User:Laurier Rochon/prototyping/varlogmessages

From XPUB & Lens-Based wiki

Nov 16 2011

Some discoveries from today

  • note to self : everything that I add in the /tmp folder of openWrt is WIPED OUT upon reboot.
  • 1MB of raw packets scraped from tcpdump > ~300-400k after being read back into tcpdump (-r) > ~50-60K gzipped = PROFIT!
  • lsof is 1.5megs - fuser is 5K, but relies on Perl , which is 15Megs...pft. All this just to check on open files?


SSH into your router /w rsa keys

ssh-keygen -t dsa
scp ~/.ssh/id_dsa.pub root@192.168.1.1:/tmp
cd /etc/dropbear
cat /tmp/id_*.pub >> authorized_keys
chmod 0600 authorized_keys
ssh root@192.168.1.1

SSH <FROM> your router <INTO> another machine

dropbearkey -y -f /etc/dropbear_rsa_host_key | grep ssh-rsa > /tmp/dropbear_rsa_host_key.pub #this dropbear thingy is the magic part
#you might have to / or not add "root@$router_hostname" at the end of that file if it's missing
scp root@192.168.1.10:/tmp/dropbear_rsa_host_key.pub ~/.ssh/ #will ask for PW
cat /tmp/dropbear_rsa_host_key.pub >> ~/.ssh/authorized_keys

and then you can ssh/scp back into your computer, another remote computer, another router, etc.

Nov 15 2011

Some wget schtuff

wget -o /dev/null --post-data "var1=DFKSDFLSJFSLKJFS" http://www.YOURURL.com/file.php

Posting data to a webpage using wget! basically the --post-data is what makes it possible, and -o just suppresses output. fancy!

Nov 13 2011

The magic command to make the -C option work in TCPDUMP

tcpdump -w capturefile -C 1 -tt -v -s 0 -W 3
  • -C is millions of bytes, so 1 is a single MB
  • -W is rotate 3 files and start overwriting the #1 file if you've reached the limit. This maxes out to 3MB of packets, and avoid memory problems. I will probably make this even less in time.


Nov 12 2011

Some stuff that I can see when you connect to my open network, and you're not SSLed

I can infer :

  • your ip address
  • website urls/addresses your are checking out
  • your cookies
  • the time/date of your connection
  • type of requests
  • a bunch of stuff about the sites/ips you are accessing (server type, charset, encoding, expiry of cached items, etc.)
  • your type of computer
  • your browser
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: expEAPID=00000; expires=Sun, 13-Nov-2011 22:09:18 GMT; path=/
Set-Cookie: hl_upm=Nn2Ysa9T4Cqie71CJ0BJAQ2dl+sJdqq8EU242ghkODRO2IkiNYVxHYyIPWFN+6wqfsvxGC/9jrVBX928g/PtId9XJDSkLwiJ8Im2YjeI24XXxWtfKkjWFgc9Yav3yYuRNoqggHdVGBEPuF+rxbrMexjiU69envcu8Y4nl+6v5FEzXgGFpF65EFS/ZnGMS1CNrpkag4pXQ9xn1GUlebDS4KsI0fGUrmWdYsYZ5D3ixtq7u4oGj8HkEESArT6rNLxIlchMPUpGe/n5ot3uLg18u8mK2hafL/Hbejp8nexXmlUAx7wNHQE9jWviiPWQt0DV; expires=Tue, 11-Nov-2014 22:09:18 GMT; path=/
X-Powered-By: ASP.NET
p3p: CP="ALL DSP COR CUR ADMo DEVo PSAo PSDo IVDi OUR STP PRE"
Date: Sat, 12 Nov 2011 22:09:17 GMT
Connection: close
Content-Length: 171


Host: extras.expedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: 
03:33:55.707141 IP (tos 0x0, ttl 64, id 34647, offset 0, flags [DF], proto TCP (6), length 821)
    192.168.1.80.49813 > 209.235.221.100.www: Flags [P.], cksum 0xdebd (correct), seq 1369:2138, ack 1, win 14600, options [nop,nop,TS val 396284 ecr 820465701], length 769
E..5.W@.@.?#...P...d...Pq....._:..9........
....0.P%*/*
Referer: http://www.expedia.ca/Flights-Search?c=81da3b4b-fa6c-4ad6-90c0-85eb0680061b&
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|275F76E685010720-600001156055591E[CE]; UID=2022018174|0|0; U9Z5=3Lu9nSNzg7HLr4Cf1D4DszGoQyp2VhN7B4X8zISY4mPMYbGAwx7Gb_A; expEAPID=0000; hl_upm=Nn2Ysa9T4Cqie71CJ0BJAQ2dl+sJdqq8EU242ghkODRO2IkiNYVxHYyIPWFN+6wqfsvxGC/9jrVBX928g/PtIWvbHBSJ0UHbBfQl1hvELszPXpQ7noYDsJlI6gfxmbpusNW6RXkpfOCE3FBP4yjN62ERPvDbEVdHRh3iWHvlZKe+OU7GblMzSkAU+y8E3tfu7eURIbBUa+yuVFpFA0vc2GKF8puH2Ntqvw5a9TwZ1WOLHA69KGZt/oXjFXK4qxOnDBFzUxMcc7+os6N4QJqZXOoPc4oihgL+bu2lvS9risbpRlyAWCnqTH0D/gLppMVL; hl_ubm=uKjVtH2uMJkYHxNp2xd/i9ghFhQsIBk98RpJ41rmDQtykvzGxwuI5WjQGN4RgkyM


..'GET /hphotos-ak-snc7/295091_10150336609875660_507750659_10156333_1388848_s.jpg HTTP/1.1
Host: photos-e.ak.fbcdn.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
  • Managed to revive a bricked router recently
  • Managed to brick another router I had working fine yesterday...meh.

openWrt shows me many nice things...

Openwrt1.jpg


Just like your average linux box...but you have about 1000K free to operate things (on a classic WRT54GL anyways). Choose your packages wisely!

Openwrt2.jpg


And it also sports a nice GUI, so I can monitor you in pink colors

Openwrt3.jpg


The end for now

Openwrt4.jpg

Nov 11 2011

Hardware harvesting

New router /w USB connector on its way...

Got my hands on TWO WRT54G's to do some flashing, testing and whatnot. I can actually try to create an AP with one and then attempt to connect using the other...hmm. Also got a 50m ethernet cable to get things going.

Wrts.jpg

And then one of these two devices would be talking to my Arduino hypothetically through my Ethernet Shield mounted onto the arduino

Arduino ethernet.jpg