Friday, August 14, 2009

Unpack the Junk instead of Opening it

Today I learned a new and awesome trick for unpacking javascript that is found in packet captures. I have pasted the method below from the original site, along with the link to the author's posting. In short, this is an invaluable tool and makes me love Firefox even more!

Update: This technique can also be used to deobfuscate Yahoo Counters.

[Copied text]
Without any intro – crap that I usually write explaining why I had to write this post, I’m going for the subject. You(general junta or web developers or scared security guys) might see some eval packed javascript which phishing idiots ask you to copy paste on your URL bar and hit enter key.
Unpacking JS is a PITA was an answer that my brain use to give whenever I think about it. Just now, I found a very easy method to convert it into readable Javascript without any extra tool (IE boys, run away) Its very simple in FF or Opera.
FF guys, all you need to do is …
Copy the eval packed JS. something like —- eval(function(p,a,c,k,e,d){e=function(c) …………………. }
Open Error Console on your firefox
Paste the packed JS in Code input tab
Add eval = alert; at the beginning of the code
Hit Evaluate
You will get the proper javascript for the packed javascript. Copy paste it into any code prettifier. It will become perfectly readable. Opera folks, follow this. Packed JS is a huge asset for Phishing as who would have expected that packed JS in this code will make you join around 26 communities and send some stupid message to all your friends without your knowledge as soon as you copy paste some JS code on your URL bar and hit enter.
[End copied text from:]

Monday, August 3, 2009

Setting up Apache Tomcat on CentOS5

This past weekend I decided that I didn't like the performance on my current CentOS5 setup. With that in mind, I set out to re-install and begin, again, to configure from scratch. My whole goal with this server is to eventually have running a: web server, emial server for the family, and local domain for the home network (as opposed to the current workgroup settings.

The re-install of CentOS 5.3 was again a breeze. Although, I didn't get into too many security settings. The thought behind that is that I want to make sure it will work for my needs and then I will tighten it down before publishing any content to the world.

The complicated step was the installation and testing of Apache Tomcat 6.0.20. With that in mind, a short 'how-to' (based upon the below link) is below:

To get started:

1) Files needed:
- These should be saved/moved to: /root
- jre-6u14-linux-i586.bin
- jdk-6u14-linux-i586.bin
- These should be saved/moved to: /usr/share
- apache-ant-1.7.1-bin.tar.gz
- apache-tomcat-6.0.20.tar.gz
2) Directorys needed:
- /usr/java
3) Notes:
- If some of the below process 'aren't found by your bash shell, use /sbin/[servicename]


Install Java (JDK and JRE):

1) move to the java folder:
# cd /usr/java
2) Install JRE and JDK:
# sh /root/jre-6u14-linux-i586.bin
# sh /root/jdk-6u14-linux-i586.bin
- Verify installation. There should be a jre and jdk file in the /usr/java folder

Install ant and Apache

1) move to share folder:
# cd /usr/share
- Install ant first:
# tar -xzf apache-ant-1.7.1-bin.tar.gz
- install apache tomcat
# tar -xzf apache-tomcat-6.0.18.tar.gz

Enable Ant linkage

# ln -s /usr/share/apache-ant-1.7.1/bin/ant /usr/bin

Configure environmental variable:
- move to folder with
#cd /usr/share/apache-tomcat-6.0.20/bin
- open in your favorite editor (I used vi)
- add as a second line:
- JAVA_HOME=/usr/java/jdk1.6.0_14

Test config

# cd /usr/share/apache-tomcat-6.0.20/bin
# ./

Check for error log
# less /usr/share/apache-tomcat-6.0.18/logs/catalina.out

Run the startup file (I may have to edit file location...doing this from memory)
#cd /usr/share/apache-tomcat-6.0.20/bin
# ./

A startup script can be found on the below link. This script can be used to cause tomcat to start automatically at system startup. I did test this script on my original install, but opted not to use it this time (remember, I reloaded CentOS to try to clear up performance issues). I should note that the below link uses older versions of java (update 10) and of apache tomcat (6.0.18).

My end result is that my service works as it should, I set up a DynDNS account to test it, and I am now ready to re-build my website and move my domain.