webstersprodigy.net

In my line of work, I come across SNMP default community strings quite a bit. I seem to always be searching for a reference on how to query various things – and also what I might change.

proxychains is a pretty amazing tool available at http://proxychains.sourceforge.net/. It is a versitile proxy tool. So folks like me, who would like the source IPs to be from a proxy, or multiple proxys. For me, the main uses are proxying gui port scan stuff like nessus and proxying tor.ychains.sourceforge.net/. It is a versitile proxy tool. So folks like me, who would like the source IPs to be from a proxy, or multiple proxys. For me, the main uses are proxying gui port scan stuff like nessus and proxying tor.

I had to change this script a lot, so take with a grain of salt. That said, we changed about 1000 LOCAL passwords in a couple hours – which would have really taken all day and been more boring.

This is a stupid script to scan a class b network. I only wanted a detailed scan of hosts that exist (which I generated with a ping scan). I also wanted this information separated by file.

Port Knocking and Single Packet Authorization (SPA) are relatively new (circa 2004 and later) techniques used to enable anonymous, temporary activation of remote network services that are otherwise blocked by means of a firewall. These techniques greatly enhance the so-called “zero-day” exploit resilience of systems which properly implement them, but they have weaknesses and more importantly share a weakness common to most common security augmentation system: human nature. This paper presents a framework for securely enabling remote services in a manner which focuses on the human factor, a concept often neglected in security research and the key reason that such systems rarely see widespread usage in the real-world. The primary focus is to make SPA easier for humans to interact with.

Wireless ad-hoc network protocols are a topic of much recent discussion and development. This has prompted many researchers to develop interesting and promising-sounding protocols that should be considered and examined. One such protocol, Authenticated Protocol for Wireless Ad Hoc Networks (APEC), was designed by Robert Hiromoto and Hope Forsmann[1]. APEC has been the subject of an increasing amount of scientific discussion and research around Universities, Laboratories, and professional conferences. In this paper, we examine APEC in depth and discuss many potential problems with the protocol that must be addressed if APEC is achieve widespread acceptance.

I am doing some research that involves a *lot* of google searches. Because this research involves a significant number of directed queries, it seems logical to hide this information as much as practical. If there is a web host who notices sequential names in a Google referer URL repeatedly, this might raise suspicion or alter behavior which could skew results. Similarly, it is desirable to hide IP information from both the web host (for similar reasons) and possibly even search engines.

The paper analyzed is focused on Wireless Sensor Networks, which are usually characterized by several factors. low power, connected in a wireless mesh of some type, Used for military applications, home appliances, environmental research, and various other types of applications.

so in my wireless security class the teacher-dude is really pushing for this time/frequency based authentication mechanism synchronous communication model in a wireless environment… brilliant! does anyone besides me think that’s idiotic? or is it just a good idea in disguise?

You know, with how much people tout the prism2 chipset, atheros sometimes gets looked over.

It’s easier than you might think. socks is actually built into openSSH, so its really a trivial matter to setup a local proxy.

The original paper By Laurent Eschenauer and Virgil Gligor is at citeseer.ist.psu.edu/eschenauer02keymanagement.html

So my girlfriend works for this bozo company. They allow her to telecomute, but get this. Their $AWESOME_COMPUTER_GUY has the genius idea of using a XAUTH authentication vpn (not secure by design) to rdp to their server, and from there to rdp again to her desktop. Genius!

how do you scrape a page that you have to login to get to? Well, one way is to save the cookies and use –post-data, though this may depend on how the session is saved.

“This is how I got host networking for VirtualBox and have it setup to use bridging on FedoraCore 6 host. This allows for two way traffic between the host and the guest. You will need bridge-utils and uml-utilities. The first step is to configure the host with a bridge and a tap device. With this only the bridge will get an IP address and not the ethX nor the tapX device.”

Easy? yes. Trivial? yes.  But it is something I always seem to forget.

smbclient -L //localhost
Password:
Domain=[MIDEARTH] OS=[Unix] Server=[Samba 3.0.26a]

Sharename Type Comment
——— —- [...]

For some people in my class this was easy, and others it was difficult. Some people have spent a good 40 hours on this, so I thought I’d post some code to help out. There isn’t much documentation on the crypto modules.

This is a program written in python that gets the weather from the command line.
The usage is like:

$ weather.py 83204
5-day Forcast for 83206
———————
Monday Tuesday Wednesday Thursday Friday
High: 74 68 47 [...]

An interesting cryptographic way to deal with syn floods is syn cookies. SYN floods are simply a bunch of syn packets from spoofed ip addresses, and are a fairly common dos attack. Some other ways to deal with these include increasing the syn queue size and decreasing the wait for reply time, but these don’t really solve the problem. SYN cookies are built into the Linux kernel by default (though usually not enabled by default). You can find and configure this feature in proc/sys.

From the networking class, cs487. I really enjoyed reading and listening to these. Posted with permission from the authors. Good job, everyone!