Author: nick

New Page Added

/ nick / 1 Comment

It’s been a long time but I’ve finally added a new page. You can find a link to it in the top menu bar. I’ve been tracking passive DNS requests out of North Korea. It’s not perfect and it doesn’t seem like anything resolves but I wanted to at least get it added as I start to look into it more.

New Red Star Vuln?

/ nick / Leave a comment

I was looking for some vulns in red star the other day and I noticed that I couldn’t log into the VM with the root creds. Not sure if it was something in the scans but working backwards now to see what I can find.

Configuring Red Star Server

/ nick / Leave a comment
Just some notes for getting up and running with red star server: Set language to English: vi /etc/sysconfig/i18n in the file: LANG=”en_US.UTF-8″ Elevate root user permissions: sadm -s sadm -r secadmin_r setenforce 0 service iptables stop beam-setup Note that once you configure beam you can start either beam or rssmon with the following: service beam/rssmon start Some translations if you run into errors: [root@localhost beam]# sadm -s 암호가 이미 존재합니다. 변경하려면 y를 누르고 변경하지 않으려면 n을 누르십시오: [root@localhost beam]# sadm -s Password already exists. Press y to change or n to not change: —————————————————————————————————————————————————- [root@localhost beam]# sadm -r secadm_r 보안관리자암호 : 암호가 정확하지 않습니다. 다시입력하십시오. 2번 남았습니다. 보안관리자암호 : …………….가입………… [root@localhost beam]# sadm -r secadm_r Security administrator password: The password is incorrect. Please re-enter. 2 times left. Security administrator password: …………….join………… —————————————————————————————————————————————————- [root@localhost beam]# sadm -s 암호가 이미 존재합니다. 변경하려면 y를 누르고 변경하지 않으려면 n을 누르십시오:y 현재 암호 : 새 암호 : 암호 확인 : 암호가 설정되였습니다. [root@localhost beam]# sadm -s Password already exists. Press y to change or n to not change: y Current password: New password: Confirm password: Your password has been set.
[root@localhost ~]# beam-setup **************************************** 《빛발》관리자의 식별자와 암호를 설정합니다. 관리자의 식별자: admin 관리자암호: 암호확인: **************************************** 《빛발》에 리용할 포구번호를 설정합니다. 포구번호:90 포구번호는 10000이상 65536이하여야 합니다. 포구번호:10000 빛발설정이 완료되였습니다. service beam start 지령으로 《빛발》을 실행할수 있습니다. [root@localhost ~]# rssmon-setup 봉사기감시프로그람은 이미 설정되여있습니다. [root@localhost ~]# beam-setup **************************************** Set the administrator’s identifier and password. Administrator’s identifier: admin Administrator password: Confirm Password: **************************************** Set the muzzle number to be used in 《Lights》. Port number: 90 Port number must be between 10000 and 65536. Port number:10000 Light setting is complete. service beam start You can execute 《Lights》 by command. [root@localhost ~]# rssmon-setup The volunteer watchdog program is already set up.

New IP Address

/ nick / Leave a comment

I’m not sure when this changed, or if it’s legitimate but it looks like https://ipinfo.io/194.50.111.122 is now showing as located in North Korea.

Seems to be a number of websites reporting the same thing. Whois data from Domain Tools give a little more information. Seems to be used for routing purposes with anycast

% Abuse contact for ‘194.50.111.122 – 194.50.111.122’ is ”

inetnum: 194.50.111.122 – 194.50.111.122
netname: KP-SECUREBIT-20200202
descr: Securebit Anycast Network Democratic People’s Republic of Korea
country: KP
admin-c: SBAC-RIPE
tech-c: SBTC-RIPE
status: ASSIGNED PA
mnt-by: SBMT
created: 2020-02-02T02:03:44Z
last-modified: 2020-02-02T02:03:44Z
source: RIPE