Category Archives: Programming

NASL, Perl, Python, PHP etc. programming I’ve been doing

Android Emulator

Posted on by

I’ve setup Eclipse and the Android SDK as I fancied tinkering with CM7 and maybe write an App or two.

Below is a screenshot of a 2.3.3 Gingerbread “AVD” running in the emulator, with my “Hello World!” icon:

Android Emulator

I tried to compile the Cyanogenmod 7 ROM and kernel for the emulator using these instructions on the wiki, however after downloading a few gigs worth of Git repo’s, and a few hours crunching away, it wouldn’t compile.

It seemed to get stuck near the end whilst creating symlinks to Busybox. I think it was stuck in recursive symlink hell – i.e. creating symlinks pointing to other symlinks that pointed to a non-existant file, probably meaning that busybox hadn’t compiled by that point.

Nessus ssh_cmd() fix?

Posted on by

I think I’ve found the main source of the PS1 problem with Nessus’ ssh_cmd(); it would seem it doesn’t like ksh, as it produces something like the following in the report output, which appears to be due to PS1 being set to “$ “:

Last login: Fri Dec 3 11:08:43 2010 from 192.168.1.2
$ $

If you change the login user’s shell to bash, the problem goes away (as long as PS1 ends with $, %, # or >), although I guess its possible that if the bash prompt was set to just “$ ” instead of the usual “-bash-3.00$ ” it would suffer the same problem as ksh.

Interestingly it seems to happen if you use su/sudo or not, I previously thought it was unique to su/sudo usage due to this section of code in the ssh_cmd() function from ssh_func.inc – note the prompt detection at line 2268:

2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281

 # su/sudo: shell prompt -> sends command
if ( strlen(tempbuf) > 5 ) last5 = substr(tempbuf, strlen(tempbuf) - 6, strlen(tempbuf) - 1 );
else last5 = tempbuf;
if (!isnull(su) && spass == 0 && ("$" >< last5 || "#" >< last5 || ">" >< last5 || "%" >< last5 )){
 for ( sub1 = 0 ; sub1 < strlen(cmd) ; sub1 += 1024 )
 { 
  if ( strlen(cmd) <= sub1 + 1023 )
    sub2 = strlen(cmd) - 1;
  else
    sub2 = sub1 + 1023;
  cmdd = substr(cmd, sub1, sub2);
  payload = raw_int32(i:remote_channel) + putstring(buffer:cmdd);
  send_ssh_packet(payload:payload, code:raw_int8(i:94));
 }
 spass = 1;
}

New F14 RPM’s

Posted on by

I’ve patched and built 64-Bit Fedora 14 RPM’s for John-the-Ripper (the password cracker) here and rain (the packet crafter) here.

The JtR package includes the recent patches for Generic Salted SHA-1 and Netscreen, as well as the usual Jumbo-7 patch.

Update: As the SHA1/Netscreen patches have been merged into the Jumbo-9 patch, I’ve updated the John 1.7.6-3 RPM’s to just apply Jumbo-9 to a vanilla 1.7.6

Update 2: I’ve just built Back In Time v1.0.4 for F13/14 by editing the Fedora 15 SRPM for 0.9.26 to remove an un-needed patch and update to the 1.0.4 tar.gz file.

I’m not going to use it myself yet as part of the v1.0 changes is to add the hostname to the path to the backup directories, which breaks compatibility with 0.9.x, so I’d not easily be able to use Ubuntu 9.10 or an earlier Fedora release (without making another RPM) with the backups created with this. Anyway, the download is here.

Compiling VirtualBox OSE (updated)

Posted on by

I’ve built a default install of Fedora 13 64-Bit in a virtual machine for the purpose of figuring out what are the dependencies and workarounds required to compile VirtualBox OSE from Subversion.

1. Install make, gcc etc; as root:

yum groupinstall "Development Tools" "Development Libraries"

2. Install 32-Bit build tools and some Qt4 libraries, Java etc; as root:

yum install dev86 iasl qt4-devel pulseaudio-libs-devel glibc-devel.i686 libgcc.i686 texlive-texmf-latex java-1.6.0-openjdk-devel zlib-static glibc-static libstdc++.i686 libvncserver-devel libxslt-devel libIDL-devel SDL-devel libXmu-devel libstdc++-static

3. Symlink the Fedora-packaged JVM to where Oracle expect it to be installed, as root:

cd /usr/lib/jvm/
ln -s java-1.6.0-openjdk.x86_64 java-6-openjdk

4. Install the bera-mono font into LaTeX, as root:

cd /usr/share/texmf/tex/latex/
mkdir bera
cd bera/
wget http://www.tug.org/texlive/devsrc/Master/texmf-dist/tex/latex/bera/beramono.sty
texhash

5. Download makeself, as a regular user:

cd /var/tmp/
wget http://megastep.org/makeself/makeself.run
sh makeself.run

6. Install and rename makeself.sh to makeself as Oracle are expecting, as root:

cd /var/tmp/makeself-2.1.5
mv makeself.sh makeself
cp makeself makeself-header.sh /usr/local/bin/

7. Compile VirtualBox, UserGuide.pdf, the kernel modules and the Guest Additions as a regular user:

cd ~/vbox/
svn update
./configure --disable-hardening
source env.sh
kmk all VBOX_WITH_VNC=1
cd out/linux.amd64/release/bin/src
make
cd ~/vbox/
kmk packing

Update: The same setup seems to work for Fedora 14 too.

Update 2: might as well remove the VBOX_WITH_VNC=1 and installation of libvncserver-devel as VNC support in OSE is going to be broken now the new VRDE API is committed.

Password protecting files using GnuPG

Posted on by

I found a useful way of using GnuPG today when someone couldn’t decrypt a passworded zip file I sent them (probably using p7zip/infozip instead of “proper” unzip).

You can use symmetric encryption with GnuPG, i.e. just a password rather than a keypair+passphrase, and you don’t have to exchange keys or sign things etc:

gpg --symmetric myfile.pdf

Then decrpyt with simply “gpg myfile.pdf”.

I also fixed my NASL’s scripts with a bit of sed, this example replaces all the 50000 script_id()’s with 950000 ones:

for nasl in *.nasl ; do sed 's/script_id(5/script_id(95/g' $nasl > $nasl.new ; done
for nasl in *.nasl ; do mv $nasl.new $nasl ; done

Then just re-sign them and re-install them into Nessus, as root:

/etc/init.d/nessusd stop
cd /opt/nessus/lib/nessus/plugins/
for files in /git/nessus/*.nasl ; do /opt/nessus/bin/nasl -S $files > `ls $files | awk -F/  {'print $8'}` ; done
/opt/nessus/sbin/nessusd -R
/etc/init.d/nessusd start

The only problem then is that the current Nessus 4.2.2 with webserver version 2.0.0 truncates the plugin ID in the lists as the Flash needs updating to make the column wider, apparently will be fixed in 4.4