I’ve been playing with the Customer Portal extension for vTiger. One thing I noticed, it stores customer passwords in cleartext in the vtiger_portalinfo table. I’m not keen on the idea of not implementing password hashing for an internet-facing deployment of a “Customer Portal” extension on a production CRM system. Hash algorithms have been around for a VERY long time and are easy to use. Furthermore, the regular users table utilized password hashing with salts, which could easily be mimicked for the Customer Portal module.

Now, this is NOT a new find. This information was reported about a month ago by someone else on the Trac site for vTiger. But, vTiger is open source so I decided to just make the change myself. From an architecture stand point, I see a couple of different ways this change could be implemented. I chose a course that I felt would be easy to modify and still offer an appropriate level of security of the passwords in the database. To implement this, there are 3 “actions” in the code that need to be modified:

1.) Creation of portal users in vTiger CRM
2.) Changing portal user passwords in the Customer Portal
3.) Authentication of portal users to the Customer Portal

We’re going to use MD5, because it’s quick and easy, and I see that vTiger uses it for the vtiger_users table. Unfortunately, the vtiger_portalinfo.user_password is only 30 characters, so we’ll need to make it larger. Log into your mysql database for vtigercrm and run this statement: ALTER TABLE vtiger_portalinfo MODIFY user_password VARCHAR(32);

Now, we need to update the code:

1.) Update the Create Customer Portal Users code in vtigercrm/modules/Contacts/Save.php (add this line: $user_hash = strtolower(md5($password)); # AND update $params – As seen below):
Line: 188

-if($insert == ‘true’)
-{
-$password = makeRandomPassword();
$user_hash = strtolower(md5($password)); // ADD THIS LINE
-$sql = “insert into vtiger_portalinfo values(?,?,?,?,?,?,?,?)”;
$params = array($focus->id, $username, $user_hash, ‘C’, ’0000-00-00 00:00:00′, ’0000-00-00 00:00:00′, ’0000-00-00 00:00:00′, 1); // UPDATE THIS LINE
-$adb->pquery($sql, $params);
-}
-

2.) Update the Change Password functions
a.) Update the change_password function in vtigercrm/soap/customerportal.php (add this line: $password = strtolower(md5($password)); –> As seen below):
Start Line: 1030

-if(!empty($list[0]['id'])){
-return array(‘MORE_THAN_ONE_USER’);
-}
$password = strtolower(md5($password)); // ADD THIS LINE
-$sql = “update vtiger_portalinfo set user_password=? where id=? and user_name=?”;
-$result = $adb->pquery($sql, array($password, $id, $username));

b.) Update the SavePassword function in vtigercrm/customerportal/HelpDesk/Utils.php
Line: 111

if(strtolower(md5($oldpw)) == $result[0]['user_password']) // UPDATE THIS LINE

c.) Add these lines to the send_mail_for_password function in vtigercrm/soap/customerportal.php
Line: 1094

-$from = $adb->query_result($from_res,0,’email1′);

$password = makeRandomPassword(); // ADD THIS LINE
$user_hash = strtolower(md5($password)); // ADD THIS LINE
$sql = “update vtiger_portalinfo set user_password=? where user_name=?”; // ADD THIS LINE
$adb->pquery($sql, array($user_hash, $user_name)); // ADD THIS LINE

-$contents = $mod_strings['LBL_LOGIN_DETAILS']

-

3.) Update the Authentication of user functions
a.) Update the authenticate_user function in vtigercrm/soap/customerportal.php (add this line: $password = strtolower(md5($password)); –> As seen below):
Start Line: 962

$password = strtolower(md5($password)); // ADD THIS LINE
-$username = $adb->sql_escape_string($username);
-$password = $adb->sql_escape_string($password);

b.) Update the final user/password check in vtigercrm/customerportal/CustomerAuthenticate.php:
Start Line: 49

if(strtolower($result[0]['user_name']) == strtolower($username) && strtolower($result[0]['user_password']) == strtolower(md5($password))) // UPDATE THIS LINE

That’s it! Of course, if you have been using the Customer Portal prior to this update, you will need to hash all the passwords in the vtiger_portalinfo table. To do that, login to the mysql database for vtigercrm and run this query: UPDATE vtiger_portalinfo SET user_password = md5(user_password);

About 10 lines of code and 2 database updates later, you have your portal passwords hashed!

After SugarCRM, the next open source CRM that everyone talks about is vTiger.  vTiger actually advertises with the tag line of “Tired of kinda, sorta Open Source?”.  After all of the positive recommendations, I decided that it’s time to give it a serious try.  In the past, everytime I’ve tried getting vTiger to work using the precompiled .bin file, it didn’t work right for me.  So I decided to take a crack at it from source, which turned out to be pretty easy.  Below is a step-by-step howto for install vTiger on Ubuntu v10.04 from source.  NOTE: This is simply a tutorial for getting vTiger CRM up and running.  Make sure to read vTiger’s User Documentation on how to properly set the permissions to the files to appropriately lock it down prior to deployment

1.) Download the vTiger source

wget http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%205.2.0%20VB2/vtigercrm-5.2.0-vb2.tar.gz/download

2.) Install all the required libraries, MySQL, and PHP via APT

sudo apt-get install binutils cpp flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libpcre3 libpopt-dev lynx m4 make  ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev gcc libpng12-dev libjpeg62-dev libfreetype6-dev libssl-dev libxml2-dev libxml2 apache2 php5-mysql libapache2-mod-php5 mysql-server php5-gd php5-imap

3.) Configure Apache: /etc/apache2/sites-available/default (this is just a basic Apache, you can customize for your own purposes)

<VirtualHost *:80>
ServerName tiger.mydomain.com
DocumentRoot /var/www

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
ServerSignature Off

</VirtualHost>

4.) Give the access to these files: sudo chmod -R a+rw

sudo chmod -R a+rw config.inc.php
sudo chmod -R a+rw tabdata.php
sudo chmod -R a+rw install.php
sudo chmod -R a+rw parent_tabdata.php
sudo chmod -R a+rw cache
sudo chmod -R a+rw cache/images/
sudo chmod -R a+rw cache/import/
sudo chmod -R a+rw storage/
sudo chmod -R a+rw install/
sudo chmod -R a+rw user_privileges/
sudo chmod -R a+rw Smarty/cache/
sudo chmod -R a+rw Smarty/templates_c/
sudo chmod -R a+rw modules/Emails/templates/
sudo chmod -R a+rw modules/
sudo chmod -R a+rw cron/modules/
sudo chmod -R a+rw test/vtlib/
sudo chmod -R a+rw backup/
sudo chmod -R a+rw Smarty/templates/modules/
sudo chmod -R a+rw test/wordtemplatedownload/
sudo chmod -R a+rw test/product/
sudo chmod -R a+rw test/user/
sudo chmod -R a+rw test/contact/
sudo chmod -R a+rw test/logo/
sudo chmod -R a+rw logs/
sudo chmod -R a+rw modules/Webmails/tmp/

5.) Open a browser and go to the vTiger URL: http://vtiger.mydomain.com

Start the Installation process by going to the new vtiger URL that you created.

6.) Update /etc/php5/apache2/php.ini (make appropriate modifications, restart apache, check again)

When you open the a browser and begin the install process, it will tell you the recommended settings for PHP (this forum post has many of the changes that need to be made).  After modifying the php.ini file, restart apache and click “Check again”.  Everything should show up as ready.

If preinstall items still show up as missing, restart apache.  If the database will be on the same machine as vTiger, you can set the database host as localhost and maker sure to create a new db user:

# mysql -u root -p
mysql> CREATE DATABASE vtiger_db DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
mysql> GRANT ALL ON vtiger_db.* TO ‘vtigeruser’@'localhost’ IDENTIFIED BY ‘SET_PASSWORD_HERE’;

Installing the Customer Portal Plugin to vTiger

So, after trying out vTiger for a bit, I wanted to test drive the customer portal plugin.  This looked like a very simple install according to the vTiger Customer Portal User Guide, and it would have been had I disabled Deprecated warnings from PHP.  It’s 3 simple steps:

From the Wiki:

1. Download the vtiger_Customer_Portal_4_2.zip file from the http://prdownloads.sourceforge.net/vtigercrm/vtiger_Customer_Portal_4_2.zip?download

2.Extract the vtiger_Customer_Portal_4_2.zip file to an appropriate location in your Web site. After extracting the file structure will be <Web Site>/vtigerCRM/customerportal/<Portal related Files>. You can also modify the directory structure as per your Web site file conventions.

3. Modify the PortalConfig.php file present under vtigerCRM/customerportal/ as given below:

Server_Path: Specify the absolute path (URL) of the vtiger CRM server. For example, if your vtiger CRM server is running at http://vtigercrm.com/demo means you need to specify the Server_Path as given below:

$Server_Path = "http://vtigercrm.com/demo";

Authenticate_Path: Specify the absolute path (URL) of the vtiger Customer Portal directory in your Web site. For example, if you have extracted the vtiger Customer Portal related files in to your Web site at http://vtiger.com/demo/portal means you need to specify the value for Authenticate_Path parameter as given below:

$Authenticate_Path = "http://vtiger.com/demo/portal";

Now save the PortalConfig.php file.

Now, at this point, everything should be ready.  I created a test customer portal account without any issue, but when attempting to login, I received this error: “Could not connect to server. Please contact the administrator.”  After spending some time on the forums and trying out different things (here and here, and various others), I started looking directly at the code.  Specifically, /customerportal/CustomerAuthenticate.php, which has a nice little block of code commented out with the following comment above the code block: 

//Uncomment the following lines to get the error message in login screen itself.

Excellent.  I uncomment the block and see this error: XML error parsing SOAP payload on line 2: Not well-formed (invalid token).  After some more forum searching, I finally just opened the URL in a browser and found that the error was being thrown because Apache was returning Deprecated warning messages for some of the functions in the PHP libraries.  Then it was just a matter of updating /etc/php5/apache2/php.ini:

error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED

Restart Apache and everything should be all set!  NOTE:  If you were following along exactly, make sure to re-comment out that block of code in /customerportal/CustomerAuthenticate.php that returned the error.

I still haven’t decided if I am settling with vTiger or if I will be going with something else.  However, I went through the trouble of getting it up and running on Ubuntu and didn’t see any good tutorials on how to do this (except one good forum post), so I thought I’d share the howto.  I hope this helps!

References:

- Slashdot: SugarCRM 6 Released, But Is It Open Source?
- vTiger 510 Installation on Linux
- vTiger Installation on Ubuntu v9.04
- vTiger CRM Installation Manual
- How to disable PHP 5.3 Deprecated errors

I use the term “encryption” loosely in this article. As you read on, you’ll realize why…

I’ve been doing some work on a plugin for Microsoft Dynamics GP, which is an accounting system aimed at Medium sized to Large businesses. To give you an idea of what type of application this is: There are companies that pay somewhere around $10,000-$15,000 to consultants or VARS (Value Added Resellers) to implement a Microsoft Dynamics GP solution for their business. Many of the VARs have their own plugins and solutions for Microsoft Dynamics GP, usually written in .NET or Dexterity. The process of installing and maintaining GP is an industry all it’s own and it’s not cheap for a company to maintain this accounting system.

I’ve been searching for the “encryption algorithm” or at least some way other way to “encrypt” data in GP in some other way than within Dexterity code. I was really hoping that there would be some .NET library that would do this for me, but I was never able to find anything that would help me do this. So, I became interested in what type of “encryption” this is. Somewhere (I can’t remember where) I found something that indicated that the it’s a symmetric key encryption algorithm. The message boards were not much help either. Anywhere I went, I basically saw this same type of statement, “the encryption algorithm is a closely guarded secret”.

Today, while doing some testing, I noticed something with data that we were saving to a field which utilizes the GP “encryption”. The plugin I was testing puts data in an encrypted field (not that it needs to because it’s not sensitive in nature), and I was testing with the same values each time. As I would expect, I saw the same data stored in the field in the database for each row in the table. However, I noticed that one of the entries was different, by 2 characters. That seemed very odd to me. After looking at it some more and conducting some more tests, it looks like I simply miskeyed my test data, but it prompted me to take another look at this.

After trying a couple different combinations of test data, it became very obvious that changing only one character in the test data appeared to only alter 2 characters of the encrypted data. So I ran through a battery of tests, and came up with this:

’1′=’DF’, ’2′=’DC’, ’3′=’DD’, ’4′=’DA’, ’5′=’DB’, ’6′=’D8′, ’7′=’D9′, ’8′=’D6′,
’9′=’D7′, ‘A’='AF’, ‘B’='AC’, ‘C’='AD’, ‘D’='AA’, ‘E’='AB’, ‘F’='A8′, ‘G’='A9′,
‘H’='A6′, ‘I’='A7′, ‘J’='A4′, ‘K’='A5′, ‘L’='A2′, ‘M’='A3′, ‘N’='A0′, ‘O’='A1′,
‘P’='BE’, ‘Q’='BF’, ‘R’='BC’, ‘S’='BD’, ‘T’='BA’, ‘U’='BB’, ‘V’='B8′, ‘W’='B9′,
‘X’='B6′, ‘Y’='B7′, ‘Z’='B4′, ‘a’=’8F’, ‘b’=’8C’, ‘c’=’8D’, ‘d’=’8A’, ‘e’=’8B’,
‘f’=’88′, ‘g’=’89′, ‘h’=’86′, ‘i’=’87′, ‘j’=’84′, ‘k’=’85′, ‘l’=’82′, ‘m’=’83′,
‘n’=’80′, ‘o’=’81′, ‘p’=’9E’, ‘q’=’9F’, ‘r’=’9C’, ‘s’=’9D’, ‘t’=’9A’, ‘u’=’9B’,
‘v’=’98′, ‘w’=’99′, ‘x’=’96′, ‘y’=’97′, ‘z’=’94′, ‘!’='CF’, ‘@’='AE’, ‘#’='CD’,
‘$’='CA’, ‘%’='CB’, ‘^’='B0′, ‘&’='C8′, ‘*’='C4′, ‘(‘=’C6′, ‘)’='C7′, ‘ ‘=’CE’,
”=’20′, ”=’00′,’-'=’C3′, ‘_’='B1′, ‘=’='D3′, ‘+’='C5′, ‘['='B5', ']‘=’B3′,
‘{‘=’95′, ‘}’=’93′, ‘\’='B2′, ‘|’=’92′, ‘;’='D5′, ‘:’='D4′, ””=’C9′, ‘”‘=’CC’,
‘=’='C2′, ‘<’='D2′, ‘.’='C0′, ‘>’='D0′, ‘/’='C1′, ‘?’='D1′, ‘`’=’8E’, ‘~’=’90′

Yep, it’s basically your run-of-the-mill Substitution cipher. The worst part, there’s evidence all over the place that this was a VERY weak encryption algorithm for awhile, but nobody seemed to pay any attention to it when people were asking how they could reset passwords of users in the database (Post 1 – Post 2)

I did some more searching, because there is ABSOLUTELY NO WAY THAT I AM THE ONLY ONE THAT SAW THIS… I found a good write up on the MSDN blogs that explains pretty well how the GP encryption was used (here).

The article is evidence to support a theory that I have, which is after GP moved to SQL server authentication, the encryption method didn’t seem to be needed any longer so they never replaced. I don’t know if the word was released to developers and integrators that the “encryption algorithm” wasn’t ideal for storage of sensitive information, but I don’t know how many plugins or customizations use it either.

EXCEPT…. Microsoft still uses it for their GP system password, which is the password needed to get to the Security Roles/Tasks and all the User Security related forms while in GP. What’s even worse, if you create a new user, you have to give the user explicit rights to the company or companies you want the user to access, but you DON’T HAVE TO GIVE ACCESS TO THE DYNAMICS DATABASE. What that means is if you create a base user in GP, that user can log into the SQL server and run select AND INSERT statements on tables containing the “encrypted” GP System password and Security Roles… Not good… I must correct this and clarify. By default, GP gives the user access to the DYNAMICS database but the user CANNOT login to the SQL server using SQL Enterprise Manager. Here’s what happened: I reset the LESSONUSER’s passwords with SQL Enterprise Manager and afterward I was able to login to SQL Enterprise Manager with the LESSONUSER’s credentials. Some flag most have been updated when I reset the password – I need to investigate this further (this was all done in a Test environment). This was a BIG oversight on my part and I apologize for this. I really should have tested this out more before posting that statement. (Thank you Mark and others that pointed this out to me).

I created a function that you can use to decrypt GP “encrypted” data. You can find it here (link is working again). If you create the function on the SQL server, you can then retrieve the Master password by running this query:

select dbo.[fn_Decrypt_Value] (PASSWORD, 16) from DYNAMICS.dbo.SY02400

Another point I need to clarify, as Mark pointed out, this master password is just a secondary password that is OPTIONAL. THIS PASSWORD DOES NOT GIVE YOU ACCESS TO GP. If you have this password set, the user attempting to access the Security Roles/User Forms will need to enter it. This is not a very secure way to store this password, but it is not the primary form of authentication to GP.

I did ALOT of searching to see if anyone had reported this in the past, but I found no indication of this ever being found. I don’t know if this is a “REAL” discovery, but I would think it’s worth knowing. I hope you found this informative!

This was originally meant to be a disclosure that the Microsoft Dynamics GP Dexterity Encryption algorithm was weak and has been broken. The retracted statement was an oversight on my part and I’m sorry for this.

Other References:

Microsoft Dynamics GP Table Structure Overview

There’s a great proof-of-concept site here which will conduct the history leak on your browser. There’s 2 ways it can do this: Javascript and CSS. I’ve been aware of the Javascript method for years, but I’ve only heard about a possible way of doing this with CSS (I’ve never seen it in action before).  That’s the part I found really cool.

From http://whattheinternetknowsaboutyou.com/docs/details.html with regard to conducting this using CSS:

Using the :visited pseudoclass on a elements, it is possible to specify a background-url attribute which will make a request to the server if a particular link has been visited. We can thus achieve the same goal of determining visited links without using Javascript. For example:

<style>
	a#link1:visited { background-image: url(/log?link1_was_visited); }
	a#link2:visited { background-image: url(/log?link2_was_visited); }
</style>
<a href="http://google.com" id="link1">
<a href="http://yahoo.com" id="link2"> 

The site even does a write up on solutions to help avoid this (here):
For a quick fix: Firefox or Chrome users, you have private browsing mode or incognito mode respectively.

If you run Internet Explorer (which you should never do), there’s not a whole lot you can do aside from disabling CSS, which will break most websites today.  For prevention methods in IE, Microsoft has an MSDN article for you here.

Anyway, I was going to write a HOWTO for this, but I came across Darren Kitchen’s Jasager HOWTO, which is a very comprehensive, step-by-step walkthrough with screenshots, and I felt that there is no need to write a HOWTO after using his. If you are just starting out with the FON and you are looking for a good HOWTO to get Jasager up and running, I would recommend that you start here. The only thing I can add to the HOWTO, on Step 10, I needed to use single quotes instead of double quotes for the command issued to patch the Redboot config:

From: mtd -e “RedBoot config” write out.hex “RedBoot config”
To: mtd -e ‘RedBoot config’ write out.hex ‘RedBoot config’

The FON is a TON of a fun to play around with. If you play around with it enough, it’s almost inevitable that you will probably brick it at least once. The HiR Information Report has a great write up on how to un-brick the FON with a link to a script that will help you connect to the FON through telnet (if you kept it enabled). Here is a link to the article and the redboot.pl script from Digininja’s site.

Of course, if you need to do this, you will need to setup a TFTP server on your machine connecting to the FON to copy over the firmware.

Here is a good HOWTO for setting up a TFTP server in Ubuntu. NOTE: If you are running a version of Ubuntu 9.04 or later, you may need to add the “–daemon” option to /etc/default/atftpd in order for the sudo invoke-rc.d atftpd start command to work.

NOTE: This is NOT a new exploit by any means. Here is a link to an advisory released back in January of 2006. And Microsoft was notified well in advance before the advisory was released. From the advisory: “Microsoft was contacted on October 13, 2005. After numerous exchanges of emails and a conference call, Microsoft was able to reproduce and isolate the issue within their software. As there are multiple and easy-to-implement workarounds for the issue, Microsoft has scheduled to include the fix in the next service packs.”

The only “good” thing that I can say about this exploit is that doesn’t appear to affect newer versions of Windows (like Vista or Windows 7).  Of course, that won’t stop a user from manually connecting to a Wireless AP with the same name…  But that’s really a different issue altogether…

Here are the workarounds:

Workaround #1:
 Disable wireless when not in use.

Workaround #2:
 Use an alternate Wireless Client Manager, (e.g. for an integrated Intel Wifi
 connector, use Intel PROSet/Wireless) as all others tested do not seem to
 have the problem (this testing was not all-inclusive).

Workaround #3 (recommended):
 1. Click on the Wireless option in the System Tray and open the Wireless
    Network Connection window.
 2. Click on "Change advanced settings".
 3. In the Wireless Network Connection Properties window, click on the Wireless
    Networks tab.
 4. Click on the Advanced button.
 5. Click on "Access point (infrastructure) networks only"
 This workaround prevents you from connecting to any ad-hoc network in the
 first place.

Sources:

1.) Microsoft Windows Silent Adhoc Network Advertisement

2.) Tool Talk: Jasager and Karmetasploit

3.) Bad Karma for Wi-Fi on Windows?

Rafal did a good job in pointing out that the majority of people using Flash are marketing people with just enough technical knowledge to use Flash to create web sites. The flash tools make it very simple for them to drag and drop objects on a screen, while not paying any attention to or keeping in mind any potential security vulnerabilities of allowing the client access to the compiled code. Furthermore, when a database is involved, you are basically giving the client the digital keys to the castle without even thinking about the implications.

Before the talk, Rafal had told attendees of the conference (via Twitter) to bring their laptops to participate in a “game” during the talk. At the beginning of his talk, he told everyone to download the SWFScan tool and start searching for vulnerable flash files. I was in the audience sitting very close to a guy who pointed out a website where a login and password with what appeared to be Administrative credentials could clearly be read in the decompiled flash code. It took the guy about 20 minutes to find this. Also, during the talk someone else found a website making open-ended database calls to a webservice, through unencrypted HTTP, within the flash code, described here in this article written by Rafal. I was absolutely sold on this being a massive problem after I heard all this.

I really wish this was difficult for someone to do… I really wish I could say that only someone with solid technical knowledge of Flash could perform theses attacks… Unfortunately, as Rafal pointed out in his talk, anyone who downloads a Flash decompiler tool, knows how to do a Google Search, and can READ can perform an attack on a vulnerable Flash site. A couple months back, I saw a Slashdot article that stated: “Adobe Flash To Be Top Hacker Target in 2010″. After Rafal’s talk, I would agree with that assessment. If you run any flash on your website, I would HIGHLY recommend that you download the tool and analyze the code for any potential security issues.

BTW, props to Rafal Los, all the other speakers at Thotcon, and the guys that organized the conference. You guys were awesome! Furthermore, it was great to finally see a hacking conference in Chicago. We were long overdue!

Besides the nostalgia factors of wanting to play the game, another reason I absolutely love the game is that the hardware requirements for playing the game are very minimal.  Because of this, I can play Quake on almost anything that I ever come across.  I currently use an on old Thinkpad X23 as basically a netbook.  The X23′s size allows me to carry it anywhere without it being a burden during travel.  I currently run Ubuntu 9.10 on this 8 year old laptop without any issues.  This laptop runs a Pentium III 800 mhz processor with only 600 MB of RAM (the processor is pretty obsolete by today’s standards).  But, it’s still good enough to play Quake.  For me, that’s awesome.

Quake on Ubuntu is very easy to get going:

1.) Install DOSBox and the SDL-Net lib from apt

sudo apt-get install dosbox libsdl-net1.2

2.) Download and copy quakespasm to the /usr/local/games/quake directory

sudo mkdir /usr/local/games/quake
sudo cp quakespasm /usr/local/games/quake/quake

3.) Download the Quake shareware zip from idSoftware and run it in DOSBox

cd /home/username/Downloads/
mkdir quake106
cp quake106.zip quake106/.
cd quake106
unzip quake106.zip

Now, run DOSBox from the command line: dosbox

In DOSBox, mount the folder where the unzipped quake files are and run the install:

mount c /home/usernane/Downloads/quake106/
C:
install.bat

Install the files in whatever directory you want (probably will be C:\QUAKE_SW).  Wait until it finishes.  Now, at this point, you could run Quake straight from DOSBox, although it’s not really optimal for graphics and sound (but, in my case runs just fine).

NOTE: If you want to run DOSBox in full screen mode, press Alt + Enter

4.) Copy quake files to /usr/local/games/quake

sudo mkdir /usr/local/games/quake/id1
sudo cp /home/username/Downloads/quake106/QUAKE_SW/ID1/PAK0.PAK /usr/local/games/quake/id1/pak0.pak

Linux Quake requires (most) filenames to be in lowercase. If you get an error similar to “Error: W_LoadWadFile: couldn’t load gfx.wad” it means the game can’t find the data files, possibly because they are not all lowercase.  Make sure you have the subdirectory “id1″ (not “ID1″) containing the files “pak0.pak” and “pak1.pak”.

NOTE: There are MANY Quake ports to Linux besides Quakespasm: EZQuake, ProQuake, Tenebrae, etc.  I just chose one, but they are all just about equally as easy to install.

There you have it.  Enjoy some original Quake on Linux!

Sources:
1.) Linux Quake HOWTO
2.) Quakespasm on SourceForge
3.) Quake from id Software
4.) Ubuntu Community – DosBox
5.) Basic Setup and Installation of DosBox

I actually use 2 media server applications: Mediatomb and uShare. uShare is another free UPnP A/V & DLNA Media Server that runs on Linux. It’s fairly easy to setup.  I have found that there are some things that uShare won’t play, but Mediatomb will and vice versa. In general, I found uShare to be very temperamental. Maybe it was something I configured wrong or the version of uShare that I am running (I am running the ushare package from the apt repository for Ubuntu Karmic), but I would constantly receive errors in the upper right corner of the screen while streaming content from my media server (the media would continue playing like nothing happened, I would just see DLNA errors in the upper right corner). Also, uShare would not play Revision3 MP4 podcasts out-of-the-box (I would have to transcode them into mpeg-1). On top of all of that, uShare didn’t recognize when new content was added to the stream folder without a restart of the ushare service (Mediatomb picks it up eventually since it appears to be indexing the content in the background). For instance, if I downloaded a new Revision3 show, my media center client would not see it until the uShare service was stopped and started again on the media server running uShare. After all these headaches and a few others, I decided to try other options for Revision3 programming.

NOTE: For XBMC, you don’t need to download the podcasts if you don’t want to. You can stream the content directly from the Internet using the Revision3 Video plugin for XBMC. However, if you want to download the podcasts, XBMC works with uShare and Mediatomb.

Here’s how to install Podget in Ubuntu and stream Revision3 podcasts to your media center client using Mediatomb:

1.) Install podget and Mediatomb

sudo apt-get install podget mediatomb

2.) Configure podget

Run podget to setup rc and serverlist files from your home directory:

cd
podget ==> (Once it starts to download a podcast, you can kill the podget process, or you can wait until it finishes – whatever you want)

Setup location of downloaded podcasts:

pico .podget/podgetrc

dir_library=/home/username/POD ==> Change if you want them saved somewhere else
most_recent=1 ==> Default is 0, which downloads ALL new material. I set it to download the most recent episode of each show.
cleanup=1 ==> Default is 0, which will keep download podcasts indefinitely (if you have enough space and want to keep the podcasts forever, keep this at 0)
cleanup_days=30 ==> Default is 7 – 30 days is approximately 4 weeks worth of programming, which should be good enough.

(Ctrl+X) ==> To save and exit out of pico

Setup podcasts to download:

pico .podget/serverlist

Comment out the shows that you don’t want and add the Revision3 shows that you want to download. All of the Revision3 shows appear to have this format in an RSS feed: http://revision3.com/showname/feed/fileformat

showname=hak5,diggnation,scamschool,filmriot,rofl,tekzilla
fileformat=MP4-Small,MP4-Large,MP4-hd30,MP4-High-Definition

Here are some examples that I used to download the shows in HD:

http://revision3.com/hak5/feed/MP4-High-Definition Revision3 Hak5
http://revision3.com/diggnation/feed/MP4-High-Definition Revision3 Diggnation
http://revision3.com/scamschool/feed/MP4-High-Definition Revision3 Scam_School
http://revision3.com/filmriot/feed/MP4-High-Definition Revision3 Film_Riot
http://revision3.com/rofl/feed/MP4-High-Definition Revision3 ROFL

(Ctrl+X) ==> To save and exit out of pico

3.) Configure Mediatomb

Edit Meditomb config file: sudo pico /etc/mediatomb/config.xml

Depending on the media center client you are using, you will need to make the following edits to the config file (source):

Playstation 3 (PS3) Compatibility

   <protocolInfo extend="yes"/><!-- For PS3 support change to "yes" -->
   <!-- Uncomment the line below for PS3 divx support -->
    <map from="avi" to="video/divx"/>

D-Link Media Player Compatibility

   <!--
       Uncomment the lines below to get rid of jerky avi playback on the
       DSM320 or to enable subtitles support on the DSM units
    -->
    <custom-http-headers>
      <add header="X-User-Agent: redsonic"/>
    </custom-http-headers>

    <manufacturerURL>redsonic.com</manufacturerURL>
    <modelNumber>105</modelNumber>
        <!-- Uncomment the line below for D-Link DSM / ZyXEL DMA-1000 -->
        <map from="avi" to="video/avi"/>

ZyXEL DMA-1000 Compatibility

        <!-- Uncomment the line below for D-Link DSM / ZyXEL DMA-1000 -->
        <map from="avi" to="video/avi"/>

–
** When you are finished: (Ctrl+X) ==> To save and exit out of pico

Stop and Start Mediatomb:

sudo /etc/init.d/mediatomb stop
sudo /etc/init.d/mediatomb start

Open a web browser and navigate to: http://localhost:49152    ==> Mediatomb may have put this on 49152, 49153, or 49154 (I have seen all of those used).

Click the Filesystem option on the left side.  Navigate to where the podcasts are downloaded: /home/username/POD

Click the + on the right side to add the directory to Mediatomb.

5.) Setup a cron job to check for new podcasts and download them

crontab -e

This will open an editor to create a cron job. Here’s an example of a cron job that you can setup:

# Once a day at 4:15 AM
15 04 * * * /usr/bin/podget -s
# Every 6 hours on the hour
0 */4 * * * /usr/bin/podget -s

Exit out of the crontab and run podget to start downloading the content: /usr/bin/podget -s

There you have it. You can download the Revision3 shows to your PC and stream them in HD to any media center client that works with Mediatomb.

I should note that this is not just specific to Revision3 shows. There are many shows distributed as podcasts that you could do this with. Revision3 produces my favorite shows on the Internet so I used them as the example for this HOWTO.

Sources:

1.) Podget: A Simple Podcast aggregator

2.) Mediatomb – Community Ubuntu Documentation

3.) XBox 360 Media Sharing

4.) Podget howto

5.) uShare streaming to PS3 Howto

If you need to use a hostile network to connect to the internet, you should tunnel your web traffic through a “trusted” network, such as your home network.  There are 2 ways that you could do this: VPN or SSH.  It’s easier to setup SSH on a machine at home and doesn’t require the end user to have a private certificate, so it’s the most convenient to use too.  By tunneling your traffic through SSH, you are eliminating the possibility of someone conducting a man-in-the-middle attack and capturing your web traffic.  I would highly recommend tunneling your traffic through a “trusted” network whenever you must use a “hostile” network to access the internet, such as WIFI hot spot or free internet access at a hotel.

Here’s how you can tunnel your traffic:

1.) SSH to your trusted network

ssh -fND localhost:$PORT username@my_trusted_network.com

This creates a tunnel to your trusted network (my_trusted_network.com) with your credentials (username) that only your own machine can use (localhost) on the port specified ($PORT).  Once you are logged in, the SSH process will be in the background and the SSH tunnel to your trusted network is established.

2.) Configure Firefox to use the SSH tunnel for web traffic

Open Firefox, at the top menu bar click Edit –> Preferences.  Click the Advanced option at the top.  Select the network tab and click the Settings button next to “Configure how Firefox connects to the Internet”.

Select “Manual proxy configuration”.  In the SOCKS Host text field, enter localhost and in the Port text field, enter whatever port you specified in $PORT when you established your SSH connection.  Click OK to close the Connections Settings window, and then click Close to close the Firefox Preferences window.  Your web traffic in Firefox will now be tunneled through your trusted network.

3.) Configure Firefox to use SSH tunnel for DNS

Even though you are using SSH to tunnel your web traffic, you are still vulnerable to a DNS man-in-the-middle attack.  Also, if your DNS requests aren’t tunneled, the operator of the hostile network can still see where you are navigating to on the web when your client makes DNS requests to resolve hostnames to IP addresses.  For these reasons (and for many others), it’s a good idea to tunnel DNS through your SSH tunnel too.

In the Firefox URL address bar, enter about:config.  At this point, you may receive a warning from Firefox, which you will need to click through to get to the next step.  In the Filter text field, enter network.proxy.socks_remote_dns.  Double-click on the network.proxy.socks_remote_dns entry to set the value to true.

4.) Verify that both your web traffic and DNS are being tunneled through your SSH connection

To verify, run tcpdump:

tcpdump -i <interface> -v

Verify that all network packets from Firefox are being sent through your SSH connection.

Sources:

1.) Tunneling Firefox traffic over SSH

2.) Tunnel Web and DNS Traffic Over SSH

3.) How to Tunnel Web Traffic with SSH Secure Shell

First, install aircrack-ng:

apt-get install aircrack-ng

Next, you will need to install the drivers specific to your wireless card for madwifi and patch the kernel:

 ifconfig ath0 down
 ifconfig wifi0 down
 svn -r 4073 checkout http://svn.madwifi-project.org/madwifi/trunk/ madwifi-ng
 cd madwifi-ng
 wget http://patches.aircrack-ng.org/madwifi-ng-r4073.patch
 patch -N -p 1 -i madwifi-ng-r4073.patch
 ./scripts/madwifi-unload
 make
 make install
 depmod -ae
 modprobe ath_pci

ERROR NOTE: If at any point you get an error like this:

/lib/modules/2.6.22-14-server/build is missing, please set KERNELPATH. Stop.

Simply run this command and then continue with the instuctions:

apt-get install linux-headers-$(uname -r)

Now you can start using the aircrack-ng tools tool monitor wireless traffic:

• 1. Enable monitoring with “airmon-ng”:
  sudo airmon-ng start

• 2. Packet capturing with “airodump-ng”:
  sudo airodump-ng –channel –write
• Packet capturing with “airodump-ng” (to collect data from target network only and hence increase performance):
  sudo airodump-ng –channel –bssid 00:09:5B:D7:43:A8 –write

  NOTE:
  –channel… Select preferred channel; optional, however, channel hopping severely impacts and thus slows down collection process.
  –bssid… MAC address of target access point; optional, however, specifying access point will improve performance of collection process.
  –write… Preferred file name; mandatory field (in our case).

NOTE: if you are not seeing any traffic while in monitor mode, run:

airmon-ng check

If any processes are returned, you may need to kill them (they might be interfering with the device).  After you kill the processes, you might need to stop monitor mode on any interfaces you created with airmon-ng and then restart airmon-ng (after stopping, start back at the “Enable monitoring” directions above).  There are 2 ways to stop airmon-ng: One is to pull out the PCMCIA card and plug it back in.  The other is to issue this command:

airmon-ng stop

Once you have airmon-ng up and running, you should see the access points that are sending out Beacons, as well as the clients that are connecting to the access points, or who are looking for their “trusted” access points that they have connected to in the past.  Here is a good chart that explains each of the data fields that you will see.

IMPORTANT NOTE: The legality of capturing wireless traffic (encrypted or unencrypted) from a wireless network (business or personal) without explicit consent of both the sender and receiver may be illegal.  From what I read, this appears to be a legally “gray” area.  There are specific local, state, and federal wiretap laws against interception of communication, analog or electronic, that an individual might need to adhere to.  However, most of the rulings/legislation that I have seen were targeted at businesses listening in on employee activities during work hours, when the employee was using company equipment. 802.11 Wireless communication uses a radio frequency, that one could argue should be held up to similar laws and restrictions as amateur radio.  One could also argue that 802.11 communication should have it’s own set of laws and regulations that users would need to adhere to.

If you are targeting your own network to capture wireless traffic for research and/or educational purposes, you shouldn’t be breaking any laws that I am aware of (since you are technically both the sender and recipient of the electronic communication).  For capturing traffic on other networks. the laws on one-party/two-party consent might apply (again, applying wiretap laws to 802.11 wireless communication might vary on your location). I am not a lawyer and I do not dispense legal advice so proceed with caution.  I merely find this a very interesting topic for discussion.  Here are some links that I found related to the topic of the legality of capturing wireless traffic:

Cracking WEP

How to crack WEP

Monitoring Employee Communications under Federal and Illinois Law

Here are the sources that I used in order to write this HOWTO:

1.) Aircrack getting started

2.) Madwifi-ng howto from Aircrack-ng

3.) Ubuntu HOWTO: Aircrack-ng (Simple Guide)

4.) Kernel server build missing error fix