glastopf(POST)
Glastopf is a rather interesting piece of work; it is a minimalistic web based honeypot which basically captures your GET, HEAD and POST requests parses and stores them. Easier said than done, because to get proper results the system should anticipate different forms of attack. The more you are prepared, more information you gather. I had come across glastopf about a month back; but got the chance to play around with it, only today. Here`s how a typical POST request is captured. Here`s the honeypot powered up…
Here`s the web-interface…
Aand heres the stored data…
I find interactive honeypots more interesting as of know though, partly because i don`t really understand how it works. Spose i`ll do some help by writing up some documentation for glastopf and then move on to interactive honeypots.
PyAutoRun
PyAutoRun is a CLI-based app which attempts to make quick scripting and coding on the terminal, even quicker. Coding on the linux terminal needs you to type out commands for editing and compiling the file, followed by executing the obj file.
PyAutoRun manages to do this in a single step by opening the file you need using an editor of your choice(which depends on the configuration file), compiling and running the program for you on exit. This is a very simple application which is designed at making better use of your time at the terminal. The latest stable version can be found here at the google code repository.
Do let me know if theres any feature you want to be added(which is`nt already there in the TODO list).
Hope this helps you get quicker!
update #1 
Oh. And many people have been asking me if i`m a GNOME user by looking at all the pics i`m putting up; but please, im a KDE fan. Right now, i can`t import the Monaco font(which i LOVE, by the way) into my konsole for some reason. So until, i find a workaround; thats how the my pics are gonna be.
update #2
just uploaded it to PyPI.
4.5 mins approx.
Scripting unlike coding is more fun when its a race against time. In most cases there`s a need, and you just happen to write scripts to get things done real quick without much thinking. Only this time, i tried checking out how long it took me. 
I realized that i needed to display all the files containing a particular phrase; if it were in the same directory i could simply do a
egrep "phrase" *
But i had multiple folders and files among them. I supposed that there would be some really neat bash command or one-liner that could do the same but i was too much in a hurry to google it. So, heres my py script(yeah, pretty long, but i was in a hurry, remember? ) which takes input from a file having the contents of “ls -R” and outs the results to “out”.
I bet there are better ways to do this; shorter `n more pythonic. Chances are theres even a bash one-liner for it(maybe a single command im unaware of). In that case do post…
01:58, Sunday, 13th December
Its almost 2 in the morning and i`m damn tired. i spose this is the first blog-post im writing while at the hostel; but that`s just another little “something” that crossed my mind in the last 2 minutes…
“gotta check out the amun honeypot, finish off a jsp web-app, think about simulating endoscopy, getting addicted to python every time i work on pyautorun, keeping myself from trying out pythonchallenge.com, feeling sleepy, bored of tweeting, writing a blog post, hmm-never written one away from home …”
`n to top it all, i`ve been dreaming a lot bout getting my hands on an Apple Mac towards the end of the coming summer( aaah, the usual dreams are still there too ).
Had a good time at the beach yesterday; the day would`ve been perfect if i had`nt ruined my cell phone. Had an awesome lunch too – reminded me of home sweet home.
Plans of going home on the 15th may have to be postponed; the amount of pending work i gotta finish keeps on piling up. But hey, all the work piles up coz i want it to; coz i know its a piece of cake if i would just put my mind to it.
Ahh, now that is the one thought that helps me sleep at night. Everynight.
So, maybe i will go home on the 15th. haha… just kiddin… Goodnight everyone.
oh, n did i mention that green`s starting to be my favourite colour for some reason? 
like i got nothin` better to do.
I`ve never really been a very responsible person; now that i think about it, i feel that personality traits such as getting distracted easily, and laziness contribute in a major way to it.
As most of the blog posts put up here, this one is also posted a day before the college reopens. This time i had a dozen screenshots to prepare, try out a few python dbus scripts and write a detailed note on Huffman compression scheme ( i don`t usually do assignments on my own; but this one sounded interesting).
However, i had just installed a brand new Jaunty on my machine and the so, was obviously it was just not configured to work my way. I started with organizing my files and then moved onto theming my machine(something which seemed like it just HAD to be done juuust that very moment. 
)
So, i started getting themes from www.gnome-look.org and customizing them. 90 mins later, what you see on the right is what i got.
I was pretty happy with the new look, but (sadly) i dint stop there. :-/
I went on to changing the GDM login screens; and when i`m done with that i start modifying it(that went pretty well too; it was easier that i had expected). Aand after that i went to to get my dinner and right now, here i am writing this blog post like i got nothing better to do.
Adios! Lemme know how bad my desktop looks right now…
Back when coding was fun
There was a time when doing a project meant fun, rather than “completion-within-a-deadline”; there was a time when mere curiosity taught me a lot more than the will to learn, and “work” was`nt quite referred to by that term.
I don`t know why but i associate almost every song i hear with a person i know, an event in my life; sometimes even food and aroma.
One look at my first project while listening to one of my favorite songs during high school, brought back loads of old fond memories. C++ was the first language i had ever learnt. And my high school project was a simple, yet elegant Library Management System(along with ol` pal Aju). I had learnt a lot during the course of doing that project and it had taken us around 3 months to complete it. I remember checking the internet back then for ideas i could implement; but remember not liking any i had come across(maybe its `cause my googling skills were`nt half as good back then, dunno). However, the resource i had used to the fullest was the Turbo C++ Documentation. By the end of high school i had gone through all the documentation in Turbo C++ about graphics programming. Minimize resource requirements, Maximize Output. That seemed to work all the time.
Now, i never really was interested in graphics or the GUI aspect of programming(i still am not); i`d done the GUI part in the Library Management system just for the kick of it. And now, its been ages since i`ve coded that way.
College was a place where i was overwhelmed by the technologies and the limitless possibilities around me; and i started utilizing them – one by one. During my first year, i played and experimented with a lot of technologies around me; there were people who could clear half my doubts, books and magazines to double them up again. It must have been the most productive part of my life where i actually enjoyed getting to know stuff so much. From here, later on, spawns my ambition to work in the area of Information Security.
As time passed on, i got my hands on a handful of projects, doing them was fun at the beginning but then my attitude towards programming started changing slowly. I regret saying this, but from then on projects started becoming mere endeavors to learn something somehow AND put it on my resume. I resent saying that, but that is the truth.
All of this sudden realization, thanks to a song and one of my most prized pieces of high school code.
Now, i`ve decided to work on a web application(GUI again), just for the hell of it. I know i`ll learn loads, but thats not the point anymore.
`coz this time its for the fun in it.
Download videos from securitytube.net
It was a Sunday morning `n i was at home. I had to get on a train back to the hostel at noon; a lot of pending work undone, i had to download those videos from www.securitytube.net pronto.
I usually download videos put up on youtube using www.keepvid.com ; its a really good site which gets the job done – nice and easy.
However, videos from securitytube could`nt be downloaded this way; so here are a couple of ways to do it(thnkx to Anirudh and ideamonk)
Method 1 :
———
Viewing the source of the page in which the video is being played, and searching for “.mp4″ gets you the actual location of the video. All you have to do is use a download manager to download from that location. I use firefox, and i used the download manager which came with the addon named “DownThemAll!” for this purpose.
Method 2 :
———
In case you are using linux, then the videos get buffered into the /tmp directory. Mostly, they`ll begin with the name “Flash” to be followed by a few other numbers and characters. Just copy them to a different location AFTER the video finishes buffering.
Hope this helps!!!
Buffer overflows; the way i see it
Towards the beginning of this month, i was part of a team that had taken part in the CIPHER 5 capture the flag competition; due to lack of experience and preparation we had failed to fare well in it; we came out 22nd out of 32 worldwide.
However, buffer overflows was a topic i did not manage to cover fully during the preps for the competition; so i continued my work on it even after the it. My work is mainly on the Linux distro named DVL – Damn Vulnerable Linux(you mite wanna google it out if you have`nt heard of it); its a linux distro based on backtrack which has got vulnerable apps of many various kinds which are excellent for practice. It was referred to me by Marcus J. Carey, a security auditor who has helped me in numerous occasions.
Now, i don`t pretend to be an expert on buffer overflows; i`d rate myself intermediate. However, i`ll mention a few guidelines you could follow which might help you at exploiting overflows. SO, here are the references(please let me know if there are better ones)
1. Try reading `bout buffer overflows on wikipedia.
2. Video tutorials on “Assembly programming in Linux” which`ll explain the basics of memory management and assembly programming on an Intel x86 system by Vivek Ramachandran.(1-7 is enough). Neat work.
3.Video tutorials on “Exploiting buffer overflows” by Vivek Ramachandran(1-5). Neat again(but a bit slow).
4.Try reading “Smashing the Stack” ; an excellent article by aleph1 which was published in the Phrack magazine.
Now, once you are done with all that you could try out DVL(i used DVL 1.4); i`d suggest you go through the challenges in the -
/dvl/exploitmes_package_04/
directory before going through the others. After going through all the above tutorials the challenges in that directory should be a breeze.;-) However, if you still find trouble there are a nicely written tut`s in that directory itself. I strongly advice you not to go through them in the beginning.
So what am i upto now? Well, i`ll let you know when i`m done with that…
P.S. if you wanna know how to download videos from www.securitytube.net , read this.
minor shockwave at perumbavoor
Its been a long time since i`ve last blogged; and its sad that i`m writing out a post on such short notice after a really long time.
I was sitting in my room, blog-surfing when i heard this really loud noise from behind. It was also accompanied with a strange and strong vibrating sensation. It passed as quickly as it had come; i rushed downstairs to ask mom `n dad about it. However, they had`nt experienced any sort of vibration on the ground floor; they had just heard loud noises.
I came back to the room to see a twitter update of an old chum, who lived nearby reporting the same. As time passed, more and more tweets from people who lived near me began to come up. We still had`nt got any formal confirmation or any news report confirming the same.
It was about 40-50 minutes later that the news was confirmed. We had a minor earthquake at perumbavoor. The epicentre was at mazhuvanoor; and i had gotten the news from www.manoramanews.com.
(NOT ABLE TO READ MALAYALAM IN YOUR FIREFOX BROWSER? INSTALL this firefox plugin.
More updates on this post will come up soon.
EV-DO on ubuntu 9.04
Using an EV-DO internet connection on your ubuntu was never that hard, but then again, its boring repeating the same steps on every new installation of ubuntu(unless you have a script to automate it; i.e.). Usually you have to mount the USB modem(type usbfs, just in case you`r wondering) and manually create a symbolic link /dev/modem which points to /dev/USBtty0 so that wvdialconf recognizes your usb device as the modem to be used.
However, In Ubuntu 9.04 i was surprised that mounting and creation of the symbolic link had taken place automatically.
So, all i had to do was run :-
$ wvdialconf
This resulted in the creation of a wvdial.conf file in the /etc directory which could be edited and used for saving the username and password.
However connecting using ‘wvdial’ still caused a problem; it just would`nt connect. Figuring out the solution was`nt hard though – There was a line which read :-
Modem – /dev/USBSL0
All i had to do was change it to
Modem – /dev/USBttyS0
and whoallah! Connected to cyberspace!
But the speed sucks! And i have no clue WHY!
Wanna know how bad the speed was…?
I was on a brand new Vista using IE…. i had better browsing speeds there. No kidding!
leave a comment