So this topic of virtual servers is starting to catch on a bit more, I still think it will go the wayside of bluetooth and only people that drink the Intel kool-aid will adopt it, but thats just me, dont get me wrong I feel there is a place for virtual machines in the data center, the technology and use just isn't impressing me today. The real point of this post is to bring together some of the tips about virtual server security, I say virtual server and not vmware because they arnt the only players in the market, example is Virtuozzo who I was just talking with a friend about. I was listening to a pauldotcom podcast the other day (which if your interested you need to go listen to)

Anywhoo I have compiled a list of some of the top things to disable or change to harden your virtual environment. The following documents go into further detail but I wanted to explain out a few ideas. The first is disabling unused hardware, examples are FDD, CDROM, USB, and most important the NIC. Obviously you can understand the media not only will it free up resources (other tips are shut down screensavers and the K-Desktop) but they just arnt needed typically in a virtual environment. The NIC is one that most people overlook (depending on setup and how you have things configured this can be incorrect tip), they will have a virtual host with the ability to link to your LAN. now this is particularly and issue if the threat of jumping out of a virtual ever comes to light as a virus. If you have a host on a protected network and your vm’s are on a DMZ for example, then once the virtual is hacked your protected network is at risk, the amount of times that you should have to touch the host is minimal so keep the KVM attached and disable the protocalls and ip address on the host.

Next topic that ties in with the first is to keep similar security devices on the same host, and put that host in the proper subnet for the security of the virtuals. Meaning, dont put your web server on the same host as your financial server, and dont put your web server on the same as a tool server that is located in your ring 0/1 LAN. If its a DMZ server and you would have put it there physically, then put it there phys-virtually (thats physically and virtually in one word) so say this with me once again, put like security servers in the proper realm with the proper vrituals sharing a host.

Now to get a little specific to vendors, example is VMware. With VMware you have cool things like drag-and-drop file copy, cut and paste etc. In a server virtual machine you want to shut these enhancements off.

Patch! VMware, Microsoft each have patches for the softwares they produce, update and patch your software. vmware has no nice patch management notification like MicorosoftUpdate so Patch your softwares, also patch your hosts and virtuals for OS and APP patches.

VMWare has actually published a paper for security with the ESX Server, this has important tips for logs, users, and resource provisioning to prevent denial of service issues.

Also CI Security is supposed to release hardening guides, however they also publish good standards for the OS in the virtual so check them out, along with that is the Microsoft published 2000 hardening and 2003 hardening guides.

Another interesting summary from guys at Petri, specifically because they have screenshots

A “new” security threat that I thought was rather interesting. using cross site forgery, the idea is that if you have two browsers open, one is your bank the other is a hack-site. The hack site can use this idea to piggy back on your cookie and session to do things with your bank with out you knowing, How? well it would just send http post data (or get) in the back end of the browser. So whats this mean why do you care? If this takes off its nasty till’ people fix the sites you use. To not fall victim to this just dent flip browsers while your browsing, if you are on a site that you feel needs to be secure close out myspace.

Also the tool that I use for google hacking pay-sites, is the mozilla RefControl, which is the underlying idea with this hack

I havent had time to post up about this, but there is a new version of fgdump, this will dump the protected storage if possible, local LM table and cachedump of any system you have admin rights to. This tool is the ifto-facto tool for collecting data for pen-test stuff. The special thing about this tool is that it will sneek past most AV tools so you dont need to kill them to audit. I also recommend downloading the source and compile on your own to even further protect against AV messing this up.

So I was working on a script to spam a fellow classmate in a recent email proxy class I was attending,  did some searching for a Email Load Tester and found this guys script which uses netcat to pass values onto port 25 with javascript. However for the class I needed more spam like activity, so I added random characters to the subject and body. I also wanted to test out on servers that need auth, so I added a base64 encoder. The script is as user friendly as I could make it, commented here and there.


you can save this script down as a email.js and run with cscript aka 'cscript email.js' from command line.
// // //email load balance test script v1.0 // http://blog.kellykeeton.com // // total emails to send var total = 1; // delay in seconds between emails var delay = 0; // the rx email address var victim = "greenuser@green.com"; // the tx email address var sender = "blueuser@blue.com"; // the domain that the tx email is using var fromdomain = "blue.com"; //the server that you will test var server = "10.1.1.1"; //username for auth put in the () var authName = "blueuser@blue.com" //password for the auth put in the () var authPwd = "password" // //encode passwords initBase64( ); authNameX = base64Encode(authName) authPwdX = base64Encode(authPwd) // //WScript.echo("user "+authNameX+" password "+authPwdX+" "); //sendmail SendMailT1(); // // for other settings see the function SendMail() // //globals that you dont set var intI = 0; var strLargeText = ""; var intValue = 0; var intIs = 0; var strLargeTexts = ""; var intValues = 0; var enc64List, dec64List; // // //make random number for content generator function RandRange( intFrom, intTo, intSeed ){ // Make sure that we have integers. intFrom = Math.floor( intFrom ); intTo = Math.floor( intTo ); // Return the random number. return( Math.floor( intFrom + ( (intTo - intFrom + 1) * // Seed the random number if a value was passed. Math.random( (intSeed != null) ? intSeed : 0 ) )) ); } // Loop over number of characters in string. function GenBody( ){ //assign the number to the letter combo to make a text string for message body strLargeText = ""; // Define local variables for loop for (intI = 0 ; intI < 10000 ; intI++){ // Get a random value from ASCII table. table and choose intValue = RandRange( 48, 122, intI ); // Append a character that is randomly chosen strLargeText += String.fromCharCode( intValue ); }} // Loop over number of characters in string. function GenSubject( ){ //assign the number to the letter combo to make a text string for message subject strLargeTexts = ""; // Define local variables for loop for (intIs = 0 ; intIs < 3 ; intIs++){ // Get a random value from ASCII table. table and choose intValues = RandRange( 97, 122, intIs ); // Append a character that is randomly chosen strLargeTexts += String.fromCharCode( intValues ); }} //email loop function SendMailT1(){ //email vars var strExe = "nc.exe -v "+server+" 25"; var objShell = WScript.CreateObject("WScript.Shell"); GenBody(); GenSubject(); //the following is the actuall commands sent to NC.exe which is the SMTP calls. TO change data in the lines //Remove edit or change the following to suite your needs for the test //The subject Line can be changed to test spam with the same subject line etc..\ //uncomment the auth commands if you need them for (var i=0 ; i < total ; ++i){ var strExeIn ="HELO "+fromdomain+"\r\n"; strExeIn+="auth login\r\n"; strExeIn+=""+authNameX+"\r\n"; strExeIn+=""+authPwdX+"\r\n"; strExeIn+="MAIL FROM: <"+sender+">\r\n"; strExeIn+="RCPT TO: <"+victim+">\r\n"; strExeIn+="DATA\r\n"; strExeIn+="From: \"EmailBatchJob\" <"+sender+">\r\n"; strExeIn+="To: "+victim+"\r\n"; strExeIn+="Subject: StressTest: This is "+(i+1)+" of "+total+" : "+strLargeTexts+"\r\n"; strExeIn+="MIME-Version: 1.0\r\n"; strExeIn+="Content-Type: text/plain;\r\n"; strExeIn+=".charset=\"iso-8859-1\"\r\n"; strExeIn+="\r\n"; strExeIn+="Body of email: this is an auto generated test email.\r\n"; strExeIn+="This is "+(i+1)+" of "+total+"\r\n"; strExeIn+="\r\n"; strExeIn+=" " +strLargeText+" \r\n"; strExeIn+=".\r\n"; strExeIn+="QUIT\r\n"; var objScriptExec = objShell.Exec(strExe); objScriptExec.StdIn.write(strExeIn); objScriptExec.StdIn.close(); WScript.echo("Sending "+(i+1)+" of "+total+" to "+victim); WScript.echo(objScriptExec.StdOut.ReadAll()); WScript.sleep(delay); GenBody(); GenSubject(); } } // Load the lookup arrays once bor base64 function initBase64( ) { enc64List = new Array( ); dec64List = new Array( ); var i; for (i = 0; i < 26; i++) { enc64List[enc64List.length] = String.fromCharCode(65 + i); } for (i = 0; i < 26; i++) { enc64List[enc64List.length] = String.fromCharCode(97 + i); } for (i = 0; i < 10; i++) { enc64List[enc64List.length] = String.fromCharCode(48 + i); } enc64List[enc64List.length] = "+"; enc64List[enc64List.length] = "/"; for (i = 0; i < 128; i++) { dec64List[dec64List.length] = -1; } for (i = 0; i < 64; i++) { dec64List[enc64List[i].charCodeAt(0)] = i; } } // Encode a string function base64Encode(str) { var c, d, e, end = 0; var u, v, w, x; var ptr = -1; var input = str.split(""); var output = ""; while(end == 0) { c = (typeof input[++ptr] != "undefined") ? input[ptr].charCodeAt(0) : ((end = 1) ? 0 : 0); d = (typeof input[++ptr] != "undefined") ? input[ptr].charCodeAt(0) : ((end += 1) ? 0 : 0); e = (typeof input[++ptr] != "undefined") ? input[ptr].charCodeAt(0) : ((end += 1) ? 0 : 0); u = enc64List[c >> 2]; v = enc64List[(0x00000003 & c) << 4 | d >> 4]; w = enc64List[(0x0000000F & d) << 2 | e >> 6]; x = enc64List[e & 0x0000003F]; // handle padding to even out unevenly divisible string lengths if (end >= 1) {x = "=";} if (end == 2) {w = "=";} if (end < 3) {output += u + v + w + x;} } // format for 76-character line lengths per RFC var formattedOutput = ""; var lineLength = 76; while (output.length > lineLength) { formattedOutput += output.substring(0, lineLength) + "\n"; output = output.substring(lineLength); } formattedOutput += output; return formattedOutput; } // Decode a string function base64Decode(str) { var c=0, d=0, e=0, f=0, i=0, n=0; var input = str.split(""); var output = ""; var ptr = 0; do { f = input[ptr++].charCodeAt(0); i = dec64List[f]; if ( f >= 0 && f < 128 && i != -1 ) { if ( n % 4 == 0 ) { c = i << 2; } else if ( n % 4 == 1 ) { c = c | ( i >> 4 ); d = ( i & 0x0000000F ) << 4; } else if ( n % 4 == 2 ) { d = d | ( i >> 2 ); e = ( i & 0x00000003 ) << 6; } else { e = e | i; } n++; if ( n % 4 == 0 ) { output += String.fromCharCode(c) + String.fromCharCode(d) + String.fromCharCode(e); } } } while (typeof input[ptr] != "undefined"); output += (n % 4 == 3) ? String.fromCharCode(c) + String.fromCharCode(d) : ((n % 4 == 2) ? String.fromCharCode(c) : ""); return output; }
Usual terms apply, this isn't for illegal activity, anything you damage or break is your own fault and not the publisher of the code. Use at your own risk, blog owner assumes no responsibility for your doings. May cause vomiting or bowl discomfort. If so then stop using code immediately and find a potty.

If you want multi threaded emails run more then one copy at once, I haven't had the time or care to multi thread the script.

New news, I’m now engaged to Katie Uhlenkott. Pulled it off at skate king in Bellevue, I planned for her to throw me a surprise birthday party. At this party I actually invited a lot of people. I then asked her in the middle of the ring. She has no idea and was SUPER surprised. A wedding date is possible in June of 08

Chaosreader will take a tcpdump stream and trace out and dump the clear text data, such as ftp, telnet, http, jpg, wave. Why is this interesting? well you can dump out a stream with tcpdump or wireshark and collect the data for forensics or for snooping. This would be a great free alternative to Network Observer by Network Instruments

a good paper written for threats to wireless that people don't always think of, or are upcoming (with .11n) but more important tools that cause the threats.

remember that the best wireless security is wireless that is 100% air-gap. huh? put your wireless on a separate link (buy a dsl line for your company for example) then require that any use to your network is thru SSL or IPSEC VPN

Found a workaround, just go to File, Open, Other Users Folder. Solves the problem for now. There is some bug with the “quick open” list that normally shows up in a toolbar on the left of outlook.

"The Messaging interface has returned an unknown error." occurs when trying to view a shared calendar

In Outlook 2007, an error may occur when trying to view a shared calendar from the People's Calendars list. The error will say "The Messaging interface has returned an unknown error.  If the problem persists, restart Outlook."  Restarting Outlook does resolve the problem.

Microsoft has confirmed that this is a known bug with Outlook 2007.  We are currently waiting to hear back from Microsoft as to the decision on whether this will be resolved by a Hot Fix or included in Office 2007 Service Pack 1.

this bit of news is interesting, they say they figured out how to shake the hell out of saltwater and shake loose the hydrogen so that it can burn, but in the process it burns in open air at 3000deg F– nice. This is a crazy insane invention if its viable.

Just saw an interesting software package today, called software for starving students its a windows and osx installer for a bunch of pre-bundled opensource software. They have a nice menu that says things like “video editing” and will install opensource packages for video editing and multimedia. cool. So if your a student, want to learn or just want to play with new software go download this package.