Shell script to check IP (For use with conky)

Well as I used conky on BT4 I began to like having my private IP displayed, so I decided to look at the script it used and it's as simply as this, make a file on your desktop named ip.sh and add the following;

#!/bin/bash
wget -q -O - checkip.dyndns.org|sed -e 's/.*Current IP Address: //' -e 's/<.*$//'

Save this file and make it executable with the following command;

chmod 775 ip.sh

This allows you to read, write and execute the file. You can now try it out with "./ip.sh" and it should display your IP in the shell. If so then it's ready for use with conky. To use a shell script in conky you need to add the following command to the .conkyrc;

${execi 300 /home/youruser/Desktop/ip.sh}

If all's well, it's displaying your IP now.

Hamster & Ferret

"Hamster is a tool for HTTP session hijacking with passive sniffing. It eavesdrops on a network, captures the session cookies, then imports them into the browser to allow you to hijack their session. There is a more complete description in the help section."

These tools make a great addition when performing the MITM attack I demonstrated in the SSLStrip video.

So say we got everything setup like we did in the video, we can fire these up by going to the directory they're installed in (which is /pentest/sniffers/hamster/ for BT4) then start up ferret like so "./ferret -i wlan0"

Then you can start hamster next with "./hamster" then open your browser of choice and set the proxy to "127.0.0.1 : 1234" like it says. Type hamster in the url, select your interface and there you go. Easy as that.

Download these tools with apt-get install hamster or download here

TrueCrypt

	Main Features:
	Creates a virtual encrypted disk within a file and mounts it as a real disk. Encrypts an entire partition or storage device such as USB flash drive or hard drive. Encrypts a partition or drive where Windows is installed (pre-boot authentication). Encryption is automatic, real-time (on-the-fly) and transparent. Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted. Encryption can be hardware-accelerated on modern processors. Provides plausible deniability, in case an adversary forces you to reveal the password: Hidden volume (steganography) and hidden operating system.   Read more here - http://www.truecrypt.org/docs/  Download using the apt-get command or - http://www.truecrypt.org/downloads

Crypting text with my new favorite text editor, VIM.

So this is extremely simply, if you know about it. Which I didn't untill just now when looking for a simple way to encrypt text data. Now it's as simple as this, when starting a new file run this command to have it encrypted as well;

"vim -x filename"

Which will prompt you for the password you would like to use to encrypt it. To save a while once you've finished up press "ctrl o" then ":w filename"

And you're done. Though I'm not all to sure how secure the encryption is, I still suggest using truecrypt.

You can get vim with the "apt-get install vim" command.

Quick Python Script/Example For Finding The Mac and IP Of Users On Your LAN.

Well I wanted a quicker way to check what hosts are on my lan other than pinging/nmap/opening a browser and generating a bunch of data. So I made this quick script to save time and display it in a shell. Very basic but it's may serve someone some good as an example. I'm still learning so if I improve it (likely) than I'll post an update.

 

import urllib
import re
users = urllib.urlopen("Your Routers Client Table URL")
users = users.read()
ips = re.findall('(?:[\d]{1,3})\.(?:[\d]{1,3})\.(?:[\d]{1,3})\.(?:[\d]{1,3})', users)
print "[=>Live Hosts<=]"
print ips
X = '([a-fA-F0-9]{2}[:|\-]){5}[a-fA-F0-9]{2}'
c = re.compile(X).finditer(users)
if c:
    for y in c:
        print users[y.start(): y.end()]

Example Picture;

PacketFountain: Network Sniffing Screensaver

Well, if your using windows and you're getting tired of your screensaver you should check this out. It's a packetsniffing screensaver! Not the cleanest looking in the world but it's much better that a flying box or some pipes. It's called "PacketFountain" and was put together by IronGeek. It's written in VB6 and uses the WinPcap wrapper.

Steps to install

1. copy ./bin/PacketFountain.scr to windows directory (c:\windows\).
2. copy ./bin/VBPCAP.DLL to windows\system32 directory (c:\windows\system32).
3. Install Winpcap from http://winpcap.polito.it/ .
4. Go to Display Properties->Screen Saver and choose PacketFountain.
5. Click the settings button and choose your network card, number of packets, active monitors and speed.

I personally had an issue with changing the settings, but it's not a big deal.


Download

IronGeek's DecaffeinatID

Well I've been playing around a bit with a windows VM that acts as a Honeypot/IDS for my network which I can remotely monitor with my Archos7 via VNC. One of the apps I've come across is "DecaffeinatID" which is a very simple IDS/ARP Watcher. I've never heard of it before and found it quite a nice addition to my arsenal so I figured I would spread the info. Here's alittle bit of info about it, taken from IronGeek.

This project started because I (IronGeek) wanted a simple ARP Watch like application for Windows. In a short matter of time, feature creep set in. DecaffeinatID is a simple little app that acts as an Intrusion Detection System (more of a log watcher really) to notify the user whenever fellow users at their local WiFi hotspot/ LAN are up to the kind of "reindeer games" that often happen at coffee shops and hacker cons. It's not meant to be a replacement for something more feature rich (but complicated) like Snort. DecaffeinatID watches the Windows logs for three main things and pops up a message in the Windows Systray when it sees any of the following

New or changed ARP table entries

Think of this as a poor man's ARPWatch for Windows. The IDS gives a special alert whenever it sees the MAC address of the IP gateway change.

 

New events in security log

This will let you know about attempted and successful logins, assuming you have set up auditing for such things in your local security settings.

New events in the firewall log

DecaffeinatID will read your Windows firewall log (if you have one) and list events

          

Download

You can find more info here

Ettercap Porn Filter

Ever get tired of your little brother or your perverted neighbor watching porn and wasting perfectly good bandwith on nonsense. Well here's a fun solution to that Below is an ettercap filter I tossed together to play around with. To create an ettercap filter you first have to create a new file to begin scripting. In this case it will be "hak.filter". Once you have your desired filter scripted, you can then compile it using Etterfilter and then it's ready for use.

Below is an example filter for people to play with and get an idea of how they work. What it does is quite obvious, it changes the word porn to a link saying "You Need Help" which takes them to "www.no-porn.com", a site for porn addiction. It also changes a few other words

You can find the script here;

http://pastebin.com/L7PCPNap

To compile it simply make a new file called hak.filter than once you have your desired script ready, you use this command in a terminal.

etterfilter hak.filter -o name.ef

At this point the filter is ready for use, to use it simply add a "-F name.ef" when running ettercap.

Example Useage: ettercap -TM arp:remote // // -F name.ef -i wlan0