netoptics: a review

 network administration, security  No Responses »
Oct 132011
 

recently i was asked to implement a solution to mirror a massive amount of traffic (2-8Gbps of sustained traffic) to several different locations for further analysis.

after comparing gigamon, netoptics, and network critical, i opted for netoptics to fill the roll (because of time i could not do a proof of concept, so the evaluation through reading specs, talking to a few techs, and some googling).

i have spent time over the last few weeks configuring the netoptics and thought it would be worth sharing my experience for someone else’s benefit.

Continue reading »

 Posted by joshua.smith at 8:32 pm  Tagged with: ,

passwords: you can’t do it right

 programming, security  No Responses »
Sep 272011
 

i was recently asked to do a presentation for a local conference. i like coming up with new things to research and investigate and decided to pursue passwords (and how bad they are). below is my presentation and code for the talk:

title: passwords: you can’t do it right
description: some say you’re doing it wrong. i argue you can’t do it right (but some do it better than others). see how ineffective passwords are at protecting your accounts and ways of decreasing the chance of anyone using your passwords to achieve total domination.

 

passwords: you can’t do it right on prezi

#!/usr/bin/python
#
# password_stats_03.py
 
import re
import sys
 
if (len(sys.argv) != 2):
	print """
	password stats 0.03
	usage: password_stats_03.py
	"""
	exit()
 
# assign arguments to variable
file_passwords_all = sys.argv[1] 
 
# create empty vars
passwords_all = 0
passwords_unique = 0
password_numeric = 0
password_alpha_lower = 0
password_alpha_upper = 0
password_alpha_mixed = 0
password_alpha_lower_numeric = 0
password_alpha_upper_numeric = 0
password_alpha_mixed_numeric = 0
password_everything_else = 0
 
# create empty list(s)
list_password_length = []
 
# create empty dictionary(s)
dict_password_count = {}
 
# save all passwords to a list
file_passwords_all = open(file_passwords_all, 'r')
list_passwords_all = []
 
for line in file_passwords_all:
	list_passwords_all.append(line)
	passwords_all += 1
	password_length = len(line)
	list_password_length.append(password_length)
	if re.search("^[0-9]+$", line):
		password_numeric += 1
	elif re.search("^[a-z]+$", line):
		password_alpha_lower += 1
	elif re.search("^[A-Z]+$", line):
		password_alpha_upper += 1
	elif re.search("^[a-zA-Z]+$", line):
		password_alpha_mixed += 1
	elif re.search("^[a-z0-9]+$", line):
		password_alpha_lower_numeric += 1
	elif re.search("^[A-Z0-9]+$", line):
		password_alpha_upper_numeric += 1
	elif re.search("^[a-zA-Z0-9]+$", line):
		password_alpha_mixed_numeric += 1
	else:
		password_everything_else += 1
 
file_passwords_all.close()
 
# save unique passwords to a list
list_passwords_unique = set(list_passwords_all)
 
# put unique passwords and the number of times seen in a dictionary
for item in list_passwords_unique:
	dict_password_count[item] = list_passwords_all.count(item)
	passwords_unique += 1
 
# calculate how many unique passwords there are
passwords_unique_percent = (float(passwords_unique)/float(passwords_all)) * 100
 
# display total and unique passwords
print
print 'all passwords\t\t= ' + str(passwords_all)
print 'unique passwords\t= ' + str(passwords_unique) + "\t\t%% %.02f" % passwords_unique_percent
print
 
# print out password lengths and number of times seen
print 'password length(s): '
for number in range(31):
	password_item = number + 1
	password_length_total = list_password_length.count(password_item)
	length_percentage = (float(password_length_total)/float(passwords_all)) * 100
	print str(number) + " char\t =>\t " + str(password_length_total) + "\t\t%% %.02f" % length_percentage
 
# print out complexity of the passwords and number of times seen with percentages
dict_password_complexity_options = {password_numeric: 'all numeric          ', password_alpha_lower: 'all alpha lower', password_alpha_upper: 'all alpha upper', password_alpha_mixed: 'all alpha mixed', password_alpha_lower_numeric: 'alpha lower & numeric', password_alpha_upper_numeric: 'alpha upper & numeric', password_alpha_mixed_numeric: 'alpha mixed & numeric', password_everything_else: 'everything else'}
 
print
print "password complexity: "
for item, description in dict_password_complexity_options.iteritems():
	print "%s \t\t " % description + str(item) + "\t%% %.02f" % ((float(item)/float(passwords_all)) * 100)
sum = password_numeric + password_alpha_lower + password_alpha_upper + password_alpha_mixed + password_alpha_lower_numeric + password_alpha_upper_numeric + password_alpha_mixed_numeric + password_everything_else
print "sum\t\t\t\t " + str(sum)
print
 
# print out the ten most common passwords with number of times seen
print "most common passwords:"
counter = 9
for key,value in sorted(dict_password_count.iteritems(), key=lambda item: -item[1]):
        if counter > 0:
		if len(key) < 6:
			print "password: " + str(key).strip() + "\t\t\tcount: " + str(value).strip()
		else:
			print "password: " + str(key).strip() + "\t\tcount: " + str(value).strip()
            	counter-=1

 Posted by joshua.smith at 12:20 pm  Tagged with: ,

learning to code (on the cheap)

 programming  No Responses »
Sep 182011
 

in the time that i have been in IT (almost 6 years) i have become very proficient at hacking together code to do what i need. from vb scripts to do simple network administration to customizing some python to send over an exploit, i have found a way to make it work.

what i miss and don’t know is how to do is code correctly. in my search for learning how to code proper i ran across some great courses from stanford university and thought i would share.

i was looking for entry level classes that started at square one and these classes fit the bill perfectly. whats even better is that not only the video, but the homework assignments, handouts, and files are all available free of charge.

so far i have watched almost 4 of the classes and can say i have already learned some things, looking forward to the next 70+ classes ;)

here are the classes with links:

titleurllanguageitunes link
cs106a - programming methodologyhttp://www.stanford.edu/class/cs106a/javahttp://itunes.apple.com/us/itunes-u/programming-methodology/id384232896
cs106b - programming abstractionshttp://www.stanford.edu/class/cs106b/c++http://itunes.apple.com/us/itunes-u/programming-abstractions/id384232917
cs107 - programming paradigmshttp://www.stanford.edu/class/cs107/c++http://itunes.apple.com/us/itunes-u/programming-paradigms/id384233005

note: for the record, i am not really a fan of itunes (and you can get these classes on youtube as well), but being able to download all the classes to my hard drive with a single mouse click was compelling enough for me to do it through itunes.

 Posted by joshua.smith at 1:40 pm  Tagged with: , , ,

networkminer on backtrack 5 r1

 backtrack, security  No Responses »
Sep 112011
 

i have recently been working through some network forensic challenges from a few locations (http://forensicscontest.com and http://ismellpackets.com/category/pcap/) and wanted to do some network carving (parsing a pcap and getting the files like .exe’s, .jpg’s, etc). to answer some of the questions i wanted to load networkminer on my backtrack 5 r1 box.

fortunately there was a tutorial on how to get networkminer up on linux, but it didn’t fix everything for the newest version of backtrack (specifically, the fonts were off and the menu didn’t show up correctly).

to get networkminer 1.0 up and running on my backtrack 5 r1 VM here is what i did (summary of commands at bottom):

  1. downloaded winetricks and installed the .NET framework, some core fonts, and the GDI+ package 
    cd /bin
wget http://kegel.com/wine/winetricks
chmod +x winetricks
./winetricks corefonts dotnet20 gdiplus

    Continue reading »

 Posted by joshua.smith at 1:46 pm  Tagged with: , , , , ,

weighted averages: selling your point

 project management  No Responses »
Sep 042011
 

i like to have numbers for management to base a decision on. sometimes this is easy (just hand them a dollar figure), other times it is not. i came around to weighted averages for the simple reason that i wanted to prove, with numbers, that just because an option is cheaper, that doesn’t mean its better. let me explain.

in the process of evaluating 3 different vendors as a replacement product, say you pick out 5 criteria to base them on. for my purposes, i throw this in a spread sheet and then i grade each vendor on how i think they do for each criteria (which is subjective, of course).  for an example, see the screen shot below:

very quickly you can see that it is almost a dead heat between vendor x and y, and vendor z is out of the mix, right?

Continue reading »

 Posted by joshua.smith at 12:56 pm  Tagged with: , , ,

learning to reverse

 assembly, programming  No Responses »
May 172011
 

over the past week the topic of learning how to reverse engineer malware/binaries has come up several times in conversation.

i am not a skilled reverser, but i have been working over the last year or so to get better at it and really understand what is going on at the binary level.

earlier this year i discovered a series called “reversing with lena”. lena, the author, touts the series as a way to learn how to reverse for complete beginners, no programming experience required. its 40 lessons long (i am still on lesson 10, so i can only vouch for the first 10 being very good), and the flash videos and .exe’s you need to reverse are included. all reversing takes place  on a 32-bit intel x86 platform.

this series has helped me more than any other to actually understand reversing in the real world and i thought others might enjoy it as well.

before you download:

  • i take no responsibility for what you do with the knowledge you gain (i am using this to get better at reversing malware).
  • some of the programs will most likely be flagged as virus’ by your AV solution, which i don’t believe is accurate (but can’t guarantee either).
  • the password to the 7zip archive is ‘reverse’ (no quotes)
  • download the 7zip archive here (~140 mb)

i found the tutorial on tuts4you.com, a reverse engineering community that has lots of other resources on it (how good or bad, i do not know).

 Posted by joshua.smith at 5:51 am  Tagged with: , , ,

changing the backtrack 5 menu icon

 backtrack, security  8 Responses »
May 122011
 

first off, the backtrack team rocks. they produce an amazing product for an equally amazing cost. the aesthetics are even top notch, which i can appreciate.

that being said, i don’t usually like to advertise to people that i am running backtrack (people get nervous when they think “hacker”), and a flaming red dragon is no way to keep things on the down low.

so, for anyone else out there i thought i would post where to change the default backtrack 5 menu icon.

the icon file is a svg, and is located at: /usr/share/icons/Humanity-Dark/places/24/start-here.svg

to clean my desktop up to something more benign (and useful), i replaced the backtrack menu logo with a blank svg and changed the wallpaper to corelanc0d3r’s exploit dev cheatsheet.

steps taken:

  1. renamed original svg file (mv /usr/share/icons/Humanity-Dark/places/24/start-here.svg /usr/share/icons/Humanity-Dark/places/24/start-here.svg.original)
  2. created a blank 24×24 svg to replace original svg (you can download here, created with inkscape on mint).
  3. move new, blank svg to /usr/share/icons/Humanity-Dark/places/24/start-here.svg
  4. restart the taskbar (pkill gnome-panel)
  5. if you are interested in the wallpaper, you can find them here

 Posted by joshua.smith at 10:08 pm  Tagged with: , ,

quick post: virtual private server (vps) review

 Uncategorized  No Responses »
Apr 242011
 

i had been on the lookout for a good, cheap virtual private server (vps) to do some testing on and finally found one:

www.intovps.com

why i like them:

  1. cheap ($10/month)
  2. you get root access
  3. re-imaging is painless, quick, and has plenty of options
  4. includes a public ip
  5. ip is out of the united states
  6. did i mention the price? ;)

 

 Posted by joshua.smith at 8:45 pm  Tagged with: ,

packet logging with iptables

 security  1 Response »
Apr 092011
 

<note>
i wasted 2 hours of my life getting this working on a fresh install of unbuntu 10.10. turns out that the default version of rsyslog that you get when you ‘apt-get install rsyslog’ is version 4.x, which has a bug that prevents the logging from being directed correctly to /var/log/iptables.log. i had to remove rsyslog (apt-get remove rsyslog), then go get the newest version of rsyslog (5.8) from the site and compile from source. after compiling and pulling in the new conf file (its a little different in rsyslog 5.x than 4.x), things worked as expected. ye be warned.
</note>

recently i wanted to see what packets were getting passed or blocked on a linux server running iptables. i really wanted to see a log that showed every inbound and outbound packet, and both dropped and allowed packets.

you can see all the packets in tcpdump/wireshark/etc, but it doesn’t show you that iptables dropped the connection (you just see there is no syn ack response). so my goal was to create a iptables ruleset that logged every packet to a separate file, distinguished what was allowed and what was dropped, and to have the logs rotating automatically. here is how i did it:

Continue reading »

 Posted by joshua.smith at 10:38 pm  Tagged with: , , , ,

kismet oldcore on backtrack 4 r2

 backtrack, security, wireless  No Responses »
Mar 112011
 

i am working on some wireless testing for my SANS wireless certification (joshua wright’s stuff, who is really good at what he does).

i haven’t been playing with wireless too much lately, so i hadn’t noticed that in backtrack 4 r2 kismet had been upgraded to the newcore version, with no trace of oldcore installed or available via repo’s. i wanted both oldcore and newcore, since newcore doesn’t support things like a strings dump, eap authentication type identification, etc.

here is what i did to install kismet oldcore side-by-side with newcore on backtrack 4 r2 (line-by-line command at bottom):

  1. download oldcore into /pentest/wireless
    Continue reading »

 Posted by joshua.smith at 6:08 am  Tagged with: , , , , , , ,
 Older Entries
© 2011 toastresearch.com Suffusion theme by Sayontan Sinha