Derek Neely

A good friend of mine (Huggz) discovered a way of pulling your root password on your Mac. The oveall concept is that you are dumping the human readable text out of /dev/vm/sleepimage into another file in which you will find some interesting stuff including your root password. Kinda scary!

This takes a good while to dump all the content as that file can be upwards to 2GB. Search through the /var/vm/sleepimage-ascii file and you will see some goodies.

mac:~ me$ sudo su -
mac:~ root# cd /var/vm
mac:vm root# strings -n 4 sleepimage > sleepimage-ascii

I found my password all through this file. While most of these will be your password just on a line, and depending on your password, would be hard to know it was a password. However, one line I ran across blatenly says passwordXXXXusernameXXXX (line: 4186701 – for me). If you search throuh more you will see other lines that clearly displays hostname, username, password, home directory (lines: 7810286-7810293 – for me). If you keep digging you can find not only the login information for this particular machine but others for Samba mounts, ftp, web sites, etc. Good stuff!!!

There is also a more complete and detailed write up of other file dumps over at theInterW3bs.

While I enjoy using the SSH Tunnels to encrypt traffic out of the random local networks that I may be sitting on, sometimes there is a need to establish a more permanent proxy server. For instance, if you don’t have a means to use an SSH client or you have several machines that you would like to service without the need to establish dedicated SSH tunnels/forwards for each machine (administrative nightmare).

I chose Squid for just this function. It was extremely easy to setup and has worked like a charm! Below are some of the basic steps for setting up and using your Squid proxy.

Install Squid:

Gentoo:
#> emerge squid

Red Hat/CentOS:
#> yum install squid

Ubuntu/Debian:
#> apt-get install squid

OpenBSD:
#> export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.4/packages/i386/
#> pkg_add squid

Basic Configuration for Transparent Proxy:

#> vi /etc/squid/squid.conf

Look for the sections listed below and modify accordingly. This is a sample of my ACLs and configurations outside of some of the defaults.

#/etc/squid/squid.conf
acl all src 0.0.0.0/0.0.0.0
acl trusted_hosts 192.168.1.0/255.255.255.0 10.0.1.0/255.255.255.0
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 443         # https
acl Safe_ports port 21         # ftp
acl CONNECT method CONNECT

# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

http_access allow localhost
http_access allow trusted_hosts
http_access deny all

# Listening port (default 3128)
http_port 3128

# Visible Hostname (may not be needed but doesn’t hurt)
visible_hostname yourserverhostname

This is the basic configuration that should get you going. More advanced configuration options will be coming soon.

Start up Squid:

#> /etc/init.d/squid start

Set Squid to start on-boot (optional)

Gentoo:
#> rc-update add squid default

Red Hat/CentOS:
#> chkconfig squid on

Ubuntu/Debian:
#> update-rc.d squid defaults

OpenBSD:
#> vi /etc/rc.local
Code coming soon…

Configure your Browser:
This is an example Firefox setup. Preferences –> Advanced –> Network –> Connection –> Settings. Select ‘Manual proxy configuration:’ Set the HTTP Proxy: value to your Squid server’s IP (public or private depending on how you are going to use it and based on the ACLs above). Then select ‘Use this proxy server for all protocols’ if you want to go ahead and use this same proxy for all connections.  Setup any exceptions to not proxy (i.e. – locally connected servers). Here’s a screen shot of my configuration.

SSL Configuration:
Coming soon…

Advanced Configurations:
Coming soon…

One of my small peeves with a Mac is the lack of a quick utility or short-cut to lock your computer. So, I took it upon myself to make one out of the apps they already give us.

First off set your Mac to require a password when waking from the screen saver and disable  automatic logins. Apple –> System Preferences –> Security –> ‘Require password to wake this computer from sleep or screen saver’ & ‘Disable automatic login’.

You can download the one I created that ‘should’ work automatically after installing. If not or you want to get creative and make your own with your own icon or what have you, the instructions are below on what I did. You can also set a keyboard shortcut to the app for a keyboard style lock.

Pre-made Screen Saver/Lock App:
Download: MacDLock (MacDLock.tar – 280KB)
Installation:

$> tar xvf MacDLock.tar
$> mv MacDLock.app /Applications

That’s it! Now if you open your Applications folder you should be able to click the Lock icon for MacDLock and it will launch your screensaver. Upon wake, you will be prompted for you username and password that you set up to do earlier. I put a launch icon on the launch bar and setup a shortcut to the application to make for quick screen locking while I’m away. Enjoy!

Custom Screen Saver/Lock:

$> cp -r /System/Library/Frameworks/ScreenSaver.framework/Versions/A/\
Resources/ScreenSaverEngine.app /Applications/MacDLock.app

This will give you the standard ScreenSaver but located in your /Applications directory. You can also do it with a soft link such as this:

$> ln -s
/System/Library/Frameworks/ScreenSaver.framework/Versions/A/\
Resources/ScreenSaverEngine.app /Applications/MacDLock.app

I did the first because I wanted to change out the icon to something more ‘cool’ or ‘secure’ looking (like a lock) without changing the actual ScreenSaverEngine.app.

Changing out the Icon:

1. Find the icon you’d like to use in either .png, .gif, .jpg format.
2. I used this site to convert my image to an icon: iConvert
3. Download your new .icns file.
4. Copy your .icns file to the application directory.

$> cp ~/[Icon_FileName].icns /Applications/MacDLock.app/\
Contents/Resources/ScreenSaverEngine.icns

And there you go! You have your custom Screen Saver/Desktop Lock. If you notice any kind of bug in my above code please let me know. I took many other steps while originally doing this so hope they are in the right order and I’m not missing anything.

One of my projects when I have some free time is to setup a Python script or something that embeds an icon into the Menu Bar for quick locking. If this is already available or you feel I’ve recreated the wheel please let me know of the other apps that are out there that may already do this. Always interested in seeing what other have done. Thanks! And hope you enjoy!

SSH Proxying is one of my every day tools. Sitting at work with a Barracuda firewall looking, snooping, and possibly blocking everything that I do. Hanging at a coffee shop when you see a suspicious person most likely snooping your information out of the air. In the first case I’m primarily just trying to get around a hurdle. In both cases I want my traffic encrypted and hidden from 3rd parties.

What is SSH Proxying?
This is a means of setting up a Secure Shell (SSH) and then piping your various web requests across this pipe or tunnel.

I’ve got 2 different SSH Proxies that I use daily.

Web Traffic – SSH Tunnel/Proxy:

ssh -CqN -D 8080 [username]@[hostname]

For above tunnel I’m using the following:

-D: bind port – in this case 8080 locally
-C: enables compression
-q: quiet mode (suppresses any warnings)
-N: don’t execute any remote commands

The -CqN are just some bells and whistles I use for the connection but not required. Please see below on configuring your browser to use the newly established SSH Tunnel.

Various other traffic (IRC, VNC, Torrent, etc…) – SSH Port Forwarding

ssh -L 6667:irc.[hostname]:6667 [username]@[hostname]

In this example, I’m binding a local port (-L 6667) to a remote boxes port (6667) through the server I have SSH’ed into. You can also add some of the bells and whistles from the web proxy to this one as well. Please see below for using this port forward with and IRC client.

Configuring the Browser:
The general idea (for Firefox) is to go to: Preferences –> Advanced –> Network –> Connection –> Settings. Select ‘Manual proxy configuration’. Set SOCKS Host: localhost Port: 8080. Click OK/Save and you should be good to go.

Here’s a screen shot of my settings:

You gotta hate it when you have a brain fart or lapse of memory and you forget your login information. Unfortunately OS’s don’t have the ‘Forgot Password?’ – click here link to reset or have your password emailed to you. Well, for the Mac there is a work around.

All you need is to remember your username (you do remember that, right?) and then reboot your computer. From there it’s command line work:

Hold Apple+S when booting to enter single user mode
#sh /etc/rc
#passwd yourusername
#reboot

The only major downside to resetting your password this way is that you’ll lose all keychain passwords, but if you’ve really forgotten your password, it’s better than nothing.