Monday, September 27, 2010

World meeting time planner

Planning a meeting or phonecall across multiple timezones can be tough.

I've used a few online tools, but my current favourite is a gnome app called slashtime by Andrew Cowie. I saw Andrew speak at Linux Conf Au in 2009 on GUI design, using slashtime as an example, and it was a great talk. 

Highly recommend.  Would be great to see a debian package so it is apt-gettable.

Sunday, September 19, 2010

HOWTO list windows shares from a linux box using smbclient

To get a list of all SMB shares exposed by a windows box, use smbclient:
smbclient -L my.windows.host --user=myfirst.mylast

Friday, September 17, 2010

jQuery: host locally or use googleapis.com CDN?

There are two main ways to host your blob of jQuery minimised javascript: on your own webserver or, on Google's. Which is better? A large amount of time has been spent debating that very topic.

What are the pros and cons of using Google?

Pros

  • Fast, geographically distributed, reliable CDN
  • Free, saves using your bandwidth
  • If many people use the Google version of jQuery (and they do), it is highly likely the user will have it in their browser cache, given the long expiry times Google sets when they serve the file (although there are some caveats).  This means the user probably won't have to request the file at all.  Even if users regularly clear their browser cache it is likely to be cached by a proxy.

Cons

  • The CDN might be down, or slow, which will impact your site.
  • If there is no Internet connection it won't work (definitely not the best choice for internal webservers)
  • If you already have other javascript bundled into a minimised file (common practice), it is an extra web request that needs to be made, when you could just include it in the bundle.
  • You are giving Google information about your customers (i.e. forcing them to make a request) to Google.  Given the large amount of caching, this will not be comprehensive, and there is a reasonable chance you are running Google analytics anyway. 
On balance, I think using Google's version is the better option.

Using the django-admin time and date widgets in your own django app: too hard, use jQuery

The django doco encourages you to use the django admin widgets (such as the time and date picker) in your own apps. Unfortunately actually doing this turns out to be more work than using external widgets like the excellent jQuery-ui.

jQuery comes with good tutorials and doco. jQuery-ui, which builds on jQuery, has a great array of helpful widgets. If, like me, you just want a date picker widget, it is super easy.

You'll want to add something like the following to your template (in your base template if it will be used on every page):
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.5/jquery-ui.min.js" type="text/javascript"></script>
<script type="text/javascript">
  jQuery(function()
    {
      jQuery('.vDateField').datepicker({ 
          dateFormat: 'yy-mm-dd',
          constrainInput: 'true', 
          maxDate: ' 1m',
          minDate: '0d' })
    });
</script>

To make it look pretty jQuery has you covered, with ThemeRoller. Pick a style you like, customise it if you need to, and download your new CSS. Drop that in your template too.

Tuesday, September 14, 2010

Taking a disk image and creating a hash of the data with one read of the source disk

I have previously blogged about how to take a disk image over the network. The more common case is you want to make a forensic copy of a locally-connected disk. Usually this is a disk you connect using a write blocker, such as one from wiebetech, to prevent any changes being made to the source disk.

This command takes a forensic image and a hash of the original disk at the same time, requiring only one read of the source disk:
mkfifo /tmp/disk.dat; sha1sum /tmp/disk.dat & dd bs=256k if=/dev/sdc | tee /tmp/disk.dat > /mnt/destination/disk.dd

Monday, September 13, 2010

Chrome (chromium) browser makes random 10 character HEAD requests on startup

I recently saw this in a proxy log:
http://yyvssjupua/ 192.168.20.1/- - HEAD - from squid.
http://mskwuzkkpu/ 192.168.20.1/- - HEAD - from squid.
http://dfoigxiyyl/ 192.168.20.1/- - HEAD - from squid.
What the? After talking to the user, who told me he was running chromium, I found out this was legit chromium behaviour. Apparently some ISPs will send you to a page with their advertising if you visit a url that has a DNS lookup failure. Bastards. To combat this, on startup chrome makes three requests to random domains that are guaranteed to generate lookup failures. If they get a HTML page back, chrome knows to disable the 'did you mean' functionality that asks if you meant to visit the host or perform a search query for the host so it doesn't keep pointing you to the ISP's ad page. Smart!

Saturday, September 11, 2010

Cisco 'show everything' and password cracking

To do a 'show everything' on a cisco device, use 'show tech-support'. This includes show run, process listings, interface info, and basically every bit of information you can get through running other commands. Note that user type 7 passwords (see below) are automatically sanitised from the output.

Cisco still uses a terrible password encryption scheme for user passwords that can be trivially cracked. The following user password uses the weak encryption (you can tell by the number 7 preceeding the hash):
username jdoe password 7 07362E590E1B1C041B1E124C0A2F2E206832752E1A01134D
While user passwords are encrypted using this weak scheme, enable passwords are MD5 hashes that look like this (note the 5):
enable secret 5 $1$iUjJ$cDZ03KKGh7mHfX2RSbDqP.
Cisco is stuck using the reversible encryption scheme for the near future due to the need to support certain authentication protocols (notably CHAP).

Enable (MD5) passwords can be cracked using standard tools such as John the Ripper or rainbow tables.

Type 7 passwords can be cracked with the following simple perl script.
#!/usr/bin/perl -w
# $Id: ios7decrypt.pl,v 1.1 1998/01/11 21:31:12 mesrik Exp $
#
# Credits for orginal code and description hobbit@avian.org,
# SPHiXe, .mudge et al. and for John Bashinski 
# for Cisco IOS password encryption facts.
#
# Use for any malice or illegal purposes strictly prohibited!
#

@xlat = ( 0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41,
0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c,
0x64, 0x4a, 0x4b, 0x44, 0x48, 0x53, 0x55, 0x42 );
while (<>) {
  if (/(password|md5)\s+7\s+([\da-f]+)/io) {
    if (!(length($2) & 1)) {
      $ep = $2; $dp = "";
      ($s, $e) = ($2 =~ /^(..)(.+)/o);
      for ($i = 0; $i < length($e); $i+=2) {
        $dp .= sprintf "%c",hex(substr($e,$i,2))^$xlat[$s++];
      }
      s/7\s+$ep/$dp/;
    }
  }
  print;
}

Booting and/or mounting a raw disk image under windows

CERT has developed a cool tool called LiveView that allows you to boot a raw disk image (such as one produced by 'dd') using VMWare. LiveView preserves disk integrity by writing all disk changes to a separate file. The tool works under windows and linux, and boots a range of Windows versions.

Alternatively, if you just want to mount a disk image in windows (something that is trivial in linux using the loopback device), there is a tool called imdiskinst that can help you out.

Thursday, September 9, 2010

HOWTO dump out all email attachments from a Microsoft PST archive

On ubuntu install 'readpst' and 'uudeview', then:
readpst -o mbox -j4 mpst.pst
Which will use 4 processes to give you a bunch of mbox files in the 'mbox' directory. Then, extract all the attachments:
cd mbox
uudeview -p ../pst_attachments *