LesPaul 1959 Templates with Chambering Relief

This is just a draft ready to cut in CNC (Acrylic or something else). Version 0.1.

Download full version of LesPaul 1959 Templates here.

Nokia n900 replacing a photometer

I was seriously thinking of buying a light meter for studio pictures .. when a simple apt-get solved my life!

Light Meter

Thanks for the light meter team.

How to hire hackers?

I was playing with tcpdump and I found it ...

tcpdump -n -i wlan0 port 80 -X -A -xx -n
0x0120: 436f 6f6b 6965 0d0a 582d 6861 636b 6572 Cookie..X-hacker
0x0130: 3a20 4966 2079 6f75 2772 6520 7265 6164 :.If.you're.read
0x0140: 696e 6720 7468 6973 2c20 796f 7520 7368 ing.this,.you.sh
0x0150: 6f75 6c64 2076 6973 6974 2061 7574 6f6d ould.visit.autom
0x0160: 6174 7469 632e 636f 6d2f 6a6f 6273 2061 attic.com/jobs.a
0x0170: 6e64 2061 7070 6c79 2074 6f20 6a6f 696e nd.apply.to.join
0x0180: 2074 6865 2066 756e 2c20 6d65 6e74 696f .the.fun,.mentio
0x0190: 6e20 7468 6973 2068 6561 6465 722e 0d0a n.this.header...

The URL ? wordpress! :-D Yes, this the wordpress way to hire hackers.

gdb vs stdout

You know when you start a daemon and forget to redirect the outputs, but you do not want more to stop the daemon? Ok, dont worry, use the gdb!

$ gdb -p pid_here
p dup2(open("/tmp/stdout", 1), 1)
p dup2(open("/tmp/stderr", 1), 2)

PS: The files must be created before!

New Year, new site…

New year, new life, new site ...

So I decided to change the site to http://blog.beraldoleal.com and centralize some information on http://beraldoleal.com:-D

Happy new year!

3 anos…

3 anos nesta selva de pedras, e longe da Terra do Sol.... :(

10 Modular Blues Turnarounds and Introductions

After a long time without any post, so I decided to publish here links to the sheet music, tablature and midi file of 10 modular turnarounds and introductions of blues. That's right, I completely changed the main subject of the blog (geeky stuff), but music is for nerds too.

Here are the files to download, including lilypond source file.



mutt + sidebar patch + postfix + vim + offlineimap + cron = MUA perfeito (para mim)

Fazia bastante tempo que eu queria voltar a usar o mutt, mas tinha perdido meus backups dos arquivos de configuração e estava sem tempo para configurá-lo novamente. Finalmente neste fds tive tempo para fazer a brincadeira funcionar com múltiplas contas. Depois eu posto aqui os arquivos de configuração.... (se me restar tempo...)


Grabbing and sending packets with Scapy (Scapy, part 2)

HI folk, in the last post (a long time ago), I write a short introduction to Scapy tool. With this post, I need, show to you, how grab and send packets with Scapy. This is a good way to develop tools to test any network application, such study Kaminsky's DNS flaw, since no talks about anything else on the Internet.

In scapy there are many methods to send or receive a packet in network. We have the families of commands, below:

  • Send family - Just send packets in layer 2 or 3.
  • Send and Receive family - Send packets in layer 2 or 3 and print or store results.
  • Sniff family - Receive packets in promisc mode and return them in a packet list.

This post is not intended as a reference for each of the families above. For more informations, execute lsc() in scapy and see Scapy doc.

You can see a sample of Sniff family in action, below (execute scapy as root):

>>> a=sniff(count=2)
>>> a
<Sniffed: UDP:2 ICMP:0 TCP:0 Other:0>
>>> a.nsummary()
0000 Ether / IP / UDP / DNS Qry "www.google.com."
0001 Ether / IP / UDP / DNS Ans "www.l.google.com."
>>> a[0].show()
###[ Ethernet ]###
dst= 00:03:99:89:83:a9
src= 00:1e:c9:1b:7b:da
type= 0x800
###[ IP ]###
version= 4L
ihl= 5L
tos= 0x0
len= 60
id= 12959
flags= DF
frag= 0L
ttl= 64
proto= udp
chksum= 0xd5af
options= ''
###[ UDP ]###
sport= 54584
dport= domain
len= 40
chksum= 0x329c
###[ DNS ]###
id= 16628
qr= 0L
opcode= QUERY
aa= 0L
tc= 0L
rd= 1L
ra= 0L
z= 0L
rcode= ok
qdcount= 1
ancount= 0
nscount= 0
arcount= 0
|###[ DNS Question Record ]###
|  qname= 'www.google.com.'
|  qtype= A
|  qclass= IN
an= 0
ns= 0
ar= 0

You can have many parameters in sniff() function, like a filter , timeout , an interface (iface ), and a function to apply to each packet (prn and lfilter ).

>>>  sniff(filter="udp and port 53", count=2, iface="eth0")
<Sniffed: UDP:2 ICMP:0 TCP:0 Other:0>

Sending a simple ICMP packet

>>> pkt=IP(dst="")/ICMP()
>>> pkt
<IP  frag=0 proto=icmp dst= |<ICMP  |>>
>>> send(pkt,count=2)
Sent 2 packets.

Ok, this is a simple sample, I know, but you now can use your mind and play with Scapy.

Scapy, part 1

Okay, you can say: You are outdated!! Since it is a tool of five years old. But I never gave considerable attention to it. In last week I see in top 100 network security tool in Fyodor's site, and I can't stop using it. I am talking about the Scapy, a Python program that enables you to forge, dissect, emit or sniff network packets, probe, scan and what your mind wants.

This is a simple post, only to show the basic concepts of scapy.

What is scapy?

From Scapy:

"Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.). It also performs very well at a lot of other specific tasks that most other tools can't handle, like sending invalid frames, injecting your own 802.11 frames, combining technics (VLAN hopping+ARP cache poisoning, VOIP decoding on WEP encrypted channel, ...), etc."

What you saw in scapy?

If you, like me, needs tools to:

  • Does unitary tests (ping, arp, traceroute, hping2, etc...);
  • Sniffing tool for captures packets and possibly dissects them (tcpdump, ethereal, vomit, iptraf, etc...);
  • Scanning a given range (nmap, amap, firewalk, etc...);
  • Forges packets and sends them (packeth, packit, packet excalibur, nemesis, tcpinject, libnet, etc...), and possibly
  • know the service / version of some host. (nmap, xprobe, p0f, cron-OS, queso, etc...)

Then you need know scapy.

Scapy, has the following principle: Machines are good at decoding and humans are good at interpreting:

When a nmap tool say:

Interesting ports on
22/tcp filtered ssh

Is different to say: It was an ICMP host unreachable. The port is not filtered, but there is no host behing the firewall.

Okay, its show time!

Install Scapy in your Unix box. Detail in Scapy portability page.

Start scapy:

anita:~# scapy
Welcome to Scapy (v1.1.1 / -)

First steps with packet manipulation:

>>> ip=IP(ttl=10)
>>> ip
< IP ttl=10 |>
>>> ip.src
>>> ip.dst=""
>>> ip
< IP ttl=10 dst= |>
>>> ip.src
>>> del(ip.ttl)
>>> ip
< IP dst= |>
>>> ip.ttl
>>> tcp=TCP(flags="SF")
>>> pkt=ip/tcp
>>> pkt
>>> pkt.command()
"IP(dst='', ttl=10)/TCP(flags=3)"
>>> pkt.show()
###[ IP ]###
version= 4
ihl= 0
tos= 0x0
len= 0
id= 1
frag= 0
ttl= 10
proto= tcp
chksum= 0x0
options= ''
###[ TCP ]###
sport= ftp_data
dport= www
seq= 0
ack= 0
dataofs= 0
reserved= 0
flags= FS
window= 8192
chksum= 0x0
urgptr= 0
options= {}

Some stuff you can do on a packet:

  • str(pkt) to assemble the packet
  • hexdump(pkt) to have an hexa dump
  • ls(pkt) to have the list of fields values
  • pkt.summary() for a one-line summary
  • pkt.show() for a developped view of the packet
  • pkt.show2() same as show but on the assembled packet (checksum is calculated, for instance)
  • pkt.sprintf() fills a format string with fields values of the packet
  • pkt.decode_payload_as() changes the way the payload is decoded
  • pkt.psdump() draws a postscript with explained dissection
  • pkt.pdfdump() draws a PDF with explained dissection
  • pkt.command() return a Scapy command that can generate the packet

You can send, receive, sniffer, and more. I will try show others methods in nexts parts.

And the grand finale:

>>> pkt.pdfdump()

The output:

If I have time, I will write part 2. Bye.