Category Archives: Python

Onion Omega – Getting Started and LED Blinking Part1

Posted on by 0 comment

Now I haven’t done a large amount of work on Arduinos and that kind of device, despite owning a number of them, I understand the most basic idea, I write high to one pin and low to another and I can make the LED turn on. Now thats about as far as I get. However I love python, and I love IoT, so a device with wifi a quarter of the size of a raspberry pi sounded awesome to me.

Now I just received my Onion Omegas and I’m liking them, as fas as I got was blinking an LED.
But given the lack of documentation existing for the onions at the moment I thought I’d walk through what I did because I felt the quickstart guide ended a few steps short.

So I was using an expansion dock to power the Onion up

IMG_20151119_211612

There’s an on/off switch on the left and a microUSB port on the top.

I plugged it in and powered it up.

The GUI didn’t work for me and I set up on a mac which seemed like a good choice.

  1. Download the driver, here
  2. Run screen `ls /dev/tty.*|grep UART` 115200  which will connect you to the Onion; if asked for a user/password use root/onioneer
  3.  Then run wifisetup ; Press 1 to search for a network, then the number of your network hit enter and enter the password. you’ll get some debug lines to tell if it’s working.
  4. Type  oupgrade  to do the firmware update and now you should be able to login to the web interface using the IP address of the Onion.So you’re all set up now but you may like to keep reading.Now most of the modules/wrappers/bindings for writing to pins seem to still be in development however there’s a simple command set to manipulate them in shell/ash.
  5. Add your LED or breadboard or something
  6.  Next we’re setting a pin to high by typing  fast-gpio set <gpio> 1 further instructions
  7. then set the other pin to low using  fast-gpio set <gpio> 0

So there we have it. Our LED turns on. Also the Onion website says we can use python, there was a post about which python version to use, there’s a python-light  and a  python-mini but if we go back to kickstarter there’s a version of python that’s really trim Micro Python and there just happens to be a openwrt package for micropython which you can install by typing  opkg install micropython there’s also a ruby package which can be installed with  opkg install ruby ruby-core .

 

Some of the things I plan on doing with the onions are:

  • Light switches for our lifx bulbs,
  • Magnetic presence sensor for the carport
  • Live IP streaming Camera
  • Ambient light sensor for mirroring similar light levels to the lifx bulbs
  • And I’m sure there’s other things I haven’t remembered yet.

Anyway I’m sure I’ll post progress when I make some. So stay tuned.

Category: Hardware, Python, Software

ShellShock Shock

Posted on by 0 comment

With all the hype on shellshock I thought I’d write something up, try some hacks, find some examples.

In essence I see shell shock as a command injection vulnerability which I cannot see being anywhere near as bad as heartbleed and I’ll explain my reasoning throughout this post.

Vulnerable:
So from all the reading I’ve done most bash versions prior to being patched for ShellShock are vulnerable and will loose out when given the standard test
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
also from what I’ve read most versions of BusyBox are not included.

So now we know what is vulnerable lets have a look at what’s exploitable; and what’s exploitable remotely.

According to the redhat blog https://access.redhat.com/articles/1200223

The exploitable services are most likely:

  • httpd
  • Secure Shell (SSH)
  • dhclient
  • CUPS
  • sudo
  • Firefox
  • Postfix

 

So now lets look at the possibly remotely exploitable set.

  • httpd
  • Secure Shell (SSH)
  • dhclient
  • CUPS
  • Postfix

 

Now this list is still somewhat deceptive, SSH sounds remotely exploitable but in reality you need to be authenticated first so we can take that out of the list. dhclient this will provide much fun especially at SANS conferences and such when everyone is using kali liveCDs but dhcp isn’t really an internet protocol so we can rule that one out for this purpose. And we can put CUPS in a similar drawer, we could create a maliciously named printer but according to the redhat blog it would be a small set of conditions but no-one uses CUPS over the internet. Lastly postfix in my opinion it would just be bad programming to let your email server set system variables and the redhat blog tends to agree.  I actually run nginx on this blog and haven’t found any exploits referencing I did find this release by the nginx team(http://nginx.com/blog/nginx-cve-2014-6271-bash-advisory/) which ultimately leaves HTTPD/Apache.

Now according to the redhat blog mod_php, mod_perl, and mod_python are unaffected I have also tested mod_fastCGI and couldn’t get an exploit, so this leaves the standard mod_CGI. So we’ve cut our list down from ~90% of vulnerable targets to just those exploitable targets running antiquated mod_CGI pages. So although the vulnerability was more widespread than heartbleed the exploitability definitely is nowhere near it, even though the damage can be much worse.

 

And just because we’re still phishing for logos for ShellShock I’d like to propose a blue koopa shell from Mario;

MKwii_Blueshell

Category: Python, Security, Software | Tags: , , ,

Adventure into ReportLab and RML

Posted on by 0 comment

My journey began after reading a long report on network statistics that one of my co-workers was required to write.
I have always been enthusiastic about not writing reports but generating them, and as much as I love manual typesetting some documents are just to vast and to complicated to manually typeset every paragraph to make sure it looks just right.
The document we will be generating needs to pull loads of data from Intrusion Prevention/Detection and other network devices we will then be manipulating the data calculating some more graphing some of it then putting it all into tables. I’ve always wanted a project to do in ReportLab. I began looking into ReportLab and officially they offer 2 versions; ReportLab Plus and ReportLab OpenSource. Unfortunately ReportLab OpenSource does not support the ReportLab Markup Language(RML) which is in essence is an XML dialect. The licence for ReportLab plus was a but out of my price range so I went searching and came up with https://pypi.python.org/pypi/z3c.rml an RML parser that comes with an rml2pdf function. But first I had to get z3c.rml and opensource ReportLab installed onto my MacBook.
I kept getting this error;
clang: error: unknown argument
I found the solution here http://bruteforce.gr/bypassing-clang-error-unknown-argument.html where you can suppress the error by prefixing your pip install command with the following
ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future pip install
This seemed to work and I was finally able to import reportlab z3c.rml and all the other dependancies.

I started off with a file simply importing the modules and calling rml2pdf.go but this evolved a bit as I incorporated templating so I came up with this .py file to read in an XML file apply mako rendering then create an RML file which I render to PDF like so.

import z3c.rml.tests
from z3c.rml import rml2pdf, attr
from mako.template import Template
mytemplate = Template(filename='btest.xml')
figures=[
#(number,name,x-size,y-size,)
]
f=open("btest.rml","w")
f.write(mytemplate.render(figures=figures))
f.close()
rml2pdf.go("btest.rml", "test.pdf")

I then proceeded to build up my sample document.
which you can find on bitbucket here https://bitbucket.org/alec_langford/rml-bits
where I set a border imported some images put in headers, footers and page numbers.

So hopefully this will be the way we typeset future reports and I won’t need to spend a whole bunch of time fixing badly processed word documents.

Category: Other code, Python, Software | Tags: , ,

Building a Quick and Dirty Url Shortener

Posted on by 0 comment

At work last week we were discussing the security implications of url shortening services, such as tinyURL, biy.ly and goo.gl not only the fact that they can be used to hide malicious URLs for use in phishing attacks but the problem’s we’re having are:

  • Users in more restrictive access groups not being able to click links from these services
  • But worse, some users are using this service to shorten intranet links

Now that second point is an issue for me; if a shortening service were hacked our server names could be leaked to the world.

The two obvious solutions were ban all users from using such services or run our own internal service

My instinct told me that one shouldn’t be to hard to build.

So Here it is in less than 50 lines


from SimpleHTTPServer import SimpleHTTPRequestHandler
import StringIO,os,BaseHTTPServer,sqlite3
if "urls.db" in os.listdir("."):
    con = sqlite3.connect("urls.db")
    c=con.cursor()
else:
    con = sqlite3.connect("urls.db")
    c=con.cursor()
    c.execute("create table shorts (id integer primary key, url varchar unique)")
server = BaseHTTPServer.HTTPServer
server_address = ("", 8000)
class MyHandler(SimpleHTTPRequestHandler):
    def send_head(self):
        body,response = " ",200
        if self.path=="""/""":pass
        elif self.path.endswith("+"):
            c.execute('SELECT url FROM shorts WHERE id=(?)', (self.path[1:-1].decode("base64"),))
            s=c.fetchone()
            boady = s[0]        
        elif r"/add?" not in self.path:
                    response=301
            c.execute('SELECT url FROM shorts WHERE id=?', (self.path[1:].decode("base64"),))
            s=c.fetchone()    
            else:
                    x=self.path.split("?",1)[-1].replace(r"http://","")
            try:
                c.execute("insert into shorts(url) values (?)", (x,))
                con.commit()
            except sqlite3.IntegrityError:pass
            c.execute('SELECT id FROM shorts WHERE url=(?)', (x,))
            s=c.fetchone()
            body = "ok. " + str(s[0]).encode("base64")
        self.send_response(response)  
        self.send_header("Content-type", "text/html; charset=utf-8")  
        self.send_header("Content-Length", str(len(body)))  
        if response==301:
            self.send_header("Location","http://"+s[0])          
        self.end_headers()
                return StringIO.StringIO(body)
httpd = server(server_address, MyHandler)
print "Starting server..."
try:
    httpd.serve_forever()
except KeyboardInterrupt:
    httpd.socket.close()
Category: Python, Software | Tags: , ,

Automajikly updating a log page with JQuery

Posted on by 0 comment

I was developing a a web application at work for use on the intranet. And if you’re anything like the security nut I am you love logging just as much as I do. I love logging so much I have a page for just about every I use generally my log pages look something like

import os
print "Content-Type:text/html"
print
print
print '<br/>'.join(os.popen("tail -100 somelog.log").read().split("n"))

Now this is ok but wouldn’t it be cool if it updated without the page refreshing?
Now I’m not very good at Jquery so I had no idea to start but eventually I came across Jeff Star’s blog post http://perishablepress.com/ajax-error-log/ which was pretty much exactly what I was after without all the fancy 404 logging since my web framework does all that.
So quite simply I took this code

<!DOCTYPE HTML>
<html>
	<head>
		<title>Ajax Error Log</title>
		<!-- Ajax Error Log @ http://perishablepress.com/ajax-error-log/ -->
		<meta http-equiv="content-type" content="text/html; charset=UTF-8">
		<style>
			pre {
				font: 10px/1.5 Courier, "Courier New", mono;
				background-color: #efefef; border: 1px solid #ccc;
				width: 700px; margin: 7px; padding: 10px;
				white-space: pre-wrap;
				}
		</style>
		<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js "></script>
		<script>
			$(document).ready(function() {
				$("#results").load("AjaxErrorLog.php");
				var refreshId = setInterval(function() {
					$("#results").load("AjaxErrorLog.php").fadeIn("slow");
				}, 2000); // refresh time (default = 2000 ms = 2 seconds)
			});
		</script>
	</head>
	<body>
		<noscript><div id="response"><h1>JavaScript is required for this demo.</h1></div></noscript>
		<div id="results"></div>
	</body>
</html>

And changed AjaxErrorLog.php to the cgi script tailing my log and presto a live log feed.

Category: Other code, Python | Tags: , , , , , , ,

Dealing with unicode in Python

Posted on by 2 comments

I say transliterating, but I really just mean coping with strings involving unprintable characters…

 

Today I came across a neat little trick which I hope helps you as much as I.

take the following print statement

print "blahÆlec"

this will break

but there are some cases where exact spelling isn’t important you just to to out put the data so you can glace at it, you can actually give the str decode method a nifty argument “ignore” eg.

print "blahÆlec".decode("ascii","ignore")

and this simply drops the unprintable characters.

Success

Category: Python | Tags: , ,