Hacking Life - Unix

Finally !! OpenBSD will have WPA & WPA2 for the next release

nospam@example.com (Stefan Kraatz) — Fri, 18 Apr 2008 19:16:50 +0200

Undeadly.org anounced that the (for BSD fans) well known developer Damien Bergamini, who wrote a lot of wireless device drivers for various BSDs, took a break from his reverse engineering efforts and commited some code magic to finally support WPA PSK & WPA2 PSK in OpenBSD. As always, this commit is done on "current", so it will not be available for the next release 4.3, which is basically only a few days away. However, if there are no major issues with this implementation, which from my previous experiences with software, done by Damien, is not very likely, this will be part of the next release 4.4, which will then be published in 6 months.

All enthusiasts, who are not willing to wait until the next release and are capable of running "current" are encouraged to give this a try. Thank you Damien, for realizing this very often requested feature for the OpenBSD community.

Beware of Karl Klammer

nospam@example.com (Stefan Kraatz) — Fri, 04 Jan 2008 10:21:24 +0100

Karl Klammer is the German name for that dumb office assistant resembling a paper clip and trying to guess what you are currently doing. It usually starts annoying users soon and gets switched off faster than the Lollipop colors of the MS OS default installation.

Now imagine, Microsoft had developed the worlds most famous editor. Can't imagine that ? Here is what it would look like.

For people, who are still willing to risk getting addicted to vi. Here, is where I found that juwel. But be warned the learning curve is steep !

My OpenBSD website internal linkpage

nospam@example.com (Stefan Kraatz) — Thu, 01 Nov 2007 15:01:26 +0100

NOTE: This is for myself rather than somebody else, but you may use it as a starting point when searching for something specific.

Blogposts
http://www.kungfu-hackers.net/index.php?/blog/OpenBSD-on-HP-workstations.html
http://www.kungfu-hackers.net/index.php?/blog/My-Software-Wishlist-for-OpenBSD.html
http://www.kungfu-hackers.net/index.php?/blog/Installing-the-encrypted-file-system-CFS.html
http://www.kungfu-hackers.net/index.php?/blog/Using-the-encrypted-file-system-CFS.html

Articles
http://www.kungfu-hackers.net/index.php?/articles/tracking_stable.html
http://www.kungfu-hackers.net/index.php?/articles/network_tools.html

OpenBSD on HP workstations

nospam@example.com (Stefan Kraatz) — Tue, 30 Oct 2007 15:56:16 +0100

A friend of mine recently sent me this via MMS.

This shows OpenBSD running on a HP Visualize workstation C3600, which he found somewhere collecting dust.

Not long ago, Debian and Gentoo linux were the only ones supporting these once powerful graphics workstations, more or less broken, with quite a few kernel panics every now and then and no application really working properly.

Now this beast runs happily under OpenBSD, increasing the noise level in their office :D

How to summarize your network traffic

nospam@example.com (Stefan Kraatz) — Fri, 22 Jun 2007 13:46:23 +0200

In case you want to create firewall rules and don't know what type of traffic you have in your network, you will need to find out by sniffing it off the wire. This article outlines a very basic, but also very easy method to summarise your network traffic by looking at the TCP SYN ACK packets. Obviously, this doesn't catch everything you might have in your network, but if you need more, you can easily adapt this method to fit to your requirements.

Happy Birthday

nospam@example.com (Stefan Kraatz) — Fri, 18 May 2007 12:14:42 +0200

A while ago, I installed an OpenBSD gateway router for accessing a private network via a single IP address, which inspired me to write this article. Today, this router is up and running flawlessly for 100 days. This is, in my mind, worth noticing. Thanks to the OpenBSD team for providing me with such a decent operating system, that makes my life as a networker so much easier.

# uname -a
OpenBSD gateway 4.0 GENERIC#625 sparc
# uptime
12:07PM up 100 days, 23:07, 1 user, load averages: 0.13, 0.10, 0.08

Using the encrypted file system CFS

nospam@example.com (Stefan Kraatz) — Wed, 25 Apr 2007 16:34:29 +0200

OpenBSD server full story

>>> becoming the testuser


# su - testuser

>>> creating the encrypted directory (this is where the encrypted content is stored, you will not directly write to this directory). The key will need to be at least 16 characters long.


$ cmkdir cryptotest
Key:
Again:

>>> attaching the the encrypted directory. You will need to enter the
key used during the creation of it.


$ cattach cryptotest
Key:

>>> The directory will be mounted under /crypt/yourdirectoryname


$ ls -l /crypt/
total 4
drwx------  2 testuser  users  512 Apr 24 17:52 cryptotest

>>> It is handy, to have a symlink to /crypt/yourdirectoryname in your home folder in order to easily access it.


$ ls -l
total 8
lrwxr-xr-x  1 testuser  users   17 Apr 24 17:51 crypto -> /crypt/cryptotest
-rw-r--r--  1 testuser  users  473 Apr 24 18:05 cryptodemo.txt
drwxr-xr-x  2 testuser  users  512 Apr 24 17:52 cryptotest

>>> you can now use the attached directory similar to normal
directories. All files and folders will be displayed normally.
>>>> listing and display files


$ ls -l crypto/
total 4
-rw-r--r--  1 testuser  users  28 Apr 24 17:53 testuserstest.txt
$ more crypto/testuserstest.txt
coolio
testing cfs 
blabla

>>>> creating new files


$ echo "Here is the testtext" > crypto/anothertest.txt
$ ls -l crypto/
anothertest.txt     testuserstest.txt   
$ ls -l crypto/anothertest.txt
-rw-r--r--  1 testuser  users  21 Apr 24 18:06 crypto/anothertest.txt
$ more crypto/anothertest.txt
here is the testtext

>>> Detaching the encrypted folder


$ cdetach cryptotest

>>> displaying the content of the encrypted folder


$ ls -l cryptotest
total 8
-rw-r--r--  1 testuser  users  36 Apr 24 17:53 3cf0c57e1d05151c8411060c4df1079571f930e52a540d56
-rw-r--r--  1 testuser  users  29 Apr 24 18:06 4a70ceadb5cd9a19adcca8ae12994c41

>>> Displaying Files in the encrypted folder


$ cd cryptotest/
$ more 3cf0c57e1d05151c8411060c4df1079571f930e52a540d56
somescrambledtext

Installing the encrypted file system CFS

nospam@example.com (Stefan Kraatz) — Wed, 25 Apr 2007 10:28:35 +0200

OpenBSD server full story

>>> Become root on your OpenBSD computer.

>>> Install the cfs package with pgk_add. If nothing fails, you can ignore the
output as the given information are contained in this document as well.



# pkg_add cfs
--cfs-1.4.1p2--- done

>>> Modify your startup files.
>>>> Add these two line to /etc/rc.conf.local (to start the neccessary services)



nfs_server=YES
portmap=YES

>>>> Create a new folder /etc/cfs .
>>>> Create a file called /etc/cfs/rc.cfs with permissions 700 root wheel .
>>>> content of /etc/cfs/rc.cfs (this is manually created, default is to
write this into /etc/rc.local, but it makes rc.local pretty messy, if you
have a few services)



#!/bin/sh
if [ -x /usr/local/sbin/cfsd ]; then
        if pgrep mountd > /dev/null; then
                echo -n ' cfsd';        /usr/local/sbin/cfsd >/dev/null 2>&1
                mount -o port=3049,nfsv2,intr,sync localhost:/null /crypt
        else
                echo -n ' cfsd (failed, no mountd running)'
        fi
fi#	$OpenBSD: rc.local,v 1.39 2006/07/28 20:19:46 sturm Exp $

>>>> Add this startup script to /etc/rc.local. This way, you can disable the
service more easily, if you wish as there are less lines.



# Crypto Filesystem
if [ -f /etc/cfs/rc.cfs ]; then
        . /etc/cfs/rc.cfs
fi

>>> Reboot your computer and study the next blogentry about how to use the CFS.

My Software Wishlist for OpenBSD

nospam@example.com (Stefan Kraatz) — Wed, 11 Apr 2007 15:38:53 +0200

I would love to find the following kind of software in the OpenBSD ports tree

** a terminal software, that does all kind of connections : modem, telnet, ssh, serial, ..... with the ability of capturing the output of the terminal, and of using macros in order to automate things. This software would be similar to ProComm Plus (some kind of Symantec product)
** a comparison software similar to Beyond Compare, that does file and folder comparison on an advanced level
** a decent python editor with syntax highlighting and and module / procedure lookup (current looks promising)
** a powerful graphical search frontend to grep, similar to WinGrep

Display Remote X11 apps on your Mac

nospam@example.com (Stefan Kraatz) — Mon, 26 Feb 2007 22:38:15 +0100

Applications are the keypoint to your computer usage. Unless you are a geek, who enjoys every type of computer related topic, your way of using your computer will mainly be determined by the applications you need.

I recently came across an application (Scribus), I would love to have on my mac, but there was no chance to have it natively running on it in the near future. There is an X11 solution for it, but since I need X11 installed anyway, I thought, I might as well try to run it on my OpenBSD box and launch it remotely.

Due to time constraints I never really got into it until recently. This is how I managed to get Scribus running smoothly on my mac.

To connect to the server I used SSH, which allows me to tunnel back the XDisplay across the connection. This is the coolest way to get this done for several reasons. The connection is encrypted, you can use certificates to allow passwordless logins, you can setup a small script, that automatically does everything for you, allowing seemless working, as if the application was installed locally. For more information about SSH , check this article.

For my situation I had to enable the option X11Forwarding in /etc/ssh/sshd_config

Open X11 on your mac, first of all you will need it installed of course. You will find it on the OS X DVD which came with your mac.

Do "ssh -X remotehost" from the Xterm, that opens within your X11 window.

Test, if the DISPLAY environment variable has been set correctly by typing echo $DISPLAY. If it's something like DISPLAY=localhost:10.0 or DISPLAY=myaddress:10.0 X forwarding is setup and working. All you need to do then is run the command you wish and it should popup on your X11 session. The first thing I tried was konsole, since this is a standard application I use very often, on the OpenBSD box.

Info found here

Search & Destroy

nospam@example.com (Stefan Kraatz) — Mon, 26 Feb 2007 13:42:45 +0100

I found a nice little tool in the Python Cookbook section of the Activestate website. It is pretty quick and helps to eliminate duplicate files by traversing the folder you run it on, comparing size and hashes for all the files and finally deleting them.

Comment of the author:

It ran against a 3.5 gigabyte set of files composed of about 120,000 files, of which there were about 50,000 duplicates, most of which were over 1 megabyte. The total run took about 2 minutes on a 1.33ghz G4 powerbook. Fast enough for me and fast enough without actually optimizing anything beyond the obvious.

Link to Python Recipe

Comments from my side:

- you will need python installed to use it, but you should have it anyway ;)
- as far as I can see, it works on every platform supporting python
- it doesn't replace the brain ;), it will simply delete everything duplicate
- The ASPN website is pretty slow and frequently unreachable. Contact me, if you like to have this script and can't get it from the page.

Packet Crafting for Firewall & IDS Audits

nospam@example.com (Stefan Kraatz) — Wed, 21 Feb 2007 13:58:40 +0100

This article is a very nice introduction to hping and it's use for testing firewall rules and intrusion detection. I would recommend reading it to anybody, with interest in this topic.

Article Part 1
Article Part 2

Miscellaneous Unix Tips

nospam@example.com (Stefan Kraatz) — Wed, 21 Feb 2007 12:11:07 +0100

Sysadmin Magazine answering questions from shell novices

Introducing the aycdie shell

nospam@example.com (Stefan Kraatz) — Wed, 07 Feb 2007 11:15:51 +0100

During the research for my ssh gateway project, I came across the issue, that I didn't want the ssh users to execute any commands on the gateway itself. They would still need the ability to login, since I needed the ssh connection for tunneling traffic into the private network. Discussions with a friend of mine, brought us to the idea, to replace the standard shell with something else, that stays alive, as long as the user doesn't type something specific. Afterwards it would just terminate and the ssh session will be closed.

Please welcome the "All You Can Do Is Exit" Shell.

A little bit of python did the job for me. Obviously this is depending on python being installed on your computer and there are various other ways to do this.

# cat /aycdiesh #! /usr/local/bin/python2.4 while True: try: x = "" while x !="exit": x = raw_input("Type 'exit': "); if x != "exit": print "Only 'exit' is allowed !!"; break; except KeyboardInterrupt: break;

Assigning the aycdiesh as a shell to the user "test", will lead to the required results.

# userinfo test
login test
passwd *
uid 1003
groups test
change NEVER
class
gecos test
dir /home/test
shell /aycdiesh
expire NEVER

Testing the login:

>ssh -l test ssh_gateway
test@ssh_gateway's password:
Last login: Wed Feb 7 11:16:40 2007 from 10.169.20.58
OpenBSD 4.0 (GENERIC) #625: Sun Sep 17 23:46:46 MDT 2006

Welcome to the ssh access gateway.

Type 'exit': dsr08tg245t243
only 'exit' is allowed !!
Type 'exit': exit
OK
Connection to ssh_gateway closed.

>

As always, I welcome comments to this entry, since I don't think I am a genius. Let me know, if something is wrong, or if you come up with different approaches or a better solution at all.

using SSH for loads of cool stuff

nospam@example.com (The Kungfu Hacker) — Tue, 06 Feb 2007 14:04:00 +0100

I have written a small article on SSH, that will be more and more expanded when I have time, or learn something new. Check it out here
Updated:
I have amended the article with a picture for illustration purpose and put in some additional notes.