Friday, 8 March 2013

Encrypt/Decrypt Confidential Data Using OpenSSL

If you wish to perform encrypted file transfers, openssl provides a robust implementation of SSL v2/3 and TLS v1 as well as full strength generic cryptographic functionalities. Available for almost every commonly used operating system, openssl can be used as a general purpose tool instead of looking for other specialized tools.

If you wish to have full strength cryptographic functions, openssl is a perfect choice. Forget about all other tools that promise to provide high end encryption for your confidential data. Openssl is more than enough for most of your cryptographic needs. Personally, I can't just rely on some random software that promises to provide full strength cryptography but lacks documentations and detailed reviews. Openssl, however, has a well structured documentation and is an open source implementation.

Openssl supports several ciphers such as AES, Blowfish, RC5, etc., several cryptographic hash functions such as MD5, SHA512, etc., and public key cryptographies such as RSA, DSA, etc. Openssl has been widely used in several softwares most notably the OpenSSH.

Now that we know some basics about what OpenSSL is, lets move on encrypting/decrypting files/data using openssl. OpenSSL can take any file and then apply one of the cryptographic functions to encrypt the file. As an example, we encrypt a confidential file 'priv8' with a password "hello" below:

samar@Techgaun:~$ openssl aes-256-cbc -e -in priv8 -out priv8.enc -pass pass:hello


In order to decrypt the encrypted file, we can run the following command:

samar@Techgaun:~$ openssl aes-256-cbc -e -in priv8.enc -out priv8 -pass pass:hello


Now that you know the basic syntax, you can choose among several available cryptographic functions. There are several other symmetric ciphers available for use. The full list of these ciphers is provided by the command:

samar@Techgaun:~$ openssl list-cipher-algorithms


I hope this helps for your file encryption needs :)


Read more...

Thursday, 7 March 2013

Make An Encrypted Call On Android Using RedPhone

If you are quite worried about your privacy while making voice calls on your phone, RedPhone is a perfect tool to install in your android phone. RedPhone ensures that the eavesdropping attackers can not sniff your call by providing end-to-end encryption.

RedPhone is an open source communication encryption android software that well-integrates with the system dialer and lets you use the default system dialer and contacts apps to make calls as you normally would. The tool is written by Maxie Morlinspike, the same guy who wrote a famous tool called SSLStrip for performing HTTPS stripping attacks.

Install RedPhone





It is an open source tool licensed under GPL v3; the github README says, RedPhone is an application that enables encrypted voice communication between RedPhone users. RedPhone integrates with the system dialer to provide a frictionless call experience, but uses ZRTP to setup an encrypted VoIP channel for the actual call. RedPhone was designed specifically for mobile devices, using audio codecs and buffer algorithms tuned to the characteristics of mobile networks, and using push notifications to maximally preserve your device's battery life while still remaining responsive.

If you wish to understand more on Encryption protocol, you should refer to the WIKI.

Install RedPhone




Read more...

E-Paath - A Perfect Computer-based Learning Tool For Your Children

If you are looking for good computer based learning materials for your small children, e-paaath (E-/Online Lesson) is a perfect choice esp. for the Nepali education scenario. I don't know how much has been done to take this software to the reach of the students/children but I think this software can be a very useful interactive learning material for children.

Developed by OLE Nepal in collaboration with the Department of Education (Nepal), this web-based software provides several modules of online lessons for classes 2-6. The software consists of 18-30 lessons organized in a weekly fashion for four subjects: Nepali, English, Mathematics, and Science. The contents for science are available in both English and Nepali languages. However, mathematics is available only in Nepali language.



E-paath is a flash based content and hence requires flash player and can be run through any of the major web browsers such as Mozilla Firefox, Google Chrome, etc. Since e-paath is a web based content, you can run it in any platform without any problem (I had to change a little bit of code in karma.html file to run the tool smoothly in Linux but its still fine; having a web server to serve the pages solves all errors though).

You can download e-paath from HERE. For installation help, you can refer to this page. You can also access the software online from HERE. Btw, there is no specifically linux version of tool available in the website (except for Sugar desktop environment) and don't try to mirror the online version of e-paath as flash contents seem to be internally referencing the configuration files. Your best bet is to download either of the two available versions and then delete all the unnecessary stuffs in there. It just runs fine.


Read more...

Tuesday, 12 February 2013

Chaining The Proxies With ProxyChains

In this tutorial, we will learn to redirect our TCP traffics through the chain of proxies using a well known tool named ProxyChains.

ProxyChains is a tool for tunneling TCP and DNS traffics through chain of several proxy servers which supports HTTP, SOCKS4, and SOCKS5 proxy servers. Hence, this tool leverages several usages such as anonymity, bypassing filters, running any program through proxy servers, etc.

You can DOWNLOAD proxychains from SourceForge. In ubuntu, you can directly install it from repos:

samar@samar-Techgaun:~$ sudo apt-get install proxychains


Once you have installed the proxychains, you need to configure this tool. The global configuration file is located at /etc/proxychains.conf so if you wish to have your own configuration file, you could either create the proxychains.conf file in the current working directory or at $HOME/.proxychains/proxychains.conf.

In my example, I'll edit the global configuration file by issuing the command:

samar@samar-Techgaun:~$ sudo nano /etc/proxychains.conf


First, we will have to select the kind of chaining option we want to use. We can use one of the dynamic_chain, strict_chain, and random_chain chaining options. In most cases, it is good to just use the dynamic_chain so we uncomment the line containing dynamic_chain and comment all other chaining options.



Then we need to grab some proxies and then insert at the end of our configuration file which would look like:

socks4 127.0.0.1 9050
socks5 192.168.2.90 3128
socks5 1**.1**.*.* 8080


You could add as much as proxy servers in the list. Btw, the asterisks in the above example do not mean wildcards, they are just there to symbolize some proxy server. There are free sites on the Internet which provide big database of different kinds of proxies. Even several proxy scrapers are available all over the internet and you could even write one on your own. So getting list of good proxies is not the difficult job. Once you finish the configuration, you can run any command through proxychains. The syntax is as simple as below:

samar@samar-Techgaun:~$ proxychains <any_command>


For example, below is the example nmap scan run through the proxychains:

samar@samar-Techgaun:~$ proxychains nmap -p 1-1000 -O victim.tld


P.S. If you are interested in some GUI for using proxychains, you can use ProxyChainsGUI. Lastly, the default package from Ubuntu repository seems to be missing the proxyresolv command so I would recommend to compile the source code locally.

Read more...

Thursday, 7 February 2013

NCell Paisa Double For Prepaid and Pro Classic customers

Ncell has introduced yet another offer, the Paisa Double for all the prepaid and pro classic customers which will be available for next eight weeks.

With the Ncell's Paisa Double offer, you will be able to double the said amount. Ncell says that it is a new offer that acknowledges the loyalty of Ncell customers by providing them various amounts to double.

Once you have enough main balance, you can activate the offer by dialing 1212. In order to utilize the scheme, you have to follow the steps as below:

  • Dial 1212 and listen to find out what amount you can double. Then press 1 to get the double of the said amount. Alternatively, you can also dial *1212# and press 1.
  • After you press 1, the said amount will be deducted from your main balance and the double of it will be added as your Paisa Double balance.


While the offer sounds great, it is only applicable within Ncell network. You can use the Paisa Double balance to make calls, send SMS and MMS within Ncell network and even to access internet. You can subscribe Ncell Paisa Double offer only once and it will be auto-renewed every week until you deactivate or till the offer ends.

Dial *101# to know your remaining Paisa Double balance. If you wish to deactivate the service, type R and send it to 1212 through SMS. However, you can again activate if you wish within the offer period.


Read more...

Wednesday, 30 January 2013

Search Text Over Multiple PDF Files In Linux

You can use the old grep command or the small script using the pdftotext command to search text over multiple pdf files but we are talking about a simple utility that lets us to search text in PDF files.

The pdfgrep tool lets you perform grep style search over multiple pdf files easily from the terminal. It depends upon the poppler package and under ubuntu, you can just type the command below to install pdfgrep.

samar@\Techgaun:~$ sudo apt-get install pdfgrep


Once pdfgrep is installed, you can perform any kind of search like you would do while using the grep command. Enjoy grepping the PDF files :)


Read more...

Tuesday, 29 January 2013

Turn Your Greasemonkey Script Into Firefox Extension

Well I came across this online tool which lets you compile your greasemonkey scripts which we commonly call User Script into a working firefox extension. Hence I decided to share the link.

Greasemonkey Compiler

I hope the URL proves useful to you guys :)


Read more...

Swasthani.com Swasthani Ripper

Yesterday I came to know that I can listen Swasthani online at this site, www.swasthani.com and I decided to write a swasthani audio downloader. Since it would be useful for everyone, here is the script.

From the site itself, Sri Swasthani Brata Katha is a very popular ritual observed in Nepal in the Poush month (January – February) during winter. Goddess Sri Swasthani, known to grant wishes of her devotees, is worshipped for the whole month of Poush. The Swasthani Brat Katha (story) is recited everyday. The month long telling of the tales are dedicated to the Goddess and the stories that are mainly narrated are those of Swasthani Devi, Lord Shiva and other Gods.

#!/bin/bash
###############################################
# Swasthani.com Swasthani Ripper       #
# Samar @ http://www.techgaun.com       #
###############################################
if [[ ! -f /tmp/swasthani.txt ]]
then
 wget http://www.swasthani.com/ -O - | egrep '<li class="leaf( first| last)?"><a href="/swasthani/' | grep -o '<a .*href=.*>' | sed -e 's/<a /\n<a /g' | sed -e 's/<a .*href=['"'"'"]//' -e 's/["'"'"'].*$//' -e '/^$/ d' > /tmp/swasthani.txt
fi

while read -r line
do
 wget "http://www.swasthani.com$line" -O - | egrep 'data="soundFile=http://www.swasthani.com/system/files/' | cut -d\" -f6 | cut -d= -f2 | wget -nc -i -
done </tmp/swasthani.txt


Save the above file as swasthani, then chmod for executable permission and run it. If you have problem copying above code, you can check the Swasthani Downloader at GitHub. Enjoy listening Swasthani, geeks :)


Read more...