A wireless trap using OpenBSD – reloaded

Build a OpenBSD wireless access point that redirects any client request for any website to a website of your own design. With a little imagination you could adapt this technique for more nefarious purposes – but that is not something we endorse here. Something more applicable to our kind may be to use this technique to do basic DNS based filtering, ad-blocking or something along those lines.

[Read more...]

A wireless access point / Hotspot using OpenBSD

OpenBSD wireless Hotspot

This Guide explains how you would setup a wireless hotspot using OpenBSD and PF so you can provide internet access to wireless clients such as laptops or phones.

[Read more...]

Sniffing for plaintexters

I hope you enjoy this little piece i wrote to sniff for people that check their e-mail via insecure POP or IMAP ports. In my case, i ran this via cron each morning on weekdays for two minutes inside a LAN with a couple hundred users. If “plaintexters” where found, it would send the list of people to the IT Team, basically a mail group on Exchange. They would then contact the User and make sure their mail settings where right.

[Read more...]

FreeBSD.org intrusion and how to use SSH Keys and SSH-Agent

Great excuse to write about how to use ssh keys securely by password protecting the keyfile: On Sunday 11th of November 2012 FreeBSD.org has suffered an intrusion on two machines that contained third party software (packages, ports) within the FreeBSD.org cluster. For details about this read this Incident Report. As far as i can guess from the report and the news, it appears the intruder gained access to the affected systems by means of a developers ssh key that was not protected by a passphrase.

[Read more...]

Enabling Root MacOSX

General Information

This tutorial will explain how to enable the root user in OS X. It’s not recommended that you do this but some GNU/ported/custom software requires it. Please remember that enabling the root user can be a security risk if your machine is hooked up to the internet without some sort of protection like a router or a firewall. This has been tested on OS X v10.1.x and 10.2.x. It should work with 10.0.x and any future versions.

[Read more...]

Managing Jails

General Information

This document is an introduction to basic FreeBSD jails also called ‘fat jails’. We discuss an easy jail installation process. We will do some basic jail configuration and show you how to manage the jail environment. This document wil not cover building ‘chroot jails’ in a jail.

[Read more...]

Enable and Disable Anonymous FTP

anonftp01

General Information

This guide describes the steps for both enabling and disabling anonymous FTP.

[Read more...]

Enable setuid In Perl

General Information

There may be times you would want to run perl scripts as non-root users. This offers more security to your system and this guide will show you how to enable perl to use setuid.

[Read more...]

Locking Your Shell

General Information

Often times we SSH into our BSD boxes and then have to leave our stations for a little bit. If we don’t do anything special with our open terminal, that poses a serious security threat to our boxes. Wouldn’t it be nice if we could just lock the open terminal without having to close the connection? Well, we can with a built-in utility called lock(8). There is also the vlock port that I will discuss as well.

[Read more...]

Working With ACLs

General Information

File servers that run Microsoft Windows will typically have the shared resources locked to some users/groups while other users/groups can have full rights on the same share. How can this be if standard permissions are generic for one user, one group, and everybody? This is accomplished with the use of Access Control Lists (ACLs) and the UNIX environment can also apply these variable permissions to files and directories. Not only can they support the feature, Windows clients that connect to your Samba shares will respect them as well.

[Read more...]