Archive for August, 2007

Identify equal servers on different IPs using the IP header of packets

Another nice tool, I do penetration tests, sometimes I have to know if a service(for example http) over different IPs was served by different hosts or if it’s really served by the same host.

How can I know this?

That IPs could have another services, different between each IP, for example that hosts could be doing NAT.

So, doing a port scanning, for example with nmap or using any automated tool doesn’t work. If you rest in the results of that tools, you will get wrong results trying to know if are really the same host.

Then, how can I know if this services over different IPs are really served by the same host???

The answer is analyzing the IP header of packets received from this IPs.

(I don’t gonna write a tutorial about networking and the network layer here. You can read the RFCs and read a lot of books, papers and tutorials over this subjects.)

The key is the identification field(32 to 47 bits) in the IP header and the fact that this number is sequential.

Then, if you receive continuous packets from one host, they will have sequential identification numbers.

It’s easy to receive a continue flow of packets from any host and if that host isn’t sending a lot of packets to another IPs, you will have packets with almost sequential identification numbers.

Now, let’s play! A couple of years ago I did a tool to receive packets from different hosts, get and compare the identification numbers received. Now I put it online and you can use it! it’s in Tools section.

If you have any question, you can post it in a comment.

2007
08/24
CATEGORY
App Security
Write comment

How to create a LVM encrypted partition

Be carefully with all this commands, with some of them you can erase all the data in a partition, always use ‘man’… of course, I’m using GNU/Linux.

I do this in Debian, works perfect for me, I’m working, mounting and unmounting the partition for more than a year without any problems.

Well, let’s do it…

First, create the LVM partition(in this case named lv_fun):

lvcreate -n lv_fun –size 1G VolGr01

Then, fill the partition with random data:

badblocks -s -w -t random -v /dev/mapper/VolGr01-lv_fun

Now let’s create the encrypted partition with dm-crypt and luks:

cryptsetup -y luksFormat /dev/mapper/VolGr01-lv_fun
cryptsetup luksOpen /dev/mapper/VolGr01-lv_fun crypt_fun

You must write the passphrase after this commands, use a good passphrase, a reasonable hint is using leters, numbers, some other sign and it should have 20 or more characters (just a quick hint, theres a lot to talk about this).

Use the ‘man’, you can modify a lot of parameters in the previous commands.

OK, the encrypted partition is done! Let’s make the filesystem in this:

mkfs.ext3 -j /dev/mapper/crypt_fun
e2fsck -f /dev/mapper/crypt_fun

In this case I make a ext3 FS, you can do anything else.

And it’s done!

Now you can have some privacy… just some… ;)

We only need to know how to mount and unmount it:

Mount:

cryptsetup luksOpen /dev/mapper/VolGr01-lv_fun crypt_fun && mount /dev/mapper/crypt_fun /media/fun

Umount:

umount /media/fun && cryptsetup luksClose crypt_fun

And that’s it, you have your privacy with a LVM encrypted partition.

If you can’t create a partition or you want a portable encrypted file system you can read my other post about privacy and encryption on linux:

How to create a portable encrypted file system on a loop file

2007
08/16
CATEGORY
App Security
GNU/Linux
2 comments

Get Google results in a list of clean URLs

I wrote a perl script to perform certain search in Google, parse the results and save all the harvested URLs in a text file. After a few improvements, I finally made a PHP Google scrapper that allows us, with an HTML parser in their core, to get unlimited Google results to then apply data mining techniques and obtain valuable information for SEO and business intelligence.

This is extremely useful for a lot of things, for example, with e-marketing and SEO related purposes, you can get huge amount of Google results from different keywords to then analyze PageRank, SERP positions, competition companies/domains and much more.

One time I prepare a search string for Google to find sites that have a security vulnerability, then I run an exploit to all this sites and I founded all the vulnerable sites, only with research purposes, another interesting use of this online SEO tool.

This are only a couple of examples… if you use your imagination… you will see a lot of things you can do…

It’s basically a parser of the Google results, so I can get Google results in any format.

Now I write the algorithm(a google parser) in PHP and publish online, you can use it under online SEO tools section and see other interesting tools… or go directly to the Google parser online tool (GooParser).

2007
08/14
CATEGORY
App Security
Google Results
SEO & Web 2.0
44 comments