Domain: packetfactory.net
Stories and comments across the archive that link to packetfactory.net.
Comments · 8
-
What a waste of time
TTL based routing analysis (traceroute), whois retrieval and plain DNS lookups, is that all? And not even a rundown of the nmap commandline, just nslookup(.exe) and tracert(.exe).
Where is all the other TTL based stuff like, oh I don`t know figuring out what packet filters ("firewalls" for the mysticism fans) are dropping along the way? What about OS fingerprinting, simple googleing, what about DNS zone transfers, how about looking for published traffic graphs? How about simply connecting and letting something (mail, or webserver) give you its information?
kids these days can`t stalk a mainframe walking down a shopping mall.
-
panic("bogons in the VM system!");
A crash means you killed, not just a task, but the whole system. In a system as robust as BSD this usually means that the code that was corrupted by the exploit was running at a kernel permission level. So if you can take it over you can get it to give you any permission you want.
You make a good point.However, keep in mind that there are quite a few areas in (all?) BSD-derived IP stacks where a seriously malformed packet will cause the kernel itself to throw up it's hands and call panic("WTF?!?").
$ grep panic
/usr/src/sys/netinet6/*.c | wc -l
42I've found that just about any system will eventually panic if you sic ISIC at it from within the same subnet.
Cool OpenBSD kernel panic messages:
panic("can't happen: system seems to have no memory!");
panic("pmap_init: bogons in the VM system!");or the elegantly simple:
panic("something is wrong");
panic("for safety"); -
Re:AddendumAnd after the following conversation....
Yes, Cal State Berkely? Yes, we did receive the info you've provided. We appreciate your co-operation. There is something else, however. According to your logs, the MAC address for the assigned IP address implicates the Dean. We're going to have to take him into custody. Oh, you'll get his lawyer on the line? Great.
Yes, Mr Very Expensive Lawyer, this is the FBI. Oh, your position is that the MAC address was spoofed? Oh, dang. Well, I suppose we can let the Dean go... THIS time.
That's also assuming that the guy uses his university WiFi. He could always find some nice, open Linksys AP's. In my town, I've found close to 150 open Linksys ones that seem to have all the defaults enabled (default SSID, default chan, so default security settings can be assumed - user:admin, pass:admin), so IF logging is turned on (isn't by default), it can be turned off easily. Hell, these things are everywhere. I've even found a hearing aid store with a wide open AP.
Besides, how easy would it be to track someone if all you knew was the university they attend and their MAC address? You would need the co-operation of each and every student on campus. Good freakin' luck!
-
Re:Generic Tools?
I don't know about tools to do it without breaking the connection (because I think the two sides would get confused about sequence numbers if you just stuck an extra packet in), but I have come across the nemesis project. Haven't actually used it, though. For more general packet-generating, sendip can generate arbitrary ip packets.
-
libnet
Why doesnt nmap use libnet?
-
iTunes- The illegial copying program?I've been looking into this a little bit (and reading Pudge's remarks on Perl.org)
The files are streamed as standard mp3 files, over http. Because of this, you can capture them, just as you can capture a "mp3 radio" station.
Using ngrep (which compiles cleanly on OSX), you can watch the network traffic.
192.168.1.101:49186 -> 192.168.1.102:3689 [AP]
GET /databases/35/items/289.mp3?session-id=11720 HTTP/1.1..Host: metadata:1..User-Agent: iTunes/4.0 (Macintosh; N; PPC)..connection: close.. ..
T 192.168.1.101:49187 -> 192.168.1.102:3689 [AP]
GET /databases/35/items/290.mp3?session-id=11720 HTTP/1.1..Host: 192.168.1.102..Cache-Control: no-cache..Accept: */*..x-audiocast-udpport:49177..icy-
metadata:1..User-Agent: iTunes/4.0 (Macintosh; N; PPC)..connection: close.. ..
T 192.168.1.101:49188 -> 192.168.1.102:3689 [AP]
GET /databases/35/items/291.mp3?session-id=11720 HTTP/1.1..Host: 192.168.1.102..Cache-Control: no-cache..Accept: */*..x-audiocast-udpport:49178..icy-
metadata:1..User-Agent: iTunes/4.0 (Macintosh; N; PPC)..connection: close.. ..
T 192.168.1.101:49189 -> 192.168.1.102:3689 [AP]
GET /databases/35/items/292.mp3?session-id=11720 HTTP/1.1..Host: 192.168.1.102..Cache-Control: no-cache..Accept: */*..x-audiocast-udpport:49179..icy-
metadata:1..User-Agent: iTunes/4.0 (Macintosh; N; PPC)..connection: close.. ..
File order (ie, the XXX.mp3) appears to be keyed on Date-Added. If you add the Date added field to itunes, and then stream the files, you can see they continue almost sequencially.
The ID of the music is continuing (XXX.mp3) is continuing, nearly sequencially.
One thing to note is that in some cases, this order might be screwed up slightly. This is because if a song is deleted from the user's libraby, it appears to keep it's number reserved.
The other thing that can screw the order up is songs that were batch-imported in the same minute. It seems that iTunes only tracks down to the minute, so the order within that minute is arbitrary, as far as I can tell.
If, after determining the URL via ngrep, and taking the IP, you retrieve it using curl (or wget), you add it to iTunes, it retains the id3 information.
ie- wget "http://192.168.1.102:3689/databases/35/items/311. mpg?session-id=11720"
It would be an interesting test to see if iTunes is adding information to the file before streaming it. (for identification, as Pudge suggested)
This would be possible by doing a binary diff on the two files. I don't have two macs with iTunes 4 installed (yet!, but I intend to install iTunes on the others soon), so I can't test this theory. Any volunteers?
(Side note- It would be trivial to write a perl script that parsed the ngrep output, and fed it into wget automatically, to download any songs you double-click.
[similiar to http://streamripper.sourceforge.net/ ]
You wouldn't even need to listen to the entire song. Just start it playing, and iTunes will finish for you. I won't post mine, for reasons below.)
Side note redux-
Apple may have inadvertantly created a file-sharing utility rivaling Napster/Kazaa. This creates an interesting legal issue. This creates an interesting legal issue. Keep in mind that a student was recently sued for creating a software device that searched Network shares for mp3 files.
Given the RIAA's stance towards piracy, and that they want to work with apple, I suspect they would sue whomever wrote the 4 line perl script, rather than Apple. They are also likely to ask "index" sites like spymac to shut down, and send a cease-and-desist, or a lawsuit..
I sure hope this Anonymous Coward thing works. I don't want to be sued today. I've done enough other questionable things.
-Crutz -
Re:New National Motto!
ngrep and every program that uses it come to mind.
-
libnet and libpcap
This has to be the best place to start: libnet homepage. This pagehas all the info and links you need.