Friday, December 17, 2010

Odd Math.Round() behaviour in Mono (same as .NET?)

I had read on a forum somewhere that Math.Round() rounded to the closest even number. I mentioned this to the guys in #mosa and one mentioned that seems like it would be a bug, as it should go from 4.5 -> 5, rather than the (supposedly) expected 4.5 -> 4, with 4 being the closest even number. Another example is 9.5 -> 10 because 10 is the closest even number (9 is odd).

I wrote a simple method to test this.

using System;

namespace round_test
class MainClass
public static void Main (string[] args)
double x = 0d;

while (x < 5d)
Console.WriteLine("actual: " + x.ToString());
Console.WriteLine("rounded: " + Math.Round(x).ToString());

x += 0.1d;

The output using mono wasn't very consistent. For instance, 2.5 -> 3 while the rest of the n.5 -> closest even number to n (4.5 -> 4, 3.5 -> 4). (full output here). Odd behaviour, bug??

EDIT: It seems there are two types of rounding, explained on MSDN. The default is banker's rounding.

Thursday, December 9, 2010

Dark theme extension for Wikipedia

I spend a lot of time on wikipedia. A lot of times, to wind down the day, I will just get lost on wikipedia for an hour or two before bed. This is problematic though, because staring into a light bulb for a few hours (in a dark room) right before bed doesn't play well with trying to sleep. I found a neat script to darken the theme of wikipedia, but it hadn't been updated in a while and didn't quite work with the new theme they are using. I took about an hour today to get it running well enough for me, fixing some things the original author left out (like better link colors) and removing other fluff. The results are shown below:

If you would like to install the script (Greasemonkey, but just works on Chrome), click here.

Tuesday, December 7, 2010

Lost ticket revenue in Arlington, TX

The Court here in Arlington offers a (5671 page) PDF with all the arrest warrants in the city for unpaid tickets. It turns out our city is currently missing $56,594,788.04 in revenue for tickets not paid.

If you download the PDF, you can add up the totals yourself. Convert it to HTML using pdftohtml and run:

k=0;for i in `cat outstanding_warrantss.html | egrep -o '[0-9]{1,6}\.[0-9]{2,}'`; do k=`echo "$k+$i" | bc`; done; echo $k

All in all:

bperry@bperry-desktop:~/Downloads$ k=0;for i in `cat outstanding_warrantss.html | egrep -o '[0-9]{1,6}\.[0-9]{2,}'`; do k=`echo "$k+$i" | bc`; done; echo $k
bperry@bperry-desktop:~/Downloads$ time $(k=0;for i in `cat outstanding_warrantss.html | egrep -o '[0-9]{1,6}\.[0-9]{2,}'`; do k=`echo "$k+$i" | bc`; done; echo $k)
56594788.04: command not found

real 10m45.130s
user 0m8.470s
sys 1m43.170s

We need a Dog the Bounty Hunter. That is quite a bit of monies.

Wednesday, November 24, 2010

New appliances for network auto-assessment script available

I have uploaded the beta od-autoassess 10.10 virtual appliances (VirtualBox) and have made them available through torrents (preferred) as well. I am getting close to capping my monthly bandwidth (450gb a month, dang!), so please use one of the torrents if possible. Please test them and report any issues by contacting me (or let me know how awesome it is!).

These appliances are fully configured to run all aspects of the autoassessment script. These are beta releases, though I don't think much will change between these betas and any official release. Credentials are rooty/ytoor and you can `sudo su` from there to get root and run a scan (a proper scan should be in the bash history on each appliance, getting root and running through the history should bring it up). But if you are lazy, here is a full scan command:

sh /opt/od-autoassess/ --client="FooBarWidgets" --range= --start-openvassd \
--openvas-user="rooty" --openvas-pass="ytoor" \
--metasploit-sql-driver="mysql" --metasploit-sql-conn="root:toor@" \
--enable-wapiti --enable-w3af

Also, if you like the appliances, the script, or any of my other projects, maybe a donation is in order! I am working part time at Joe's Crab Shack to pay my server and tuition costs while attending school, and any help will be much appreciated!

Tuesday, November 16, 2010

Maths, pt1 and other news

I recently found a really awesome project, MOSA (Managed Operating System Alliance). I haven't had more fun hacking and breaking code in a long time. It's just really neat being able to write your operating system in C#.

One of my projects is building an operating system that performs floating-point arithmetic and fast fourier transforms as kind of a benchmark for the operating system/Ahead-Of-Time compiler. A few years ago, I ported John Walker's FBENCH to C# and I thought this would be an excellent candidate for the task. He also has a benchmark, FFBENCH (Fast-Fourier Transforms) which I plan on porting in the next few days as well.

The MOSA project, however, is quite young compared to other projects like it. It isn't very complete at all and isn't really useful yet. I plan on helping out with this a bit. For instance, I took the trig functions John Walker uses in FBENCH (he defined all the trig functions in case you didn't want to use math.h) and moved them over to C#. It wasn't terribly difficult, just a bit tedious. If you would like a copy of these methods, you may get them here. If all goes well and according to plan, these methods will go into Korlib, the core library MOSA uses for the OS.

I will be making a post in the next few days regarding the ports of the two math benchmarks to C#, and maybe even an image of my OS that can run in QEMU! A new release had been made of the benchmarks since I ported last, so this morning was spent porting the new FBENCH to C# and it is working quite dandily (is that a word?). FFBENCH should be even easier. There are a few tests I want to run regarding these benchmarks. Speed of Mono vs .NET arithmetically and the speed of using System.Math vs my methods. Hopefully I have some good results to show soon.

Also, in other news, the OpenVAS Build Repo has added a 10.10 repository for Ubuntu. I have been testing it on my network here with virtual machines strewn about the house and everything seems dandy! I highly recommend you check it out if you are interested. As soon as I get a bit more free time, I will be releasing two virtual appliances updated to run the od-autoassess script (x86 and x86_64) on Maverick with all the new features I have implemented in the script.

Adding the repository is easy, and you can follow my guide here (updated yesterday) to get a new VM up and running. If you find any problems, let me know!

Monday, November 8, 2010

Torrent for OpenDiagnostics live CD

I have just created and uploaded the torrent for the latest release of the OpenDiagnostics Live CD.

You can get it here, seeders much appreciated!

Sunday, November 7, 2010

Personal scripts for maintaining OpenDiagnostics Live CD

I am posting my scripts for maintaining my OpenDiagnostics Live CD so others can use them and add on to them as they see fit. Quite a while ago, I posted a fairly long shell script that I used to keep the ClamAV Live CD up-to-date with virus definitions, but the OpenDiagnostics Live CD is more comprehensive and a single script didn't make sense in my mind. If someone wants to modify them to locally update and modify a custom distro, feel free to take the scripts and edit them as you wish. If you come up with anything particularly neat, feel free to send me the code!

It is relatively easy to setup the project folder. The 'chroot' folder is just the filesystem.squashfs unsquashed. You can mount the ISO (
mount -o loop image.iso tmp/
) to create the image folder (just copy the contents of tmp/ to image/).

And without further ado, here are the scripts I use, in order from first-used to last-used:


sudo cp /etc/hosts chroot/etc/hosts
sudo cp /etc/resolv.conf chroot/etc/resolv.conf
#sudo cp /etc/apt/sources.list chroot/etc/apt/sources.list

sudo chroot chroot mount -t proc none /proc
sudo chroot chroot mount -t sysfs none /sys
sudo chroot chroot mount -t devpts none /dev/pts
sudo chroot chroot export HOME=/root
sudo chroot chroot export LC_ALL=C

sudo chroot chroot

After chrooting, you can do what you wish with the chroot, install any apps you wants, modify or uninstall apps, etc... -- clean up the chroot before remastering. This is run after modifying the chroot.


sudo chroot chroot apt-get clean

sudo chroot chroot rm -rf /tmp/*

sudo chroot chroot rm /etc/resolv.conf

sudo chroot chroot umount -lf /proc
sudo chroot chroot umount -lf /sys
sudo chroot chroot umount -lf /dev/pts -- Create a beta iso that you can test to make sure all your changes made were successful.


sudo chroot chroot dpkg-query -W --showformat='${Package} ${Version}\n' | tee image/casper/filesystem.manifest

sudo cp -v image/casper/filesystem.manifest image/casper/filesystem.manifest-desktop
REMOVE='ubiquity casper live-initramfs user-setup discover1 xresprobe os-prober libdebian-installer4'

for i in $REMOVE
sudo sed -i "/${i}/d" image/casper/filesystem.manifest-desktop

sudo rm image/casper/filesystem.squashfs
sudo mksquashfs chroot image/casper/filesystem.squashfs -e boot

sudo rm image/casper/filesystem.size
sudo printf $(sudo du -sx --block-size=1 chroot | cut -f1) > image/casper/filesystem.size

(cd image && find . -type f -print0 | xargs -0 md5sum | grep -v "\./md5sum.txt" > md5sum.txt)

cd image

sudo rm ../OpenDiagnostics_beta.iso
sudo mkisofs -r -V "OpenDiagnostics Live CD" -cache-inodes -J -l -b isolinux/isolinux.bin -c isolinux/ -no-emul-boot -boot-load-size 4 -boot-info-table -o ../OpenDiagnostics_beta.iso .

cd .. -- Finally, move your changes to stable and zip up the ISO for uploading.


rm OpenDiagnostics_stable.iso
mv OpenDiagnostics_beta.iso OpenDiagnostics_stable.iso
zip OpenDiagnostics_stable.iso

It would be pretty easy to setup a cron to automagically update your chroot and remaster the ISO every week, month, whatever. Hope this helps.

New OpenDiagnostics Live CD Release

Updated ClamAV, Metasploit, od-autoassess script, and did an apt-get upgrade.

Installed netrw, really neat/easy utility for transferring files between computers without dealing with S/FTP. Similar to netcat.

Updated List Of Notable Apps.

Also removed all the fluxbox styles but the default Debian style. Current ISO size is 421 MB.

You can get the latest ISO here. Torrent will be available when I get around to making one (sometime today as well). This may hit the planets before being fully uploaded to my server, so if no release is there, just wait a bit.

Saturday, November 6, 2010

Compiling wireplay on x86_64 machines

I found a really neat tool for software fuzzing and general debugging called wireplay a few days ago. I finally got around to trying it out today, but found out pretty quickly it doesn't work right out of the box! A few bugs kept me from compiling wireplay cleanly on my machine, so I am posting them here (after emailing the author of course) so others can maybe get it working as well.

Bug #1: The makefile will only work for x86 machines. You can fix this
by using this as your RUBYINC line in the makefile

RUBYINC := /usr/lib/ruby/1.8/$(shell uname -m)-linux

The current version hardcodes i486 which will not work on all
machines. This way it is more dynamic

Bug #2: libnids1.23 does not compile due to missing expression in
#elif in killtcp.c. You can fix it with the following

On line 121, change


#elif LIBNET_VER != 0

Thursday, October 28, 2010

Finding sensitive information from a drive or folder

A quick script for finding email addresses on a massive scale (for instance, on a drive).

#!/bin/env sh


find "$SEARCHPATH" -type f -print | while IFS=$"\n" read file
echo "\nSearching through $file..."

MATCHES=`strings "$file" | egrep '([[:alnum:]_.-]{1,64}+@[[:alnum:]_.-]{2,255}+?\.[[:alpha:].]{2,4})'`

if [ "$MATCHES" != "" ]
echo "---------------------------\nFound matches, beware false positives:"
echo "$MATCHES"

unset IFS

False positives are pretty much guaranteed (as long as binary files are on the file system). Most sensitive data follows patterns, so the regex is interchangeable with SSN's or anything else you need to find.

Some example output from running the script on /usr/src/...

Searching through /usr/src/linux-headers-2.6.35-22/include/xen/interface/sched.h...
Found matches, beware false positives:
* Copyright (c) 2005, Keir Fraser <>

Searching through /usr/src/linux-headers-2.6.35-22/include/xen/interface/version.h...
Found matches, beware false positives:
* Copyright (c) 2005, Nguyen Anh Quynh <>
* Copyright (c) 2005, Keir Fraser <>

Searching through /usr/src/linux-headers-2.6.35-22/include/xen/interface/physdev.h...

Searching through /usr/src/linux-headers-2.6.35-22/include/xen/interface/event_channel.h...

Searching through /usr/src/linux-headers-2.6.35-22/include/xen/interface/vcpu.h...
Found matches, beware false positives:
* Copyright (c) 2005, Keir Fraser <>

Searching through /usr/src/linux-headers-2.6.35-22/include/xen/interface/memory.h...
Found matches, beware false positives:
* Copyright (c) 2005, Keir Fraser <>

Searching through /usr/src/linux-headers-2.6.35-22/include/xen/interface/elfnote.h...

Searching through /usr/src/linux-headers-2.6.35-22/include/crypto/skcipher.h...
Found matches, beware false positives:
* Copyright (c) 2007 Herbert Xu <>

Searching through /usr/src/linux-headers-2.6.35-22/include/crypto/ctr.h...
Found matches, beware false positives:
* Copyright (c) 2007 Herbert Xu <>

Searching through /usr/src/linux-headers-2.6.35-22/include/crypto/compress.h...

Searching through /usr/src/linux-headers-2.6.35-22/include/crypto/algapi.h...
Found matches, beware false positives:
* Copyright (c) 2006 Herbert <>

Searching through /usr/src/linux-headers-2.6.35-22/include/crypto/hash.h...
Found matches, beware false positives:
* Copyright (c) 2008 Herbert Xu <>

Sunday, October 24, 2010

Sloped Steganography

I have been preparing for my MAT exams so that I can skip all the basic math classes and just start off my college math at Calculus, playing with graphs and such. I started thinking of ways that I could use this for a project I am working on, a small steganography kit.

Say you have a binary file that is 20 bytes long that you want to embed the message "Helloworld" (10 bytes, one byte per character) into it, in a way not so obvious to anyone but whom the message is intended for. We will divide both filesizes by 5 in this example for the size of our grid... The grid can be any size that is you can write an equation around.

[0][0][0][0][0] + [H][e][l][l][o]
[0][0][0][0][0] + [w][o][r][l][d]

We don't care about the binary file, it is the message that is important. If it just seems 'corrupted' by anyone else all the better.

Most of us will probably remember rise over run from elementary school. Treating each row in the message separately, we can insert the message using a slope evenly and easily into the binary file (using 1/1 and -1/1 for "world" and "Hello", respectively). With some trig thrown in, you can get some nice graph-like steganography:

\ /
/\ /\
/ \

Pardon the rough mockup. Hopefully it is easy to follow.

For the technicals, we assume that [w] is located at (0,0). Both y and x = 0. That gives us a y-max of 4 and an x-max of 5. Our 'Hello' row has its trough at (3,1) and its peak at both (0,4) and (5,4). Our 'world' row has its peak at (3,3) and its troughs at (0,0) and (0,5) . From this, we can derive an equation for each line and can piece together the message.

Of course, as the message/data to be hidden grows, the math can become more and more complicated, but the amount of stealthiness is only limited to your imagination.

Tuesday, October 19, 2010

Updated OpenDiagnostics Live CD

Took the beta release and added sslscan, arp-scan, and onesixtyone. Also updated metasploit to the latest development build (3.4.2 iirc), updated clamav, and did an upgrade through apt (no dist-upgrade). Moved it up to stable.

You can get it here.

Gentoo, useradd, and SSH

I had to create a user on a Gentoo box today for SSH, but after creating the user, he could not log in over SSH, it was very frustrating. It turns out the answer was simple, but not straight forward.

Not sure if this affects other versions of *nix, though I am sure it does.

useradd -m -p "password" user

That will not allow a user to login over ssh, you must use

passwd user

if you want your user logging in remotely. I am not sure what the distinction is between the -p argument in useradd and using passwd to assign a password to a user. Anyone know more about this?

Tuesday, October 5, 2010

Say hello

Say hello to the Global Dianetics Institute And Fellowship.

Sunday, October 3, 2010

Re-elect Jesus Christ, Vote For Rick Perry

For all you Texans out there, feel free to steal this from me and pass them out at a place of interest near you.

For more context of the quote of Rick Perry, click here.

Also, if you feel like making a ridiculous spectacle, join the Yes Men Challenge group and post your videos/results.

Thursday, September 30, 2010

Audible Manager on Ubuntu (requires patching/compilation of wine)

Apparently is working with open-source providers to give us a native Audible Manager for Linux. Recently, they released an Audible application for Android phones, so that seems like they are at least working with Linux in some form or fashion.

But I am impatient and don't like waiting for corporate bureaucracy to "fix" things that are broken. (How does that go again? Whatever cuts least into our bottomline...)

So, there is a patch proposed here that fixes the shortcoming (bug) in the API that wine had when dealing with SSL/TLS connections. Right off the bat, the patch does not work for the latest wine release (1.3.3). A little editing was required to patch the right files (dlls/wininet/internet.c iirc).

I fixed up the patch (which you can download by clicking here) so that after downloading the wine 1.3.3 tarball, I unpacked the tarball, patched, compiled, and indeed the patch works.

Specific commands used...

tar xjf wine-1.3.3.tar.bz2
cd wine-1.3.3/
patch -p0 < ../audible_wine-1.3.3.patch
./configure --prefix=$HOME/wine
make && make install

I did however need to get the wine dependencies from apt...

apt-get build-dep wine

Hope this helps others in the same boat as me! I hate waiting for companies to find time to appease the customers rather than making time.

Wednesday, September 29, 2010

Putting up posters and passing out flyers

I will be putting up posters and passing out flyers for both the March to Keep Fear Alive and the Rally to Restore Sanity at the University of Texas at Arlington.

Doing this from my own pocket, if anyone would like to support the effort, donating $10 gets us one more poster (who knows, maybe we can put some up around Arlington rather than just the University!).

So far I have enough cash for about 10 posters and hundred flyers or so. Please see my donation page if you would like to help!

Also, if you don't really want to help political stuffs (who wouldn't!) and you use any of my apps, maybe that's enough for a $10 donation (even though it will still go towards the posters and flyers).

Thanks to anyone that helps out! If you live in DFW and want to help out, feel free to get a hold of me through the comments or by contacting me.

Monday, September 27, 2010

Maverick (nmap 5.21) supported

If you get latest on the od-autoassess script, you will have support for nmap 5.21 on maverick, so you can use the script.

If you are running an older version (< 5.21), it will let you know you are running an older version of nmap, but it is just informational, it should not affect the script at all.

Saturday, September 25, 2010

nmap -sP output changes from 5.00 to 5.21

Currently the od-autoassess script will not run on maverick because the nmap outputs it's findings differently on 5.21 (on lucid, nmap is at 5.00).

I will work on this so that I can release another appliance (when maverick is released) fully configured for all the tasty features added since the last appliance

Friday, September 24, 2010

x86/x86_64 winexe binaries available

I have uploaded the x86 winexe binary, so now both the x86_64 and x86 binaries are available for download. I will look into making debs for them, but for now, binaries are just copied from the whole samba4 bin folder.

I also added the hydra debs because the will be optional later (kinda is now).

Thursday, September 23, 2010

The neat command I learned today

On Windows XP and up, you get a neat utility called msinfo32 that you can run to get system and software information. Going to look into getting this working with winexe and the autoassess script.

The command I have found best is `start msinfo32 /report info.txt /categories +systemsummary`.

In lesser news, I added a binary for x86_64 winexe to the downloads page in google code. Probably tomorrow I will build a x86 chroot and build an x86 winexe binary and upload it as well.

I have also been working on the new gui for the autoassess script, it is my first real application written in python (pyqt), so feel free to (constructively) criticize. No events are wired up yet outside of some test events.

Monday, September 20, 2010

RVM and Metasploit

If you are a ruby developer and haven't looked at rvm, you really need to. It is a very powerful tool in supporting applications across concurrent ruby installations.

The rvm developers have super easy scripts to install rvm. Recently, they released a system-wide script (before, it installed ruby to user-specific dirs ($HOME)).

As root:

bash < <( curl -L )
source /usr/local/rvm/script/rvm;

Once installed, you can install and use ruby 1.9.1 easily...

rvm install 1.9.1; rvm 1.9.1

If you also want 1.8.7 installed, replace all the 1.9.1 instances with 1.8.7.

Now, metasploit ships with it's own version of ruby. If you want metasploit to use the rvm version of ruby rather than it's shipped version, run the binary as an absolute path. You may alias the absolute path of msfconsole to 'msfconsole' to achieve the shorter command and to use rvm.

alias msfconsole='/opt/metasploit3/msf3/msfconsole -L'

(-L says use native readline rather than ruby readline, supposedly it is faster)

Using system:

root@acc-vulnerability:~# rvm system
root@acc-vulnerability:~# /opt/metasploit3/msf3/msfconsole

# # ###### ##### ## #### ##### # #### # #####
## ## # # # # # # # # # # # #
# ## # ##### # # # #### # # # # # # #
# # # # ###### # ##### # # # # #
# # # # # # # # # # # # # #
# # ###### # # # #### # ###### #### # #

=[ metasploit v3.4.2-dev [core:3.4 api:1.0]
+ -- --=[ 590 exploits - 302 auxiliary
+ -- --=[ 224 payloads - 27 encoders - 8 nops
=[ svn r10398 updated today (2010.09.20)

msf > ruby --version
[*] exec: ruby --version

ruby 1.8.7 (2010-01-10 patchlevel 249) [i486-linux]
msf > exit

Using shipped ruby:

root@acc-vulnerability:~# msfconsole

__. .__. .__. __.
_____ _____/ |______ ____________ | | ____ |__|/ |_
/ \_/ __ \ __\__ \ / ___/\____ \| | / _ \| \ __\
| Y Y \ ___/| | / __ \_\___ \ | |_> > |_( <_> ) || |
|__|_| /\___ >__| (____ /____ >| __/|____/\____/|__||__|
\/ \/ \/ \/ |__|

=[ metasploit v3.4.2-dev [core:3.4 api:1.0]
+ -- --=[ 590 exploits - 302 auxiliary
+ -- --=[ 224 payloads - 27 encoders - 8 nops
=[ svn r10398 updated today (2010.09.20)

msf > ruby --version
[*] exec: ruby --version

ruby 1.9.1p243 (2009-07-16) [i686-linux]
msf > exit

Using rvm instance of ruby:

root@acc-vulnerability:~# rvm 1.9.1
root@acc-vulnerability:~# /opt/metasploit3/msf3/msfconsole

| | _) |
__ `__ \ _ \ __| _` | __| __ \ | _ \ | __|
| | | __/ | ( |\__ \ | | | ( | | |
_| _| _|\___|\__|\__,_|____/ .__/ _|\___/ _|\__|

=[ metasploit v3.4.2-dev [core:3.4 api:1.0]
+ -- --=[ 590 exploits - 302 auxiliary
+ -- --=[ 224 payloads - 27 encoders - 8 nops
=[ svn r10398 updated today (2010.09.20)

msf > ruby --version
[*] exec: ruby --version

ruby 1.9.1p378 (2010-01-10 revision 26273) [i686-linux]
msf > exit

Sunday, September 12, 2010

Added MBSA support (and other experimental things) to autoassess script

Please use --enable-mbsa, --mbsa-user, --mbsa-pass, and --mbsa-remote-path to perform a remote MBSA scan of a host on your network. It's pretty quick, a few seconds hang time per host run on. The report is saved in the mbsa folder of the scan archive.

A neat thing I added the other day, when public shares are found on a computer, the script will try to get a file list for each file in the share. It's super quick, so I left it alone and it runs on every scan. If something comes up, I can make this an optional thing.

I have also added _some_ experimental hydra support to the script for protocols such as ftp, ssh, and pop3. Please look at the code to see how to enable it, I won't take any bugs reports or complaints on speed when having these enabled.

Another small thing I added was the ability to email the scan archive to email@address.tld when the scan was finished using a local smtp server such as sendmail. (see --send-to)

I removed the --zenity option, I will be writing a GUI that is better suited to the options I have been adding.

Not sure if I have mentioned this previously, but a --print option has been added to automagically print pdf reports to the default printer. This can be a bad thing as a lot of paper can be used.

Optionally, you may define all of your variables in the .od-autoassessrc file in the user's home dir who is running.

Finally, for an example, if you wanted to run a single-host profile (no vulnerability scans) with MBSA enabled, your scan could look like this:

root@bperry-laptop:/opt/scripts/od-autoassess# sh --client="Joe Badass" --single-host= --profile-only --enable-mbsa --mbsa-user=Test --mbsa-pass=password --mbsa-remote-path="C:\Program Files\Microsoft Baseline Security Analyzer 2\mbsacli.exe"

Creating scan folder -> ~/scans/Joe Badass-2010-09-12-14:50

Using in single-host scan...

Scanning individual hosts...

--Finding shared directories and drives...
--Trying to get file list for public share: C...
--Trying to get file list for public share: desktop...
--Running remote MBSA scan...
--Interesting port found: 139 NetBIOS Datagram Service
--Suspicious port found: 445 Nimda
--Interesting port found: 445 Microsoft-DS

Creating ZIP archive of scan...

Total time to analyze network:
0 minutes 57 seconds

Interesting port found on 139 NetBIOS Datagram Service
Suspicious port found on 445 Nimda
Interesting port found on 445 Microsoft-DS

Scanned 1 hosts in total in 0 m 57 s.


So, in under a minute, you can have a pretty extensive source of information for the host at hand even without vulnerability scans.

You can see the latest code here.

Saturday, September 11, 2010

Utilising the Microsoft Baseline Security Analyser remotely from Ubuntu

So, today one of my projects was to see if I could incorporate the Microsoft Baseline Security Analyser (MBSA) into the autoassess network script. Some of the options I thought about were running it in wine (doesn't work), running it remotely on the remote machine (works), running a remote scan from yet another dedicated remote server (kinda works, but not really).

I had to download winexe from sourceforge and compile it (not install it, ran it from the winexe/bin folder). It is a "clone" of psexec from the sysinternals suite.

So, onto the knitty-gritty. I first tried to use a remote server (virtual guest) to scan the remote machines. This would have been the second best (next to it just running in wine on the local Ubuntu machine), but alas, MBSA essentially segfaults with an invalid pointer for some reason...

bperry@bperry-laptop:~/Downloads/winexe-0.91/source4/bin$ ./winexe -U Test%password // "C:\Program Files\Microsoft Baseline Security Analyzer 2\mbsacli.exe /target /u admin /p password"
Microsoft Baseline Security Analyzer
Version 2.2 (2.2.2170.0)
(C) Copyright 2002-2010 Microsoft Corporation. All rights reserved.

An unexpected error has occurred. The operating system returned error message -2147467261 Invalid pointer


So, when I saw this, I lost most of my hope of having MBSA run remotely on the remote machine themselves. But, running MBSA on the actual server works! Removing the /target, /u, and /p switches outputs the report MBSA should print.

bperry@bperry-laptop:~/Downloads/winexe-0.91/source4/bin$ ./winexe -U Test%password // "C:\Program Files\Microsoft Baseline Security Analyzer 2\mbsacli.exe"
Microsoft Baseline Security Analyzer
Version 2.2 (2.2.2170.0)
(C) Copyright 2002-2010 Microsoft Corporation. All rights reserved.

Security assessment: Severe Risk
Computer name: GENERIC\TEST-8A3888C308
IP address:
Security report name: GENERIC - TEST-8A3888C308 (11-09-2010 12-02)
Scan date: 11/09/2010 12:02
Scanned with MBSA version: 2.2.2170.0
Catalog synchronization date:
Security update catalog: Microsoft Update

Security Updates Scan Results



I found this pretty neat, and will be adding support for running MBSA on the remote machine (if applicable) to the autoassessment script. This is a huge step in being able to make a judgement of host security by getting lists of patches and other things the computer both has and does not have installed.

One thing that really frustrated me, and hopefully this helps others who have this problem, but I had disable "Simple File Sharing" on the remote host in order to login remotely from Ubuntu or another Windows host.

Basically, go to My Computer -> Tools -> Folder Options -> View tab -> bottom of the list, uncheck Simple File Sharing. Click apply and the change should work instantly. No need to reboot.

If you get an error saying something about not being able to install winexe service or something, look at the --uninstall and --reinstall flags. (sorry if this got reposted to planets due to the update :-/)

Sunday, September 5, 2010

OD AutoAssess VirtualBox Appliance updated

Updated the VirtualBox appliance for the OpenDiagnostics Network AutoAssessment script.

Updated metasploit, od-autoassess, openvas definitions
Installed traceroute, smbclient, nbtscan

You can get it here.

See `sh /opt/od-autoassess/ --help` for new arguments and such. A lot of work has gone into the script since updating the last appliance.

ALSO: You can just use svn up /opt/metasploit3/msf3/ and /opt/od-autoassess/ on a current appliance and install the previously mentioned programs it now uses.

OpenDiagnostics Live CD beta release

Making this a beta release until next weekend as long as no bug reports are reported (or they are fixed by then).

Added w3af (dunno how I missed this!)
Added traceroute
Added smbclient
Added nbtscan
Added openvas-scanner (run openvas-nvt-sync to sync vulnerability database... but make sure you have the RAM or are using a thumb drive)
Updated ClamAV definitions
Updated metasploit
Updated od-autoassess

Monday, August 30, 2010

OD AutoAssess Network Script v0.1-beta

I have one bug left before I want to release a non-beta version, but if anyone can download the latest beta of the script here. Feel free to contact me if you find a bug or have a suggestion. Maybe you can fix the last bug I have open atm!

One change that you may need to install, traceroute is now run as well on hosts during the individual host scans. This is appended to the $HOST.nmap file.

USAGE: sh options

Example:#sh --client=joemama --range= --profile-only


--profile-only Only profile the network, run no vulnerability assessments and create no reports. Requires --client and --range or --zenity.
--zenity Get user information via zenity (GUI text fields) rather than as arguments. Ignores all other arguments when provided except --profile-only.
--client Name of the client whose network is being scanned.
--range IP range to be scanned.
--company-name Name that you would like the PDF reports created with.
--logo-path Path to the logo you want to customize reports with. Requires --company-name
--openvas-server IP address to a remote (or local) server for openvassd.
--openvas-port Port which openvassd will be listening on.
--openvas-user Username for openvassd server.
--openvas-pass Password for openvassd server.
--help Prints this help.

Monday, August 23, 2010

Added some small features

Added some small features to the OpenDiagnostics auto-assess script. A little better forensics, checks for common suspicious ports now and added a profile-only script (openvas/metasploit aren't run, only nmap and nikto). It is much faster, but only good for topological research.

New output is a bit more verbose will look similar to this...

Mapping network...

Scanning individual hosts...

  --Suspicious port found: 53 ADM worm, li0n, MscanWorm, MuSka52
  --Suspicious port found: 1234 KiLo, Ultors Trojan


In this example, 53 is a false-positive for my router (DNS). 1234 was `netcat -p 1234 -l` on my home server. Shouldn't catch most common ports like http/s, ftp, ssh, etc...

You can check out the latest source here.

Friday, August 20, 2010

Updated OpenDiagnostics Live CD and other news

Added puf
Added dsniff suite
Added od-autoassess script to /opt

Updated ClamAV and Metasploit

Removed some un-needed fluff, brought ISO down to 367mb.

You can get the CD here.

Also, added the network autoassessment scripts to and you can update it on the CD using svn up on the fly (but I will update it as it is needed on the CD).

Saturday, August 7, 2010


Leaving for QuakeCon Monday morning! Hope to see some neat people there, it's always a blast.

If you are in the DFW area, I highly recommend checking it out!

Saturday, July 31, 2010

OD AutoAssessment Server Tutorial (w/ VirtualBox Appliance!)

I wrote up a quick tutorial on getting the AutoAssess Network Script running on a fresh Ubuntu 10.04 install, and since, to verify everything, I used a virtual machine, I have made an easy to use appliance (and small! 600 MB). If you plan on running the appliance on Linux, you will need to fix the Sound/Audio setting to not use Windows DirectSound.

Credentials are rooty/ytoor, then you can `sudo su` from there to get root. Try setting up a cronjob and letting it run for a month, see what things might be creeping up. I think this would be great for a geek dad who likes to keep his home network secure.

The auto-assess script is in /root (you need to be root to run the script anyway).
The following is an example on how to run it:

sh local

'local' is the name of the location, or client, whomever, whatever. '' is the IP range of YOUR network (you can find this out with ifconfig).

A short explanation of the files generated during the scan.

*.nkt are nikto files (the output of running nikto on a host on the network. This is useful for NAS drives, printers, routers, many things you wouldn't suspect).

*.nmap are nmap files, the output of a portscan and OS detection of the host at hand.

*.msf is the entire metasploit session. The end of the file is most important, it tells you how many exploit sessions were able to be opened during the scan and the vulnerability that was used.

*.db is the sqlite3 DB metasploit generates when performing it's scan. I keep this DB strictly for record-keeping, in case I need to go back to my scans for any reason.

*.pdf are the PDF files generated for average person use... main.pdf is a general overview whereas IP specific PDFs go into detail about each host.

network_ips and included are both lists of IP addresses on your network (included does not have the scanner host). The script removes its host from the lists of things to be scanned because it is a foreign host only on the network during the scan (in most of my uses anyway). This can be fixed by making openvas-client and the for loops in the script use network_ips instead of included.

If you have any comments or suggestions, feel free to contact me!

Friday, July 30, 2010

OD AutoAssess Network Script

A few days ago, I posted a small bit on automating OpenVAS. I have written a small shell script that I use to automate (almost) full network testing and assessment. The reason I say almost is because you still need to go through the data collected to make sure nothing serious is up.

This script requires htmldoc, metasploit, openvas-client and -scanner, nmap, and zip. I have posted it to my random script and snippets page and will maintain it there, but posting here as well.

May not be perfect, my bash-fu is rusty. Some extra info, htmldoc is quite neat. You can actually specify a logo image to use if you want for your company adding '--header l --logoimage /path/to/logo.jpg'.

UPDATE: Updated code w/ svn repo here.

Saturday, July 24, 2010

SteganoSSH: A theoretical SSH client

How would this work? Obviously, it could work in many ways, here are just a few that would be pretty neat:

First Scenario: 2 streams, 2 ports

The client encrypts the stream through normal SSH means, then using predefined bit offsets, patterns, etc... the client splits the one SSH stream into two streams, lets say that mimic HTTPS and SFTP (ports 443 and 22 respectively, by default).

Both streams could mimic these streams with false header information and junk data, and both being encrypted, any prying 3rd-parties would not be able to say "Oh hey, that stream looks funky".

The server, being configured with the correct bit offsets, patterns, etc would be listening on ports 443 and 22 respectively, would piece the puzzle back together, then hand it off to standard SSH doings.

This would be the more secure out of the two scenarios.

Second Scenario: 1 stream 1 port

The client merely mimics a well known protocol (HTTP/S, S/FTP). Any will do and the server would be able to be configured to strip the fake headers from any stream being sent through the port being listened on.

This would be the easiest, and probably most used.

Saturday, July 17, 2010

Added hydra/metasploit to OpenDiagnostics Live CD (removed some bloat as well)

Added latest metasploit to /opt/metasploit. Start with 'msfconsole'.

Added hydra/xhydra. You can start fluxbox with 'startx' to use any of the GUI tools (wireshark,, xhydra, hardinfo, etc...)

You can get the latest release here (384 MB).

I also updated the list of notable apps.

Friday, July 16, 2010

Hydra ubuntu builds (with xhydra)

I was made aware of a nice app today that tries to figure out logons for certain services (by checking default and weak user/pass). I couldn't find any deb builds, so using checkinstall, I made two builds, one for x86 in a chroot, one for amd64 on the host. I didn't realise until today I have no x86 machines in my apt.

I am not sure if checkinstall does packages the way they should be done for PPAs, but if a checkinstall deb meets up to the standard (and with a bit of guidance), I wouldn't mind maintaining a PPA for these guys.

Homepage for source code:

Any help is appreciated!

You can get the debs here for the time being:

EFF Fights To Allow People To Comment Anonymously Online

This is a serious issue! No one owns the internet, don't let this happen!

Tuesday, July 13, 2010

Updated OpenDiagnostics Live CD

Updated to Lucid, should fix kernel mismatch issues.
Added openvas-client with the ability to install openvas-scanner v3 from OpenSuse Build service
Added nikto
Added sqlmap
Added to /opt with a common hosts.txt for a wordlist
Added (english) wordlists for john into /opt/wordlists
Updated ClamAV to 0.96.1

Added nmap, got removed some how.
Added unzip/zip
Added wicd
Added filerunner
Fixed background issue in fluxbox
Added galleta

Removed openssh-server. You can install it if you want to.

You can get it at

Sunday, July 11, 2010

Automating openVAS 3

There are many reasons a systems admin would want to automate vulnerability scanning, but I won't go into them here. This is just how I have found it easiest. Use nmap to get all the ips on our network like so:

nmap -sP | grep ^Host | sed 's/Host //g' | cut -d " " -f1 > ips

Then, you can use your openvas server in batch mode

openvas-client -q 9390 user pass ips "report-`date`.html" -T html

viola, set a cron job and you are good to go. Maybe you would then cat the report through sendmail to yourself or move it to another server.

Saturday, June 26, 2010

Hi DHS, I'm Brandon

bar*, cure, employ*, agreement*, draft*, repo*, repurchase, fed, risk*, expos*, *liquid* caution or concern or increase or toxic or outsized or significant, downgrade*, reduce*, write*, effect*, cash, sweep*, haircut, negotiate*, need*, strongly disagree, can't or cannot or shouldn't or should not or won't or will not w/5 discuss or "talk about" w/5 email, e-mail, or computer or should w/5 discuss or talk w/5 phone or "in person", cannot believe, serious trouble, big trouble, unsalvageable, shocked, speechless, too late, uncomfortable, not comfortable, I don't think we should, *sensitive, *confidential, do not share this, don't share this, between you and me, just between us.

Remember, this is just between us.


Sunday, June 6, 2010

Open and easy repair for all!

I have created #opendiagnostics on if you use the CD or any of my other apps or are looking for a channel to help aid in repairing and diagnosing computer problems. I have always wanted a central channel for people who are willing to help other fix and repair problems in general, not for a specific app, and ask questions themselves when they need help. I also find that IRC can be far more helpful than forums when a quick fix is needed.

So if you enjoy computer repair and are looking for an IRC resource whose purpose is helping others diagnose and fix computers, come on in and join :-).

Thursday, May 27, 2010

On passwords (or passphrases)

I read this article trying to justify having a password file storing all of the rest of your sensitive information. I think the author is completely wrong.

I have a system of password templates for specific tasks being done by the password. If the password is being used to complete an administrative task, I have a template (I actually call it a passphrase). For general tasks requiring a password, I have a specific password template.

For instance, l3t_m3_1n_$sitename (template isn't real, just for showing purposes) would be a fairly legitimate passphrase, replacing $sitename with a word that describes the website at hand (maybe the site name, maybe the site topic). If you subscribed to the wall street journal's website, your passphrase may be l3t_m3_1n_wsj. If you were an admin for wall street journal, you may use the template l3t_m3_adm1n_wsj.

With this system, your password will be different for each website you use, thoroughly complex enough keep the passphrase from being cracked, and the templates themselves don't change, so what you remember is far less than what the password itself is.

The only nuance I have found is that not all websites allow the same characters in passwords, which does get annoying.

Tuesday, May 25, 2010

According to Google... Phillipines search The Constitution more than the USA

The primary language searched in (afaict) is Tagalog then English, but Salt Lake City, UT is the #1 city, followed by Washington, DC.

Interesting stuff.

Monday, May 17, 2010

I am not second

I am helping with a new website. Please check it out.

Saturday, May 8, 2010

Trees in low-gravity: Colonizing another planet is harder work than you think.

The gravity on Mars is 38% that of here on Earth. Think about the great redwoods here on Earth, that survive for maybe even thousands of years. They grow to enormous heights that really makes a person far more humble while in the presence of these trees.

But what would happen if we tried to grow great redwoods on Mars. I think it would be incredibly difficult. We think that the trees are large now, but they could very well grow up into the little atmosphere Mars has. We could say, then, that the trees would be 62% larger than they are here on Earth. I doubt this is true, but for arguments sake, it is plausible.

There is no way the trees would be able to survive such a drastic change in size. The trees would snap because the fibers of the tree will have been stretched beyond anything on Earth could have done. We would require decades of cultivation, just to grow a sustainable trees. Very much like how Cannabis cultivation over the past 20 or so years has yielded higher and higher THC levels because of cultivation.

How can we get around the problem of less tensile strength in the tree fibers so that we may skip the decades of cultivation, just to find, and possibly even "create" trees that are sustainable on Mars?

Look to the oceans :-). Plants have learned to live in environments where changes in gravity have played a key role how the plant grew and evolved over time. I can imagine on Mars, buildings whose sole purpose is to house algae. Rows upon rows upon rows of algae, feeding on carbon dioxide. The change in gravity may affect the algae, but not anywhere near how it would affect traditional plants such as trees or flowers.

So, NASA, send me to Mars. I want to help.

Friday, May 7, 2010

System76 info?

I will be starting college next semester and am looking for a laptop. I am seriously considering a system76 machine, but one thing is holding me up. Maybe someone can clarify.

My main concern is that the machine only works with the version of ubuntu that is on it. If I try and upgrade, bits and pieces won't work. Is this a legitimate concern? I would be getting one of the more powerful laptops as code will be being written on it.

Thursday, May 6, 2010

Why this stock market drop really does suck: A lesson on stop-loss orders

I think most people won't understand (or even know of!) exactly how bad the stock market drop today was in terms of the general economy.

Many people use what are called stop-loss orders. Basically, they are rules that say "If a stock goes down to this price, automagically sell it.". There were a few stocks that were quite popular that either traded at incredibly low prices, or even at 0. I think P&G, 3M, and Accenture were mentioned? This means, that if anyone had stop loss orders for any of the stocks at the time these stocks so drastically dropped, they just lost that money. It's gone, you can't get it back. This is the stock market.

I am not sure if hedge fund managers using stop-loss orders is common practice, but these hedge funds can be massive.

I am sure that a lot of money in our economy simply vanished today. And not to mention other countries investing in this country for protection from theirs.

Cannot get mod_rewrite to work with drupal 6 on LAMP

I have been battling apache for the past few days trying to enable Clean URL's in Drupal using mod_rewrite. IT just won't work. I can't seem to get drupal to want to allow me to enable clean urls.

root@VolatileMinds:/var/www# apache2ctl -M
Loaded Modules:
 core_module (static)
 log_config_module (static)
 logio_module (static)
 mpm_prefork_module (static)
 http_module (static)
 so_module (static)
 actions_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_file_module (shared)
 authz_default_module (shared)
 authz_groupfile_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 cgi_module (shared)
 dav_module (shared)
 dav_svn_module (shared)
 authz_svn_module (shared)
 dir_module (shared)
 env_module (shared)
 include_module (shared)
 mime_module (shared)
 negotiation_module (shared)
 php5_module (shared)
 proxy_html_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 ssl_module (shared)
 status_module (shared)
 suexec_module (shared)
Syntax OK

The module is indeed being loaded properly, but Drupal always tells me there is something wrong with my configuration for apache and never allows me to enable clean urls.

Any thoughts on this? Has anyone run into this before?

EDIT: I got it! the .htaccess had a RewriteBase of /drupal5. It needed to be just /.

Sunday, May 2, 2010

Dark space

We have dark energy and dark matter. Can we not have dark space (assuming space is merely a medium for information storage, it may be just a lack of information)? Would light behave differently in "dark space" than it would our perceived space? Maybe quasars emit "dark space" allowing the light to travel at a speed in which time dilation seems to disappear.

Monday, April 26, 2010

How much can I learn about you while you browse CNN?

Generally, I get my news from three sources: BBC, CNN, and Digg (oh well, not all news :-P). Today, I had a very nasty surprise when I went to CNN.

A list of my friend's facebook statuses and "groups" people had liked related to the content on the CNN homepage. Every time I refreshed the page, the groups and statuses changed. This disturbs me for two reasons that I hope don't sound absolutely crazy.

The first reason: If a person is listening over your network with something like wireshark, he now has a list of people you know just after a few page clicks. He can look these people up on facebook and get a lot of information on you just with that. Maybe a mandatory HTTPS:// on any site consuming the facebook api in the way is the way to go?

The second reason: Does this adhere to the privacy settings I set? or does this adhere to the friends who can see me when logged in? If my statuses are being sent onto a web site like that, that would make me incredibly uncomfortable.

I have gone to great lengths to make sure what I put on face book stays on facebook. These gadgets are poking up everywhere, and simple javascript exploits could gather this data, let alone trojans, activex controls, or rogue BHO's.

Am I just being too paranoid?

And just FYI: If you ever need any info on people, it's scary how much info you can get from facebook not even being their friend.

EDIT: Ok, I did some research using wireshark. I was successfully able to capture my Facebook integer ID that they used before we all had 'usernames' and find myself. Not only that, but it was my whole facebook cookie.

Sunday, April 25, 2010

Counting words while watching a video

So, a friend of mine asked for some help on a statistics assignment in which he counted the amount of times any given word was said during a movie. He asked if I could write up an app that would help him do this fairly easily, so I said sure.

It took me about an hour and a half to get it written and the bugs worked out and then he decided it was taking too long and just started doing it by hand, and didn't tell me about it while I still worked on it.

Whatever. Maybe someone else can find it useful.

The video won't show up in the picture, but it plays anything windows media player can play.

While watching the video, pressing 'r' will record a time for the word being recorded, rather than having to sit with the mouse or keep the focus on the record button. In the end, it spits out a result as such (per friends specifications):

The compiled executable is

The source code is here.

Have fun counting words now! If anyone actually wants this for linux, I could look into porting it to GTK and gstreamer.

Friday, April 16, 2010

FtpWebRequest uploading

This may be obvious to some people but WebRequestMethods.File.UploadFile is not the same as WebRequestMethods.Ftp.UploadFile.

If you keep getting an error trying to upload the file along the lines of 'This method is not supported', make sure you are using the correct request method.

Sunday, April 11, 2010

Stupid IE password box behavior

If you have special characters in your password like most good passwords should, and you type your password (with special chars) into a textbox in password mode and use ctrl+bkspc to clear the password, it will give you the location of the special chars in the password box.

I consider this a gigantic security flaw and is pretty terrible. I have only found this behavior in IE. Is this known? I seem to remember running into this for years.


for example, try this

go to gmail in IE

focus on the password box and type "password" (no quotes) and then hit ctrl+bkspc

then do the same for 'pass/word' (no quote)

Saturday, April 3, 2010

On Optimization

A few days ago, I became curious about a problem. It wasn't necessarily my problem, but it had been something I'd encountered throughout the past few years I guess. This time around, it was dealing with file path manipulation, so I decided to think of every way I'd seen file path manipulation done and check the speed, GC, and RAM usage throughout each test and see which method was fastest and less RAM dependent. I am not claiming these tests are thorough or even accurate, but the results are interesting. One thing I noticed was that it didn't matter what test was ran first, it always had a large gap in the RAM and GC usage, so I assume it has to do with loading dependent libraries and them being cached in later methods. This recreated every file path on my windows partition (/windows) since I knew I wouldn't get any permission errors.

The main lines in the code that I was testing are the following:

string fileName = d + dirSeparator + info.Name; //dirSeparator is defined once at the beginning of the method.
string fileName = d + "/" + info.Name; 
string fileName = d + Path.DirectorySeparatorChar + info.Name;
string fileName = Path.Combine(d, info.Name);

And the results:

bperry@bperry-desktop:~/Projects/PathingSpeedTest/PathingSpeedTest/bin/Release$ mono PathingSpeedTest.exe 
Building cache...

Starting escape from outside iterations...
Took 23 seconds
Most RAM: 78932kb (Started with 78800kb)
Most GC: 620kb (Started with 604kb)

Starting escape from inside iterations...
Took 29 seconds
Most RAM: 78828kb (Started with 78828kb)
Most GC: 616kb (Started with 612kb)

Starting environment escape...
Took 29 seconds
Most RAM: 78828kb (Started with 78828kb)
Most GC: 632kb (Started with 600kb)

Starting Path.Combine() test...
Took 29 seconds
Most RAM: 78828kb (Started with 78828kb)
Most GC: 616kb (Started with 612kb)


May not be the best way to test this, so I am open to suggestions. Source code is here (is monodevelop, so not sure if it will open in VS).

Tuesday, February 23, 2010

updated portage on gentoo 2008

eselect-news blocking portage from updating?

Instead, remove eselect-news and just emerge portage.

Thursday, February 18, 2010

Intrepid has old squashfs!

Didn't know this! but fixed now on the server. Was why the script was failing. 4.0 on karmic whereas intrepid has 3.7.

Saturday, February 13, 2010

Little peak at my latest project

Keeps all my apps handy and up to date whenever I need them :-)! Hopefully soon I will release it into the market. Saves the apps to the SD card atm so you can just mount the phone and go.

Sunday, February 7, 2010

CD image fixed on server

For most of this week it appears that the OpenDiagnostics image was broken on the server. It isn't anymore, but the update script broke it, so I am figuring that one out. Original image is up (here).

Saturday, January 23, 2010

ClamAV Live CD -> OpenDiagnostics Live CD

I have gone ahead and added more functionality to the the ClamAV Live CD as well as fixed most of the major bugs people have had with kernel mismatches and dell's, but now that ClamAV probably won't be the main use, I have gone ahead and renamed the project to OpenDiagnostics.

I haven't updated my site yet, so the planets are getting a sneak peek of a sort :-).

Currently, I guess the major changes are X and (real)XFCE are installed, but aren't started by default. You are still dropped in runlevel 3, you just have to type startx to get a GUI going. But this gives us use of some awesome tools like wireshark, hardinfo, and clamtk to help fix and diagnose problems with the computer or network at hand. Many new command line tools have been added for benchmarking and stress testing networks, drives, and computers, as well as a slew of little utilities (john with full wordlist in /opt gzipped, apg/otp, weplab, ntfsprogs, netperf, etc...). I am getting up documentation this evening. Cool thing is it is still 300 mb, so a 512 mb USB drive (if they still make them) will work great and give you some extra space for files and stuff you like to keep with you.

You can also use it with the USB Creator in Ubuntu now, so that's a nice thing.

The virus definitions are still being updated daily for ClamAV for those who don't have access to internet all the time.

Download here!

Updates about the CD will be made here from now on if anyone is interested.
Comments/Complaints/Concerns welcome!