Automatic Hosts File from NetBIOS Names

Submitted by jonas on Mon, 12/21/2009 - 19:57

Ever wondered how Windows can scan for computers on your network and address them only on their host names?
My autohosts script reads NetBIOS names from your network via nbtscan and adds the hosts to the /etc/hosts file via hosts-manager.

File scrubbing extension for Nautilus and Thunar

Submitted by jonas on Sat, 11/21/2009 - 09:24

To sanitize modern disk drives or to completely remove single files, I recommend to use scrub. Scrub overwrites selected files with random patterns. It can use several patterns, of which some of them are approved or recommended by the NNSA and the German Center of Security in Information Technologies.

Simple arp spoofing detector

Submitted by jonas on Sat, 11/07/2009 - 10:13

After I read some information and tried out ARP poisioning (ARP spoofing), I am very impressed on how easy and dangerous sniffing/man-in-the-middle (MITM) attacks are.
And how can we protect ourselves and our data from being seen by other "hackers"?
Well first of all, we have to understand how ARP spoofing based sniffing/MITM attacks work:
Basically it's something like this:
For example, we are trying to attack the data data stream from Host A to Host B and the other way round (usually, it's a host and its gateway).
For normal communication, host A knows that host B (IP 192.168.0.1) can be physically found under the mac address 12:34:56:78:90:AA, and host B know that host A (IP 192.168.0.2) has mac address 00:11:22:33:44:55.
If we want to intercept communication, we tell host A "Hello, host B moved to 33:33:33:33:33:33 (attackers mac)", and to host B we send "Hello, host A moved to 33:33:33:33:33:33".
Now both computers send their packets to the attackers computer, and we forward them, so our attack doesn't get detected.
With this connection setup, we can sniff and/or modify the data.

To protect against ARP spoofing attacks we actually only have to check if our gateway's mac address changes.

This can be implemented with arp -a. I did this in a very simple shell script:

Better kismet mac-address manufacturer list

Submitted by jonas on Thu, 11/05/2009 - 15:49

Since I was not satisfied with the mac-manufacturer list that was distributed with the Kismet package, I decided to make my own list, based on a manufacturer list I found on this official ieee page: http://standards.ieee.org/regauth/oui/oui.txt

This code wget-downloads the file and converts it to the Kismet manufacturer list format:

tcpdump URL extraction

Submitted by jonas on Wed, 11/04/2009 - 20:36

After I studied some of the low-level sniffing tools like DSniff, Wireshark, Ettercap and tcpdump, I noticed that the "webspy" tool of the dsniff package is a really cool thing to have.
But it's really difficult to use, it's just not like the usual network dumping tools!
So I wrote a bash script that runs tcpdump and processes the output - extracting the URLs that are visited through the interface (specified by -i option) during the dump.

How to install Drupal on a Ubuntu System

Submitted by jonas on Tue, 11/03/2009 - 16:29

I know, there are probably one million how-tos on the subject out there, but I am going to make it as short as I can; it's not supposed to be a step-by-step guide, but a motivation for advanced Linux users who want to try out Drupal.

Such a Drupal Content Manageing System running on a Apache Server on Ubuntu Linux (or similar distros) consists of four main components:

  • Apache2
  • PHP5
  • MySQL
  • Drupal6
Syndicate content

Fatal error: Call to undefined function drupal_cron_run() in /srv/disk6/n3t/www/n3t.awardspace.us/modules/poormanscron/poormanscron.module on line 48