A Simple Script to Get Top Passwords Cracked

Several days ago, I took a break from doing my work. I did an exercise to sharpened my “rusty” scripting skills. My goal was to develop a simple script using Ruby to get the top passwords cracked from MD5 Statistics page. This should be an interesting exercise for my brain. :D

Unfortunately, my scripting skills was so rusty, so it took me a while to code this simple script.

Continue reading

Advertisements

goorecon.rb small problems

While doing a research I utilized goorecon.rb in BackTrack 4. Unfortunately I encountered several problems while using it to enumerate email address.

Let’s produce the problem again here. I want to enumerate all of the email addresses of domain yourbank.com using goorecon.rb :

./goorecon.rb -e yourbank.com
call_center@emyourank.com
helpdesk@emyourank.com
info@emyourank.com

Can you see where the problems are ?

Continue reading

Suricata RC1 Has Been Released

Suricata RC1 has been released. The latest version include the following new features :

  • Support for the http_headers keyword was added
  • libhtp was updated to version 0.2.3
  • Privilege dropping using libcap-ng is now supported
  • Proper support for “pass” rules was added
  • Inline mode for Windows was added

I have also updated the openSUSE RPM specfile for the latest Suricata release.

Blog From The Past : The Need for Backup

[Note : This blog post was written several months ago]

On the previous Saturday, I experienced a disaster. My computer harddisk displayed many I/O errors when the system tried to access it. And of course at that time, I can’t access it anymore. :((

One mistake that I made during that time was running fsck.ext3 to the partition. Luckily, I used it on the /boot partition not to my data partition (/home).

I tried several live distros (RescueCD and Knoppix) to get my data back, but with no luck. One thing that made it more complicated was my data partition is encrypted. I tried to decrypt it, but with no luck, may be I was using the wrong commands.

Next, my plan was just to grab the whole partition and I will decrypt it after I install the new system on the new harddisk. For this purpose, first I tried to use ddrescue from Kurt Garloff. But apparently my harddisk contained many I/O errors, so after waiting for more than 30 hours, I can only copy around 500MB data. I decided to stop the program.

Second, I use dd_rhelp. It’s a helper application for ddrescue to ease the reading of I/O errors area. In only 30 minutes, it’s able to read more than 2GB data. I stopped the program again, because I used a file as the output instead of a partition. My data partition is around 25GB, I don’t think a file can be used to store that amount of data.

Fast forward, I bought a new harddisk with plenty of space (120GB), and I have another problem when I plan to partition it. So I asked a friend of mine who is more expert in Linux than me. After got his suggestion, I installed the system using openSUSE 10.3.

But things are still not run as smooth as I thought. During the installation, the system installer couldn’t run several scripts, such as creating root and users, to finish the installation. Eventhough the installer said the system has been installed, but when I tried to login, I couldn’t. I tried to install the system twice. I also checked whether the media was corrupt, but it wasn’t.

My next plan was to install the previous version of openSUSE then do an upgrade. Fortunately, I still have the CDs for openSUSE 10.1 and they still works perfectly. I installed openSUSE 10.1 and then do the upgrade to openSUSE 10.3. This time there were no errors in the installation process.

After succeed in installing the new system, I planned to have my data back. I connected the old harddisk as an external disk using an IDE to USB cable. Suddenly, all my partitions were recognized by the system, except the encrypted /home partition.

Having read an article on openSUSE site on how to decrypt a partition, I used the method with adjustment to my condition. Here are the commands I used to mounted my encrypted partition :

  • Create a partition (/media/home) to host the encrypted partition :
# mkdir -p /media/home
  • Install cryptoloop kernel module :
# modprobe cryptoloop
  • Setup loop device with twofish256 encryption algorithm for my data partition (/dev/sdb7) :
    # losetup -e twofish256 /dev/loop0 /dev/sdb7
    Password:
  • Give the correct password. If there is no error, do a filesystem check :
    # fsck.ext3 -y /dev/loop0
  • Mount it to /media/home partition :
# mount /dev/loop0 /media/home

Miracleously, it works.

Then I copied all the important directories to the new harddisk. Another miracle, I can copied most of my files except several files. My guess was I can recover around 99.999% of my data on the encrypted partition.

Here are several lessons I got from this problem :

  • plan for your backup scenario
  • do execute your backup plan
  • have a Linux live CD in hand
  • learn several tools for data recovery. You’ll never know when you need them. I hope you won’t need them
  • have an empty external harddisk
  • always calm when facing problems, if you’re panic, you may make matter worse