Saturday, July 24, 2010

SteganoSSH: A theoretical SSH client

How would this work? Obviously, it could work in many ways, here are just a few that would be pretty neat:

First Scenario: 2 streams, 2 ports

The client encrypts the stream through normal SSH means, then using predefined bit offsets, patterns, etc... the client splits the one SSH stream into two streams, lets say that mimic HTTPS and SFTP (ports 443 and 22 respectively, by default).

Both streams could mimic these streams with false header information and junk data, and both being encrypted, any prying 3rd-parties would not be able to say "Oh hey, that stream looks funky".

The server, being configured with the correct bit offsets, patterns, etc would be listening on ports 443 and 22 respectively, would piece the puzzle back together, then hand it off to standard SSH doings.

This would be the more secure out of the two scenarios.

Second Scenario: 1 stream 1 port

The client merely mimics a well known protocol (HTTP/S, S/FTP). Any will do and the server would be able to be configured to strip the fake headers from any stream being sent through the port being listened on.

This would be the easiest, and probably most used.
Posted by Brandon Perry at 9:34 AM
Labels: ,

Saturday, July 17, 2010

Added hydra/metasploit to OpenDiagnostics Live CD (removed some bloat as well)

Added latest metasploit to /opt/metasploit. Start with 'msfconsole'.

Added hydra/xhydra. You can start fluxbox with 'startx' to use any of the GUI tools (wireshark,, xhydra, hardinfo, etc...)

You can get the latest release here (384 MB).

I also updated the list of notable apps.
Posted by Brandon Perry at 1:05 PM
Labels: ,

Friday, July 16, 2010

Hydra ubuntu builds (with xhydra)

I was made aware of a nice app today that tries to figure out logons for certain services (by checking default and weak user/pass). I couldn't find any deb builds, so using checkinstall, I made two builds, one for x86 in a chroot, one for amd64 on the host. I didn't realise until today I have no x86 machines in my apt.

I am not sure if checkinstall does packages the way they should be done for PPAs, but if a checkinstall deb meets up to the standard (and with a bit of guidance), I wouldn't mind maintaining a PPA for these guys.

Homepage for source code: http://freeworld.thc.org/thc-hydra/


Any help is appreciated!


You can get the debs here for the time being:
http://www.volatileminds.net/project/hydra
Posted by Brandon Perry at 8:44 PM
Labels:

EFF Fights To Allow People To Comment Anonymously Online

http://www.networkworld.com/community/blog/eff-fights-allow-people-comment-anonymously-o

This is a serious issue! No one owns the internet, don't let this happen!
Posted by Brandon Perry at 11:59 AM
Labels:

Tuesday, July 13, 2010

Updated OpenDiagnostics Live CD

Updated to Lucid, should fix kernel mismatch issues.
Added openvas-client with the ability to install openvas-scanner v3 from OpenSuse Build service
Added nikto
Added sqlmap
Added fierce.pl to /opt with a common hosts.txt for a wordlist
Added (english) wordlists for john into /opt/wordlists
Updated ClamAV to 0.96.1

UPDATE:
Added nmap, got removed some how.
Added unzip/zip
Added wicd
Added filerunner
Fixed background issue in fluxbox
Added galleta

Removed openssh-server. You can install it if you want to.

You can get it at http://www.volatileminds.net/project/opendiagionstics-live-cd
Posted by Brandon Perry at 7:43 PM
Labels: ,

Sunday, July 11, 2010

Automating openVAS 3

There are many reasons a systems admin would want to automate vulnerability scanning, but I won't go into them here. This is just how I have found it easiest. Use nmap to get all the ips on our network like so:

nmap -sP 192.168.0.0/24 | grep ^Host | sed 's/Host //g' | cut -d " " -f1 > ips

Then, you can use your openvas server in batch mode

openvas-client -q 127.0.0.1 9390 user pass ips "report-`date`.html" -T html

viola, set a cron job and you are good to go. Maybe you would then cat the report through sendmail to yourself or move it to another server.
Posted by Brandon Perry at 2:29 PM
Labels: ,

Saturday, June 26, 2010

Hi DHS, I'm Brandon

bar*, cure, employ*, agreement*, draft*, repo*, repurchase, fed, risk*, expos*, *liquid* caution or concern or increase or toxic or outsized or significant, downgrade*, reduce*, write*, effect*, cash, sweep*, haircut, negotiate*, need*, strongly disagree, can't or cannot or shouldn't or should not or won't or will not w/5 discuss or "talk about" w/5 email, e-mail, or computer or should w/5 discuss or talk w/5 phone or "in person", cannot believe, serious trouble, big trouble, unsalvageable, shocked, speechless, too late, uncomfortable, not comfortable, I don't think we should, *sensitive, *confidential, do not share this, don't share this, between you and me, just between us.

Remember, this is just between us.

(http://www.networkworld.com/community/node/62911)
Posted by Brandon Perry at 9:04 AM
Labels: ,
Subscribe to: Posts (Atom)