So the other day I was on a pen test and I got hold of the hashes. Since my laptop got fried I needed a new version of SMBProxy. There were a few issues that I had with the compilation though. I got a few errors in the file crypto.c.
Moreover, SMBProxy ues crypto library libdes written by Eric Young available here.
I give here a guide to compiling SMBProxy that worked for me.

First, compile and install libdes

1. Download libdes 4.01
2. tar zxvf libdes-4.01.tar.gz
3. cd libdes
4. make gcc
5. sudo make install

Now, you’ll find that the file libdes.a is now in /usr/local/lib.
Second, compile and install SMBProxy. Now here there were a couple of compilation errors that I had to deal with.
Here’s the diff output for crypto.c

trance@z0n3:~/Desktop$ diff smbproxy/crypto.c smbproxy-orig-src/crypto.c
40,41c40
< #include
< #define MD4_SIGNATURE_SIZE 16 --- >
46c45
<> static u_char Get7Bits(UCHAR *input, int startBit) {
58c57
<> static void MakeKey(UCHAR *key, UCHAR *des_key) {
74c73
<> void DesEncrypt(UCHAR *clear, UCHAR *key, UCHAR *cipher) {
85c84
<> void mkResponse(UCHAR **ntlmhash, UCHAR hash[MD4_SIGNATURE_SIZE], UCHAR* challenge) {
88c87
<> UCHAR ntlm_response[24];

Having done this there were still a few issues with the make comand.
The Makefile can be generated by running the following command:

trance@z0n3:~/Desktop/smbproxy-orig-src$ ./configure

Here’s the diff output of the Makefile:

trance@z0n3:~/Desktop$ diff smbproxy/Makefile smbproxy-orig-src/Makefile
10,11c10,11
< smbbf_include =" -Iinclude">
< libs ="">
—
> SMBBF_INCLUDE = -Iinclude
> LIBS = des
31c31
< $(LIBDES) $(LIBS)
—
> $(LIBDES)

The following libraries are required: openssl, openssl-dev, libdes for successfully compiling SMBProxy.

apt-get install openssl openssl-dev

This week I got the CREA certification to add to my list of CISSP, CEPT, Visa QSA. This certification required a good practical and conceptual knowledge of reverse engineering. The certification requires a good working knowledge of components such as IA-32 assembly language, malware reversing, expert level knowledge of IDA Pro, OllyDbg, HiEW, Dumpbin etc., PE File header, repairing packed and compacted binaries, using system level reversing etc. The exam was good and tested on the concepts of the reverse engineer.

Yesterday, while searching for Web Services on the Internet I came across an old, popular web service called “Amazon’s mechanical turk” based on the mechanical turk trick from old magic days.
The gist is, you (“The requestor”) put in a HIT (Human Interaction Task) in amazon’s lingo so that some one on the Internet can solve it for you (“the worker”). Most of what I saw on the website seemed like random tasks being used by researchers, online yellowpages-like directories, marketing, classification of goods, etc.
What might also be an interesting application, and I’m sure it’s probably being used for is, captcha-solving for spammers.
Also, the Amazon Mechanical Turk terms of service don’t help and say the following (verbatim):
Amazon Mechanical Turk provides a venue for third-party Requesters and third-party Providers to enter into and complete transactions. Amazon Mechanical Turk and its Affiliates are not involved in the transactions between Requesters and Providers. As a result, we have no control over the quality, safety or legality of the Services, the ability of Providers to provide the Services to Requesters’ satisfaction, or the ability of Requesters to pay for Services. We are not responsible for the actions of any Requester or Provider. We do not conduct any screening or other verification with respect to Requesters or Providers, nor do we provide any recommendations. As a Requester or a Provider, you use the Site at your own risk.

Given this, and the rates prevalent (about a penny or so per task), I think spammers might have a free-run on this service. Of course, amazon has a conveniently available web service available at http://mechanicalturk.amazonaws.com/AWSMechanicalTurk/AWSMechanicalTurkRequester.wsdl.
Now, the key question is, suppose a spammer uses this service, who’s to blame…I wouldn’t imagine the solvers know what the intent of the act is, amazon (possibly) can’t be liable because the ToS is required to be accepted before use, and since the requestor is somewhere on the Internet, he/she possibly can’t be traced.
Of course, I’m not saying that Mechanical Turk is all bad, but like all walks of life there’s a positive or a negative use to everything.
As someone once said: “Every tool is a weapon if you hold it right”!

Another trip to the national parks of US. This time in Arizona State! The Grand Canyon in AZ, USA lying on the Colorado Plateau in Northwestern Arizona is a blistering (not because of heat, though) example of soil erosion caused over more than 4000 years by Colorado river.
We organized a trip of 8 people in a Toyota Sienna. It turned out to be a fantastic van and it could easily carry the load of all the eight people and still not run out of steam like we did on the trail.
We reached the Canyon at around 7:50 am on the Saturday morning after an 8 hr drive. But getting apermit at such a short notice in summer is really difficult. So we ended up with no campgrounds in the Mather campground as well as the Backcountry CBG campground (Bright angel creek, just 0.5 miles from the Colorado river). So we first went to 10-X Campground just near the Grand Canyon Airport. This campground is on first come first served basis and takes only 10 bucks for a day. Anyway, we did not have too many choices with the campground so we had to take whatever spot we got.
Then at around 11:30 am we started on the Bright Angel Trail. According to the canyon officials the worst times to take the trails is between 10:00 am to 4:00 pm. But the brave souls that we were, our enthusiasm and inexperience with Canyon led us to believe our valor more than we had! So we began the trail with a backpack carrying water and food for each person. Every man for himself!
But we met a volunteer on the way who advised us that unless we were Marathon runners (which we are not by any stretch of imagination) going to the Plateau Point and coming back on the same day is not advisable. The thoughts that he put into our minds germinated into a tree of doubt which we could not climb.
We could reach only the 3-mile point and climbed back up. But as it turns out we had made almost 70% of the elevation and most of the inclining hike. Had we continued the further trail was not at all steep. But this is hindsight or may be a case of sour grapes or maybe a case of inflated self-esteem !?!!
Then after coming back exhausted from the trail we set up our tent and after some food went off for a well-deserved siesta. The next day after lot of deliberation from Gandhe and Sardar we made it again to the Canyon to look at the points on the South Rim itself. After going afound in the bus we saw most of the points and then headed back to LA with the same reverse route (64 S – 40 W – 15 S – 10 W)!
-Rajat.
My homepage.

These are the firefox URLs for different settings. Just paste them into the browser and bang, there you go:

chrome://pippki/content/getpassword.xul
chrome://pippki/content/PrefOverlay.xul
chrome://pippki/content/pref-ssl.xul
chrome://pippki/content/pref-certs.xul
chrome://pippki/content/pref-ciphers.xul
chrome://pippki/content/cipherinfo.xul
chrome://pippki/content/ssl2ciphers.xul
chrome://pippki/content/ssl3tlsciphers.xul
chrome://pippki/content/ssl3tlsciphers2.xul
chrome://pippki/content/PageInfoOverlay.xul
chrome://pippki/content/cacertexists.xul
chrome://pippki/content/CAOverlay.xul
chrome://pippki/content/WebSitesOverlay.xul
chrome://pippki/content/OthersOverlay.xul
chrome://pippki/content/MineOverlay.xul
chrome://pippki/content/viewCertDetails.xul
chrome://pippki/content/certpicker.xul
chrome://pippki/content/certDump.xul
chrome://pippki/content/load_device.xul
chrome://pippki/content/pref-validation.xul
chrome://pippki/content/pref-masterpass.xul
chrome://pippki/content/createCertInfo.xul
chrome://pippki/content/formsigning.xul
chrome://pippki/content/changepassword.xul
chrome://pippki/content/resetpassword.xul
chrome://pippki/content/newserver.xul
chrome://pippki/content/downloadcert.xul
chrome://pippki/content/certManager.xul
chrome://pippki/content/editcacert.xul
chrome://pippki/content/editemailcert.xul
chrome://pippki/content/editsslcert.xul
chrome://pippki/content/deletecert.xul
chrome://pippki/content/getp12password.xul
chrome://pippki/content/setp12password.xul
chrome://pippki/content/domainMismatch.xul
chrome://pippki/content/serverCertExpired.xul
chrome://pippki/content/clientauthask.xul
chrome://pippki/content/certViewer.xul
chrome://pippki/content/device_manager.xul
chrome://pippki/content/choosetoken.xul
chrome://pippki/content/escrowWarn.xul
chrome://pippki/content/crlManager.xul
chrome://pippki/content/serverCrlNextupdate.xul
chrome://pippki/content/crlImportDialog.xul
chrome://pippki/content/pref-crlupdate.xul
chrome://pippki/content/getpassword.xul
chrome://pippki/content/PrefOverlay.xul
chrome://pippki/content/pref-ssl.xul
chrome://pippki/content/pref-certs.xul
chrome://pippki/content/pref-ciphers.xul
chrome://pippki/content/cipherinfo.xul
chrome://pippki/content/ssl2ciphers.xul
chrome://pippki/content/ssl3tlsciphers.xul
chrome://pippki/content/ssl3tlsciphers2.xul
chrome://pippki/content/PageInfoOverlay.xul
chrome://pippki/content/cacertexists.xul
chrome://pippki/content/CAOverlay.xul
chrome://pippki/content/WebSitesOverlay.xul
chrome://pippki/content/OthersOverlay.xul
chrome://pippki/content/MineOverlay.xul
chrome://pippki/content/viewCertDetails.xul
chrome://pippki/content/certpicker.xul
chrome://pippki/content/certDump.xul
chrome://pippki/content/load_device.xul
chrome://pippki/content/pref-validation.xul
chrome://pippki/content/pref-masterpass.xul
chrome://pippki/content/createCertInfo.xul
chrome://pippki/content/formsigning.xul
chrome://pippki/content/changepassword.xul
chrome://pippki/content/resetpassword.xul
chrome://pippki/content/newserver.xul
chrome://pippki/content/downloadcert.xul
chrome://pippki/content/certManager.xul
chrome://pippki/content/editcacert.xul
chrome://pippki/content/editemailcert.xul
chrome://pippki/content/editsslcert.xul
chrome://pippki/content/deletecert.xul
chrome://pippki/content/getp12password.xul
chrome://pippki/content/setp12password.xul
chrome://pippki/content/domainMismatch.xul
chrome://pippki/content/serverCertExpired.xul
chrome://pippki/content/clientauthask.xul
chrome://pippki/content/certViewer.xul
chrome://pippki/content/device_manager.xul
chrome://pippki/content/choosetoken.xul
chrome://pippki/content/escrowWarn.xul
chrome://pippki/content/crlManager.xul
chrome://pippki/content/serverCrlNextupdate.xul
chrome://pippki/content/crlImportDialog.xul
chrome://pippki/content/pref-crlupdate.xul 

I recently started blogging for InfoSec Pals. It was started by Palan Annamalai who was my colleague at Ernst & Young’s Advanced Security Center where I worked for a year and a half. Other people who are active bloggers on the site apart from Palan and I are : Sri Vasudevan, Jay Kelath and Felipe Moreno. Let’s see if I can maintain the technical content of both the blogs and keep the goodies coming.

Finally, the CSCI 599 course on Search Engines concluded. The presentation went off pretty well.
The worst part was that an effort of 5 straight days went down the drain trying to go through the Nutch code. I think the Nutch developer community needs to get a little more matured and help newbies like me else new people would not join the movement! Eventually, I had to make my own focused crawler, query interface web data crawled and query interface.
I also got my CSCi558L scores which were ok…94,99,100 so things look ok so far but now the main effort is just starting off to get the Worm fingerprinting with ITrace going. Let’s hope things turn off well.