Okay Seriously, I just finally got Scapy to work on my work system which means I can finally get down and dirty with some packet crafting.  I suppose I should do some research as far as packet crafting and fuzzing but I could learn myself and become somewhat of an informed personal learner.  Just to brainstorm here, some of the modifcations you can do to an IP packet are:

     Change the version to 5, or even 6.  What about 3?

I've got this theory that a packet can bounce around a network if it's got a ttl thats just astronomical.  Actually I havent really thought about how that would work but I definitely know its possible.  More packet crafting to come as I work on my penetration testing abilities.  Anyway, I'm at work right now about to leave and head up to my girl's pad to chill.  For some reason I want to get better at programming and application development because, honestly, I really do think thats my strong computational suite.  I want to take on a project of creating a RSS ticker in C# using the .net framework of course, and I think that would be extremely benficial to my programming.  All it takes is an idea and enough drive to power through it so I can get a concept of .net application development.  

So because the fucking internet is so fucking vast and large, I did a quick google search and found a skeleton of a ticker that I'm going to go home and play with.  Given, I didnt write it from scratch but hey now, you gotta start somewhere.  =P

Cheers!

So I get in this morning to a co-worker of mine shooting me a list of machines that don’t have the Conficker patch.  Now I’m pretty confident there are no Conficker infected systems in our network because we would have known about it, with our IDS and so forth, but I decided to run the python scs.py Conficker Scanner on the list.  It turned up a couple of failed attempts but overall most of the vulnerable systems were clean.  Now that I think about it, its possible the nodes that returned no results could have had 445 turned off (unlikely) or probably weren’t on in the first place (again, unlikely).  The only thing else I can think of is the Crypto package that scs.py requires isn’t installed on my system so I might be missing something crucial to the recon of Conficker infected machines.  Maybe I’ll look into it more. 

Speaking of Conficker, tomorrow is supposed to be an impactful day considering the worm itself has code to trigger or change its behavior come the first.  Interesting stuff to say the least.  This is the stuff I got into computer security for.  Well that and of course seeing Hackers at the susceptible age of 12.  Haha!  Anyway,  I was scanning our www2 server with a web application scanner called Atlas.  The only vulnerability it found was the frontpage “_vti_inf.html” vuln.  I don’t know much about it, but that’s why I blog. 

So Frontpage has three dll files that control its access and permissions. 

                Admin.dll

                Author.dll

                Shtml.dll

Basically if an attacker is able to read and execute admin.dll, you can administer the web site.  The authentication dll’s are structured like this:

Web Root

    \_vti_bin

     shtml.dll

         \_vti_aut

          author.dll

         \_vti_adm

          admin.dll

 

As I’m looking over the specifics of this vulnerability and how to exploit it I’m finding out more and more of how my job’s network is setup and how security is implemented.  With a network this large, there are holes everywhere.  Even the most insignificant daemon running on a box at the corner of the state could be a gateway to ultimate compromise.  Either way…

The first thing to do is to test the OPTIONS of the vulnerable web server.  That allows you to see the options you have as a user.  When running the OPTIONS / HTTP/1.1 command from my workstation I received a

<h1>Bad Request (Invalid Hostname)</h1>

Error and it had me perplexed for a moment.  Then I realized that the web server is probably setup to only receive requests from our web proxy which of course made total sense.  After logging into the web proxy I throw the options command at it and receive this:

HTTP/1.1 200 OK
Via: 1.1 GATE
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Content-Length: 0
Date: Tue, 31 Mar 2009 16:38:08 GMT
Server: Microsoft-IIS/6.0
Allow: OPTIONS, TRACE, GET, HEAD
Public: OPTIONS, TRACE, GET, HEAD, POST
X-Powered-By: ASP.NET

I suppose after you confirm that POST is an option you can proceed to the next step.  The basic configuration file for frontpage extensions is _vti_inf.html.  So you want to send

GET /_vti_inf.html HTTP/1.1

 

That should return the basic configuration file for frontpage extensions.  It tells explorer that the frontpage server extensions are installed and it looks for the line

FPAuthorScriptUrl="_vti_bin/_vti_aut/author.dll" 

If the file isn’t there then a 404 error will surface and the server doesn’t have FrontPage support.   

So at this point you have the configuration file and you’re ready to post.  Shtml.dll is a browse library that’s available to everyone.  The command to throw at the web server is this: 

POST / _vti_bin/shtml.dll/_vti_rpc HTTP/1.1

Ugh… got bored J

iwconfig ath0 essid "nameofnetwork"
iwconfig ath0 ap 00:00:00:00:00

at this point you can try dhcpcd ath0
but if that shit dont work:


create your wpa_supplicant.conf file for wpa_supplicant

network={
                    ssid="nameofnetwork"
                    key_mgmt=WPA-PSK
                    proto=WPA
                    pairwise=TKIP
                    group=TKIP
                    psk="WPApassphrase"
     }

after that's configured go ahead and run

wpa_supplicant -i ath0 -c wpa_supplicant.conf -B

of course ifconfig ath0 is used to configure the ip address and netmask. 
take care of the default gateway with route add default gw <ip address>
and edit the resolv.conf file with the appropriate name servers and let er rip!

---

On a lighter note, I'm about 7 minutes away from watching another great episode of 24, probably my favorite show on television.  It's all coming down to a killer finale and damn, I cant wait to find out what happens next.  Ugh, getting too personal.  Fuck off dickwads.  =]

After a couple months of laziness and partying I've gotten back into the swing of things that is network security and the like.  Yes, I did get some business cards made up and I might just post one for the two people that read this blog to see.  Anyway, I've been sitting here trying to configure this fucking wireless card on my gateway laptop on backtrack 4 and I think I've pulled it off, to an extent:

I ran into a problem when it came to my wpa_supplicant.conf file.  Its the file that's needed when connecting to a WPA encrypted access point.  Apparently there's a formatting issue although I havent tested it and I wont because it's pointless when formatting that file.

""network={
                     ssid="nameofnetwork"
                     key_mgmt=WPA-PSK
                     proto=WPA
                     pairwise=TKIP
                     group=TKIP
                     psk="WPApassphrase" }

After that was corrected I still got an error whereas it couldnt parse and or read the file, so after some digging and comparison, it seems as if you need the scan_ssid as well, for a final result of wpa_supplicant.conf reading:


""network={
                     ssid="nameofnetwork"
                     scan_ssid=1
                     key_mgmt=WPA-PSK
                     proto=WPA
                     pairwise=TKIP
                     group=TKIP
                     psk="WPApassphrase" }

Here's to crafty wifi hacks!  I'll drink to that! 

I'm not sure why I dont have this DLL in my references library.  There are some options to allow me to create a web proxy which I'm all about because I could sneak it onto my roommates computer which is always on.  Modify the inevitable router that I'll wind up buying some time soon and allow me free access from anywhere without anyone ever knowing.  So my new language of choice is C# simply because I need more power and more applicable skills to make me a more rounded programmer.  I'm working on some graphics and networking code, as you can see so when I get something working I'll post it without fail. 

Here's to the good times tonight.  Gimmie another shot!

Ayo, after I finish my work today, I'm headin straight to my friend Rick's house to start it off proper.  I'm saying fuck you to that bitch Shari Lassiter who wrote me off officially during the winter vacation.  I'm saying fuck you to Tatiana King for writing me off.  I'm saying fuck you to every single dickless faggot that didnt hit me up on my birthday when thats the only thing I do when someone I know has a bday.  And last but certainly not least, I'm sayin my best friend in the world is  Web Dev Debby.... thats my dawg.   Tonight dont look for me sober, cause you wont find me.  =)  Down the hatch and a bad attitude, salud!

EXE Program Injection:

Using the debugger of your choice, locate a portion of the disassembled code that is empty space.  Most programs have these blank sections for injection reasons.  Programmers knew that malicious folk like you and I would come along years later and want to corrupt a perfectly well written program with some destructive code. 

Usually these "caves of blank space" are signified by (DB 00)

By injecting code into these blank areas you dont interrupt the flow of the program and it will still run without problems.  Locate some blank (DB 00) space. 

Wherever you find some blank space within the executable, go ahead and input some ASCII text using the Binary Edit right click option.  A couple of memory addresses down is where you enter the assembly code to execute the code you're injecting.  In this case it'll be:

PUSH 0
PUSH <memory address of ASCII>
PUSH <memory address of ASCII>
PUSH 0; (no icon)
CALL MessageBoxA; system call for message box

After you input that code, make sure you write down or take note of the address of the first PUSH command, and a couple of lines below it because they'll get over written during the JMP. The goal is to jump to this injected code upon program execution.  After its written down, locate the origin of the program, which is the point at which command execution starts.  It's usually signified by:
6A 70 -- PUSH 70. 


Once the origin of the program is found, you're to replace that PUSH 70 command with a JMP command to the injected code.  It should look like this:

JMP 1008757

What that does is jumps the initial execution to the injected code somewhere else in the program.  When that's done, the program is now "Rewired" to execute the injected code first.  The next thing to do, is redirect the injected code back to the top of the program to continue normal execution.  Before that can be done, the commands to successfully continue program flow have to be established.  The lines that were overwritten duing the JMP command will be something like:

PUSH 70
PUSH 01001898

After the last JUMP back is completed, save all modifications to the executable and attempt to run the program.  If everything is gravy, you'll see the pop up come up with your injected code.  It just gets more interesting from here. 

Wow, its been a while since I've posted to this blog.  Its almost a new year and a new mentality is upon me.  I dont really give a shit about anything anymore and I'm going to finish my degree in computer science.  I've had the luxury of talking to two really smart people over the last couple of days who reminded me how stupid I am for trying to be something I'm not.  Well I'm not running or avoiding it anymore.  Yes, I'll affect my social life, but then I think about it, and its like... what social life?  Hahaha, bitches annoy me and they're getting in the way of my inevitable success.  So three cheers for qodejunkies.  !!

 Virus Creation Laboratory?
PSMPC Generators?

Wow, a lot happening today in the security world. I'm at work... not working, which is probably a mistake to even mention, but no one reads my blog anyway.

Looks like facebook got busted for their ad service beacon being able to monitor users that have logged off from their website. That's just sickening. I'm appauled, first because I never really liked facebook anyway, and second because thats just so fucking stupid, yet the millions of dead, stone faced, allegedly educated facebook users arent going to do a damn thing about it. I'm going to delete my account tonight. Why the fuck do I need it again? 


Eh, I dont feel like going over the news at all.  I feel like going home to take a much needed nap.  There are some things I'm actually working on though.  I need to teach myself ASP.NET and SQL Server to get a database and web site up for an Exchange matrix here at work.  I also need to do some thorough testing of Guardian Edge's Removable Storage Encryption medium.  Both are actually cool.  I'm actually learning new things.  Imagine that.  

On the personal side (muhaha), I'm working  with python sockets (what else is new) to create a secure chat program based around a P2P topology scheme.  My own custom 128-bit EWE Encryption for secure transmission definately does the job.  I'm using wxPython for the GUI.  

I know I'm a little late, but I'm studying boot sector infections.  For some reason I'm still living in 1994.  I haven't migrated to Win95 it seems because I'm still virtually stuck on 3.1.  I miss the old days when the internet wasn't so mainstream, and being involved in computers, programming, and networking was cool, mysterious and underground.  Ahhwell, cant change it now.  Either way, I'm getting back into malicious code writing 13 years after I lost my obsession with virii and worms.  Typical.  This means more coding, more low level crunching, more debug, more Hex.  

I'd also like to get into dissassembly and work on my assembler coding.  I'd love to do it at work when I'm actually awake (after 12), but thats when I tend to get my actual work done.  Oh well.  

I'm realzing that I have a gift.  Although there is something wrong with me indefinately, I have gifts that I take for granted.  I've separated myself from a lot of people because I feel as though I dont need them.  I'm focusing a lot more these days on my work and my music.  What the fuck else could I possibly need (besides the obvious food, films, and fucking) 

A new release of a AOL Instant Messenger Vulnerability was published yesterday that requires absolutely no user interaction. It requires no clicking, no user deception, and barely any scripting. By sending just a specifically crafted HTML snippet to a user, AIM pulls Internet Explorer Extensions and DLLs to execute remote code without any interaction of the user.

The possibilities are endless until AOL decides to patch the vulnerability... IN MID OCTOBER. This will allow malicious scripters to develop worms in no time, and in enough time to compromise a significant amount of systems before the patching occurs.

Here is an excerpt from Bugtraq post published on August 17th:

*************
Workaround #1: Users running AIM on Microsoft Windows XP SP2 or Windows
Server 2003 SP1 may implement Microsoft's "Internet Explorer Local Machine
Zone Lockdown" recommendations to mitigate risk. This will not fix the
reported bugs but will reduce the risk of exploitation significantly.
To enable Local Machine Zone Lockdown for your AIM client, go to the
following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft \Internet
Explorer\Main\FeatureControl\FEATURE_LocalMachine_Lockdown

Add a REG_DWORD value to this key named as the AIM client application (for
example, aim.exe) and set it to 1. Any other setting for this value will
disable Local Machine Zone Lockdown for the application.

For further details about how to configure this feature read Microsoft‟s
Internet Explorer Local Machine Zone Lockdown recommendation at:
http://technet.microsoft.com/enus/library/bb457150.aspx#EHAA

*Credits*
This vulnerability was discovered by Lucas Lavarello from the CORE
Security Consulting Services (CORE SCS) team.

*Technical Description / Proof of Concept Code*

The standard protocol that AIM clients use to communicate is called OSCAR
(Open System for CommunicAtion in Realtime), which is a closed protocol
also used by AOL's secondary Instant Messaging client, ICQ (I Seek You).
On top of the OSCAR protocol, AIM clients have implemented support for
enhanced message types that use features provided by the HTML (Hyper Text
Markup Language) in order to, for example, provide AIM users with the
possibility of exchanging text messages with specific font formats or
colors. AIM 6.1, AIM 6.2 (beta), AIM Pro and AIM Lite have embedded an
Internet Explorer server control in the message display window in order to
facilitate the parsing and displaying of HTML controls. It is a common
practice for Windows applications to reuse Microsoft Internet Explorer‟s
HTML parsing objects included in the mshtml.dll library instead of using a
homebrew HTML parser. Several programming frameworks, including MFC
(Microsoft Foundation Classes), provide practical ways of embedding such
controls through classes like CHtmlEditView or CHtmlEditDoc.
Some of the advantages of using MSHTML are that it provides a particular,
feature-rich and somewhat complete support for DHTML and also that it is
easier to host Microsoft ActiveX Controls. However, in the context of this
advisory, such advantages may end up becoming security problems due to
design flaws and implementation bugs.
There are two particular characteristics in the implementation of the
described functionality that turn AIM‟s highly flexible message-content
features into high-risk attack vectors for its users.

First, the vulnerable IM clients do most of the sanitizing/filtering and
encoding of HTML content on outbound messages, thus a malicious attacker
with the ability to bypass outbound HTML filtering can send any type of
HTML content to other IM clients.
A handful of publicly available and well-known IM clients permit to send
un-sanitized data to any other client that supports the same
communications protocol including the vulnerable AIM 6.1, AIM 6.2, AIM Pro
and AIM Lite clients.
Second, although there are some defensive mechanisms implemented in the
vulnerable clients these are insufficient to properly handle messages with
potentially malicious content. Input validation of inbound messages
appears to be taking place but can be easily circumvented by an attacker.
As a result, the entire attack surface of MSHTML is exposed to remote IM
peers. By having a way of sending data straight to the MSHTML library,
attackers could abuse such high-risk attack vector to:

- - Execute arbitrary shell commands in the victim‟s workstation.
- - Direct the embedded IE to perform arbitrary HTTP requests (CSRF)
- - Include HTML controls (links, images, forms…) in IM text messages in
order to trick users into revealing sensitive information or performing
harmful actions against their accounts/workstation/etc.
- - Run JavaScript code within IE to enhance the attacks mentioned above.
- - Instantiate ActiveX controls, which attackers could use to target
vulnerabilities in the ActiveX objects themselves or use their
functionality to, for example, read arbitrary files from the victim's
file system or even execute arbitrary shell commands in the victim's
workstation.
- - Directly attack vulnerable versions of Internet Explorer in user
workstations. This is a typical client-side attack scenario and could
lead to the remote execution of arbitrary code in the victim's
workstation. In this scenario "one-click" IE bugs (exploitation requires
user assistance) become "zero-click" bugs (exploitation does not require
user interaction).

AOL's "Classic AIM 5.9" is an official alternative client for nostalgic
users and is not vulnerable due to the fact that instead of using MSHTML
to render HTML it appears to include limited rendering functionality
either provided by a third party library or homebrew code. Although there
is no guarantee that its implementation lacks vulnerabilities, in our
tests it did prevent the attack vectors described in this advisory. So
is the case for AOL‟s AOL 6.5.3.12 which although it is embedding an
Internet Explorer server control in the message window, could not be
exploited during our tests.
AOL's online AIM Express web client which is written in ASP.NET and also
appears to be taking the necessary defensive measures required to prevent
any of these problems from taking place.

*Proof of concept snippets*
The following examples provide code snippets that should serve as
proof-of-concept code to demonstrate some of the problems that arise from
the issue reported. The snippets have been arranged according to their
risk level, in increasing order (lower risk first), with the
intention of making this process more self-explanatory. In order for these
snippets to work, they must be sent within the contents of a standard
instant message, but using a client that will not encode message contents
on output:

*Using HTML controls in order to trick victims into revealing sensitive
information or do harmful actions against their accounts/workstations or
to force outbound HTTP requests (CSRF).*

The following proof-of-concept code was successfully tested on AIM Pro.
Other vulnerable clients need some tweaking in order to get it to work.
The code uses

---

,

,

and tags to trick the victim into
believing that an AIM disconnection took place. It then requests the
victim to type in the user credentials and to press the Reconnect (submit)
button in order to send the credentials to the attacker. In this
case, the form is submitted to "http://localhost"

- --- begin code ---

---

SERVICE UNAVAILABLE

---

Your connection to AIM has been
interrupted. Please type in your credentials in order to reconnect. Thank
you.
Login:
Password:

---

- --- end code ---

This is simply one example of exploitation using only embedded HTML. There
are plenty of HTML controls that could be used in similar exploitation
scenarios.

*Using scripting languages to enhance an attack*

As mentioned in the beginning of the technical details section, we
identified among all the vulnerable clients what appeared to be an
existing defensive measure (or a functional characteristic with a
side-effect) meant to prevent attackers from inserting malicious
JavaScript statements within message contents. When sending JavaScript
statements inside

The following code *does* work:


Note that even though the different proof-of-concept snippets provided in
this advisory use tags to execute JavaScript, the problem must not
be thought of as circumscribed to message contents with embedded
tags only. JavaScript statements may also be executed through the use of
other HTML controls and some of the attack vectors that we mention do not
even rely on JavaScript for successful exploitation.
The following proof-of-concept code will display a prompt box to the
victim, requesting to type in the victim's AIM credentials. It will look
authentic due to the fact that the message box is not part of the text
message window:

- -- begin code --

- -- end code --

Once the victim types-in her/his password, an alert message box will be
displayed showing the entered password. Attackers could easily retrieve
passwords and other security-sensitive data by using the same techniques
used to exploit Cross Site Scripting vulnerabilities to steal browser cookies.

*Instantiating ActiveX controls and taking over the victim’s workstation*

Another way of enhancing an attack could rely on using ActiveX controls
installed on the target system. For that, the attacker needs the ability
to instantiate arbitrary ActiveX controls using an IM message content
constructed to accomplish such purpose. We successfully used this attack
vector in AIM 6.1, AIM 6.2beta and AIM Lite in order to get immediate and
instant access to the victim‟s workstation. This attack vector increases
considerably the severity of the problems found, turning the affected
clients into a doorway to the user‟s computer and ultimately providing
attackers with ways of executing arbitrary commands.
Apparently, AIM Pro is the only client that runs the Internet Explorer
server control in a "protected" security zone, where the victim is
prompted with the typical message box that says:

"An ActiveX control on this page might be unsafe to interact with other
parts of the page. Do you want to allow this interaction?"

The choice of the user will affect the entire instance of the application
and be applied to any other existing/future message windows (as well as
potentially any other locations where the Internet Explorer server
control is used.)

Attackers could use JavaScript to instantiate ActiveX controls in order to
either exploit client-side vulnerabilities of the ActiveX objects
themselves or to use ActiveX functionality as an aid to exploit other bugs..
As the following proof-of-concept snippet shows, an attacker can
successfully instantiate the "Shell.Application" object that is included
in the Microsoft Windows OS installation and use it to execute any
arbitrary command on the victim‟s workstation.

As previously mentioned, in three of the four affected versions of the
product, the attack is straight forward and no interaction with the victim
is required. Such clients appear to be running Internet Explorer control
in the Local Machine Security Zone.

- -- begin code --

- -- end code --

The proof-of-concept code from above will run an instance of Microsoft
Windows command line tool, executing the pause command. Upon receipt, it
will instantly show a blank command window in the victim‟s workstation. An
attacker may easily abuse this issue to gain complete control over the
victim‟s machine with the privileges of the user running AIM.

*Attacking vulnerable versions of Internet Explorer controls*
This scenario is just a clear-cut client-side attack vector and would rely
on any unpatched security vulnerability in Internet Explorer or the
ActiveX controls it hosts. An embedded HTML URI can direct the IE server
control to automatically visit a previously setup site that delivers
malicious content to exploit known Internet Explorer vulnerabilities. In
this case, the AIM clients identified as vulnerable in this advisory play
the role of exposing their users to attacks without requiring user
intervention to allow/disallow access to the rogue website. This attack
scenario is functionally equivalent to a user of Internet Explorer
clicking on a URL and visiting a malicious site.

*Additional Information and resources*

AOL’s AIM clients
AIM Pro: http://aimpro.premiumservices.aol.com/
AIM 6.2: http://beta.aol.com/projects.php?project=aim6
AIM 6.1: http://www.aim.com/get_aim/win/latest_win.adp
AIM Lite: http://x.aim.com/laim/
AIM 5.9: http://www.aim.com/get_aim/win/other_win.adp
AIM 6.5: http://beta.aol.com/projects.php?project=aim6

Embedding IE
Introduction to ActiveX Controls:
http://msdn2.microsoft.com/en-us/library/aa751972.aspx

Reusing MSHTML:
http://msdn2.microsoft.com/en-us/library/bb508516.aspx

Internet Explorer Local Machine Zone Lockdown
http://technet.microsoft.com/en-us/library/bb457150.aspx#EHAA
http://technet2.microsoft.com/windowsserver/en/library/aebcfc94-25d5-4f41-93cc-7fb6e031de401033.mspx?mfr=true

**********************

Use it wisely, use it indefinitely.

I'm learning C by doing. Python being my native language has given me nothing but experience. I have an understanding of computer languages, I realize that I just need to practice. I wrote a program that opens up potential backdoors and services within an XP/NT machine. Its only 34k. I wrote the same set of instructions in python to reverse the process if need be.

I'm trying to find my way in this world of computing and information acquisition. I'm looking for what drives me, and what motivates me to learn more. I'm obsessed with a fantasy. My obsession with computers and the internet stems from a dramatized media-made view of a subculture that was immortalized by a 1995 film. I have a very general interest in just computers and information access. My problem is focusing on the skills and techniques that will allow me to capitalize on the 'tasks' i want to perform. As of now I know of a just a few things I want to focus on, which is the way it should be.

-Finding vulnerabilities in executables
-Writing my own exploits and solidifying my ASMx86 skills
-Writing self-replicating code
-Compromising Windows XP Machines

Right now thats what I'm working on. In the past I would never focus on anything specific which is why I never got anything done. On a mission

#!/bin/sh

cd /root
pacman -R snort
mkdir snorttemp
cd snorttemp


##has to do a different url
wget http://www.snort.org/dl/current/snort-2.6.1.4.tar.gz
echo "unpacking Snort..."
tar -xzf snort-2.6.0.tar.gz
ls

wget http://www.snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-2.4.tar.gz
echo "unpacking SnortRules..."
tar -xzf snortrules-pr-2.4.tar.gz
ls

wget http://surfnet.dl.sourceforge.net/sourceforge/pcre/pcre-6.3.tar.gz
echo "unpacking PCRE..."
tar -xzf pcre-6.3.tar.gz
ls

wget http://www.tcpdump.org/release/libcap-0.9.4.tar.gz
echo "unpacking libcap..."
tar -xzf libcap-0.9.4.tar.gz
ls

wget http://surfnet.dl.sourceforge.net/sourceforge/adodb/adodb590.tgz
echo "unpacking adodb590..."
tar -xzf adodb590.tgz

cd /root/snorttemp/

echo "Proceeding to Install..."

cd libcap-0.9.4
./configure
make
make install

cd pcre-6.4.tar.gz
./configure
make
make install

cd adodb590.tgz
./configure
make install

cd snortrules-pr-2.4.tar.gz
./configure
make
make install

cd snort
./configure --enable-dynamicplugin --with-mysql
mkdir /etc/snort
mkdir /etc/snort/rules
mkdir /var/log/snort

##move the rules

cd /root/snorttemp
cd snort-2.6.1.4.tar.gz
cd rules
cp * /etc/snort/rules
cd ../etc
cp * /etc/snort

echo "EDIT THE CONFIG FILE FOOL!!!"

echo " As we made snort with the '--with-mysql' option and as BASE needs it,
echo " we also need echo " to tell Snort what database to use.
echo " Scroll down till you see "# output database",
echo " and remove the # in front of the echo " line for the MySQL.
echo " Now also change the "user", "password" and "dbname".
echo " hint Make a note of this as echo " you will need it later!
echo " Save the file and close 'nano'
echo " Setting up the MySQL Database for Snort.

echo " There are many ways to create the snort database.
echo " The table layout can be found in the file
echo " create_mysql in the echo " /root/snorttemp/snort-2.6.0/schemas
echo " directory.
echo
echo " Whichever way you create the database, make sure the 'user',
echo " 'password' and echo " 'dbame' are the same as the one you
echo " set in the /etc/snort/snort.conf file!

echo " After creating you can test snort and see if you get any errors with:

echo " test with:"
echo " snort -c /etc/snort/snort.conf "

It amazes me how stupid people are. How the most mundane tasks can be so complicated that they have to devote their time to a quick fix instead of learning how something works enough to fix it themselves.


Accessibility Options access.cpl
Add New Hardware Wizard hdwwiz.cpl
Add/Remove Programs appwiz.cpl
Date and Time Properties timedate.cpl
Display Properties desk.cpl
FindFast findfast.cpl
Folder Properties * folders
Fonts Folder * fonts
Internet Properties inetcpl.cpl
Joystick Properties joy.cpl
Keyboard Properties main.cpl keyboard
Mouse Properties main.cpl
Network Properties ncpl.cpl
Password Properties password.cpl
Phone and Modem options telephon.cpl
Power Management powercfg.cpl
Printers Folder * printers
Regional settings intl.cpl
Scanners and Cameras sticpl.cpl
Sound Properties mmsys.cpl sounds
Sounds and Audio Device Properties mmsys.cpl
System Properties sysdm.cpl
User settings nusrmgr.cpl
TweakUI tweakui.cpl

#!/usr/bin/env python # Advanced binary download - Chapter 13 - advbinarydl.py from ftplib import FTP import sys f = FTP('ftp.kernel.org') f.login() f.cwd('/pub/linux/kernel/v1.0') f.voidcmd("TYPE I") datasock, estsize = f.ntransfercmd("RETR linux-1.0.tar.gz") transbytes = 0 fd = open('linux-1.0.tar.gz', 'wb') while 1: buf = datasock.recv(2048) if not len(buf): break fd.write(buf) transbytes += len(buf) sys.stdout.write("Received %d " % transbytes) # This "if" only passes if estsize is nonzero and is not None. # That's exactly what we want, since if it's zero, we'd get a # divide by zero error. if estsize: sys.stdout.write("of %d bytes (%.1f%%)\r" % \ (estsize, 100.0 * float(transbytes) / float(estsize))) else: sys.stdout.write("bytes\r") sys.stdout.flush() sys.stdout.write("\n") fd.close() datasock.close() f.voidresp() f.quit() #!/usr/bin/env python # Advanced binary upload - Chapter 13 - advbinaryul.py # Arguments: host, username, localfile, remotepath from ftplib import FTP import sys, getpass, os.path host, username, localfile, remotepath = sys.argv[1:] password = getpass.getpass("Enter password for %s on %s: " % \ (username, host)) f = FTP(host) f.login(username, password) f.cwd(remotepath) f.voidcmd("TYPE I") fd = open(localfile, 'rb') datasock, esize = f.ntransfercmd('STOR %s' % os.path.basename(localfile)) esize = os.stat(localfile)[6] transbytes = 0 while 1: buf = fd.read(2048) if not len(buf): break datasock.sendall(buf) transbytes += len(buf) sys.stdout.write("Sent %d of %d bytes (%.1f%%)\r" % (transbytes, esize, 100.0 * float(transbytes) / float(esize))) sys.stdout.flush() datasock.close() sys.stdout.write("\n") fd.close() f.voidresp() f.quit() #!/usr/bin/env python # POP connection and authentication with APOP - Chapter 11 - apop.py import getpass, poplib, sys (host, user) = sys.argv[1:] passwd = getpass.getpass() p = poplib.POP3(host) try: print "Attempting APOP authentication..." p.apop(user, passwd) except poplib.error_proto: print "Attempting standard authentication..." try: p.user(user) p.pass_(passwd) except poplib.error_proto, e: print "Login failed:", e sys.exit(1) status = p.stat() print "Mailbox has %d messages for a total of %d bytes" % (status[0], status[1]) p.quit() #!/usr/bin/env python # ASCII download - Chapter 13 - asciidl.py # Downloads README from remote and writes it to disk. from ftplib import FTP def writeline(data): fd.write(data + "\n") f = FTP('ftp.kernel.org') f.login() f.cwd('/pub/linux/kernel') fd = open('README', 'wt') f.retrlines('RETR README', writeline) fd.close() f.quit() #!/usr/bin/env python # Basic SSL example with wrapper - Chapter 15 - basic-wrap.py import socket, sys class sslwrapper: def __init__(self, sslsock): self.sslsock = sslsock self.readbuf = '' self.eof = 0 def write(self, buf): byteswritten = 0 while byteswritten < len(buf): byteswritten += self.sslsock.write(buf[byteswritten:]) def _read(self, n): retval = '' while not self.eof: try: retval = self.sslsock.read(n) except socket.sslerror, err: if (err[0]) in [socket.SSL_ERROR_ZERO_RETURN, socket.SSL_ERROR_EOF]: self.eof = 1 elif (err[0]) in [socket.SSL_ERROR_WANT_READ, socket.SSL_ERROR_WANT_WRITE]: continue else: raise break if len(retval) == 0: self.eof = 1 return retval def read(self, n): if len(self.readbuf): # Return the stuff in readbuf, even if less than n. # It might contain the rest of the line, and if we try to # read more, might block waiting for data that is not # coming to arrive. bytesfrombuf = min(n, len(self.readbuf)) retval = self.readbuf[:bytesfrombuf] self.readbuf = self.readbuf[bytesfrombuf:] return retval retval = self._read(n) if len(retval) > n: self.readbuf = retval[n:] return retval[:n] return retval def readline(self, newlinestring = "\n"): retval = '' while 1: linebuf = self.read(1024) if not len(linebuf): return retval nlindex = linebuf.find(newlinestring) if nlindex != -1: retval += linebuf[:nlindex + len(newlinestring)] self.readbuf = linebuf[nlindex + len(newlinestring):] \ + self.readbuf return retval else: retval += linebuf print "Creating socket...", s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) print "done." print "Connecting to remote host...", s.connect(("www.openssl.org", 443)) print "done." print "Establishing SSL...", ssl = socket.ssl(s) print "done." ssl = sslwrapper(ssl) print "Requesting document...", ssl.write("HEAD / HTTP/1.0\r\n\r\n") print "done." s.shutdown(1) while 1: line = ssl.readline("\r\n") if not len(line): break print "Received line:", line.strip() s.close()

Lithonia Lighting
Brownsville, TX
73.43.93.78 - Nokia VPN Firewall

First and foremost, you dont let anyone know what you're capable of. That's rule number one. Deception is key here. You dont want to overplay what you can do. It's better to seem ignorant than to boast and not deliver. Talk is cheap, as I've heard so many times. A man of few words, that walks soft and carries a big stick, if you know what I mean. Those that run their mouths endlessly only to display their utter stupidity when they're eating the soles of their shoes are a dime a dozen. They exist everywhere. What's important is knowing yourself, and what you can do. Being honest with your abilities but never satisfied with your skill is the true sign of a ninja. It is those that will rule the world for they know how to control information. These people are the keymakers. How much power can you grasp through a simplified WPM typing rate. Learn your craft, develop your skills. Be.

I acquired a 2wire Modem today at work for spitting out the gay ass POSE survey on demand. Shit is lame, but free stuff is always a plus. Free anything is good. Free love. Free gear. Free food. Free beer! and Free computer equipment to fuck with. Anyway, its a 1000S 2Wire DSL modem. It's a legacy model, but it still has some interesting features. I plan to attack the firewall like no other.

http://language-binding.net/pyplusplus/pyplusplus.html
Py++?!? What in gods name?