| View previous topic :: View next topic |
| Author |
Message |
Bigun
Advocate
Joined: 21 Sep 2003
Posts: 2198
|
 Posted: Fri Apr 14, 2006 2:05 pm Post subject: Cat and Mouse |
 |
|
I'm playing cat and mouse game with myself.
I found a script that dicitionary attacks SSH ports.
I also made a honeypot to intercept said script, it sends /dev/random to the script, hopefully flooding the machine's RAM.
Now, here's the problem, the script looks for either a '~' or a '#', and eventually /dev/random will send that, ending that certain SSH session.
Anyway I can send random junk minus certain symbols?
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim |
|
| Back to top |
|
 |
orionrobots
Apprentice
Joined: 07 Oct 2003
Posts: 289
Location: London, Uk
|
| Posted: Fri Apr 14, 2006 2:14 pm Post subject: |
|
|
Can you not filter the characters you are sending simply using a regular expression transform, substituing them for nothing? Maybe have a readahead of a few bytes so you can filter in advance.
What scripting system are you using?
_________________
Danny Staple, curator of http://orionrobots.co.uk
Adopt an unanswered post initiative https://forums.gentoo.org/search.php?search_id=unanswered |
|
| Back to top |
|
|
Bigun
Advocate
Joined: 21 Sep 2003
Posts: 2198
|
| Posted: Fri Apr 14, 2006 2:18 pm Post subject: |
|
|
The honeypot is a simple bash. The line of code that was doing the work was:
*EDIT*
I also tried this:
| Code: | | cat /dev/random | grep -v "~" | grep -v "#" |
but it outputs nothing
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim |
|
| Back to top |
|
|
orionrobots
Apprentice
Joined: 07 Oct 2003
Posts: 289
Location: London, Uk
|
| Posted: Fri Apr 14, 2006 2:20 pm Post subject: |
|
|
Okay - could "tr" be used to filter out just those characters - or translate them to something less troublesome, like simple alphanumerics? You could just pipe through there after catting /dev/random.
_________________
Danny Staple, curator of http://orionrobots.co.uk
Adopt an unanswered post initiative https://forums.gentoo.org/search.php?search_id=unanswered |
|
| Back to top |
|
|
orionrobots
Apprentice
Joined: 07 Oct 2003
Posts: 289
Location: London, Uk
|
| Posted: Fri Apr 14, 2006 2:24 pm Post subject: |
|
|
| bigun89 wrote: | The honeypot is a simple bash. The line of code that was doing the work was:
*EDIT*
I also tried this:
| Code: | | cat /dev/random | grep -v "~" | grep -v "#" |
but it outputs nothing |
Grep wont work - it filters out lines, not characters. Like I said, use tr. How are you making sure you generate enough randomness to keep it going? Or do you just wave your mouse about a lot?
_________________
Danny Staple, curator of http://orionrobots.co.uk
Adopt an unanswered post initiative https://forums.gentoo.org/search.php?search_id=unanswered |
|
| Back to top |
|
|
orionrobots
Apprentice
Joined: 07 Oct 2003
Posts: 289
Location: London, Uk
|
| Posted: Fri Apr 14, 2006 2:28 pm Post subject: |
|
|
However - playing with tr, it wont actually process said characters in a line until it gets a line end - I think.. So unless you are lucky enough to get one, it will just sit there for a while, and then suddenly spit out a huge burst of filtered characters - which could cause problems for your own machines memory if it has to wait a long time.. I dont know if there is a way to force tr to flush without waiting for a newline.
Have you thought of using a perl script?
_________________
Danny Staple, curator of http://orionrobots.co.uk
Adopt an unanswered post initiative https://forums.gentoo.org/search.php?search_id=unanswered |
|
| Back to top |
|
|
Bigun
Advocate
Joined: 21 Sep 2003
Posts: 2198
|
| Posted: Fri Apr 14, 2006 2:28 pm Post subject: |
|
|
/dev/random is nothing but computer generated randomness, there's nothing special to it.
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim |
|
| Back to top |
|
|
Bigun
Advocate
Joined: 21 Sep 2003
Posts: 2198
|
| Posted: Fri Apr 14, 2006 2:29 pm Post subject: |
|
|
| orionrobots wrote: | However - playing with tr, it wont actually process said characters in a line until it gets a line end - I think.. So unless you are lucky enough to get one, it will just sit there for a while, and then suddenly spit out a huge burst of filtered characters - which could cause problems for your own machines memory if it has to wait a long time.. I dont know if there is a way to force tr to flush without waiting for a newline.
Have you thought of using a perl script? |
Yeah, there is no end.
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim |
|
| Back to top |
|
|
Bigun
Advocate
Joined: 21 Sep 2003
Posts: 2198
|
| Posted: Fri Apr 14, 2006 2:31 pm Post subject: |
|
|
Is there a way for the SSH client to run a command on the local machine running it while it is connected?
If so, I could force the connected machine to mess itself up.
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim |
|
| Back to top |
|
|
Bigun
Advocate
Joined: 21 Sep 2003
Posts: 2198
|
| Posted: Fri Apr 14, 2006 2:35 pm Post subject: |
|
|
Another thought, perhaps looping a text file?
I'm not sure how do to that in bash though.
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim |
|
| Back to top |
|
|
Bigun
Advocate
Joined: 21 Sep 2003
Posts: 2198
|
| Posted: Fri Apr 14, 2006 2:52 pm Post subject: |
|
|
Well, another snag in the honeypot.
infinite looping works... for a while, but the script includes a timeout that eventually kicks in and moves on.
Ideas?
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim |
|
| Back to top |
|
|
orionrobots
Apprentice
Joined: 07 Oct 2003
Posts: 289
Location: London, Uk
|
| Posted: Fri Apr 14, 2006 2:54 pm Post subject: |
|
|
| bigun89 wrote: | | /dev/random is nothing but computer generated randomness, there's nothing special to it. |
Yes and no. If there is no activity, it wont generate much at all. You need sustained activity of some sort for it to actually generate a lot. Try it - just cat it to your term, and you will see that it is fairly slow. Wave the mouse about - and you will see a lot. Now for a headless box sat in cupboard for 20 years, it might be generating less than one character a minute - which may not be good enough.
Danny
_________________
Danny Staple, curator of http://orionrobots.co.uk
Adopt an unanswered post initiative https://forums.gentoo.org/search.php?search_id=unanswered |
|
| Back to top |
|
|
orionrobots
Apprentice
Joined: 07 Oct 2003
Posts: 289
Location: London, Uk
|
| Posted: Fri Apr 14, 2006 2:59 pm Post subject: |
|
|
| bigun89 wrote: | Another thought, perhaps looping a text file?
I'm not sure how do to that in bash though. |
Easy -
| Code: | | while true; do cat tryagainnexttime.txt; done |
That should give you a nice infinate loop until its hung up on or a break is sent.
_________________
Danny Staple, curator of http://orionrobots.co.uk
Adopt an unanswered post initiative https://forums.gentoo.org/search.php?search_id=unanswered |
|
| Back to top |
|
|
Bigun
Advocate
Joined: 21 Sep 2003
Posts: 2198
|
| Posted: Fri Apr 14, 2006 3:03 pm Post subject: |
|
|
| orionrobots wrote: | | bigun89 wrote: | Another thought, perhaps looping a text file?
I'm not sure how do to that in bash though. |
Easy -
| Code: | | while true; do cat tryagainnexttime.txt; done |
That should give you a nice infinate loop until its hung up on or a break is sent. |
Read up a few posts.
_________________
"It's ok, they might have guns but we have flowers." - Perpetual Victim |
|
| Back to top |
|
|
a5friemen
n00b
Joined: 12 Apr 2006
Posts: 21
|
| Posted: Tue Apr 18, 2006 11:55 am Post subject: |
|
|
How aout using instead of ?
A ton of zeros should take up the same space as a bunch of random characters, and you don't have to worry about filtering the special characters.
_________________
Running on a ...
Pentuim MMX
64MB ram
VGA Console
I LOVE Linux! |
|
| Back to top |
|
|
|
Networking & Security
