Tagged: bash

Hakology Day 4 : Blog Entry

[15.13]
Chores done and I’m online. Going to get busy, goals for today, get steam controller working on retro pie, re-record retropie audio, and re-render using better stock footage including steps to configuring. Then if I have any time get back on the SDR work.
[/15.13]


[16.21]
Spent as much time working on retropie as I want for now. Just uploading WIP on the hakology VBLOG channel. Tea, food & SDRs.
[/16.21]


[16.32]

[/16.32]

[16.45]
Background noise.

[/16.45]


[17.57]
Steam controller working in retropie … whoot.
[/17.57]


[19.23]
Written an automated installation script. Finding bash in raspbian has some unusual defult settings regarding echo. If any one knows how to get echoes to display …
[/19.23]


[20.05]
Testing and debugging script. Being a noob. Making silly mistakes. Correcting them. NTS: tput setaf 1; is a great way to set echo output in bash 🙂
[/20.05]


[20.10]
Finished …. taking a break. – Managed to brick emulationstation in the process, now have to recover script and reimage.
[/20.10]


[20.24]
Turns out if you boot the pi with a cronjob for the steam pad drivers it’ll crash emulationstation if you dont have the dongle inserted.
[/20.24]


[21.01]

#!/bin/bash
echo This script is designed intended for retro pie running raspbian and python 2.7
echo This script will now install the drivers and files required to use the steam controller with retropie
echo Ensure your pi has an internet connection prior to running.
echo Moving to home directory
cd /home/pi
echo Installing dependancies Python package manager and git
sudo apt-get install python-pip git
echo Installing – libusb1
sudo pip install libusb1
echo Installing – enum34
sudo pip install enum34
echo Cloning steam controller files.
git clone https://github.com/ynsta/steamcontroller.git
echo Moving to steam controller files directory
cd steamcontroller
echo Intsalling steam controller files
sudo python setup.py install
echo Setting up udev rules
echo SUBSYSTEM==\”usb\”, ATTRS{idVendor}==\”28de\”, GROUP=\”games\”, MODE=\”0660\” >> /etc/udev/rules.d/99-steam-controller.rules
echo KERNEL==\”uinput\”, MODE=\”0660\”, GROUP=\”games\”, OPTIONS+=\”static_node=uinput\” >> /etc/udev/rules.d/99-steam-controller.rules
echo Reloading udev
sudo udevadm control –reload
tput setaf 1;echo All operations complete
echo PLEASE READ THE FOLLOWING
echo
echo Update crontab …
echo crontab -e
echo Add the following to crontab …
echo @reboot /usr/local/bin/sc-xbox.py start
echo Ensure the steam usb dongle is inserted when you reboot otherwise emulationstation might not load.
echo
echo If you need to run the script more than once besure to clean the udev rules found in:
echo /etc/udev/rules.d/99-steam-controller.rules
Will post a better a link to the file later when i’ve finished tinkering.

[/21.01]


[21.22]
Random pic for the day, great tool all round esp when it comes to cabling new pc builds or finding that tiny screw you just dropped on the floor, cree LED with recharagable 18650s and adjustable focus.

[/21.22]


[23.49]
Final retropie video posted to the hakology main youtube channel.
http://youtube.com/hakology

[/23.49]

[00.33]

[/00.33]

[4.16]
Signing off.
[/4.16]

Scanning the scanners … coding counter measures

When I was playing about with kippo the other night I had this idea to counter attack people who were scanning / trying to access my server. If someone connected to port 2222 without permission could I use the logs to automate a counter attack / perform some recon. After a quick look at the log files I decided that coding counter measures for a SSH honey pot would be pretty useless as the honey pot isn’t providing / holding any important information. I then turned my attention to another server that hosts some statistical data for other sites I contribute to.

Initially I wanted to look at any 404 errors because I could see people looking for default program paths and directories to exploit. This would be a good approach but there were also legitimate 404 errors where things like the favicon.ico or just simple stuff like unintentionally malformed URLs. I looked at the log files again and noticed everytime someone nmaps port 80 they leave a really obvious finger print.

debian.home:80 xxx.xxx.xxx.xxx – – [09/Jul/2013:15:45:13 +0100] “OPTIONS / HTTP/1.1” 200 188 “-” “Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)”

Present on every nmap scan I can see logged to the server. (There must be a param to disable/change this somewhere in nmap)
I came up with the script below which when executed will nmap anyone who has nmapped port 80 and save it all to a file 🙂

# fire all the lasers
# bash apache counter recon tool

echo ‘Gathering logfile data n’
cat /var/log/apache2/*.log | grep nmap | awk ‘{ print $2 }’ > nmappers.txt
cat nmappers.txt

echo ‘Filtering unique ips …n’
sort nmappers.txt | uniq > ips.txt

echo ‘Scanning the scanners …n’
nmap -v -T4 -A -iL ips.txt > recon.txt

echo ‘Cleaning up …n’
rm ips.txt
rm nmappers.txt

echo ‘Results …n’
cat recon.txt

Conclusion and thoughts:
This is just the beginning, really enjoyed coding this script will look to expand on it soon. Possibly combining this with kali linux & metasploit. Lots of room for improvement as this could also be used to look at failed login attempts on other services / ports … the nmap finger print could greatly be expanded on too using failed exploits from the log file. (Geolocation / Automatic notification to isps that their users are up to no good? etc.)

EDIT : big update coming to this script tehe 😀