'echo hello'<br />
vulnerable<br />
hello</blockquote>
<br />
<b>Step 1: Download the bash source (base version) from:</b><br />
<a href="http://ftp.gnu.org/gnu/bash/" target="_blank">http://ftp.gnu.org/gnu/bash/</a><br />
<br />
<blockquote class="tr_bq">
<br />
wget <a href="http://ftp.gnu.org/gnu/bash/bash-3.0.tar.gz" target="_blank">http://ftp.gnu.org/gnu/bash/bash-3.0.tar.gz</a><br />
<br /></blockquote>
<br />
<b>Step 2: Get all the patches for bash 3.0 from the patches location and save them in a directory say patches:</b><br />
<br />
mkdir patches<br />
<br />
<a href="http://ftp.gnu.org/gnu/bash/bash-3.0-patches/" target="_blank">http://ftp.gnu.org/gnu/bash/bash-3.0-patches/</a><br />
<br />
Save them as bash30-001.patch etc, i.e. with a patch extension for easy handling.<br />
<br />
<blockquote class="tr_bq">
<br />
[test@test patches]# ls<br />
bash30-001.patch bash30-005.patch bash30-009.patch bash30-013.patch bash30-017.patch<br />
bash30-002.patch bash30-006.patch bash30-010.patch bash30-014.patch bash30-018.patch<br />
bash30-003.patch bash30-007.patch bash30-011.patch bash30-015.patch bash30-019.patch<br />
bash30-004.patch bash30-008.patch bash30-012.patch bash30-016.patch</blockquote>
<br />
<b>Step 3: Extract bash and copy patches to the src dir:</b><br />
<br />
<blockquote class="tr_bq">
<br />
[test@test bash_test]# tar -xvzf bash-3.0.tar.gz<br />
<br /></blockquote>
Copy the patches to the extracted bash source directory:<br />
<br />
<blockquote class="tr_bq">
<br />
[test@test bash-3.0]# cp ../patches/*.patch .<br />
<br /></blockquote>
<b>Step 4: Apply the patches:</b><br />
<br />
<blockquote class="tr_bq">
<br />
[test@test bash-3.0]# for x in *.patch; do patch -p0 < $x; done<br />
<br /></blockquote>
<br />
<b>Step 5: Confirm that it got applied, second last line says 19:</b><br />
<br />
<blockquote class="tr_bq">
<br />
[root@cap bash-3.0]# cat patchlevel.h<br />
...<br />
#define PATCHLEVEL 19<br />
<br />
#endif /* _PATCHLEVEL_H_ */<br />
<br /></blockquote>
<br />
<b>Step 6: Compile bash:</b><br />
<br />
<blockquote class="tr_bq">
<br />
./configure ; make ; make install<br />
<br /></blockquote>
<b>Step 7: After patching, test:</b><br />
<br />
<blockquote class="tr_bq">
<br />
[test@test bash-3.0]# env x='() { :;}; echo vulnerable' bash -c 'echo hello'<br />
hello</blockquote>
The statement echo vulnerable, did not execute.<br />
I am not sure if this test is complete, as there are other ways to exploit it as well. I saw some of them here:<br />
<a href="http://stevejenkins.com/blog/2014/09/how-to-manually-update-bash-to-patch-shellshock-bug-on-older-fedora-based-systems/" target="_blank">http://stevejenkins.com/blog/2014/09/how-to-manually-update-bash-to-patch-shellshock-bug-on-older-fedora-based-systems/</a><br />
<br />
Nevertheless, there have been 3 bash patches so far, and I have applied all of them.<br />
<br />
<br />
<hr />
<br />
<b>Extras: </b><br />
<br />
If you just want the compiled package and want to install it on different machines, then just use --prefix=destination_directory, like:<br />
<br />
<blockquote class="tr_bq">
<br />
./configure --prefix=/home/test/compiled; make ; make install<br />
<br /></blockquote>
This generates 4 directories (bin, info, man and share)<br />
<br />
tarball it, so that you can distribute it to different machines:<br />
<br />
<blockquote class="tr_bq">
<br />
cd /home/test/compiled<br />
<br />
tar -cvzf bash_3.0.19_patched_binary.tar.gz bin/ info/ man/ share/<br />
<br /></blockquote>
Before you extract the files in your root directory, make a backup of old bash binary in /bin/bash.<br />
<br />
mv /bin/bash /bin/bash_old<br />
<br />
Extraction:<br />
<blockquote class="tr_bq">
<br />
tar -xvzf bash_3.0.19_patched_binary.tar.gz -C /</blockquote>
<br />
<br />
References:<br />
<br />
<a href="http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid-shellshock-the-remote-exploit-cve-2014-6271-an" target="_blank">http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid-shellshock-the-remote-exploit-cve-2014-6271-an</a><br />
<br />
<a href="http://stevejenkins.com/blog/2014/09/how-to-manually-update-bash-to-patch-shellshock-bug-on-older-fedora-based-systems/" target="_blank">http://stevejenkins.com/blog/2014/09/how-to-manually-update-bash-to-patch-shellshock-bug-on-older-fedora-based-systems/</a><br />
<br />
<br /></div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com0tag:blogger.com,1999:blog-6348799822268982633.post-24178740305052665482014-09-12T12:02:00.000+05:302014-10-18T18:32:16.638+05:30pyopenssl install using pip in windows 7 64-bit<div dir="ltr" style="text-align: left;" trbidi="on">
pip and easy_install are not there by default in python 2.7.8 installation in windows. I am not a windows guy, but I live in a practical world, where I cannot avoid it.<br />
<br />
You can jump to the bottom (<b>Part 2</b>) for the installation of pyopenssl through pip, after installing pip through easy_install. Below (<b>Part 1</b>) are just some silly errors that I faced on windows.<br />
<br />
<h4 style="text-align: left;">
Part 1</h4>
<b>Collection of errors/problems one faces while working on windows</b><br />
I was trying to install pyopenssl using easy_install in windows 7, 64 bit<br />
<br />
<blockquote class="tr_bq">
C:\Python27\Scripts>easy_install pyopenssl<br />
.....<br />
error: Setup script exited with error: Unable to find vcvarsall.bat</blockquote>
<br />
<br />
<br />
You need to install:<br />
<br />
1. <a href="http://download.microsoft.com/download/A/5/4/A54BADB6-9C3F-478D-8657-93B3FC9FE62D/vcsetup.exe" style="background: rgb(255, 255, 255); border: 0px; color: #4a6b82; cursor: pointer; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px; margin: 0px; padding: 0px; text-decoration: none; vertical-align: baseline;">Visual Studio C++ 2008 Express Edition</a><span style="background-color: white; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;"> (this is 32 bit, a full installer that creates env variables as well)</span><br />
<span style="background-color: white; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;"><br /></span>
<span style="background-color: white; font-size: 14.4444446563721px; line-height: 17.8047981262207px;"><span style="font-family: Arial, Liberation Sans, DejaVu Sans, sans-serif;"><a href="http://download.microsoft.com/download/A/5/4/A54BADB6-9C3F-478D-8657-93B3FC9FE62D/vcsetup.exe" target="_blank">http://download.microsoft.com/download/A/5/4/A54BADB6-9C3F-478D-8657-93B3FC9FE62D/vcsetup.exe</a></span></span><br />
<span style="background-color: white; font-family: Arial, 'Liberation Sans', 'DejaVu Sans', sans-serif; font-size: 14px; line-height: 17.8048000335693px;"><br /></span>
2. Microsoft Visual C++ 2008 Redistributable Package (x64) (same as step 1, but 64 bit..if u install this 64 bit installer alone, env vars like VS90COMNTOOLS do not get created. So I had to install both 32 and 64 bit versions) I would recommend to search for files like vcvars*.bat in Program Files, where these files get installed.<br />
<br />
<a href="http://www.microsoft.com/en-in/download/details.aspx?id=15336" target="_blank">http://www.microsoft.com/en-in/download/details.aspx?id=15336</a><br />
<br />
You need to install if you have an arch mismatch, like your python is 32 bit, but OS is 64 bit. Or you do not have 64 bit compiler installed. You will see an error like this:<br />
<br />
<blockquote class="tr_bq">
raise ValueError(sValueError: [u'path']</blockquote>
<br />
See here for details:<a href="http://stackoverflow.com/questions/2817869/error-unable-to-find-vcvarsall-bat" target="_blank"> http://stackoverflow.com/questions/2817869/error-unable-to-find-vcvarsall-bat</a><br />
<br />
<br />
3. Windows SDK for Windows 7 and .NET Framework 3.5 SP1 (this is for the compiler and for the header files, select only Windows Headers and Libraries and Visual C++ Compilers)<br />
<br />
<a href="http://www.microsoft.com/en-us/download/details.aspx?id=3138" target="_blank">http://www.microsoft.com/en-us/download/details.aspx?id=3138</a><br />
<br />
If you face, "Cannot open include file: 'basetsd.h': No such file or directory", then it means you did not select the header and libraries file options for microsoft SDK in step 3.<br />
<br />
See here for details: <a href="http://stackoverflow.com/questions/23691564/running-cython-in-windows-x64-fatal-error-c1083-cannot-open-include-file-ba" target="_blank">http://stackoverflow.com/questions/23691564/running-cython-in-windows-x64-fatal-error-c1083-cannot-open-include-file-ba</a><br />
<br />
<br />
If you do not want to get into all these compilation windows troubles, I would recommend installing pyopenssl using pip:<br />
<br />
<h4 style="text-align: left;">
Part 2:</h4>
<b>Installing pyopenssl using pip, by installing pip through easy_install</b><br />
<br />
1. easy_install through its setuptools installation script (<a href="https://pythonhosted.org/setuptools/easy_install.html#downloading-and-installing-a-package" target="_blank">https://pythonhosted.org/setuptools/easy_install.html#downloading-and-installing-a-package</a>)<br />
2. Use easy_install to install pip<br />
3. Use pip to install pyopenssl (pip install pyopenssl)<br />
4. Confirm by "import OpenSSL" in your IDLE python prompt. "OpenSSL" import is case-sensitive.<br />
So "import openssl" will fail. :) </div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com0tag:blogger.com,1999:blog-6348799822268982633.post-46988243910397036462014-09-04T20:36:00.000+05:302014-10-18T18:40:30.894+05:30pcap.h: No such file or directory, /usr/bin/ld: cannot find -lpcap<div dir="ltr" style="text-align: left;" trbidi="on">
<blockquote class="tr_bq">
<br />
<i>thc-ipv6-lib.c:39:18: error: pcap.h: No such file or directory
</i><br />
<i>In file included from thc-ipv6-lib.c:40:</i><br />
<i>..</i><br />
<i>/usr/bin/ld: cannot find -lpcap</i><br />
<i>collect2: ld returned 1 exit status</i></blockquote>
This is a very basic stuff, but helps me making a note of what I did. <b>If the gcc compiler is unable to locate the source headers or the libraries, just find the location and compile it quickly. </b>My old machine didnt have a pcap library installed, but I found an old nmap install which had its own pcap library. <b>So just use -I and -L flags to specify the location of source files and library files </b>respectively and get your job done. Nothing impressive about it.
<br />
<br />
<a href="http://www.network-theory.co.uk/docs/gccintro/gccintro_21.html" target="_blank">http://www.network-theory.co.uk/docs/gccintro/gccintro_21.html</a><br />
<blockquote class="tr_bq">
<br />
<i>[root@ani thc-ipv6-2.5]# make</i><br />
<i>gcc -O2 -D_HAVE_SSL -c -o thc-ipv6-lib.o thc-ipv6-lib.c</i><br />
<i>thc-ipv6-lib.c:39:18: error: pcap.h: No such file or directory</i><br />
<i>In file included from thc-ipv6-lib.c:40:</i><br />
....</blockquote>
Ran a find for pcap.h (find / -name pcap.h) which returned something like /tools/scanners/nmap-6.01/libpcap/pcap.h
<br />
<blockquote class="tr_bq">
<br />
<i>[root@ani thc-ipv6-2.5]# gcc -O2 -D_HAVE_SSL -I/tools/scanners/nmap-6.01/libpcap -c -o thc-ipv6-lib.o thc-ipv6-lib.c</i></blockquote>
Then again another problemo,
<br />
<blockquote class="tr_bq">
<br />
<i>[root@ani thc-ipv6-2.5]# make</i><br />
<i>gcc -O2 -D_HAVE_SSL -o parasite6 parasite6.c thc-ipv6-lib.o -I/tools/scanners/nmap-6.01/libpcap -lpcap -lssl -lcrypto </i><br />
<i>/usr/bin/ld: cannot find -lpcap</i><br />
<i>collect2: ld returned 1 exit status</i><br />
<i>make: *** [parasite6] Error 1</i></blockquote>
edit Makefile, include the pcap library and header source location:
<br />
<blockquote class="tr_bq">
<br />
<i>LDFLAGS+=-I/tools/scanners/nmap-6.01/libpcap -L/tools/scanners/nmap-6.01/libpcap -lpcap $(if $(HAVE_SSL),-lssl -lcrypto,)</i></blockquote>
and then you go..
<br />
<blockquote class="tr_bq">
<br />
<i>[root@ani thc-ipv6-2.5]# make</i><br />
<i>gcc -O2 -D_HAVE_SSL -o parasite6 parasite6.c thc-ipv6-lib.o -I/tools/scanners/nmap-6.01/libpcap -L/tools/scanners/nmap-6.01/libpcap -lpcap -lssl -lcrypto </i><br />
<i>gcc -O2 -D_HAVE_SSL -o dos-new-ip6 dos-new-ip6.c thc-ipv6-lib.o -I/tools/scanners/nmap-6.01/libpcap -L/tools/scanners/nmap-6.01/libpcap -lpcap -lssl -lcrypto </i><br />
<i>gcc -O2 -D_HAVE_SSL -o detect-new-ip6 detect-new-ip6.c thc-ipv6-lib.o -I/tools/scanners/nmap-6.01/libpcap -L/tools/scanners/nmap-6.01/libpcap -lpcap -lssl -lcrypto </i><br />
<i>gcc -O2 -D_HAVE_SSL -o fake_router6 fake_router6.c thc-ipv6-lib.o -I/tools/scanners/nmap-6.01/libpcap -L/tools/scanners/nmap-6.01/libpcap -lpcap -lssl -lcrypto </i><br />
....</blockquote>
And for the remaining tools:
<br />
<blockquote class="tr_bq">
<i>[root@ani thc-ipv6-2.5]# make</i><br />
<i>gcc -O2 -D_HAVE_SSL -o dnssecwalk dnssecwalk.c</i><br />
<i>In file included from dnssecwalk.c:24:</i><br />
<i>thc-ipv6.h:14:18: error: pcap.h: No such file or directory</i><br />
<i>In file included from dnssecwalk.c:24:</i><br />
..</blockquote>
Just compile it with the correct arguments:
<br />
<blockquote class="tr_bq">
<br />
<i>[root@ani thc-ipv6-2.5]# gcc -O2 -I/tools/scanners/nmap-6.01/libpcap -D_HAVE_SSL -o dnssecwalk dnssecwalk.c</i></blockquote>
<br />
<br /></div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com1tag:blogger.com,1999:blog-6348799822268982633.post-27646721763812628362014-09-01T11:52:00.000+05:302014-10-18T18:49:14.090+05:3021 Books to make you an extreme tech master<div dir="ltr" style="text-align: left;" trbidi="on">
<b>Learning is an important part of our life.</b> A habit of reading a lot of books not only keeps updated with technology but also formalizes your knowledge as compared to random google searches and reading through articles. Every book may or may not help you in your day to day job but surely will make you a different person once you have read and mastered the concepts thoroughly. Also every book or author's style may or may not click with you immediately, therefore it is important to keep a lot of books in your arsenal.<br />
<br />
This is a collection of few books I would like to recommend to anyone who wants to learn tech stuff. Sometimes if I have to guide beginners into reading a new book, this is what I recommend.
<br />
<br />
This is a very small list of books and I wanted to keep a motivational journal for my own reference and revisions.
<br />
Some of these books I had read more than 5 years back and I still remember their awesomeness.
I will keep on updating this page as I get time. This is going to be very big.<br />
<br />
<h3>
Groovy</h3>
<ul>
<li style="text-align: start;"><strong>Programming Groovy</strong></li>
</ul>
<div style="padding-left: 30px;">
by Venkat Subramaniam</div>
<div style="padding-left: 30px;">
<a href="https://www.goodreads.com/book/show/2669773-programming-groovy" target="_blank">https://www.goodreads.com/book/show/2669773-programming-groovy</a></div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<div style="padding-left: 30px;">
Groovy
is a dynamic language. The syntax is very similar to Java and I decided
to learn about it because I came across it for a small project.</div>
<br />
<br />
<h3>
Maven</h3>
<ul>
<li style="text-align: start;"><strong>Maven by Example</strong> </li>
</ul>
<ul>
<li style="text-align: start;"><strong>Maven: The Complete Reference</strong></li>
</ul>
<div style="padding-left: 30px;">
<a class="jive-link-external-small" href="http://www.sonatype.com/resources/books" rel="nofollow" target="_blank">http://www.sonatype.com/resources/books</a></div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<ul>
<li style="text-align: start;"><strong>Apache Maven 3 Cookbook</strong></li>
</ul>
<div style="padding-left: 30px;">
<a class="jive-link-external-small" href="http://www.packtpub.com/apache-maven-3-0-cookbook/book" rel="nofollow" target="_blank">http://www.packtpub.com/apache-maven-3-0-cookbook/book</a></div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<div style="padding-left: 30px;">
The above three books should be good enough to get a good grasp on maven.
For any problems and tricks stack overflow is the best place to search. </div>
<br />
<br />
<h3>
</h3>
<h3>
Web Applications and Security</h3>
<ul>
<li style="text-align: start;"><strong>XSS Attacks: Cross Site Scripting Exploits and Defense</strong></li>
</ul>
<div style="padding-left: 30px;">
by Seth Fogie, Jeremiah Grossman, Robert Hansen, Anton Rager, Petko D. Petkov</div>
<div style="padding-left: 30px;">
<a class="jive-link-external-small" href="http://www.amazon.com/XSS-Attacks-Scripting-Exploits-Defense/dp/1597491543" rel="nofollow" target="_blank">http://www.amazon.com/XSS-Attacks-Scripting-Exploits-Defense/dp/1597491543</a></div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<div style="padding-left: 30px;">
This is quite a powerful book if you want to master cross site scripting concepts and move beyond alert('xss').</div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<ul>
<li style="text-align: start;"><strong>SQL Injection Attacks and Defense</strong></li>
</ul>
<div style="padding-left: 30px;">
Quite a powerful book if you want to get into the complexities of SQL
injection. Even though SQL injection is considered trivial these days,
but actually it requires a lot of understanding of the involved
databases, configuration involved and what works or not. Which could be
enough to turn a beginner off.</div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<div style="padding-left: 30px;">
<a class="jive-link-external-small" href="http://www.amazon.com/Injection-Attacks-Defense-Second-Edition/dp/1597499633" target="_blank">http://www.amazon.com/Injection-Attacks-Defense-Second-Edition/dp/1597499633</a></div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<ul>
<li style="text-align: start;"><strong>Web Application Hackers Handbook</strong></li>
</ul>
<a class="jive-link-external-small" href="http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470" target="_blank">http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470</a><br />
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<ul>
<li style="text-align: start;"><strong>High Performance Websites</strong></li>
</ul>
<div style="padding-left: 30px;">
You are missing a lot of details on how websites work and what are the
essential parameters to be considered while evaluating the performance
of web pages. A lot of case studies from Yahoo. Written by a guy
who worked on enhancing the performance of Yahoo products. Must read. </div>
<br />
<a class="jive-link-external-small" href="http://shop.oreilly.com/product/9780596529307.do" rel="nofollow" target="_blank"> http://shop.oreilly.com/product/9780596529307.do</a><br />
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<h3>
General Security</h3>
<ul>
<li style="text-align: start;"><strong>Hacking: The Art of Exploitation, 2nd Edition</strong></li>
</ul>
<div style="padding-left: 30px;">
<a class="jive-link-external-small" href="http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/dp/1593271441" rel="nofollow" target="_blank">http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/dp/1593271441</a></div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<div style="padding-left: 30px;">
One
of the best books out there to get a general idea of what goes under
the hood. The buffer overflow explanation is extremely good and it also
deals with several protections and exploitation techniques. For some
reason the book provides you enough clarity.</div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<ul>
<li style="text-align: start;"><strong>Hacking Exposed series</strong></li>
</ul>
<div style="padding-left: 30px;">
<strong>Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition </strong></div>
<div style="padding-left: 30px;">
by Stuart McClure , Joel Scambray , George Kurtz</div>
<div style="padding-left: 30px;">
<a class="jive-link-external-small" href="http://www.amazon.com/Hacking-Exposed-Network-Security-Solutions/dp/0071613749" rel="nofollow" target="_blank">http://www.amazon.com/Hacking-Exposed-Network-Security-Solutions/dp/0071613749</a></div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<strong><br /></strong>
<br />
<h3>
Exploitation and Tools</h3>
<ul>
<li style="text-align: start;"><strong>Chained Exploits: Advanced Hacking Attacks from Start to Finish </strong></li>
</ul>
<div style="padding-left: 30px;">
Andrew Whitaker (Author), Keatron Evans (Author), Jack Voth (Author)<br />
<span style="font-size: 10pt;"><a class="jive-link-external-small" href="http://www.amazon.in/Chained-Exploits-Advanced-Hacking-Attacks/dp/032149881X" rel="nofollow" target="_blank">http://www.amazon.in/Chained-Exploits-Advanced-Hacking-Attacks/dp/032149881X</a></span></div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<div style="padding-left: 30px;">
This book deals with security in a very practical and enjoyable way making
it very easy to understand real life security challenges. And how do you
put the security tools to their practical use.</div>
<br />
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<ul>
<li style="text-align: start;"><strong>Buffer Overflow Attacks: Detect, Exploit, Prevent </strong></li>
</ul>
<div style="padding-left: 30px;">
by Jason Deckard</div>
<div style="padding-left: 30px;">
<a class="jive-link-external-small" href="http://www.amazon.com/Buffer-Overflow-Attacks-Exploit-Prevent/dp/B000FBHNQ8" rel="nofollow" target="_blank">http://www.amazon.com/Buffer-Overflow-Attacks-Exploit-Prevent/dp/B000FBHNQ8</a></div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<div style="padding-left: 30px;">
Totally focused on Buffer overflow attacks and their exploitation. Expert mode turned on. </div>
<br />
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<ul>
<li style="text-align: start;"><strong>Writing Security Tools and Exploits </strong></li>
</ul>
<div style="padding-left: 30px;">
by James C. Foster, Vincent T. Liu</div>
<div style="padding-left: 30px;">
<a class="jive-link-external-small" href="http://www.amazon.com/Writing-Security-Tools-Exploits-Foster/dp/1597499978" rel="nofollow" target="_blank">http://www.amazon.com/Writing-Security-Tools-Exploits-Foster/dp/1597499978</a></div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<ul>
<li style="text-align: start;"><strong>The Shellcoder's Handbook: Discovering and Exploiting Security Holes </strong></li>
</ul>
<div style="padding-left: 30px;">
<strong>by Chris Anley</strong></div>
<div style="padding-left: 30px;">
<a class="jive-link-external-small" href="http://www.amazon.com/The-Shellcoders-Handbook-Discovering-Exploiting/dp/047008023X/ref=pd_sim_b_6?ie=UTF8&refRID=1CEA9651QDC2SDN20FF0" rel="nofollow" target="_blank">http://www.amazon.com/The-Shellcoders-Handbook-Discovering-Exploiting/dp/047008023X/ref=pd_sim_b_6?ie=UTF8&refRID=1CEA9651QDC2SDN20FF0</a></div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<div style="padding-left: 30px;">
If you are into assembly and shellcoding techniques. This book would be an
extreme fun. Shellcode is the small piece of machine code that you try
to get executed while exploiting a buffer overflow.</div>
<br />
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<h4>
Matering Wireshark and Network analysis</h4>
<ul>
<li style="text-align: start;"><strong>Practical Packet Analysis, 2nd Edition</strong></li>
</ul>
<div style="padding-left: 30px;">
Using Wireshark to Solve Real-World Network Problems</div>
<div style="padding-left: 30px;">
By Chris Sanders<br />
<a class="jive-link-external-small" href="http://shop.oreilly.com/product/9781593272661.do" rel="nofollow" target="_blank">http://shop.oreilly.com/product/9781593272661.do</a></div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<ul>
<li style="text-align: start;"><strong>Wireshark & Ethereal Network Protocol Analyzer Toolkit </strong></li>
</ul>
<div style="padding-left: 30px;">
(Jay Beale's Open Source Security)</div>
<div style="padding-left: 30px;">
<a class="jive-link-external-small" href="http://www.amazon.com/Wireshark-Ethereal-Protocol-Analyzer-Security/dp/1597490733" rel="nofollow" target="_blank">http://www.amazon.com/Wireshark-Ethereal-Protocol-Analyzer-Security/dp/1597490733</a></div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<div style="padding-left: 30px;">
Network packet analysis is a skill that a majority of professionals lack. These
books would turn you into 'The One' who reads and understands whats
going on the wire. Troubleshooting network related problems and mapping
them with real life use cases.</div>
<br />
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<h3>
Cryptography (programming)</h3>
<ul>
<li style="text-align: start;"><strong>Java Cryptography</strong></li>
</ul>
<div style="padding-left: 30px;">
By Jonathan Knudsen</div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<div style="padding-left: 30px;">
It
is a little old book. But very well written. Most of the concepts have
not changed as far as JCE and JCA is concerned. There are not many well
written books that cover Java cryptography. Have you ever wondered what
exactly a Secure Random is? What is its significance. How to use the
Java JCE to encrypt stuff, how to use different encryption algorithms
and key sizes effectively to encrypt and decrypt data.<br />
<strong><br /></strong></div>
<div style="padding-left: 30px;">
<a class="jive-link-external-small" href="http://shop.oreilly.com/product/9781565924024.do" rel="nofollow" target="_blank">http://shop.oreilly.com/product/9781565924024.do</a></div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<h3>
Linux related</h3>
<ul>
<li style="text-align: start;"><strong>Bash Cookbook</strong></li>
</ul>
<div style="padding-left: 30px;">
<strong>Solutions and Examples for bash Users</strong>By Carl Albing, JP Vossen, Cameron Newham</div>
<div style="padding-left: 30px;">
<a class="jive-link-external-small" href="http://shop.oreilly.com/product/9780596526788.do" rel="nofollow" target="_blank">http://shop.oreilly.com/product/9780596526788.do</a></div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<div style="padding-left: 30px;">
This
book turns you in a master of bash shell. Minute differences that
always puzzle even the experts and by learning them you can show off.</div>
<br />
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<ul>
<li style="text-align: start;"><strong>SSH, The Secure Shell: The Definitive Guide</strong></li>
</ul>
<div style="padding-left: 30px;">
By Daniel J. Barrett, Richard E. Silverman</div>
<div style="padding-left: 30px;">
<a class="jive-link-external-small" href="http://shop.oreilly.com/product/9780596000110.do" rel="nofollow" target="_blank">http://shop.oreilly.com/product/9780596000110.do</a></div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<div style="padding-left: 30px;">
Everything you wanted to know about the SSH protocol.</div>
<br />
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<ul>
<li style="text-align: start;"><strong>Build your own Linux</strong></li>
</ul>
<div style="padding-left: 30px;">
Linux from Scratch project</div>
<div style="padding-left: 30px;">
<a class="jive-link-external-small" href="http://www.linuxfromscratch.org/lfs/download.html" rel="nofollow" target="_blank">http://www.linuxfromscratch.org/lfs/download.html</a></div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<div style="padding-left: 30px;">
By
far the best Linux oriented and free book. Learn how to create your
Linux. Compile all the packages, assemble your own tools, compile your
own kernel. You learn what all basic stuff is required to build a Linux
system. If you know what you are looking for, you can build an extremely
sophisticated Linux that deals with a specialized job and very small
too.</div>
<div style="min-height: 8pt; padding: 0px;">
<br /></div>
<ul>
<li><strong>The Linux Kernel Module Programming Guide</strong></li>
</ul>
Peter Jay Salzman<br />
Michael Burian<br />
Ori Pomerantz<br />
<div style="padding-left: 30px;">
<a class="jive-link-external-small" href="http://www.tldp.org/LDP/lkmpg/2.6/html/lkmpg.html" rel="nofollow" target="_blank">The Linux Kernel Module Programming Guide</a></div>
<div style="min-height: 8pt; padding-left: 30px; padding: 0px;">
<br /></div>
<div style="padding-left: 30px;">
This
is a free book. Its old, but it is very good for understanding the
basics of Kernel modules and how they work. You ca also write and
compile your own hello world kernel module. It covers lots of basics, so
if you want to grab an idea about the low level working of the
internals, then you should give it a quick read. I am reading it,
because while investigating Linux kernel related vulnerabilities,
sometimes you need to understand how the whole kernel module/driver
procedure simply works. A lot of times vulnerabilities are reported in
the kernel, however it does not necessarily mean that your Linux is
vulnerable. There are lots of ifs, oohs and aahs involved. And only a
hawk eyed kernel expert can tell you the difference. </div>
</div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com0tag:blogger.com,1999:blog-6348799822268982633.post-28782383498199735482014-08-31T09:01:00.003+05:302014-10-18T18:38:18.285+05:30JSSE based SSL ciphersuite tester<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
Just performs a handshake with the list of JSSE ciphers with the SSL server. If handshake is successful it marks it as a success. This is more of a test for Java based SSL clients which use JSSE for SSL/TLS communication. This code relies heavily on the underlying implementation provided by Java JDK/JSSE. Use it with 1.7 as a lot of cipher support has been added. As I mentioned, this is not a true SSL cipher scanner, because it depends on what ciphersuites have been enabled by JSSE. The server might support other ciphers that are not yet implemented by JSSE, but they wont turn up in the results. Actually if you can read from the raw SSL handshake packets, you can understand what the server SSL supports, you do not need java implementation for that.
<br />
<br />
<pre class="brush:java;">package com.ssl.test;
import java.util.ArrayList;
import java.util.Collections;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
public class SSLTesting {
private static final int PORT_TARGET = 443;
private static final String HOST = "www.example.com";
private static final String PROTO_SSLV3 = "SSLv3";
private static final String PROTO_TLSV1 = "TLSv1";
private static final String PROTO_TLSV11 = "TLSv1.1";
private static final String PROTO_TLSV12 = "TLSv1.2";
private static final boolean VERBOSE = false;
// Note 1: Standard names for all the cipher suites, not all are yet implemented
// http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites
// Note 2: All the ones supported by Java 7
// http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider
//See Note 2.
private static final String jsseCiphersDisabledByDefault = "TLS_DH_anon_WITH_AES_256_CBC_SHA256:TLS_ECDH_anon_WITH_AES_256_CBC_SHA:TLS_DH_anon_WITH_AES_256_CBC_SHA:"
+ "TLS_DH_anon_WITH_AES_128_CBC_SHA256:TLS_ECDH_anon_WITH_AES_128_CBC_SHA:TLS_DH_anon_WITH_AES_128_CBC_SHA:TLS_ECDH_anon_WITH_RC4_128_SHA:"
+ "SSL_DH_anon_WITH_RC4_128_MD5:TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:TLS_RSA_WITH_NULL_SHA256:"
+ "TLS_ECDHE_ECDSA_WITH_NULL_SHA:TLS_ECDHE_RSA_WITH_NULL_SHA:SSL_RSA_WITH_NULL_SHA:TLS_ECDH_ECDSA_WITH_NULL_SHA:TLS_ECDH_RSA_WITH_NULL_SHA:"
+ "TLS_ECDH_anon_WITH_NULL_SHA:SSL_RSA_WITH_NULL_MD5:SSL_RSA_WITH_DES_CBC_SHA:SSL_DHE_RSA_WITH_DES_CBC_SHA:SSL_DHE_DSS_WITH_DES_CBC_SHA:"
+ "SSL_DH_anon_WITH_DES_CBC_SHA:SSL_RSA_EXPORT_WITH_RC4_40_MD5:SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:"
+ "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:TLS_KRB5_WITH_RC4_128_SHA:"
+ "TLS_KRB5_WITH_RC4_128_MD5:TLS_KRB5_WITH_3DES_EDE_CBC_SHA:TLS_KRB5_WITH_3DES_EDE_CBC_MD5:TLS_KRB5_WITH_DES_CBC_SHA:TLS_KRB5_WITH_DES_CBC_MD5:"
+ "TLS_KRB5_EXPORT_WITH_RC4_40_SHA:TLS_KRB5_EXPORT_WITH_RC4_40_MD5:TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA:TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5";
//See Note 2.
private static final String jsseCiphersEnabledByDefault = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_RSA_WITH_AES_256_CBC_SHA256:"
+ "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:"
+ "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_RSA_WITH_AES_256_CBC_SHA:"
+ "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:TLS_DHE_RSA_WITH_AES_256_CBC_SHA:TLS_DHE_DSS_WITH_AES_256_CBC_SHA:"
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:TLS_RSA_WITH_AES_128_CBC_SHA256:TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:"
+ "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:"
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_RSA_WITH_AES_128_CBC_SHA:TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:"
+ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA:TLS_DHE_DSS_WITH_AES_128_CBC_SHA:TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:TLS_ECDHE_RSA_WITH_RC4_128_SHA:"
+ "SSL_RSA_WITH_RC4_128_SHA:TLS_ECDH_ECDSA_WITH_RC4_128_SHA:TLS_ECDH_RSA_WITH_RC4_128_SHA:TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:"
+ "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:SSL_RSA_WITH_3DES_EDE_CBC_SHA:TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:"
+ "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA:SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA:SSL_RSA_WITH_RC4_128_MD5:TLS_EMPTY_RENEGOTIATION_INFO_SCSV";
//A lot of them are not yet supported on jsse, See Note 1.
private static final String jsseCompleteCipherList = "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:"
+ "TLS_DH_anon_WITH_AES_128_CBC_SHA:TLS_DH_anon_WITH_AES_128_CBC_SHA256:TLS_DH_anon_WITH_AES_128_GCM_SHA256:TLS_DH_anon_WITH_AES_256_CBC_SHA:"
+ "TLS_DH_anon_WITH_AES_256_CBC_SHA256:TLS_DH_anon_WITH_AES_256_GCM_SHA384:TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA:TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256:"
+ "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA:TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256:SSL_DH_anon_WITH_DES_CBC_SHA:SSL_DH_anon_WITH_RC4_128_MD5:"
+ "TLS_DH_anon_WITH_SEED_CBC_SHA:SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA:TLS_DH_DSS_WITH_AES_128_CBC_SHA:"
+ "TLS_DH_DSS_WITH_AES_128_CBC_SHA256:TLS_DH_DSS_WITH_AES_128_GCM_SHA256:TLS_DH_DSS_WITH_AES_256_CBC_SHA:TLS_DH_DSS_WITH_AES_256_CBC_SHA256:"
+ "TLS_DH_DSS_WITH_AES_256_GCM_SHA384:TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA:TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256:TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA:"
+ "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256:SSL_DH_DSS_WITH_DES_CBC_SHA:TLS_DH_DSS_WITH_SEED_CBC_SHA:SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:"
+ "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA:TLS_DH_RSA_WITH_AES_128_CBC_SHA:TLS_DH_RSA_WITH_AES_128_CBC_SHA256:TLS_DH_RSA_WITH_AES_128_GCM_SHA256:"
+ "TLS_DH_RSA_WITH_AES_256_CBC_SHA:TLS_DH_RSA_WITH_AES_256_CBC_SHA256:TLS_DH_RSA_WITH_AES_256_GCM_SHA384:TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA:"
+ "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256:TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA:TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256:SSL_DH_RSA_WITH_DES_CBC_SHA:"
+ "TLS_DH_RSA_WITH_SEED_CBC_SHA:SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:SSL_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA:SSL_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA:"
+ "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA:TLS_DHE_DSS_WITH_AES_128_CBC_SHA:TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:TLS_DHE_DSS_WITH_AES_128_GCM_SHA256:"
+ "TLS_DHE_DSS_WITH_AES_256_CBC_SHA:TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:TLS_DHE_DSS_WITH_AES_256_GCM_SHA384:TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA:"
+ "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256:TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA:TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256:SSL_DHE_DSS_WITH_DES_CBC_SHA:"
+ "SSL_DHE_DSS_WITH_RC4_128_SHA:TLS_DHE_DSS_WITH_SEED_CBC_SHA:TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA:TLS_DHE_PSK_WITH_AES_128_CBC_SHA:"
+ "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256:TLS_DHE_PSK_WITH_AES_128_GCM_SHA256:TLS_DHE_PSK_WITH_AES_256_CBC_SHA:TLS_DHE_PSK_WITH_AES_256_CBC_SHA384:"
+ "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384:TLS_DHE_PSK_WITH_NULL_SHA:TLS_DHE_PSK_WITH_NULL_SHA256:TLS_DHE_PSK_WITH_NULL_SHA384:"
+ "TLS_DHE_PSK_WITH_RC4_128_SHA:SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA:TLS_DHE_RSA_WITH_AES_128_CBC_SHA:"
+ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:TLS_DHE_RSA_WITH_AES_128_GCM_SHA256:TLS_DHE_RSA_WITH_AES_256_CBC_SHA:TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:"
+ "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384:TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA:TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256:TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:"
+ "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256:SSL_DHE_RSA_WITH_DES_CBC_SHA:TLS_DHE_RSA_WITH_SEED_CBC_SHA:TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:"
+ "TLS_ECDH_anon_WITH_AES_128_CBC_SHA:TLS_ECDH_anon_WITH_AES_256_CBC_SHA:TLS_ECDH_anon_WITH_NULL_SHA:TLS_ECDH_anon_WITH_RC4_128_SHA:"
+ "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256:TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256:"
+ "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDH_ECDSA_WITH_NULL_SHA:"
+ "TLS_ECDH_ECDSA_WITH_RC4_128_SHA:TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256:"
+ "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384:"
+ "TLS_ECDH_RSA_WITH_NULL_SHA:TLS_ECDH_RSA_WITH_RC4_128_SHA:TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:"
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:"
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_NULL_SHA:TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:"
+ "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA:TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA:TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256:TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA:"
+ "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384:TLS_ECDHE_PSK_WITH_NULL_SHA:TLS_ECDHE_PSK_WITH_NULL_SHA256:TLS_ECDHE_PSK_WITH_NULL_SHA384:"
+ "TLS_ECDHE_PSK_WITH_RC4_128_SHA:TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:"
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:"
+ "TLS_ECDHE_RSA_WITH_NULL_SHA:TLS_ECDHE_RSA_WITH_RC4_128_SHA:TLS_EMPTY_RENEGOTIATION_INFO_SCSV:SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:"
+ "SSL_FORTEZZA_DMS_WITH_NULL_SHA:TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5:TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA:TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5:"
+ "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA:TLS_KRB5_EXPORT_WITH_RC4_40_MD5:TLS_KRB5_EXPORT_WITH_RC4_40_SHA:TLS_KRB5_WITH_3DES_EDE_CBC_MD5:"
+ "TLS_KRB5_WITH_3DES_EDE_CBC_SHA:TLS_KRB5_WITH_DES_CBC_MD5:TLS_KRB5_WITH_DES_CBC_SHA:TLS_KRB5_WITH_IDEA_CBC_MD5:TLS_KRB5_WITH_IDEA_CBC_SHA:"
+ "TLS_KRB5_WITH_RC4_128_MD5:TLS_KRB5_WITH_RC4_128_SHA:TLS_PSK_WITH_3DES_EDE_CBC_SHA:TLS_PSK_WITH_AES_128_CBC_SHA:TLS_PSK_WITH_AES_128_CBC_SHA256:"
+ "TLS_PSK_WITH_AES_128_GCM_SHA256:TLS_PSK_WITH_AES_256_CBC_SHA:TLS_PSK_WITH_AES_256_CBC_SHA384:TLS_PSK_WITH_AES_256_GCM_SHA384:TLS_PSK_WITH_NULL_SHA:"
+ "TLS_PSK_WITH_NULL_SHA256:TLS_PSK_WITH_NULL_SHA384:TLS_PSK_WITH_RC4_128_SHA:SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:"
+ "SSL_RSA_EXPORT_WITH_RC4_40_MD5:SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA:SSL_RSA_EXPORT1024_WITH_RC4_56_SHA:SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA:"
+ "SSL_RSA_FIPS_WITH_DES_CBC_SHA:TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA:TLS_RSA_PSK_WITH_AES_128_CBC_SHA:TLS_RSA_PSK_WITH_AES_128_CBC_SHA256:"
+ "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256:TLS_RSA_PSK_WITH_AES_256_CBC_SHA:TLS_RSA_PSK_WITH_AES_256_CBC_SHA384:TLS_RSA_PSK_WITH_AES_256_GCM_SHA384:"
+ "TLS_RSA_PSK_WITH_NULL_SHA:TLS_RSA_PSK_WITH_NULL_SHA256:TLS_RSA_PSK_WITH_NULL_SHA384:TLS_RSA_PSK_WITH_RC4_128_SHA:SSL_RSA_WITH_3DES_EDE_CBC_SHA:"
+ "TLS_RSA_WITH_AES_128_CBC_SHA:TLS_RSA_WITH_AES_128_CBC_SHA256:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_256_CBC_SHA:TLS_RSA_WITH_AES_256_CBC_SHA256:"
+ "TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256:TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:"
+ "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256:SSL_RSA_WITH_DES_CBC_SHA:SSL_RSA_WITH_IDEA_CBC_SHA:SSL_RSA_WITH_NULL_MD5:SSL_RSA_WITH_NULL_SHA:"
+ "TLS_RSA_WITH_NULL_SHA256:SSL_RSA_WITH_RC4_128_MD5:SSL_RSA_WITH_RC4_128_SHA:TLS_RSA_WITH_SEED_CBC_SHA:TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA:"
+ "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA:TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA:TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA:TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA:"
+ "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA:TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA:TLS_SRP_SHA_WITH_AES_128_CBC_SHA:TLS_SRP_SHA_WITH_AES_256_CBC_SHA";
public static void main(String[] args) throws Exception {
String ciphers = jsseCiphersEnabledByDefault + ":" + jsseCiphersDisabledByDefault;
System.out.println("Using Hostname : port = " + HOST + " : " + PORT_TARGET);
//test enabled and the ones that disabled by default
testSSL(HOST, PORT_TARGET, PROTO_SSLV3, ciphers);
testSSL(HOST, PORT_TARGET, PROTO_TLSV1, ciphers);
testSSL(HOST, PORT_TARGET, PROTO_TLSV11, ciphers);
testSSL(HOST, PORT_TARGET, PROTO_TLSV12, ciphers);
//test weak ciphers
/* testSSL(HOST, PORT_TARGET, PROTO_SSLV3, jsseCiphersDisabledByDefault);
testSSL(HOST, PORT_TARGET, PROTO_TLSV1, jsseCiphersDisabledByDefault);
testSSL(HOST, PORT_TARGET, PROTO_TLSV11, jsseCiphersDisabledByDefault);
testSSL(HOST, PORT_TARGET, PROTO_TLSV12, jsseCiphersDisabledByDefault);*/
}
private static void testSSL(String hostname, int port, String version, String cipherSuitesToTest) {
try {
System.out.println("-------------------------");
System.out.println("Protocol : " + version);
ArrayList<string> success = new ArrayList<string>();
ArrayList<string> unsupported = new ArrayList<string>();
ArrayList<string> fail = new ArrayList<string>();
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory
.getDefault();
SSLSocket socket = (SSLSocket) factory.createSocket(hostname, port);
//set the SSL version to be used
String[] prots = { version };
socket.setEnabledProtocols(prots);
String[] cipherSuitesClient = cipherSuitesToTest.split(":");
for (String ciphers : cipherSuitesClient) {
socket = (SSLSocket) factory.createSocket(hostname, port);
socket.setEnabledProtocols(prots);
String[] array = { ciphers };
//try making a handshake
try {
socket.setEnabledCipherSuites(array);
socket.startHandshake();
success.add(ciphers);
} catch (javax.net.ssl.SSLHandshakeException e) {
fail.add(ciphers);
} catch (java.lang.IllegalArgumentException e){
if (e.getMessage().contains("Unsupported ciphersuite") || e.getMessage().contains("Cannot support"))
unsupported.add(ciphers);
else
e.printStackTrace();
}
catch (Exception e) {
System.out.println(ciphers + ":" + e.getClass() + " "
+ e.getMessage());
}
socket.close();
}
System.out.println("Testing " + version + " ciphers. Count: "
+ cipherSuitesClient.length);
System.out.println("Successful Handshake count = "
+ success.size());
Collections.sort(success);
for (String name : success) {
System.out.println("[" + version + "]" + " +" + name);
}
System.out.println("Unsupported list. Count = " + unsupported.size());
Collections.sort(unsupported);
if(VERBOSE){
for (String name : unsupported) {
System.out.println("[" + version + "]" + "XXX " + name);
}
}
System.out.println("Handshake Failed Count = " + fail.size());
if(VERBOSE){
for (String name : fail) {
System.out.println("[" + version + "]" + "-" + name);
}
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
</string></string></string></string></string></string></pre>
<br /></div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com0tag:blogger.com,1999:blog-6348799822268982633.post-49093966668182337162014-08-30T14:12:00.000+05:302014-10-18T18:35:35.256+05:30Java/JSSE Handshake SSL/TLS exceptions<div dir="ltr" style="text-align: left;" trbidi="on">
If you are facing some of the below errors, it might mean you are using a Java that does not have the support for the thing you are trying to do:
<br />
<br />
<b>Example 1: Illegal argument exceptions for protocol version</b><br />
You are enabling TLS 1.1 and TLS 1.2, but it may give you an exception if you are using Java 1.6. 1.6 does not support TLS 1.1 and TLS 1.2. You can check here as it supports only SSLv3 and TLSv1 (See Support classes and Interfaces section and see the possible values for SSLContext):
<br />
<br />
<br />
<a href="http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html" target="_blank">http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html</a><br />
<br />
<pre class="brush:java;">...
String[] protocols = {"TLSv1.1", "TLSv1.2"};
socket = (SSLSocket) factory.createSocket(hostname, port);
socket.setEnabledProtocols(protocols);
...
</pre>
<blockquote>
<code class="jive-code"><br />
-------------------------<br />
Protocol : TLSv1.1<br />
java.lang.IllegalArgumentException: TLSv1.1<br />
at com.sun.net.ssl.internal.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:133)<br />
at com.sun.net.ssl.internal.ssl.ProtocolList.<init>(ProtocolList.java:38)<br />
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setEnabledProtocols(SSLSocketImpl.java:2202)<br />
at com.ssl.test.SSLTesting.testSSL(SSLTesting.java:177)<br />
at com.ssl.test.SSLTesting.main(SSLTesting.java:154)<br />
-------------------------<br />
Protocol : TLSv1.2<br />
java.lang.IllegalArgumentException: TLSv1.2<br />
at com.sun.net.ssl.internal.ssl.ProtocolVersion.valueOf(ProtocolVersion.java:133)<br />
at com.sun.net.ssl.internal.ssl.ProtocolList.<init>(ProtocolList.java:38)<br />
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setEnabledProtocols(SSLSocketImpl.java:2202)<br />
at com.ssl.test.SSLTesting.testSSL(SSLTesting.java:177)<br />
at com.ssl.test.SSLTesting.main(SSLTesting.java:164)<br />
</init></init></code></blockquote>
<br />
<br />
So, as an example, when I check, I see that my eclipse is still using 1.6 for execution.
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-1FDmCWLS_48/VAGOEyjjyVI/AAAAAAAAbdA/B3fYt7OgTK8/s1600/Jre6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-1FDmCWLS_48/VAGOEyjjyVI/AAAAAAAAbdA/B3fYt7OgTK8/s320/Jre6.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
So I need to change it to 1.7 to destroy these ugly exceptions. :D. You can check the page for JSSE 7.<br />
<a href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html" target="_blank">http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html</a>
and see the values for SSLContext.
Changed to 1.7.
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-fMg5_9NJ9Y0/VAGOO4il8FI/AAAAAAAAbdI/LgdYwd8CZ1k/s1600/Jre7.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-fMg5_9NJ9Y0/VAGOO4il8FI/AAAAAAAAbdI/LgdYwd8CZ1k/s320/Jre7.PNG" /></a></div>
<br />
<br />
<b>Example 2: Cannot support cipher exceptions:</b><br />
<br />
Cannot support exceptions again point to the use of an incorrect JRE like 1.6. However, unsupported exception (that you can get while using 1.7) might mean that the ciphersuite is still not implemented in JSSE 1.7.<br />
To get a list of a complete list of JSSE cipher names you can use this link:<br />
<a href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites" target="_blank">http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#ciphersuites</a><br />
<br />
However, you must know that these are only the names that JSSE is going to use, some of the ciphers are still not implemented and can be expected to be implemented in Java 8.
To see what all ciphers are implemendted in 1.7, you can use this link, check the Cipher suite section:<br />
<a href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider" target="_blank">http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider </a><br />
<blockquote>
<code class="jive-code">
<br />
java.lang.IllegalArgumentException: Cannot support TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA with currently installed providers<br />
at com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(CipherSuiteList.java:79)<br />
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:2162)<br />
at com.ssl.test.SSLTesting.testSSL(SSLTesting.java:186)<br />
</init></code></blockquote>
</div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com1tag:blogger.com,1999:blog-6348799822268982633.post-73365847857412982372014-08-15T10:32:00.001+05:302014-12-04T09:39:09.748+05:30SSL/TLS cipher testing Notes and Tools<div dir="ltr" style="text-align: left;" trbidi="on">
I am trying to gather some freely available tools, techniques and links that can help running SSL/TLS related tests. The more I learn, the more stuff I will add. SSL/TLS is not that simple, you cannot rely on the output of just 1 tool. You also need to understand how that tool/script works internally.<br />
<br />
<h3 style="text-align: left;">
Tools and scripts (will keep adding)</h3>
<div>
Testing might be affected with what openssl version you have installed, because older versions may not have support for newer cipher suites or higher protocols. So while testing you need to take this into consideration.</div>
<div>
<br /></div>
1.<b> Nmap ssl-enum-ciphers script</b><br />
<br />
<pre style="font-family: 'Andale Mono', monospace; font-size: smaller;">nmap --script ssl-enum-ciphers -p 443 hostname<host></host></pre>
<br />
<a href="http://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html" target="_blank">http://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-o9LduAQ2zus/VHwt0z67EVI/AAAAAAAAbrM/n52BTAtTxjQ/s1600/nmap.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-o9LduAQ2zus/VHwt0z67EVI/AAAAAAAAbrM/n52BTAtTxjQ/s1600/nmap.PNG" height="251" width="320" /></a></div>
<br />
<br />
2. <b>sslscan. (based on openssl)</b><br />
<a href="http://sourceforge.net/projects/sslscan/" target="_blank">http://sourceforge.net/projects/sslscan/</a><br />
<br />
Uses openssl internally. If you compile it on redhat, you may run into compilation issues because EC crypto is not there in openssl in redhat (depending on your version). If you are not interested in testing EC, then you can comment out the lines as mentioned in my previous post:<br />
<br />
<a href="http://rhosted.blogspot.in/2014/02/using-sslscan-and-ssltests-for-testing.html" target="_blank">http://rhosted.blogspot.in/2014/02/using-sslscan-and-ssltests-for-testing.html</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-BIKRC3dtM8E/VHwvVDQ5nrI/AAAAAAAAbrc/QN291knswuw/s1600/sse.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-BIKRC3dtM8E/VHwvVDQ5nrI/AAAAAAAAbrc/QN291knswuw/s1600/sse.PNG" height="235" width="320" /></a></div>
<br />
<br />
3. <b>ssl_tests (based on sslscan/openssl)</b><br />
ssl_tests is a shell script that uses sslscan and openssl internally to connect.<br />
<br />
<a href="http://www.pentesterscripting.com/discovery/ssl_tests" target="_blank">www.pentesterscripting.com/discovery/ssl_tests</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-nXWC7822mXU/VHwvb7vMZwI/AAAAAAAAbrk/mzm96DQ3Z0A/s1600/ssl.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-nXWC7822mXU/VHwvb7vMZwI/AAAAAAAAbrk/mzm96DQ3Z0A/s1600/ssl.PNG" height="251" width="320" /></a></div>
<br />
<br />
4. <b>Using OpenSSL directly</b><br />
<pre>openssl s_client -connect host:port</pre>
<br />
5. <b>sslyze</b><br />
root@kali:~# sslyze --tlsv1 www.example.com<br />
<div>
<br />
<a href="https://github.com/iSECPartners/sslyze" target="_blank">https://github.com/iSECPartners/sslyze</a></div>
<div>
<br />
6. <b>TestSSLServer :</b> A simple java program that does the same kind of testing. The program uses plain sockets and raw packet level inspection and does not depend on any provider like JSSE or Openssl as such. So it is very good for learning at raw packet level as to how do you know whether compression is supported or not. The program also checks CRIME and BEAST status by checking the compression support in the connection and inspecting the protocol version. You can see how it does that in the comments.<br />
<br />
However, I would recommend you develop your own understand about CRIME/BEAST working and its latest status depending on your own application implementation rather than relying on the output of the testing program. Things and assumptions keep changing with time.<br />
<br />
<a href="http://www.bolet.org/TestSSLServer/" target="_blank">http://www.bolet.org/TestSSLServer/</a><br />
<br />
Original reference: <a href="http://security.stackexchange.com/questions/20376/tools-to-test-for-beast-crime-that-arent-internet-based" target="_blank">http://security.stackexchange.com/questions/20376/tools-to-test-for-beast-crime-that-arent-internet-based</a><br />
<br />
Here is a screenshot of running the tool using eclipse:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-87N5UcatpW4/VHw0kBywNYI/AAAAAAAAbr0/Q-Vec6h3fh8/s1600/test.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-87N5UcatpW4/VHw0kBywNYI/AAAAAAAAbr0/Q-Vec6h3fh8/s1600/test.PNG" height="252" width="320" /></a></div>
<br />
<br />
7. <b>SSLDigger by Foundstone -</b><br />
It is a windows based tool. However, it does not have support for a lot of latest ciphers probably because it has not been updated.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-Po3aBBjKkHw/VHwtN20u1jI/AAAAAAAAbrE/94VOZOxEoH8/s1600/digger.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" src="http://2.bp.blogspot.com/-Po3aBBjKkHw/VHwtN20u1jI/AAAAAAAAbrE/94VOZOxEoH8/s1600/digger.PNG" height="226" width="320" /></a></div>
<br />
<br />
<a href="http://www.mcafee.com/uk/downloads/free-tools/ssldigger.aspx" target="_blank">http://www.mcafee.com/uk/downloads/free-tools/ssldigger.aspx</a><br />
<br /></div>
8. If you want to play around writing your own tool, here is a small test I did in Java. This tool is an example of how you can use a crypto library for SSL testing. The drawback is that you can only test the cipher that your client library supports. In contrast to TestSSLServer (6) which does a packet level inspection and does not rely on a local crypto library.<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<a href="http://rhosted.blogspot.in/2014/08/jsse-based-ssl-ciphersuite-tester.html" target="_blank">http://rhosted.blogspot.in/2014/08/jsse-based-ssl-ciphersuite-tester.html</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-4hgMrS_Q5gw/VHyY5q8hJoI/AAAAAAAAbsE/QUbpHTxDMIc/s1600/MyOwn.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-4hgMrS_Q5gw/VHyY5q8hJoI/AAAAAAAAbsE/QUbpHTxDMIc/s1600/MyOwn.PNG" height="157" width="320" /></a></div>
<br />
<br />
9. <b>Testing the SSL for mysql and postgresql?</b><br />
Databases do not really follow the procedures of a typical SSL/TLS handshake. You need to have a db client for that or you can use wireshark. Wanna see an example, check my earlier notes on mysql's ssl:<br />
<br />
<a href="http://rhosted.blogspot.in/2014/10/mysql-tlsv1-capture-using-wireshark.html" target="_blank">http://rhosted.blogspot.in/2014/10/mysql-tlsv1-capture-using-wireshark.html</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-SR1_O_Uk-30/VE-H9ZrjD8I/AAAAAAAAbfg/HnhqcyLno-k/s1600/mysql_normal.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-SR1_O_Uk-30/VE-H9ZrjD8I/AAAAAAAAbfg/HnhqcyLno-k/s1600/mysql_normal.PNG" height="122" width="320" /></a></div>
<br />
10. <b>SSLAudit - <a href="https://code.google.com/p/sslaudit/" target="_blank">https://code.google.com/p/sslaudit/</a></b><br />
<br />
I found SSLAudit pretty good.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-C6lEg41VKMA/VH1J8FafkTI/AAAAAAAAbsg/cFsw5WISy9Y/s1600/sslaudit.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-C6lEg41VKMA/VH1J8FafkTI/AAAAAAAAbsg/cFsw5WISy9Y/s1600/sslaudit.png" height="301" width="320" /></a></div>
<br />
11. <b>SSL Breacher</b><br />
<a href="http://bl0g.yehg.net/2014/07/ssl-breacher-yet-another-ssl-test-tool.html" target="_blank">http://bl0g.yehg.net/2014/07/ssl-breacher-yet-another-ssl-test-tool.html</a><br />
<br />
12. <b>TLSSLed (Based on sslscan/openssl)</b><br />
<a href="http://blog.taddong.com/2011/05/tlssled-v10.html" target="_blank">http://blog.taddong.com/2011/05/tlssled-v10.html</a><br />
<br />
<br />
<br />
To be continued..<br />
<br />
<h3 style="text-align: left;">
Helpful references for testing</h3>
<br />
<ul style="text-align: left;">
<li><a href="http://superuser.com/questions/109213/is-there-a-tool-that-can-test-what-ssl-tls-cipher-suites-a-particular-website-of" target="_blank">http://superuser.com/questions/109213/is-there-a-tool-that-can-test-what-ssl-tls-cipher-suites-a-particular-website-of</a></li>
<li><a href="https://www.owasp.org/index.php/Testing_for_SSL-TLS_%28OWASP-CM-001%29" target="_blank">https://www.owasp.org/index.php/Testing_for_SSL-TLS_%28OWASP-CM-001%29</a></li>
<li><a href="https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers,_Insufficient_Transport_Layer_Protection_%28OTG-CRYPST-001%29" target="_blank">https://www.owasp.org/index.php/Testing_for_Weak_SSL/TLS_Ciphers,_Insufficient_Transport_Layer_Protection_%28OTG-CRYPST-001%29</a></li>
<li>More about secure socket implementation in Java:<br /><a href="http://download.java.net/jdk7/archive/b123/docs/api/javax/net/ssl/SSLSocket.html" target="_blank">http://download.java.net/jdk7/archive/b123/docs/api/javax/net/ssl/SSLSocket.html</a></li>
</ul>
<br />
<br />
<h3 style="text-align: left;">
TLS learning</h3>
[*] Listing of Openssl ciphers (meaning of examples like ALL:!ADH:@STRENGTH)<br />
<a href="https://www.openssl.org/docs/apps/ciphers.html#EXAMPLES" target="_blank">https://www.openssl.org/docs/apps/ciphers.html#EXAMPLES</a><br />
<br />
[*] A little advanced but good learning material about TLS<br />
<a href="https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet" target="_blank">https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet</a><br />
<br />
[*] Explains a lot of common SSL problems in a very simple way.<br />
<a href="https://www.howsmyssl.com/s/about.html" target="_blank">https://www.howsmyssl.com/s/about.html</a><br />
<br />
[*] Understanding the meaning of a cipher string like DHE-RSA-AES256-SHA<br />
<a href="http://nzbget.net/Choosing_a_cipher" target="_blank">http://nzbget.net/Choosing_a_cipher</a><br />
<br />
[*] High/Low/Med grade ciphers<br />
<a href="https://bto.bluecoat.com/packetguide/appcelera-3.0.2/configure/ssl-cipher-details-popup.htm" target="_blank">https://bto.bluecoat.com/packetguide/appcelera-3.0.2/configure/ssl-cipher-details-popup.htm</a><br />
<br />
<h3 style="text-align: left;">
SSL/TLS best practices</h3>
[*] <a href="https://www.ssllabs.com/projects/best-practices/index.html" target="_blank">https://www.ssllabs.com/projects/best-practices/index.html</a><br />
<br />
<h3 style="text-align: left;">
Products using SSL</h3>
[*] Postgres using SSL (How to test SSL being used)<br />
<a href="https://kb.berkeley.edu/page.php?id=23113" target="_blank">https://kb.berkeley.edu/page.php?id=23113</a><br />
<br />
<h3 style="text-align: left;">
BEAST</h3>
<a href="http://blog.cryptographyengineering.com/2011/09/brief-diversion-beast-attack-on-tlsssl.html" target="_blank">http://blog.cryptographyengineering.com/2011/09/brief-diversion-beast-attack-on-tlsssl.html</a></div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com0tag:blogger.com,1999:blog-6348799822268982633.post-35173390756696025432014-06-13T18:09:00.000+05:302014-10-18T18:41:36.530+05:30How to Setup Chroot SFTP in Suse 11<div dir="ltr" style="text-align: left;" trbidi="on">
<b>Setup a chrooted SSH sftp account. (Tested on Suse 11 and OpenSSH) </b><br />
We will create a low privileged sftp directory where lets say the users can upload their stuff without exposing our internal filesystem.
First, add a user with a home directory, we don't want this user to access ssh via a shell, only for sftp, that's why we are setting the shell to /bin/false. Chrooted shell is a different chapter, so not discussing it here. And you can confirm the settings of newly added bobuser in /etc/passwd.
<br />
<blockquote class="tr_bq">
<br />
test:~ # useradd -d /home/bobuser -s /bin/false -m bobuser<br />
test:~ # cat /etc/passwd | grep bobuser<br />
bobuser:x:1505:100::/home/bobuser:/bin/false</blockquote>
<br />
Set the password for bobuser, or else you it will not allow you to login if the password is not set.
<br />
<blockquote class="tr_bq">
<br />
passwd bobuser <br />
Changing password for bobuser.<br />
New password: <br />
BAD PASSWORD: it is based on a dictionary word<br />
Retype new password: <br />
Password changed.</blockquote>
<br />
Add the following settings in /etc/ssh/sshd_config file.
<br />
<blockquote class="tr_bq">
<br />
#Sftp/chroot Settings for bobuser in /etc/ssh/sshd_config<br />
#Change LogLevel to debug and check errors (if any) in /var/log/messages<br />
Subsystem sftp internal-sftp<br />
<br />
#Sftp/chroot Settings for bobuser<br />
Match User bobuser<br />
X11Forwarding no<br />
AllowTcpForwarding no<br />
ForceCommand internal-sftp<br />
ChrootDirectory /home/bobuser</blockquote>
<br />
Also add bobuser to the allow users list. This is a good practice to set can use ssh/sftp to login.
<br />
<blockquote class="tr_bq">
<br />
AllowUsers alexuser bobuser
</blockquote>
<br />
Now restart the ssh service. And try connecting.
<br />
<blockquote class="tr_bq">
<br />
r00ter127:~ # service sshd restart<br />
Shutting down SSH daemon done<br />
Starting SSH daemon done<br />
r00ter127:~ # sftp bobuser@localhost<br />
Connecting to localhost...<br />
Password: <br />
Read from remote host localhost: Connection reset by peer<br />
Couldn't read packet: Connection reset by peer</blockquote>
Ouch..We need to read the errors in /var/log/messages, we had already set it to debug level. There are some requirements expected by the ssh daemon<br />
<blockquote class="tr_bq">
<br />
Jan 25 11:30:27 r00ter127 sshd[10220]: debug1: PAM: establishing credentials<br />
Jan 25 11:30:27 r00ter127 sshd[10220]: fatal: bad ownership or modes for chroot directory "/home/bobuser"</blockquote>
Set the ownership of the home and parent directories to root. That's a requirement.
<br />
<blockquote class="tr_bq">
<br />
test:~ # ls -ld /home/bobuser/<br />
drwxr-xr-x 5 bobuser users 4096 Jun 13 12:21 /home/bobuser/<br />
test:~ # chown root:root /home/bobuser<br />
test:~ # ls -ld /home/bobuser/<br />
drwxr-xr-x 5 root root 4096 Jun 13 12:21 /home/bobuser/</blockquote>
We are set with the permissions now.
<br />
<blockquote class="tr_bq">
<br />
r00ter127:~ # sftp bobuser@localhost<br />
Connecting to localhost...<br />
Password: <br />
subsystem request failed on channel 0<br />
Couldn't read packet: Connection reset by peer</blockquote>
If you get the above error, then it means there is some problem invoking the sftp server. And the ssh logs are not very helpful in this regard. Make sure you are using the internal-sftp:
<br />
<blockquote class="tr_bq">
<br />
Subsystem sftp internal-sftp<br />
...<br />
ForceCommand internal-sftp</blockquote>
And then.. you are done.
<br />
<blockquote class="tr_bq">
<br />
r00ter127:~ # sftp bobuser@localhost<br />
Connecting to localhost...<br />
Password: <br />
sftp> pwd<br />
Remote working directory: /</blockquote>
<br />
<br /></div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com0tag:blogger.com,1999:blog-6348799822268982633.post-73922024717268418792014-06-09T21:59:00.000+05:302014-10-18T18:41:54.014+05:30PAM module security settings for beginners - Suse 11<div dir="ltr" style="text-align: left;" trbidi="on">
<b>Pam modules security settings for beginners(Tested on Suse 11)</b><br />
Configuring Pluggable Authentication Modules for security could be tricky sometimes. A lot of times people are looking for ways to prevent brute force and password guessing attempts on their ssh. But understanding the working of pam modules, testing them correctly surely takes some time. I am trying to list down here what I have tried and tested. There are 4 modules, cracklib, pwhistory, faildelay and tally. You can explore the man pages for detailed options that are supported, however here is the tricky part: depending on the modules version installed in your Linux, and in some cases depending on the Linux distro as well, the actual behavior may vary and some of the options listed in the man page may not even work. This adds a lot of confusion and frustration on how to get it to work. So define clearly your goals first, and then try out settings as listed in the man pages. Also make a note of where you are adding the rules, and finally a round to testing to ensure, things work as expected. <br />
<br />
Few checkpoints, if you face problems when your pam module does not work as intended:<br />
<br />
1. Ensure you understand the documented behavior of the module, its purpose, results, limitations etc.<br />
2. Make a note of the PAM rule that you are adding, and the meaning of its parameters<br />
3. Make a note of which file you are adding the rule to (e.g. the rule common-auth, common-password) it may not work if you have added it to the wrong file. :)<br />
4. Well the version you are using, or the distro you are using, may have bugs as well. You need to check and google out any such possibility.<br />
5. Well, if some option is not working in your module, even when it is listed in its man page, probably you are reading the documentation for a newer version <br />
6. Is there any log file that this module writes to, where you can see its behavior? <br />
<br />
<b>cracklib</b> is being used for enforcing strong password rules. <br />
<b>faildelay</b> is to make the password prompt delay by a period of time when supplied with a wrong password, which reduces the efficiency of password guessing/brute forcing attacks. <br />
<b>pwhistory</b> is to maintain a history of old passwords, so that users do not reuse their old passwords <br />
<b>pam_tally</b> is to maintain a counter of bad login attempts and to lock the account for a given time, when the counter exceeds the set threshold. The useful feature is to reset the counter when a successful attempt occurs. This again is helpful in reduces the efficiency of password guessing/brute forcing attacks.<br />
<br />
(The config files in Suse are in /etc/pam.d/common-auth/account/password):<br />
<b>Using cracklib and pwhistory</b>
#Password rules for the creation of strong passwords<br />
- at least one special character (ocredit)<br />
- at least one digit (dcredit)<br />
- at least one lower case letter (lcredit)<br />
- at least one upper case letter (ucredit)<br />
- has a minimum length of 8 characters (minlen)<br />
<br />
/etc/pam.d/common-password:<br />
<blockquote>
<code class="jive-code"><br />
password requisite pam_cracklib.so difok=4 minlen=8 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 maxrepeat=3<br />
<br />
#Dont allow previously set passwords, This will remember upto 5 previous passwords.<br />
#The old passwords are stored in /etc/security/opasswd<br />
password required pam_pwhistory.so remember=5 retry=3<br />
</code></blockquote>
<br />
<br />
<b>Testing</b><br />
Those password rules do not work for root account. However for non-root accounts, you can try changing them. The errors however could be misleading. For e.g. you may get "password is too simple", even when u have a long password but you forgot to include a special character. So read the manual and keep trying.
<br />
<br />
<b>faildelay: Brute force and password guessing attack protection</b><br />
This means when you provide a bad password, the next password prompt would come after 5 seconds (or more). Which is a discouraging thing for automated brute forcing programs. This combined with strong password rules, and locking mechanism with pam_tally provide a good level of protection.
/etc/pam.d/common-auth:<br />
<blockquote>
<code class="jive-code"><br />
#Faildelay to delay the appearance of prompt (mitigation of brute force and password guessing attacks)<br />
#delay is in micro seconds<br />
auth required pam_faildelay.so delay=5000000<br />
</code></blockquote>
<br />
<br />
<b>Testing for faildelay</b><br />
Provide a bad password and the next password prompt should appear after 5 seconds.<br />
<br />
<b>pam_tally: Temporary account locking and automatic unlocking</b><br />
You can use pam_tally to lock accounts which pass the defined threshold.(set with deny)
<br />
<blockquote>
<code class="jive-code"><br />
#Locking accounts temporarily when bad passwords are supplied (mitigating brute force and password guessing attacks)<br />
#It uses the tally counter<br />
auth required pam_tally.so deny=5 lock_time=1 unlock_time=60<br />
</code></blockquote>
<br />
<br />
<b>Testing for pam_tally</b><br />
By default, the pam_tally module will use /var/log/faillog log file. If you want to see the contents, run faillog command
:<br />
<blockquote>
<code class="jive-code"><br />
test:~ # faillog<br />
Login Failures Maximum Latest On<br />
alexuser 0 0 06/09/14 15:37:20 +0000 test.system.com<br />
</code></blockquote>
<br />
<br />
<br />
Try logging in and providing wrong passwords, with every wrong attempt, the pam_tally would increment Failure count. Once it goes beyond the threshold of 5, it will start locking you for 60 seconds for every bad password you provide. Only after 60 seconds it will accept a password.
If you provide the correct password, the faillog is cleared.<br />
<br />
<blockquote>
<code class="jive-code"><br />
test:~ # ssh alexuser@localhost<br />
Password: <br />
Password: <br />
Password: <br />
Account locked due to 6 failed logins<br /><br />
Received disconnect from 127.0.0.1: 2: Too many authentication failures for alexuser<br />
test:~ # ssh alexuser@localhost<br />
Password: <br />
Password: <br />
Account locked due to 8 failed logins<br /><br />
Password: <br />
Account locked due to 9 failed logins<br />
<br />
Received disconnect from 127.0.0.1: 2: Too many authentication failures for alexuser<br />
</code></blockquote>
<br />
<br />
Now you wait for 60 seconds and try logging again, this time provide correct password in first try (or else it will again start the lock period of 60 sec) and the system should log you in. Now you can run faillog and it will be empty because it got reset by your successful login.<br />
<br />
<br />
<br />
<br />
References:<br />
<a href="http://linux.die.net/man/8/pam_cracklib">http://linux.die.net/man/8/pam_cracklib</a><br />
<a href="http://linux.die.net/man/8/pam_tally">http://linux.die.net/man/8/pam_tally</a>
</div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com0tag:blogger.com,1999:blog-6348799822268982633.post-42062549049754117692014-06-07T07:36:00.001+05:302014-10-18T18:36:22.202+05:30Java code: Simple RSA encryption and decryption code<div dir="ltr" style="text-align: left;" trbidi="on">
A simple program to generate 1024 bit RSA key pair, and perform simple encryption and decryption. No a big deal. Two classes: AsymetricKeyHelper and Main.
AsymmetricKeyHelper.java:
<br />
<pre class="brush:java;">/*AsymmetricKeyHelper.java*/
package com.work.crypto;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
public class AsymmetricKeyHelper {
//Generates an RSA public private key pair
public KeyPair keyPair() {
KeyPair kp = null;
try {
KeyPairGenerator keyPairGenerator = KeyPairGenerator
.getInstance("RSA");
keyPairGenerator.initialize(1024);
kp = keyPairGenerator.generateKeyPair();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return kp;
}
//does the encryption
public byte[] encrypt(byte[] clearTest, Key key) {
try {
Cipher cipher = Cipher.getInstance(key.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, key);
return cipher.doFinal(clearTest);
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
return null;
}
//does the decryption
public byte[] decrypt(byte[] cipherText, PrivateKey private1) {
try {
Cipher cipher;
System.out.println(private1.getAlgorithm());
cipher = Cipher.getInstance(private1.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, private1);
return cipher.doFinal(cipherText);
} catch (NoSuchAlgorithmException e1) {
e1.printStackTrace();
} catch (NoSuchPaddingException e1) {
e1.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
}
return null;
}
}
</pre>
Main.java:
<br />
<pre class="brush:java;">/*Main.java*/
package com.work.crypto;
import java.security.KeyPair;
public class Main {
/**
* @param args
*/
public static void main(String[] args) {
asymmetricEncryptionSimple();
}
private static void asymmetricEncryptionSimple() {
AsymmetricKeyHelper keyHelper = new AsymmetricKeyHelper();
KeyPair keyPair = keyHelper.keyPair();
System.out.println(keyPair.getPublic().getAlgorithm());
String plainText = "You little Monkey.I am a cryptographer";
byte[] cipherText = keyHelper.encrypt(plainText.getBytes(), keyPair.getPublic());
//Print the encrypted text, it is in binary. So it will look ugly.
System.out.println(new String(cipherText));
byte[] clearDecrypt = keyHelper.decrypt(cipherText, keyPair.getPrivate());
//Create a string out of the byte array
System.out.println(new String(clearDecrypt));
}
}
</pre>
<br /></div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com0tag:blogger.com,1999:blog-6348799822268982633.post-36960675631197013102014-05-30T19:27:00.001+05:302014-10-18T18:42:16.791+05:30Linux: Compilation of 31 Bash tips and tricks - Part 2 (16-31)<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="tr_bq">
The next part of tips.</div>
<br />
These are picked
from various sources and usually are helpful to me in my day to day work, so you do not have to read the man pages everytime. I do not remember all the sources, so I will quote the source wherever I remember. If you know the source, please let me know.<br />
<br />
I know I have written it in a very clumsy way, without too much explaining of the underlying context and theory or any references. But I hope to make it beginner friendly.<br />
<br />
Here we go:<br />
<br />
<b>16. [Bash usage tip/security]<br /> Enable a 15 minute timeout for bash. Helps in security best practices.</b> <br />
Let's say you want to auto-logout of your bash shell after 15 minutes of inactivity.
This is sometimes an important security requirement as well. You can set this code in the global /etc/profile or for specific user in ~/.bash_profile.
This piece essentially creates a readonly environment variable when a user logs in<br />
<br />
<blockquote>
<code class="jive-code"><br />
#Add this in /etc/profile, tested in SUSE<br />
TMOUT=900<br />
readonly TMOUT<br />
export TMOUT<br />
</code></blockquote>
<br />
<b>17. [Bash usage tip/security]<br /> Disable command execution in Less.</b><br />
Well if you don't know this, you can execute commands in less, vi etc<br />
To disable this in less, you need to set an environment variable called LESSSECURE.
<br />
<blockquote class="tr_bq">
<code class="jive-code"><br />
export LESSSECURE=1</code>
</blockquote>
<br />
<b>18. [Bash usage tip/security]<br /> Executing bash commands in vi, less, and more:</b><br />
<blockquote class="tr_bq">
<br />
in vi -> :!bash<br />
in less -> !bash<br />
in more -> !bash
</blockquote>
<br />
<b>19. [Bash usage tip/security]<br /> Setting an environment variable as READONLY:</b><br />
<blockquote class="tr_bq">
<br />
readonly TMOUT <br />
export TMOUT</blockquote>
<br />
<b>20. [Bash usage tip/security]<br /> Disable bash builtins using enable. This might help if you are trying something like a restricted shell. I must warn you, its risky.</b><br />
<blockquote class="tr_bq">
<br />
enable -n <builtin_name></blockquote>
<br />
<b>21. [Bash usage tip]<br /> Useful commands in vi </b><br />
<blockquote class="tr_bq">
<br />
:set list -special chars<br />
:set nu -line numbers<br />
:.! ls - Add a . before ! during command execution and it will dump the output in the current screen.<br />
:r! <cmd> -same thing, dump the cmd output<br />
:%!xxd - Turn vim into a hexeditor, :%xxd -r to reverse.<br />
q: -command history<br />
:%TOhtml -create an html file body</blockquote>
<br />
<b>22. [Shell scripting tip]<br /> Command execution in a subshell. Shell scripting tip.</b><br />
$(command) is the same as `command`<br />
<blockquote class="tr_bq">
<br />
$(ls) gives you the output of ls<br />
so does `ls`. </blockquote>
<br />
<b>23. [Bash usage tip]<br /> env and export -p </b><br />
Use the env (or export -p) command to see only those variables that have been exported and would be available to a subshell.<br />
<br />
<b>24. [Bash usage tip ]<br />set command:</b><br />
Use the set command to see the value of all variables and function definitions in the current shell.
The list produced by env is a subset of the list produced by set, since not all variables are exported.<br />
<br />
<b>25. [Shell scripting tip]<br /> Looping over vars with spaces like "My Folder". </b><br />
<blockquote class="tr_bq">
<br />
for file in "$@"<br />
do<br />
chmod 0750 "$file"<br />
done</blockquote>
<br />
<b>26. [Shell scripting tip]<br />Difference between: "$*" and "$@". </b><br />
<br />
<blockquote class="tr_bq">
<br />
for file in "$*" will expand to: <br />
for file in "file1 file2 file3 My File.txt" <br />
<br />
The above will not help if the filename has spaces, like My File.txt, bash would treat it as two files, My and File.txt, and thereafter producing an error like My not found.<br />
<br />
for file in "$@" <br />
will expand to: <br />
for file in "file1" "file2" "file3" "My File.txt"</blockquote>
<br />
<b>27. [Shell scripting tip]<br /> Number of args can be accessed by ${#}. </b><br />
<br />
<b>28. [Shell scripting tip]<br /> Quick sed handy examples, when I read those examples I recall the logic, otherwise the theory confuses me. </b><br />
Replace password hash in shadow file, if you use -i it will replace in the original file, so be careful:<br />
<blockquote class="tr_bq">
<br />
sed -e '/^user:/s/:[^:]*:/:newpassword:/' /etc/shadow</blockquote>
<br />
Change the param value to 3 in sshd_config file
<br />
<blockquote class="tr_bq">
<br />
sed -i "s/\(\#MaxAuthTries.*\)/MaxAuthTries 3/g" /etc/ssh/sshd_config</blockquote>
<br />
Replace all digits
<br />
<blockquote class="tr_bq">
<br />
sed -e 's/[[:digit:]]//g'</blockquote>
<br />
Replace all other than digits (Use ^ to negate)
<br />
<blockquote class="tr_bq">
<br />
sed -e 's/[^[:digit:]]//g'</blockquote>
Replace all alpha-numeric<br />
<blockquote class="tr_bq">
<br />
sed -e 's/[[:alnum:]]//g'</blockquote>
Replace all other than alphanumeric (special chars) <br />
<blockquote class="tr_bq">
<br />
sed -e 's/[^[:alnum:]]//g'</blockquote>
<b>29. [Performance monitoring tip]<br /> Listing Apache httpd processes and threads. </b><br />
<blockquote class="tr_bq">
<br />
List httpd processes:<br />
ps -elf | grep httpd<br />
<br />
List httpd worker threads:<br />
ps -elfT | grep httpd</blockquote>
<br />
<br />
<b>30. [Shell scripting tip]<br /> Using readlink and dirname in shell scripts to get absolute path and directory name. </b><br />
<blockquote class="tr_bq">
<br />
If you want to read the absolute path for a file use: <br />
readlink -f <filename> <br />
$ readlink -f ./file.txt would return<br />
/home/file.txt<br /><br />
For only the directory: <br />
dirname <filename><br />
dirname /etc/passwd returns /etc</filename></filename></blockquote>
<b>31. [ Bash usage tip]<br /> Use CTRL-R to go through the history of commands.</b><br />
<blockquote class="tr_bq">
<br />
1. Ctrl-R and then type command, it gives the most recent one. Press Ctrl -R more times.<br />
2. Exit anytime using Ctrl-C<br />
3. Edit using arrow keys</blockquote>
</div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com2tag:blogger.com,1999:blog-6348799822268982633.post-54469466842680155022014-05-22T19:18:00.000+05:302014-10-18T18:43:29.990+05:30Linux: Compilation of 31 Bash tips and tricks - Part 1 (1-15)<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="tr_bq">
I thought I will start capturing all the personal favorite/useful/bombastic/flamboyant tips that I use frequently and that I forget regularly. Basically if I have to revise all my bash tricks, I would quickly walk over these tips that I collected over a period of time. BTW, I am adding the tips in parts, and I have added part 2 here:<br />
<a href="http://rhosted.blogspot.in/2014/05/linux-compilation-of-bash-tips-and_30.html">http://rhosted.blogspot.in/2014/05/linux-compilation-of-bash-tips-and_30.html</a></div>
<br />
These are picked
from various sources and usually are helpful to me in my day to day work, so you do not have to read the man pages everytime. I do not remember all the sources, so I will quote the source wherever I remember. If you know the source, please let me know.<br />
<br />
I know I have written it in a very clumsy way, without too much explaining of the underlying context and theory or any references. But I hope to make it beginner friendly.<br />
<br />
Differences between bash and sh:<br />
<br />
<a _mce_href="http://www.gnu.org/software/bash/manual/html_node/Major-Differences-From-The-Bourne-Shell.html" href="http://www.gnu.org/software/bash/manual/html_node/Major-Differences-From-The-Bourne-Shell.html">http://www.gnu.org/software/bash/manual/html_node/Major-Differences-From-The-Bourne-Shell.html</a><br />
<br />
Bash documentation home:<br />
<a _mce_href="http://www.gnu.org/software/bash/manual/html_node/index.html#SEC_Contents" href="http://www.gnu.org/software/bash/manual/html_node/index.html#SEC_Contents">http://www.gnu.org/software/bash/manual/html_node/index.html#SEC_Contents</a><br />
<br />
Here we go:<br />
<br />
<b>1. [Bash usage tip]<br /> Text navigation shortcuts (to make you look like a pro). </b>These shortcuts are pretty handy and save a lot of your time when you have remembered them. In the beginning I struggled, but later after some practice I find them very easy to use.:<br />
<br />
<blockquote>
<code class="jive-code">Ctrl - A --- Start<br />
Ctrl - E ---- End<br />
Ctrl - U ---- Cut before the cursor<br />
Ctrl - K ---- Cut after the cursor<br />
Ctrl - Y ---- Paste<br />
Ctrl - T ---- Swap chars before cursor<br />
Ctrl - W ---- Delete word left top the cursor<br />
Ctrl - L ---- Clean the screen<br />
Esc- f/Esc - Right arrow ---- Jump 1 word fwd<br />
Esc-b/Esc - Left arrow ---- Jump 1 word backward</code></blockquote>
<br />
<b>2. [Bash usage tip] <br />Delete Control M or crlf chars in a text file transferred from windows.</b> So basically when you transfer text files to and from a *Nix machine. The transfer tool auto-detects that it is a text file and performs an EOL conversion. However, this does not happen 'automatically' if you have explicitly set the transfer mode to "Binary", or your text files are inside a binary file like zip, or tar.gz.:<br />
<br />
<br />
When you try to execute a shell script having CRLF chars, you get an error of sort:
<br />
<blockquote class="tr_bq">
<code class="jive-code"> # ./shellscript.sh <br />
-bash: ./shellscript.sh: /bin/sh^M: bad interpreter: No such file or directory</code></blockquote>
You can remove them by the simple use of sed. However, the trick is to type in Ctrl-M character.
<br />
<blockquote class="tr_bq">
<code class="jive-code"> sed -i 's/^M//' <filename></code></blockquote>
<pre class="jive-pre"><code class="jive-code">
</code></pre>
Windows uses CR-LF (carriage and return) for line endings, while *nix uses only return (LF). Type Ctrl - m like this:<br />
<br />
<blockquote class="tr_bq">
<code class="jive-code"> Ctrl -V then Ctrl M.</code></blockquote>
<br />
Print/check for Ctrl M chars in a file using cat:<br />
<br />
<blockquote class="tr_bq">
<code class="jive-code"> cat -v <filename><br />
# cat -v shellscript.sh <br />
#!/bin/sh^M<br />
echo "Hello world!"^M</code></blockquote>
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
<b>3.[Bash usage tip] <br /> Quickly setting date and time:</b><br />
<blockquote class="tr_bq">
date -s "8 DEC 2013 18:30:00"</blockquote>
Errors: <i>date: invalid date"</i>
<br />
<b>4. [Bash usage tip]<br /> Size of a directory:</b><br />
<blockquote class="tr_bq">
du -sh /root <br />
17G /root</blockquote>
<br />
<b>5. [Bash usage tip]<br /> View ports tcp (t),udp (u) and LISTENing (l), along with their corresponding processes (p) and use numbers (n) (netstat hyphen TOO-LP-N):</b><br />
<blockquote class="tr_bq">
netstat -tulpn</blockquote>
<a href="http://2.bp.blogspot.com/-wNaWyWf2CNI/U39jsSXwcWI/AAAAAAAAbYo/HYoHxJnblTk/s1600/Capture.PNG" imageanchor="1"><img border="0" src="http://2.bp.blogspot.com/-wNaWyWf2CNI/U39jsSXwcWI/AAAAAAAAbYo/HYoHxJnblTk/s320/Capture.PNG" /></a>
<br />
<br />
<b>6. [Bash usage/Shell scripting tip]<br /> Cut a field correctly, by use of translate and squeez (tr) to squeez the tab/space formatting. e.g. the following returns the pid. </b>tr for translate and cut are very important tools for parsing a command line output. The -s option of tr followed by the whitespace character " ", squeezes the whitespace characters (including tabs) and reduces its occurrence to a single whitespace. If we do not use tr, then cut will have some problems identifying the correct field due to multiple occurrence of spaces and tabs.<b>:</b><br />
<blockquote class="tr_bq">
ps -ef | grep -i weblogic.name=adminserver | tr -s " " | cut -d" " -f2</blockquote>
<br />
<b>7. [Bash usage/Shell scripting tip]<br /> Redirect output to a file and to standard output at the same time using tee:</b> You wanted to save the output of netstat in a file using redirection operator '>' but at the same time wanted to see it on the screen. Use tee and |<br />
<blockquote class="tr_bq">
netstat -tnlp | tee aaa.txt</blockquote>
<br />
<b>8. [Shell scripting tip]<br /> Set -e file to exit upon error (useful in shell scripts):</b> This is quite useful if you have a shell script which has commands that depend on the success of the previous command. For e.g. login to ssh and read a remote file. Using set -e, would make sure that the script exits execution if any of the commands return an error.<br />
<blockquote class="tr_bq">
<br />
#!/bin/bash<br />
#Exit immediately if you see an error.<br />
set -e<br />
....</blockquote>
<br />
<b>9. [Shell scripting tip]<br /> Set -x to see debug output (useful in shell scripts):</b><br />
<blockquote class="tr_bq">
<br />
#!/bin/bash<br />
#Prints a lot of debugging output<br />
set -x<br />
....</blockquote>
<br />
<b>10. [Bash usage tip]<br /> Use screen to detach, reattach or share the terminal: </b> This will help you to run a command that runs overnight, disconnect the remote session and go home. Then come back later next day to re attach to the screen and see how it went. <br />
<blockquote class="tr_bq">
<br />
screen (to simply start a screen, see help for detailed options) <br />
Ctrl -D to detach from the screen<br />
screen -r to re attach<br />
screen -x to attach to an existing screen.</blockquote>
If you are unable to locate screen in your linux, perhaps you need to install it, which isnt very difficult.
<br />
<b>11. [Bash usage tip]<br /> Install open source xming from sourcefourge to setup XWindows display:</b><br />
You need this when you are running a program that requires a GUI window to be displayed, but if the display variable is not set correctly it fails to start the GUI screen.
<br />
For e.g. when you run the weblogic patch utility bsu.sh through putty or a remote terminal. You will get an error of sort:
<br />
<i>"No X11 DISPLAY variable was set, but this program performed an operation which requires it." </i>
<br />
<br />
I should write a separate article on how to setup Xming and display correctly with putty. I know I struggled a lot for the first time. :/ <br />
Here is some rough information on how it works: What basically happens is that when you install and start Xming on your windows box, it starts an X11 server which listens for incoming X11 information. Then on your remote linux prompt you set up the DISPLAY information to point to your windows box ip. After that when you start a GUI based program, the X11/GUI information is thrown to the ip set in DISPLAY and the listening server on your windows grabs it and displays the GUI to you.
<br />
<br />
And BTW, you can also avoid this problem by directly logging into the Desktop environment (if installed) in your linux machine through the console.
<br />
<blockquote class="tr_bq">
<br />
<a href="http://sourceforge.net/projects/xming/">http://sourceforge.net/projects/xming/</a></blockquote>
<br />
<b>12. [Bash/Linux usage tip]<br /> Setup a chrooted ssh sftp account. Yes, you can do it! (Tested on Suse) </b><br />
Add a user with a home directory:
<br />
<blockquote class="tr_bq">
<br />
useradd -d /home/bobuser -m bobuser</blockquote>
<blockquote class="tr_bq">
<br />
#Sftp/chroot Settings for bobuser in /etc/ssh/sshd_config<br />
#Change LogLevel to debug and check errors (if any) in /var/log/messages<br />
Subsystem sftp internal-sftp<br />
<br />
#Sftp/chroot Settings for bobuser<br />
Match User bobuser<br />
X11Forwarding no<br />
AllowTcpForwarding no<br />
ForceCommand internal-sftp<br />
ChrootDirectory /home/bobuser</blockquote>
Now restart the ssh service. And try connecting.
<br />
<blockquote class="tr_bq">
<br />
r00ter127:~ # service sshd restart<br />
Shutting down SSH daemon done<br />
Starting SSH daemon done<br />
r00ter127:~ # sftp bobuser@localhost<br />
Connecting to localhost...<br />
Password: <br />
Read from remote host localhost: Connection reset by peer<br />
Couldn't read packet: Connection reset by peer</blockquote>
Ouch..We need to read the errors in /var/log/messages, we had already set it to debug level. There are some requirements expected by the ssh daemon<br />
<blockquote class="tr_bq">
<br />
Jan 25 11:30:27 r00ter127 sshd[10220]: debug1: PAM: establishing credentials<br />
Jan 25 11:30:27 r00ter127 sshd[10220]: fatal: bad ownership or modes for chroot directory "/home/bobuser"</blockquote>
Set the ownership of the home and parent directories to root. That's a requirement.
chown root:root /home/bobuser
<br />
<blockquote class="tr_bq">
<br />
r00ter127:~ # sftp bobuser@localhost<br />
Connecting to localhost...<br />
Password: <br />
subsystem request failed on channel 0<br />
Couldn't read packet: Connection reset by peer</blockquote>
If you get the above error, then it means there is some problem invoking the sftp server. And the ssh logs are not very helpful in this regard. Make sure you are using the internal-sftp:
<br />
<blockquote class="tr_bq">
<br />
Subsystem sftp internal-sftp<br />
...<br />
ForceCommand internal-sftp</blockquote>
And then.. you are done.
<br />
<blockquote class="tr_bq">
<br />
r00ter127:~ # sftp bobuser@localhost<br />
Connecting to localhost...<br />
Password: <br />
sftp> pwd<br />
Remote working directory: /</blockquote>
<br />
<b>13. [Bash usage/Security tip] <br /> Audacious use of history to read a file, e.g. read the /etc/passwd file using history:</b><br />
<blockquote class="tr_bq">
<br />
history -r /etc/passwd<br />
history</blockquote>
<br />
<b>14.[Bash usage tip] <br /> Use 'which' and 'type' to differentiate if a command is a binary command or a shell builtin.:</b><br />
<blockquote class="tr_bq">
<br />
which history<br />
type history</blockquote>
<a href="http://2.bp.blogspot.com/-xCIZQ7nrdLQ/U39leXIhA2I/AAAAAAAAbY0/Qr3PdmcjyV8/s1600/Capture.PNG" imageanchor="1"><img border="0" src="http://2.bp.blogspot.com/-xCIZQ7nrdLQ/U39leXIhA2I/AAAAAAAAbY0/Qr3PdmcjyV8/s320/Capture.PNG" /></a>
<br />
<br />
<b>15. [Bash usage/Security tip]<br /> What is the hashing algorithm used in my /etc/shadow:</b> Well, this could be useful if someone asks you whats the hashing algorithm being used to secure the OS passwords. Higher the number, more secure the algorithm. This tip is incomplete actually. You must also know what algorithms are supported by your Linux distro, and how to change the algo to a stronger one. You will also have to change the passwords so that they are hashed with the new algorithm.<br />
<blockquote class="tr_bq">
<br />
$1 -> md5<br />
$2a -> Blowfish<br />
$5 -> Sha256<br />
$6 -> Sha512</blockquote>
<br />
Go to part 2:
<br />
<a href="http://rhosted.blogspot.in/2014/05/linux-compilation-of-bash-tips-and_30.html">http://rhosted.blogspot.in/2014/05/linux-compilation-of-bash-tips-and_30.html</a></div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com0tag:blogger.com,1999:blog-6348799822268982633.post-44261004170866880192014-02-18T14:15:00.000+05:302014-10-18T18:50:20.081+05:30Testing for HTTP TRACE PUT DELETE methods on web server using Nikto<div dir="ltr" style="text-align: left;" trbidi="on">
<h4>
Intro</h4>
Since I received useful feedback on the article on SSL
scanning tools. Here is another useful tool "nikto" that I use
frequently to check the common security related misconfigurations on my
Apache httpd web server. Basically a lot of times we try fixing a web
server for security problems, most of the times we are not sure if we
fixed the issue. Using a light weight scanner to quickly test your
results could be extremely useful as you dont want to wait for those
bulky Qualys and Nessus scan reports.<br />
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
Nikto
is a perl script and requires you to have a perl setup installed. It is
a web based vulnerability scanner that tests your web server for common
misconfigurations. Read more on its homepage.<br />
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
<h4>
Download</h4>
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
Get it from here:<br />
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
<a class="jive-link-external-small" href="http://cirt.net/nikto2">http://cirt.net/nikto2</a><br />
<h4>
</h4>
<h4>
Use cases</h4>
My favorite use of Nikto is to test three very important things on my web server:<br />
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
<ol>
<li style="text-align: start;">The <strong>HTTP methods</strong> that are allowed on my web server</li>
<li style="text-align: start;">Is <strong>directory listing</strong> enabled ?</li>
<li style="text-align: start;">How much <strong>information my server</strong> is revealing about itself, the version numbers, modules being loaded etc. </li>
</ol>
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
Short info on those 3 points:<br />
As
a short rule, you should not have methods other than HEAD/GET/POST and
OPTIONS allowed on your web server. Why? Because the other methods like
TRACE/PUT/DELETE etc are rarely used these days and it is a good
practice to turn them off. <br />
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
Directory listing is when the web server starts displaying the contents of a directory.<br />
<br />
Information revealed: Your web server might be reporting some
information to an attacker that could be of use for further attacks.
Like the following HTTP headers reveal that an Apache is running version
2.2.3 and the platform is RedHat linux.<br />
<br />
<blockquote class="tr_bq">
<code class="jive-code"><br />https://1x.xx.xx.xx/RSA-Crypto/<br />
GET /RSA-Crypto/ HTTP/1.1<br />
Host: 1x.xx.xx.xx<br />
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20100101 Firefox/21.0 <br />
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8<br />
Accept-Language: en-US,en;q=0.5<br />
Accept-Encoding: gzip, deflate <br />
Referer: https://1x.xx.xx.xx/ <br />
Connection: keep-alive<br />
<br />
HTTP/1.1 200 OK <br />
Date: Mon, 24 Jun 2013 04:01:47 GMT <br />
Server: Apache/2.2.3 (Red Hat) <br />
Content-Length: 1118 <br />
Connection: close <br />
Content-Type: text/html;charset=ISO-8859-1</code></blockquote>
<h4>
Trial Run</h4>
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
Now
suppose after enabling enough of security settings on your web server,
you quickly want to test how does it look from the outside:<br />
So you fire up Nikto:<br />
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
<blockquote class="tr_bq">
root@bt:/pentest/web/nikto# perl nikto.pl -host https://xx.xx.xx.xx<br />
- Nikto v2.1.4<br />
---------------------------------------------------------------------------<br />
+ Target IP: xx.xx.xx.xx<br />
+ Target Hostname: xx.xx.xx.xx<br />
+ Target Port: 443<br />
---------------------------------------------------------------------------<br />
+ SSL Info: Subject: /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain<br />
Ciphers: DHE-RSA-AES256-SHA<br />
Issuer: /C=--/ST=SomeState/L=SomeCity/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=localhost.localdomain/emailAddress=root@localhost.localdomain<br />
+ Start Time: 2013-06-22 10:36:12<br />
---------------------------------------------------------------------------<br />
+ Server: Apache/2.2.3 (Red Hat)<br />
+ OSVDB-3268: /: Directory indexing found.<br />
+ Hostname 'xx.xx.xx.xx' does not match certificate's CN 'localhost.localdomain/emailAddress=root@localhost.localdomain'<br />
+ Apache/2.2.3 appears to be outdated (current is at least Apache/2.2.17). Apache 1.3.42 (final release) and 2.0.64 are also current.<br />
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE<br />
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST<br />
+ OSVDB-3268: /./: Directory indexing found.<br />
+ OSVDB-3268: /?mod=node&nid=some_thing&op=view: Directory indexing found.<br />
+ OSVDB-3268: /?mod=some_thing&op=browse: Directory indexing found.<br />
+ /./: Appending '/./' to a directory allows indexing<br />
+ OSVDB-3268: //: Directory indexing found.<br />
+ //: Apache on Red Hat Linux release 9 reveals the root directory listing by default if there is no index page.<br />
+ OSVDB-3268: /?Open: Directory indexing found.<br />
+ OSVDB-3268: /?OpenServer: Directory indexing found.<br />
+ OSVDB-3268: /%2e/: Directory indexing found.<br />
+ OSVDB-576: /%2e/: Weblogic allows source code or directory listing, upgrade to v6.0 SP1 or higher. http://www.securityfocus.com/bid/2513.<br />
+ OSVDB-3268: /?mod=&op=browse: Directory indexing found.<br />
+ OSVDB-3268: /?sql_debug=1: Directory indexing found.</blockquote>
Check out the following lines:<br />
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
<span style="color: red; font-family: calibri,verdana,arial,sans-serif;"><strong>+ Server: Apache/2.2.3 (Red Hat)</strong></span><br />
<span style="color: red; font-family: calibri,verdana,arial,sans-serif;"><strong>+ OSVDB-3268: /: Directory indexing found.</strong></span><br />
<span style="font-family: calibri,verdana,arial,sans-serif;">+ Hostname 'xx.xx.xx.xx' does not match certificate's CN 'localhost.localdomain/emailAddress=root@localhost.localdomain'</span><br />
<span style="color: red; font-family: calibri,verdana,arial,sans-serif;"><strong>+
Apache/2.2.3 appears to be outdated (current is at least
Apache/2.2.17). Apache 1.3.42 (final release) and 2.0.64 are also
current.</strong></span><br />
<span style="color: red; font-family: calibri,verdana,arial,sans-serif;"><strong>+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE </strong></span><br />
<span style="color: red; font-family: calibri,verdana,arial,sans-serif;"><strong>+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST</strong></span><br />
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
<span style="color: red; font-family: calibri,verdana,arial,sans-serif;"><strong><br /></strong></span>
So
Nikto tells us that it found the directory listing enabled on this
server, it found an undesirable method enabled on this server i.e TRACE
and it tells us about the Apache version and its platform. It also tells
you are running a very old apache version and the latest available
version is 2.2.17.<br />
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
Now you are sure that the changes you placed in apache config worked or not.<br />
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
<strong>[Update++]</strong><br />
Want SSL support on Nikto?<br />
Use cpan to install SSLeay module in perl. I hope you already have perl installed.<br />
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
<code><span class="pln">cpan</span><span class="pun">[</span><span class="lit">5</span><span class="pun">]></span><span class="pln"> install </span><span class="typ">Net</span><span class="pun">::</span><span class="typ">SSLeay</span></code></div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com0tag:blogger.com,1999:blog-6348799822268982633.post-6451297176160564592014-02-18T14:08:00.000+05:302014-10-18T18:50:42.453+05:30SSL/TLS Cipher testing: Using SSLScan and ssl_tests<div dir="ltr" style="text-align: left;" trbidi="on">
I came to know about the following good tools to check the ciphers running on you SSL service and SSL vulnerabilities.<br />
Often
we have this situation where we have various SSL enabled services
running on the product, but we do not have a way of verifying the SSL
cipher quality.<br />
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
Use <strong>SSLScan</strong> and <strong>ssl_tests</strong>
to test for weak ciphers running on your SSL service. I tested it for
Apache httpd (443), tomcat (8443).<br />
ssl_tests
also tests for common SSL vulnerabilities like the SSL/TLS cipher
renegotiation. sslscan primarily does a brute force for Low, medium and
high grade ciphers and lists their status as 'Accepted' or 'Rejected'
depending on the SSL service's response.<br />
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
ssl_tests is a shell script that relies on the sslscan tool for making the checks.<br />
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
Compiling sslscan is generally easy and straight forward but in case you face errors like the one I faced:<br />
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
<blockquote class="tr_bq">
<code class="jive-code">gcc -g -Wall -lssl -o sslscan sslscan.c<br /> </code><code class="jive-code">sslscan.c: In function ‘getCertificate’:</code><code class="jive-code">sslscan.c:992: warning: implicit declaration of function ‘EC_KEY_print’</code><code class="jive-code">sslscan.c:992: error: ‘union <anonymous>’ has no member named ‘ec’</anonymous></code><code class="jive-code">sslscan.c:995: error: ‘union <anonymous>’ has no member named ‘ec’</anonymous></code><code class="jive-code">make: *** [all] Error 1</code></blockquote>
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
You
can tweak the source code to comment out the lines related to EC keys
in sslscan.c (most probably you wont be using EC keys) :<br />
<table><tbody>
<tr><td><br /></td><td>//EC_KEY_print(stdoutBIO, publicKey->pkey.ec, 6);</td></tr>
</tbody></table>
<table><tbody>
<tr><td>//</td><td>EC_KEY_print(fileBIO, publicKey->pkey.ec, 4);</td></tr>
</tbody></table>
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
Reference:<br />
<div style="height: 8pt; min-height: 8pt; padding: 0px;">
<br /></div>
<a class="jive-link-external-small" href="https://www.owasp.org/index.php/Testing_for_SSL-TLS_%28OWASP-CM-001%29">https://www.owasp.org/index.php/Testing_for_SSL-TLS_(OWASP-CM-001)</a></div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com0tag:blogger.com,1999:blog-6348799822268982633.post-13373879968909277072010-12-14T14:57:00.002+05:302014-10-18T18:51:19.718+05:30Mount an ntfs drive with read only permissions in Linux<div dir="ltr" style="text-align: left;" trbidi="on">
Say I have booted a Linux using Live cd or something, and I cant modify any windows file since the windows ntfs file system is in a read only mode. So this is how we can remount it in a read write mode:<br />
Commands:<br />
<blockquote class="tr_bq">
umount /mnt/hda1<br />
modprobe fuse<br />
ntfsmount /dev/hda1 /mnt/hda1<br />
mount</blockquote>
<br />
<span style="color: #000099;">Reference:</span><br />
<a href="http://backtrack.offensive-security.com/index.php?title=Howto:NTFS">http://backtrack.offensive-security.com/index.php?title=Howto:NTFS</a><br />
else find the google cache if the page is unavailable :(<br />
<a href="http://webcache.googleusercontent.com/search?q=cache:hzWgy5XSMucJ:backtrack.offensive-security.com/index.php%3Ftitle%3DHowto:NTFS+http://backtrack.offensive-security.com/index.php%3Ftitle%3DHowto:NTFS&cd=1&hl=en&ct=clnk&gl=in&client=firefox-a">http://webcache.googleusercontent.com/search?q=cache:hzWgy5XSMucJ:backtrack.offensive-security.com/index.php%3Ftitle%3DHowto:NTFS+http://backtrack.offensive-security.com/index.php%3Ftitle%3DHowto:NTFS&cd=1&hl=en&ct=clnk&gl=in&client=firefox-a</a></div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com0tag:blogger.com,1999:blog-6348799822268982633.post-51087971595367345022010-12-14T14:54:00.002+05:302014-05-24T10:03:01.613+05:30Commands to set network settings in Ubuntu<div dir="ltr" style="text-align: left;" trbidi="on">
<blockquote class="tr_bq">
ifconfig eth0 192.168.1.24 netmask 255.255.255.0
<br />
route add default gw 192.168.1.1
<br />
echo nameserver 192.168.1.10 > /etc/resolv.conf
<br />
ifconfig eth0 up</blockquote>
</div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com0tag:blogger.com,1999:blog-6348799822268982633.post-89629314759927612382010-06-08T21:05:00.016+05:302014-10-18T18:53:22.454+05:30Manual Removal of sguza.exe and shey.exe worms<div dir="ltr" style="text-align: left;" trbidi="on">
New malwares in town. Not much info available on Google.<br />
<br />
<blockquote class="tr_bq">
shell\open\command=muza\\\sguza.exe<br />
shell\open\command=carpet\\\shey.exe</blockquote>
<br />
<span style="color: #33ff33;"><span style="color: black;">Again my AV failed to recognize a malware, but when I saw autoruns and hidden folders named muza and carpet in my pen drive, I got suspicious. These files and folders are system files, so if you cant see them, then you need to go to Tools->Folder options->View and set the following settings:<br /><br />enable Show hidden files and folders<br />Hide protected operating system files.</span></span><a href="http://3.bp.blogspot.com/_e-VL6LAQQaw/TA7ookF8XDI/AAAAAAAAALg/G4KYdDzWYTI/s1600/img.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" src="http://3.bp.blogspot.com/_e-VL6LAQQaw/TA7ookF8XDI/AAAAAAAAALg/G4KYdDzWYTI/s400/img.png" id="BLOGGER_PHOTO_ID_5480573580137487410" style="cursor: pointer; display: block; height: 97px; margin: 0px auto 10px; text-align: center; width: 346px;" /></a><br />
<span style="color: #33ff33;"><br /><span style="color: black;">Malwares often attribute themselves as system and hidden to stay invisible.</span></span>Unfortunately Autoruns and Autoplay were enabled by default on my new system. And it popped the option of "action=Open folder to view files using Windows Explorer". Which could be misleading<br />
as I found the same action in autorun.inf as well. After inspecting the autorun.inf, I believe even if you right click and explore/open its copy gets executed. It has variants in the name of shey.exe and sguza.exe and moves through removable drives. Once its executed you cannot remove the autorun.inf or the hidden folders. I took the help of utility Handle (<span style="color: black;"><a href="http://technet.microsoft.com/en-us/sysinternals/bb896655.aspx">http://technet.microsoft.com/en-us/sysinternals/bb896655.aspx</a>) by Sysinternals to find out which app has opened the Autorun.inf.<br />Execute Handle.exe using command prompt and output the results to a text file. And search using CTRL-F for autorun.inf.</span><br />
<br />
<br />
<blockquote class="tr_bq">
explorer.exe pid: 540 administrator<br />
6E4: Section \BaseNamedObjects\MSCTF.MarshalInterface.FileMap.ECE.B.NMKKAD<br />
6F0: Section \BaseNamedObjects\MSCTF.Shared.SFM.ECE<br />
6F8: File (RWD) C:\Documents and Settings\lada\My Documents\Downloads<br />
700: File (---) E:\autorun.inf</blockquote>
<br />
And as always it was explorer.exe:<br />
which means the malware is using explorer.exe as a host.<br />
I killed and restarted explorer using task manager.<br />
<br />
Alternatively we can use Process Explorer (a tool by sysinternals, which is kindof an advanced Task manager) to inspect the explorer.exe and search for SHEY.EXE or other handles and then close them.<br />
Start process explorer and do a CTRL-F search for any handle with the names: SHEY.EXE, SGUZA,EXE, mrpky.exe 194.EXE, 21782259.EXE OR KITA375[1].EXE, OR autorun.inf:<br />
<br />
<a href="http://3.bp.blogspot.com/_e-VL6LAQQaw/TA-HFFCFtEI/AAAAAAAAALo/-2gXUbBb0r8/s1600/procexp.PNG" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" src="http://3.bp.blogspot.com/_e-VL6LAQQaw/TA-HFFCFtEI/AAAAAAAAALo/-2gXUbBb0r8/s400/procexp.PNG" id="BLOGGER_PHOTO_ID_5480747792853218370" style="cursor: pointer; display: block; height: 160px; margin: 0px auto 10px; text-align: center; width: 400px;" /></a><br />
Search for the file names.<a href="http://3.bp.blogspot.com/_e-VL6LAQQaw/TA-HGWKcE3I/AAAAAAAAAL4/dBgdxxZAPnA/s1600/4.PNG" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" src="http://3.bp.blogspot.com/_e-VL6LAQQaw/TA-HGWKcE3I/AAAAAAAAAL4/dBgdxxZAPnA/s400/4.PNG" id="BLOGGER_PHOTO_ID_5480747814631510898" style="cursor: pointer; display: block; height: 250px; margin: 0px auto 10px; text-align: center; width: 400px;" /></a><br />
<span style="color: #33ff33;"><span style="color: black;">If found, close those handles</span>.</span><br />
<br />
<a href="http://1.bp.blogspot.com/_e-VL6LAQQaw/TA-HF35wTTI/AAAAAAAAALw/lY1ZeJO6OH8/s1600/procexp2.PNG" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" src="http://1.bp.blogspot.com/_e-VL6LAQQaw/TA-HF35wTTI/AAAAAAAAALw/lY1ZeJO6OH8/s400/procexp2.PNG" id="BLOGGER_PHOTO_ID_5480747806508469554" style="cursor: pointer; display: block; height: 250px; margin: 0px auto 10px; text-align: center; width: 400px;" /></a><br />
After you kill the malware instance, using Proc Explorer OR by restarting explorer.exe, you will be able to delete the muzo and carpet and autorun.inf files.<br />
<br />
I deleted the autoruns and the hidden folders named muza and carpet.<br />
<span style="color: #33ff33;"><span style="color: black;">The next step was to clean the registry. So you search for all occurrences of shey.exe and sguza.exe and delete them. The malware may use some other names as well, which I found here:</span><br /><a href="http://www.prevx.com/filenames/X285138109880396664-X1/SHEY.EXE.html"><br />http://www.prevx.com/filenames/X285138109880396664-X1/SHEY.EXE.html</a><br /><br /><span style="color: black;">I found the malware still running inside the explorer with the name : </span></span>MRPKY.EXE<br />
This file is located in C:\Documents and Settings\your_username\Application Data<br />
<br />
Again searching the registry I found an entry in the WinLogon startups: (You may use Autorun and ProcessExplorer tools from Sysinternals for this)<br />
<br />
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman with a value of C:\Documents and Settings\username\Application Data\mrpky.exe<br />
<br />
So I deleted this registry entry and deleted the mrpky.exe as well. I searched for other names but as of now couldnt find any.<br />
<br />
<br />
I restarted my system, and I am not seeing any weird behavior as of now. If I insert a pen drive, it doesnt show any autorun.inf. Nor I am seeing any suspicious exe or dll in explorer. (using process explorer)<br />
<span style="color: #33ff33;"><span style="color: black;">Thats all for now.</span><br /><br /><span style="color: black;"><span style="font-weight: bold;">Summary:</span><br />1. If you cannot delete the hidden folder muza or carpet, then kill the explorer.exe using task manager and restart explorer.exe. This will kill the malware instance.<br />2. Now delete the hidden folders muza or carpet and then delete then autorun.inf as well from your removable drives.<br />3. Open registry and search for all keys containing sguza.exe or shey.exe and all other probable names here : </span></span><span style="color: black;"><a href="http://www.prevx.com/filenames/X285138109880396664-X1/SHEY.EXE.html">http://www.prevx.com/filenames/X285138109880396664-X1/SHEY.EXE.html</a> and delete them.<br />4. Disable autorun and autoplay.(use links section)<br />5. If at all, the malware still works then it suggests we missed a copy of it. So when you restart your computer, it will be executed again. But all the instances use explorer.exe as a host, so if you want to kill them, restart explorer. But any undeleted registry entry will restart the malware when you restart windows. That doesnt sound good, but we can wait for the AVs to create a tool or reverse engineer it for more details.</span><br />
Prevention tips:<br />
<span style="color: #33ff33;"><span style="color: black;">Disable autoruns and autoplay for all removable drives. <a href="http://support.microsoft.com/kb/967715">http://support.microsoft.com/kb/967715</a><br /><span style="font-weight: bold;">Update:<br />For more details about the malware, you can upload the exe on <a href="http://www.virustotal.com/">virustotal.com</a> which provides the AV detection results from various Anti Viruses.</span>Here are the results from the unpacked mrpky.exe:<span style="font-weight: bold;"><span style="font-weight: bold;"><span style="font-weight: bold;"><br /><a href="http://www.virustotal.com/analisis/c887b8c000b422f41a06dc36e0d2a9bf84f114520da0e08cb83dc07005446260-1276933820">http://www.virustotal.com/analisis/c887b8c000b422f41a06dc36e0d2a9bf84f114520da0e08cb83dc07005446260-1276933820</a></span></span></span>Links:<br />Handle by SysInternals: <a href="http://technet.microsoft.com/en-us/sysinternals/bb896655.aspx">http://technet.microsoft.com/en-us/sysinternals/bb896655.aspx</a><br />Turn off autoplay: <a href="http://support.microsoft.com/kb/967715">http://support.microsoft.com/kb/967715</a><br />VirusTotal: <a href="http://www.virustotal.com/">http://www.virustotal.com/</a></span></span></div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com10tag:blogger.com,1999:blog-6348799822268982633.post-67265597779519531572010-04-25T09:36:00.000+05:302014-10-18T18:51:35.935+05:30Getting root/administrator on a Windows XP<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-weight: bold;">Getting root/administrator on a Windows XP</span><br />
<span style="font-weight: bold;">*********************************************************************</span><br />
<br />
Well this is my old school trick, the Sticky keys hack. I kindof discovered (though I wasnt the first person to do it, but it was pretty less known hack a few years back) it years back, and I am surprised to see that it still works. This is not a one-click kiddie stuff, though its simple and easy.<br />
In the end, I will also show you how to stay STEALTHY and cover your tracks.(to some extent)<br />
<br />
Let me explain you the case precisely:<br />
You have a guest account or any other NON-ADMINISTRATOR account.<br />
And you want admin privileges. Naturally I assume, your admin doesnot want to share the admin password with you.<br />
<br />
There is ATLEAST ONE CONDITION for this hack to work (apart from this, I aint aware of any):<br />
Your non-admin account must have write permissions for the system32 directory. That is you should be able to write/modify any simple file in the system32 directory.<br />
Dont worry, we are not going to mess with the ugly SAM and SYSTEM files.<br />
Now I would like to explain some basic mechanics, if you are not interested you may skip it. But if you understand it, I believe you should be able to find many such hacks.<br />
<br />
<span style="font-weight: bold;">Basic mechanics:</span><br />
<span style="font-weight: bold;">***************************</span><br />
When a user logs in, and a process is executed, it runs generally with the privileges on the current user. So if you are the user named "Guest" and you run a firefox exe,<br />
in the task manager, under the process list you can see the username as "Guest" for the firefox exe. Now if no user is logged on, and a process is executed, then what will happen?<br />
Our best guess is that it would run with system privilege. So if you can find a file that runs/can be made to run before a user logs in, then it should do our dirty job.<br />
Sometimes it happens that certain softwares like to run their files before a user logs on. If somehow we could replace such files with our shell or any bat file, our dirty job<br />
could be done again :). But its not that easy. The shell is not necessarily executed as expected. Nevertheless, its a possibility. If you like to experiment you can try to find any such files. I ll let you know later, <br />
how to get a sample list of such files.<br />
<br />
<span style="font-weight: bold;">The Sticky keys Hack<br />**********************************</span><br />
There is something called Sticky keys in Windows XP. If you press SHIFT key >=5 times, a window should pop up,<br />
<br />
<span style="color: black;"><a href="http://2.bp.blogspot.com/_e-VL6LAQQaw/S9PCMcUvNhI/AAAAAAAAAKw/CrMfZiEXbzk/s1600/true.PNG" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" src="http://2.bp.blogspot.com/_e-VL6LAQQaw/S9PCMcUvNhI/AAAAAAAAAKw/CrMfZiEXbzk/s400/true.PNG" id="BLOGGER_PHOTO_ID_5463924291947935250" style="cursor: pointer; display: block; height: 167px; margin: 0px auto 10px; text-align: center; width: 400px;" /></a></span><br />
<sticky> if it doesnt, you can enable its shortcut through Control panel->Accessbility Options-> KeyBoard Tab, in the Sticky Keys group, click on Settings, under Keyboard shortcuts,</sticky><br />
check the setting for "Use shortcut". Good news is that you can enable it from a Guest account as well:<br />
<br />
<span style="color: black;"><a href="http://2.bp.blogspot.com/_e-VL6LAQQaw/S9PCpuFiHVI/AAAAAAAAAK4/ZiZPVgnjZdI/s1600/stickyOnShortcut.PNG" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" src="http://2.bp.blogspot.com/_e-VL6LAQQaw/S9PCpuFiHVI/AAAAAAAAAK4/ZiZPVgnjZdI/s400/stickyOnShortcut.PNG" id="BLOGGER_PHOTO_ID_5463924794932206930" style="cursor: pointer; display: block; height: 380px; margin: 0px auto 10px; text-align: center; width: 349px;" /></a></span><span style="color: black;"><a href="http://1.bp.blogspot.com/_e-VL6LAQQaw/S9PBjAITl1I/AAAAAAAAAKg/sqrBewM1aPw/s1600/stickyOn.PNG" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><br /></a></span><br />
<br />
Now if you press SHIFT >=5 times, the file responsible for firing this window is under system32 with the name sethc.exe<br />
<br />
You got it, take the backup of this sethc.exe and rename it to say sethc_original.exe. Now copy cmd.exe from system32 to somewhere and rename it as sethc.exe.<br />
Copy the new sethc.exe (which is in fact cmd.exe, our shell) in system32, and press yes, when it asks for the confirmation to overwrite.<br />
<br />
<span style="color: black;"><a href="http://2.bp.blogspot.com/_e-VL6LAQQaw/S9PCL1H9Y8I/AAAAAAAAAKo/v2v8vJ_T3RM/s1600/replaceConfirm.PNG" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" src="http://2.bp.blogspot.com/_e-VL6LAQQaw/S9PCL1H9Y8I/AAAAAAAAAKo/v2v8vJ_T3RM/s400/replaceConfirm.PNG" id="BLOGGER_PHOTO_ID_5463924281425355714" style="cursor: pointer; display: block; height: 246px; margin: 0px auto 10px; text-align: center; width: 400px;" /></a></span><br />
<br />
You can test by pressing SHIFT >=5 times, and you will see a command window being opened. Its not of much use since the privilege of this shell is the Guest or the <br />
no-admin only. <br />
(We cannot use the following commands from the Guest account,unless we have the admin/system privilege, if you try to do that, you will see an error of type:)<br />
<br />
<span style="color: black;"><a href="http://3.bp.blogspot.com/_e-VL6LAQQaw/S9PBiTm4oaI/AAAAAAAAAKI/ZBHNRw51-74/s1600/adminadderror.PNG" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" src="http://3.bp.blogspot.com/_e-VL6LAQQaw/S9PBiTm4oaI/AAAAAAAAAKI/ZBHNRw51-74/s400/adminadderror.PNG" id="BLOGGER_PHOTO_ID_5463923568053625250" style="cursor: pointer; display: block; height: 202px; margin: 0px auto 10px; text-align: center; width: 400px;" /></a></span><br />
To escalate the privilege, restart you windows, but do not login to any account. And when you are at the logon screen,<br />
press the SHIFT key>=5 times and boom, there you got you shell with SYSTEM privileges.<br />
<br />
Now you can add a new administrator account "hacked" with a password "hax0rpassw0rd" using the commands:<br />
<br />
<br />
net user hacked "hax0rpassw0rd" /add <br />
net localgroup administrators hacked /add<br />
<br />
<span style="color: black;"><a href="http://2.bp.blogspot.com/_e-VL6LAQQaw/S9PBin5CEyI/AAAAAAAAAKQ/2TDAT8-Ejfs/s1600/addtheAccounts.PNG" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" src="http://2.bp.blogspot.com/_e-VL6LAQQaw/S9PBin5CEyI/AAAAAAAAAKQ/2TDAT8-Ejfs/s400/addtheAccounts.PNG" id="BLOGGER_PHOTO_ID_5463923573498450722" style="cursor: pointer; display: block; height: 200px; margin: 0px auto 10px; text-align: center; width: 400px;" /></a></span><br />
<br />
And now you can logon to your new admin account now.<br />
You can also reset the administrator password, using the shell, but I wont recommend that for obvious reasons. Our job should be to stay as stealthy as possible.<br />
Just install your software and clear your tracks. Wwith this SYSTEM privilege shell you can also see the files that execute before a user logs in.<br />
Use the command tasklist for that and save the output in some file, for later viewing.<br />
<br />
<span style="font-weight: bold;">How to stay stealthy.</span><br />
<span style="font-weight: bold;">****************************</span><br />
Your new account can be easily seen in the Control Panel-> User accounts and in the My Computer in the form of documents as well. This isnt a good sign.<br />
<br />
<span style="color: black;"><a href="http://4.bp.blogspot.com/_e-VL6LAQQaw/S9PBiD4G9EI/AAAAAAAAAKA/7jpILTbVDvk/s1600/accountAdded.PNG" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" src="http://4.bp.blogspot.com/_e-VL6LAQQaw/S9PBiD4G9EI/AAAAAAAAAKA/7jpILTbVDvk/s400/accountAdded.PNG" id="BLOGGER_PHOTO_ID_5463923563830899778" style="cursor: pointer; display: block; height: 298px; margin: 0px auto 10px; text-align: center; width: 266px;" /></a></span><br />
But we can hide our account to a certain extent.<br />
<br />
Beware of the Registry, Dont mess around!<br />
Open the registry by regedit, and navigate to the Folder:<br />
HKEY_LOGON_MACHINE->Software->Microsoft->Windows NT->Current Version->WinLogon->SpecialAccounts->UserList<br />
<br />
Create a new DWORD value here, set the name as your newly added username, "hacked" in our example, and let the value be zero.<br />
<br />
<span style="color: black;"><a href="http://2.bp.blogspot.com/_e-VL6LAQQaw/S9PBi5fBFPI/AAAAAAAAAKY/zinErQGgXgo/s1600/registry2.PNG" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" src="http://2.bp.blogspot.com/_e-VL6LAQQaw/S9PBi5fBFPI/AAAAAAAAAKY/zinErQGgXgo/s400/registry2.PNG" id="BLOGGER_PHOTO_ID_5463923578221171954" style="cursor: pointer; display: block; height: 38px; margin: 0px auto 10px; text-align: center; width: 400px;" /></a></span><br />
<br />
This will stop the display of your user account in Control Panel->User accounts and in the My Computer documents.<br />
However for the expert eyes, your user directories can still be seen in "Documents and Settings" and through the command net user.<br />
So you may need to do some additional tasks, like removing your backdoor account entirely before leaving.</div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com7tag:blogger.com,1999:blog-6348799822268982633.post-90121796519798850792010-04-06T12:58:00.000+05:302014-10-18T18:55:58.570+05:30Crontab error "/bin/sh: root: command not found"<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
Today I struggled with making the crontab work on my system. I am using cron jobs for the first time. Although I always wanted to understand how it works, esp as I heard that they are good for periodic backups. But it was quite frustrating for me to make it work, especially if you prefer to google without reading the man pages thoroughly. Let me just explain what I was trying to achieve and how the error got resolved. Now I realize I could have saved a lot of time, had I read the man pages :(</div>
But sometimes we are in a hurry and we are not at all interested in understanding how things work, but in making it work as quickly as possible.
<br />
For those who want a quick look at resolution of this error I would say, check your cron syntax:<br />
1. If you are making changes in a local cron file using crontab -e, the job entry should contain 6 fields (not the username)<br />
like this:<br />
<blockquote class="tr_bq">
* * * * * /home/build_auto/echo.sh</blockquote>
<br />
A wrong entry like this: <br />
<blockquote class="tr_bq">
* * * * * root /home/build_auto/echo.sh</blockquote>
<br />
would cause cron to interpret "root" as a command.<br />
The syntax "* * * * * root /home/build_auto/echo.sh" is valid for system crontab file /etc/crontab.<br />
Most of the syntax related examples can be found by reading the man page for crontab files: <br />
<blockquote class="tr_bq">
man 5 crontab</blockquote>
<br />
<h4 style="text-align: left;">
<span style="font-weight: bold;">Creating a simple cron job to run a shell script</span></h4>
I am simply trying to create a cron job and which would execute a shell script for me at regular intervals. So first I read through a simple tutorial from where I learn about the basic syntax and the fields.<br />
Now for my simple cron job, I create a simple shell script which will output some data in another text file. And for simplicity I would like to run it every minute. (so that I can quickly confirm how it works) <br />
So here is my simple shell script which will append a string ("test") to another text file (test.txt)<br />
echo.sh
<br />
<blockquote class="tr_bq">
#!/bin/sh<br />
echo "test" >> /home/build_auto/test.txt</blockquote>
<br />
This way everytime the script echo.sh is executed, it will append a string "test" in a new line in test.txt. So when our cron job executes perfectly i.e. every minute, we see "test" in every new line.<br />
Say I save my echo.sh in a location : /home/build_auto/<br />
Now you can add a cron job at two places:<br />
1. In the system cron file /etc/crontab<br />
2. And in a new crontab file using the crontab command.<br />
This file is will be stored in /var/spool/cron with the same name as the username.
<br />
<br />
<h4 style="text-align: left;">
<span style="font-weight: bold;">Editing the System cron file /etc/crontab</span></h4>
This way is not advisable as you would be directly interfering with the system cron file which is required by cron daemon. Still if you would like to add an entry, open /etc/crontab in an editor and add an entry like this:<br />
<blockquote class="tr_bq">
* * * * * root /home/build_auto/echo.sh</blockquote>
<br />
There are seven fields seperated by spaces. For details on the fields read the man page.<br />
The first field is for minute, second for hour, third for day of month, month, day of week, user account which will be used for execution and command name which is the full path of our shell script.<br />
The *s indicate the job will be executed every minute, every hour and so on. Save the /etc/crontab and your job should execute every minute. There is no need to do any service restart.<br />
<br />
<h4 style="text-align: left;">
<span style="font-weight: bold;">Editing the user level crontab file using the crontab command</span></h4>
The other way is to create a new crontab file using the option -e (edit) with crontab, which is mostly meant for non-root users. This file will have the same name as the username and can be found at the location: /var/spool/cron<br />
<br />
The crontab syntax is similar to the previous one, except that instead of 7 fields, there are only 6. The username is not required. <br />
Create a new crontab file using the command:<br />
<blockquote class="tr_bq">
crontab -u root -e</blockquote>
or simply<br />
<br />
<blockquote class="tr_bq">
crontab -e</blockquote>
<br />
and add an entry like this:<br />
<blockquote class="tr_bq">
* * * * * /home/build_auto/echo.sh</blockquote>
<br />
Remember, no username here, the crontab command has already taken care of it through the -u option. (or through the current user if -u is omitted) Save the file and now your cron script should be executed every minute. Confirm your entry by listing down the crontab list for user root:<br />
<br />
<blockquote class="tr_bq">
99EP68903:/home/build_auto # crontab -u root -l<br />
# DO NOT EDIT THIS FILE - edit the master and reinstall.<br />
# (/tmp/crontab.XXXXosSNdV installed on Mon Apr 5 22:03:11 2010)<br />
# (Cron version V5.0 -- $Id: crontab.c,v 1.12 2004/01/23 18:56:42 vixie Exp $)<br />
* * * * * /home/build_auto/echo.sh</blockquote>
You can also see the same in the file /var/spool/cron/tabs/root.<br />
<br />
<br />
<h4 style="text-align: left;">
<span style="font-weight: bold;">Making mistakes</span></h4>
In case, as a noob you create an entry "* * * * * root /home/build_auto/echo.sh" using the crontab -e command, you will get mail error messages like this one:<br />
<br />
<blockquote class="tr_bq">
From root@linux.local Mon Apr 5 22:01:01 2010<br />
Return-Path: <br />
X-Original-To: root<br />
Delivered-To: root@linux.local<br />
Received: by linux.local (Postfix, from userid 0)<br />
id CC5ED320408; Mon, 5 Apr 2010 22:01:01 +0530 (IST)<br />
From: root@linux.local<br />
To: root@linux.local<br />
Subject: Cron <root ep68903=""> root /home/build_auto/echo.sh</root><br />
X-Cron-Env: <SHELL=/bin/sh><br />
X-Cron-Env: <HOME=/root><br />
X-Cron-Env:<PATH=/usr/bin:/bin><br />
X-Cron-Env: <LOGNAME=root><br />
X-Cron-Env: <USER=root><br />
Message-Id: <20100405163101.cc5ed320408@linux.local><br />
Date: Mon, 5 Apr 2010 22:01:01 +0530 (IST)<br />
Status: R<br />
<br />
/bin/sh: root: command not found</blockquote>
<br />
This can be misleading, and it can be easily misunderstood as if the cron is unable to locate /bin/sh. But in fact cron is trying to execute a command with the name "root", which does not exist.<br />
<br />
<br />
This is because cron expects a command in the sixth field.<br />
<br />
After a few minutes, upon successful executions of the cronjob the test.txt should look like:<br />
<br />
<blockquote class="tr_bq">
99EP68903:/home/build_auto # cat test.txt<br />
test<br />
test<br />
test<br />
test<br />
test<br />
test<br />
test</blockquote>
<br />
<br />
And one more thing, ensure that in your shell script the PATH of all files resolves to absolute path, any relative path like ./test.txt would resolve through the home directory of the user that is executing the cron job.<br />
<br />
<br />
<span style="font-weight: bold;">#end of post </span></div>
k3w13rhttp://www.blogger.com/profile/12416647679178002935noreply@blogger.com16