Wednesday, September 24, 2008

WPA Password Generator

I know a lot of us use WPA for your access points (you better not be using WEP!!) and I happened upon this while looking for some other stuff. It is a simple password generator to make sure your WPA keys arn't easily guessable. It has a few modifications that I have made. I have found that WPA works best in ALL CAPS. I have worked with quite a few laptops that wouldn't connect if the passphrase had any lowercase letters. Weird huh?! I have also found that it works best when you have 13 characters. I don't know why but that has just been my experience. Hopefully these 'issues' are resolved in latter wireless standards because if everyone used only uppercase/numbers & kept it at 13 characters it would only be a matter of time before your hacked. This script is fully capable of generating whatever characters you want, you just have to add them in.

Note; this could also be used for other situations besides WPA.
Note; this is not my original work. It was posted to another site by an anonymous user. Sadly, I am unable to give them credit for their good work.



wpa-pass.sh


#!/bin/bash

# Sets the maximum size of the password the script will generate
MAXSIZE=13

# Holds valid password characters. I choose alpha-numeric + the shift-number keyboard keys
# I put escape chars on all the non alpha-numeric characters just for precaution
array1=(
#w e r t y u p a s d f h j k z x c v b m
Q W E R T Y U P A D F H J K L Z X C V B N M
2 3 4 7 8
#! @ $ % \# \& \* \= \- \+ \?
)

# Used in conjunction with modulus to keep random numbers in range of the array size
MODNUM=${#array1[*]}

# Keeps track of the number characters in the password we have generated
pwd_len=0

while [ $pwd_len -lt $MAXSIZE ]
do
index=$(($RANDOM%$MODNUM))
password="${password}${array1[$index]}"
((pwd_len++))
done
echo $password

Wednesday, September 17, 2008

Simple Linux IDS/IPS Shell Script

Click Here For Updated Version

So, I don't even know where to begin. I know there is great software out there like Snort but for whatever reason, I rolled my own IDS/IPS (specifically for SSH). Its quite simple as it just looks through the log file for failed attempts against the SSH server. To show how it works, I made a little video for you. :)


(oops, type-o in video. oh well)

First things first, run this command:
echo "IDSIPSDELIM-SSHD" >> /var/log/messages

Done? Good. Now here is the script:


idsips.sh.sshd


#! /bin/bash

# Using this for the first time???
# YOU WILL NEED TO DO THIS:
# echo "IDSIPSDELIM-SSHD" >> /var/log/messages
# Done? Good, now you can use this.

# Get old delimiter for where to look from
gto=`cat /var/log/messages | grep IDSIPSDELIM-SSHD | tail -n1`
# Apply new delimiter so we know where to look for again
echo "IDSIPSDELIM-SSHD-`date +%s`" >> /var/log/messages

gtf=`cat /var/log/messages | grep -A200000000 $gto | grep sshd | grep PAM | awk '{ print $NF }' | sort -u`

for s in `echo "$gtf"`
do
num=`echo "$gtf" | grep $s | wc -l`
if [ $num > 20 ]
then
blkd="`date +%s`"
echo "ALL : $s # AUTOBLOCK-$blkd" >> /etc/hosts.deny
echo "`date` - AUTOBLOCK - $s - $blkd" >> /var/log/idsips.sh.log
sleep 1
fi
done

gtcd=`date +%s`
for s in `cat /etc/hosts.deny | grep AUTOBLOCK | cut -d"-" -f2`
do
gts=`expr $gtcd - $s`
if [ "$gts" -gt 360 ]
then
gto=`cat /etc/hosts.deny | grep -v $s`
echo "$gto" > /etc/hosts.deny
fi
done



Don't forget to setup the crontab for it:
*/5 * * * * /usr/local/bin/idsips.sh.sshd
(or wherever you put it)

Monday, September 15, 2008

Cain & Able - Sniff HTTP Passwords

This is a little how-to on sniffing usernames & passwords via Cain & Able. Cain & Able is great as it will auto-parse information on the network and give you readable output (depending on what you are looking for). Now, that is not the only thing that Cain & Able will do but it is the easiest function; just turn it on and it does the work, thats it. :) So, I will outline how to capture basic HTTP authentication.

1. Download & install :)
2. Open Cain & Able
3. There is a little icon that looks like a PCI card, click it
3.1 Note; You may need to select 'configure' at the top to select what network card in case you have more than one
4. Click on the 'Sniffer' tab at the top
5. Click on the 'Passwords' tab at the bottom
6. Click 'HTTP'
7. Now go visit a website that uses basic authentication (non-https).
7.1 Note; Cain & Able comes with a pre-defined list of what to look for. Some sites may use an identifier such as 'usrhere'/'pswhere' instead of something normal like 'user'/'pass'. If you want credentials for that specific site, you will need to view source (or such) and tell Cain & Able what to look for. This is the basic how-to though so I will not get into that yet.
8. Usernames & passwords will show up in the large window.

This video is very basic. Credentials were captured using basic authentication in a apache conf file.