Littlebighuman.com | You've got to dance like nobody's looking

EDPnet’s Sagem F@st 3464 (a.k.a. BBOX)

Posted on July 1, 2010 by admin

I recently got the EDPNet’s Sagem F@st 3464 modem for free with an upgrade of my ADSL connection to a VDSL connection. I wanted to collect my experiences with the modem in one place, this blog post. The EDPnet modem comes with a version of the Belgacom firmware, which has a number of downsides. Check this great blog post by Patrick Vande Walle and his bbox tricks page for some good tips and tricks. Note that I encoutered some slight differences between the firmware I’m running and the one Patrick is running.

Update (27 August 2010): I’ve basically configured the Sagem to be a VDSL-router only. I only use the VDSL modem part and it’s router and firewall functionality. I moved DHCP and DNS over to my Synology disk (does VPN as well and a ton of other things) and use an old SMC dual-channel Wifi ADSL-modem for wireless (not using the ADSL bit obviously). Why? Well, basically because this Belgacom version of the Sagem sucks. In the future I might get a pppoe Wifi-router so I can completely kill all layer 3 funtionality of the Sagem, but for now I made due with the components I had laying around.

Posted in Blogging | 8 Comments

Changing Belgacoms BBOX/EDPnet’s Sagem F@st 3464 IP

Posted on June 30, 2010 by Seb

I recently (today) got the VDSL modem from EDPnet. Basically it looks like it’s the exact same modem and firmware used by Belgacom, which is crap, but I won’t go into that now Check this great blog post by Patrick Vande Walle and his bbox tricks page for some good tips and tricks.

So, the first thing I wanted to do is change the default 192.168.1.0/24 subnet into my own subnet. My main reason for this is that I don’t want to renumber my current network. I have about twelve hosts on my LAN any given day. Additionally I wanted to setup mac address based static IP’s as well, which Patrick explained nicely.

Continue reading →

Posted in Networking, Technology | Leave a comment

Joe McCray OWASP Belgium Advanced SQL Injection Presentation

Posted on June 27, 2010 by admin

Jo McCray gave an most excellent Advanced SQL Injection presentation on June 16th in Brussel for the OWASP Belgium chapter meeting. Alternatively you can view and download the presentation here. Continue reading →

Posted in Blogging | Leave a comment

Hping3 cheatsheet

Posted on March 3, 2010 by admin

A. Ramos from the Spanish security blog www.securitybydefault.com posted a nice Nmap5 cheatsheet couple of weeks ago and now made a similair one for Hping v3. You can find it on his blog.

Or download it from Littlebighuman here.

Posted in Blogging | Leave a comment

Kill paste-with-formatting to death

Posted on February 23, 2010 by admin

Being a Security Consultant (not a fan of the word consultant, but alas) is pretty much synonym to being a technical writer, which means I spend a lot of my time in a word processor. One of my (many) annoyances is that on any platform in any word processor someone decided to make paste with formatting the default behaviour. It must be me, but I never, ever want to paste formatting.

On Mac OS X you have a system wide shortcut key to paste without formatting. In Open Office you have a shortcut key as well. In Microsoft Office you will have to write a Macro.

OS X system wide paste without formating: command (Apple) + option (alt) + v
For making it the default behavior look here: www.tuaw.com/…
In Open Office you do: ctrl + shift + v
For Microsoft Office look here: office.microsoft.com/…
For Microsoft Office 2007 specifically you can pretty much follow the steps above, but the menus differ slightly. So do this:

Select View Tab > Macros > View Macros
Type a new name for a Macro: PasteUnformattedText
Select Create
Now make the marco:

Sub PasteUnformattedText()
'
' PasteUnformattedText Macro
'
'
Selection.PasteSpecial DataType:=wdPasteText
End Sub

Select File > Close and return to Microsoft Word
Select the Microsoft Office button thingy top left > Word Options > Customize
Select Macros in the Categories section
Select PasteUnformattedText and enter a new shotcut key ctrl + v for it
Select Assign > Close

Unfortunatly I haven’t found a Windows system-wide solution.

Update:Kirk Woll (see comment below) had a good tip: , I’ve just tested it and it seems to be a great solution for Windows.

Posted in Technology, Writing | Tagged LinkedIn | 1 Comment

Nmap5 cheatsheet

Posted on February 23, 2010 by admin

A. Ramos from the Spanish security blog www.securitybydefault.com posted a nice Nmap5 cheatsheet on the SecurityFocus pen-test mailing list. Webbased version of his email can be found here. Or go straight to his blog article.

You can download the PDF from Google code or from Littlebighuman here.

Posted in Pen testing, Security | Tagged LinkedIn, Security | Leave a comment

Call for Papers BruCON.v2 2010: Hacking for B33r

Posted on February 22, 2010 by admin

Another year a second interation of the BruCon event. A call for papers has been issued as can be read below. Check out the slides and video for the 2009 event here for inspiration

—-

Brussels, Belgium — This is a call for papers and participation for the second BruCON edition, a 2-day Security and Hacking Conference, full of interesting presentations, workshops and security challenges.

BruCON is an open-minded gathering of people discussing computer security, privacy, and information technology. The conference tries to create bridges between the various actors active in computer security world, included but not limited to hackers, security professionals, security communities, non-profit organizations, CERTs, students, law enforcement agencies,…..

The conference will be held in Brussels (24 & 25 September 2010) at The Surfhouse(www.surfhouse.be).

Scope

Topics of interest include, but are not limited to :

Electronic/Digital Privacy
Wireless Network and Security
Attacks on Information Systems and/or Digital Information Storage
Web Application and Web Services Security
Lockpicking & physical security
Honeypots/Honeynets
Spyware, Phishing and Botnets (Distributed attacks)
Hardware hacking, embedded systems and other electronic devices
Mobile devices exploitation, Symbian, P2K and bluetooth technologies
Electronic Voting
Free Software and Security
Legal and Social Aspect of Information Security
Software Engineering and Security
Security in Information Retrieval
Security aspects in SCADA, industrial environments and “obscure” networks
Forensics and Anti-Forensics
Mobile communications security and vulnerabilities
Information warfare and industrial espionage
Social Engineering
Virtualisation Security
…

Deadlines

The following dates are important if you want to participate in the CfP Abstract submission: no later than 30th of April 2010 Notification date: around mid May 2010 Full paper/presentation submission: no later than 31th of July 2010 Submissions can be entered at https://cfp.BruCON.org/submission

For further information and questions, please feel free to contact cfp at_sign BruCON.org

Submission Guideline (for standard paper track)

Authors are encouraged to submit a paper in English or presentation slides, using a non-proprietary and open electronic format.

Abstract is up to 500 words. Submissions must be sent via https://cfp.BruCON.org/submission. You can contact us if any errors or issues occur.

The program committee will review all papers and the author of each paper will be notified of the result, by electronic means.

The more details you provide, the more chance you have to get your talk approved!

Submissions should also include the following:

Presenter, and geographical location (country of origin/passport) and contact info.
Brief biography, list of publications or papers.
Any significant presentation and/or educational experience/background.
Reason why this material is innovative or significant to the BruCON audience
Optionally, any samples of prepared material or outlines ready.
Information about if yes or no the submission has already been presented and where.

The information will be used only for the sole purpose of the BruCON conference including the information on the public website.

We do not accept product or vendor related pitches. If your presentation involves an advertisement for a new product or service your company is offering, please do not submit. BruCON presentations should be focused on topics that are of interest to security and technology professionals who are paying attention to current trends and issues. We want BruCON to be educational and entertaining to the attendees and the community.

Additional Speakers Info

BruCON is a non-profit oriented event by and for the security and hacking community and speakers are not paid. But you will get free access to the conference and afterparty. Additionally, speakers get a bottle of “Westvleteren” beer for giving a talk.

However, financial help on travel expenses and accommodation is possible. It needs to be agreed upon after acceptance of the submission, though. Feel free to state your requirements in the application when submitting your lecture with a cost estimate and we’ll work something out!

Lectures should not exceed 45 minutes plus up to 10 minutes for questions and answers. The spoken language of a lecture will be English.

Publication and Rights

Authors keep the full rights on their publication/papers but give an right to redistribute their papers for the BruCON conference and its related electronic/paper publication under a CC-BY-NC-be license.

Sponsoring and Donations

If you want to support the initiative, please contact us by writing an e-mail to sponsors at_sign BruCON.org

Lightning Sessions and Workshops

During the conference, several spaces will be made available for lightning talks and workshops.

A lightning talk is a very short presentation of about 4 minutes to present an idea, a concept, a program or a cool website. About 12 persons can present during one hour.

Every BruCON attendee is very welcome to participate to submit small ideas, presentations or workshops. The acceptance process is on a first come basis and open to anyone willing to take an active role during the conference.

The following resources are available to stay up to speed with the event:

• BruCON website : http://2010.brucon.org/ • BruCON on Twitter : http://twitter.com/brucon • BruCON on LinkedIN : http://www.linkedin.com/groups?gid=1777141 • BruCON Blog : http://blog.brucon.org/ • BruCON Mailinglist : http://mailman.brucon.org/mailman/listinfo/brucon-announce

Posted in Security | Tagged LinkedIn | Leave a comment

Playing Red Alert 3 on OS X with OpenVPN

Posted on December 13, 2009 by Seb

So I wanted to play Red Alert 3 with my a friend in Germany. We wanted to use the LAN play option, so I decided to install OpenVPN on our FreeBSD server so we both could SSL-VPN into it and presto be on the same LAN (fyi, we are both in different countries and the server in a third country).

Everything seemed to work fine, I’d setup username/password authentication (using SSHD pam module) on top of the digital certificate validation for OpenVPN. There are a number of guides on the Internet if you need to know how to do it.

Because we where going with IP-only, routed connections, we decided to go for TUN interfaces instead of TAP interfaces. So we both logged in did some network tests, where able to ping each other (because I set client-to-client in opevpn.conf on the server), we could use each other network shares etc, so we decided to start a game. Unfortunately any game either of us would start wasn’t detected by the other. The game list stayed empty. The player list showed only our respective usernames twice, but not the username of the other person.

Then we switched to TAP interfaces to allow ethernet broadcast to pass the VPN (we thought that might help) and suddenly the game would show up in the games list, but if we tried to start it the game would time-out. Then we thought we force traffic to the limited broadcast address (LAN broadcast) to be routed/send over the SSL-VPN by adding a local route on our Macs by:

sudo route add -host 255.255.255.255 tap0

and… it worked!

Now to push this route automatically to the clients you can add it to openvpn.conf on the server. However you can’t specify the TAP or TUN interface there, so instead you should use the IP-address of the TAP/TUN interface on the OpenVPN server, basically your next hop into the VPN network. By default this is 10.8.0.1 in OpenVPN world Luckily this IP-address is automatically used if you use the following config line in openvpn.conf:

~~push “route 255.255.255.255 0.0.0.0″~~ See update 3 below for an alternate way of doing this.

Basically that is the equivalent to locally adding sudo route add -host 255.255.255.255 10.8.0.1 (10.8.0.1 should then be replaced with your servers TUN/TAN interface).

Update: After some quick Wiresharking, it does look like Red Alert 3 uses subnet broadcasts (for instance 10.255.255.255 for 10.0.0.0/8) to discover other Red Alert daemons, but then switches to LAN/Limited broadcasts (255.255.255.255) for playing the actual game. This is consistent with the behaviour I described above. FYI I’ve tested with TUN interfaces and this doesn’t seem to work. I’m going to do some tests and update this post this weekend.

Update 2: Ok, it looks like Red Alert 3 uses Netbios name service which uses subnet broadcasts like 10.8.255.255/16 to find other Red Alert servers. Then for connecting to an actual game it uses Limited/LAN broadcasts to 255.255.255.255 using UDP from source port 8087:

 
MyMac:~ littlebighuman$ netstat -an | grep 8087
udp4       0      0  *.8087                 *.*

Look up the process listening on 8087:

MyMac:~ littlebighuman $ lsof -i:8087
COMMAND    PID       USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
cider     4637 littlebighuman  346u  IPv4 0xec5d798      0t0  UDP *:8087
wineserve 4642 littlebighuman  316u  IPv4 0xec5d798      0t0  UDP *:8087

Ah what do you know Red Alert 3 runs in Cider and uses wineserver, but we knew that

I still don’t know why limited/LAN broadcasts aren’t send over the TAP or TUN interfaces. I’ll research that for a bit.

Update 3: Pushing a host route from the OpenVPN server as I have described above doesn’t work, as far as I can tell it turns every pushed route into a net route and this route doesn’t work (you can test by pinging to 255.255.255.255 and see if it gets send out of the TAP interface). So you get 255.255.255.255/32 via 10.8.0.1 instead of 255.255.255.255 via 10.8.0.1. A workaround for this workaround is to add the route via your clients OpenVPN up-script and a delete route statement for your down-script. For Tunnelblick these scripts are in ../Tunnelblick.app/Contents/Resources, client.up.osx.sh and client.down.osx.sh respectively. Quick and dirty fix:

In client.up.osx.sh, probably best to put it right after the export PATH statement at the top:

/sbin/route add -host 255.255.255.255 -interface tap0

In client.down.osx.sh, also probably best to put it right after the export PATH statement at the top:

/sbin/route delete -host 255.255.255.255

Posted in Blogging | 1 Comment

Wiimote + Classic Controler + MAME OS X

Posted on November 6, 2009 by Seb

In a sudden craving for some old school arcade games I thought I have a look at MAME OS X. After playing for a while with the keyboard I got a bit frustrated with it and really wanted a gamepad. I think I have an USB gamepad, but couldn’t remember where I left it. While looking for it I came across my Wii’s classic controler. So I ended up hooking up my Wiimote with the classic controler extension to my Macbook Pro and I’m please to say that this works great

Now you need some software/driver to get your Wiimote connected. There are several programs out there, at first I tried DarwiinRemote, but it doesn’t work with MAME OS X, because MAME OS X expects a HID-like controller. DarwiiRemote does excellent key-mapping, but this isn’t picked-up in-game by MAME OS X. However I found that another program, Wiiji does work. It basically turns your Wiimote + most extensions in a HID device.

So here are the steps to set it up:

Download Wiiji from Sourceforge;
Install Wiiji. The installer will ask for you admin password, since it is a kernel extension. Make sure you realise the consequences of providing your password, then enter it when you can live with them
Wiiji will install in /Applications/Utilities, you can get there by pressing shift + command + U in Finder;
Start Wiiji, it will launch as a small icon in your Menu Bar:

Click on the Wiiji icon and select Wiiji Preferences, adjust the prefences to reflect the image below:

Picture 46.png

We need to turn on Bluetooth on the Mac. You can do this in System Preferences. It’s more convenient to do this from the Menu Bar, because you probably need to turn Bluetooth on/off regularly. You can get the Bluetooth icon in the Menu Bar if you select this option in System Preferences Bluetooth:

Picture 48.png

Now make sure “Show Bluetooth status in the menu bar” is checked:

You should now have a Bluetooth icon in the Menu Bar:

Turn Bluetooth on by clicking on the Menu Bar icon etc;
Make sure you Wii is off otherwise the pairing with your Mac will fail;
Now press and hold the 1 and 2 button on the Wiimote until the blue leds blink;
Now click on the Wiiji icon, often the pairing has succeeded already, otherwise you will have to choose “Rescan for Wiimotes”;
If Wiiji doesn’t see your Wiimote you can do two things:
1. Turn Bluetooth off/on and try again
2. Click on the Bluetooth icon and disconnect the Wiimote, then press 1+2 again on the Wiimote and have Wiiji look for it. This is something you probably have to do regularly, because OS X seems to grab the Wiimote before Wiiji has it in some cases (please correct me if I’am wrong).

If you don’t have MAME OS X get that from Sourceforge and install it;
Get some ROMS into MAME (google if you don’t know how);
Now start MAME and go into preferences (command + ,), select the Inputs tab and make sure that “Enable joystick” is checked:

Picture 51.png

Personally I prefer to use the classic controller, so that’s what I use, but you can use just your Wiimote by itself. Whatever you use, you will have to configure it in Mame. Start a game in Mame, press p to pause (as long as you didn’t change it to something else) and tab to configure. Here you can set the controls for each player, in general or per game. Select the action you want to change, press enter and then press the key on your joystick that you want to map:

Game on!

Posted in Blogging, Gaming, Mac | Tagged classic controler, Mac, mame, os x, wii, wiiji | 1 Comment

Speedtest.edpnet.be Bash script

Posted on October 21, 2009 by Seb

Google Docs graph of two weeks of speedtest.edpnet.be

This script is for people using the Belgium provider EDPnet. I wrote it to get a couple of weeks worth of download speed data, because my download speed regulary drops dramatically. The script is meant to be run in the background by calling it with ./speedtest.sh &. It will start an infinite loop and do the speedtest.edpnet.be speedtest on a configurable interval (one hour defaultly). It uses curl, but if put in wget as well, just uncomment the wget line and comment out the curl line. It can easly be adjusted for most other providers download-speed-tests, just figure out which exact file you need to download for the test.

The output is in CSV format meant to be imported by Excel, Google docs etc.

An example report including a graph can be found here.

#! /bin/bash
# DESCRIPTION:
# Simple script to monitor your EDPnet ADSL connection speed by doing the speedtest.edpnet.be test on a set interval
# This script uses an infinite loop with a while loop that never ends, which is crude, but makes it easy to employ
# Output is in CSV format optimized for Excel import, script does some simple log numbering as well
 
# USAGE:
# Best is to run in it the background with: speedtest.sh  &
# Don't forget to kill (ps ax|grep speedtest.sh) it when your are done or it will run until the computer is restarted
 
# EXCEL IMPORT:
# In Excel do  File  Import  CSV  Finish. Or manually specify the comma seperator and double quotes as field markers
 
# VARIABLES
TEMPFILE=tempfile
# CSV file name, csv extension automatically appended as well as a log number
CSV=speedtest-log
SEPERATOR=","
# If you want you can change the interval at which the test is run (in seconds)
INTERVAL=3600
# Used for the infinite while loop
COUNTER=OMEGA
 
# Find logfile with highest number and determine the log number for this run
OLDNR=$(find . -name "$CSV*.csv" -maxdepth 1 | cut -d"." -f3 | sort -nr | head -n 1)
NR=$(($OLDNR + 1))
 
echo "Script running, infinite while loop in effect"
 
# Print header row and create log file
echo "\"Date and time\"$SEPERATOR\"Speed in Kbyte\""  > $CSV.$NR.csv
 
while [ $COUNTER = OMEGA ]; do
 
	# Execute the speedtest
	# Defaultly I use curl, but you can use wget as well. Just uncomment the one you want, and comment out the one you don't
	curl -A "Mozilla/5.0 Littlebighuman.com/edpspeedtest.sh 1.0" -s "http://speedtest.edpnet.be/speedtest4.php" -o TEMPFILE
	# wget -O$TEMPFILE "http://speedtest.edpnet.be/speedtest4.php" 2> /dev/null
 
	# Get the line with the data we need
	DATALINE=$(cat "$TEMPFILE" | awk '/Your result is/')
 
	# Empty TEMPFILE for the next while run
	cat /dev/null  > $TEMPFILE
 
	# Get the current time and date
	CURRENTDATE=$(date +"%d-%m-%Y %H:%M")
 
	# Get the speed in kbyte and replace the dot with a comma for Belgium international format
	SPEED=$(echo $DATALINE | awk '{print $5}' | sed 's/\./\,/g')
 
	# Output in CSV format
	echo "\"$CURRENTDATE\"$SEPERATOR\"$SPEED\""  >> $CSV.$NR.csv
 
	# Sleep
	sleep $INTERVAL
done

Posted in Networking, Scripts | Tagged LinkedIn | Leave a comment