Probably you know Campus Party, one of the most important technological events in the world. Well, a special edition of Campus Party will take place in Madrid (Spain) from 14th – 18th April and all people from European Union Countries are invited to come.

The requirements to get one of the 800 invitations are have >= 18 years, be from an European Union Country, have an active technological project and be accepted by the organization (be fast, they are looking for people from EU) :)

If you are invited, you won’t have costs of transport, hotel or food … all is provided here.

In addition, this edition have an important focus on security and networks. It will have a “hack” game (something like CTF), and important speakers like Joanna Rutkowska or Stefano Di Paola ;-)

I am invited, and will be in Innovation / Networks & Security area. (The presented project was PenTBox).

Here I bring you links to take more information and instructions to send your project.

CP EU Home

The event

Innovation awards to present your project

Nothing more, I’ll see you in CP ;-D

Version 1.3.1
————-
- Added kB/s in TCP DoSer and TCP AutoDoSer.
- Fixed bug in packets counter in TCP DoSers.
- Updated readmes, now are more explicit and clear.
- Code revision (optimization, no bugs founded).

You can download it from the Download area

Version 1.3
———–
- Added Crypt Ruby and RubyRc4 libraries.
- Added GOST, ARC4 and Rijndael (aka AES) 256 bits ciphers to Secure IM.
- Improvements in error exceptions and connection on Secure IM.
- fileencr.rb included -> Files encryptor and decryptor that uses Rijndael 256 bits, GOST and ARC4 ciphers.
- Included srand(time.now.to_i) function in programs that use random numbers.
- Added “Packets per second” in TCP DoSer and TCP AutoDoSer.
- Minor changes in titles of programs.

You can download it from the Download area

I’ve been working on Secure Instant Messaging module and I have add new modes to work. Probably I will release a minor version with only this new changes.

At this moment, PenTBox 1.2 version only has the Base64-based mode. Obviously, it is not secure at all … is a PoC, a prototype.

Here I give you the description of all modes that probably will be in this future release. Extracted from the .rb file that is being developed:

——————————–

// Secure Instant Messaging // # Description.

This program is a direct instant messaging room creator between client and server, without Microsoft servers, or something like that.

- Base64 based encoding -> Is the first implementation used in the protocol, and it is so INsecure. Is not recommended for use, only for study purposes.

- GOST encryption -> A cipher designed and used in the past by the USSR, very secure.
This mode uses an encryption key by default. It is very comfortable and secure, the problem is that if an attacker know that we are using PenTBox with this mode and know how it works, then probably he can decrypt the traffic. Yes, it is very paranoid but … could happen :)

- ARC4 encryption -> A good and fast cipher but not secure at all. Used in WEP and TLS/SSL.
The encryption key is defined in the connection, the server and the client must know and enter it.

- Blowfish encryption -> A cipher designed by Bruce Schneier, very strong and secure by the moment.
The encryption key is defined in the connection, the server and the client must know and enter it.

Note: In the last 3 modes, the key is sent in a SHA512 hash.
Note 2: GOST and Blowfish use CBC (Cipher Block Chaining).

——————————–

At this moment only GOST mode is finished, ARC4 and Blowfish modes are under developement.

Here a screenshot of a chat room working with GOST mode, and Wireshark sniffing the encrpted traffic:

Suggestions? Ideas? Contact me or comment ;-)

UPDATE: Finally, the Blowfish mode was remplaced by Rijndael (AES) mode. The implementation is exactly the same.

Version 1.2
———–
- Added “beep() when intrusion” option in Honeypot.
- Added save log option in Honeypot.
- Fixed minor bugs.
- Updated GNU/GPLv3 License to 2010.
- Updated Readmes.
- Two new banners at startup.
- fuzzer.rb included -> Fuzzer to find vulnerabilities.
- hexa.rb deleted -> In Internet are a lot of converters.
- Now Secure password generator erases the variables from memory at the end.

You can download it from the Download area

Yes, the iPod suffers a lot, nothing more to say :)

Version 1.1
———–
- sec_im included -> Secure IM Client, more info in the program.
- Improved Honeypot stability against DoS/DDoS Attacks.
- Improved general ortography and graphics.
- Added a lot of new code comments.
- Deleted Spanish code comments.
- Optimized tcp_dos.rb and tcp_dos_auto.rb
- Fixed small bugs in hash_cracker.rb
- hexa.rb included -> Hexadecimal converter.
- Re-Maked Menus.
- syn_dos.rb -> Modified Nmap installation and action command.

In addition, PenTBox has been tested on Ruby 1.9 and 1.9.1. Works fine!

You can download it from the Download area

I run the Honeypot, opening port 80. And as we can see, by the moment it works fine.

IMAGE UNAVAILABLE

Now, I will launch a DoS against port 80.

dos_honeypot

And 5 seconds later, Honeypot crashed.

honeypot_crashed

Yes, I should improve the stability of the Honeypot, Im working on it ;-)

Version 1.0.1
————-
- Modified code to be clearest and more simple in all archives.
- Added more exceptions in Honeypot.
- Modified Default Web configuration in Honeypot.
- Fixed traduction problems in Readmes.
- Modified Windows .bat Loader.
- Base64 deleted from digest.rb and hash_cracker.rb.
- Added this changelog.txt in the pack.

You can download it from the Download area ;-)

You can download it from the Download area ;-)