I’ve been going over some of the pending things in my todo lists. Here’s a few things.
I don’t know of anything that can browse shares in Gnome on Ubuntu (Nautilus can using smb:\\server\share, but that requires knowing your target). So I installed smb4k which is available through Synaptic. Seems I needed a bunch of other stuff, including kdelibs. While smb4k is a KDE tool, it seems to run just fine in Gnome. It can be loaded from Applications->Accessories. The initial load will throw a non-terminating KWallet error, but then happily disables itself and continues. One bonus is the ability to manage and see existing mounts.
If you see a system but aren’t sure what OS it might be (if Windows, then you can try those fun admin shares!), you can check it out using an OS fingerprint tool. Yes, nmap and p0f are your typical choices, but SinFP might be a third option. I decided to try this on Windows and followed the instructions given. Everything seemed fine, but when I tried to fingerprint anything on my network, I typically was told I cannot fingerprint a closed or filtered port, even though I know it was open and allowed. Most of the time perl.exe would then spin and I’d have to kill it. Not sure what was going on, but might revisit it at some later date on Linux, perhaps. Regardless of the results of this tool, being able to know some of the differences that operating systems display in various packets and other behavior is some pretty fundamental and “not difficult” stuff. Being written in perl, it might be nice to read through this tool’s signatures and techniques.
XAMPP looks like a nice way to get a full compliment of tools and applications for a web server set up quickly on either Linux or Windows (or others!). I’ve not tried this out as I wanted to do stuff manually with my latest build, but I might consider XAMPP in the future.
Here is a snippet of a Dan Kaminsky presentation on SSL Hell at Toorcon. He talks about the bad things he has found about SSL through his huge scans of the Internet. I really dig that he admits security people can be wrong when trying to require SSL on every page. SSL can be intensive on servers and the hardware doesn’t scale well with it. One thing I didn’t like is a minor quibble. He points out that a lot of sites don’t appear to use SSL (https) on their logins, but I’d like if he just said, “I sniffed this transaction to verify it wasn’t secured underneath what I can see in my browser.” He’s probably correct in saying they were insecure, however.
I can’t remember where I found this originally, but I wanted to document it on my site for future reference. This reg script should add the ability to right-click any Windows folder and launch a cmd prompt at that location. Update: Looks like I maybe found it here.
REGEDIT4
[HKEY_CLASSES_ROOT\Directory\shell\DosHere]
@=”Command &Prompt:”[HKEY_CLASSES_ROOT\Directory\shell\DosHere\command]
@=”C:\\windows\\SYSTEM32\\cmd.exe /k cd \”%1\””[HKEY_CLASSES_ROOT\Drive\shell\DosHere]
@=”DOS &Prompt Here”[HKEY_CLASSES_ROOT\Drive\shell\DosHere\command]
@=”C:\\windows\\SYSTEM32\\cmd.exe /k cd \”%1\””
didn’t christopher abad write sinfp in 2000 about a year before zalewiski wrote p0f. afaik, sinfp hasn’t been updated in 7 years.
probably the best way to do fingerprinting is to work for Qualys (since they don’t share data), or become a member of the Arbor Fingerprint Sharing Alliance. Or be a Tenable PVS customer.
you’ll also want to check out this , this, this, this, maybe wait for this to occur, maybe this zip file, combined maybe this this zip file as well, this is good if you have no details on the protocols at all, and you could always use ettercap’s fingerprinting service which is what i do and i think what most people do.
oh no wait, that was siphon that davis and abad wrote. sinfp looks pretty neat, too.
Yeah, SinFP is fairly recent, and I’ve been waiting quietly to see what OpenPacket produces. Those others tools look like fun things to try out! I forgot to mention ettercap. I knew there was some other one I was leaving out. Thank you!
Wow, dre, nice comment!
Just two quick things on this post:
1.) XAMPP is freakin’ awesome. You can get a portable version at http://portableapps.com/apps/development/xampp
Just for the people that don’t know, XAMPP is a web server that has a lot of built-in goodies.
From their website:
The distribution for Windows 98, NT, 2000, 2003, XP and Vista. This version contains: Apache, MySQL, PHP + PEAR, Perl, mod_php, mod_perl, mod_ssl, OpenSSL, phpMyAdmin, Webalizer, Mercury Mail Transport System for Win32 and NetWare Systems v3.32, Ming, JpGraph, FileZilla FTP Server, mcrypt, eAccelerator, SQLite, and WEB-DAV + mod_auth_mysql.
The only thing that’s missing is Ruby. A quick Google search will yield a few installers that install over XAMPP but it would be nice if it was included already.
I’ve used XAMPP a lot in the past when I was taking a class on PHP and Perl. It’s just too easy to unzip XAMPP and have a fully working web environment. Now, thanks to portableapps.com, your XAMPP is completely portable.
For my web servers I install Apache myself, but for a quick development platform (especially on Windows) XAMPP is unbeatable.
2.) Your post on the DOS shell from the right-click context menu is invaluable. Usually, I’ll install the MS utility that does that, but having the actual registry keys just makes it that much easier. Thanks!
Sorry for the double comment, but I just noticed on portableapps.com that they’ve updated a lot of their software and added a few new tools to the mix.
One in particular is this one:
http://portableapps.com/apps/utilities/command_prompt_portable
Command Prompt Portable is a simple utility that allows you to have a custom command line setup on any Windows computer you come across. It has built in support for the command line interpreters on both Windows 95/98/Me and Windows 2000/XP/Vista as well as the ability to customize using simple DOS commands by editing the .bat file within CommandPromptPortable\Data\batch after you’ve run it once. You can customize the prompt, colors, window title, columns and more. A basic batch file is included with some simple settings.
While this in no way compares to being able to right-click on a folder and opening a DOS shell, it does offer a way to get a DOS shell on a computer that might prevent such an action … if the computer allows USB device access, that is.
Thanks! I really dig that affirmation that XAMPP is kinda cool. I’ve yet to use it, but it sure is tempting to look into to play with. Wow, Portableapps has really kinda grown lately. I think that’s in my backlog of things to look at, but I’m certainly impressed.
About your first complaint: I can browse shares with Ubuntu just fine by going to Places -> Network is the machines are on the local subnet. If not, it’s a whole other story because NetBEUI can’t cross routers.
XAMPP is very nice tool. I found it less useful for Linux however, because here I can just do an apt-get install apache apache-mod-php or something like that and I’ll have a functional test-server in no-time. Also, look out that the package was intented as a test server, rather than something that should be put into production, and because of this it has insecure default settings.
Great info from both post and comment on fingerprinting, thanks.
fyi — I know I first saw the command prompt here hack from the microsoft powertoys. They’ve always had some cool stuff in those, though I haven’t looked at them in a while:
http://www.petri.co.il/add_command_prompt_here_shortcut_to_windows_explorer.htm