Fév 182019
 

Playing around with intercepting traffic (diverting, mitm, etc), I needed a standalone DNS server.

Sharing it here.

You can use the local windows resolver OR use dnsquery which then allows you to choose between UDP/TCP and remote DNS server.
Remote dns server has to be set in the config.ini file (see included ini file).
Still via the config.ini, you also « spoof » A or PTR records (example : have www.facebook.com resolve to 127.0.0.1).

https://i.imgur.com/zSqyGvy.png

Fév 172019
 

In previous article we installed indy 10 in Lazarus.

Lets now build a lightweigth HTTP server.

All it is really is a tcp server listening on port 80, parsing the incoming request and sending back the content of the requested file.

All the « magic » really happens below.


lCmdLine := AContext.Connection.IOHandler.ReadLn;
memResults.Lines.Add (lCmdLine);
if lCmdLine<>'' then
begin
uri := StringReplace (lCmdLine ,'GET ','',[]);
uri := copy(uri,1,pos(' ',uri )-1);
uri :=StringReplace (uri,'/','',[]);;
if FileExists(uri)
then AContext.Connection.IOHandler.WriteFile(uri)
else AContext.Connection.IOHandler.Writeln('file not found');
AContext.Connection.Disconnect;
end;
end;

Source code can be found on github.

Fév 172019
 

Lets install Indy 10 in Lazarus.
Lazarus has this cool feature called Online Package Manager (OPM).

If you cannot find it under Package menu, go to package\install/uninstall package and move it from right column (availabe) to left column (install).

https://imgur.com/snlW7D5

Save and rebuild ide, and restart.

Now, go to OPM and install Indy and you are done : never been so easy 🙂

https://imgur.com/gxafmAz

Fév 172019
 

In the next 4 articles we will see how to build a lightweight HTTPS server which can be used in some situations to troubleshoot/test.

Step 1 : we will install Indy 10 in Lazarus
Step 2 : we will code a lightweight http server
Step 3 : we will generate a root certificate authority / use it to sign a certificate and turn our http server in https
step 4 : we will see the difference between CN field (normally matching your web server) and SAN field (nowadays required by modern browsers)

Déc 272018
 

Working in IT, I use Wireshark almost every day.
This software is just great : free, opensource and will probably take me a lifetime to master it all as there are so many things you can do with it.

However, there are times where you need a driverless and standalone software i.e a software which does not require any installation on your production server.
Indeed, I have seen cases where network may be interrupted for a short while or even worse, cases where the server would BSOD (on old winpcap versions thus).
Furthermore, in some situation you may wish to capture traffic over a VPN interface or over localhost : both actions which wireshark (or rather winpcap) can not perform.

That’s where the windows raw socket feature comes in handy : built in windows feature and can snif over VPN or localhost.
Read more about windows raw sockets here.

Raw sniffer is a command line tool meant to capture IP traffic built around windows raw sockets..
You can pipe out to a text file (and later parse it in excel) or generate a cap file which you can later open with wireshark.
Source code is on github.

It takes simple command line parameters : snif [localip] [proto] [port] [0:1]

Some possible usage :
-snif 127.0.0.1 * * 1 : will capture all traffic on localhost to the console AND dump all traffic to a cap file
-snif 127.0.0.1 tcp 80 1 : will filter on http traffic on localhost to the console AND dump all traffic to to a cap file
-snif * udp * 0 : will filter on udp traffic on selected interface to the console

note : if you dont see your incoming traffic, allow snif.exe on your windows firewall – this could do the trick.

Download here

Déc 152018
 

In a previous article, I released a GUI for libnfs library.

This time, I’ll release a command line tool allowing one to perform simple tasks against NFS exports.


nfsclient 0.1 by erwan2212@gmail.com
nfsclient 0.1 discover
nfsclient 0.1 read nfs://server/export/filename
nfsclient 0.1 write nfs://server/export/ local_filename
nfsclient 0.1 dir nfs://server/export/

Download here.
Discuss here.

Déc 152018
 

Lately I have discovered libnfs.
I quote « LIBNFS is a client library for accessing NFS shares over a network. ».

It is well documented and easy to use with Delphi (or freepascal).

I have decided to build a lightweight NFS client with simple features : discover, list directories, read & write files.

That could be handy at some point with either CloneDisk or TinyPXE Server.

Download here.
Discuss here.

Déc 122015
 

Playing with registry api’s, I coded this small proggie.

Will save an online registry hive to an offline hive file.
Will restore an offline hive file to an online hive (a backup will be made next to the source hive file).

Needs admin rights – Works on windows 2000 and up.

Discuss it here.

dumpreg

 Posted by at 16 h 12 min
Août 012014
 

In a previous article, I showed how to setup a « proxy » for ImDisk thru devio to mount an EWF file.

This time, lets do it with a QCOW file (using external libyal library).

The command lines for the proxy and ImDisk are below :

devio --dll=proxy.dll;dllopen shm:test_proxy c:\test.qcow
imdisk -a -t proxy -o shm -o ro -f test_proxy -m Z:

Find the proxy here : PROXY_QCOW .