Monday, August 30, 2010

Unofficial HSBB (Unifi) Handbook

Unifi, a high-speed broadband (HSBB) service provided by TM in Malaysia. Unifi @ athena.my is a web site that provides unofficial HSBB handbook, which includes advanced articles and guidances regarding the Unifi service.

The default username/password combinations for TMnet DIR-615 G1 routers between firmware versions 7.01 to 7.05 are :

  • Username : admin
  • Password :

  • Username : admin
  • Password : telekom
However, there is also a secondary account which must have its password changed in order to fully secure your network :
  • Username : operator
  • Password : telekom

  • Username : operator
  • Password :

The secondary 'operator' account should be able to change both passwords on the system. It is also recommended that you 'untick' every available 'service' below the password management fields.

  • Disable TR-069 Protocol (remote auto-configuration)

The premade configuration file for the DIR-615 VLAN bridge (firmware 7.05). The default username/password combination for this config file is :
  • Username : admin
  • Password : rizvanrp

  • Username : operator
  • Password : rizvanrp

MikroTik RB250GS
"The RB250GS is a low cost SOHO switch in a small plastic case. It has 5 Gigabit ethernet ports powered by an Atheros switch chip. It is powered by a new operating system designed specifically for Mikrotik Switch products - SwOS. SwOS is configurable from your web browser. It gives you all the basic functionality of a managed switch, plus more."
  • Open up your web browser and head over to http://192.168.88.1 . The default login for this switch is the username 'admin' with a blank password.

Huawei EC2108E (IPTV)
The Huawei EC2108E STB has an advanced configuration menu that you might be interested in accessing and playing around with. Whatever you do :
  • Do not select the last option (RESTORE PARAMETER) -- it will reset your STB configuration to factory settings and lock you out of the IPTV service. 
  • Do not edit of the URL/addresses/network settings in the configuration pages. This will also cut off your access to the IPTV service.
  • To enter the STB, configuration menu.. enter #1397# in the channel selection input.
  • This will automatically load the STB configuration menu login. Enter 8288 as the password and press Enter/OK.
  • You should now see the full configuration menu. Remember the warnings that I listed above.
  • This is the 'TV Standard Configuration'. This is probably what you want to change.
  • When you're done, you must save the settings by entering a secondary password in the 'Password' field. This password is 3008.
  • Some additional STB information :
  • After you have saved your settings, head back to the main menu and select Reboot. Remember, this guide is intended for advanced users and I'm not responsible if you somehow manage to screw up your STB configuration here. Try not to fiddle around with things that you're clueless about :P

Friday, August 20, 2010

Free CCNA Workbook

Matthew George, founder of Free CCNA workbook dot com, provides an excellent resource on CCNA workbook:

Our mission is to provide quality CCNA lab training materials to assist you as an individual in pursuit of the Cisco Certified Network Associate Certification. The CCNA certification is a globally recognized certification awarded by Cisco Systems to display associate level knowledge of network engineering skills; skills which include a basic understanding and ability to design, implement and maintain networks that utilize technologies such as Frame Relay, Virtual LAN’s, STP, VTP, ISL, Dot1q, Port Security, Static Routes, RIP, EIGRP, OSPF, Access Control List and much much more.

Wednesday, August 18, 2010

Can Anyone become a Hacker?

If you have a natural tendency to ask the question "why?", or if you revel in the challenge of failing and asking why do these rules apply, what would happen if I try something else, if you start getting answers then you are already a hacker.

Monday, August 16, 2010

Creating Google Reader Web Apps with Google Chrome for Fun

I tried some fun stuffs on Google Chrome Web Apps today. I've created a web apps for Google Reader in Google Chrome.

Please refer to the document here for the detail steps. Before you begin, here's the pre-requisite:

  • Must be on Dev channel already. I'm using 6.0.490.1 dev.
  • Successful install the 3 sample web apps from Google.

Now, make an empty folder to store all your files there.
  • Download Google Reader icons files (all: 32,48, 64, 128) from here and put in the the folder.
  • Create a blank text file called "manifest.json", and paste the following into it.
{
  "name": "Google Reader",
  "description": "Read your rss",
  "version": "1",
  "app": {
    "urls": [
      "*://www.google.com/reader/view/",
      "*://www.google.com/reader/"
    ],
    "browse_urls": [
      "https://www.google.com/accounts/"
    ],
    "launch": {
      "web_url": "http://www.google.com/reader/"
    }
  },
  "icons": {
    "32": "32.png",
    "48": "48.png",
    "64": "64.png",
    "128": "128.png"
  },
  "permissions": [
    "unlimited_storage",
    "notifications"
  ]
}
  • Goto chrome extension page to load unpacked extension (like how you load the 2 samples).

Congratulation, you just create your first web apps! Here is the screenshot on my laptop (press ctrl-T).


Thursday, August 05, 2010

ASCII Art in BackTrack

Someone asks me how do I create the ascii art for my /etc/motd and /etc/issue. Easy:
$ echo -e Google\\nBackTrack\\npentester > motd
$ figlet -cf smslant < motd >> /etc/motd
$ figlet -cf smslant MySeq >> /etc/issue

Spoofing ICMP Echo Request with scapy

Scapy is a powerful packet generator. Here's a quick example how to spoof an ICMP Echo Request packet with Scapy.
# scapy
Welcome to Scapy (2.1.0)
>>> ip=IP()
>>> ip.src='192.168.0.255'
>>> ip.dst='192.168.0.1'
>>> ip.display
<bound method IP.display of <IP src=192.168.0.255 dst=192.168.0.1 |>>
>>> icmp=ICMP()
>>> icmp.type=8
>>> icmp.code=0
>>> icmp.display
<bound method ICMP.display of <ICMP  type=echo-request code=0 |>>
>>> send(ip/icmp)
.
Sent 1 packets.
>>>

Wednesday, August 04, 2010

ICMP Parameters

A quick revision on the ICMP type (for reference).

Commonly used ICMP types and codes:

  • 0, 0 - echo reply
  • 8, 0 - echo request
  • 3, 0 - dest. unreachable: network
  • 3, 1 - dest. unreachable: host
  • 3, 2 - dest. unreachable: protocol
  • 3, 3 - dest. unreachable: port
  • 3, 4 - dest. unreachable: frag needed and DF was set
  • 13, 0 - timestamp request
  • 14, 0 - timestamp reply
  • 15, 0 - info request
  • 16, 0 - info reply
  • 17, 0 - mask request
  • 18, 0 - mask reply
For the full list, please refer to IANA site.

Tuesday, August 03, 2010

The Cost of Switching to SSL

We can access to Gmail using HTTPS for a long time. Recently, Google has added full SSL service to Gmail and has made some decisive changes to its services. We have seen a redesigned Search, a redesigned YouTube, Google News, changes in Google Apps and the the addition of an Encrypted Search for enhanced security using SSL/TLS.

Most websites do not provide it because it is expected to be something of a high standard and is believed to require powerful servers. On the contrary, the truth is that HTTPS is not at all as resource intensive on the server as it is believed to be.

A Chrome Engineer at Google, Adam Langley writes at the Imperial Violet stating,
all of our users use HTTPS to secure their email between their browsers and Google, all the time. In order to do this we had to deploy no additional machines and no special hardware. On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead. Many people believe that SSL takes a lot of CPU time and we hope the above numbers (public for the first time) will help to dispel that.
However, the downside with SSL is that it includes a considerable latency in connection. This research reveals that there is a latency of 3.5x on SSL handshakes, the method of initializing a connection to  server. Basically, using SSL connections slows down connection establishment to a server. So did Google just compromise speed for security? Definitely not.

Google is using several mechanisms to reduce this latency. See this excerpt from the post at Langley’s blog.

OpenSSL tends to allocate about 50KB of memory for each connection. We have patched OpenSSL to reduce this to about 5KB.

Moreover Google also caches most HTTPS requests which allows it to serve them faster in subsequent queries. Google claims that this resume behavior takes place 50% of the time. SSL has been optimized at its best at Google.

These facts prove that SSL is not as resource intensive as it is blamed to be. The fact of it being more expensive is just a commercial aspect and a business policy.

Monday, August 02, 2010

IDS Evasion by TCP Checksum

Good posting at Packetstan about potential evasion where IPS fails to validate TCP checksums.

Summary:

  • If IDS turns off the validation on TCP checksum, packet evasion is possible.
  • First, establish the 3 way-handshake.
  • Then, fool the IDS by sending a RST packet with bad TCP checksum.
  • Then continue sending the EVIL packets.