Many Thanks to Jeff Moser for his creation of The Stickfigure Guide to AES
Friday, August 20, 2010
AES cheatsheet
For those that may need some helpful reminders on how aes encryption works, we can only hope that the following cheatsheet will be available for years to come:
Many Thanks to Jeff Moser for his creation of The Stickfigure Guide to AES
Many Thanks to Jeff Moser for his creation of The Stickfigure Guide to AES
Thursday, August 19, 2010
hashlib collision generator
To learn how to use hashlib in python, I made a little collision generator for brute forcing password hashes with a dictionary. If you really want a good brute-force tool go download john... but if you're interested in playing with python and hashlib, this was pretty fun.
The script takes two textfiles as arguments, the first being a list of words to use a dictionary, the second being a list of hashes to try to crack.
import hashlib
import sys
dict = open(sys.argv[1], 'r')
hashfile = open(sys.argv[2], 'r')
hashes = hashfile.readlines()
for line in dict:
h = hashlib.new('md5')
h.update(line)
test = h.hexdigest()
print test
for i in hashes:
if i.rstrip() == test:
print 'match: ' + test + ' :: ' + line
The script takes two textfiles as arguments, the first being a list of words to use a dictionary, the second being a list of hashes to try to crack.
[root@localhost ~]# python simple_collision.py dict hashes
b1946ac92492d2347c6235b4d2611184
286755fad04869ca523320acce0dc6a4
match: 286755fad04869ca523320acce0dc6a4 :: password
e01096b9ffe3f416157f6ec46c467725
863a872619ff5e00016da42d4c8ea952
5461000db36da004d49fe75f61c77cac
match: 5461000db36da004d49fe75f61c77cac :: lame2
d8e8fca2dc0f896fd7cb4cb0031ba249
df0590f214a2eaf9a638f43838132f67
29f33cab54c2a8858885b95d8fbb7ff1
885474ae15ef15ec2dedd6749d6bc985
4aacf9c858c82716ab0034320bd2efe9
match: 4aacf9c858c82716ab0034320bd2efe9 :: letmein
6ac371cc3dc9d38cf33e5c146617df75
Thursday, August 12, 2010
Gotcha! The Surveillance Power of Video Analytics
Gotcha! The Surveillance Power of Video Analytics,
“Today’s intrusion detection systems often have hundreds of cameras; some have thousands,” says Steve Vinsik, vice president for critical infrastructure protection with Unisys Federal Systems. “A human can only watch so many video feeds at one time, and it is extremely fatiguing to the viewer when nothing is happening in most of them. Video analytics takes this job away, allowing the human to only turn their attention to cameras where something is detected to be happening. This improves security, and makes the CCTV monitoring job more effective and much easier to bear.”
“Today’s intrusion detection systems often have hundreds of cameras; some have thousands,” says Steve Vinsik, vice president for critical infrastructure protection with Unisys Federal Systems. “A human can only watch so many video feeds at one time, and it is extremely fatiguing to the viewer when nothing is happening in most of them. Video analytics takes this job away, allowing the human to only turn their attention to cameras where something is detected to be happening. This improves security, and makes the CCTV monitoring job more effective and much easier to bear.”
Wednesday, August 11, 2010
ssh.py - automating ssh tasks
so part of my learning python has been finding ways to design tools using it that are simpler than just hashing the same functionality out in bash. Yesterday I came across a python ssh module http://media.commandline.org.uk//code/ssh.txt which provides connection handling and a few basic methods for interaction.
Using that, i built a template for executing commands on multiple systems for administrative purposes by processing a list of dictionaries containing the target info and then issuing commands to each connection that's made:
This just returns a few simple bits of information about each box, but it is an excellent template for future uses. Next i need to find a way to hash the passwords or utilize public keys before putting it into use.
Using that, i built a template for executing commands on multiple systems for administrative purposes by processing a list of dictionaries containing the target info and then issuing commands to each connection that's made:
import ssh
a = {'host': '192.168.1.1', 'username': 'myuser', 'password': 'mypass'};
b = {'host': '192.168.1.2', 'username': 'myuser', 'password': 'mypass'};
c = {'host': '192.168.1.3', 'username': 'myuser', 'password': 'mypass'};
d = {'host': '192.168.1.4', 'username': 'myuser', 'password': 'mypass'};
hl = [a,b,c,d]
for x in hl:
s = ssh.Connection(x['host'], username=x['username'], password=x['password'])
date = s.execute('date')
#uptime = s.execute('uptime')
who = s.execute('w')
netstat = s.execute('netstat -antp |grep ESTAB')
print x['host']
print date[0]
#print uptime
for y in who:
print y
for z in netstat:
print z
print '--------------------------------------------------'
s.close()
This just returns a few simple bits of information about each box, but it is an excellent template for future uses. Next i need to find a way to hash the passwords or utilize public keys before putting it into use.
Url Grabber
Though we wont go into what they're for, I came across the need to collect a list of urls that appear in bulk spam emails. Currently a spamassassin install that I have running tags the spam and postfix redirects anything that's tagged to a spam address rather than it's intended recipient, which leaves me with a mailbox that's just crawling with advertisements for just about every scam out there, and in turn tons and tons of links to bogus, dangerous, or defunct pages. The trouble is in acctually harvesting those links...
Enter my criminally inefficient barrage of bash tools regex:
#!/bin/bash
rm urllist
touch urllist
echo "Getting Spam..."
for i in $(ls cur/); do cat cur/$i|sed -e :a -e '$!N; s/\n//; ta'|sed 's/http/\nhttp/g'|sed 's/>/ /'|sed 's/<!-- /'|awk '{print $1}'|sed 's/\.com[a-z A-Z]*/\.com/'|sed 's/---*/\n/'|sed 's/__*/\n/'|egrep 'http://|https://'|grep -v www.spamcop.net| sed 's/=2E/\./g'|sed 's/)//'|sed 's/(//'|sed 's/,//'|sed 's/]//'|grep -v '\.='|sed 's/\"$//'|egrep -v 'png|gif|jpg|jpeg'|sed 's/=[0-9]*$//'| awk '!/\?/{gsub(/=/, "")}; 1' |sed -e 's~\(http://[^?]*\)=\([^?]*\)~\1\2~' -->> urllist.tmp;done
cat urllist.tmp|sort|uniq > urllist
rm urllist.tmp
echo "List of URLs generated"
It's not pretty or fast, and I'll probably rewrite it in python when i have the time, but so far it performs far better than any existing solution i've tried due to the fact that spam emails often have malformed html, broken lines, substituted or translated characters, and a host of other quirks.. which while still click-able, make them difficult to isolate cleanly from the command line.
The last bit of sed regex in this one I did not figure out myself, but I was thrilled to learn how to do it. sed -e 's~\(http://[^?]*\)=\([^?]*\)~\1\2~' Uses back-references to remove any '=' symbols if they appear in a line prior to a '?'.
Enter my criminally inefficient barrage of bash tools regex:
#!/bin/bash
rm urllist
touch urllist
echo "Getting Spam..."
for i in $(ls cur/); do cat cur/$i|sed -e :a -e '$!N; s/\n//; ta'|sed 's/http/\nhttp/g'|sed 's/>/ /'|sed 's/<!-- /'|awk '{print $1}'|sed 's/\.com[a-z A-Z]*/\.com/'|sed 's/---*/\n/'|sed 's/__*/\n/'|egrep 'http://|https://'|grep -v www.spamcop.net| sed 's/=2E/\./g'|sed 's/)//'|sed 's/(//'|sed 's/,//'|sed 's/]//'|grep -v '\.='|sed 's/\"$//'|egrep -v 'png|gif|jpg|jpeg'|sed 's/=[0-9]*$//'| awk '!/\?/{gsub(/=/, "")}; 1' |sed -e 's~\(http://[^?]*\)=\([^?]*\)~\1\2~' -->> urllist.tmp;done
cat urllist.tmp|sort|uniq > urllist
rm urllist.tmp
echo "List of URLs generated"
It's not pretty or fast, and I'll probably rewrite it in python when i have the time, but so far it performs far better than any existing solution i've tried due to the fact that spam emails often have malformed html, broken lines, substituted or translated characters, and a host of other quirks.. which while still click-able, make them difficult to isolate cleanly from the command line.
The last bit of sed regex in this one I did not figure out myself, but I was thrilled to learn how to do it. sed -e 's~\(http://[^?]*\)=\([^?]*\)~\1\2~' Uses back-references to remove any '=' symbols if they appear in a line prior to a '?'.
Subscribe to:
Posts (Atom)