George Starcher - Latest Comments

Re: OSX and Public Wifi – Toggle settings with AppleScript

georgestarcher — Tue, 27 Dec 2011 20:43:01 -0000

Thanks I corrected the typo in the blog. It is meant as a toggle and assumes you want sharing off and firewall on when you leave your home.

Re: OSX and Public Wifi – Toggle settings with AppleScript

Briangrishaber — Mon, 26 Dec 2011 22:54:24 -0000

Stupid question sir. What is the purpose of turning on sharing in ilife and then the firewall? I'm listening to your visit on Mac Power Users. All good stuff.

brian g
toronto

Re: Setting up SSH Alerts to iPhone

georgestarcher — Mon, 26 Dec 2011 22:01:16 -0000

Awesome! Thanks! I still have not updated to the app store copy. So I'll need this when I do.

Re: Setting up SSH Alerts to iPhone

Scott Barnabo — Mon, 26 Dec 2011 16:48:04 -0000

I really appreciate this posting. I tweaked the script a little to make use of Growl 1.3.2 and the notification history in Lion. Here's how mine looks:

#!/bin/bashfunction growl {# check if Growl is installedif [ -f "/usr/local/bin/growlnotify" ]; then/usr/local/bin/growlnotify -p 1 -d "AlertSSH" -w -n “AlertSSH” -t "$1" -m "$2"fi}logmsg=$(tail -n 1 /var/log/secure.log)detectAccept=$(echo $logmsg | grep -i accepted)detectFail=$(echo $logmsg | grep -i 'authentication error')detectInvalid=$(echo $logmsg | grep -i 'invalid user')if [ ! -z "$detectAccept" ]thengrowl "User Login" "$logmsg"elseif [ ! -z "$detectInvalid" ]thengrowl "Invalid user" "$logmsg"elseif [ ! -z "$detectFail" ]thengrowl "Authentication Failure" "$logmsg"fififisleep 1exit 0

Re: crowbarDMG – Version 1.0

georgestarcher — Tue, 29 Nov 2011 12:51:28 -0000

There are dictionary generation tools in Backtrack like Crunch. You could use it to make the dictionary output file then use that file in crowbar.

Re: Mac Forensics – Automator Love – Make a Dictionary

georgestarcher — Tue, 29 Nov 2011 12:48:01 -0000

No, crowbar just takes the text file as is. You need to build your dictionary with all the permuations you need before you use the file with crowbar. The tool is not a dictionary generator, it just uses whatever file you feed it.

Re: Mac Forensics – Automator Love – Make a Dictionary

0579186585 — Sun, 27 Nov 2011 19:31:03 -0000

Pardon mt for not fully understanding how your Crowbar tools try the dictionary words.

Must the specific password appear as a dictionary entry?

Example:
The input dictionary contains the following entries:
alpha
bravo
charlie
The password is the target item is 'alphacharlie'
will the password be discovered by crowbar?

Re: crowbarDMG – Version 1.0

Cactus — Sat, 19 Nov 2011 21:26:28 -0000

Hi there, and thank you for this great appliaction.
Can you send me your answer to Mathieu ? cause I have the same problem.
My password is a combination with some numbers and leters , something like 4dihxex5dhjwac....but I did forget in which order I did it.

Thank you in advance

H

Re: Mac Shell Script – Crack PGP WDE

Bob — Mon, 24 Oct 2011 10:13:02 -0000

Re: crowbarDMG – Version 1.0

georgestarcher — Tue, 18 Oct 2011 15:33:29 -0000

If you check the readme or previous posts you will find all I am doing is calling the command line utility built into OSX. Crowbar just makes it a smoother automation. Due to file locks while the login is being tried there is no real way I can speed it up.

There are a number of tools out there that can generate dictionaries. Such as crunch in backtrack.

Re: crowbarDMG – Version 1.0

iTyrant — Mon, 17 Oct 2011 00:17:36 -0000

Hello! Thanks for making CrowbarDMG first off - I tried John the Ripper - realized later it couldn't do .dmg files. next I tried vfcrack - and ended up getting the similar errors that you blogged about - ending up getting an "Abort trap" error.

Anyways - I was wondering the same thing as Matthew - How can I create a dictionary with random numbers and files?
Also - are you planning on updating the speed of crowbarDMG anytime soon? I split a dictionary into two 2.5MB .txt files and its reading ~52 words per min - i'm running two crowbarDmg apps at the same time - therefore ~102min per min still seems slow...

Thanks in advance!

Re: Mac Shell Script – Crack Keychain

georgestarcher — Sun, 25 Sep 2011 11:05:55 -0000

Should work fine.

Re: Mac Shell Script – Crack Keychain

Johndavis1 — Fri, 26 Aug 2011 14:54:48 -0000

George, will this work in os x lion, as well? Thanks

Re: OSX Lion Filevault v2 – Dictionary Attack

georgestarcher — Fri, 19 Aug 2011 17:28:46 -0000

I don't know of any specific crypto examinations on it yet. Been busy job hunting this week.

Re: OSX Lion Filevault v2 – Dictionary Attack

0579186585 — Fri, 19 Aug 2011 04:21:21 -0000

Has anyone examined the format of the 'Recovery Key' which is generated by FileVault2?
It appears to always consist of 24 uppercase and numeric characters. Knowing that is probably not of much use, but if other consistent characteristics can be determined it may reduce the search search effort.

Re: crowbarDMG – Version 1.0

Matthew D. Miller — Tue, 16 Aug 2011 14:30:39 -0000

Thank you sir!

Re: crowbarDMG – Version 1.0

georgestarcher — Mon, 15 Aug 2011 17:55:23 -0000

Hi Matthew there sure is. I see you did not use an email address but there is a link to your Facebook. I will send you further information there.

Re: crowbarDMG – Version 1.0

Matthew D. Miller — Mon, 15 Aug 2011 17:49:03 -0000

Hello sir, I had all my important utilities on one DMG file. I know the first part of the password is MM, mm, or mdm, and then a repeated series of 4 numbers. Is the numbers I don't remember. Like mm149214921492. Is there a way to build a custom dictionary file with every combination of a few letters that are known and a series of numbers?

Re: Building a logging VM – syslog-ng and Splunk

georgestarcher — Wed, 03 Aug 2011 19:49:36 -0000

You are misreading it. You should add the exact text: include "/opt/syslog-ng/etc/splunk.conf" as a line under the sources section in the syslog-ng.conf file

This is like an include header in a snort rules or even a programming language file in c where you do something like <include header.h=""></include>

Re: Building a logging VM – syslog-ng and Splunk

Whatupjack — Wed, 03 Aug 2011 19:42:06 -0000

Hello George,

Great write up on this config. I've been trying to get syslog-ng to work on a CentOS 5.6 install. your write up is what I've been looking for -- I've been very confused onto what I need to configure. I do have one question though, regarding the change to the syslog-ng.conf to point to the splunk.conf file. The document states to include "/opt/syslog-ng/etc/
splunk.conf". Could you please be so kind to show how exactly it should be included in the Source section.

Thanks,
Jack

Re: AccessData DNA & Amazon EC2 – Part Five

georgestarcher — Tue, 02 Aug 2011 20:30:58 -0000

Yeah works fairly well when you don't have hardware on hand. Now if I could just find a good tutorial on distributed john the ripper setup. Want to update and test the tutorial for that as alternative to DNA.

Re: AccessData DNA & Amazon EC2 – Part Five

duckexmachina — Tue, 02 Aug 2011 15:03:49 -0000

An interesting idea nonetheless. Having your AD with Wine must be going around. FTKimager also runs under Wine, albeit not the memory capture function...

Re: AccessData DNA & Amazon EC2 – Part Five

georgestarcher — Mon, 18 Jul 2011 10:36:44 -0000

I wrote the tutorial for those with very limited comfort or experience with Linux. Thus keeping things in the gui frame of mind. Plus trying to teach how to use VI to edit configs for a linux client is boring. I wanted also to know if the wine trick would work. Anyone comfortable with the limited instructions from AD on those linux agents and adapting them to Debian for the Ubuntu I used for the tutorial likely doesn't need the tutorial beyond maybe the Amazon image stuff that is not directly related to the AD DNA tools.

Re: AccessData DNA & Amazon EC2 – Part Five

duckexmachina — Mon, 18 Jul 2011 08:10:12 -0000

Curious why you didn't just use the linux workers that AD provides with DNA... rather than wine

Re: crowbarDMG – Version 1.0

georgestarcher — Mon, 27 Jun 2011 21:18:26 -0000

The source code would be useless on Ubuntu. I am using ObjectiveC and simply calling the disk utility to attempt to mount the image with the next password in the chosen dictionary. You can see an earlier blog post where I show the same thing in a shell script. The shell script would be more useful to you if you can mount OSX encrypted DMG files natively in Ubuntu.