websitebaker module: Random pic with text

November 29, 2007 1 Comment

This module includes a function you can call to randomly pick an image from a directory. It is based on a module written by John Maats, and I just added the captioning. 

Here is a link to the zip.

<?php
/* Random image snippet
   Call this nsippet with:
   RandomImage ('/media');
   in your template */

function RandomImage($dir) {
        //read folder and get the picture names
        $folder=opendir(WB_PATH.$dir.'/.');
        while ($file = readdir($folder))
        $names[count($names)] = $file;
        closedir($folder);

        //remove any non-images from array
        $tempvar=0;
        for ($i=0;$names[$i];$i++){
                $ext=strtolower(substr($names[$i],-4));
                if ($ext==&quot;.jpg&quot;||$ext==&quot;.gif&quot;||$ext==&quot;.png&quot;){
			$names1[$tempvar]=$names[$i];$tempvar++;
		}
        }

        //random
        srand ((double) microtime() * 10000000);
        $rand_keys = array_rand ($names1, 2);

        //random image from array
        $image=$names1[$rand_keys[0]];

        //name of image for alt text
        $name=substr($image,0,-4);

        //print associated Text
        echo &quot;<p><b>$name</b></p>";

        //read in the file if it exists

        if(file_exists(WB_PATH.$dir . '/' . "$name" . ".txt"))
        {
                $myfile=file(WB_PATH.$dir . '/' . "$name" . ".txt");
                echo '<p>';

                foreach ($myfile as $val)
                {
                  echo "$val ";
                }
                echo '</p>';
        }

        //image dimensions
        $dimensions = GetImageSize(WB_URL.$dir.'/'.$image);
        echo '<img src="'.WB_URL.$dir.'/'.$image.'" alt="'.$name.' image" />';
}
?>

Filed under Misc Tagged with , ,

Really global environment variables for ssh

November 29, 2007 Leave a comment

<mopey> how do I export a variable in pvm?  I add it to my .bashrc or .profile but it ignores it.
<mopey> an environment variable
<mopey> Because I get this error:
<mopey> The value of the $PVM_ROOT environment
<mopey> variable on compute-0-1 is invalid (“”).
<mopey> Use the absolute path to the pvm3/ directory.
<mopey> but if I ssh into compute-0-1, echo $PVM_ROOT it is set correctly
<staynalive_> mopey: I don’t know much about PVM
<staynalive_> but I would check to see if it gets set for non-login sessions
<staynalive_> by doing (in one command) “ssh compute-0-1 printenv”
<staynalive_> Yeah, I just tested it and that’s the issue.
<mopey> good call, it’s not being set for some reason, although it’s “being set” in ~/.bashrc
<mopey> where would I set it, if not bashrc?
<staynalive_> Umm
<mopey> my .profile calls bashrc btw, although that shouldn’t really matter since that’s only on interactive logins, right?
<staynalive_> Yeah
<staynalive_> I think I actully changed a ssh flag to carry the environment variables through to the new machine in a ssh session.
<staynalive_> “PermitUserEnvironment yes”
<mopey> oh.  well that’s handy.
<staynalive_> That way if users set something up funky they can carry it to the nodes.
<staynalive_> But the manual warns of some possible security issues…
<mopey> if someone is on my frontend node, it’s only being used on the compute nodes, so it shouldn’t be that big of a deal.
<mopey> since they are basically thin
<mopey> aaah, ssh has env variables all of it’s own…
<mopey> I remember telling you that at one point.  I guess I’m losing my marbles

<mopey> has anyone ever gotten sshrc to succesfully set ssh environment variables?
<mopey> it *should* be straightforward
<mopey> the sshd man page says:  8.  If $HOME/.ssh/rc exists, runs it; else if /etc/ssh/sshrc exists, runs it; otherwise runs xauth.  The “rc” files are
<mopey>  given the X11 authentication protocol and cookie in standard input.
<mopey> is this not run (when I do ‘ssh compute-0-0 env’) because it is too late in the process?
<mopey> because my $HOME/.ssh/environment _is_ run, and I can set them that way.  Except that I want to do it for all users and that seems to be a lame solution.
<mopey> It seems like the command should be executed *after* the rc files are read (it’s step 9)
<mopey> So I wonder why the hell it’s being ignored…
<mopey> staynalive, you said you use “PermitUserEnvironment yes”.  So do you just set a $HOME/.ssh/environment for each user?

<mopey> haha
<mopey> for those who care, pam overrides my ssh variables for the most part
<mopey> so you can define variables in /etc/security/pam_env.conf
<mopey> god, that took forever to figure out why my /etc/environment variables weren’t getting set over ssh
* Vog-work has quit (“ChatZilla 0.9.79 [Firefox 2.0.0.10/2007111504]“)
<twinprism> thanks for sharing, mopey, I care…
<mopey> weird.
<mopey> :)
<_sera> I don’y
<_sera> sheesh… don’t
<mopey> Normally it probably doesn’t matter I’m sure.  Like if you get a bash shell and can actually execute profile/bashrc
<mopey> But if you have a crippled pvm shell or something, it’s way important
<mopey> plus I think pam_env is how PATHs and junk get set on login – at least on ubuntu
<mopey> *gdm/kdm/xdm login

Filed under Security Tools Tagged with , , ,

chkrootkit

November 26, 2007 Leave a comment

chkrootkit operates sort of like a virus scanners for windows in a way – in that it looks for infected files from signatures.

From the man page:

chkrootkit examines certain elements of the target system and determines whether they have been tampered with. Some tools which chkrootkit applies while analyzing binaries and log file  can be found  at  /usr/lib/chkrootkit.

I installed using apt-get.

By default, it logs to a file. I like to check my logs over email every morning, so I changed the cron job to reflect this. I added the MAILTO: root line, and the /usr/bin/chkrootkit at the end (the standard output is what gets mailed).  The following entry is /etc/cron.daily/chkrootkit.  So it gets logged and mailed.

#!/bin/sh -e

CHKROOTKIT=/usr/sbin/chkrootkit
CF=/etc/chkrootkit.conf
LOG_DIR=/var/cache/chkrootkit
MAILTO=root

if [ ! -x $CHKROOTKIT ]; then
exit 0
fi

if [ -f $CF ]; then
. $CF
fi

if [ "$RUN_DAILY" = "true" ]; then
  if [ "$DIFF_MODE" = "true" ]; then
    $CHKROOTKIT $RUN_DAILY_OPTS > $LOG_DIR/log.new 2>&1
    if [ ! -f $LOG_DIR/log.old ] \
      || ! diff -q $LOG_DIR/log.old $LOG_DIR/log.new > /dev/null 2>&1; then
      cat $LOG_DIR/log.new
    fi
    mv $LOG_DIR/log.new $LOG_DIR/log.old
  else
    $CHKROOTKIT $RUN_DAILY_OPTS
  fi
fi
/usr/sbin/chkrootkit

chkrootkit seems like it has quite a bit of promise.  I use chkrootkit with tripwire, selinux, iptables, fail2ban, and good service configuration for a functional system that is still fairly secure.

Filed under Security Tools Tagged with ,

Build a Bridge and Get Over it

November 6, 2007 Leave a comment

In my environment, the best kind of firewall is the bridge kind of firewall. Meaning: a transparent kind of firewall. Here’s how I generally set them up.

So, I don’t have control of the gateway routers. I have IP addresses all over the place in my little IP pool. For example I have one little server room with a 134.50.7.24 a 134.50.7.88 and a 134.50.7.244. What I want is a firewall complete with IDP to limit access to stuff in a centralized way. BTW, I also tend to have firewalls on every machine, I guess for the double layer of protection. Firewalls are sort of like condoms. Double layering doesn’t seem to help that much, but it couldn’t hurt. And either way, once you’re penetrated, you’re fucked.

To clarify, what I want is something completely invisible to the outside. As far as the outside is concerned, there is nothing there. In fact, this could be the case as far as the inside is concerned. However, you may want to give the bridge an IP address and let something through so you can ssh in to fix whatever problems.

So:

Network —– Bridge ——switch —Internal Network of various IPs

The cool thing about a bridge is you can stick it anywhere and it won’t change how any of your other hosts are hooked up.

For this task, I chose everyone’s favorite os, Linux. I also chose a minimalist version of Ubuntu since I heart ubuntu. This is actually a pretty trivial thing to set up.

# apt-get install bridge-utils

Then you want to create a new bridge device and add your ethx to it. Your ethx will obviously probably be eth0, eth1, eth2 or whatever network devices you want on the bridge.

# brctl addbr br0
# brctl addif br0 eth0
# brctl addif br0 eth1
# ip link set br0 up

Now guess what. You’ve now turned your $300 machine into a $10 hub.

Next if you want to give your bridge an ip address and a route:

# ip addr add x.x.x.x/x brd + dev br0
# route add default gw x.x.x.x dev br0

Where x is your ip and your subnet and gateway.

I find as I’m writing this I’m just repeating what else is out there. Go and read http://www.linuxjournal.com/article/8172 and it will show you the way.

Now that you’ve got your bridge working you can filter traffic using ebtables (on the hardware level) and iptables (on the ip level) and snort and whatever. There are tons of examples of this online, so I won’t bore you here. Awesome.

Put all this in rc.local or whatever boot up script so that your system remembers everything and you’re golden! To all those people who say “just use smoothwall and don’t worry about iptables” in your face! smoothwall/ipcop/monowall are all pretty cool, but being a transparent bridge isn’t one of the things they are capable of out of the box. They are mostly meant to be gateways or whatever.

Filed under Pentest Tagged with , , , ,

mycontroller – DMA

November 1, 2007 Leave a comment

This is part of a project to build a complete, functional, extremely basic microcontroller. It is built using multimedia logic.

This section is a simulated very simplified DMA.

Example Run

The test of writing back and forth bytes seems to work.

Also, the example from the lab specification seems to work. Namely:

Download:

  • Select head 1, track 2, sector 3, block 4 on the disk.
  • Select address AB on the RAM.
  • Select 6 bytes to transfer.
  • Select download.
  • Disable the master clear.
  • Hit the transfer button. The yellow download LED should illuminate.
  • Hit the clock at least 7 times. Your transfer should stop after the 6th cycle, illuminate the green completion LED, and deactivate the yellow download LED.
  • You should see 6 different bytes transfer from disk blocks 4 through 9 from head 1, track 2, sector 3 to RAM addresses AB through B0, respectively. The particular bytes depend on how you organized the address space on your “disk.”

Upload:

  • Select head 2, track 3, sector 4, block 5 on the disk.
  • Select address AC on the RAM.
  • Select 2 bytes to transfer.
  • Select upload.
  • Hit the transfer button. The yellow upload LED should illuminate.
  • Hit the clock at least 3 times. Your transfer should stop after the 2nd cycle, illuminate the green completion LED, and deactivate the yellow upload LED.
  • You should see 2 bytes transfer from RAM addresses AC and AD to disk blocks 5 and 6 on head 2, track 3, sector 4.
  • These should be the second and third bytes you saw in the download example.

Known Issues

You can’t have reads/writes across different tracks or heads, which will produce (perhaps to the user) unexpected results, overwriting the same sectors rather than proceeding to the next track. In short, reading/writing across tracks requires multiple reads/writes.

I made a conscious decision to not worry about the clock wrapping around at this point. If the clock does wrap around, it may screw stuff up.

Screen Shots

Here is a link to the source.

Filed under Reverse Engineering Tagged with , ,

Follow

Get every new post delivered to your Inbox.