Posts Tagged: Passwords

Splunk Alert Scripts – Automating Control

A big thanks to the members of the @SplunkDev team that were helpful and patient with my questions while I pulled this together. Thanks Guys: @gblock, @damiendallimore‎ and David Noble In Splunk circles, you often hear about the holy grail of using Splunk to actively control other systems. It can be hard to find details or good examples on HOW to do it. I am always working on something new that deepens my technical skills. I had not previously dealt with REST APIs or Splunk alert scripts and this post is the result. Used well you can replace manual daily operations tasks; changing Splunk from a tool into a team member. We will cover a working example of using Splunk alert results to update a Google Spreadsheet via the Drive Python SDK. Once you understand how it works, you can make you own controls of any system that supports REST API calls such as an Intrusion Prevention System to block a list of IP addresses using a scheduled Splunk alert. We will leverage a Splunk blog post on saving credentials in a Splunk App to avoid leaving our Google credentials hard coded and exposed in the alert script. It turns out alert scripts work in the same way but it is not well documented. I built a Python class for retrieving those credentials from Splunk so you could re-use the code across many alert scripts. The scripts can all be found in the supporting GitHub repo. You will be able to use these as a framework for your own alert scripts to drive actions in other systems. I will not be stepping through the code itself as it is fairly well commented. There are plenty of moving parts to this so you need to be an experienced Splunk administrator to get it working. The benefit is that once you get one working you can just make new variants with little effort.

Read More

OSX Lion Filevault v2 – Dictionary Attack

I was curious if I could script a dictionary attack against one of the OSX Lion File Vault v2 encrypted external drives. If you haven’t done it. You need to be on Lion. Grab a spare USB storage stick. Make sure to backup any data from the device first. Encrypting the device by the book will erase and destroy the existing contents. Go into “Disk Utility” Plug in the desired USB storage stick Click on the device in the list Click on the Erase tab Pull down the Format box and choose one of the Encrypted options like: Mac OS Extended (Journaled, Encrypted) Click Erase When prompted provide a desired password. Now that you have setup an encrypted device you can use that to test this process. First eject the usb device Unplug it Plug it back in Click cancel and do not enter the passphrase Now onto the rest of the process.

Read More

AccessData DNA & Amazon EC2 – Part Five

We wrap up our tutorial series on AccessData’s Distributed Network Attack (DNA) password recovery software with Amazon EC2 worker agents. In this part we spin our custom AMI instance up and install the DNA worker agent.  Then we spin up a total of 20 of the dual core instances to see the password attempt throughput. You will run up costs by running instances. I am not legally nor financially responsible for your use or how you use these tutorials. Please only do things you are legally and financially authorized for.  It is on you. I have not ironed out the HTML5 player fall back to flash issue yet.  So if you cannot play the video in this post you can download it HERE or watch it over in my YouTube Channel.

Read More

AccessData DNA & Amazon EC2 – Part Four

We continue our tutorial series on AccessData’s Distributed Network Attack (DNA) password recovery software with Amazon EC2 worker agents. In this part we cover how to save a custom AMI instance to our Amazon S3 Storage.  Then we tie a new custom AMI to that image.  We end up with our own saved AMI image we can spin up later on demand. You will need to spin up and complete the customization steps from the Part Three video if you are continuing our tutorial series.  Otherwise this is a good video simply on how to save a custom linux AMI image for later use. The tools and sites mentioned are: Times New Rohan WinSCP You will run up storage costs by storing an image like this. I am not legally nor financially responsible for your use or how you use these tutorials. Please only do things you are legally and financially authorized for.  It is on you. I have not ironed out the HTML5 player fall back to flash issue yet.  So if you cannot play the video in this post you can download it HERE or watch it over in my YouTube Channel. Read More to get the list of commands used in this video.

Read More

AccessData DNA & Amazon EC2 – Part Three

We continue our tutorial series on AccessData’s Distributed Network Attack (DNA) password recovery software with Amazon EC2 worker agents. We cover finding, accessing and modifying an existing Ubuntu 10.10 AMI.  If you need to watch a video just on the process of starting with an existing Community AMI to access and modify it then you should watch this part.  In the next part four we will show how to take our modified AMI and save it to our Amazon S3 as a new template AMI. The tools mentioned are: iTerm PuTTY NoMachine – Remote Access The AMI we are using as a base is: ami-1a837773 Keep in mind as we are moving into Amazon Web Services, even if you use the free tier account our tutorial touches on instances and data transfers that might incur costs.  Hopefully they are small per Amazon’s wonderful pricing. BUT  *I* am not legally nor financially responsible for your use or how you use these tutorials. Please only do things you are legally and financially authorized for.  It is on you. I have not ironed out the HTML5 player fall back to flash issue yet.  So if you cannot play the video in this post you can download it HERE or watch it over in my YouTube Channel. Read More to get the list of commands used in this video.

Read More

AccessData DNA & Amazon EC2 – Part Two

We continue our tutorial series on AccessData’s Distributed Network Attack (DNA) password recovery software with Amazon EC2 worker agents.  We move into Amazon EC2 and what you need to know about the service itself.  In part three we will cover starting up an instance based on an exisiting Amazon Machine Image (AMI), logging into it and adding the packages we need to prepare it as a worker. Keep in mind as we are moving into Amazon Web Services, even if you use the free tier account our tutorial touches on instances and data transfers that might incur costs.  Hopefully they are small per Amazon’s wonderful pricing. BUT  *I* am not legally nor financially responsible for your use or how you use these tutorials. Please only do things you are legally and financially authorized for.  It is on you. I have not ironed out the HTML5 player fall back to flash issue yet.  So if you cannot play the video in this post you can download it HERE or watch it over in my YouTube Channel.

Read More

AccessData DNA & Amazon EC2 – Part One

We begin our tutorial series on AccessData’s Distributed Network Attack (DNA) password recovery software with Amazon EC2 worker agents.  We cover what we plan to do, why we are choosing to use Ubuntu Amazon Images (ami) as our worker agents then a walk through of what you need to know about the DNA Manager setup.  Part Two will be our move into Amazon EC2 and everything you need to know about the service. I have not ironed out the HTML5 player fall back to flash issue yet.  So if you cannot play the video in this post you can download it HERE or watch it over in my YouTube Channel.

Read More

DNA & Amazon Video Summary

I just wanted to toss out a quick video of what our end goal looks like in use.  Here is a brief walk through up spinning up a worker and having it show up in our DNA manager console. *Note* I realize this file is not playing back in some browsers.  I am experimenting with an HTML5 plugin. The failback to flash player doesn’t seem to be working and I am looking into it.  If you want to direct play the file you can get it HERE.

Read More
TOP