User:Smcnaught
From ChekMate Security Group
foto:553  |
. _.-----. \.-./ . . SYN <-> SYN/ACK <-> ACK
\`-.._,-' .-. .-.`-' ``-. _,-'.'`. smcnaught, SamWise_
`-.____,-. `:. `.-'-._.O-:_ .:'.,| nosce te ipsum
`-" `-" `-.__.' SYN <-> SYN/ACK <-> ACK
Leave a message on my Talk page. irc.freenode.net as SamWise_ on channels #snort, #snort-gui, #security, #remote-exploit, #security, #mediawiki irc.chekmate.org as SamWise_ on channels #ChekMate, #Security, #linux, #help "What am I to do with these plastic-coated aluminum-reinforced W1nd0z3 brand coasters?"
Because knowing all passwords is cooler than trying to crack one. ;)
| 
 |
Smcnaught's Blog
ZoneDateTime Mediawiki extensionRecently built this new MediaWiki Extension so that the users of our irc.chekmate.org network would be able to know the time for a specific server. This extension is super simple. It just determines the time differnce from GMT and then displays it. Modify as you see fit. Note: Most up to date version of this extension can be found at: http://www.chekmate.org/wiki/index.php/Projects Change History
MaintainerShannon McNaught (smcnaught) HomepageChekMate Technical Focus Group LicenseZoneDateTime.php - Displays Location and Current Timestamp Copyright (C) 2006 Shannon McNaught This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Installation
Examples
Source Code
<?php
# ZoneDateTime Mediawiki extension
#
# original by smcnaught 01.09.2006
# Installation:
# * put this file (ZoneDateTime.php) into the extension directory of your mediawiki installation
# * add the following to the end of LocalSettings.php: include("extensions/ZoneDateTime.php");
#
# Examples:
# <ZoneDateTime>
# London:0:0
# Calgary:1:-7
# </ZoneDateTime>
#
# <ZoneDateTime>Location:DaylightSaving:ZoneDifference</ZoneDateTime>
#
#install extension hook
$wgExtensionFunctions[] = "wfZoneDateTimeExtension";
#extension hook callback function
function wfZoneDateTimeExtension() {
global $wgParser;
$wgParser->setHook( "ZoneDateTime", "renderZoneDateTime" );
}
#parser hook callback function
function renderZoneDateTime( $input, $argv, &$parser ) {
global $wgVersion, $wgTitle, $wgDBprefix, $wgOut, $wgUser, $wgRequest;
// ###### DEFINE VARIABLES TO Nagios Server ######
// ###### INVALIDATE CACHE ######
$ts = mktime();
$now = gmdate("YmdHis", $ts + 120);
$ns = $wgTitle->getNamespace();
$ti = wfStrencode($wgTitle->getDBkey());
$version = preg_replace("/^([1-9]).([1-9]).*/", "\\1\\2", $wgVersion);
if ($version>14) $sql = "UPDATE $wgDBprefix"."page SET page_touched='$now' WHERE page_namespace=$ns AND page_title='$ti'";
else $sql = "UPDATE $wgDBprefix"."cur SET cur_touched='$now' WHERE cur_namespace=$ns AND cur_title='$ti'";
wfQuery($sql, DB_WRITE, "");
$Output = "";
$aParams = explode("\n", $input);
foreach($aParams as $location) {
if ($location != "") {
list($Location, $DaylightSaving, $ZoneDifference) = explode(",", $location);
$LocationDate = zonedate('Y-m-d H:i:s',$ZoneDifference,$DayLightSavings);
$output = $output . "$Location ($LocationDate)\n";
}
}
return $output;
}
function zonedate($layout, $countryzone, $daylightsaving)
{
if ($daylightsaving){
$daylight_saving = date('I');
if ($daylight_saving){$zone=3600*($countryzone+1);}
}
else {
if ($countryzone>>0){$zone=3600*$countryzone;}
else {$zone=0;}
}
$date=gmdate($layout, time() + $zone);
return $date;
}
|
War GamesI have been working on a new hands on training session for ChekMate. I want the session to provide a practical learning experience about computer security. As it is important to know the basics about how a hacker breaks into a computer, members should be given opportunities to attack a system to learn about the different techniques and tool sets. Class Size: 20 members (plus 2-4 mentors) Class is divided into two groups. The Alpha Team and the Omega Team. Each training session will have the same network infrastructure and server configuration. Each network (Omega/Alpha) will be identical in design. Example: Network Design
Server Configuration
Training SessionsTraining Session 1The first training session will be an introduction to attacking a network.
Training Session 2Will be a continuation of the Training Session 1. Lessons Learned from session 1 are meant to be applied to this training session.
Training Session 3The first hour of the class will be used to protect your team's server environment. The rest of the class will be used to attack the other teams network.
Training Session 4Will be a continuation of the Training Session 3. Lessons Learned from session 3 are meant to be applied to this training session.
Training Session 5Each team is split into 2 sub groups. First 30 minutes of the class will be used to protect your team's server environment. For the rest of the class, one sub-group will be monitoring the network for intrusion attempts and the other will be attacking the opposing network - switching roles half way through the time period.
Training Session 6Will be a continuation of the Training Session 5. Lessons Learned from session 3 are meant to be applied to this training session.
Additional Resources
|
Okay - The site has been very ugly when using IE 7+. I have played around with the Stylesheets and I believe I have made the site at least more acceptable then it was before. The biggest item was the footer - as it overlapped on the page and I could not make its position absolute. So I removed it. Another item appears to be the width of the page displayed. I do not have an answer for that yet but will work on it in the future.
|
Found a great little Pop3/Imap/SMTP Server for Windows. I am not sure I would use it on the Internet - but for lab purposes it is great. hMailServerhMailServer is a free e-mail server for Microsoft Windows. It supports all the common e-mail protocols (IMAP, SMTP and POP3) and comes with an easy-to-use COM library that can be used for integration with other software. It also has support for virtual domains, distribution lists, antivirus, antispam, aliases, distributed domains and much more. E-mail data is stored in a database server, MySQL or MS SQL, depending on your choice. The hMailServer installation contains a minimal MySQL-installation, so if you don't already have a database server in your network, MySQL is installed automatically when you install hMailServer.
|
IntroductionModified the Simple IRC RC Bot created by Thrasher6670. This bot does not require ircii. It is completely self contained. It displays recent changes of your wiki to an IRC channel. Note: Most up to date version of this extension can be found at: http://www.chekmate.org/wiki/index.php/Projects Change History
MaintainerShannon McNaught (smcnaught) HomepageChekMate Technical Focus Group LicenseWikiBot.php - Displays recent changes of your wiki to an IRC channel Copyright (C) 2006 Shannon McNaught This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. InstallationRequirementsThis Perl script also requires POE, which you may find was not packaged with your system. Not to worry! Very easy to install. POE may be installed through the CPAN shell which you should find on your system. % perl -MCPAN -e shell cpan> install POE When CPAN is first run, it will ask you a series of questions, however the defaults seemed to work fine for me. However I did have a problem with some FTP sites not having the POE file, so I went for ones in the US and they had it. You may find that POE fails to install with a message that says cannot install unless force is used as a number of tests have failed. You might want to check the seriousness of these errors, however its possible to force via the following syntax. cpan> force install POE LocalSettings.phpAdd the following to your local settings file: // IRC # post: 555666 $wgRC2UDPAddress = '127.0.0.1'; $wgRC2UDPPort = '51666'; $wgRC2UDPPrefix = ""; WikiBot.pl
#!/usr/bin/perl
use warnings;
use strict;
use POE;
use IO::Socket::INET;
use POE::Component::IRC;
use constant DATAGRAM_MAXLEN => 1024;
select((select(STDOUT), $|=1)[0]);
# Create the component that will represent an IRC network.
my ($irc) = POE::Component::IRC->spawn();
# Create the bot session. The new() call specifies the events the bot
# knows about and the functions that will handle those events.
POE::Session->create(
inline_states => {
_start => \&bot_start,
irc_001 => \&on_connect,
irc_public => \&on_public,
},
);
POE::Session->create(
inline_states => {
_start => \&server_start,
get_datagram => \&server_read,
}
);
$poe_kernel->run();
exit;
# UDP Server
sub server_start {
my $kernel = $_[KERNEL];
my $socket = IO::Socket::INET->new(
Proto => 'udp',
LocalPort => 51666,
);
die "Couldn't create server socket: $!" unless $socket;
$kernel->select_read( $socket, "get_datagram" );
}
sub server_read {
my ( $kernel, $socket ) = @_[ KERNEL, ARG0 ];
my $ircmessage = "";
recv( $socket, my $message = "", DATAGRAM_MAXLEN, 0 );
$message =~ /\[\[(.+)\]\]/s;
$ircmessage = $1;
$irc->yield( privmsg => "#ChekMate", $ircmessage );
}
# IRC Server
# The bot session has started. Register this bot with the "magnet"
# IRC component. Select a nickname. Connect to a server.
sub bot_start {
my $kernel = $_[KERNEL];
my $heap = $_[HEAP];
my $session = $_[SESSION];
$irc->yield( register => "all" );
my $nick = 'WikiBot';
$irc->yield( connect =>
{ Nick => $nick,
Username => 'WikiBot',
Ircname => 'ChekMate WikiBot',
Server => 'irc.chekmate.org',
Port => '6667',
}
);
}
# The bot has successfully connected to a server. Join a channel.
sub on_connect {
$irc->yield( join => "#ChekMate" );
}
# The bot has received a public message. Parse it for commands, and
# respond to interesting things.
sub on_public {
my ( $kernel, $who, $where, $msg ) = @_[ KERNEL, ARG0, ARG1, ARG2 ];
my $nick = ( split /!/, $who )[0];
my $channel = $where->[0];
my $ts = scalar localtime;
print " [$ts] <$nick:$channel> $msg\n";
# if ( my ($rot13) = $msg =~ /^rot13 (.+)/ ) {
# $rot13 =~ tr[a-zA-Z][n-za-mN-ZA-M];
# Send a response back to the server.
# $irc->yield( privmsg => "#ChekMate", $rot13 );
}
}
CommandRun this command on the receiving computer: ./WikiBot.pl In the above entries used in your LocalSettings.php file <port> would be 51666.
CaveatsCurrently, anyone can "hack" your bot by sending packets to the port you specify. This can be fixed with iptables. However, in the long run, a more complex bot should be written to allow for restrictions and perhaps some more stuff.
|
I have recently experienced a hardware failure - which meant that the chekmate website was offline for a couple days. Everything should be up and operational now. If there is still issues, please let me know. Shannon
|
Public Keyssh-dss AAAAB3NzaC1kc3MAAAEBAInCnnoDecaCBwxw/rfLFuGABHWrNfvml/fcFg0OXvjUF6XX+swZ PTjotOv8aZN033K4BanHpVfEWqVHsfl+71JbAV27TvMmQDK9xuIkrN2nMMAyvCbejX2R8OQXJMroyj+M ArpGjqUowkSASbiN+NFXfwBuvrVPgLmnT0dJKEpSfeERDwqMP1gw/6HI8/r/RF/vFVK61XE0XeSsZ2wA Jr08EKEQFkhq+D1EKeCK0XWZRQEZq99qIXrPbz6MbbZrsp1K56bEZAoPxVmgxrMK7uSMFh+YRNs+Qj70 QYLeol40tEUJKUhj0G2PyjV7KAD2WlCMEGxdzw6GsmvuXCYETbkAAAAVAIfy9ffQLyxUGQO8XvdytDGk AuABAAABAB1S6Fdsg46aoEpqJu66WpN6gHUWuMgGdbWnUcP3i04ZEDvHFL1GYmPSOXsPsCbWYvNs9psM YxGQ35Zt21giH35478kVbOG/lNbcFvR94W4ZnS9iY4v3FcB8ubT0CfVaJpVozABDYS9xNAsGORBWaOU3 6FG8X6CZVYIgcgelj69TfJNiF1NMsdypqhnBH5xhYnN3HuqJ/2NMI5UsLe/ZJW/8v9cCtfgB5OncWF+g 5hN98r5Py4qJz3v4FgotATFrX3xJdz5O/Z30yP8bfZ3A7fUo5sCG0sAmn1lsd01a2j2UPVv0pZG9Wyg8 RwX9owZ/itz+78OjAuDQXhCMdZm3WvwAAAEAP6JrH5nbMwQiSdmx6Oz+yt0WCH2eyhSkKz9zb/Hi9can Te4RYvLNC4epUelFkczQnD2kOPsb0JnJNbMzqp7LPeXrBOQwaGQgrEPO0li7QbUXNbDoakVqGT0wZ2Nr WG6/rI5Bedj3olkBcWKIKB5zeBDtPL90JqbgYsmb1R/HtVJ10kCtojWFq2Tg8Fi/k0GMjCYM8caKFLAZ OdQgcgEDqDSoHroaHkN1v6swyD8eM12FnmXRWNeghww2NC9g5tyTwdJdm7kEd+cuTiwvzkJ5JQ0pUMqM vxumlUxGc2UJ43EMyREOANFQDiM+8manPJuMOIxvshXxdfUEKPg2euaFpA== smcnaught@asus
|
Road Map to being a Security ProfessionalThere are some essential skills required to being a proficient security professional. The following is an outline of the different skills. ChekMate will be having training sessions around these topics.
|
MW: ImageMap ExtensionIntroductionImageMap is a Mediawiki 1.5 extension. This extension was built to add Client Side ImageMaps to MediaWiki. MaintainerShannon McNaught (smcnaught) LicenseImageMap.php - Adds ImageMap functionality to MediaWiki Copyright (C) 2006 Shannon McNaught This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Installation
/** * This is the list of preferred extensions for uploading files. Uploading files * with extensions not in this list will trigger a warning. */ $wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'pdf','map' );
/** Determines if the mime type of uploaded files should be checked * @global boolean $wgVerifyMimeType */ $wgVerifyMimeType= false; Usage<ImageMap>Image=[[Media:Image.png]]|Map=[[Media:Imagemap.map]]</ImageMap> <!--- Must use Media: and not Image: for the Parser to work properly. ---> <ImageMap>Image=[[Media:Image.gif]]|Map=[[Media:Imagemap.map]]</ImageMap> <ImageMap>Image=[[Media:Image.jpg]]|Map=[[Media:Imagemap.map]]</ImageMap> SamplesFollowing Example using Image: Media:Fish33.gif and Map file: Media:Fish.map, Media:World-map.png and Map file Media:worldmap.map
ImageMap.php
<?php
# ImageMap Mediawiki extension
#
# original by smcnaught 29.06.2005
# Installation:
# * put this file (ImageMap.php) into the extension directory of your mediawiki installation
# * add the following to the end of LocalSettings.php: include("extensions/ImageMap.php");
#
# Usage:
# Use one section between <ImageMap>-tags for each feed. The ImageMap section may contain parameters
# separated by a pipe ("|"), just like links and templates. These parameters are supported:
#
# Example:
# <ImageMap>Image=ImageURL|Map=MapURL</ImageMap>
#
#install extension hook
$wgExtensionFunctions[] = "wfImageMapExtension";
#extension hook callback function
function wfImageMapExtension() {
global $wgParser;
#install parser hook for <ImageMap> tags
$wgParser->setHook( "ImageMap", "renderImageMap" );
}
#parser hook callback function
function renderImageMap( $input ) {
global $wgServer, $wgScriptPath, $wgTitle, $wgUrlProtocols, $wgUser, $IP;
# global $wgOutputEncoding;
if (!$input) return "";
$fields= explode("|",$input);
$args= array();
for ($i=0; $i<sizeof($fields); $i++) {
$f= $fields[$i];
if (strpos($f,"=")===False) $args[strtolower(trim($f))]= False;
else {
list($k,$v)= explode("=",$f,2);
if (trim($v)==False) $args[strtolower(trim($k))] = False;
else $args[strtolower(trim($k))]= trim($v);
}
}
$timestamp = mktime() . rand(1,29);
#get title from argument-array
$ImageURL= @$args["image"];
$ImageURL= trim($ImageURL);
if ($ImageURL=='') {
return "No Image";
}
$MapURL= @$args["map"];
$MapURL= trim($MapURL);
if ($MapURL=='') {
return "No Map";
}
$localParser = new Parser();
$parserOptions = ParserOptions::newFromUser( $wgUser );
$html = $localParser->parse($ImageURL,$wgTitle,$parserOptions);
$Imageurl = preg_replace('/^.*<a[\s]+href=*"(.*?)".*$/is', '\1' , $html->mText);
$html = $localParser->parse($MapURL,$wgTitle,$parserOptions);
$Mapurl = preg_replace('/^.*<a[\s]+href=*"(.*?)".*$/is', '\1' , $html->mText);
$mapfile = "$IP/../$Mapurl";
$lines = array_map('rtrim',file("$mapfile"));
$output="<img src=\"$Imageurl\" usemap=\"#$timestamp\">";
if (!file_exists($mapfile)) {
$output = $output . "Path to mapfile is incorrect or file does not exist. mapfile should look like: /var/www/html/wiki/images/4/4d/Fish.map";
# Enable for troubleshooting, otherwise comment to hide directory path.
# $output = $output . "$mapfile";
}
// Loop through our array, show HTML source as HTML source; and line numbers too.
foreach ($lines as $line_num => $line) {
if (preg_match ("/\sname=/i", $line)) {
$replacestr = " name=\"$timestamp\"";
$line = preg_replace('/\sNAME=\"[a-zA-Z0-9 ]+\"/i',$replacestr,$line);
}
$line = preg_replace(array('/\s{2,}/','/^\s+/','/\s+$/'),array(' ','',''),$line);
$output = $output . $line . "\n";
}
return $output;
}
?>
|
As you may have noticed I have added the Snort Pig logo to the ChekMate screen design. I will look forward on what is required for us to create the user group and then formulate what future meetings we will host regarding Snort. I have done a fair bit of custom development around Snort and I have been publishing some of these Snort plugins on the ChekMate site. As soon as I can I will contirbute more Snort modifications I have or have built. One of these projects is a Snort-LiveCD. We are using these LiveCDs to provide an effective and fast means to set up Snort sensors without modifying the original OS hard drive partitions. The LiveCD calls home to build its rulesets and snort configuration. This allows the Security Analyst to adapter the sensor to the immediate needs. I hope to have this rolled out before the end of summer and have a ChekMate version published shortly afterwards. Wish you all a great summer.
|
New FeaturesI have added some more features to the ChekMate Wiki site. I have added an extension that sets up a calendar for the Wiki. Kirsten and I have not yet built it into the Current Events but within the next few days it will be in place. I also have some plans to add the Calendar into the Blog code but I need to determine how to handle the timestamp within the URL. I am sure I will find some way to accomplish this. The other functionality is GoogleMaps. Wahoo!! Anyways, I had a major issue with the extension and how it crashed IE. I have resolved this and submitted the fix back to the original programmer. Here is an example: Calgary WarDrive Map. This is a single day of driving from the office back to my house. It picked up 177 access points, of which 55% were open. I find this very scary as it would not be difficult to get on to these networks, find the computers behind them and grab a lot of confidential information. If you know someone who has an open wireless network, please help them to lock it down. Additional NewsFixed the Rainbow tables. I must have screwed up something in the past because the permissions were whacked. These are LM tables alpha-numeric-symbol14(ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=). Although, the web frontend will not handle large password files. I recommend files with about 5-10 passwords for best performance. I have tested the rainbow tables via a command line against 6 different password files with approximately 450 passwords in total and had a success rate of 97%. This is including IUSR and IWAM user accounts, which have computer generated passwords. The only time the hashes were not cracked is when the account associated to a different domain. I will do a presentation for the ChekMate group to demonstrate how powerful these rainbow tables are.
|
