A Simple Script to Get Top Passwords Cracked

Several days ago, I took a break from doing my work. I did an exercise to sharpened my “rusty” scripting skills. My goal was to develop a simple script using Ruby to get the top passwords cracked from MD5 Statistics page. This should be an interesting exercise for my brain. :D

Unfortunately, my scripting skills was so rusty, so it took me a while to code this simple script.

Continue reading

Developing Crypto Code in Python

I am currently doing a research on how to develop crypto code in Python programming language.

Based on my research, there are several crypto libraries that’s suitable for my purpose. They are Python Cryptography Toolkit and ezPyCrypto as my main libraries.

Python Cryptography Toolkit will be the low-level crypto library, while ezPyCrypto will act as a high-level crypto library.

Before installing those two libraries, make sure you have have the following packages :

  • python
  • python-devel

Here are the steps to install those libraries :

– Install Python Cryptography Toolkit (python-crypto) :

# rpm -Uvh python-crypto-2.0.1-15.i586.rpm
Preparing… ########################################### [100%]
1:python-crypto ########################################### [100%]

– Install ezPyCrypto :

$ tar xvzpf ezPyCrypto-0.1.1.tar.gz

$ cd ezPyCrypto-0.1.1/

$ su -c “python setup.py install”
Password:

running install

running build

running build_py

creating build

creating build/lib

copying ezPyCrypto.py -> build/lib

running install_lib

creating /usr/local/lib/python2.4

creating /usr/local/lib/python2.4/site-packages

copying build/lib/ezPyCrypto.py -> /usr/local/lib/python2.4/site-packages

byte-compiling /usr/local/lib/python2.4/site-packages/ezPyCrypto.py to ezPyCrypto.pyc

Saying Hello and Goodbye in Rails

Several days ago, I finished install Rails on my system. At that time, I didn’t have anything to show you about the easiness of Rails.

In this occasion I will show you how easy it is to create a simple web-based application. The application will just display “hello” and “goodbye”.

First, I create an application called “demo” :

$ rails demo
create
create app/controllers
create app/helpers
create app/models
create app/views/layouts

create log/test.log

Next, I create a controller “Say” :
$ cd demo
$ ruby script/generate controller Say
exists app/controllers/
exists app/helpers/
create app/views/say

Then I create two actions in say_controller.rb :

$ cd app/controllers

Here is my say_controller.rb file :

class SayController def hello
@time = Time.now
end
def goodbye
end
end

Next, I create two views for each action (hello.rhtml and goodbye.rhtml) :

$ cd app/views/say

Here is the content of hello.rhtml :


Hello, Rails!


Hello from Rails!



It is now .


Time to say

“goodbye” %>



Here is the content of goodbye.rhtml :

See You Later!

Goodbye!


It was nice having you here.


Say “hello” %> again.



After that I start the server :

$ pwd
demo

$ script/server
=> Booting WEBrick…

=> Rails application started on http://0.0.0.0:3000

=> Ctrl-C to shutdown server; call with –help for options

[2006-07-12 22:16:23] INFO WEBrick 1.3.1

[2006-07-12 22:16:23] INFO ruby 1.8.4 (2005-12-24) [i586-linux]

[2006-07-12 22:16:23] INFO WEBrick::HTTPServer#start: pid=5225 port=3000

Now it’s time to show some pretty pictures. :D


Installing Ruby on Rails

During my adventure to install Ruby on Rails, I didn’t find a detailed guide explaining the process, what component should be install first, etc.

So here is my note regarding Ruby on Rails installation using gem. Please note that I install the components using gem local installation.

Install the following components first using gem :

# gem install activesupport-1.3.1.gem
Attempting local installation of ‘activesupport-1.3.1.gem’
Successfully installed activesupport, version 1.3.1

Installing RDoc documentation for activesupport-1.3.1…

# gem install actionpack-1.12.3.gem
Attempting local installation of ‘actionpack-1.12.3.gem’
Successfully installed actionpack, version 1.12.3
Installing RDoc documentation for actionpack-1.12.3…

# gem install actionmailer-1.2.3.gem
Attempting local installation of ‘actionmailer-1.2.3.gem’
Successfully installed actionmailer, version 1.2.3
Installing RDoc documentation for actionmailer-1.2.3…

# gem install activerecord-1.14.3.gem
Attempting local installation of ‘activerecord-1.14.3.gem’
Successfully installed activerecord, version 1.14.3
Installing RDoc documentation for activerecord-1.14.3…

# gem install rake-0.7.1.gem
Attempting local installation of ‘rake-0.7.1.gem’
Successfully installed rake, version 0.7.1
Installing RDoc documentation for rake-0.7.1…

# gem install actionwebservice-1.1.4.gem
Attempting local installation of ‘actionwebservice-1.1.4.gem’
Successfully installed actionwebservice, version 1.1.4
Installing RDoc documentation for actionwebservice-1.1.4…

Then install rails :

# gem install rails-1.1.4.gem
Attempting local installation of ‘rails-1.1.4.gem’
Successfully installed rails, version 1.1.4

After that you can check whether rails has been installed using the following command :

$ rails –help
Usage: /usr/bin/rails /path/to/your/app [options]

Having Fun with PySQLite

I had a chance to test pysqlite, a Python wrapper for SQLite Database System. pysqlite needs the following dependencies :

  • Operating System and C Compiler
  • SQLite version 3.0.8 or later (for pysqlite 2.2.0)
  • Python 2.3 or later

After download the latest version (2.2.2) I did the followings to install pysqlite to my system :

$ tar xvzpf pysqlite-2.2.2.tar.gz
pysqlite-2.2.2/

pysqlite-2.2.2/doc/

pysqlite-2.2.2/doc/code


pysqlite-2.2.2/setup.cfg

pysqlite-2.2.2/setup.py

pysqlite-2.2.2/PKG-INFO

$ cd pysqlite-2.2.2/

$ python setup.py build
running build

running build_py

creating build

creating build/lib.linux-i686-2.4

creating build/lib.linux-i686-2.4/pysqlite2

# python setup.py install
running install

running build

running build_py

running build_ext

running install_lib

In my system, the above command will install pysqlite to /usr/lib/python2.4/site-packages directory

Next I test whether the installation success or not :

$ python
Python 2.4 (#1, Mar 22 2005, 21:42:42)
[GCC 3.3.5 20050117 (prerelease) (SUSE Linux)] on linux2
Type “help”, “copyright”, “credits” or “license” for more information.
>>> from pysqlite2 import test
>>> test.test()
…………………………………………………………….
———————————————————————-
Ran 164 tests in 1.060s
OK

>>>

Next I type several lines of Python code to test PySQLite. Here is the code. Please beware this is just a simple application :


#!/usr/bin/env python

from pysqlite2 import dbapi2 as sqlite
import os

DB_FILE = "mydb"

musics = [
("Michael W Smith", "In My Arms Again"),
("Chayanne", "Ye Te Amo"),
("Marc Anthony", "Everything You Do")
]

if os.path.exists(DB_FILE):
os.remove(DB_FILE)

con = sqlite.connect(DB_FILE)

# create table
con.execute("""
create table music
(
singer varchar(30),
song varchar(30)
)
""")
print "Success creating table",'"%s"' % DB_FILE

# insert table
con.executemany("insert into music(singer,song) values (?,?)", musics)

# print table contents
print "\nThe content of", DB_FILE
print "=" * 20,"\n"

for row in con.execute("select singer,song from music"):
print '%s : %s' % (row[0],row[1])

con.close()

First Encounter with Scapy

After read several papers and presentations in network security field that mentioning scapy, I decided to try it.

From the Scapy website :

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can’t handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, …), etc.

What interest me are :

  • scapy is written in Python. I am quite familiar with this computer language. I code translation tools in this language about 4 years ago.
  • it supports many network protocol even wifi (you need Wifitap tool :D)

I download the latest scapy version from http://www.secdev.org/projects/scapy/.
And the installation process is a breeze. I just put it in my working directory. BTW, scapy needs several optional package to work as advertised. But in my system I don’t follow that. :D

I just put http://www.iana.org/assignments/ethernet-numbers to /etc/ethertypes.

You need to run scapy as root.

In this first encounter, I will try to ping to other host :

>>> sr(IP(dst=”192.168.198.128″)/ICMP())
Begin emission:
*Finished to send 1 packets.

Received 1 packets, got 1 answers, remaining 0 packets
(, )

Looks good.

Next I tried to ping localhost :

# python scapy.py
INFO: did not find python gnuplot wrapper . Won’t be able to plot
INFO: Can’t import PyX. Won’t be able to use psdump() or pdfdump()
Welcome to Scapy (1.0.3.1beta)

>>> sr1(IP(dst=”127.0.0.1″)/ICMP())
Begin emission:
.Finished to send 1 packets.

Received 1 packets, got 0 answers, remaining 1 packets

It looks like there is an error, but I don’t know where.

If you know what’s wrong and how to fix that, please let me know.

Deferred concept: I Finally Got It

I have been struggling with the deferred concept in TwistedMatrix since last night. At that time, I read the deferred concept from : Generalization of Deferred Execution in Python. Unfortunately, I didn’t get it. I couldn’t do more because I was too tired, so I went to bed.

I wake up early this morning to go to the office and googling about deferred concept.

Luckily, I saw a documentation entitled Asynchronous Programming with Twisted (yes, I’ve put this article on my last entry blog, but I haven’t read it yet). After thinkering the doc for about 2 hours, I finally GOT IT. Now I “quite” understand about the Deferred concept in Twisted.

Kudos to the TwistedMatrix team for writing such a superb and easy to understand documentation.