Monday, March 29, 2010

Automatic Network Service Detector within Twitter Logs. (ARDUINO)

Hey folks, probably you've heard about the IronGeek hardware Project called "programmable-hid-usb-keystroke-dongle". This is a great project man ! Fortunately or unfortunately (it depends on your point of view) I've been working on quite the same project from 3 months, utilizing the same platform too. Now I gotta some interesting results too ;). Isn't amazing ? I mean we felt the same need for automatic penetration testing and both of us realized a practical board, with the same chipset. So ... why not collaborate together ? If IronGeek are reading me and if you are interested on collaborate together on what you've done, please contact me.

Anyway, the second step (at least to me), after automatized the in-site security procedures, is to automate the network service detector using a Black-Box approach. Why BB approach ? The answer is easy, it's intuitive for all the people that are not accustomed with security. Just plug the BB to the network and here we go, it writes up to your private (or not) twitter channel the network results.

Ok, that is nice, but what does it do ?
Alright, the basic idea is to have a physical tool which is able to monitor the network services.

Why not a nagios running PC ?
1- Because a PC is expensive compared to ARDUINO
2- Because installing and configuring Nagios keeps much time
3- Nagios is very complete and for such reason ... complex

Plug 'n' Play idea.
1- A system which keeps DHCP configurations
2- A system which automatically scans our network and automatically generates reports
3- A really cheap system

How it looks like (No Packaged showed here - packages are under constructions - {I like fashionable black boxes, not really "on-fly-ones" ;) })






The implementation:


Hardware
1- ARDUINO 2009
2- Ethernet Shield
3- Ethernet cable

Software
Arduino Development Kit
Arduino DHCP library
Arduino Twitter Library

Step by Step Instructions:

1) Install Arduino Development kit

2) Copy Dhcp.cpp and Dhcp.h to /Resources/java/hardware/libraries/Ethernet/ (for more details follow instructions here.

3) Copy Twitter libraries to /Resources/java/hardware/libraries/

** If you don't want to spent time to configure your libraries, take this package, unzip-it, and replace your libraries (/Resources/java/hardware/) **

4) Grab the code (sorry I should use SyntaxHighLighter, next time ;) .. probably)

/****************************************************/
// Small Arduino Portable Port Scanner
// Don't forget the Libraries.
// by Marco Ramilli, http://marcoramilli.blogspot.com
// Arduino uses digital pins 10, 11, 12, and 13 (SPI) to communicate with the W5100 on the ethernet shield. These pins cannot be used for general i/o.
#include
#include "Dhcp.h" //DhCP Library
#include //Twitter API
#include //Used for append strings

/****************************************************/
//Defult Network Configuration instances for the device
byte ip[] = { 192, 168, 2, 50 };
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
/****************************************************/
Twitter twitter("TwitterUserName:TwitterPasswd");//Username and Password for Twitter
byte basenetwork[] = { 192, 168, 2, 1 }; // Test a Class C network, put here the NetID, doesn't matter what HostID you choose.
String msg;
/****************************************************/

void setup()
{

Serial.begin(9600);
delay(1000);
Serial.println("DHCP Querying");

//DHCP Settings ...
if(!getNC()){
Ethernet.begin(mac, ip );
Serial.println("Setting Default Network Configurations");
}
}

void loop()
{

Serial.print("connecting..."); printArray(&Serial, ".", basenetwork, 4, 10);
msg="Server:X.X.X."; msg.append(basenetwork[3]); //building the twitter string

for(int port=0; port<= 100; port++){
Client client(basenetwork, port); // trying to connect 65535 !
if (client.connect()) {
Serial.print("Port:"); Serial.print(port); Serial.println(" *OPEN* ");
msg.append(" Port:");
msg.append(port);
msg.append(" OPEN ");
} else {
Serial.print("Port:"); Serial.print(port); Serial.println(" CLOSED");
}
client.flush();
client.stop();
}

msg.append("->TESTED !");
postonTwitter(msg); // sending host result on Twitter !


if(basenetwork[3] <= 254){
Serial.println("Calculating new Address");
basenetwork[3] = basenetwork[3] + 1;
}
else{

Serial.println("Resetting Address");
basenetwork[3] = 1;
}


}// end loop


/****************************************************/
//DHCP client
int getNC(){
int result = Dhcp.beginWithDHCP(mac);
if (result == 1){
byte buffer[6];
Dhcp.getLocalIp(buffer);
Serial.print("ip address: ");
printArray(&Serial, ".", buffer, 4, 10);
Dhcp.getSubnetMask(buffer);
Serial.print("subnet mask: ");
printArray(&Serial, ".", buffer, 4, 10);
Dhcp.getGatewayIp(buffer);
Serial.print("gateway ip: ");
printArray(&Serial, ".", buffer, 4, 10);
Dhcp.getDhcpServerIp(buffer);
Serial.print("dhcp server ip: ");
printArray(&Serial, ".", buffer, 4, 10);
Dhcp.getDnsServerIp(buffer);
Serial.print("dns server ip: ");
printArray(&Serial, ".", buffer, 4, 10);
Serial.print("READY");
return 1;
}else{
Serial.print("No DHCP, Running in default conf");
return 0;
}
}
/****************************************************/
//printArray funciton
void printArray(Print *output, char* delimeter, byte* data, int len, int base){
char buf[10] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
for(int i = 0; i < len; i++)
{
if(i != 0)
output->print(delimeter);
output->print(itoa(data[i], buf, base));
}
output->println();
}
/****************************************************/
int postonTwitter(char *message){
Serial.println("connecting to TWITTER ...");
if (twitter.post(message)) {
int status = twitter.wait();
if (status == 200) {
Serial.println("OK.");
return 1;
} else {
Serial.print("failed : code ");
Serial.println(status);
return 0;
}
} else {
Serial.println("connection failed.");
return 0;
}
}
/****************************************************/



Alright, this is the basic idea. I hope you will enjoy it, please leave feedbacks comments requests or whatever you like. Thanks

2 comments:

Penetration testing said...

Nice Post !!

Its a very educational and informative content, i really like it......

In this competitive edge you need best security and safety solutions for your valuable data and in the market there are so many companies providing security services but you need the best Network Security Solutions and Information Security Assessment so centunosolutions.com is the perfect name for all the Penetration testing

Thanks
centunosolutions.com

Jannah Delfin said...

Great post. I hope you can write more good stuff like this article.

Network Services RI