Aug 10 28

I usually use container or sometimes tools like ccrypt to do (simple) file encryption from the command line in Linux but it has come to my attention that there is an easier way to do file encryption with OpenSSL. From the command line on *nix machines that have OpenSSL you can try the following.

To encrypt the file my1test.txt and ouput to the file my1test.aes.

openssl aes-256-cbc -a -e -salt -in my1test.txt -out my1test.aes

To decrypt the file my1test.aes and ouput to the file my1test-decrypt.txt.

openssl aes-256-cbc -a -d -salt -in my1test.aes -out my1test-decrypt.txt

This just makes file encryption easier because you can use any machine with openssl to encrypt or decrypt the same file. BSD, Linux, Solaris, Irix, etc. No more installing extra programs to do this if you really don’t want to.

written by d45id \\ tags: , , , , , , ,

Aug 10 27

Looks like ssh can support forwarding traffic and act as a SOCKS proxy. This is fantastic for encrypted browsing over unsecured wifi connections. Just setup Firefox, AIM or any other SOCKS 4 or 5 compliant program to use the proxy. After executing the command below ssh will be listening on localhost ( and you would then point your SOCKS compliant program to this ip and the port you specify below. This can also be done with SSH client for windows Putty. Something like this possibly (look it up yourself): putty -D 8080 -L 443 -ssh ssh_hostname.

ssh -qTfnN2 -D 8080 user@machine

The above commands in the line mean:

-q :- be very quite, we are acting only as a tunnel.
-T :- Do not allocate a pseudo tty, we are only acting a tunnel.
-f :- move the ssh process to background, as we don?t want to interact with this ssh session directly.
-N :- Do not execute remote command.
-n :- redirect standard input to /dev/null.
-2 :- Forces ssh to try protocol version 2 only.
-D :- Specifies a local ``dynamic'' application-level port forwarding.  This works by allocating a socket to listen to port on the local side,
      and whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then
      used to determine where to connect to from the remote machine.  Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
      as a SOCKS server.  Only root can forward privileged ports.

If you want to change settings in firefox for example go to: edit -> preferences -> connection settings -> manual proxy configuration -> SOCKS Host Port 8080. Firefox will still use your local DNS to do lookups for hostnames. This may give you away if your using SOCKS to browse remotely and don’t want anyone to know where your going. To get Firefox to use the proxy’s dns type „about:config“ into the url bar. Then change „network.proxy.socks_remote_dns“ to „true“. Type it in at the top and then double click it.

If you have a browser like Opera or another program that is not SOCKS aware you can use a program called tsocks. It makes a little tunnel and takes all of the outbound network traffic from the program that can’t talk SOCKS and turns it into a program that can use the SOCKS server.Open the config file (/etc/tsocks.conf) and set your local networks like „local = 192.168.0.*“. Then tell tsocks where the local SOCKS server is running with the settings „server = localhost“ and „server_port = 8080“. Last set tsocks to SOCKS type 5 like „server_type = 5“. Then save the file and fire up your non-socks aware program using tsocks like „tsocks opera“.

If the network your on blocks ssh outbound but leaves open port 80 or 443 then just run your ssh server on the open 80 or 443 ports.

If the network your on blocks all ports outbound except one for a proxy server then you can use a program called corkscrew. It will tunnel SSH through HTTP proxies. All you need to know is what ports the proxy lets you connect to like https (443) or http (80). Follow the readme it will show you how to set it up with ssh. After that you just use the ssh line we discussed at the top of this article to use ssh as your SOCKS proxy. Possibly combine corkscrew with tsocks.

If you have a firewall or proxy that only allows http headers going out 80 then you could use httptunnel. You need to run httptunnel on both the machine you connecting from and the machine your connecting to. The machine your connecting to will be doing your tunneling (your home machine possibly) and will need to run the httptunnel server on port 80 so you could not have any program using that port. Just read the readme’s and other instructions to get it going.

If your on a network that will only let you resolve dns queries then you can even tunnel your ssh traffic through dns. Wicked huh? You can do this with a program called iodine. To do this you have to have control over real domain like and a server with a static public IP number that does not yet run a DNS server. This is because you will be running a fake dns server on udp port 53 on your server. That is how the traffic is tunneled to your machine from the locked down network that only allows dns queries. Just read about it a the link above.

If your really desperate you can even tunnel icmp packets. This is known to most people through the program ping. A ping is just and icmp echo request. If you get onto a network that is really locked down but for some reason lets you ping hosts to the outside world then you can tunnel your traffic through icmp packets. It can be done with a program called ping tunnel.

Tunnels are really an endless game. The thing to remember is if your on a network and you can get any kind of machine on that network (proxy,dns,etc) to connect to a machine of your choosing outside of that network then you can tunnel to it. Like a dns query or a ping. You can tunnel almost any thing. Just becasue your on a locked down network doe not mean your situation is hopeless but if you have a host you control on the outside world (your home machine) and you control the host on the locked down network (root privs) you have a better chance of being able to use a tunnel.

written by d45id \\ tags: , , , , , , , , ,

Aug 10 25

I wanted to copy everything off the disk and send it over the network. So we can do it with ssh. First zero out the non used space on the running disk to make compressing the image much eaiser. Using the command:

dd if=/dev/zero of=0bits bs=20M; rm 0bits

Then boot knoppix (or any other bootable linux distro like sysrescuecd) from the machine you want to image and give the command:

dd if=/dev/sda | gzip -1 – | ssh user@hostname dd of=image.gz

Assuming sda is your hard drive. This sends the local disks data to the remote machine. To restore the image boot knoppix on the machine to restore and pull the image that you created and dump it back with the command:

ssh user@hostname dd if=image.gz | gunzip -1 – | dd of=/dev/sda

This will usually take a few hours so be prepared.

written by d45id \\ tags: , , , ,

Aug 10 24

The following commands I present are  only tested with the Cisco 1700, 2600 and ISR Series

Step 1: Boot the router and interrupt the boot sequence as soon as text appears on the screen.

Press „Ctrl-Break“

rommon 1 >

Step 2: Change the configuration register to ignore contents of NVRAM

rommon 1 > confreg 0x2142

rommon 2 >

Step  3: Reload the router.

rommon 2 > reset

Step 4: Enter privileged mode. (Do not enter setup mode!)



Step5: Copy the startup configuration into the running configuration.

Router#copy startup-config running-config

…<output cut>…


Step 6: Change the password

rt1#configure terminal

rt1(config)#enable secret new

Step 7: Reset the configuration register back to its default value.

rt1(config)#config-register 0x2102


Step 8: Save the configuration


Building configuration …



Step 9: Verify the configuration register.

rt1#show version

…<output cut>…

Configuration register is 0x2142 (will be 0x2102 at next reload)


Step 10: Reload the Router


written by d45id \\ tags: , , , ,

Aug 10 24

Falsch: 2001:0db8::0001
Richtig: 2001:db8::1
Führende Nullen müssen unterdrückt werden!

Falsch: 2001:db8:0:0:0:0:2:1
Richtig: 2001:db8::2:1

Falsch: 2001:db8::0:1
Richtig: 2001:db8::1
Die Verwendung des “::” muss bis zum Maximum durchgeführt werden!

Falsch: 2001:db8::1:1:1:1:1
Richtig: 2001:db8:0:1:1:1:1:1
Ein einzelnes 16bit-Feld mit Nullen darf nicht zusammengefasst werden!

Falsch: 2001::1:0:0:0:1
Richtig: 2001:0:0:1::1
Bei mehreren Möglichkeiten die Adresse durch ein “::” zu verkürzen muss das längste Vorkommen von Nullen gekürzt werden!

Falsch: 2001:db8:0:0:1::1
Auch falsch: 2001:db8::1::1
Richtig: 2001:db8::1:0:0:1
Wenn mehrere Abfolgen von Nullen gleich lang sind, muss die erste verkürzt werden!

Falsch: 2001:db8:0:0:A::B
Richtig: 2001:db8:0:0:a::b
Die Zeichen “a” bis “f” müssen klein geschrieben werden!

Dies alles kann  im RFC 5952 – A Recommendation for IPv6 Address Text Representation nachgelesen werden ;-)

written by d45id \\ tags: ,