HR Geeks

Our very own telmnstr and enferex will be presenting the Open Vulture UAV platform at ShmooCon on 2/6.  As we know it will be the highlight of the con, we will be broadcasting their presntaton live.

Assuming we’ll have signal, you can watch the event live at the URL below.  At the completion of the talk a recorded version of the presentation will be available at the same URL.

http://stugs.com/live

From the talk description:

Open Vulture – Scavenging the Friendly Skies Open Source UAV Platform
Matt Davis and Ethan O’Toole

OpenVulture is a software application and library designed to to control numerous platforms (land, sea, air) using a simple software framework. During the presentation our vision for having cheap and autonomous craft for the public to play with iand hack upon shall be explained. Unfortunately other factors have prevented us from providing a live demo, however our project plans will be unveiled, including a basic set of hardware that a user can obtain in hopes of creating their own autonomous drone. The concepts illustrated will demonstrate cheap UAV building, however the information and software provided can be tweaked to adhere to other platforms (/me thinks Wal-Mart Buggy).

Matt Davis / Enferex is currently a software engineer from the Hampton Roads region of Virginia (757). He is part of the 757Labs crew, prefers obnoxious music, and imbibing in quantities of coffee that make mere mortals shiver.

Ethan O’Toole / Tele Monster is currently a network and system admin in the Hampton Roads region of Virginia (757). He is part of the 757Labs crew and likes dreaming up wild projects. Every once in a while a few get completed.

I have been working on an embedded wireless application and the development board only supports power over ethernet (PoE).  The manufacture hasn’t released their official PoE injector so I started looking for an economical alternative online.   For such a simple device I was amazed at how expensive a basic 802.3 PoE injector can be.

After looking at what was required to build one, I decided I would give it a try.

What you’ll need

• Two keystone jacks
• Dual port surface mount jack
• A short length of cat5 cable
• Power supply of your required voltage :: My SBC supports 12-36V DC so I used an old 12V (1.2A) power supply from a Netgear broadband router
• Multi-meter, wire stripper, and a punch tool

First comes the standard data connections.  If you’ve ever made an Ethernet cable then these are pretty familiar.

• PIN1 -> PIN1
• PIN2 -> PIN2
• PIN3 -> PIN3
• PIN6 -> PIN6

On the power side, we will need to supply positive (+) and negative (-) power to a total of four pins.  To do this, you’ll need to loop two of the PINs for positive (+) and two for negative (-) as shown above.

The power connections are:

• PIN4 :: positive (+)
• PIN5 :: positive (+)
• PIN7 :: negative (-)
• PIN8 :: negative (-)

Once you have your power connections looped, install the power supply cable.  I had a bunch of CAT6 jacks “laying around” the office and decided to use those as they have a ziptie connector at the back of the jack.  This is useful for securing the power supply cable.

After you assemble the surface mount box label the two ports and verify the power pins with a multi-meter.

This cost me nothing as I stole all of the parts from our telephone supply closet.  If I had purchased all the required parts at retail it would have been about $25.   This is the same price as the cheapest PoE injector I found w/out shipping.

If you want to remotely power a device that isn’t PoE, build another for the other end but replace the power supply with the approporiate connector for your device.

I have always been a fan of the underlying concepts of TOR. I frequently utilize it in my scripts to simulate traffic from all over the globe. From a programming prospective, I’ve used it for anything from testing a web service to rigging an online poll… OK, I’m just as guilty of using TOR for its unintended purposes as anyone

Recently I decided to try setting up a TOR hidden service. While “anonymous” browsing via TOR is fairly well known, the ability to setup anonymous servers is often overlooked. When you setup a hidden service, you can host applications on a server whose location is completely unknown. All traffic to and from the service is encrypted and comes “anonymously” over the TOR network. Sounds neat! What’s the catch!?

The Catch: If the server hosting your hidden service is ever compromised, so is the IP of the server and most likely its owner. If you setup a anti-scientology forum using PHPBB and it gets exploited (that never happens), any anonymity provided by the TOR hidden service can be stripped away. If this happens, expect to hear from their lawyers

I had the idea to setup an anonymous bittorrent tracker on the TOR network. With all the good trackers getting shut down, why not setup an “untrackable” tracker that couldn’t get shutdown.

VMWare is really handy for setting up a secure hidden service. Without VMWare you would need two dedicated workstations. The diagram below shows my take on setting up a secure hidden node.

The concept of this network is fairly straight forward. Your application server (in this example Apache) needs to be isolated from any networks that have internet connectivity. If your hidden service is exploited, the attacker must not be able to determine where your application server is located.

In this example, my application server (10.0.1.2) can only talk to the TOR proxy node on its secondary address on the 10.0.1.0/24 network. Firewalls running on both servers prevent any traffic that is not HTTP traffic requested from the TOR network. If someone exploits my tracker and runs unauthorized code, they only have access to the local box. They can not originate any traffic that was not requested by the TOR proxy running on 10.0.1.1.

The TOR node has a secondary interface on the SOHO LAN. This interface is used only for encrypted TOR traffic coming to/from the internet. This server should only be permitted to reach the TOR network over its encrypted connection and not have full NAT access to reach the internet. We’re putting a lot of trust in the TOR daemon. If it were exploited, you’re hidden service location would also be visible to the attacker.

I wasn’t super paranoid in my testing and used iptables on the hidden service and TOR node. If you’re really nervous, you’d need hardware firewalls to prevent the box from being exploited and having someone strip down your ruleset.

Is this a lot of work just to setup a hidden service? Yes, yes it is! For those wondering, my experiment was a total failure. While it worked technically, it was so slow no one would ever use it.

If you’re wondering, most hidden services are crap. The good ones are, well, hidden! The only real exception to the public hidden services is WikiLeaks. WikiLeaks is an excellent example of a site that was facing censorship and turned to the TOR network to ensure they could continue to make their information public.

While it’s not a new tool, it’s new to me!This weekend I was cleaning up my office and decided it was time to throw out a bunch of old hard disks and two old PCs I have been hanging on to for no good reason. I’m a lazy, lazy man, and I knew there had to be a semi-automated way to wipe all these disks without a writing a foreach loop

Say hello to my new friend Darik’s Boot and Nuke.

I installed all the disks in the two PCs and booted them both off a USB key with DBAN. It detected all the disks in the machines and prompted me with my wipe options. The nice part about this utility is that it wipes all disks simultaneously. If you’re in a hurry you can type ‘autonuke’ at the boot menu and it will start wiping all disks automatically. Good if the feds are knocking on your door…

It took just under 36hrs for DBAN to finish wiping all the disks with a 5x wipe. It will never replace my thermite, but it’s incredibly handy.

This morning oreo and I were looking into a SSH issue with one of our cpanel servers (yes, yes I know) when we discovered a hacked web hosting account running a ventrillo server. When we went to kill the users’ other processes we noticed something else running that was a little more interesting…

/home/<removed>/public_html/drivers/CVC/src/ircd

Our hosting box was also running an IRC daemon optimized for controlling botnets. Neato!

After fiddling for a bit we now had the IRC connection password and the IRC OP login. When we logged in we were quite surprised to find 800 exploited computers happily connected and awaiting orders. We tried a few commands but couldn’t figure out exactly how to control the botnet.

That was until we discovered the brilliant botnet operator had turned on debug logging. All that work setting up a server designed to hide who was connected and what was going on, only to turn on debugging. Whoops!

Not only did we now have full logs of how to control the bots, we were able to lock the operator out of his network by changing all his passwords.

As you might expect, the botnet owner was pretty upset. We contacted him via IRC and received a friendly response…

if you not give me back my bots i’ll destorys you
remmber that
i got your computer and your box
and alot more
i known you

I’m sure the stress of losing all the nodes he worked so hard to exploit had him a little upset

I attended a Win2k8 Server launch “party” a few weeks ago and one of the big new features is the ability to opt to run server core. I believe the quote was: Now here’s something you UNIX guys are really going to enjoy!

If you’re not up on your Windows tech, core is basically just a stripped down version of Windows Server 2008 w/no GUI. The screenshot above is all you get… just a command prompt. Everything is done from a command line. You can click all you want, but all it’s going to do is close the black window.

After demo’ing the stripped down OS to my peers it became clear why Microsoft has decided to offer the core version… sell more books and training classes. None of the other Windows only admins in my office get it. Not even a little. They think it’s great that they get a “more secure operating system,” but basic items like changing the IP address or installing a NIC driver have already resulted in endless scribbles on notepads and post-its on cube walls.

This next screenshot might be a little confusing to you. It’s server core running Hyper-V running server core running Notepad…

Normally on a GUI-less UNIX install I can’t bring up xemacs… I do love the Windows 3.11 style file browser. Good to see they’re reusing quality code

For the record, I am using it. It’s been great for the our VM boxes as it uses <300MB of RAM and has incredibly low overhead for Windows. Not core Linux install low, but decent. I’ve already come to the realization that anytime there are issues with these boxes I’m going to be the one getting paged =\

One of my big tasks at work is rolling out a completely new platform for our internal production and development networks. The goal is to move all of the servers that support these networks to VMs running in Hyper-V under Win2k8 (Yes I’ve sold out my UNIX roots).

As all of our applications are web based, I’m also been given the task of setting up a new SQL 2k5 database cluster that will utilize a portion of the new SAN. This DB cluster will be an active-active setup with a total of three servers.

I setup a couple VMs on my notebook to experiment with different SQL disaster and Win2k8 server failover scenarios. As I wanted my test network to completely standalone on my notebook, I needed to find a way to bring my SAN home with me. I found a really neat app from Rocket Division that would allow me to create a virtual iSCSI SAN on the host OS share virtual disks to my VMs.

For this experiment the 30 day demo works just dandy. There is also a free personal edition but it is limited to only one host connection. The app has an incredibly small footprint and runs quite happily on my notebook with my other VMs. I only have 3GB of RAM on my c2d notebook and am able to run 4 Windows VMs, the iSCSI emulator, and iTunes with really decent speeds.

For my disks, I choose to creates virtual image files on your host PC must like VMware. I’ve never needed more than about 1GB of storage for per LUN for my testing, but it will go all the way up to a terabyte. The options to use physical disks, RAID1 of image files, and snapshots makes for a pretty feature rich test environment.

There is an alternative iSCSI target application called WinTarget that’s worth checking out. I really dig Starwind because of it’s incredible ease of use and small footprint.

toxicboy has recently accepted Make magazine as his lord and savior and has been feeding me some neat project ideas. One of the more interesting items he’s passed along was the Arduino Diecimila Plus USB board. For the low price of $34.99 it’s worth checking out.

I’ve had dreams of building my own UAV to spy on my neighbors pets and thought this little guy would be a great addition to my project. As chance would have it, Hack A Day
has a link to an Arduino powered blimp.

I did some searching for other UAV projects that use the board I found a sub built by University of Ottawa. The ARISE website has some details and an incredibly boring video of their project. Even the catchy music can’t make that video interesting.