Oni

At the London Hackspace, we make cool things!

I think I might have cracked it.... moblock! I was running moblock and never released it was blocking my linode as it tends to be silent or at least, silentish. I really REALLY need to get a cool app to do logging. With moblock off I can at least get DNS to reply and play nice.

I was wondering if anyone else had tried this as tethering in this way is very slow. Ive noticed that Facebook hacking works ok but google mail wont work over a socks proxy such as proxychains... oddly.

Yeah, paying for tethering kinda sucks.... and it probably wouldnt work with BackTrack anyway! I've stuck a quick video up on Vimeo about my mobile Jasager Tarpit. Simple stuff but there are few gotchas. Just a little video I put together about the Jasager man in the middle attack but using an iPhone to tether the connection. I had a few snags with this so maybe it's worth mentioning them in case anyone else has a similar idea. Using a jailbroken iphone and a socks proxy is easy enough. There are a few command line programs you can use on the phone along with the packages based around the libiphone package. Now this is fine for perhaps your local browser on your box setup using proxychains. But what if you are routing data with iptables with your Jasager? I wrote a few scripts to get the iptables traffic routed over the right ports. Generally something along the lines of: iptables -t nat -A socksforward -p tcp -j REDIRECT --to-port $TRANSOCKS_PORT Using transocks allows us to foward any connection over socks BUT it seems not to do a very good job of forwarding DNS. The great thing is, you can still use DNS with the iPhone Socks Proxy using proxyresolv with a wrapper script. A line such as: iptables -t nat -A socksforward -p udp --destination-port 53 -j REDIRECT --to-port $DNS_PORT ..should send to your proxyresolv wrapper. This then takes care of both HTTP and DNS. Your tarpit is ready for fun!

ACtually, ignore me >< Further reading into the later switchblade posts is turning up interesting stuff :P

Hi all. I was thinking about my USB pen I carry with me for doing all sorts of things. I wondered what people might carry woth them? So far Ive got: Backtrack Memtest Konboot Previously I had a suite of basic windows utils (like cp, diff, defrag etc, all standalone) but what else would people carry? Im thinking I need a good keyboard logger in there and some other bits and bobs. Already konboot came in handy for looking at some old PCs we were throwing away. Anybody got any good recommendations?

Should point out that it appears that dnstunneld is bound to *.*:53 according to netstat on my little server box so clearly the resolution is working. host mytunnel.mydomain.com doesnt return anything and times out but the packets still arrive so dnstunneld isn't doing basic DNS replies either. Something must be wrong with the way i've setup dnstunneld

Ok, so heres the setup I have that doesn't quite seem to work DNS Setup on mydomain.com Name Server Subdomain myserver.dyndns.com dnstunnel.mydomain.com on my box at home: myserver.dyndns.com settings DNSHOST="dnstunnel.mydomain.com" # change this to your DNS name REPLYIP="127.0.0.1" # what to answer on real DNS requests OPTIONS="" # give additional options here DNSTUNNELD="/opt/dnstunnel/dnstunneld" # the server script /etc/init.d/dnstunneld start On the client box ssh -C -o ProxyCommand="dnstunnelc -v sshdns.dnstunnel.mydomain.com" root@localhost Resolving through: Up: 192.168.1.254 Down: 192.168.1.254 ssh -D 8000 -N -C -o ProxyCommand="dnstunnelc sshdns.dnstunnel.mydomain.com" root@localhost (this command just sits there... probably doing it's proxy thing) I then setup firefox to do its test thing I should point out my server is behind my NAT which has 53 open on the access box Back on the Server So the packets are arriving but they simply arent being forwarded properly and there is no return. Im following the instructions given at http://www.splitbrain.org/blog/2008-11/02-...ing_made_simple

Iron Geek did a thing on this as Darren was getting it ready for the show. I wanted a Teensy but shipping to the UK means I'll need to wait till payday :S

Latest versions of OpenWRT have python, however the fon doesnt have a lot of room on it. I've manged to get python running on a larger Asus router with a thumb drive but its not exactly portable. If there was more memory on the Fonera then probably this would work.

I was wondering what you guys did to keep an eye on your home servers or big servers you work on? Keeping check of logs can be tough and being on the defensive is quite important. So far i've looked at: Snort OpenVAS (running to check for exploits) Arpwatch chkrootkit Though I suspect there are other things one needs to do with logs...specifically making logs easy to read as most info will be in these. I've rerouted my mail so i can get at it anywhere so I do get occasional alerts which is good. Just wondered if there was anything else people would recommend?

I've been having a lot of trouble with this and I can't see why it wont work, save for some outside intervention.\\ Ive setup on my external Nameserver running box: subethanet.mydomain.com NS -> mydomain.dyndns.org Now, I can see this is working fine as I run wireshark on mydomain.dyndns.org and I can see all the DNS requests arriving on port 53 for subethanet.mydomain.com. So you'd think that'd be it? Sadly, I cant seem to do anything with these requests. I've tried both Ozymandns and the dnstunneld script (the updated Ozymandns) and I have little luck. Neither seem to do anything with the packets. I did try dnsspoof and that at least heard the requests (it printed the A requests I was sending from the 'host' lookup i was doing) but it wouldnt send replies either. So im a little stumped. I can see that port 53 is open as i've nmap'd from another server outside my home network and that seems good too. Totally stumped :S

It knows how to party apparently..... ;)

Actually, I should stop lying. Im seeing something going on with wireshark nowz. Will investigate after more sleep final thoughts: msf auxiliary(exhaust) > run [*] DHCP attack started [*] Timeout waiting for OFFER [*] returning [*] Got a timeout, assuming DHCP exhausted. You Win [*] Finished [*] Auxiliary module execution completed msf auxiliary(exhaust) > use auxiliary/digininja/dns_mitm/dns_mitm nslookups on local machine work as planned. Will test with other laptops tomorrow and see how things progress :D

Ok sorry, jumped too soon. Set the RHOST and started attack. Not sure on exact settings TBH. I had to install pcaprub with gem and then set INTERFACE to wlan0 as well as setting the RHOST. Not sure what the RHOSTvariable does in the exhaustion attack. Sadly it seems that no packets are being sent out the router/dns server as wireshark isnt showing any :( msf auxiliary(exhaust) > set Global ====== No entries in data store. Module: digininja/dhcp_exhaustion/exhaust ========================================= Name Value ---- ----- DEVICE wlan0 DHCPSERVER 192.168.1.254 INTERFACE wlan0 NETMASK 24 RHOST 192.168.1.254 SNAPLEN 65535 TIMEOUT 10 UDP_SECRET 1297303091