innismir.net » Software

Brand spanking new DNS cache scraping tool

Ben Jackson — Tue, 13 Apr 2010 18:57:02 +0000

I mentioned in a previous post that the ZeuS scraper was more or less going to be kept in it’s then-current form while I work on a new and improved version, and I’m happy to say that it’s just been released with an expanded array of hosts to check as well.

Share and Enjoy!

Arduino Project #1: Trivial Morse Beacon

Ben Jackson — Wed, 30 Dec 2009 03:45:12 +0000

Santa was very nice and I got a nice Arduino for Christmas. I’ve been meaning to snag one of these for a while but I kept putting it off. After reading the great documentation they have, I quickly started making LEDs blink and such.

After messing about with the examples for a while, I decided to see if I could whip something up from scratch. I had bookmarked Mark, K6HX’s entry about an Arduino based Morse Code Beacon and decided to take a crack at it. My code is a bit of a kludge, but it does work:

Now, to get this hooked up into a radio to make sure it can do more then blink an LED…

UPDATE: Uhhh… Yeah, so I guess Mark updated his beacon and did some pretty impressive stuff, making my implementation look like a Pinto while his is a Corvette. Oh well. It was a learning experience.

Another SOURCE Boston in the books

Ben Jackson — Tue, 17 Mar 2009 03:38:13 +0000

SOURCE Boston 2009 wrapped up last Friday. Once again, the SOURCE Advisory board did a bang-up job picking talks: Normally, during a conference there are “collisions” in which there are two talks I want to see that run concurrently. SOURCE had this, but it seemed that it happened almost every single talk. I was desperately switching my attention between the talk I was currently at and my twitter stream watching people live-tweet the other tracks. I constantly felt I was missing something great. SOURCE also improved the one complaint I had about SOURCE Boston 2009, lack of the ability to get to the venue via the MBTA. This year’s venue, the Seaport Hotel was easily accessible from the Silver line and the new digs were great.

My talk went as well as I could have hoped. Despite some minor issues with regards to what I could and couldn’t talk about and thus the presentation being much shorter then I wanted it to be, I felt I fielded all the questions cleanly and ones that I could not answer I made sure I got business cards so that I could follow up. For those of you interested in downloading my slide deck it is available here:

Massachusetts Data Breach Laws, Regulations, and Responsibilities (PPT, 828K)
Massachusetts Data Breach Laws, Regulations, and Responsibilities (PDF, 286K)

Some highlights of the conference:

David Mortman‘s delicious bread, which he handed out if you asked questions during his talk. I got a slice because I was able to answer a question.
Marcus Ranum‘s keynote. Despite being a presentation of “The industry is beyond repair, and here’s why…” gloom and doom, I was able to at least grab some good points out of it that will enable me to fight the good fight. He also made a great metaphor: “3D dancing pigs” meaning something which management wants and will try to implement despite any warnings.
James Atkinson‘s counter-surveillance talk. Last year he did telephones and this year he did automobiles. Crazy stuff.
L0phtCrack 6 information session. I can’t wait.

And these are just the ones I can remember off the top of my head.

SOURCE is a great conference and if I had the time and money, I’d seriously consider going to SOURCE Barcelona in September. If you have the chance in 2010, I would highly recommend attending.

Setting Up a Windows XP as a guest OS in VMware ESX server

Ben Jackson — Tue, 20 May 2008 20:25:55 +0000

One of my duties at my job is to the maintain the lab environment that we have to do our super 31337 skunk works projects in. As we all are quite lazy and don’t have room for gobs of hardware, we make good use of virtualized machines to do our projects. One of the annoying issues that keeps popping its head up every time we need to install a fresh desktop install is that Windows XP does not like to run within VMware ESX server. It’s frustrating and there is no real tutorial online with a definitive set of answers, just a bunch of forum posts with tidbits of info that if you arrange correctly, you can piece together what to do.

So, without further ado, here is how to make Windows XP install onto a VMware stock VM machine:

Download the VMware SCSI Disk image from VMware Drivers & Tools download page. Save the image somewhere where you can locate it easier.
Follow the normal procedure for creating a VMware machine for Windows XP.
Select the machine in the Virtual Infrastructure client and select “Edit Settings”
On the settings screen, select the SCSI controller, then in the upper right click “Change Type…”
On the “Change SCSI Controller Type” screen, “LSI Logic” should be selected. Change that to “BusLogic”. Click OK.
Click OK on the settings screen.
Open the console of the Virtual Machine and Power it On.
During the VMware POST, press Escape to access the Boot Menu.
Click the “Virtual Floppy 0″ button and select “Connect to Floppy Image…”
Select the floppy image that you downloaded from VMware in step 1.
Click the “Virtual CDROM” button and connect it to your install media
On the console select “CD-ROM Drive” and press Enter to boot from the CD-ROM
Immediately when the Windows installer boots, you will see the bottom of the screen “Press F6 if you need to install a third party SCSI or RAID driver.” Press F6. Windows will continue loading the installer.
Windows will eventually prompt you to load additional devices. Press “S”
There will be only one option: “VMware SCSI controller” Press Enter.
That will take you back to the previous screen. You are done. Press Enter.

Windows will continue loading and now pick up the hard drive that you specified during the Virtual Machine creation process. You’re all set.

Adding Geolocation Support to Prelude IDS’s Prewikka

Ben Jackson — Thu, 01 May 2008 21:13:34 +0000

I am a big fan of Prelude IDS to correlate reports from my honeypot/nepenthes/snort setup at my house. One of the things that was quite repetitive was finding the locations of IPs. So, I sat down and coded up a patch that grafted GeoIP onto Prelude’s Prewikka web interface. After a bit of effort figuring out Python and the template engine, I ended up with this:

Of course, my patch doesn’t blur out the names like the screenshot, but it does add the spiffy little flags to show you what countries are attacking you.

You will need:

A working GeoIP installation
The GeoIP Python module
A set of flag icons in PNG format. I recommend FamFamFam’s icons
My patch
Prewikka 0.9.14 source tree.

The GeoIP libraries are available from the link above. Installing them is pretty straightforward. Once that is done, untar the Prewikka tarball and apply the patch for Prewikka in the source directory. Then install as normal.

Unzip the flags archive somewhere on your system. Move the contents “png” directory to your web root under the folder “/images/flags”. You may need to make an adjustment to your Apache installation if Prewikka is running in the root web directory like I had to. I made an alias in my Apache configuration pointing /images/ back over to /var/www/images.

Alias /images/ /var/www/images/

With any luck, it should work. As always, your mileage may vary.

Share and enjoy!