I received a piece of malware today and as one will do, I of course opened it up on my test machine. Like with a lot of phishing-types of emails, it was really just trying to get at a password (in this case it was a fake Office365 login). One thing that jumped out at me was that the payload was a bunch of base64 encoded blobs. The machine was offline, so I couldn’t use one of the many online decoders to see what it was doing. Thus, time to bust out the old openssl and base64 commands. Let’s start with a quick example of encoding a string object into…
-
-
Promote an Open Directory Master in OS X Server 5
Open Directory has never been so easy to setup for a basic environment as it is in OS X Server 5 (for OS X 10.11 El Capitan and OS X 10.10 Yosemite). It’s also never been so annoyingly simple to use that to do anything cool requires a bunch of command line foo. No offense to the developers, but this whole idea that the screens that were being continually refined for a decade just need to be thrown out and started fresh seems to have led to a few babies thrown out along with them. Not often as I’m kinda’ digging most of the new config screens in OS X Server…
-
Using OpenSSL to Test Connectivity
Almost wrote this up again and then realized I already did once (sure it was a few years ago but luckily not much changes with some of the command line stuff). Check it out here: https://krypted.com//mac-os-x/using-openssl-to-test-connectivity If you want to see more on openssl check this one out too: https://krypted.com//unix/openssl-and-signatures
-
Quick and Dirty md5
A hashing function is used to calculate a hash value. If you insert a file into a hashing function then it should produce a value that is almost certain to be unique (there’s always the remote likelihood that no matter how good your function, you may end up with a duplicate). The openssl command is used to access a number of functions/ciphers including sha1, base64, md5, rc4/rc5 and of course des/des3. It is a very simple command to use, simply provide the cipher, followed by the path to the file you would like to get a hash value (aka digest) for. So if I have a file called myfile.txt and I…
-
Using OpenSSL to Test Connectivity
When you’re testing connectivity to servers and you’re using SSL on those servers then your traditional ways of testing connectivity may been a little augmentation. For starters, you’re going to use the openssl to test connections. For example, if you have a web server you might traditionally attempt to telnet into port 80 and check you banners; however, if you have an SSL certificate on it then you might be better served connecting to port 443 using the openssl command. In the following example we’ll tell openssl to be a generic client (s_client) and connect (-connect) to https://krypted.com/ over port 443: openssl s_client -connect krypted.com:443 The output would then look…
-
openssl and Signatures
A checksum can be used to determine if a file has been tampered with at a later date. To run a checksum use the following command: openssl dgst -HASHTYPE path_to_file HASHTYPE would then be md2, md4, md5, mdc2, rmd160, sha or sha1. Let’s go ahead and do a checksum of our smb.conf file: openssl dgst -md5 /var/db/smb.conf You should then see output similar to the following: MD5(/var/db/smb.conf)= e4b58a63c6682b298aeca3ad40734c1e MD5(/var/db/smb.conf)= e4b58a63c6682b298aeca3ad40734c1e