Dianara v1.3.2 is out (Jan+KDE)

New Dianara release right in time for Halloween!

dianara-v1.3.2-preview

Changes

The most notable features since v1.3.1, starting with the ones not visible in the screenshot, are:

  • A basic D-Bus interface for ‘remote’ control, on systems which have D-Bus, of course. This interface allows the user to control Dianara to a certain degree (quite basic at the moment) from other programs, such as qdbus or dbus-send. There are two methods, ‘toggle’ and ‘post <title> <content>’. The former shows or hides the main window, and the latter creates a post, with the given title and content, ready to be completed and posted (this still requires manual intervention, for now).
  • New privacy option, private likes. If you enable this, when liking a post or a comment from your timelines, only the author will see your ‘like’ activity in their minor feeds. It won’t appear in your followers feeds or in your public profile. You’ll still appear in the list of likes for that post though.
  • Support for non-https servers. These are not common, but Dianara can be used with servers without SSL support, which use the http:// scheme, by adding the command line parameter –nohttps.
  • A Hebrew translation has also been added, thanks to GreenLunar! Localization was improved in several areas.

Then, as visible in the screenshot, there is also:

  • A new “Neighbors” tab, under Contacts, where you can get a list of the newest 50 users registered on your Pump.io server. You can follow them from there directly. However, due to the basic information the server provides for this, the users listed here will not have avatars or any bio info. You can still use the ‘User options’ button to browse their messages directly, or check their profiles in the web interface. But beware of spammers!
  • A “welcome wizard”, with direct access to the first steps on using the program and the Pump network. This will appear every time you run the program until you uncheck the “show this again…” checkbox.

Get it

Dianara is available in the repositories of several GNU/linux distributions. At this time, at least Debian 8 (Jessie) and newer, Mageia 4 and later, Chakra, Ubuntu 13.10 and later, KaosX, openSuse 13.2 and later, Parabola and Salix OS. Hopefully they’ll have this release packaged soon, either in regular updates or in backports repositories. Thanks to all the great packagers who make this possible! ?

You can find Fedora packages at Rye’s COPR repo, and at HowCanUHaveMyUsername’s repo (outdated).

For Archlinux, you can find Dianara on the AUR, and for Gentoo, you can use the ebuild.

As for other platforms, LuisGF, a fellow pumper, provides builds of Dianara for MSwindows and is working on builds for OSX.

You can get the code from Qt-apps.org: http://qt-apps.org/content/show.php/Dianara?content=148103 or from GNU Savannah: http://download.savannah.gnu.org/releases/dianara/dianara-v1.3.2.tar.gz

If you need or want to build from source, check the INSTALL file for details on how to build it and the necessary build-time and runtime dependencies. Also, a reminder: the development version is now hosted at gitlab.com.

Enjoy!


Introduce pay caps on “greedy and self-centred” business fat cats, says SNP backbencher (High Pay Centre)

Pay caps should be introduced for "greedy and self-centred" private sector executives and the SNP should go into the next Holyrood election on a platform of raising taxes, one of the party's backbenchers has said.

John Mason, the Glasgow Shettleston MSP, made the case for his party to advocate a radical redistribution of wealth at a fringe event on the first day of his party's conference, as he claimed the free market "is not working" and that the SNP and Scottish Parliament had a responsibility to ensure "things are shared out more fairly."

Discussing whether the SNP should go into next May's election proposing using to use new powers to raise taxes, he admitted he was "leaning that way, but I suspect a lot of other people aren't."

Mr Mason's comments came on the day that a new opinion poll was published showing that nearly 60 per cent of people do not believe Holyrood should use new income tax powers, due to come into force in 2017/18, to increase the levy to pay for a more generous welfare state. However, 52 per cent would back tax rises if the proceeds paid for better public services, the YouGov survey found.

The comments drew a strong response from David Watt, of the Institute of Directors, who said the nationalists would pay the price at the ballot box for suggesting tax rises and added that the vast majority of his members were paid relatively modest salaries of around £70,000 meaning excessive fat cat pay was not a significant issue north of the border.

But Mr Mason, who admitted he had formerly been sceptical about the idea of pay caps, said he had been won over by the idea after becoming convinced that more equal societies perform better and said he was hoping to persuade his party to take a new approach.

He said: "The emphasis within the party has been to help people at the bottom, and help them move up. I personally, and the party hasn't quite got there yet, feel that it's not just going to be about helping people at the bottom. We also do need to look at what is happening at the top.

"Clearly, we're going to have to take some drastic action because at the moment, things are not happening. I feel that high pay is not victimless. If someone gets high pay then there are victims going along with that, other people are either not getting paid properly or not a job at all when they could be sharing some of that wealth.

"In an ideal world, people would just not be as greedy and as self-centred as some clearly are. In practice that's not going to happen. I'm increasingly convinced that there needs to be some kind of cap on top wages and some kind of limits on top wages.

"The arguments against that tend to be we need the best people to run our company, or city council, or whatever. Let's look at the practicalities of that. Was it the best people running the banks in 2008?Clearly not. Was it the best folks running Volkswagen in 2015? Clearly not."

The fringe event was organised by the High Pay Centre, a think tank which recently published research showing that 35 executives at Scotland's top companies shared a combined pay bonanza of £55 million in 2014 and is campaigning for pay differences between the highest and lowest paid workers to be reduced.

Mr Watt said that he was not in favour of low rates of pay, but warned that the idea that all of his members were "fat cats" was "very far from the truth."

He added: "I do worry about legislation, because much of legislation has unintended consequences. You could change the ratios by employing less people. As far as executive pay is concerned, let's keep it sensible. It's not a massive problem in Scotland."

(This article originally appeared on the Herald website)

Posted in Uncategorized Tagged

Advertising, Privacy and a Libre Internet | MaidSafe

MaidSafe GitHub Repository
MaidSafe GitHub Repository

Discussion over the web’s dependency on advertising for revenue has over the years gained more and more attention with the development of various ad-blocking tools and their increasing use in various browsers and operating systems. Most recently, the topic resurfaced when it was announced that iOS 9 would allow ad-blocking applications to be installed by users and also force native apps to use HTTPS for all ads linking to websites or risk broken links. Media organisations and app developers reacted with various levels of concern on the friction between balancing revenue generation with the security of their users data. However, it is a rather blinkered mindset to assume advertising is the only means for income. Instead of settling on a place within this spectrum of how much user privacy platforms are willing to risk, we need to be thinking how to progress new ways for companies to earn revenue while also considering costs to users beyond those associated with payment.

Source: Advertising, Privacy and a Libre Internet | MaidSafe

Hack.lu 2015 CTF Write Up: Dr. Bob (Forensic 150) (w00tsec)

Hack.lu 2015 CTF was organised by fluxfingers during October 20-22. It's one of the coolest CTFs around, the only drawback is that it runs during week days (hey guys patch this for the next years). My team TheGoonies ranked #59th, which is not bad considering we only played part-time.

The task Dr. Bob was the one I found most interesting as it included disk forensics, memory forensics and basic crypto tasks.

Task: Dr. Bob (Forensic 150)

There are elections at the moment for the representative of the students and the winner will be announced tomorrow by the head of elections Dr. Bob. The local schoolyard gang is gambling on the winner and you could really use that extra cash. Luckily, you are able to hack into the mainframe of the school and get a copy of the virtual machine that is used by Dr. Bob to store the results. The desired information is in the file /home/bob/flag.txt, easy as that.


The file provided is a VirtualBox image in a saved state. According to the challenge instructions, we have to retrieve the flag from the user home folder. The VM starts on a login terminal of what seems to be a Linux distro.

image

The easiest route here is to convert the VDI image to raw, mount and extract the key from the home folder. VirtualBox has a builtin tool to convert VDI to raw and it's as simple as:

C:\Program Files\Oracle\VirtualBox\VBoxManage.exe internalcommands converttoraw c:\ctf\home\dr_bob\.VirtualBox\Safe\Safe.vdi c:\ctf\safe.dd

image

Let's identify the raw image and mount it externally:
sudo fdisk -lu safe.dd
image

sudo losetup -o 1048576 /dev/loop0 safe.dd
sudo lvmdiskscan

image

There are two interesting devices: /dev/vg/root and /dev/vg/home, let's 1 - mount the home folder, 2 - grab the flag and 3 - PROFIT!!!

image

Oh noes, the disk is encrypted... I couldn't find any useful data on the root device (/dev/vg/root). I tried to crack some local password hashes but I didn't get anything and logs/history files didn't reveal any secrets. Time to unleash some CSI skills and perform live memory forensics.


Memory Forensics: Rekall

Unlike VMWare virtual machines, VirtualBox does not offer an easy-to-use memory dump (as far as I know). What do we do now? It's time to perform VM introspection with Rekall.

image
Memory Analysis Inception
Rekall is the first memory framework to support transparent introspection of VMs with any host-guest OS combination and is independent of the virtualization software layer.


Building the Profile

Linux support in Rekall requires a tailoured profile to the running kernel as well as the System map file. The profile file contains all the debugging symbols extracted into a Rekall standard profile format. To generate this file, it is necessary to build a kernel module with debugging symbols enabled, and then parse the DWARF debugging symbols.

The operating system is a Debian 7.9 i686, with 3.2.0-4-486 Kernel.

image

The Linux Guide from rekall repository is pretty straightforward. I downloaded a Debian 7.9 i386 ISO, installed it on a clean system, installed the Kernel headers from the target VM and built the corresponding profiles. I mirrored them here:

Memory Analysis Inception

Now that we have the proper profile, we can run VirtualBox, start the VM and perform live forensics on the guest machine.

The vmscan plugin scans the physical memory attempting to find hypervisors and group them together logically as virtual machines.

It's possible to run plugins on any VM by using the --ept (Extended Page Tables) parameter on the command line. To run a rekall plugin on a VM that vmscan found, invoke rekall as you normally would, but add --ept EPT_VALUE as a parameter.

rekal -f \\.\pmem vmscan --live
rekal.exe -f \\.\pmem --profile Debian-3.2.0-4-486.zip --ept 0x1ECC0701E

image

I tried to use the base Plugins that supports Linux analysis, but none of them revealed the secrets necessary to decrypt the disk.

image

After some time I decided to take a different approach and dump the full memory from the Guest VM and carve for some secrets.

imagecopy output_image='memdump.raw'

image


Extracting AES Keys from the Memory Dump

You can use tools like bulk_extractor and findaes to extract AES keys from memory dumps. These programs work by carving the images and eliminating anything which is not a valid AES key schedule.

./findaes memdump.raw

image

The tools found an AES-128 key, and I now needed to recreate this behavior on a lab to make sure that it was the encryption master-key. I set up an encrypted volume on a Debian installation and dumped the master keys using cryptsetup:

cryptsetup luksDump --dump-master-key /dev/sda5

image

After that, I dumped the operating system memory and used bulk_extractor to search for AES Keys:

bulk_extractor memdump.raw

image

The AES256 key matches with the MK dump, what brings us to the final step.


Decrypting LUKS volume using the Master Key

Now that we have the AES Key, all we need to do is follow this guide - Cryptsetup and the master key - and decrypt '/dev/vg/home'. There's no command-line to decrypt the disk using the master-key, everything is kind of hackish (you need to corrupt the headers and create a new one using the key).

sudo losetup -o 1048576 /dev/loop1 safe.dd
cryptsetup -v luksDump /dev/vg/home

image

The Master Key (MK) has 128 bits, which is a good sign. The payload offset is 2048 and we need to do some basic math here to get the LUKS header size: 2048 * 512 / 1024 = 1024 (fdisk -l shows that the cluster size is 512 bytes).

We now proceed to write a new LUKS header on the device using the extracted MK, assigning a new passphrase:

dd if=/dev/vg/home of=test.img
hexdump -C -n 80 test.img
dd if=/dev/zero of=test.img conv=notrunc bs=1024 count=1
hexdump -C -v -n 80 test.img
echo 1fab015c1e3df9eac8728f65d3d16646 | xxd -r -p > key.bin

image

cryptsetup luksFormat --verify-passphrase --cipher=aes-ecb --hash=sha1 --key-size=128 --master-key-file=key.bin test.img

image

They tried to hide the flag from "/bin/cat" using the carriage return char (0x0D), but hexdump and Pluma had no problems displaying it:

               image

             image


Flag: flag{v0t3_f0r_p3dr0}


Update 1: @rbaranyi and David Berard pointed out that replacing '/etc/shadow', login with the known password and then use 'strings /dev/lvm' would be easier. That's true, but that wouldn't involve any kind of memory inception.

Update 2: David Berard pointed out that newer 'cryptsetup' offers an option to set a new passphrase using the master key: 'cryptsetup luksAddKey --master-key-file=<master-key-file> <luks device>'

Update 3: According to the writeup from CLGT, you can also dump  VirtualBox RAM using this administrative command: 'VBoxManage debugvm SafeClone dumpvmcore --filename=getthekey'

Update 4: Some teams used the dm_dump volatility plugin: it identifies disks on the target system which were mounted using the device-mapper framework. The output of this plugin gives you the arguments to pass to the dmsetup command to remount the original unencrypted file system on a different machine.

Posted in Uncategorized Tagged