Dlive Airo – Your wireless pentesting resource
Even tought we can find lots of pentesting wiereless linux distros, we couldn’t find one that fits our needs in degeneratedlabs .
Those requisites were:
- Updated kernel Drivers
- Recent software (aircrack-ng subversion, recent distribution)
- Easy to use (airoscript, debian-based)
- Lightweight(no Gnome or KDE)
- More usability, not only as a wireless auditory system, but as a complete distro.
- Complete, not just an aircrack-ng oriented distro, but still a wireless-pentesting specific distro
That way we started plannning dlive , a debian sid based livecd with its own pacakages (and debian repository ) with a lightweight desktop environment, and additional tools like pyrit, john the ripper or wireshark, plus a nice 3.4 kernel recently cooked in debian experimental.
Dlive’s star is airoscript-ng, the most recent release, with lots of renewed functionalities
More info
Exporting a subversion repository from a git repository using github
Ok, so, you want to quick-and-easily export your git repository as a subversion repository, the answer is pretty straightforward: Use github as an intermediary.
For it, you first will need to configure a github account and create a repository, that’s not the object of this article so you might want to dig up a little over the google seas. For this example, repository FooBar will be used, and repo.foobar.com will be the origin git.
First, we go to our own repo’s directory (a clone of your current repository’s), and add github proyect as remote, like this:
| 1 2 3 4 |
|
Luckily, github exports automatically all its git repos as subversion, so, right now, you’re already able to execute:
svn co http://github.com/XayOn/FooBar
And there you have it, your git repo, exported as subversion, just keep the github repo updated with
git remote push github <branch>
Aircrack-ng unoficial debian package
I’ve been working lately on an unoficial aircrack-ng package containing all the cool stuff, including airoscript. I talked with Thomas D’Otreppe and he told me I could use some space on aircrack-ng’s servers, but I haven’t had it yet, so I put the repository under degeneratedlabs. If the repo is down try again in a few hours.
You can install lastest (weekly built) aircrack-ng by adding this repo to your /etc/apt/sources.list
deb http://repo.degeneratedlabs.net/debian/ aircrackng-unstable/
And executing
apt-get update && apt-get install aircrack-ng
Also, you can find the sources I use to generate the package at my github. And the script I made to ease the build here:
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
|
Automagically organising your bittorrent downloads with deluge
I, as most people, like to have my video files ordered. After I’ve finished downloading a torrent I manually move it to my media dir, under a directory for the series it belongs to, or no directory at all, but it’s a hard and unnecesary process.
I’ll explain here (and provide an script for it) how to make deluge automagically handle our files.
I’ve chosen deluge bittorrent client for this guide (blame it on enver555), but you should be able to use my script (with maybe, a few modifications about the argument handling) anywhere.
Getting the script
First, you will need to download the shorting script, it’s a single 5-liner bash script, with lots of magic and power, for that reason, I’ve called it the torrent shorting hat.
| 1 2 3 4 5 |
|
Installing it system-wide or locally
You might want all your users to have access to this script, for that, as with any other linux program, you should copy it to path and give it executable permissions, that’s, as root:
wget https://raw.github.com/gist/1705151/540fd4445ca4e0f540ddf82decba3ffc421c46ab/gistfile1.sh -O /usr/local/bin/torrent_shorting_hat chmod +x /usr/local/bin/torrent_shorting_hat
I personally recoment this method, but if you prefer, you can get it at your local home, you could, for example, do something like this:
wget https://raw.github.com/gist/1705151/540fd4445ca4e0f540ddf82decba3ffc421c46ab/gistfile1.sh -O .torrent_shorting_hat chmod +x .torrent_shorting_hat
Configuring deluge
We enable the execute plugin
Enable execute plugin
Then, we add an execute action for a “finished torrent download” handler. If you’ve added your script locally, you had to reference it as its full path, otherwise you have just to use “torrent_shorting_hat” as scrpit:
Adding the complete script call.
Configuring the sorting hat
The sorting hat will read a file in your home called .torrent-aliases, more exactly its regexes variable, it’s basically a shell script with associative arrays, like this:
regexes[''hitchicker']="(.*)42(.*)"
This will get everything containing “42″ to a folder in ~/Media/(mimetype)/hitchicker, being mimetype the file’s mimetype. Wich, by the way, means that even if you don’t have anything configured, the script will organize files by its type.
Adding socks5 support to python-irclib
I was playing with IRC and Proxyes a few weeks ago, and I found out that python’s irclib didn’t support them!
It took me like a minute or so to fix it, just overloading socket with socksocket, you can have a look at my fork in github
try:
import socks, os
socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5,
os.getenv('proxy_addr'), os.getenv('proxy_port'))
socket.socket = socks.socksocket
except:
pass
So, basically I try importing socks and setting up a default proxy, socks5 (sorry, I haven’t considered socks4 on there), with the environment variables proxy_addr and proxy_port as addr and port.
To use it, you’ll have to get a libirc-based application (there’s a bot included that might be a start) and, before starting it, define proxy_addr and proxy_port
proxy_addr=127.0.0.1; proxy_port=1080; python my_python-irclib_based_foo
Enjoy =)
Looking for android version with ADB
I was trying to get my android version number with ADB (as I didn’t want to make excessive use of my fingers on a screen, you know 
). I wanted to do it so I could make some scripts, but I didn’t really found a cool way to do so. Thankfully, android shell has a command wich will tell us all device info: getprop.
As this is an android shell stuff and not ADB itself, we’ll have to launch adb shell against it, and then parse the output, I’m using awk here to parse it
I’ll change awk internal field separator (IFS) with the -F flag to parse the output into key-value stuff and print only the value, I already knew the key, wich, for android version, is “build.version.release”
We can parse, csv with awk the same way as we’ll be doing this:
cat foo.csv| awk -F "," '/pattern/ {print $1 }'
At the end we’ll get version with just this simple piece of code:
version=$(adb shell getprop |awk -F":" '/build.version.release/ { print $2 }')
Update: I wanted it cleaner, so I removed [ and ] with tr.
version=$(adb shell getprop |awk -F":" '/build.version.release/ { print $2 }')|tr -d '[]'
Amazingly usefull for android debugging!
Biibot, a bash bot based on II
I was on the IRC channel #debian-es-cachondeo yesterday, talking with @Kumul about II and his rc-based bot and I decided to show him the power of bash. In a few minutes I uploaded to my github a first version of what I think is a nice bot, configurable and scalable, with no useful features… But you can add your own!
First of all, let’s see what it does:
- Manage multiple servers with independent channels
- Enable-disable commands at runtime
- Nice configuration file
- Admin user ACL
- Process management
Building and installing airoscript
This has been tested on debian stable and testing
We’re going to install the lastest version of airoscript, subversion one, as always, we need aircrack-ng among other stuff to get it working. Lastest version of airoscript requires aircrack-ng from subversion, so we’re going to install everything at the same time, including some nasty airoscript deps.
At the end of this article, you’ll find an script that will make everything for you.
Making releases for python programs in android
It’s been a while since I lastest got Digenpy for android ready, so I decided to take a look at it again and re-do it. After I finised most of the work, I realized I didn’t have a build-and-test apk system, so I’ve built one.
Here are the steps I followed, as described by android documentation:
- Download android sdk
- Get java development kit (sun-java6-jdk in debian. Only available in debian stable at this time)
- Launch “android” executable from sdk tools/ directory and specify it to download the APIs you want, and the platform tools.
- Generate apk with ant *
- Align apk with zipalign from tools directory *
- Set up a virtual machine in emulator *
- Launch app in emulator *
* I’ve made a little script, hosted here , it also can do debian packages and windows exes (I will talk about it in my next article). After apk building it launches android emulator to test it.
Let’s get all of it togheter. We need to install a few things and configure the script.
First of all, we’ll need to install android SDK on a good path, like /usr/local/share/android-sdk.
$ wget http://dl.google.com/android/android-sdk_r15-linux.tgz -O - |tar xvzf - # mv android-sdk-linux /usr/local/share/android-sdk
Then, we install sun-java6-jdk, only debian stable is covered here.
# apt-get install sun-java6-jdk sun-java6-jre
Finally, we’ll install the android platform tools and sdk, launching (as root) the android app.
# /usr/local/share/android-sdk/tools/android
Inside there, we’ll select an API (I’ve chosen 10) and the platform-tools and SDK-tools.
Android tool
To be able to emulate, first we’ll have to create the config for an emulator, we’ll do it trough tools/Manage AVDs
Android virtual device manager
Now, we will download the template for android-python apps, uncompress it, and put our script on raw/res/script.py, then execute package_generator script.
wget http://android-scripting.googlecode.com/hg/android/script_for_android_template.zip unzip script_for_android_template.zip mv hello_world.py raw/res/script.py
Package_generator.sh apk
And there we have it: It will generate a nice APK, and launch the emulator with the apk installed so we can test it.
Easly creating nice menus with jabashit
This is more like a installing + quickstart guide for jabashit.
First of all, we need to get a working copy of jabashit, and make.
# apt-get install make tar
# wget -O - https://github.com/XayOn/jabashit/tarball/master | tar xvz && make -C XayOn-*
Ok, we’re done for, jabashit is installed on your system =) Easy & nice huh?
Now, we’re making a simple shell script using jabashit, remember, it’s not sh compatible so we have to use bash here.
#!/bin/bash
source $(source_jabashit)
load TUI screen_display # screen_display is a dep of TUI.
mkmenu -t "System utilities" -o "Process monitor" -f "top" -o "Cpu Info" -f "cat /proc/cpuinfo" -o "Exit" -f "echo"
To this point, it’s not much more than I had on previous jabashit release post, but now jabashit has a whole lot of plugins like this one:
#!/bin/bash
source $(source_jabashit)
load device_utils TUI screen_display
_cdtool(){ read -p "$(_ 'Enter device: ')" a; read -p "$(_ 'Enter destination or source file: ')" a; cdtool $1 $a $b; }
mkmenu -t "Cd Utils" -o "Save a CD/DVD to disk" -f '_cdtool save' -o "Burn directory to CD/DVD" -f '_cdtool write_dir' -o "Burn iso image to CD/DVD" -f '_cdtool write_iso'
