#garfield Logs
Aug 15 2018
#garfield Calendar
12:18 AM katsmeow-afk: 680 is standard
12:22 AM katsmeow-afk is now known as katsmeow
12:22 AM rue_: arg yes, I'm losing it
12:22 AM rue_: I better buy some tho, apparenlty none on the stock list!
12:23 AM * katsmeow waves bye and good sleeps if you get them
12:34 AM zhanx: with the sonoff's I can wire the existing switch to it, use the switch and still control it over wifi
12:34 AM zhanx: 1 hour plus later my connection comes backup
12:30 PM ffurrywol is now known as furrywolf
04:29 PM Tom_L: so did #avr die after the
04:29 PM Tom_L: "incident"
04:29 PM Tom_L: ?
06:42 PM zhanx: rue_, for some reason i had no mail my motor drivers are late
07:06 PM Tom_L: man, #avr is sure dead now
07:08 PM rue_: Tom_L, I noticed, most channels are
07:08 PM rue_: thats why I said "the hackers succeeded"
07:08 PM Tom_L: i noticed a quietness before all that hit
07:09 PM Tom_L: all over
07:13 PM rue_: yep
07:13 PM rue_: nobody registers nicks
07:13 PM rue_: registration is a bothersome step for a lot of people
10:35 PM moon: hay RUE
10:36 PM moon: https://github.com/RonoldoMoon/SSHDummy/blob/master/SSHDummy.c
10:37 PM moon: dont forget to stop the real sshd service
10:42 PM rue_: oh?
10:42 PM moon: careful what you wish for
10:43 PM rue_: wait
10:43 PM rue_: this will actaully let them in, wont it?
10:43 PM moon: no
10:44 PM moon: if(0){ //<<<----tweaked this.
10:44 PM moon: not possible
10:45 PM zhanx: rue_, so you are outdated on my home automation system
10:48 PM rue_: moon, lets got togethor sat night and sandbox some hackers
10:48 PM rue_: I want to see what their scripts do
10:49 PM moon: ok cool lets
10:49 PM rue_: root:1234 it'll take about 20 mins to get exploited
10:49 PM rue_: we can drink rootbeer while we wait
10:49 PM moon: ok :D
10:50 PM moon: i might bring real beer :P
10:50 PM rue_: if we can, I want to reverse-takeover their network
10:50 PM moon: :O
10:51 PM zhanx: make a reverse ssh tunnel script
10:51 PM rue_: I assume, when they get into a system, they set a user/password
10:52 PM rue_: and that their comming from systems they just set up that user/password on
10:52 PM rue_: and those machines will have a connection list
10:52 PM rue_: of all the machines they got inot
10:52 PM rue_: into
10:52 PM zhanx: you just want the controller pc
10:53 PM rue_: so we can reset all the passowrds to soemthing they wont know, like characters 8-15 of their public ssh key
10:53 PM zhanx: guess i am talking to myself
10:53 PM rue_: but if we know its 8-15, were laughing
10:53 PM rue_: no, I'm lsitening
10:54 PM rue_: hah that log logged, oh well
10:54 PM zhanx: rue_, one the bot nets are 90% scripted base
10:54 PM rue_: yea
10:54 PM zhanx: so you are right on the login passwrd
10:54 PM zhanx: burt
10:54 PM zhanx: but
10:54 PM zhanx: you need to reverse the ssh tunnel to get to it
10:55 PM rue_: na we can log in, using the user/password they set up
10:55 PM rue_: /if/
10:55 PM zhanx: then you are root the whole way
10:55 PM rue_: add an rsa key?
10:55 PM zhanx: also you need to look at what exploits they are using and how
10:55 PM rue_: yea, have to get a machine exploited to know
10:55 PM zhanx: rsa won't help i think
10:55 PM rue_: which is easy
10:56 PM rue_: I have lots of machines
10:56 PM zhanx: honeypot one
10:56 PM rue_: yea
10:56 PM rue_: wait for it and then unplug and analize
10:56 PM zhanx: make it a windows 2008 server
10:56 PM rue_: no, linux with root:1234
10:56 PM rue_: they also try 123456
10:56 PM zhanx: that is the most commonly hacked one
10:56 PM zhanx: admin and admin
10:56 PM rue_: we can set up the machine and image the drive
10:57 PM rue_: do a few rounds if we feel like it
10:58 PM zhanx: the catalina printers i service are admin password
10:58 PM rue_: me and a fellow at work are debating just *how many* botnets are at it at once
10:58 PM zhanx: no username asked its weird
10:58 PM rue_: I think I see two botnets at once
10:59 PM rue_: I agree there could be hundreds, but I dont think there are
11:01 PM rue_: I suspect at most about 5
11:01 PM rue_: probably 3
11:02 PM zhanx: more like 100 bot nets of over 100 million pcs' and only 2 or 3 controllers
11:02 PM rue_: no
11:02 PM rue_: most of the attacks are comming from webservers
11:03 PM zhanx: check the internet war map
11:03 PM rue_: go ahead, port scan them
11:04 PM rue_: connect to their http ports
11:04 PM rue_: LOTS are webservers
11:04 PM zhanx: tons are yes
11:04 PM rue_: which blows me away
11:04 PM rue_: cause there are more home pc's available then webservers
11:04 PM zhanx: bad admins
11:04 PM rue_: bad is the wrong word...
11:04 PM zhanx: shitty?
11:05 PM rue_: lost?
11:05 PM zhanx: clueless?
11:05 PM rue_: lost server users
11:05 PM rue_: clueless is good
11:05 PM rue_: moon, you pass out already?
11:05 PM zhanx: i remember the days of ftp file sharing on webservers
11:05 PM rue_: https://sunshine.craigslist.ca/hvo/d/case-1830-skid-steer/6637335573.html
11:05 PM rue_: AAARRRRRRG
11:06 PM rue_: should I just buy it!?
11:06 PM rue_: damnit
11:06 PM zhanx: yes
11:06 PM rue_: AAAAH, I dont think that attitude is helping me
11:06 PM rue_: I know, I should go take a look
11:07 PM moon: Yes take a look
11:08 PM rue_: not quite small enough for the back of my truck...
11:08 PM moon: but my truck
11:08 PM rue_: and I wont spend $450 on a digital scope?
11:09 PM rue_: DAMNIT
11:09 PM moon: scopes you need to pucnh with your fist are the best though
11:10 PM rue_: dont punch that scope!
11:10 PM rue_: just tap it on the side
11:10 PM moon: I dont
11:10 PM moon: not even tap , I leave that to the pros
11:10 PM rue_: one day that transistor will permanently let go and I'll be able to find it
11:11 PM rue_: moon, did you try this?
11:12 PM moon: my code?
11:12 PM rue_: yes
11:12 PM moon: yeah works great
11:13 PM rue_: so it dumps the username, password
11:13 PM moon: yup
11:13 PM moon: to STDOUT right now
11:13 PM rue_: I want to confuse the hell by saying that the connection was successfull and then dropping them
11:14 PM moon: no
11:14 PM moon: allways access denied bad pass
11:14 PM rue_: or giving them a dummy prompt
11:14 PM moon: just try it #servicce sshd stop
11:14 PM moon: ./SSHDummy
11:14 PM moon: ssh localhost
11:16 PM rue_: good work, geez
11:17 PM moon: thanks :)
11:23 PM rue_: hmm only one session at a go eh?
11:23 PM moon: so far but wait for 1.0
11:23 PM moon: could while 1 bash it
11:23 PM rue_: I'm using rsa keys internally and it barked at me
11:24 PM moon: yeah its suposed to work with rsa
11:24 PM moon: not dsa
11:25 PM moon: whats the path to your keys?
11:28 PM rue_: Unable to negotiate with 127.0.0.1 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
11:29 PM moon: that looks like yeaur client is not using rsa right , isnt sha1 an older algorithm?
11:29 PM * rue_ shrugs
11:30 PM moon: ha im on the latsest version of debian on "my good machine"
11:30 PM moon: well il have to find out how to support sha1
11:30 PM moon: i supose
11:30 PM * moon shrugs too
11:32 PM moon: OpenSSH Legacy Options ( first thing that comes up in gogle)
11:32 PM rue_: I could assemble it on a more updated amchine
11:34 PM moon: yeah try
11:35 PM rue_: not right now, i want to put togethor a honeypot ont eh weekend and jack it in to raw internet
11:35 PM moon: ok , so that error came from my programs stderr right?
11:36 PM rue_: there is a kernel setting for the number of available outbound network ports, so we can cripple its ability to attack the internet
11:36 PM rue_: no, my ssh client
11:36 PM moon: O
11:36 PM moon: hmm
11:37 PM rue_: Aug 15 20:41:52 t0002 sshd[17563]: Failed password for invalid user test from 195.22.141.33 port 33066 ssh2
11:37 PM rue_: Aug 15 20:44:03 t0002 sshd[17565]: Failed password for invalid user test from 88.208.39.109 port 50747 ssh2
11:37 PM rue_: Aug 15 20:46:42 t0002 sshd[17567]: Failed password for invalid user cxsdk from 125.220.157.236 port 52518 ssh2
11:37 PM rue_: Aug 15 20:57:34 t0002 sshd[17574]: Failed password for invalid user jenkins from 116.93.119.13 port 33704 ssh2
11:37 PM rue_: Aug 15 21:02:04 t0002 sshd[17576]: Failed password for invalid user hduser from 202.39.64.155 port 53232 ssh2
11:37 PM rue_: Aug 15 21:02:32 t0002 sshd[17578]: Failed password for invalid user ubuntu from 61.69.78.78 port 57830 ssh2
11:37 PM moon: ok so its likely your sshlib stuff that be OLD AS BALLS
11:37 PM rue_: all these good passwords were missing out on
11:37 PM moon: apt-get install sshlib-4 ??????
11:38 PM moon: i got a 64BIT BINARY FOR YOU
11:38 PM moon: :P
11:39 PM rue_: The following additional packages will be installed:
11:39 PM rue_: libssh-4 libssl1.0-dev libssl1.0.2
11:39 PM rue_: Suggested packages:
11:39 PM rue_: libssh-doc
11:39 PM rue_: The following packages will be REMOVED:
11:39 PM rue_: libssl-dev
11:39 PM rue_: The following NEW packages will be installed:
11:39 PM rue_: libssl1.0-dev
11:39 PM rue_: The following packages will be upgraded:
11:39 PM rue_: libssh-4 libssh-dev libssl1.0.2
11:39 PM rue_: it dosn't want to remove X, so ok..
11:39 PM moon: yes!
11:39 PM rue_: did you know all the P4 machines are 32 bit?
11:39 PM moon: looks good
11:40 PM rue_: stand by
11:40 PM rue_: if I tried to go to 64 bit, I'd have to replace most of the machines here
11:40 PM moon: yes im not nesaseraly pramoting it
11:40 PM moon: promoting???
11:40 PM rue_: SSHDummy v0.3
11:40 PM rue_: Soon with threads!!!:)
11:40 PM rue_: *************
11:40 PM rue_: Host:
11:40 PM rue_: User: root
11:40 PM rue_: Pass: foo
11:41 PM moon: yeah
11:42 PM rue_: what would i use a bobcat for
11:42 PM rue_: snow...
11:42 PM moon: septic work at my house? XD
11:42 PM rue_: moving zacks mower
11:42 PM moon: oh yeah
11:42 PM rue_: moving dirt up to the garden
11:42 PM moon: yup
11:43 PM rue_: moving firewood
11:43 PM moon: maybe
11:43 PM rue_: pulling backberries
11:43 PM rue_: blackberries
11:43 PM moon: likely
11:43 PM rue_: bet its a thirsty little beast
11:43 PM moon: m
11:44 PM rue_: wonder if its 2 or 4 cyl
11:44 PM rue_: .. or 3?
11:44 PM moon: ?good question
11:44 PM rue_: I'm gonna have to hope its not available so that its not an option
11:44 PM moon: :P
11:44 PM rue_: cause, its such a good deal it could only mean trouble
11:45 PM rue_: I have an impact, so changing the chain shouldn't be an issue
11:45 PM moon: well
11:45 PM rue_: hydraulic leak... wonder if its a hose
11:45 PM rue_: gibsons fasters makes quick work of hoses
11:46 PM rue_: last time this happened I ended up with a milling machine in someone elses garage
11:46 PM moon: oh yeah
11:46 PM moon: well thats a thinker
11:47 PM rue_: do { } while(1) from under hello to over return()
11:47 PM moon: wont work
11:47 PM moon: tried it
11:48 PM rue_: hmm
11:48 PM moon: actualy while(1) around the do wile is what i tried
11:48 PM rue_: might have to throw proper network code at it, listen to ports and things
11:48 PM rue_: no, you need to grab the listen and accept
11:48 PM moon: yeah 1.0 will mostly be a rewrite this uses a loop from an example
11:49 PM moon: there is two citations at the top
11:49 PM rue_: hah, ok
11:51 PM moon: well i think im off
11:51 PM moon: gnight