每日彙整: 2018-11-01

樹莓派樹莓派之學習樹莓派之教育

OpenWrt 的世界︰樹莓派 3B 【路由器】移星轉斗《四‧四》

萬聖夜剛過,怎了想起了

斯巴達

古斯巴達疆域

斯巴達希臘語Σπάρτη),又稱拉刻代蒙Λακεδαίμων, Lakedaímōn)是古代希臘城邦之一,斯巴達城位於中拉哥尼亞平原的南部,埃夫羅塔斯河的西岸。斯巴達城是個戰略要衝,三面環山 ,扼守著塔伊耶托斯山脈,塔伊耶托斯山脈上的隘口是進入拉科尼亞和南部伯羅奔尼撒半島的必經之路,斯巴達城並不靠海,離她的海港吉雄有27英里的距離。

斯巴達以其名。斯巴達是寡頭政治,和當時雅典民主制度形成鮮明對比。斯巴達規定所有男人必須從軍。斯巴達擁有眾多國的奴隸 ,稱為黑勞士,因此「斯巴達式」也成為艱苦地進行的代名詞。在伯羅奔尼撒戰爭中,斯巴達及其同盟者戰勝雅典軍隊並霸權整個希臘。但斯巴達在稱霸希臘不久後便被新興的底比斯打敗,在北方的馬其頓崛起後,斯巴達失去了在希臘的影響力。

 

?或因『劊客』多半不睡覺的吧!

今天既是『諸聖之日』,且講點『整合工具』好了︰

SPARTA

Network Infrastructure Penetration Testing Tool

………

Authors:

SECFORCE

Antonio Quina (@st3r30byt3)

Leonidas Stavliotis (@lstavliotis)

Known issues

SPARTA uses a third-party tool called Cutycapt to take screenshots. One of the problems with the version that is currently in Kali’s repositories is that it fails to take screenshots of HTTPS pages when self-signed certificates are in use. A way around this is to compile the Cutycapt executable yourself and edit SPARTA’s configuration file to specify the path to the compiled executable.

It can be compiled in Kali by following these instructions:

% sudo apt-get install subversion libqt4-webkit libqt4-dev g++
% svn co svn://svn.code.sf.net/p/cutycapt/code/ cutycapt
% cd cutycapt/CutyCapt
% qmake
% make
% ./CutyCapt --url=http://www.example.org --out=example.png

Credits

Credits where credits are due. The nmap XML output parsing engine was largely based on code by yunshu, modified by ketchup and modified by us. SPARTA relies heavily on nmap, hydra, cutycapt, python, PyQt, Elixir and many other tools and technologies so we would like to thank all of the people involved in the creation of those. Credits to Bernardo Damele A.G. for the ms08-067_check script used by smbenum.sh. Credit to Diana Guardão (https://www.behance.net/didoquinhasfaaa) for the logo design. Thanks as well to our incredible team at SECFORCE for the countless bug reports and feedback. Last but not least, thank you for using SPARTA. Let us know how we can improve it! Happy hacking!

………

DOCUMENTATION

This documentation will grow organically and is a work in progress.

Configuration

At the moment, SPARTA can be configured by editing the sparta.conf file located in SPARTA’s root folder. At launch time, SPARTA checks if this file exists and if it does not, a new file is created with default values. In the future, there will be a settings menu which will remove the need to manually edit this file and will make changing the configuration easier and safer.

WARNING: Apart from tools, do not remove any lines from sparta.conf as it could break functionality. Also, assume that setting values are case-sensitive.

Adding new actions

In SPARTA we separate actions in three classes:

  • Host Actions: are invoked by right-clicking on a host and their tool output will be stored and displayed in SPARTA
  • Port Actions: are invoked by right-clicking on a port or service and their tool output will be stored and displayed in SPARTA (Eg: Nikto)
  • Terminal Actions: are invoked by right-clicking on a port and will spawn an external terminal window (Eg: Connect with netcat)

………

 

大概不必多言,就可知其『目的』乎?!

more /etc/sparta.conf

[GeneralSettings]
default-terminal=gnome-terminal
tool-output-black-background=False
screenshooter-timeout=15000
web-services="http,https,ssl,soap,http-proxy,http-alt,https-alt"
enable-scheduler=True
enable-scheduler-on-import=False
max-fast-processes=10
max-slow-processes=10

[BruteSettings]
store-cleartext-passwords-on-exit=True
username-wordlist-path=/usr/share/wordlists/
password-wordlist-path=/usr/share/wordlists/
default-username=root
default-password=password
services="asterisk,afp,cisco,cisco-enable,cvs,firebird,ftp,ftps,http-head,http-g
et,https-head,https-get,http-get-form,http-post-form,https-get-form,https-post-f
orm,http-proxy,http-proxy-urlenum,icq,imap,imaps,irc,ldap2,ldap2s,ldap3,ldap3s,l
dap3-crammd5,ldap3-crammd5s,ldap3-digestmd5,ldap3-digestmd5s,mssql,mysql,ncp,nnt
p,oracle-listener,oracle-sid,pcanywhere,pcnfs,pop3,pop3s,postgres,rdp,rexec,rlog
in,rsh,s7-300,sip,smb,smtp,smtps,smtp-enum,snmp,socks5,ssh,sshkey,svn,teamspeak,
telnet,telnets,vmauthd,vnc,xmpp"
...

 

何不盡己所學,藉此攻向自家 OpenWrt 『路由器』也!?

 

看看費幾多時,成也不成,蓋『評估』那個『密碼』安不安全哩☺

[quark@localhost ~]$  ssh -l root 5.168.168.20
root@5.168.168.20's password: 


BusyBox v1.25.1 () built-in shell (ash)

     _________
    /        /\      _    ___ ___  ___
   /  LE    /  \    | |  | __|   \| __|
  /    DE  /    \   | |__| _|| |) | _|
 /________/  LE  \  |____|___|___/|___|                      lede-project.org
 \        \   DE /
  \    LE  \    /  -----------------------------------------------------------
   \  DE    \  /    Reboot (17.01.6, r3979-2252731af4)
    \________\/    -----------------------------------------------------------

root@LEDE:~#

 

彷彿傳說『八卦爐』裡,方能練得這樣『火眼精睛』呦︰

日後讀文能聽『弦外之音』☆

Secure your router’s access

There are some possibilities to grant access to the router (or to any PC/Server):

  1. ask for nothing: anybody who can establish a connection gets access
  2. ask for username and password on an unsecured connection (e.g. telnet)
  3. ask for username and password on an encrypted connection (e.g. SSH) (e.g. by following walkthrough_login)
  4. ask for username and merely a signature instead of a password (e.g. SSH with signature.authentication)

If you ask for username/password, an attacker has to guess the combination. If you use an unencrypted connection, he could eavesdrop on you and obtain them.

If you use an encrypted connection, any eavesdropper would have to decrypt the packets first. This is always possible. How long it takes to decrypt the content, depends on the algorithm and key length you used.

Also, as long as an attacker has network access to the console, he can always run a brute-force attack to find out username and password. He does not have to do that himself: he can let his computer(s) do the guessing. To render this option improbable or even impossible you can:

  1. not offer access from the Internet at all, or restrict it to certain IP addresses or IP address ranges
    1. by letting the SSH server dropbear and the web-Server uhttpd not listen on the external/WAN port
    2. by blocking incoming connections to those ports (TCP 22, 80 and 443 by default) in your firewall
  2. make it more difficult to guess:
    1. don’t use the username root
    2. don’t use a weak password with 8 or less characters
    3. don’t let the SSH server dropbear listen on the default port (22)
  3. use the combination of
    1. username different than root
    2. tell dropbear to listen on a random port (should be >1024): System → Administration → Dropbear Instance → PortSSH Port
    3. public key authentication. Your public keys can be specified in Administation → System → SSH-keys. The guide to DropBear SSH public key authentication has detailed information on generating SSH keypairs which include the public key(s) you should upload to your configuration.

SSH Keys

 

觀法能有『清涼之見』☆

/dropBrute

Lightweight fail2ban alternative for OpenWRT – inspects ssh log for brute force attacks and blocks via iptables – w/ whitelist and blacklist support

dropBrute

dropBrute has been superceeded by bearDropper

Lightweight fail2ban alternative for OpenWRT

Runs via cron; inspects ssh log for brute force attacks and blocks via iptables. Includes whitelist and blacklist support.

Initial version posted 10/31/2011 at https://forum.openwrt.org/viewtopic.php?pid=224122

 

自由自在,豈不快活耶◎◎