Linux « WebstersProdigy

Auto Restore Virtualbox

March 18, 2009 1 Comment

For the security class I’m teaching we recently had a box to pwn. Problem is, they would sometimes get the address wrong and crash the virtual system. I probably would have just distributed the vdi, but not all of them have machines robust enough to run a vm, so I had to set something up.
First off, I gave the virtual vulnerable box a public IP by bridging.

/etc/network/interfaces

auto eth0
iface eth0 inet manual

auto br0
iface br0 inet static
    address 134.50.1.2
    netmask 255.255.0.0
    gateway 134.50.1.254
    bridge_ports eth0 vbox0 vbox1

# The loopback network interface
auto lo
iface lo inet loopback

/etc/vbox/interfaces

vbox0 lundeen br0
vbox1 lundeen br0

Awesome, now firewall rules work. In the vulnbox, I give myself an ip address. On the host, I set up very strict firewall rules using iptables.

Another big issue is auto-restore. Since the class often gets an address wrong, the vulnbox often crashes.

The following will shut the box down, revert to a snapshot, and turn it back on.

/usr/bin/VBoxManage controlvm vulnxp poweroff;
sleep 5;
/usr/bin/VBoxManage snapshot vulnxp discardcurrent -state
sleep 10;
/usr/bin/VBoxManage startvm vulnxp</pre>

Anyway, I put this in crontab to do every 20 minutes.

0,20,40 * * * * /path/to/virtualscript

Filed under GrayHat, Linux, windoze Tagged with bash, sysadmin, virtualbox

Count number of lines in a file

February 26, 2009 Leave a comment

find . -type f -exec cat {} ; | wc -l

and if you don’t want repeats

find . -type f -exec cat {} ; | egrep \S | wc -l

I even thought about cat, but I ended up doing something like:

total=0
for i in $( find -H . -type f ); do
  temp=$( wc -l "$i" | cut -f 1 -d  )
  if [ $temp &gt; 0 ]; then
    total=$(($total+$temp))
  fi
  echo $total
done
echo $total

Filed under Linux, Programming Tagged with bash

mounting partitions from a disk image

February 3, 2009 Leave a comment

My laptop drive recently died on me. Of course, this is the one machine that I don’t have good backups on. After various passes of dd_rescue (forward and backward) I had a pretty good disk image. Now I wanted to mount a partition. Problem is, I had an image.

The first step is to identify where the partitions are.

# fdisk -l /mnt/backup/brian/brian.iso 

Disk /mnt/backup/brian/brian.iso: 250 GB, 250056737280 bytes
255 heads, 63 sectors/track, 30401 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

                      Device Boot      Start         End      Blocks   Id  System 
/mnt/backup/brian/brian.iso1               1           6       48163   de  Dell Utility
/mnt/backup/brian/brian.iso2   *           7       30009   240991065    7  HPFS/NTFS
/mnt/backup/brian/brian.iso3           30010       30401     3140707    f  Extended LBA

Notice the cylinder size (512) and where the partitions are.

TODO: fix this. The -u option should be used so fdisk specifies cylinders. then it can be mounted with loop and offset.

Filed under Bits and Bytes, Linux Tagged with filesystem, forensics

madwifi == awesome

November 12, 2008 1 Comment

You know, with how much people tout the prism2 chipset, atheros sometimes gets looked over.

http://madwifi-project.org/wiki/About/MadWifi?redirectedfrom=MadWifi

https://www.ath9k.org/wiki/UserDocs/MonitorModeInterface

blam.

I mean, it’s got interfaces to act as vaps, to go in rfmon mode… pretty cool. I haven’t figured out how to reach the full potential of my prism2.5 card yet though, so I guess I’ll need more experimenting with both

Filed under Linux, Network Tagged with wireless

convert flash to mp3

November 6, 2008 Leave a comment

Using ffmpeg, anything’s possible

Just install ffmpeg, lame, and then you can do something like

ffmpeg -i flashvid.flv -ar 44100 -ab 160 -ac 2 outfile.mp3

Filed under Linux Tagged with ffmpeg

HTTP over SSH

November 1, 2008 Leave a comment

It’s easier than you might think.

socks is actually built into openSSH, so its really a trivial matter to setup a local proxy.

$ ssh -D 12345 myuser@remote_ssh_server

will open up the port 12345 on localhost as a socks proxy and all your traffic can be specified to go through the tunnel and out of remote_ssh_server

For firefox 3, go to Edit->Prefrences->Advanced->Network->Settings

and set it to use a Manual Proxy, localhost, port 12345 socksv5

Filed under Linux, Network Tagged with firefox, ssh

← Older posts

Newer posts →

Twit

zombie apocalypse starts in Florida maps.google.com/maps/ms?msid=2… 10 hours ago
[blog] I always learn a ton at good CTFs, even on the "easy" problems. Here's a format string tutorial: webstersprodigy.net/2012/05/25/ppp… 1 week ago
nmap 6: nmap.org/6/ 1 week ago
RT @NealPoole: Better late than never: writeup on vulnerable Flash applets (swfupload, Plupload) that were fixed in Wordpress 3.3.2 (htt ... 2 weeks ago
RT @JasonSecurity: Capture the Flag and Wargame CTF competitions, kiddie to hacker to organizing events bit.ly/J5g2lL #CTF 2 weeks ago
RT @egyp7: New #metasploit blog post about running executables from memory with meterpreter: r-7.co/LFvOV9 3 weeks ago
Awesome. Looks like mimikatz meterpreter module coming soon: room362.com/blog/2012/4/26… 1 month ago

WebstersProdigy

Auto Restore Virtualbox

Count number of lines in a file

mounting partitions from a disk image

madwifi == awesome

convert flash to mp3

HTTP over SSH

Categories

Stuff

Tags

Twit

Archives

Follow “WebstersProdigy”