Enable multicast in smartOS/solaris

Multicast interfaces are not enabled by default on machines provisioned into the Joyent Public Cloud. However, you can enable multicast interfaces by doing the following:

  1. Choose an interface to which you want to attach the multicast segment 224.0.0.0/4. Your options are em0 or em1.Tip: We recommend em1.
  2. Take note of the IP address for the chosen interface.
  3. Execute the following command as the root user:
    route -n add -interface 224.0/4 -gateway $IP_OF_INTERFACE
  4. Verify the multicast segment is attached:
    netstat -rn | grep 224.0.0.0

If successful, you should see something similar to the following:

224.0.0.0            10.112.0.243         U         1          0 net1 or net2

 

About ipf and Multicast Traffic Rules

If you plan to use ipf (IPFilter), you will need to write rules that allow multicast traffic. You can write those rules in the following way:

pass in quick on $INTERFACE proto 2 from any to any
pass out quick on $INTERFACE proto 2 from any to any

If you need to permanently add those rules to your config, check the attached SMF manifest.

Note: If you use the attached manifest, ensure you specify the correct IP address for the $IP variable.

svccfg validate multicastlan.xml
svccfg import multicastlan.xml
svcs multicastlan
STATE          STIME    FMRI
disabled        9:52:18 svc:/site/multicastlan:default
svcadm enable multicastlan
svcs multicastlan
STATE          STIME    FMRI
online          9:52:53 svc:/site/multicastlan:default

 Note: For more information on IPFilter, you can view the man page here.

something about “55000 hacked twitter accounts”

This week, seen in several internet news portals the announcement of “hacking” 55000 twitter accounts. This kind of news tend to attract attention of the net and demonstrate the fragility of this. I like to spend some type observing the data published and speculate a bit.
Yes, after concatenate the five parts of pastebin, we have 58970 records. But after this and check how many of them are unique, only 36998 are. So, until here, the announcement was not successful.
We can consider the password list a Corpus and with it, useful to linguistic analysis and text mining.
First, the most popular passwords:
Screen_shot_2012-05-11_at_10
Order Unfiltered	wordcount	 Occurencies
1.		315475		580				1.5573
2.		123456		489				1.3130
3.		123456789	176				0.4726
4.		102030		68				0.1826
5.		123	        61				0.1638
6.		12345		53				0.1423
7.		1234		45				0.1208
8.		101010		29				0.0779
9.		242424		28				0.0752
10.		12345678	27				0.0725
11.		010203		24				0.0644
12.		1234567		24				0.0644
13.		654321		23				0.0618
14.		123123		21				0.0564
15.		121212		19				0.0510
16.		123321		16				0.0430
17.		sexo		16				0.0430
18.		com	        16				0.0430
19.		1234567890	15				0.0403
20.		junior		14				0.0376
21.		gay	        14				0.0376
22.		gatinho		13				0.0349
23.		124578		13				0.0349
24.		0123456789	13				0.0349
25.		12345678910	12				0.0322
26.		brasil		12				0.0322
27.		123654		12				0.0322
28.		202020		12				0.0322
29.		159753		12				0.0322
30.		adm15575	11				0.0295
31.		212121		11				0.0295
32.		151515		11				0.0295
33.		2008		10				0.0269
34.		1010		10				0.0269
35.		252525		10				0.0269
36.		fernando	10				0.0269
37.		redeglobo	10				0.0269
38.		112233		10				0.0269
39.		eumesmo		10				0.0269
40.		000000		10				0.0269
41.		987654321	9				0.0242
42.		141414		9				0.0242
43.		123mudar	9				0.0242
44.		789456		9				0.0242
45.		696969		9				0.0242
46.		ricardo		9				0.0242
47.		thiago		8				0.0215
48.		alexandre	8				0.0215
49.		eduardo		8				0.0215
50.		456789		8				0.0215
Very interesting, then:
  • The first 16 password are numbers.
  • The first most popular password is 315475 (a mystery to evaluate)
  • The first word is “sexo”.
  • Passwords seem to predominate in portuguese (in popularity)
What is 315475?
  1. The phone prefix of Syracuse, NY (USA).
  2. One hexcolor? 580 persons love the blue?
  3. A common password from a spambot owner?
Screen_shot_2012-05-12_at_4
My vote for the spambot.

easy way to know if “flashback Trojan” infected your mac (osx lion)

This last days, many people spoke about the new “Flashback Trojan” in OSX 10.7 (for more info, click here).

The way to know if you are infected requires some work with the terminal (two commands). Some users “hate” the terminal or simply not know it is there, that is why I wrote a simple applescript (fast and dirty) that check in a click (to my dear friend Dario).
 
The resultant application (created with applescript editor) is included in this post (Check Flashback Trojan 0.1.zip), or you can check the source code:
display dialog "Lets go to check two simple values, if the result is not equal to OK, run some antivirus or do your job with the terminal app. Also, check http://goo.gl/3FWfA" with icon stop with title "Simple Flashback Trojan detect tool"

try
	set test1 to do shell script "defaults read /Applications/Safari.app/Contents/Info LSEnvironment  > /tmp/nada 2>&1; cat /tmp/nada | grep -i not"
	set test1 to result

	if test1 contains "does not exist" then
		display dialog "Step 1: OK" with icon note
		do shell script "rm -f /tmp/nada"
	else
		display dialog "Step 1: Something is wrong with Info LSEnvironment" with icon stop
	end if
end try

try
	set test2 to do shell script "defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES  > /tmp/nada2 2>&1; cat /tmp/nada2 | grep -i not"
	set test2 to result

	if test2 contains "does not exist" then
		display dialog "Step 2: OK" with icon note
		do shell script "rm -f /tmp/nada2"
	else
		display dialog "Step 2: Something is wrong with DYLD_INSERT_LIBRARIES" with icon stop
	end if
end try
Screen_shot_2012-04-05_at_9
0screen_shot_2012-04-05_at_9
1screen_shot_2012-04-05_at_9
Screen_shot_2012-04-06_at_12
Bye,

Solving “VTDecoderXPCService quit unexpectedly” in OSX 10.7

The log error is:
Process:         VTDecoderXPCService [38461]
Path:            /System/Library/PrivateFrameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
Identifier:      VTDecoderXPCService
Version:         ??? (???)
Code Type:       X86-64 (Native)
Parent Process:  ??? [1]

Date/Time:       2012-03-13 16:19:35.652 -0500
OS Version:      Mac OS X 10.7.3 (11D50)
Report Version:  9
Sleep/Wake UUID: C7F9D4B3-1728-4AB6-B314-FBC9E4B06761

Crashed Thread:  3  Dispatch queue: com.apple.coremedia.videodecoder-peer-38460

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00007fda92700000

VM Regions Near 0x7fda92700000:
    MALLOC_TINY            00007fda92400000-00007fda92700000 [ 3072K] rw-/rwx SM=PRV  
--> 
    MALLOC_SMALL           00007fda92800000-00007fda93800000 [ 16.0M] rw-/rwx SM=PRV  

Application Specific Information:
objc[38461]: garbage collection is OFF
VTDecoderXPCService is the sandboxing for video content in Lion. All things that are QuickTime related, audio or video, are sandboxed by this service.
The problem is caused by a corrupt video file, in my case it was a m4v file. And because the file was on the desktop, each time I restarted, or opened a finder window that opened to the desktop folder, the error would pop up.

However, some possible solutions are (each one, not together):

  1. Delete the file from the Desktop.
  2. Move the video/audio file to one directory (obviously, create them).
  3. Change the opening default app to another compatible, like VLC.
  4. In some cases, change the file extension to another, solves the problem.
For more info:
Screen_shot_2012-03-13_at_8

gremwell magictree native app for OSX

MagicTree is a penetration tester productivity tool. It is designed to allow easy and straightforward data consolidation, querying, external command execution and (yeah!) report generation. In case you wonder, “Tree” is because all the data is stored in a tree structure, and “Magic” is because it is designed to magically do the most cumbersome and boring part of penetration testing – data management and reporting.

The application was written in Java, then running in operating systems with sun-jvm is not very complex (java -jar file.jar or double click –if you have the file association–). I prefer to have it in the application folder (to access with Quicksilver/Launchpad/blah..) and with application menus built inside of osx so i decided to turn it into a native application (.app corresponding to version 1.1 of MT)

To download, click:

Screen_shot_2012-02-15_at_4
The MD5 hash is:

MD5 (magictree1.1.zip) = 09d17885821924be89f906b9aca8f254

mitmproxy over OSX 10.7

Mitmproxy is an SSL-capable man-in-the-middle HTTP proxy. It provides a console interface that allows traffic flows to be inspected and edited on the fly. In other words is like a tcpdump from http.

To install:
  1. Check your python version (you need 2.6.x or 2.7.x). If have any trouble with this, install macports and
    sudo port install python26
  2. Download urwid from here and next, uncompress and
    sudo python setup.py install
  3. Checkout the source code with git
    git clone https://github.com/cortesi/mitmproxy.git
  4. Install using the setup.py script. This is the output:
python setup.py install

/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option: 'install_requires' warnings.warn(msg)
running install
running build
running build_py
creating build
creating build/lib
creating build/lib/libmproxy
copying libmproxy/__init__.py -> build/lib/libmproxy
copying libmproxy/cmdline.py -> build/lib/libmproxy
copying libmproxy/controller.py -> build/lib/libmproxy
copying libmproxy/dump.py -> build/lib/libmproxy
copying libmproxy/encoding.py -> build/lib/libmproxy
copying libmproxy/filt.py -> build/lib/libmproxy
copying libmproxy/flow.py -> build/lib/libmproxy
copying libmproxy/proxy.py -> build/lib/libmproxy
copying libmproxy/script.py -> build/lib/libmproxy
copying libmproxy/tnetstring.py -> build/lib/libmproxy
copying libmproxy/utils.py -> build/lib/libmproxy
copying libmproxy/version.py -> build/lib/libmproxy
creating build/lib/libmproxy/console
copying libmproxy/console/__init__.py -> build/lib/libmproxy/console
copying libmproxy/console/common.py -> build/lib/libmproxy/console
copying libmproxy/console/connlist.py -> build/lib/libmproxy/console
copying libmproxy/console/connview.py -> build/lib/libmproxy/console
copying libmproxy/console/help.py -> build/lib/libmproxy/console
copying libmproxy/console/kveditor.py -> build/lib/libmproxy/console
creating build/lib/libmproxy/contrib
copying libmproxy/contrib/__init__.py -> build/lib/libmproxy/contrib
copying libmproxy/contrib/pyparsing.py -> build/lib/libmproxy/contrib
creating build/lib/libmproxy/resources
copying libmproxy/resources/ca.cnf -> build/lib/libmproxy/resources
copying libmproxy/resources/cert.cnf -> build/lib/libmproxy/resources
running build_scripts
creating build/scripts-2.7
copying and adjusting mitmproxy -> build/scripts-2.7
copying and adjusting mitmdump -> build/scripts-2.7
changing mode of build/scripts-2.7/mitmproxy from 644 to 755
changing mode of build/scripts-2.7/mitmdump from 644 to 755
running install_lib
creating /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/__init__.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/cmdline.py -> /Library/Python/2.7/site-packages/libmproxy
creating /Library/Python/2.7/site-packages/libmproxy/console
copying build/lib/libmproxy/console/__init__.py -> /Library/Python/2.7/site-packages/libmproxy/console
copying build/lib/libmproxy/console/common.py -> /Library/Python/2.7/site-packages/libmproxy/console
copying build/lib/libmproxy/console/connlist.py -> /Library/Python/2.7/site-packages/libmproxy/console
copying build/lib/libmproxy/console/connview.py -> /Library/Python/2.7/site-packages/libmproxy/console
copying build/lib/libmproxy/console/help.py -> /Library/Python/2.7/site-packages/libmproxy/console
copying build/lib/libmproxy/console/kveditor.py -> /Library/Python/2.7/site-packages/libmproxy/console
creating /Library/Python/2.7/site-packages/libmproxy/contrib
copying build/lib/libmproxy/contrib/__init__.py -> /Library/Python/2.7/site-packages/libmproxy/contrib
copying build/lib/libmproxy/contrib/pyparsing.py -> /Library/Python/2.7/site-packages/libmproxy/contrib
copying build/lib/libmproxy/controller.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/dump.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/encoding.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/filt.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/flow.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/proxy.py -> /Library/Python/2.7/site-packages/libmproxy
creating /Library/Python/2.7/site-packages/libmproxy/resources
copying build/lib/libmproxy/resources/ca.cnf -> /Library/Python/2.7/site-packages/libmproxy/resources
copying build/lib/libmproxy/resources/cert.cnf -> /Library/Python/2.7/site-packages/libmproxy/resources
copying build/lib/libmproxy/script.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/tnetstring.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/utils.py -> /Library/Python/2.7/site-packages/libmproxy
copying build/lib/libmproxy/version.py -> /Library/Python/2.7/site-packages/libmproxy
byte-compiling /Library/Python/2.7/site-packages/libmproxy/__init__.py to __init__.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/cmdline.py to cmdline.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/console/__init__.py to __init__.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/console/common.py to common.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/console/connlist.py to connlist.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/console/connview.py to connview.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/console/help.py to help.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/console/kveditor.py to kveditor.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/contrib/__init__.py to __init__.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/contrib/pyparsing.py to pyparsing.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/controller.py to controller.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/dump.py to dump.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/encoding.py to encoding.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/filt.py to filt.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/flow.py to flow.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/proxy.py to proxy.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/script.py to script.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/tnetstring.py to tnetstring.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/utils.py to utils.pyc
byte-compiling /Library/Python/2.7/site-packages/libmproxy/version.py to version.pyc
running install_scripts
copying build/scripts-2.7/mitmdump -> /usr/local/bin
copying build/scripts-2.7/mitmproxy -> /usr/local/bin
changing mode of /usr/local/bin/mitmdump to 755
changing mode of /usr/local/bin/mitmproxy to 755
running install_egg_info
Writing /Library/Python/2.7/site-packages/mitmproxy-0.6-py2.7.egg-info
All you need is execute the command “mitmproxy” in a terminal and configure your preferred browser to use the manual proxy at: localhost port 8080.
 
So nice and very useful with the uncomfortable “calls to home” from certain apps and web apps.
Screen_shot_2012-02-09_at_110screen_shot_2012-02-09_at_11