Posts Tagged security

netcat as a logging tcp proxy

I felt I needed to write an article about netcat, so here is it !
Netcat is an incredibly usefull tool, that allows you to play with tcp connection easily from the shell.
Basically, as it name implies, it’s just cat over the network, but what its name doesn’t tell you is that it also can act as a socket listener.
So let’s play with pipes, here is one of my favourite use of netcat:

mkfifo proxypipe
cat proxypipe | nc -l -p 80 | tee -a inflow | nc localhost 81 | tee -a outflow 1>proxypipe

This command will redirect traffic from localhost:80 to localhost:81, in the inflow file you while find the incoming http request, in the outfile, you will find the http response from the server.
Similarly, you can do this:

cat proxypipe | nc -l 80 | tee -a inflow | sed 's/^Host.*/Host: www.google.fr/' |  nc www.google.fr 80 | tee -a outflow >proxypipe

This will allow your browser to point to google using http://localhost .
Anyway, this is my favourite but netcat has thounds of other uses, have a look at it !
It can be usefull for file transfers (gzip|nc) , performance measurement (dd|gzip), protocol debugging (replaying requests), security testing (nc does port scan) …

Comments (3)

Finding dns server version (only bind)

To find the version of running bind version remotely, you can type that command:
nslookup -q=txt -class=CHAOS version.bind. ns1.domain.com
or with dig:
dig @ns1.domain.com version.bind chaos txt
or with host:
host -t TXT -c chaos version.bind ns1.domain.com

If you don’t want your bind to show the version you are currently running, on a ubuntu system you will add a version "[Secured]"; directive in the options section of the file /etc/bind/named.conf.options

That’s it !

Leave a Comment

Flash, sockets and policy-file-request

If you are making a flash client for your protocol or server and receive <policy-file-request/>. on your server (let’s say with a sniffer), that’s because flash version newer than 9.0.115 has changed the security policy.
Here is the explanation of the new security policy. In brief, the flash application tries to connect to port 843 of the server where the socket needs to be connected to fetch a crossdomain.xml .
This article explains how it works and gives two flashpolicyd (flash policy daemon), one version in perl, another one in python, they are both in that archive.
I also found one in ruby that handles timeouts and errors.

Maybe I will take the one in python, daemonize it, add better error handling, and will package it for ubuntu, but maybe only 🙂

Comments (1)

md5 and sha1

MD5 and SHA1 are known to be secure hash generator. But you may have heard that MD5 has been broken in 2005. I’ve found an interesting article that shows how md5 collides, nice reading, this generates sain or evil binaries that have the same MD5.
Also, here you can see MD5 collisions visualised.

MD5 and SHA1 are often used to generate password, and we don’t really mind if there are collisions or not, because programs stores the generated hash and with that hash we aren’t able to find the source string. But for a given string the generated hash will always be the same, so we can generate a database of MD5 and SHA1 passwords for a list of given strings. That’s why using strong passwords is important: If you don’t use strong passwords, someone can check a hash he found and find the source string. There is such a database I use sometimes to test the strength of passwords or find default passwords for a program I just installed. This database is here: http://md5.rednoize.com/

Have Fun ! 🙂

Leave a Comment