Sunday, December 26, 2010


Skype - Ubuntu - Acer Netbook

Everything works, except for builtin microphone.

install pavucontrol (Pulse Audio Control)

Silence right input channel. Test. Internal mic should now work.

Skype your friends.

Sunday, December 19, 2010

PACS Hackathon - aka 'Grinching the Box'

It's been in the planning stages for a while now. Actually started as something to do for Hive76's hackathon, but that never materialized. Well, the hackathon materialized, but this part of the hackathon never materialized.

Penetration testing is cool. It just is. It is also a decent back-handed way to introduce people to the Linux command line and not have them come in with the preconceived notion that it is difficult and not for them. Didn't realize that part until right now.

Nothing fancy, nothing too hard. Concepts, tools, and thinking.

The setup was fairly simple. De-ice-1.100 live cd in a vmware machine connected to a wireless router, SSID sploit_me.

Audience participawnage was the key. Seeing is ok; doing is so much better.

The highlight for me, was when PhD Russ squealed aloud when a password was cracked. That's what it's all about! (I recently had the same outburst over a blinking led and a msp-430)

Ken, the security special interest group leader at PACS, wrote up a recap:
Thanks to all who attended the hands on HACKFEST workshop this
month. The turnout and participation was fantastic!

Jim from the Linux SIG led us all through the process of thinking
our way through a simulated penetration test of a hypothetical corporation's
web server. Starting with establishing a connection to the sploit_me
wireless network, we then reconnoitered the factious company's website for
clues that we could use to gain access to privileged information on their
servers. Using Nmap, we scanned their network for possible entry points in
the form of running services with possible well known weaknesses. We also
did a parallel scan using netcat.

After determining that an SSL port was open and secure shell was
running, we proceeded to brute force the user ids and passwords using medusa
and hydra -- two password probing tools. A brief discussion of password
security and research about the potential targets ensued during the
execution of the brute forcing tools.

The brute force attack resulted in compromising one account which go
us on to the system so that we could see what other accounts were present
and with what privileges they ran (/etc/passwd on linux/Unix, SAMS on
windows). Using these other accounts we brute forced another password using
medusa and hydra, at which point we were able to gain administrator (root)
level access to the system so that we could download the encrypted passwords

Running that password file through the john the ripper password
cracking tool (alternatively Googling the hash value) allowed us to finally
gain full root access where upon we ran out of time.

We received much positive feedback on the event and we plan on doing
another one in the future.

Ken Fox
SEC SIG moderator.
I hope everyone had as much fun as I did.

Saturday, December 11, 2010

LTSP Server Revisited

Ever since Kevin Valentine demonstrated his 'rolling' LTSP setup at PACS I have been interested in this setup. It amazes me that organizations don't utilize this technology to develop labs and classrooms that are low-cost and energy efficient.

Thanks to eric (d_m) from Hive76, I acquired a Dell PowerEdge 1400sc Server, running dual p3 1000 MHz processors with 512 MB of ram.

Not an ideal box for a rolling LTSP setup as the damn thing weighs a ton, but a nice box. So here's the setup:

Description: Debian GNU/Linux 5.0.7 (lenny)
Linux version 2.6.26-2-686 (Debian 2.6.26-26lenny1)

Then I ordered and add max ram - 4 512 sticks (1 bad), so currently:

total used free shared buffers cached
Mem: 1816360 1748252 68108 0 117004 1277088
-/+ buffers/cache: 354160 1462200

Using so much, because LTSP setup and running and writing this blog post.

I could probably run 4 more clients successfully max. More testing/stressing to come.

Debian LTSP installation guide.

That will get you installed.

Package: ltsp-server-standalone
State: installed
Automatically installed: no
Version: 5.1.10-2

Some LTSP notes: users and apps installed to server, not to chroot. This seemed counterintuitive to me; more reading required.

Window manager to server, ldm setup in chroot.

eth0: LTSP

I tried to do eth0 for the network, and eth1 for LTSP. Too much drama. Conform.

On the server I installed Mutillidae and WebGoat.

Bonus Find: By doing the Mutillidae/WebGoat install and utilizing the LTSP server I have a contained web application LTSP setup.

To do: Add pentest iso's to vbox on server and have an LTSP hack lab.
Build hydra to work on Debian.
Find 5 laptops to use as thin clients for demos.

Saturday, October 9, 2010

UPDATE - Captivate USB tether

Ok, so the whole issue must have been the user and adding that user to the dip and dialout groups.

Once that was done, the network-manager-gnome setup worked flawlessly.


Captivate USB tether

Thank you AT&T. After the 'update' to 2.1-update1 the usb tethering no longer worked automagically. In fact, the whole option disappeared.

I kind of liked the option of tethering, even though I have an Aircard 860 wireless laptop connect card. When FIOS went down after a lightning strike, the tethering really came in handy. Also, my netbook doesn't support pcmcia, so the card is useless for that box.

The odd thing is, when I plug it in, with usb debugging ON, network-manager-gnome starts, and tries to setup up a new wireless broadband connection. The connection finds the phone, sets it up for At&t, but doesn't connect.

So, plan B:

1) Add your user to the dip group (sudo adduser user dip)*user is your user name*

2) Add your user to the dialout group (sudo adduser user dialout) *user is your user name*

3) Make this /etc/wvdial.conf file:
[Dialer Defaults]
Phone = captivate
Init2 = AT S7=45 S0=0 L1 V1 X4 &c1 E1 Q0
Modem Type = USB Modem
Init1 = ATZ
Modem = /dev/ttyACM0
Baud = 460800
ISDN = 0
Stupid Mode = 1
New PPPD = yes
Phone = *99#
Password = test
Username = test
Now all you need to do is:

4) wvdial
5) sudo ifconfig ppp0 up

You are now tethered.