Recent blog entries for beraldo

3 anos…

3 anos nesta selva de pedras, e longe da Terra do Sol....
Saudades....

Syndicated 2010-11-21 19:32:09 from beraldoleal.com

10 Modular Blues Turnarounds and Introductions

After a long time without any post, so I decided to publish here links to the sheet music, tablature and midi file of 10 modular turnarounds and introductions of blues. That's right, I completely changed the main subject of the blog (geeky stuff), but music is for nerds too.

Here are the files to download, including lilypond source file.

Turnarounds.pdf
Turnarounds.ly
Turnarounds.midi

Enjoy!

Syndicated 2010-07-19 00:17:51 from beraldoleal.com

mutt + sidebar patch + postfix + vim + offlineimap + cron = MUA perfeito (para mim)

Fazia bastante tempo que eu queria voltar a usar o mutt, mas tinha perdido meus backups dos arquivos de configuração e estava sem tempo para configurá-lo novamente. Finalmente neste fds tive tempo para fazer a brincadeira funcionar com múltiplas contas. Depois eu posto aqui os arquivos de configuração.... (se me restar tempo...)

Syndicated 2009-09-06 23:08:21 from beraldoleal.com

Grabbing and sending packets with Scapy (Scapy, part 2)

HI folk, in the last post (a long time ago), I write a short introduction to Scapy tool. With this post, I need, show to you, how grab and send packets with Scapy. This is a good way to develop tools to test any network application, such study Kaminsky's DNS flaw, since no talks about anything else on the Internet.

In scapy there are many methods to send or receive a packet in network. We have the families of commands, below:

• Send family - Just send packets in layer 2 or 3.
• Send and Receive family - Send packets in layer 2 or 3 and print or store results.
• Sniff family - Receive packets in promisc mode and return them in a packet list.

This post is not intended as a reference for each of the families above. For more informations, execute lsc() in scapy and see Scapy doc.

You can see a sample of Sniff family in action, below (execute scapy as root):

>>> a=sniff(count=2)
>>> a
<Sniffed: UDP:2 ICMP:0 TCP:0 Other:0>
>>> a.nsummary()
0000 Ether / IP / UDP / DNS Qry "www.google.com."
0001 Ether / IP / UDP / DNS Ans "www.l.google.com."
>>> a[0].show()
###[ Ethernet ]###
dst= 00:03:99:89:83:a9
src= 00:1e:c9:1b:7b:da
type= 0x800
###[ IP ]###
version= 4L
ihl= 5L
tos= 0x0
len= 60
id= 12959
flags= DF
frag= 0L
ttl= 64
proto= udp
chksum= 0xd5af
src= 10.1.0.1
dst= 200.170.95.182
options= ''
###[ UDP ]###
sport= 54584
dport= domain
len= 40
chksum= 0x329c
###[ DNS ]###
id= 16628
qr= 0L
opcode= QUERY
aa= 0L
tc= 0L
rd= 1L
ra= 0L
z= 0L
rcode= ok
qdcount= 1
ancount= 0
nscount= 0
arcount= 0
qd
|###[ DNS Question Record ]###
|  qname= 'www.google.com.'
|  qtype= A
|  qclass= IN
an= 0
ns= 0
ar= 0
>>>

You can have many parameters in sniff() function, like a filter , timeout , an interface (iface ), and a function to apply to each packet (prn and lfilter ).

>>>  sniff(filter="udp and port 53", count=2, iface="eth0")
<Sniffed: UDP:2 ICMP:0 TCP:0 Other:0>
>>>

Sending a simple ICMP packet

>>> pkt=IP(dst="10.0.0.1")/ICMP()
>>> pkt
<IP  frag=0 proto=icmp dst=10.0.0.1 |<ICMP  |>>
>>> send(pkt,count=2)
..
Sent 2 packets.

Ok, this is a simple sample, I know, but you now can use your mind and play with Scapy.

Syndicated 2009-02-19 19:15:32 from beraldoleal.com

Grabbing and sending packets with Scapy (Scapy, part 2)

HI folk, in the last post (a long time ago), I write a short introduction to Scapy tool. With this post, I need, show to you, how grab and send packets with Scapy. This is a good way to develop tools to test any network application, such study Kaminsky's DNS flaw, since no talks about anything else on the Internet.

In scapy there are many methods to send or receive a packet in network. We have the families of commands, below:

• Send family - Just send packets in layer 2 or 3.
• Send and Receive family - Send packets in layer 2 or 3 and print or store results.
• Sniff family - Receive packets in promisc mode and return them in a packet list.

This post is not intended as a reference for each of the families above. For more informations, execute lsc() in scapy and see Scapy doc.

You can see a sample of Sniff family in action, below (execute scapy as root):

>>> a=sniff(count=2)
>>> a
<Sniffed: UDP:2 ICMP:0 TCP:0 Other:0>
>>> a.nsummary()
0000 Ether / IP / UDP / DNS Qry "www.google.com."
0001 Ether / IP / UDP / DNS Ans "www.l.google.com."
>>> a[0].show()
###[ Ethernet ]###
dst= 00:03:99:89:83:a9
src= 00:1e:c9:1b:7b:da
type= 0x800
###[ IP ]###
version= 4L
ihl= 5L
tos= 0x0
len= 60
id= 12959
flags= DF
frag= 0L
ttl= 64
proto= udp
chksum= 0xd5af
src= 10.1.0.1
dst= 200.170.95.182
options= ''
###[ UDP ]###
sport= 54584
dport= domain
len= 40
chksum= 0x329c
###[ DNS ]###
id= 16628
qr= 0L
opcode= QUERY
aa= 0L
tc= 0L
rd= 1L
ra= 0L
z= 0L
rcode= ok
qdcount= 1
ancount= 0
nscount= 0
arcount= 0
qd
|###[ DNS Question Record ]###
|  qname= 'www.google.com.'
|  qtype= A
|  qclass= IN
an= 0
ns= 0
ar= 0
>>>

You can have many parameters in sniff() function, like a filter , timeout , an interface (iface ), and a function to apply to each packet (prn and lfilter ).

>>>  sniff(filter="udp and port 53", count=2, iface="eth0")
<Sniffed: UDP:2 ICMP:0 TCP:0 Other:0>
>>>

Sending a simple ICMP packet

>>> pkt=IP(dst="10.0.0.1")/ICMP()
>>> pkt
<IP  frag=0 proto=icmp dst=10.0.0.1 |<ICMP  |>>
>>> send(pkt,count=2)
..
Sent 2 packets.

Ok, this a simple sample, I know, but you now can use your mind and play with Scapy.

Syndicated 2008-08-28 14:20:24 from beraldoleal.com

Scapy, part 1

Okay, you can say: You are outdated!! Since it is a tool of five years old. But I never gave considerable attention to it. In last week I see in top 100 network security tool in Fyodor's site, and I can't stop using it. I am talking about the Scapy, a Python program that enables you to forge, dissect, emit or sniff network packets, probe, scan and what your mind wants.

This is a simple post, only to show the basic concepts of scapy.

What is scapy?

From scapy:

"Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc."

ls -la
teste

Syndicated 2008-07-01 16:45:38 from beraldoleal.com

Development at the hackathon, go Forrest go!!

In openbsd-misc mail list:

"Development is really fast right now, because of the hackathon in Edmonton.

We are testing as much as we can before we commit, but as always during these hackathon processes we really depend on our user community -- to track our changes and help spot the occasional bug we accidentally introduce.

We are developing really fast and hard; please help us by testing really fast and hard too.

There are some snapshots being made, of course, but people who are familiar with checking out their own trees can really help us by buildind and running it immediately."

- Theo de Raddt, in a June 11th, 2008 message.

Syndicated 2008-06-17 20:31:40 from beraldoleal.com

novo teste

Pense num teste besta...

Syndicated 2008-04-01 02:53:59 from beraldoleal.com

Teste

teste de um post rápido para os asides.

Syndicated 2008-04-01 02:52:16 from beraldoleal.com