Erethon’s corner

Random thoughts of mine

My Mail Setup Using Mutt/OfflineIMAP/imapfilter

This is part of a series of posts where I describe my workflow and OS setup.

I use email a lot both in work and my daily life, so I want/need to have a lot of control on my mail. I use IMAP for getting my email for all my accounts and SMTP to send mails.

My mail client of choice is Mutt, which is a fully featured text based (terminal) MUA. Mutt has a nice interface (supports colors), it can read the maildir mailbox format (more on that later), uses an external editor for writing email (I use Vim), supports gpg/pgp, etc. In short, it’s not lacking any features compared to a GUI client.

You can use Mutt to connect to an IMAP server and have Mutt fetch your mail, but I prefer to use OfflineIMAP which is written in Python. OfflineIMAP syncs my mails from multiple remote servers to the local filesystem in maildir format. It also supports syncing between IMAP servers but I don’t need that kind of functionality. The configuration file of OfflineIMAP is simple, clean, powerful and intuitive if you’ve used Python before.

Depending on the machine I’m working on, I only sync specific IMAP folders. Here is the part of my .offlineimaprc file responsible for selecting the folders to be sync’ed.

1
2
3
4
5
6
folderfilter = lambda folder: folder in ['INBOX',
                                         'synnefo',
                                         'synnefo-devel',
                                         ...
                                         'ganeti',
                                         'ganeti-devel']

As always you can find my dotfiles on my GitHub account.

There is one more piece of software involved on my email setup and that is imapfilter, a utility to filter/sort emails on the remote IMAP server. It’s written in a combination of C and Lua and its configuration file is using Lua too. You can filter mails based on a number of different fields like CC, To, From, Subject, etc. There is not much more to say about it actually, it does one job and it does it well and fast.

Here is a diagram of the above setup (created with asciio):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
                       Mutt sends mail using SMTP
          .------------------------<-------------------------------
          |                                                       ^
          |                                                       |
          v                                                       |
     .-,(  ),-.                                                   |
  .-(          )-.        .-------------.     .--------.      .------.
 (  Mail Servers  )<----->. OfflineIMAP .---->. ~/mail .<-----. Mutt .
  '-(          ).-'       '-------------'     '--------'      '------'
      '-.( ).-'        Fetch mails on ~/mail                 Read mails
          ^            and sync their status                 from ~/mail
          |            with the remote server
          |
          |
   .------------.
   . imapfilter .
   '------------'
imapfilter constantly filtering mails

Kippo Findings Round Two

It’s been over a month since I set up twelve Kippo hosts using my Ansible playbook, time to get some stats.

1
2
3
4
5
Total Login Attempts: 4279170
Total Unique IPs: 5439
Total Unique Passwords: 383182
Total Unique Usenames: 3577
Total Unique Files Downloaded: 28

And here’s a pipal analysis.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
Total entries = 4272225
Total unique entries = 389335

Top 10 passwords
admin = 5644 (0.13%)
123456 = 2747 (0.06%)
root123 = 2678 (0.06%)
password = 2290 (0.05%)
root = 2065 (0.05%)
a = 2040 (0.05%)
12345 = 1843 (0.04%)
1234 = 1786 (0.04%)
test = 1776 (0.04%)
qwer1234 = 1702 (0.04%)

Top 10 base words
admin = 33225 (0.78%)
root = 24654 (0.58%)
password = 19442 (0.46%)
p@ssw0rd = 9031 (0.21%)
abcd = 8728 (0.2%)
test = 8263 (0.19%)
qwer = 7892 (0.18%)
qwerty = 7126 (0.17%)
passw0rd = 5877 (0.14%)
huawei = 5111 (0.12%)

Password length (length ordered)
1 = 6312 (0.15%)
2 = 12630 (0.3%)
3 = 43981 (1.03%)
4 = 153416 (3.59%)
5 = 547446 (12.81%)
6 = 648606 (15.18%)
7 = 539789 (12.63%)
8 = 974358 (22.81%)
9 = 569520 (13.33%)
10 = 267102 (6.25%)
11 = 161711 (3.79%)
12 = 148559 (3.48%)
13 = 69732 (1.63%)
14 = 40858 (0.96%)
15 = 17935 (0.42%)
16 = 19200 (0.45%)
17 = 9996 (0.23%)
18 = 8157 (0.19%)
19 = 4947 (0.12%)
20 = 6558 (0.15%)
21 = 3270 (0.08%)
22 = 1720 (0.04%)
23 = 2486 (0.06%)
24 = 1849 (0.04%)
25 = 1462 (0.03%)
26 = 1209 (0.03%)
27 = 1642 (0.04%)
28 = 1014 (0.02%)
29 = 644 (0.02%)
30 = 881 (0.02%)
31 = 488 (0.01%)
32 = 2270 (0.05%)
33 = 211 (0.0%)
34 = 328 (0.01%)
35 = 213 (0.0%)
36 = 381 (0.01%)
37 = 171 (0.0%)
38 = 232 (0.01%)
39 = 68 (0.0%)
40 = 7 (0.0%)
41 = 64 (0.0%)
42 = 70 (0.0%)
43 = 39 (0.0%)
44 = 90 (0.0%)
45 = 77 (0.0%)
46 = 30 (0.0%)
47 = 20 (0.0%)
48 = 72 (0.0%)
49 = 90 (0.0%)
50 = 2 (0.0%)
51 = 75 (0.0%)
52 = 20 (0.0%)
54 = 14 (0.0%)
55 = 44 (0.0%)
56 = 14 (0.0%)
57 = 15 (0.0%)
58 = 31 (0.0%)
60 = 13 (0.0%)
62 = 15 (0.0%)
63 = 34 (0.0%)
70 = 48 (0.0%)
71 = 14 (0.0%)
81 = 38 (0.0%)

Password length (count ordered)
8 = 974358 (22.81%)
6 = 648606 (15.18%)
9 = 569520 (13.33%)
5 = 547446 (12.81%)
7 = 539789 (12.63%)
10 = 267102 (6.25%)
11 = 161711 (3.79%)
4 = 153416 (3.59%)
12 = 148559 (3.48%)
13 = 69732 (1.63%)
3 = 43981 (1.03%)
14 = 40858 (0.96%)
16 = 19200 (0.45%)
15 = 17935 (0.42%)
2 = 12630 (0.3%)
17 = 9996 (0.23%)
18 = 8157 (0.19%)
20 = 6558 (0.15%)
1 = 6312 (0.15%)
19 = 4947 (0.12%)
21 = 3270 (0.08%)
23 = 2486 (0.06%)
32 = 2270 (0.05%)
24 = 1849 (0.04%)
22 = 1720 (0.04%)
27 = 1642 (0.04%)
25 = 1462 (0.03%)
26 = 1209 (0.03%)
28 = 1014 (0.02%)
30 = 881 (0.02%)
29 = 644 (0.02%)
31 = 488 (0.01%)
36 = 381 (0.01%)
34 = 328 (0.01%)
38 = 232 (0.01%)
35 = 213 (0.0%)
33 = 211 (0.0%)
37 = 171 (0.0%)
44 = 90 (0.0%)
49 = 90 (0.0%)
45 = 77 (0.0%)
51 = 75 (0.0%)
48 = 72 (0.0%)
42 = 70 (0.0%)
39 = 68 (0.0%)
41 = 64 (0.0%)
70 = 48 (0.0%)
55 = 44 (0.0%)
43 = 39 (0.0%)
81 = 38 (0.0%)
63 = 34 (0.0%)
58 = 31 (0.0%)
46 = 30 (0.0%)
52 = 20 (0.0%)
47 = 20 (0.0%)
57 = 15 (0.0%)
62 = 15 (0.0%)
71 = 14 (0.0%)
54 = 14 (0.0%)
56 = 14 (0.0%)
60 = 13 (0.0%)
40 = 7 (0.0%)
50 = 2 (0.0%)

      |
      | |
     ||||
     ||||
     ||||
     ||||
     ||||
     ||||
     ||||
     |||||
     |||||
     |||||
    ||||||||
    ||||||||
   |||||||||||
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
000000000011111111112222222222333333333344444444445555555555666666666677
012345678901234567890123456789012345678901234567890123456789012345678901

One to six characters = 1412385 (33.06%)
One to eight characters = 2926530 (68.5%)
More than eight characters = 1345695 (31.5%)

Only lowercase alpha = 1863480 (43.62%)
Only uppercase alpha = 14447 (0.34%)
Only alpha = 1877927 (43.96%)
Only numeric = 506595 (11.86%)

First capital last symbol = 25208 (0.59%)
First capital last number = 84459 (1.98%)

Months
january = 386 (0.01%)
february = 161 (0.0%)
march = 1091 (0.03%)
april = 1062 (0.02%)
may = 2603 (0.06%)
june = 948 (0.02%)
july = 624 (0.01%)
august = 1592 (0.04%)
september = 523 (0.01%)
october = 797 (0.02%)
november = 487 (0.01%)
december = 685 (0.02%)

Days
monday = 154 (0.0%)
tuesday = 63 (0.0%)
wednesday = 37 (0.0%)
thursday = 16 (0.0%)
friday = 195 (0.0%)
saturday = 9 (0.0%)
sunday = 133 (0.0%)

Months (Abreviated)
jan = 5789 (0.14%)
feb = 517 (0.01%)
mar = 35327 (0.83%)
apr = 2128 (0.05%)
may = 2603 (0.06%)
jun = 4579 (0.11%)
jul = 2372 (0.06%)
aug = 2962 (0.07%)
sept = 928 (0.02%)
oct = 2328 (0.05%)
nov = 2693 (0.06%)
dec = 2327 (0.05%)

Days (Abreviated)
mon = 22270 (0.52%)
tues = 63 (0.0%)
wed = 2056 (0.05%)
thurs = 152 (0.0%)
fri = 3870 (0.09%)
sat = 3037 (0.07%)
sun = 7538 (0.18%)

Includes years
1975 = 7620 (0.18%)
1976 = 6648 (0.16%)
1977 = 7440 (0.17%)
1978 = 6334 (0.15%)
1979 = 5982 (0.14%)
1980 = 7467 (0.17%)
1981 = 8545 (0.2%)
1982 = 6424 (0.15%)
1983 = 7833 (0.18%)
1984 = 8592 (0.2%)
1985 = 9117 (0.21%)
1986 = 9103 (0.21%)
1987 = 8716 (0.2%)
1988 = 8862 (0.21%)
1989 = 8256 (0.19%)
1990 = 8004 (0.19%)
1991 = 6658 (0.16%)
1992 = 7141 (0.17%)
1993 = 5816 (0.14%)
1994 = 4754 (0.11%)
1995 = 3422 (0.08%)
1996 = 2810 (0.07%)
1997 = 2752 (0.06%)
1998 = 1573 (0.04%)
1999 = 1246 (0.03%)
2000 = 5166 (0.12%)
2001 = 1996 (0.05%)
2002 = 1868 (0.04%)
2003 = 2340 (0.05%)
2004 = 1701 (0.04%)
2005 = 2257 (0.05%)
2006 = 2343 (0.05%)
2007 = 3440 (0.08%)
2008 = 10383 (0.24%)
2009 = 5993 (0.14%)
2010 = 8890 (0.21%)
2011 = 7946 (0.19%)
2012 = 7987 (0.19%)
2013 = 7515 (0.18%)
2014 = 2895 (0.07%)
2015 = 282 (0.01%)
2016 = 55 (0.0%)
2017 = 106 (0.0%)
2018 = 315 (0.01%)
2019 = 164 (0.0%)
2020 = 1491 (0.03%)

Years (Top 10)
2008 = 10383 (0.24%)
1985 = 9117 (0.21%)
1986 = 9103 (0.21%)
2010 = 8890 (0.21%)
1988 = 8862 (0.21%)
1987 = 8716 (0.2%)
1984 = 8592 (0.2%)
1981 = 8545 (0.2%)
1989 = 8256 (0.19%)
1990 = 8004 (0.19%)

Single digit on the end = 316111 (7.4%)
Two digits on the end = 209828 (4.91%)
Three digits on the end = 334071 (7.82%)

Last number
0 = 117432 (2.75%)
1 = 345257 (8.08%)
2 = 169506 (3.97%)
3 = 371406 (8.69%)
4 = 138993 (3.25%)
5 = 103643 (2.43%)
6 = 145253 (3.4%)
7 = 86214 (2.02%)
8 = 94345 (2.21%)
9 = 94860 (2.22%)

   |
 | |
 | |
 | |
 | |
 | |
 | |
 | |
 |||
 |||  |
||||| |
||||||| ||
||||||||||
||||||||||
||||||||||
||||||||||
0123456789

Last digit
3 = 371406 (8.69%)
1 = 345257 (8.08%)
2 = 169506 (3.97%)
6 = 145253 (3.4%)
4 = 138993 (3.25%)
0 = 117432 (2.75%)
5 = 103643 (2.43%)
9 = 94860 (2.22%)
8 = 94345 (2.21%)
7 = 86214 (2.02%)

Last 2 digits (Top 10)
23 = 276777 (6.48%)
12 = 81583 (1.91%)
56 = 74550 (1.74%)
34 = 57127 (1.34%)
21 = 49045 (1.15%)
11 = 35517 (0.83%)
01 = 33071 (0.77%)
45 = 28208 (0.66%)
10 = 26189 (0.61%)
88 = 25548 (0.6%)

Last 3 digits (Top 10)
123 = 265326 (6.21%)
456 = 71517 (1.67%)
234 = 54518 (1.28%)
321 = 36337 (0.85%)
345 = 22703 (0.53%)
789 = 13743 (0.32%)
111 = 10952 (0.26%)
000 = 10466 (0.24%)
008 = 9827 (0.23%)
567 = 8697 (0.2%)

Last 4 digits (Top 10)
3456 = 66043 (1.55%)
1234 = 52626 (1.23%)
2345 = 21987 (0.51%)
3123 = 16998 (0.4%)
4321 = 10069 (0.24%)
2008 = 8546 (0.2%)
6789 = 8269 (0.19%)
4567 = 8255 (0.19%)
1111 = 6866 (0.16%)
2010 = 6826 (0.16%)

Last 5 digits (Top 10)
23456 = 65640 (1.54%)
12345 = 21703 (0.51%)
23123 = 16174 (0.38%)
56789 = 7955 (0.19%)
34567 = 7948 (0.19%)
45678 = 6124 (0.14%)
54321 = 5940 (0.14%)
11111 = 4840 (0.11%)
67890 = 2766 (0.06%)
23654 = 2719 (0.06%)

Character sets
loweralpha: 1863480 (43.62%)
loweralphanum: 1145890 (26.82%)
numeric: 506595 (11.86%)
loweralphaspecialnum: 174208 (4.08%)
loweralphaspecial: 128119 (3.0%)
mixedalpha: 122253 (2.86%)
mixedalphanum: 112280 (2.63%)
mixedalphaspecialnum: 67020 (1.57%)
specialnum: 41275 (0.97%)
special: 24563 (0.57%)
mixedalphaspecial: 23892 (0.56%)
upperalphanum: 17482 (0.41%)
upperalpha: 14447 (0.34%)
upperalphaspecial: 13500 (0.32%)
upperalphaspecialnum: 10603 (0.25%)

Character set ordering
allstring: 2000180 (46.82%)
stringdigit: 923976 (21.63%)
alldigit: 506595 (11.86%)
othermask: 417041 (9.76%)
stringdigitstring: 86055 (2.01%)
digitstring: 79982 (1.87%)
stringspecialdigit: 68912 (1.61%)
stringspecial: 68030 (1.59%)
stringspecialstring: 49227 (1.15%)
digitstringdigit: 27009 (0.63%)
allspecial: 24563 (0.57%)
specialstring: 13165 (0.31%)
specialstringspecial: 7490 (0.18%)

Hashcat masks (Top 10)
?l?l?l?l?l: 441911 (10.34%)
?l?l?l?l?l?l: 324026 (7.58%)
?l?l?l?l?l?l?l?l: 311103 (7.28%)
?l?l?l?l?l?l?l: 283900 (6.65%)
?d?d?d?d?d?d?d?d: 219536 (5.14%)
?l?l?l?l?l?l?l?l?l: 190302 (4.45%)
?d?d?d?d?d?d: 130232 (3.05%)
?l?l?l?l: 88982 (2.08%)
?l?l?l?l?l?l?l?l?l?l: 87274 (2.04%)
?l?l?l?l?l?l?d?d: 66208 (1.55%)

Deploying Kippo With Ansible

I’ve been running some instances of Kippo for quite some while now with great results. I recently wrote an Ansible playbook to automate the process of deploying Kippo hosts and also make it scalable. You can find the playbook on my GitHub page, specifically here.

In a nutshell, the playbook will deploy a central database for all the Kippo hosts to log incoming attacks and then deploy a number of Kippo hosts. You can specify which repo to clone Kippo from or do ad-hoc file modifications to files in the repo. For example, I’ve modified some commands like wget.

A couple of weeks ago, GitHub announced its Student Pack, giving 100$ of credit on DigitalOcean, which I promptly grabbed. Two nights ago, I decided to use the credit on building a small cluster of SSH honeypots, consisting of twelve Kippo hosts. Of course, the whole project was orchestrated using Ansible.

I created thirteen VMs (droplets in DO terms) using the Digital Ocean ansible module, twelve for the Kippo hosts and one for the logging database. I, also, ran a couple of ad-hoc Ansible commands to further configure some settings inside the VMs, and finally used ssh-multi (which I’ve talked about in my tmux config post) to make sure everything was configured properly.

Results

It’s been a little over 48 hours since I set this up, so let’s see some early statistics. I used an old script of mine to extract these.

1
2
Total login attempts: 212589
Total unique passwords tried: 17080

That means a little under 4.5k attacks per hour, or 74 attacks per minute, or 1.2 attacks per second with only twelve sensors online. The sensors were spread across the DO network, so I would get different IP ranges and also geographical diversity.

Unfortunately, I didn’t get any new samples, just random variants of Elknot, much like the one MalwareMustDie analyzed in the past. I’ll probably increase the number of sensors soon enough, which brings me to my next point.

I love the simplicity of Ansible and the ease of adding new hosts to a deployment, once you’ve written a playbook. All I have to do now to add more hosts in my Kippo “cluster” is:

1
ansible-playbook -i new_hosts -t kippo site.yml 

and only the Kippo tasks will run, installing and setting up Kippo, ready to attract and log more attacks.

My Tmux Config and a Small Tmux Primer

It’s been a little over a month since I started using tmux. Below, I’ll try to explain most of my .tmux.conf, a bit of my current workflow using awesome + tmux and various cool stuff you can do with tmux. My latest .tmux.conf can be found on my dotfiles repo on GitHub.

Tmux config file

1
2
unbind C-b
set -g prefix C-a

As most people, I’m using C-a as my bind key.

1
bind-key a send-prefix

On nested tmux sessions, I use C-a a to send commands to the second level tmux instance. Another popular choice is C-f, but it feels weird to me.

1
bind-key C-a last-window

This is an old habit from screen, using C-a C-a to go to last active window.

1
bind r source-file ~/.tmux.conf

Use C-a r to reload tmux configuration on the running session.

1
2
3
4
bind-key -r j select-pane -D
bind-key -r k select-pane -U
bind-key -r H select-pane -L
bind-key -r L select-pane -R

I’m using C-a j/k to move down/up in panes and C-a H/L to move left/right. The -r flag means the key can be repeated multiple times without having to press C-a again, e.g., C-a j j will move the cursor two panes down.

1
2
bind-key -r l next-window
bind-key -r h previous-window

Same as above C-a l/h for window navigation right/left.

1
2
3
4
bind-key -r '=' resize-pane -U 5
bind-key -r '-' resize-pane -D 5
bind-key -r '<' resize-pane -L 5
bind-key -r '>' resize-pane -R 5

An easy way to resize panes.

1
bind-key m command-prompt -p "[ man page ]" "split-window 'exec man %%'"

This is one of my favorites that I picked up on #tmux on freenode. C-a m will open a prompt and ask for a man page to open a new bottom pane.

This is it in action.

1
bind-key "'" split-window -h

I like to use C-a ' and C-a " for my horizontal/vertical splits.

1
bind-key v copy-mode

Tmux has an amazing copy mode to scroll back up or copy text. The default way to enter said copy mode is C-a [, which I’ve remapped to C-a v.

1
bind-key -t vi-copy 'v' begin-selection

To start selecting text the default key is Space, which again I’ve remapped to v to be in sync with vi.

1
bind -t vi-copy y copy-pipe 'xclip -in > /dev/null'

When text is yanked in copy mode, it only exists in the context of the current session. The above remaps y to yank the selected text in copy mode and also save it on my clipboard using xclip.

1
bind-key p paste-buffer

Remap C-a p to paste buffer instead of the default C-a ].

1
setw -g mode-keys vi

Enable vi mode-keys, highly useful when selecting text in copy mode.

Here’s a quick demo showcasing the above, using vi’s gg and $ to move the cursor around, C-a v to enter copy mode and y/C-a p to yank and paste text.

1
2
set -g set-titles on
set -g set-titles-string '#(whoami)@#h --  #S'

Renames window titles on awesome’s status bar.

1
2
3
4
5
6
7
8
9
10
11
set -g status-utf8 on
set -g status-bg colour241
set -g status-fg white
set -g status-interval 60
set -g status-left-length 90
set -g status-right-length 60
set -g status-left "#[fg=Green]#(whoami)#[fg=white]::#[fg=yellow]#h"
set -g status-justify left
set -g status-right 'Session: #[fg=Cyan]#S - #[fg=white]Uptime:#[fg=Cyan]\
#(uptime | cut -d" " -f 4-5 | tr -d ,) - #[fg=white]Bat: [\
#[fg=Cyan]#(acpi | cut -d" " -f 4-5)#[fg=white]]'

This is my tmux status bar config. It’s pretty self-explanatory, the most interesting part is the last line where I use acpi to get the charge level of the battery and remaining charging time.

1
set -g default-terminal "screen-256color"

Set the default terminal to use.

1
2
set -g base-index 1
set -g pane-base-index 1

Start counting windows and panes from one and not zero.

1
set -g history-limit 10000

The default setting is to save 2000 lines of history per pane, I’ve changed this to 10000.

Using tmux as a pdsh/clusterssh alternative

I normally use ansible to run ad-hoc commands in multiple hosts, but there are times when I want a quick and dirty solution or want to (cleanly) see the output of a command to a number of hosts. A lot of people use clusterssh to achieve the above, but I don’t really like its use of xterm and the way it arranges windows, plus it semi-conflicts with awesome.

What I do instead, is run a script that opens a new tmux pane for every host, ssh to each host and set synchronize-panes on. With synchronize-panes, everything that is typed on one pane, is automatically sent to all panes in the same window. You can find the script here.

Here’s a gif of it in action. Or not, my netbook couldn’t handle the gif creation, here’s a pic instead with 7 panes active and ssh’ed.

End of part 1 (??)

That’s all for now, hopefully there’s gonna be a part two where I explain how I use tmux in conjunction with awesome.

PS. All the gifs in this page were created with ttygif.

Updating Tmux Without ‘Killing’ Active Sessions

I’ve been using tmux for a while, and even though I didn’t like it at first, now I’m in love with it. I’m mostly using it as a GNU Screen alternative, but I don’t use some of its fancy features like tabs, mainly because my window manager takes care of multiple terminal windows for me.

After a while, I got bored of starting a tmux session and configuring it every time, so I decided to give tmuxinator a try. The tmuxinator docs clearly stated that tmux >= 1.8 was needed, but I was using tmux version 1.6. I downloaded the latest stable tmux version from upstream, compiled it, installed it and tried to run it. I was greeted with this message:

protocol version mismatch (client 8, server 6)

What happened is that I had some tmux sessions still running using the 1.6 version. The obvious, and only, solution that came to my mind was to kill all running tmux sessions. Problem was, one of those sessions had my Irssi stuff open and, since I have yet to properly setup an irssi config file, I would have to reconnect to all servers, re-authenticate, rejoin all open channels, etc. Ain’t nobody got time for that.

Enter reptyr. Copying reptyr’s description:

reptyr is a utility for taking an existing running program and attaching it
to a new terminal. Started a long-running process over ssh, but have to
leave and don't want to interrupt it? Just start a screen, use reptyr to
grab it, and then kill the ssh session and head on home.

So, all I had to do was open a screen, detach the irssi processes from tmux, reattach them to screen using reptyr, kill all running tmux processes, restart the tmux server and, finally, reattach the irssi processes to tmux. Much to my surprise, it worked out flawlessly.

Now all that’s left, is to populate my ~/.tmuxinator config files and push them to my dotfiles.

Making a RS-232/UART Adaptor

A couple of months ago I wanted to experiment with the serial console of an old router I had laying around. Not wanting to buy a UART to RS-232 adaptor, I decided to make one myself. After all, I had some spare MAX3232 left over from a previous project (for which I still haven’t blogged).

I just followed the schematic provided by the datasheet and 15 minutes of soldering later, this was the end result.

images

images

Gotta love these cute little perfboards!

I’ve tested it both with a RapPI and the aforementioned router and it works great. I was able to get a serial console on the router using the serial headers on the pcb. The manufacturer had even marked the TX/RX pin holes, so there was no need for me to go serial hunting.

Now, I’m waiting for some FTDI FT232-RL chips to arrive to make a USB adaptor instead of a RS-232 one. I know you can buy one on ebay for 3 bucks, but where is the fun in that?

Octopress Here I Come!

I decided to port my blog to Octopress and move away from Wordpress after all these years. The reason for this is twofold:

  • I’ve really gotten used to working with vim, git, github and the surrounding workflow.
  • Static site generators are all the rage currently, so who am I to miss out?

Why Octopress and not something based on Python like Pelican or Nikola? I simply decided to do something that will get me out of my comfort zone and also teach me something new. I already know how to use venv, let’s see what RVM has to offer.

Raspi + SDR + ADS-B = Awesome

A lot of people have combined a RasPi and a SDR dongle to get a low power consumption ADS-B tracker. Tomasz Miklas has created an image for the Raspberry Pi, that has everything that is needed to run your own aircraft tracking “service” already set up. I’ve finally had a chance to experiment with it and this will be my short review.

First of all, I have to say I’m really sorry to Tomasz, because he send me the image at the 10th of October to test it out before releasing it publicly and I’m posting this two months later. Sorry mate.

Tomasz, has a well written post explaining how the image works , so I’ll skip the details. All tests were performed using a dongle with a R820T chip and the stock omnidirectional antenna. Since I moved recently, I didn’t have the time to construct a proper antenna, yet even with such an antenna the result were pretty good.

So, you download the image, dd it to a SD card, plug your SDR dongle, power it on, point your browser to the IP the RasPi obtained through DHCP and … and everything simply works out of the box. At least it did for me.

I was really surprised by how lightweight the whole setup was. After one and a half hours of uptime, two clients connected to the server and, receiving messages from two planes, the RasPi reported that it only used 30 megs of RAM and the CPU was pinned at 35% the whole time, with 4-5% of it being htop itself. The process using the CPU was of course dump1090, which does all the heavy lifting. Unfortunately, due to the time I tested the image (4 AM) and my location, there weren’t many planes (two simultaneously at max), so I don’t know how dump1090 behaves under a lot of load/traffic.

As mentioned above, I was using the stock antenna that came with the SDR dongle, but I was still able to get a signal from planes that were 72km away on average! On some of my previous tests under Windows and ADSB#, I only got 28km of range. A lot of things have changed since then though, mainly my new house and my antenna placement, or perhaps the old one was a Faraday cage? Either way, for the time being, I’ll leave the RasPi running and further report on its performance after a bit of testing.

If you own a RasPi and a SDR dongle, give the image a try. It may not be something you haven’t seen or done already, but it certainly is the easiest way to monitor ADS-B traffic, at least to my knowing. I know, I’ll be keeping a copy of the image in a SD card because it’s so handy.

An Into to SDR

For the past two months I’ve been reading about SDR and everything related to radio telecommunications. For those that don’t know what SDR is (and are too bored to click the previous link), Software Defined Radio is a system that implements hardware subsystems of a typical radio in software. People have been designing their own SDRs with FPGAs for quite some time now, but in the last year there has been a huge “revolution”. It turns out that a lot of cheap USB digital TV tuners based on the Realtek RTL2832U chip can be tuned at a wide range of frequencies.

For a list of supported devices you can check this page. I’ve bought two devices to experiment with, one is an EzTV 645 using the FC0013 chip, while the other one is using the Rafael Micro R820T chip (bought it from ebay for about 8 euro). I mainly bought them to experiment with ADS-B and NOAA weather satellites. Due to university assignments I didn’t have the time for the latter, but I’ve spent some mornings watching airplanes taking on and off from a nearby airport. Other interesting things to listen to are: ATC, ATIS, pager traffic, car keyfobs and anything else that is above in your chip range. As mentioned earlier, due to the lack of time, for the time being I’ve only experimented with ADS-B traffic.

I’ve done all my testing in Windows 7 using SDR# and ADSB# in conjunction with Virtual Radar Server. So far, using the stock antenna with both dongles, the one with the R820T is performing way better than the FC0013 one. There is less noise and it’s better at picking signals from afar. Moreover, it has a better tuning range, although it differs from dongle to dongle and it depends more or less on your luck.

I live fairly close to an airport so I get a good signal of any plane taking on or off. The maximum range I’ve achieved with the R820T dongle and stock antenna (omnidirectional) is 28km. I’ve checked the results I get against flightradar24.com and they are spot on. One feature of ADSB# I like is the ability to share your findings with servers that accept ADS-B traffic, like contributing to flightradar24.com.

I won’t go in more details at the moment, since I’m tight on time, but for those of you that are interested in getting a SDR capable dongle, do some research first. Not all dongles have what is called an esd protection diode. As its name implies, it’s a diode (a passive component allowing current to flow in one direction only, like a check valve) that protects against electrostatic discharge. A lot of people have “fried” their dongles because they didn’t have aid diodes. By leaving the antenna outside, the wind can create static charge on the antenna and fry the chip inside the dongle. Both of my dongles came with those diodes, but if you plan on buying one, read some comments first or if buying from ebay ask the seller for a picture of the dongle. The diodes are the ittle black things I’ve circled in red near the antenna connector.

For those of you that want more info on ADS-B I suggest watching this amazing talk by Render Man (http://www.renderlab.net).

images

images

images

My Kippo Findings After Three Months

Three months ago I installed Kippo in a low end VPS of mine. About a month after that, I got bored of manually checking kippo everyday so I made a small script to automate the process. Fast forward another two months and here we’re.

In three months time, I had 122.487 bruteforce attempts from 339 different IPs. Of said attempts, 130 were successful on finding the correct password(s). I set up Kippo to accept two different easy-to-guess passwords for the root account. People interacted with the honeypot (as in logged in and tried to download files, etc) only 16 times out of those 130. The rest were just bots logging in and logging out.

The first command every attacker runs after logging in is w, followed by cat /proc/cpuinfo. Ten out of the sixteen attackers logged out after seeing the results of /proc/cpuinfo. I guess people know about Kippo and recognize it by /proc/cpuinfo. After noticing that, I changed mine – something I suggest everyone to do as Kippo by default is easily identified. There were a few hits where people thought it’s an actual server and not a honeypot and tried downloading some of their tools. I disabled wget but made it look like it’s there, so it was funny seeing them figuring out why they can’t download their files.

Unfortunately, I haven’t come across any new web shell; only some IRC bots, so nothing interesting to post about there.

Of the 122.487 previously mentioned attempts, I’ve gathered 30.048 unique passwords (around 29.500 if you don’t count extra whitespace) and 8.525 usernames. I run both of the lists containing passwords and usernames against pipal. By far (49.12%) the most used username is root followed by test (0.8%).

For more details on both of the reports check my Kippo findings page.