IT Dribble

This was a tricky one. I kept getting alerts for:

-----BEGIN MESSAGE-----
[2012-07-09T23:40:37+1000] server8.somedomain.com
CRIT   :  [2012-07-09T23:40:34+1000] msg=<POLICY NODIRECTORY>, path=</var/log>
-----BEGIN SIGNATURE-----
EA6AB852FD5E03118A95B8507E514F264CCFE3CC35E3330F
000154 1340761939::server8.somedomain.com
-----END MESSAGE-----

And for the life of me wasn’t sure why but after reading the source code the cause is explained:

{ MSG_FI_NODIR, N_("File found where directory was expected"), IDMEF_IMPACT_TYPE_FILE },

And you know what it was correct! /var/log was a softlink to /data/logs!

echo “YAY HTML Works” | mail -s “$(echo -e “Subject Goes HerenContent-Type: text/html”)” to@yourmum.com

I recently moved my website to a cheap VPS I had the fun journey of trying to get it work without grinding to a halt everytime I clicked on a page, which you ‘should’ have noticed is fixed.

Firstly I needed to be realistic this blog wouldn’t have more than two simultanious connections at once, with that known I could then edit the amount for apache server threads to an un-godly small number in /etc/apache2/apache2.conf

StartServers 2
MinSpareServers 2
MaxSpareServers 2
MaxClients 20
MaxRequestsPerChild 0

With that noted a quick look at ‘top’ shows MySQL eating lots of Virtual Memory a quick swap of the configuration file: /usr/share/doc/mysql-server-5.1/examples/my-small.cnf to /etc/mysql/my.cnf sorts out that problem. (Don’t forget to backup your originals)

And finally modifying the WordPress max memory limit as noted in this post
suhosin[10882]: ALERT – script tried to increase memory_limit to 268435456 bytes

This article has an updated version -> Here

Today at work a client he needed to access a cisco router but no-one new the password but we had the config files saved which included the MD5 hashes of the enable and enable secret passwords. So I set about cracking the hashes, which was done successfully btw, following on from that I then remembered a John the Ripper MPI patch which I had seen some time ago I ended getting it going at home and the results are good!

Directions for installation are as follows (on Fedora 11)

yum install mpich2 mpich2-devel
wget http://www.bindshell.net/tools/johntheripper/john-1.7.2-bp17-mpi8.tar.gz
tar -zxvf john-1.7.2-bp17-mpi8.tar.gz
cd john-1.7.2-bp17/src
make linux-x86-64 (for 64bit version duh!)
cd ../run
touch ~/.mpd.conf && echo "MPD_SECRETWORD=secret" > ~/.mpd.conf && chmod 600 ~/.mpd.conf
mpd &
mpiexec.py -n 4 -path ./ -wdir ./ ./john --test

Initial Benchmarking looks good. Below is 1 core vs 4 cores

Traditional DES [128/128 BS SSE2-16]
1591K c/s real, 1594K c/s virtual / 6131K c/s real, 6380K c/s virtual
BSDI DES (x725) [128/128 BS SSE2-16]
Many salts: 53222 c/s real, 53329 c/s virtual / Many salts: 207665 c/s real, 215407 c/s virtual
FreeBSD MD5 [32/64 X2]
Raw: 9718 c/s real, 9816 c/s virtual / Raw: 37720 c/s real, 39581 c/s virtual
mysql [mysql]
Raw: 2571K c/s real, 2571K c/s virtual / Raw: 9397K c/s real, 10254K c/s virtual

About a 100% increase per core! Life is good!

Recently I came across a new file format called RSDF, these appear to be txt files which have a bunch of links in them, so called link containers. I wanted to access the URLS in these files, but I didnt really want to entrust my computer to just “any” application. So after a bit of searching I came across this crafty german website from there I got the python script to decrypt the RSDF files, this Python script requires:

Python (doh!!)
Python-crypto
Probably something else also…..

from their its as simple as: drsdf.py rsdfcontainer.rsdf
and it outputs to your screen! So without further ado here it is:

    #!/usr/bin/env python
    # drsdf.py

    import binascii
    import base64
    from Crypto.Cipher import AES
    import sys

    # 8C 35 19 2D 96 4D C3 18 2C 6F 84 F3 25 22 39 EB 4A 32 0D 25

    file = sys.argv[1]

    file = file.replace(".ccf", ".rsdf")
    f = open(file, "r")
    data = f.read()
    f.close()

    f = open(file, "w")
    f.write(data.split("x00")[0])
    f.close()

    infile = sys.argv[1]
    Key = binascii.unhexlify('8C35192D964DC3182C6F84F3252239EB4A320D2500000000')

    IV = binascii.unhexlify('FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF')
    IV_Cipher = AES.new(Key,AES.MODE_ECB)
    IV = IV_Cipher.encrypt(IV)

    obj = AES.new(Key,AES.MODE_CFB,IV)

    rsdf = open(infile,'r')

    data = rsdf.read()
    data = binascii.unhexlify(''.join(data.split()))
    data = data.splitlines()

    for link in data:
    link = base64.b64decode(link)
    link = obj.decrypt(link)
    print link.replace('CCF: ','')

    rsdf.close()

Happy Downloading!