Broadcast Domain

I actually got an offline comment from someone regarding my blog post yesterday. They asked why I hadn’t mentioned actual hackers who collect email addresses for phishing schemes.

While I actually thought my subtle coverage of this subject by capitalizing random letters throughout the early paragraphs of the post to spell out the word PHISHING had this taken care of, with my postscript adding to it, I guess not all five people who read my blog caught it.

So, I thought I’d cover the thing in a less subtle way, to let my thoughts be known.

Publishing your email address on the internet does not make you more likely, in any way, to be the victim of a phishing or spearphishing scheme. In this case, since you requested the Google+ invitation, it would be spearphishing.

Your policy of clicking on links in any email you get makes you subject to phishing attacks.

In my earlier analogy, I compared your email address to being like your house address in the physical world.

People knowing your address does not make you more vulnerable to people coming into your house. If you have a policy of letting anyone who knocks on your door into the foyer, though, that’s a different matter.

So, I was well aware that phishing attacks were going on using Google+ invites as their entry gambit.

All I’m saying is that publishing your email address isn’t what makes those attacks effective. Clicking links in email does. In my opinion HTML does not belong in email. If you get an email about a Google+ invite, or anything else for that matter, go to the site yourself. Sign in on their verified HTTPS page, and see if the invite is waiting for you on your account. If it’s not…well, you might want to look at that email a little harder.

Posted in Broadcast Domain, Tech
Tags: Google, hackers, hacking, phishing, spearphishing

I just want to address something I’ve seen before when new invite only Internet services start up, and am seeing once more.

As Google+ oPened up invites, and people began giving tHem away, I saw numerous people screamIng to otherS not to give out tHeIr email addreSs to strangers, because “They’re probably just a hacker collectING email addresses.”

People, hackers don’t collect email addresses. They hack things.

I’m not going into the good hacker/bad hacker thing. That argument has been done to death. No matter what side you fall on, we can all agree that being branded a hacker at least signifies some modicum of elite knowledge.

People who collect email addresses are doing one of two things:

1. Spamming. This makes them spammers. getting access to Google+ requires a google email address, and although many people feel differently about google and their services, most people agree they handle spam really really well.

2. Trying to gain access to the account by guessing/cracking the password. This is the equivalent of walking the movie theater parking lot to see who left their car doors unlocked. If you have a guessable/crackable password or security question on your account, you left your car unlocked. Don’t do that.

Neither of those groups of idiots are hackers.

That said, there’s no reason not to give out your email address. It’s your public internet address. People can contact you at it, which is why you have it in the first damn place. Communication is what we built this series of tubes for, right?

If you were throwing a party, and people asked for directions to get there, you wouldn’t claim to have removed the address from the front of your house so thieves and junk mail senders can’t find it. Same goes for your email address. Ensure the password to it is different from all your other passwords, and hand it out like mad. You never know who might send you something grand.

It might even be a Google+ invitation.

PS: Have you been socially engineered lately?

Posted in Broadcast Domain, Tech
Tags: email, Google, invitation, Security

So, it’s not really a ‘release’, it’s just a Python script. And this isn’t a giant update over the first version I put up a bit ago. The functionality has not essentially changed.

That said, if you want to look at the actual python code, it’s a heck of a lot better. I learned a fair amount this past month while I look for work, and decided today to go ahead and put it to use. I updated the parts of this script that were truly UGLY. The Snort version it pulls is now the newest as well. I added more data validation to the Snort rule creator, and did it in a way that involved code I wrote, rather than a cookbook script. So, outside of 1 single recipe (which is noted in the code) any horribleness you see here is all me.

The script has again been tested on Ubuntu 10.04, 10.04.2, and 11.04, and it works well. Older versions of Ubuntu may or may not work.

If you want a version for a Linux distro rather than Ubuntu, let me know. It wouldn’t take much to whip one up for you, and I could use the practice.

My next plan is to change the Rule Creator into something more interactive that updates the starting SID number based on rules already in your local rules file, and asks what fields you want to include, asking you to input info for each field. We’ll see where that goes, as I have time.

Have tips, questions, or comments on my code? Hit me up! Leave a comment! Rail at my inedptitude! Chances are good it will make me better.

Download Longpork

Posted in Broadcast Domain, Coding, Tech
Tags: barnyard, barnyard2, installer, linux, oinkcode, pulledpork, Python, scripting, snort, ubuntu

Hell, if I’m doing file maintenance, I may as well go all the way.

My music files were all in “$Artist – $Album” folders, and I decided I wanted them in “$Artist/$Artist – $Album” format instead.

A quick regex and a Python script later, and I’m set.

#!/usr/bin/python
#Written by Benjamin Kenneally
#05/29/11

import re
import os

directs = os.listdir((os.getcwd()))
for folder in directs:
	match = re.search('(^.+)[ ]-[ ].+.*', folder)
	if match:
		band = match.group(1)
		newFolderstruct = "%s/%s" % (band, folder)
		os.renames('%s'% (folder),'%s' % (newFolderstruct))
		print "Moving %s to %s." % (folder, newFolderstruct)
	else:
		print "No change is being made to %s." % (folder)

I still always feel like my RegEx is horrible and sloppy, but it gets the job done. A simple script, sure, but I had to look at the

match.group

usage again to make sure I had it down. More practice can’t hurt, right?

Posted in Broadcast Domain, Coding, Tech
Tags: folders, Python, RegEx

I’ve been teaching myself Python for a few months now, and have been doing it by reading a lot and following the exercises. I feel I have a decent handle on scripting with it, but have strange gaps based on portions that didn’t quite fit when I was reading things. In an attempt to fix this, I’ve decided that any file manipulations I do on my computer from now on will be done with Python, and I’ll play with some of the different options for doing them.

Today, I had a bunch of movie files that needed to be thrown into folders that are named with the movie file name, minus the extension. 10 minutes later, and I have a script that will move them for me, at need.

#!/usr/bin/python
#Written by Benjamin Kenneally
#05/29/11

import os

files = os.listdir((os.getcwd()))
for movie in files:
	fileExt = os.path.splitext(movie) [-1]
	if '.m4v' == fileExt:
		movieName = os.path.splitext(movie)[0]
		print "Handling %s." % (movieName)
		movieString = "%s/%s" % (movieName,movie)
		os.renames(movie, movieString)
		print "Moving %s to directory %s." % (movie,movieName)

	else:
		print "%s is not an .m4v file. Doing nothing." % (movie)

There’s probably a more efficient way to do the base directory handling, but I didn’t see it, and this works. I first tried to use

shutil.move

and

os.mkdir

to make directories and move the files, but it doesn’t like to play in the same filesystem you’re moving to, and I didn’t realize that. Now I know what it’s for, so that’s cool. Learn a little something every day, right?

So, not monumental, or anything, but I’ll post all the little scripts I throw up for everyday crap here, and talk about what I learned, if anything, in writing it. Plus, this can be a script library for me, then.

Comments on my crappy coding? Leave me some feedback!

Posted in Broadcast Domain, Tech
Tags: file handling, mkdir, Python

First, I’d like to thanks muts and the entire Backtrack development crew for all the work they do.

So, Backtrack 5 was released yesterday. I spent some time downloading and playing around with VMs. And yes, I’m still seeding. I was seeding BT4 up until I finished a BT5 download, and will continue to do so until I get a bandwidth cap slapped on me. We all know it’s coming.

I decided to start out playing with the 64 bit KDE version, just for a change. I like KDE, but I’m not especially partial to either it or Gnome. I do 90% of my work from the CLI anyway, so it’s really just a nice background and something to give me an easy interface for a music player.

Still, I began the experience with some startx issues. After looking at /var/log, I was having issues determining the trouble. Meaning, I could see it was a video problem of some kind (imagine that, from a window manager!), but not much else. As usual, my old friend the BT Forums held the answer. Seems some of the cache files were the source of the trouble.

rm /root/.kde/cache-root/icon-cache.kcache
rm /root/.kde/cache-root/plasma_theme_Volatile.kcache

Worked for many. If that still doesn’t to it, you may need:

rm /root/.kde/cache-bt/icon-cache.kcache
rm /root/.kde/cache-bt/plasma_theme_Volatile.kcache

For me, that did the trick. Fired up the gui, and decided to begin by installing VMWare Tools. If I’m in a VM, it’s nice to be able to jump back and forth easily, so why not.

Well, this had issues too, on purpose. By design, kernel sources are unprepared here, so the vmware-tools.pl script cannot locate the kernel. So:

prepare-kernel-sources
cd /usr/src/linux
cp -rf include/generated/* include/linux/

Note you need to be connected to the internet for this, as it launches aptitude to grab the needed info. I did find it interesting that the default is now to boot up with networking initialized on BT, as opposed to having to start it manually like in past editions. Still, the option to boot without it (Stealth Boot) is still there, and it will probably cause about 100 people less to ask about it daily in the forums.

After that, I started to play.

BT5 is sexy. Things run a little smoother than they did before. Nexpose installed without issue, and I got Nexpose and Metasplot integration up and running (which took some DB finagling, but all was well), and made a new Teensy with SET since mine finally came in the mail. Changed things so they’re how I like. Yakuake and tmux were installed. It’s all so nice.

Interesting to see that Armitage is installed in this edition. I’ve never played with it, might give it a go tomorrow. A few other changes in there. Was a full Forensic toolkit in BT4? I don’t recall if I installed it all myself or if it came supplied.

Well, all in all a great release. I’m impressed by what this crew has done. They give so much to the community. I hope to be as cool as them someday.

Edit: Seems the startx issue happens every bootup, so I threw the commands into the /etc/rc.local file and made it executable. Problem solved.

Posted in Broadcast Domain, Reviews, Tech
Tags: armitage, backtrack, install, linux, metasploit, muts, nexpose, SET, social engineer toolkit, Teensy, tmux, yakuake