Lately there has been a lot of talk about the website http://www.iknowwhatyoudownload.com where you can lookup any ip address and find the torrents they have downloaded. Many people are concerned about the publicity of their torrent downloads. We should all be concerned about our privacy now days. Many are seeing this website as a negative thing which it does seem to be, so I started thinking how can we turn this around and make it a more positive thing for us as hackers? One way I thought of was to use the information to identify the targets operating system. and this is exactly what my new program OsSnitch does. This is no replacement for the program Nmap which actually talks with the computer to identify the OS, however sometimes Nmap is not able to identify the targets OS and this is where OsSnitch comes into play. It gives us another chance to identify the operating system when Nmap fails.
The program is new so look for updates often. I will be updating it so it can identify the OS’s better. Any suggestions are more than welcome.
Download the latest version over on github at https://github.com/Acetolyne/ossnitch
I have recently started development with the CherryPy framework to create a python based webserver. In pretty much any website with users you want to create sessions and CherryPy offers a great set of commands to manage user sessions. There is quite a bit of documentation provided about sessions and managing them, also some great code examples. However even with the code examples and searching with Google I found it rather difficult to figure out sessions despite my years of developing with PHP. It seemed I was missing something important so I dedicated a day to getting sessions working in CherryPy. I am using CherryPy version 3.8.0
Session configuration according to many documents online is as simple as adding into your code something like this:
import cherrypy
class HelloWorld(object):
@cherrypy.expose
def index(self):
return "Hello world!"
if __name__ == '__main__':
conf = {
'/': {
'tools.sessions.on': True,
}
}
cherrypy.quickstart(HelloWorld(), '/', conf)
We can also add to our configuration some other session options such as
‘tools.sessions.storage_type’: “file”,
‘tools.sessions.storage_path’: “/tmp/sessions”,
‘tools.sessions.timeout’: 60,
But no matter the example my sessions would still re-generate on each page load. I couldn’t find my answer on the internet despite all the different ways I worded it on the search engines. So I decided to think back on how we use sessions in PHP. At the start of each page we had to use the session_start() function to keep our sessions alive. So how about the function cherrypy.session.start()
Well now it showed session info when I loaded the page but now it was throwing an error that the session was already started. I was still wrong but on the right path.
After messing around a bit more I found the key was to include at the beginning of each page a simple function cherrypy.session.load()
That was it easy as Py. CherryPy even that one simple function not shown in any example I was able to find fixed my sessions and it can fix yours too!
So my code then became this:
import cherrypy
class HelloWorld(object):
@cherrypy.expose
def index(self):
cherrypy.session.load()
return "Hello world!"
if __name__ == '__main__':
conf = {
'/': {
'tools.sessions.on': True,
}
}
cherrypy.quickstart(HelloWorld(), '/', conf)
I really hope this helps other people struggling with the same issue as me. I don’t understand why its not in any examples out there but it is now. If this tutorial helped you with sessions share it on Facebook and Twitter or any other places you think it would help. Link to it from other sites, my website has been around for many years and should remain up for many to come. Let me know if your still having trouble or if this helped you out I would love feedback from others.
After updating my Ubuntu system my display was broken, I did some research and found many people were having the same problem. It seems due to the new kernel I installed the Nvidia drivers were not working correctly. After a little research and a short trial and error period I got it working again. These steps may not work for you but perhaps it will help some of you atleast.
First I had no access to a shell even when pressing CTRL+ALT+F1, if you can get shell this way just do that, I however had to ssh into my machine from another machine. If you don’t have ssh setup and don’t have shell then try to go to recovery mode in the GRUB bootloader screen.
Now that I had access to the system I investigated the /var/log/Xorg.0.log file to find this
[ 280.114] (EE)
Fatal server error:
[ 280.114] (EE) AddScreen/ScreenInit failed for driver 0
[ 280.114] (EE)
[ 280.114] (EE)
Please consult the The X.Org Foundation support
at http://wiki.x.org
for help.
[ 280.114] (EE) Please also check the log file at "/var/log/Xorg.0.log" for additional information.
[ 280.114] (EE)
[ 280.115] (EE) Server terminated with error (1). Closing log file.
This didn’t give much clues but if you have similar logs then you may be having the same problem.
so since i had shell I did
sudo apt-get update
sudo apt-get install nvidia-331-updates
sudo reboot
If your system uses a different package manager simply look for the same package under your distro. You may need to uninstall the nvidia packages you have and then re-install them.
After the system rebooted I had my GUI back!
Hope this helps someone get their X-server back to working condition. Nvidia drivers have all sorts of problems with Linux systems from my experience. If you have troubles consider filing a bug report with Nvidia, the more people reporting problems the more likely they are to work on Linux compatibility.
It’s been a while now since I first created a module called the BotScout module for Drupal. I wanted to inform everyone that the project is back and in full force. If you have never heard of it the BotScout provides a way to block bots on your website based on their IP address, email, name, or any combination of the three. More information about BotScout in general can be found at http://www.botscout.com
I have developed a module to bring the functionality to your Drupal website! in the past I got stuck in the transaction from CVS to Git content management and had a real rough time with the project submission process to make it a fully supported module. I have now re-opened that project application and shouldn’t have the troubles I did before. There were allot of changes going on and the changes were for the best but created hassles for new projects for a short time.
You can get the latest version from my sandbox until it becomes a fully supported project. Info about the Drupal BotScout module including how to download can be found at https://www.drupal.org/project/botscout
if you want to clone it with Git then use command
git clone –branch 7.x-1.x http://git.drupal.org/sandbox/acetolyne/1082234.git
NOTE: you can now download it directly to your site without using git since its now a fully supported module
After you install the module on your site simply go to the modules page and enable it. From there you can go on over to the admin settings page and choose how you want to filter the bots. You can choose to block by IP address, username, email address, or any combination of the three. Users are encouraged to go over to www.botscout.com and get a free API key. Without an API key you can only check 20 submissions per day, but the key is free so go get yourself one. Also there is a good peice of information about what you should choose to block the bots by and why over on the botscout website at http://botscout.com/api_queries.htm
Any suggestions please provide them over at BotScout Project page on the Drupal site listed below. The module for Drupal 7.x core is much safer than the old module and its not suggested to use the old module, but you really should not be running Drupal 6.x core anyhow it is just as unsafe as the module was. Drupal now offers a better API for developers and I was able to totally re-write the BotScout module to be safer from XSS attacks and run alot more efficiently than the last module.
The Botscout 6x module was removed due to security issues and will not be supported please update to Drupal 7x to use this module and keep your site safer.
For issues or feature requests please submit a form at https://www.drupal.org/project/issues/botscout
I would like to introduce you to a tool I just started using called Variety. This tool allows one ot analyze the schema of a MongoDB Database. While it is true that mongo is a schemaless database it is still important for database administrators to keep records of the layout. This will help the administrator keep track of what sort of data is kept in each database and in each collection. It will also help development teams plan with ease future expansion and scalability options. Variety looks in your database and gives simple statistics on the various keys and statistics on the data that is in each collection.
Variety is maintained on GitHub and I have recently started contributing to the project to help make it better. If you like this project the feel free to contribute in any way that you can even if it is just suggesting features or enhancements. Before I show and tell I would like to mention that the core developers state on their GitHub page that they do NOT recommend using this tool in a production environment, however I still do and plan on using it on a regular basis to track my constantly changing databases.
So lets dive into how it works. There are many examples of usage on the GitHub page but I will cover some basics here for you to get started. First let’s highlight some of the great features
Basic Usage
Using variety is easy first we need to download it from the GitHub page which is at
https://github.com/variety/variety
we now need to navigate into the variety folder and we can start using the tool, of course before using it make sure your database is up and running. and you need to be in the folder containing variety.js
you can get basic output using the command
mongo DATABASE_NAME --eval "var collection = 'COLL_NAME' " variety.js
simply replace DATABASE_NAME with the real name of your database and COLL_NAME with the real name of the collection to show information for.
***NOTE In my latest contribution I have added the ability to show information on all collections, it will show any that are not empty, however I have made it not show info for the system.indexes collection, which is a collection made by MongoDB to maintain the collections and database. I have also added the ability to specify an array for var collection, this allows us to analyze more than one collection at a time, when we don’t want all of the collections. Soon you should be able to use these features using the syntax of:
all collections
mongo DATABASE_NAME --eval "var mode = 'recursive' " variety.js
array of collections
mongo DATABASE_NAME --eval "var collection = ['coll1', 'coll2', 'coll3'] " variety.js
database using non default port???
No problem you can include mongo queries in the command to connect to your database just like you do in mongo shell
mongo DATABASE_NAME --port 27111 --eval "var collection = 'COLL_NAME' " variety.js
maybe a non default location?
mongo DATABASE_NAME --dbpath /path/to/database/folder --eval "var collection = 'COLL_NAME' " variety.js
want to sort the data
Of course in large collections we will want to sort the data in certain ways! For this simply include another mongo query, the $sort command. Here we sort by the date field in a decending order. the sort command is very powerful if you don’t understand it’s usage I suggest you read up on the $sort command.
mongo DATABASE_NAME --eval "var collection = 'COLL_NAME', sort = { date : -1 }" variety.js
analyzing subsets of documents
There comes a time that our databases are so big analyzing subsets of documents may be needed, well the maintainers of variety have already thought of that. Again the ability to add queries is a very powerful feature of Variety. we can specify the subdocuments to examine. The following will analyze only documents where caredAbout is equal to true, quite an awsome feature.
mongo DATABASE_NAME --eval "var collection = 'COLL_NAME', query = {'caredAbout':true}" variety.js
JSON outputted data
By default the statistics are outputted to the screen in a nice little ASCII formatted table that looks like the picture at the beginning of this article, which is nice but what if we need JSON formatting? easy fix with this command outputFormat = ‘json’
mongo DATABASE_NAME --eval "var collection = 'users', outputFormat = 'json' " variety.js
printing
Printing is easy in linux we can simply pipe the output to a file and print it from there.
mongo DATABASE_NAME --eval "var collection = 'users' " variety.js > FILENAME
One may also mix the options to get more specific in what sort of data they are analyzing, I encourage you to checkout the GitHub site for more information and some other examples. Please take a look at this wonderful tool if you are using MongoDB and let us know what you think. Many thanks to the core contributors of the Variety tool.
Tomáš Dvořák
Wes Freeman
James Cropcho (original creator of Variety)
Hey it’s been a while since I have shared a project of mine, I have been very busy lately. Today I am going to share a program called JmIRC. This program allows users to chat on IRC using their mobile phone. This program is Java based so you don’t need to have a smart phone!!
This program works on any phone that allows Java based apps, which is most phones, it will work on smartphones as well but the people that can’t afford a smartphone can also use it.
The first thing you need to do is find out how to install a java app to your phone. I won’t cover this part because it depends on your phone on how to do it. If you need any help figuring out how to do this let me know and I’ll be more than happy to help you out. Most phones will need a usb cord to do this
Once you have the directions then you need to download the program. You can get the files below or visit the sourceforge page at http://jmirc.sourceforge.net/
Some phones will need the Jar and the Jad file, others will only require the Jar file. Again it depends on the phone so find the directions to install a java app on your specific phone before you attempt this.
Once installed you can open the IRC app and setup some profiles, http settings,and basic settings. When you want to connect click menu then scroll down to the bottom and hit the connect button
The join button will let you join channels on the server and the menu now gives you other options such as query, names, favorites, bytecounter, and msg. To send a message click on msg and write your message then click send
JmIRC offers some nice options such as using a proxy, displaying timestamps, using colors, status headers, nickname resolution, 3 different font sizes, character encoding, string highlighting, and more
Profiles can hold username and passwords for connecting to servers although this may cause security risks depending on your phones OS, your providers settings, and others settings on your phone.
Overall JmIRC is a very wonderful application for your mobile phone and I highly recommend it. The fact that you don’t need a smartphone to connect to an IRC server is absolutely fantastic. Please let me know what you think of the program.
If you know how to program with Java and want more functionality you can download the source code from sourceforge.net and change it to work for you! Please let us know about your mods and hacks to the program.
Intro
Many people think that putting your bluetooth device in un-discoverable mode makes it so that noone can see your device. While this is true for the conventional user, it is not accurate! Bluetooth devices can still be found by knowing or guessing the BDADDR which is the bluetooth equivalent of a MAC Address.
The good news is that guessing a BDADDR is very hard and even when using a program it takes ALOT of time to check all the possible addresses. There are however a couple of tools out there that make it possible. This tutorial is how about one of those tools called BlueChomp by Bluesheep Security.
BlueChomp is an alternative to the program RedFang. BlueChomp can look for devices with all possible addresses, within a specified range, or even from a file that hold a list of BD Addresses. you can always download the latest version of BlueChomp fromhttp://public.bluesheepsecurity.com/bluechomp-latest.tar
you can also get some files that hold lists of BD Addresses to load into the program. You can get these at the bottom of this page if you wish or from the Bluesheep Security website.
Now lets dive into the use of the program
NOTE: This program is made for a linux machine
After you have downloaded the program all we have to do is extract it
put it into the folder you want it to be in and issue this command
sudo tar -xvf bluechomp-latest.tar
Now we get a folder called “bluechomp” let go into that folder
cd bluechomp
I suggest reading the README file for information on its use but we will be covering it here also
to run the program issue this command in your shell, we will talk about options in a moment, but this shows basic use
sudo ./bluechomp
This command checks all possible BD Addresses it returns the BDADDR of any device that can be found. This includes devices in discoverable mode and also devices that are not in discoverable mode!!! This type of scan however takes a VERY VERY long time there are allot of possibilities to run thru, on top of that the device we are searching for can take a while to respond so if we don’t want to miss a device that is actually there we have to allow enough time for it to respond. If we dont wait long enough then we don’t know if the device is not present or if it just hasn’t responded yet.
Ok but what if you do not want to sit there and wait for the program to scan all those addresses?
Well lets take a look at some options this program has that allow us to cut the time down that it takes to scan for devices.
-d
this option lets us use more than one dongle we can use it like in this example below
sudo ./bluechomp -d 4
This tells it to use 4 devices to search, they have to be the first 4 dongles plugged in if you have more attached. This functionality helps a little bit but will be updated in the future to improve performance.
-s AND -e
these options allow us to specify a range of addresses to search for.
-s allows us to give a starting address. Alone it will run from the specified address to the address FF:FF:FF:FF:FF:FF.
-e allows us to specify an ending address. We can use it alone or coupled with the -s option. Alone it will run from the
address 00:00:00:00:00:00 to the specified address.
-s -e Using both options together allows us to scan from the address specified after -s until we reach the address specified after -e.
This allows us to specify a range to scan within.
Here is an example of its usage
sudo ./bluechomp -s 00:00:00:00:00:06 -e 00:00:00:01:FF
Again we can use only one of these option or we can use them together like I have shown above.
-i
Another way to specify the BDADDR list to scan for is a file. Unlike the other options a file allows us to specify only specific BD Addresses, therefor we don’t have to scan a range of addresses we can check many addresses that are not consecutive. This can be used when we already know the BDADDR(s) that we are looking for. With this option we can also target specific devices, perhaps we are targeting a specific device that we know is vunerable to a certain attack. The file needs to contain one BDADDR on each line. The files can be downloaded from the website, made by yourself, or generated from found devices using the -f option Here is its usage
sudo ./bluechomp -i input.txt
This suggests that the file is in the same directory as bluechomp if the file is located somewhere else you can use a full path to the location such as /root/home/file.txt
-f
Ok Now as mentioned we can dump the addresses we find to a file and we can even load them later on if we want with the -i option.
To do this we use the -f option. When we use this option we dont see any output to the screen, when the program is done scanning then we see the shells prompt. Here I show an example that saves all the found devices into a file called output.txt
sudo ./bluechomp -f output.txt
-l 1
The LOOP option is best used when you are loading from a file using the -i option, however it can always be used with any type of scan. it simply keeps searching from beginning to end then it goes back to the beginning and starts scanning again. When you use this option the program will never stop looping you must hit CTRL+C to exit the program. you must type the number 1 after it like in the below example, this will turn it on
sudo ./bluechomp -l 1
This option will loop thru all the possibilities which will take forever, but if you combine it with the -i option or specify a range with the -s and -e options then the -l option becomes more useful. Note that if you are logging to a file with the -f option and a device is discovered then loops and is discovered again it will put a second entry into the log, future versions should fix this issue
While using the Fivestar module for Drupal I came across a situation where I wanted to use multiple seperate votes on a single page. Okay this can already easily be done no problem but I didnt want to clump them all together at the bottom of the page nor at the top nor in the middle. I wanted to instead use them inside my content as I was writing the content of the page. This would allow me to get votes on multiple things as they read the article. This was helpful since my article talks about multiple ways of achieving the same outcome and I wanted people to be able to vote on each as they tried them.
So lets get on with how I achieved this.
This tutorial assumes you already have the fivestar module installed if you do not then please read the directions on the Drupal project page for the Fivestar module to install it. This tutorial will not discuss the installation of the module.
Preperation
First thing you need to do is enable php in your content, This feature comes with drupal when you install it however it is turned off by default for security reasons, but dont worry we will make it secure.
So to enable it first go to Administration and to the Modules area of your site
Here we will use the standard technique to enable this module. Below we can see the module named “PHP filter”
after we check it to enable it we simply go to the bottom of the page and click “Save configuration”
Ok now to make sure its set up in a secure manner
Navigate to Administration and click on “Input Formats” in the menu it should be under Site Configuration
We can now see in the list an entry that says “PHP code” and after the name it should say “No roles may use this format”. This is good and exactly what we want since we only want the Administrator, which is you, to be able to use php code in there posts. We can change who can use php code if we click on configure but I highly recomend not letting ANYONE else use php code as it could lead to your site being comprimised!!!
make the votes
Ok for votes we must now make a new content type, sorry but this is the only way I could figure out to make this work. In your administration menu find “Content Types” and click on it, Now choose “Add a new content type” at the bottom.
Fill in the NAME and the TYPE for name I use Vote and for type I will put vote to tell me that it is a vote.Optionally you can add a description
Next find where it has your Fivestar settings for the page, If you dont see it on your page you need to configure Fivestar to be on this content type or on all content type, this is covered in the installation and setup of Fivestar.
Once you have found the Fivestar settings go ahead and enable it if its not enabled and change your settings to your likings. An example is below but your settings will probably be different.
Once done you need to hit the “Save Content Type” button below.
Now go to the “Manage Fields” tab on the top we should now delete all field that we can cause we only want our vote on this page.
We also must add a field of the “fivestar rating” type like I show below
If we navigate back to the Manage fields tab for the Vote content type we can Configure the field at any time with different settings I also suggest moving its position just below the Title. Again make sure you have saved if you change anything.
Create a vote
Ok now for each Vote you will need to make a new content of the type Vote, which is the content type we just created , maybe you named it differently, So Click on “Create Content” and Choose “Vote” or whatever you named it.
Now you should see a page similaur to this
Name it something to do with what type of vote it is for example if it was a vote on cherries ui would name it “cherryvote”
Once you have named it go ahead and Save it
Make sure its only in the menu if you want it to be and make sure you have comments disabled and do not publish it to the front page or sticky it
Now Save it but dont navigate away!!!!!!
Collecting the nid #
Once you have saved the new content it will show you the content we have just made It is very important that you look at the number at the end of the url this is the NID # we must write this down ! in my case the nid # was 32 and the end of the url looked like this
inserting into a page
Ok now that we have a vote setup we can dynamically insert a code into any content to make it display. This even works in the middle on the page or in multiple spots throughout the page and you can make more votes and add many votes throughout a single page.
you need to make sure you choose PHP code under Input format.
Now in your content when you wish to add the five star rating simply add the code
NOTE: Where I have the number 32 you must put the nid number of the vote you want inserted!!!!
You can use this code to add as many votes within your content as you want. The votes will show the correct amounts and will function fully allowing people to use them to vote. Here is some code and the resulting page.
Please feel free to leave any questions or comments below 🙂 Hope this helps some of you with your drupal sites.
Ive seen many tutorials out there for installing the ubertooth on linux. Getting the ubertooth up and running isn’t hard to do but installing the kismet and wireshark plugins can be a little bit tricky if your not a linux guru. So now I introduce a real simple way to install the latest ubertooth code, along with the kismet and wireshark plugins. You can head over to the website http://www.bluesheepsecurity.com and download a script from the site that will set everything up for you automatically. It downloads the latest ubertooth code, the latest kismet and the latest wireshark, then it will make the appropriate changes to the files for the ubertooth plugins and install the programs. Warning though this script takes a while to run all the way thru but it would take just as long to do it yourself if not longer, this is mostly due to wireshark needing to be recompiled to include the bluetooth plugin for the ubertooth. Don’t worry though the install has been easy with the script here are the instructions:
*NOTE this will only work on systems that have apt installed, if there is a need for a version that will work on OS’s that don’t have apt I may write a version for those systems but as of right now only systems with apt installed will run this script correctly
download the script from http://public.bluesheepsecurity.com/ubertooth-kismet-wireshark-install-l...
wget http://public.bluesheepsecurity.com/ubertooth-kismet-wireshark-install-latest.tar
move the file wherever you want with command
*NOTE this is where you will need to navigate to in order to access the ubertooth code and the programs that come with it.
sudo mv ubertooth-kismet-wireshark-latest.tar /pathto/folder/
now change to the directory you moved it to and run the command
sudo ./install
That’s it everything will be taken care of it will take a while to run through the whole thing so you might as well grab a cup of coffee and find something to do for a bit while it runs.
If it asks if you are sure you want to install the software you will need to answer Y for yes
Hope everyone enjoys this automated script and more importantly enjoys their ubertooth 🙂 If you like this script please make an account over at www.bluesheepsecurity.com there will be many new programs and info added to the site soon. Also feel free to join us on IRC over at irc.bluesheep-security.info\6667 channel #bluesheep
As webpage developers we know about and commonly use the width and height attributes to change the layout of our pages. But here is a not very known fact that I just came across, IE or Internet Explorer atleast since IE 8 supports not only whole numbers but decimals as well in the attribute. It doesn’t seem that Firefox or any other browser will support this but for example if we have width=”99.9%”
IE will return the extra .9% thus typing width=”99.9%” will display different than typing width=”99%”
however if using a browser such as Firefox if you have width=”99.9%” it will render the page or element at 99% leaving out the extra 0.9% that we added
This could be useful in some way for small adjustments on your css but is best used in CSS when you have a different css file loaded based on the detected browser.