Tuesday, January 29, 2013

Fink Installation Tip for OSX

I recently had to reformat my Macbook Air due to a sleepimage issue when connecting to a power source.  I am running OSX 10.8, so to install Fink 0.34.5 I had to install from source.  There is a missing step that many OSX 10.8 users may not be aware of, Fink needs the Java SDK installed prior to running the bootstrap command.  If your Mac is connected to a Internet connection, an easy way to install the Java SDK is by running javac from terminal.

Once you run this command, you will be prompted with a GUI message asking if you would like to download and install the Java SDK from Apple servers.

Voila!  Now kick off the bootstrap command and you are ready to start compiling Fink.  Further directions on how to install Fink with OSX 10.4 and later can be found here.  I found this tip by heading over to http://www.mail-archive.com/fink-beginners@lists.sourceforge.net/msg26480.html.

Wednesday, January 23, 2013

Python Fundamentals (Forking)

Forking is cloning a process (child of a process).

"The system function called fork() creates a copy of the process, which has called it. This copy runs as a child process of the calling process. The child process gets the data and the code of the parent process. The child process receives a process number (PID, Process IDentifier) of its own from the operating system. The child process runs as an independant instance, i.e. independent of the parent process. With the return value of fork() we can decide in which process we are: 0 means that we are in the child process while a positive return value means, that we are in the parent process. A negative return value means that an error occurred while trying to fork." (reference: http://www.python-course.eu/forking.php)

import os

def child():
   print 'A new child ',  os.getpid( )
   os._exit(0) # is used for child processes instead of os.exit(0)

def parent():
   while True:
      newpid = os.fork()
      if newpid == 0:
         child()
      else:
         pids = (os.getpid(), newpid)
         print "parent: %d, child: %d" % pids
      if raw_input( ) == 'q': break # will create new child process until 'q + <return>' is inputted.

parent()

Tuesday, January 22, 2013

CIDR Subnet Mask Cheatsheet

This is a direct copy from http://www.oav.net/mirrors/cidr.html.  I just want to make sure the information does not go down, so I am re-posting for reference.  Enjoy!


Netmask              Netmask (binary)                 CIDR     Notes    
_____________________________________________________________________________
255.255.255.255  11111111.11111111.11111111.11111111  /32  Host (single addr)
255.255.255.254  11111111.11111111.11111111.11111110  /31  Unuseable
255.255.255.252  11111111.11111111.11111111.11111100  /30    2  useable
255.255.255.248  11111111.11111111.11111111.11111000  /29    6  useable
255.255.255.240  11111111.11111111.11111111.11110000  /28   14  useable
255.255.255.224  11111111.11111111.11111111.11100000  /27   30  useable
255.255.255.192  11111111.11111111.11111111.11000000  /26   62  useable
255.255.255.128  11111111.11111111.11111111.10000000  /25  126  useable
255.255.255.0    11111111.11111111.11111111.00000000  /24 "Class C" 254 useable

255.255.254.0    11111111.11111111.11111110.00000000  /23    2  Class C's
255.255.252.0    11111111.11111111.11111100.00000000  /22    4  Class C's
255.255.248.0    11111111.11111111.11111000.00000000  /21    8  Class C's
255.255.240.0    11111111.11111111.11110000.00000000  /20   16  Class C's
255.255.224.0    11111111.11111111.11100000.00000000  /19   32  Class C's
255.255.192.0    11111111.11111111.11000000.00000000  /18   64  Class C's
255.255.128.0    11111111.11111111.10000000.00000000  /17  128  Class C's
255.255.0.0      11111111.11111111.00000000.00000000  /16  "Class B"
     
255.254.0.0      11111111.11111110.00000000.00000000  /15    2  Class B's
255.252.0.0      11111111.11111100.00000000.00000000  /14    4  Class B's
255.248.0.0      11111111.11111000.00000000.00000000  /13    8  Class B's
255.240.0.0      11111111.11110000.00000000.00000000  /12   16  Class B's
255.224.0.0      11111111.11100000.00000000.00000000  /11   32  Class B's
255.192.0.0      11111111.11000000.00000000.00000000  /10   64  Class B's
255.128.0.0      11111111.10000000.00000000.00000000  /9   128  Class B's
255.0.0.0        11111111.00000000.00000000.00000000  /8   "Class A"
  
254.0.0.0        11111110.00000000.00000000.00000000  /7
252.0.0.0        11111100.00000000.00000000.00000000  /6
248.0.0.0        11111000.00000000.00000000.00000000  /5
240.0.0.0        11110000.00000000.00000000.00000000  /4
224.0.0.0        11100000.00000000.00000000.00000000  /3
192.0.0.0        11000000.00000000.00000000.00000000  /2
128.0.0.0        10000000.00000000.00000000.00000000  /1
0.0.0.0          00000000.00000000.00000000.00000000  /0   IP space

Tuesday, January 15, 2013

Python Fundamentals (Functions, Classes, Objects, and Exceptions)

Functions allow sections of code to be grouped better as per functionality:

#!/usr/bin/env python

import sys

def print(printLines):

        for count in range(0,10) :
                print printLines

print(sys.argv[1])

Class example:

#!/usr/bin/env python

class Calculator:

        #constructor of the class
        def __init__(self, ina, inb):
            self.a = ina
            self.b = inb

        # define routine
        def add(self):
            return self.a + self.b

        def mul(self):
            return self.a*self.b

# Example of Class Inheritence
class Scientific(Calculator) :

        def power(self):
        # Power and logarithmic functions
            return pow(self.a, self.b)
        def quickAdd(a,b):
            return a+b

# Calling the classes to print to screen
newCalculation = Calculator(10, 20)

print 'a+b: %d'%newCalculation.add()
print 'a*b: %d'%newCalculation.mul()

newPower = Scientific(2,3)

print 'a+b: %d'%newPower.add()
print 'a*b: %d'%newPower.mul()
print 'a pow b: %d' %newPower.power()

Exception Handling by using the "ZeroDivisionError" object:


>>> try :
...     a = 0/0
... except Exception as im:
...     print im
...
integer division or modulo by zero

To see the help page for the "im" object, type:
>>> help(im)

Wednesday, January 9, 2013

Python Fundamentals (Conditional Statements)

I am pretty familiar with writing conditional statements, so this section will be a bit brief.  I just wanted to supply some examples for later reference.

If statement example:

#!/usr/bin/python

name = raw_input("What is your Name? ")
print "Your name is " + name

if name == "chris":
        print "You are chris"
        print "The computer admin"
elif name == "john":
        print "You are John"
        print "A regular user"
else :
        print "Unknown user"

While loop statement example:
#!/usr/bin/python

age = 0
while age < 5:
        print age, " is less than 5"
        age = age + 1
else :
        print age, " is equal to 5"

For loop statement example:
#!/usr/bin/python

for num in range(10,20):
        for i in range(2,num):
                if num%i == 0:
                        j=num/i
                        print '%d equals %d * %d' % (num,i,j)
                        break
        else:
                print num, 'is a prime number'


Use range in Python:
range(lower, upper, step) creates a list
range(n) - [0, ......, n-1]


>>> range(11)
[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
>>>
>>> range(1,11)
[1, 2, 3, 4, 5, 6, 7, 8, 9,10]
>>>
>>> range(1,11,2)
[1, 3, 5, 7, 9]
>>>
>>> for item in range(1,11,2) :
...     print item
...
1
3
5
7
9
>>>

How to setup a Raspberry Pi with a hidden network using a Edimax EW-7811Un

If you are looking for a wireless adapter for the Raspberry Pi, the Edimax EW-7811Un is reasonably priced at $12.99 ($9.99 w/ Amazon Prime) and is supported with Raspbian "wheezy" 3.2.27+ kernel.  There were driver issues with earlier versions of Raspbian, but luckily you won't have to worry about installing drivers with any Raspbian image dated 2012-12-06 or older.

After you install Raspbian to a SD card (OSX command: sudo dd if=~/2012-12-16-wheezy-raspbian.img of=/dev/disk1 bs=1m), boot up the Raspberry Pi and perform the following:
  1. Launch a repository update
    $ sudo apt-get update
  2. Run a system upgrade
    $ sudo apt-get upgrade
  3. Make sure that the latest Raspberry Pi firmware version is installed
    $ sudo apt-get install raspberrypi-bootloader
  4. Install the wpa_supplicant utility
    $ apt-get install wpasupplicant
WLAN setup and configuration for a hidden SSID wifi network
  1. Generate a PSK version of your WLAN password with wpa_passphrase utility
    $ wpa_passphrase "<Your Wifi SSID>" "<Your Wifi PASSWORD>"
    (Quotes are needed for whitespace)
  2. Edit /etc/network/interfaces and add the following:######################################
    auto lo

    iface lo inet loopback
    iface eth0 inet dhcp

    auto wlan0
    allow-hotplug wlan0
    iface wlan0 inet dhcp
       wpa-scan-ssid 1
       wpa-ap-scan 1
       wpa-key-mgmt WPA-PSK
       wpa-proto RSN WPA
       wpa-pairwise CCMP TKIP
       wpa-group CCMP TKIP
       wpa-ssid "<Your Wifi SSID>"
       wpa-psk <Your PSK Value>

    iface default inet dhcp
    ######################################
  3. Save the changes and shutdown the Raspberry Pi.
  4. Unplug the ethernet cable and plug in the Edimax EW-7811Un wifi dongle.
  5. Power on the Raspberry PI and wait for the wireless to get a IP.
My router statically maps a IP to the network interfaces MAC address, that is why I chose to allow Linux to run DHCP.  If there are any issues, some helpful commands to detect hardware are the following:


Monday, January 7, 2013

Python Fundamentals (Sets & Dictionaries)

Here are notes in regards to how Python handles sets and dictionaries as well as how to get built in functions to work utilizing the help section.

List Operations
  • Concatenate -- [1,2] + [3,4] = [1,2,3,4]
  • Append -- list.append()
  • Extend -- list.extend([])
  • Reverse -- list.reverse()
  • Pop -- list.pop()
  • Insert -- list.insert(index, item)
  • Delete -- del list[index]

Sets: unordered collection of unique objects

List to set:
>>> setA = set([1,2,3,3,2])
>>>
>>> setA
set([1, 2, 3])
>>>
>>> setB = set([3,4,5])
>>>
>>> setB
set([3, 4, 5])
>>>

Set operations: Union
>>> setA|setB
set([1, 2, 3, 4, 5])
>>>

Set operations: Intersection
>>> setA&setB
set([3])

Set operations: Difference
>>> setA-setB
set([1, 2])
>>>
>>> setB-setA
set([4, 5])

Dictionaries: unordered key-value pairs which values can change.  Keys are unique and immutable objects.

  • dict = {} (empty dictionary)
  • dict['name'] = 'bob'
  • dict(name='bob', age='33')
  • dict = { 'name' : 'bob', 'age' : 33 }

How to test for alias keys in dictionary.
>>> myInfo
{'hobby': 'hacking', 'age': 33, 'name': 'bob'}
>>> myInfo.has_key('hobby')
True
>>>
>>> myInfo.has_key('hobbies')
False
>>>
>>> 'name' in myInfo
True
>>>

Get a list of keys:
>>> myInfo.keys()
['hobby', 'age', 'name']
>>>

Get a list of values:
>>> myInfo.values()
['hacking', 33, 'chris']
>>>

Get a tuple of items:
>>> myInfo.items()
[('hobby', 'hacking'), ('age', 33), ('name', 'chris')]
>>>

Get a particular item:
>>> myInfo.get('age')
33

How to get built in functions for a particular object.
>>> dir(myInfo)
['__class__', '__cmp__', '__contains__', '__delattr__', '__delitem__', '__doc__', '__eq__', '__format__', '__ge__', '__getattribute__', '__getitem__', '__gt__', '__hash__', '__init__', '__iter__', '__le__', '__len__', '__lt__', '__ne__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__setitem__', '__sizeof__', '__str__', '__subclasshook__', 'clear', 'copy', 'fromkeys', 'get', 'has_key', 'items', 'iteritems', 'iterkeys', 'itervalues', 'keys', 'pop', 'popitem', 'setdefault', 'update', 'values']

Getting help on methods.
>>> help(myInfo.__delattr__)

IT Auditing and Compliance

Recently I have been asked what free resources I use to perform IT audits and infrastructure evaluations.  Here is a list I use on a regular basis to make sure companies are properly configuring their infrastructure and desktops.  If you are in the security world, these links will be nothing new.

Python Fundamentals (variables and data types)

These are my ongoing notes as I start developing penetration tools with Python.  The blog series will encompass basic Python syntax to actual examples of developed code.

Pythons variables (names) are references to objects not strings; similar to pointers.  To learn more about Python objects, please click here.

An example of setting a variable to reference memory locations:
>>> name = "bob"
>>>
>>> id(name)
140195719219888
>>>
>>> hex(id(name))
'0x7f81dc0b0ab0'
>>>
>>> name.__repr__
<method-wrapper '__repr__' of str object at 0x7f81dc0b0ab0>
>>>


Python strings are a sequence of characters or some kind of variable.  Examples:

  • name = "bob"
  • name = 'bob'
  • name = "bob's"
  • name = 'bob\nsmith' (adds a new line when printed)
  • name = r'chris\nmaenner' (Raw string)

Unicode Strings are used for Internationalization.  "Wide characters" are used to encode multiple languages and characters for a international purpose.

>>> name =u'chris'
>>> str(chris) "unicode to regular string conversion."
>>> str(name) "regular string to unicode conversion."
'chris'
>>> unicode(name)
u'chris'


String Operations: strings are immutable objects in Python; once you create a string you cannot change them anymore.  For example:

>>> name = "chris"
>>> name[0]
'c'
>>> name[0] = 'a'
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: 'str' object does not support item assignment
>>> 
>>> name
'chris'
>>> a = "bob"
>>> name = a
>>> name
'bob'
>>> a
'bob'
>>> a = "chris"
>>> a
'chris'
>>> name
'bob'
>>>


A quick method for causing a buffer overflow:
>>> buffer = "f00"*25
>>> buffer
'f00f00f00f00f00f00f00f00f00f00f00f00f00f00f00f00f00f00f00f00f00f00f00f00f00'
>>>


Python slice indices:
>>> name = "bob smith"
>>>
>>> name[2:7] (grabs the character in the 2nd position and everything up to the 7th position)
'b smi'
>>>

So to display how slices work from the example above, the 2nd position is "b" and all characters up until the 7th position which is "t" will be displayed in the Python interrupter.
+---+---+---+---+---+---+---+---+---+
| b | o | b |   | s | m | i | t | h |
+---+---+---+---+---+---+---+---+---+
    0   1   2   3   4   5   6   7   8

String Formatting:

>>> ip = "10.0.0.100"
>>> line = "crack this IP: %s" % ip
>>> line
'crack this IP: 10.0.0.100'
>>>
>>> line = "Crack this IP: %s and name %s" % (ip, "bunny")
>>> line
'Crack this IP: 10.0.0.100 and name bunny'