crowbar BMG/KC Alerts on your iPhone

One of the things I built into my crowbar dictionary attack tools for DMG and keychain files from the start was Growl.  Growl is a free add on notification framework for your mac. MANY popular mac programs support growl so this is not just some odd plug in.   I recommend in the crowbar apps making it popup the notifications for password found and not found at least go to your screen.  The password found is even better when set to sticky.  This means the alert stays on the screen until you click on it.

Now if you have an iPhone you can get the alert notifications right to your iPhone.  There is a great iPhone application called Prowl (App Store Link).  The developer’s site lets you create a login to his site which you set in the Prowl program.  You download and install a Growl plugin for Prowl.  The Prowl iPhone app is $2.99.  The service and plugin are free.  Last all you do is customize the alert settings for the crowbar apps to send to Prowl just using the growl preference pane control.

Now when you leave those real large dictionaries running you can leave them minimized and even leave the office or home knowing you will get the status when the job finishes.

You can find out everything at the Prowl developer’s site: http://prowl.weks.net/

Share

crowbar Apps maintenance update 1.0.2

I dropped v1.0.2 of both crowbarDMG and crowbarKC into the automatic update feed.  Please just run the applications and choose Check for Updates or allow automatic updates to run.

This update fixes where I was not stripping the carriage return characters from windows CRLF formatted text files used as dictionaries.  It would cause the program to appear it was properly checking passwords but never find the correct password due to the extra CR character.

Share

Mac and Sleuthkit

I love using Sleuthkit tools fls and mactime to produce a timeline for file system analysis.  But what if you are not compiler friendly and have a mac as your forensics workstation?  Here is the quick and easy way to get Sleuthkit installed so you can run it against raw disc images.

  1. Get macports from macports.org  It is a simple install from dmg.
  2. Once installed, get a terminal session opened.
  3. execute the command: sudo port -d selfupdate
  4. execute the command: sudo port install sleuthkit

It will take a while for sleuthkit and all the dependancies to install.  Once done you should be able to do “man fls” and “man mactime” to see the manual pages for the tools and start using them.

Share

Mozy (on out of here) Backup for Mac

A long time back I had tested the online backup service Mozy.  By long time back I mean my version was mozy-0_6_2_6-502.dmg.  Today I was trouble shooting an application I am beta testing for someone.  I needed console logs.  Low and behold the Mozy removal script from that version was so bad it had left something behind.  I have TONS of the following events showing in my Console.

8/6/08 9:15:53 PM com.apple.launchd[1] (com.mozy.backup[1457]) posix_spawnp(“/Applications/Mozy.app/Contents/Resources/MozyBackup”, …): No such file or directory 

8/6/08 9:15:53 PM com.apple.launchd[1] (com.mozy.backup[1457]) Exited with exit code: 1 

Well a bit of googling and I find that this combination works to finally get rid of that sucker.

sudo launchctl unload /Library/LaunchDaemons/com.mozy.backup.plist

Follow that up with going into the /Library/LaunchDaemons and tossing the file com.mozy.backup.plist into the trash.  Now I have nice clean console logs for troubleshooting a real problem.  Not something sucking up CPU cycles trying to relaunch every 10 seconds.

Share