Blog Archives

Onion Omega – Getting Started and LED Blinking Part1

Posted on by 0 comment

Now I haven’t done a large amount of work on Arduinos and that kind of device, despite owning a number of them, I understand the most basic idea, I write high to one pin and low to another and I can make the LED turn on. Now thats about as far as I get. However I love python, and I love IoT, so a device with wifi a quarter of the size of a raspberry pi sounded awesome to me.

Now I just received my Onion Omegas and I’m liking them, as fas as I got was blinking an LED.
But given the lack of documentation existing for the onions at the moment I thought I’d walk through what I did because I felt the quickstart guide ended a few steps short.

So I was using an expansion dock to power the Onion up

IMG_20151119_211612

There’s an on/off switch on the left and a microUSB port on the top.

I plugged it in and powered it up.

The GUI didn’t work for me and I set up on a mac which seemed like a good choice.

  1. Download the driver, here
  2. Run screen `ls /dev/tty.*|grep UART` 115200  which will connect you to the Onion; if asked for a user/password use root/onioneer
  3.  Then run wifisetup ; Press 1 to search for a network, then the number of your network hit enter and enter the password. you’ll get some debug lines to tell if it’s working.
  4. Type  oupgrade  to do the firmware update and now you should be able to login to the web interface using the IP address of the Onion.So you’re all set up now but you may like to keep reading.Now most of the modules/wrappers/bindings for writing to pins seem to still be in development however there’s a simple command set to manipulate them in shell/ash.
  5. Add your LED or breadboard or something
  6.  Next we’re setting a pin to high by typing  fast-gpio set <gpio> 1 further instructions
  7. then set the other pin to low using  fast-gpio set <gpio> 0

So there we have it. Our LED turns on. Also the Onion website says we can use python, there was a post about which python version to use, there’s a python-light  and a  python-mini but if we go back to kickstarter there’s a version of python that’s really trim Micro Python and there just happens to be a openwrt package for micropython which you can install by typing  opkg install micropython there’s also a ruby package which can be installed with  opkg install ruby ruby-core .

 

Some of the things I plan on doing with the onions are:

  • Light switches for our lifx bulbs,
  • Magnetic presence sensor for the carport
  • Live IP streaming Camera
  • Ambient light sensor for mirroring similar light levels to the lifx bulbs
  • And I’m sure there’s other things I haven’t remembered yet.

Anyway I’m sure I’ll post progress when I make some. So stay tuned.

Category: Hardware, Python, Software

#TIL Some Unix Magics I Picked Up This Month

Posted on by 0 comment

So this month I picked up a couple of unix tricks which I wish I had have known years ago.

Tip #1.

Supervisor.
Supervisor is a service which will sustain a running process, you can tell it to auto start a command then make sure that process is always running. You can pick output files for STDOUT and STDERR then force a relaunch on any crash you might have.

Use Case: I was actually attempting to run deluged and deluge-web on a VPS I own, however often when adding a new torrent the server would crash, I’d need to ssh into the box and restart it. Now deluge restarts itself on every crash meaning I can upload and if it crashes it’ll come straight back up.

there is a good guide to setting up supervisor here Setting Up Supervisor.

Tip #2.

tmux.
tmux is a terminal multiplexer and it does exactly that. tmux will let you use all that empty space on the right of your terminal as a second terminal, it allows you to split your terminal into many many panes arrange those panes into default layouts or arrange them manually to suit your workflow. This of course has many use cases however the one that came to mind is when running an arp cache poison I usually have at least 3 tabs one for the router, one for the client, one for whatever it is you’re hoping to do with the traffic. With tmux you can run them all in the same terminal window without tabs and you can keep an eye on all your processes at once. It also looks awesome on larger screens. There is a number of cheat sheets available for tmux some of the ones I looked at:
https://gist.github.com/MohamedAlaa/2961058
https://gist.github.com/afair/3489752

But you can’t go past the man page:

http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/tmux.1?query=tmux&sec=1

Category: Other code, Software, Unix | Tags: , , , ,

Repetitive Gameplay, Meet my ADB foo

Posted on by 0 comment

So I was playing an android game recently and one of the things you can do is spend the ingame currency to spin a wheel and hopefully win a prize. I made a few spins and it wasn’t very fruitful. I had a look around for some app to do virtual tapping. There was nothing in the PlayStore. After a bit of reading I came across a thread mentioning you can do this with tasker, using a shell action with an 

input tap x y

so I played around with tasker; I don’t really like tasker but the concept was there, if I’m running a shell command there must be an input binary for virtualizing input. So I opened my terminal and typed input and woo we have a binary. So from there my next thought was ADB. Can I call input tap over my dev bridge. I had a look around and there’s actually a UIautomator tool provided by google for debugging but this is really most useful when writing test cases for your own apps.

I’m using wireless ADB because I’m lazy but here’s what I had working.

adb connect 192.168.1.5:8000
adb shell input tap 100 100

Then I created a batch file to do this over and over in the spots where I need to tap

FOR /L %%A IN (1,1,800) DO (
adb shell input tap 1270 450
adb shell input tap 1850 955
adb shell input tap 1850 955)

Now all I do is run the batch file and sleep while my character prospers.

I found a couple of touch recording apps in the playstore but I found this method works better
https://play.google.com/store/apps/details?id=com.woodthm.thetoucherimp

Category: Uncategorized

ShellShock Shock

Posted on by 0 comment

With all the hype on shellshock I thought I’d write something up, try some hacks, find some examples.

In essence I see shell shock as a command injection vulnerability which I cannot see being anywhere near as bad as heartbleed and I’ll explain my reasoning throughout this post.

Vulnerable:
So from all the reading I’ve done most bash versions prior to being patched for ShellShock are vulnerable and will loose out when given the standard test
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
also from what I’ve read most versions of BusyBox are not included.

So now we know what is vulnerable lets have a look at what’s exploitable; and what’s exploitable remotely.

According to the redhat blog https://access.redhat.com/articles/1200223

The exploitable services are most likely:

  • httpd
  • Secure Shell (SSH)
  • dhclient
  • CUPS
  • sudo
  • Firefox
  • Postfix

 

So now lets look at the possibly remotely exploitable set.

  • httpd
  • Secure Shell (SSH)
  • dhclient
  • CUPS
  • Postfix

 

Now this list is still somewhat deceptive, SSH sounds remotely exploitable but in reality you need to be authenticated first so we can take that out of the list. dhclient this will provide much fun especially at SANS conferences and such when everyone is using kali liveCDs but dhcp isn’t really an internet protocol so we can rule that one out for this purpose. And we can put CUPS in a similar drawer, we could create a maliciously named printer but according to the redhat blog it would be a small set of conditions but no-one uses CUPS over the internet. Lastly postfix in my opinion it would just be bad programming to let your email server set system variables and the redhat blog tends to agree.  I actually run nginx on this blog and haven’t found any exploits referencing I did find this release by the nginx team(http://nginx.com/blog/nginx-cve-2014-6271-bash-advisory/) which ultimately leaves HTTPD/Apache.

Now according to the redhat blog mod_php, mod_perl, and mod_python are unaffected I have also tested mod_fastCGI and couldn’t get an exploit, so this leaves the standard mod_CGI. So we’ve cut our list down from ~90% of vulnerable targets to just those exploitable targets running antiquated mod_CGI pages. So although the vulnerability was more widespread than heartbleed the exploitability definitely is nowhere near it, even though the damage can be much worse.

 

And just because we’re still phishing for logos for ShellShock I’d like to propose a blue koopa shell from Mario;

MKwii_Blueshell

Category: Python, Security, Software | Tags: , , ,

Welcome to our new server!

Posted on by 0 comment

We have just changed hosting plans, we are now currently hosting with DigitalOcean (signup with our referral link https://www.digitalocean.com/?refcode=1464d09309a5) in Singapore. Running nginx as opposed to our old apache cpanel  server hopefully nginx will provide us with a little more utility than having apache dictate what we can and cannot host. 🙂

Category: Hardware, Software

Adventure into ReportLab and RML

Posted on by 0 comment

My journey began after reading a long report on network statistics that one of my co-workers was required to write.
I have always been enthusiastic about not writing reports but generating them, and as much as I love manual typesetting some documents are just to vast and to complicated to manually typeset every paragraph to make sure it looks just right.
The document we will be generating needs to pull loads of data from Intrusion Prevention/Detection and other network devices we will then be manipulating the data calculating some more graphing some of it then putting it all into tables. I’ve always wanted a project to do in ReportLab. I began looking into ReportLab and officially they offer 2 versions; ReportLab Plus and ReportLab OpenSource. Unfortunately ReportLab OpenSource does not support the ReportLab Markup Language(RML) which is in essence is an XML dialect. The licence for ReportLab plus was a but out of my price range so I went searching and came up with https://pypi.python.org/pypi/z3c.rml an RML parser that comes with an rml2pdf function. But first I had to get z3c.rml and opensource ReportLab installed onto my MacBook.
I kept getting this error;
clang: error: unknown argument
I found the solution here http://bruteforce.gr/bypassing-clang-error-unknown-argument.html where you can suppress the error by prefixing your pip install command with the following
ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future pip install
This seemed to work and I was finally able to import reportlab z3c.rml and all the other dependancies.

I started off with a file simply importing the modules and calling rml2pdf.go but this evolved a bit as I incorporated templating so I came up with this .py file to read in an XML file apply mako rendering then create an RML file which I render to PDF like so.

import z3c.rml.tests
from z3c.rml import rml2pdf, attr
from mako.template import Template
mytemplate = Template(filename='btest.xml')
figures=[
#(number,name,x-size,y-size,)
]
f=open("btest.rml","w")
f.write(mytemplate.render(figures=figures))
f.close()
rml2pdf.go("btest.rml", "test.pdf")

I then proceeded to build up my sample document.
which you can find on bitbucket here https://bitbucket.org/alec_langford/rml-bits
where I set a border imported some images put in headers, footers and page numbers.

So hopefully this will be the way we typeset future reports and I won’t need to spend a whole bunch of time fixing badly processed word documents.

Category: Other code, Python, Software | Tags: , ,

Building a Quick and Dirty Url Shortener

Posted on by 0 comment

At work last week we were discussing the security implications of url shortening services, such as tinyURL, biy.ly and goo.gl not only the fact that they can be used to hide malicious URLs for use in phishing attacks but the problem’s we’re having are:

  • Users in more restrictive access groups not being able to click links from these services
  • But worse, some users are using this service to shorten intranet links

Now that second point is an issue for me; if a shortening service were hacked our server names could be leaked to the world.

The two obvious solutions were ban all users from using such services or run our own internal service

My instinct told me that one shouldn’t be to hard to build.

So Here it is in less than 50 lines


from SimpleHTTPServer import SimpleHTTPRequestHandler
import StringIO,os,BaseHTTPServer,sqlite3
if "urls.db" in os.listdir("."):
    con = sqlite3.connect("urls.db")
    c=con.cursor()
else:
    con = sqlite3.connect("urls.db")
    c=con.cursor()
    c.execute("create table shorts (id integer primary key, url varchar unique)")
server = BaseHTTPServer.HTTPServer
server_address = ("", 8000)
class MyHandler(SimpleHTTPRequestHandler):
    def send_head(self):
        body,response = " ",200
        if self.path=="""/""":pass
        elif self.path.endswith("+"):
            c.execute('SELECT url FROM shorts WHERE id=(?)', (self.path[1:-1].decode("base64"),))
            s=c.fetchone()
            boady = s[0]        
        elif r"/add?" not in self.path:
                    response=301
            c.execute('SELECT url FROM shorts WHERE id=?', (self.path[1:].decode("base64"),))
            s=c.fetchone()    
            else:
                    x=self.path.split("?",1)[-1].replace(r"http://","")
            try:
                c.execute("insert into shorts(url) values (?)", (x,))
                con.commit()
            except sqlite3.IntegrityError:pass
            c.execute('SELECT id FROM shorts WHERE url=(?)', (x,))
            s=c.fetchone()
            body = "ok. " + str(s[0]).encode("base64")
        self.send_response(response)  
        self.send_header("Content-type", "text/html; charset=utf-8")  
        self.send_header("Content-Length", str(len(body)))  
        if response==301:
            self.send_header("Location","http://"+s[0])          
        self.end_headers()
                return StringIO.StringIO(body)
httpd = server(server_address, MyHandler)
print "Starting server..."
try:
    httpd.serve_forever()
except KeyboardInterrupt:
    httpd.socket.close()
Category: Python, Software | Tags: , ,

Unlocked Windows Tools

Posted on by 0 comment

I was reading about the iKAT tools; I came across their set of binaries that don’t obey GP. These are awesome and if you couple them with the base64 file encoding proxy I wrote a while ago. With this you should be able to get full cmd access on just about any environment where you have internet access. the tools included in the iKAT package are:
cmd.exe
command.com
control.exe
cscript.exe
explorer.exe
ipconfig.exe
osk.exe
rasphone.exe
regedit.exe
runonce.exe
sc.exe
taskman.exe
taskmgr.exe
wscript.exe
And the complete zip is mirrored here.

Category: Security, Software, Windows | Tags: , , , ,

Windows 8 First Impressions

Posted on by 0 comment

My first impressions of windows 8 were somewhat exactly what I expected the install was great. I deleted my partitions and hit go. Went to sleep. Low and behold it was not waiting for me at some pesky config screen asking about my timezone. It was done I had to do a few house keeping configs like create accounts and put in the wifi settings but none of the hassle that xp and 7 installs had. Now I was installing this on an older machine a hp-210 netbook to be exact. It has a tiny dual core 1Ghz Intel atom and only a couple of gigs of RAM. Which is well within the system requirements for a 32bit OS. Wanting to try out this metro hooha I clicked on a metro app and was greeted by a message stating that my resolution was to low in face it was only about 178 pixels to low. I figured they all couldn’t be broken for something like a screen resolution but they were, all except the new faithful looking desktop app. So clicking the desktop app I have a task bar without the start button. I need a start button. It did however show me in a handy tooltip if I corner my mouse I get a settings dock. Finding me screen resolution settings I tried to up it so I could use the metro apps. But my screen only supports up to 600 pixels so just like every operating system I ever use it requires some hacking before it works like they say it does. I found the regKey “Display1_DownScalingSupported” after a bit of googling it’s a Boolean either 1 or 0 and setting it to 1 allows you to set your resolution beyond that of your screen with some funky downscaling majik but IMO it looks like crap on my 1024×600 screen but the metro apps now work. And after all this I still don’t like this new crazy interface.

Category: Phones, Software | Tags: ,

Automajikly updating a log page with JQuery

Posted on by 0 comment

I was developing a a web application at work for use on the intranet. And if you’re anything like the security nut I am you love logging just as much as I do. I love logging so much I have a page for just about every I use generally my log pages look something like

import os
print "Content-Type:text/html"
print
print
print '<br/>'.join(os.popen("tail -100 somelog.log").read().split("n"))

Now this is ok but wouldn’t it be cool if it updated without the page refreshing?
Now I’m not very good at Jquery so I had no idea to start but eventually I came across Jeff Star’s blog post http://perishablepress.com/ajax-error-log/ which was pretty much exactly what I was after without all the fancy 404 logging since my web framework does all that.
So quite simply I took this code

<!DOCTYPE HTML>
<html>
	<head>
		<title>Ajax Error Log</title>
		<!-- Ajax Error Log @ http://perishablepress.com/ajax-error-log/ -->
		<meta http-equiv="content-type" content="text/html; charset=UTF-8">
		<style>
			pre {
				font: 10px/1.5 Courier, "Courier New", mono;
				background-color: #efefef; border: 1px solid #ccc;
				width: 700px; margin: 7px; padding: 10px;
				white-space: pre-wrap;
				}
		</style>
		<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js "></script>
		<script>
			$(document).ready(function() {
				$("#results").load("AjaxErrorLog.php");
				var refreshId = setInterval(function() {
					$("#results").load("AjaxErrorLog.php").fadeIn("slow");
				}, 2000); // refresh time (default = 2000 ms = 2 seconds)
			});
		</script>
	</head>
	<body>
		<noscript><div id="response"><h1>JavaScript is required for this demo.</h1></div></noscript>
		<div id="results"></div>
	</body>
</html>

And changed AjaxErrorLog.php to the cgi script tailing my log and presto a live log feed.

Category: Other code, Python | Tags: , , , , , , ,
Older Entries →