Read full details here: Linux file system hierarchy v2.0
What is a file in Linux? What is file system in Linux? Where are all the configuration files? Where do I keep my downloaded applications? Is there really a filesystem standard structure in Linux? Well, the above image explains Linux file system hierarchy in a very simple and non-complex way. It’s very useful when you’re looking for a configuration file or a binary file. I’ve added some explanation and examples below, but that’s TL;DR.
Read the rest of it here: Linux file system hierarchy v2.0
#Linux, #Linux-Administration #Linux, #Linux-Administration, #Linux-File-System
Linux How to, Guides and Tutorials, specific to Kali Linux, Graphics card issues, Laptop and CPU temperature, ethical hacking, cracking and general security issues. Visit us at http://www.blackmoreops.com
Thursday, June 18, 2015
Linux file system hierarchy v2.0
Sunday, June 14, 2015
How to create a Bot Net legally? Put that in your ToS, that's how!
Read full details here: How to create a Bot Net legally? Put that in your ToS, that's how!
This is a #rant post, TL’DR.
In summary, you can just create a Chrome, Firefox, iOS, Android extension/plugin/app for free, let it grow bigger overtime and then just sell idle users bandwidth to Bot Net for profit. And you just put that somewhere in your looong ToS that everyone just presses “I Agree, get it over with and let me use the service already”.
Read the rest of it here: How to create a Bot Net legally? Put that in your ToS, that's how!
#Denial-of-Service-Attack-(DoS), #Distributed-Denial-of-Service-Attack-(DDoS), #News #Distributed-Denial-Of-Service-Attack-DDoS, #Rant
Router Hack - How to hack ADSL router using NMAP
Read full details here: Router Hack - How to hack ADSL router using NMAP
Asynchronous digital subscriber line (DSL or ADSL) modem is a device used to connect a computer or router to a telephone line which provides the digital subscriber line service for connectivity to the Internet, which is often called DSL or ADSL broadband. In this guide I will show you show you how to scan IP range for connected ADSL or DSL modem routers and find DSL ADSL router hack remotely. This guide applies to Windows, Linux or Mac, so it doesn’t matter what’s your Operating system is, you can try the same steps from all these operating systems. The term DSL or ADSL modem is technically used to describe a modem which connects to a single computer, through a USB port or is installed in a computer PCI slot. The more common DSL or ADSL router which combines the function of a DSL or ADSL modem and a home router, is a standalone device which can be connected to multiple computers through multiple Ethernet ports or an integral wireless access point. Also called a residential gateway, a DSL or ADSL router usually manages the connection and sharing of the DSL or ADSL service in a home or small office network.
Read the rest of it here: Router Hack - How to hack ADSL router using NMAP
#Cracking, #Hacking, #Kali-Linux, #Security #ADSL-Router, #Cracking, #Hacking, #How-To, #Kali-Linux
Skype bug crashes Windows, iOS and Android versions of Skype application
Read full details here: Skype bug crashes Windows, iOS and Android versions of Skype application
A recent Skype bug discovered by VentureBeat can crash Skype in Windows, iOS and Android versions. All it takes is sending or receiving http://: in a message. It crashes the Windows app if you’re the sender and completely kills it if it’s the one receiving that string of characters. However, the iOS and the Android apps are only affected when they’re the recipient, and Skype for Mac seems to be immune from the issue.
Read the rest of it here: Skype bug crashes Windows, iOS and Android versions of Skype application
#Bugs-(Software-and-Hardware), #News #Crash, #Skype, #Skype-Bug
DoS website using slowhttptest in Kali Linux - slowloris, slow HTTP POST and slow Read attack in one tool
Read full details here: DoS website using slowhttptest in Kali Linux - slowloris, slow HTTP POST and slow Read attack in one tool
SlowHTTPTest is a highly configurable tool that simulates some Application Layer Denial of Service attacks. It works on majority of Linux platforms, OSX and Cygwin – a Unix-like environment and command-line interface for Microsoft Windows. It implements most common low-bandwidth Application Layer DoS attacks, such as slowloris, Slow HTTP POST, Slow Read attack (based on TCP persist timer exploit) by draining concurrent connections pool, as well as Apache Range Header attack by causing very significant memory and CPU usage on the server. Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy, this creates a denial of service. This tool is sending partial HTTP requests, trying to get denial of service from target HTTP server. Slow Read DoS attack aims the same resources as slowloris and slow POST, but instead of prolonging the request, it sends legitimate HTTP request and reads the response slowly.
Read the rest of it here: DoS website using slowhttptest in Kali Linux - slowloris, slow HTTP POST and slow Read attack in one tool
#Denial-of-Service-Attack-(DoS), #Kali-Linux, #Linux, #Security #Denial-Of-Service-Attack, #Linux, #Penetration-Test
How to get Public IP from Linux Terminal?
Read full details here: How to get Public IP from Linux Terminal?
Public addresses are assigned by InterNIC and consist of class-based network IDs or blocks of CIDR-based addresses (called CIDR blocks) that are guaranteed to be globally unique to the Internet. When the public addresses are assigned, routes are programmed into the routers of the Internet so that traffic to the assigned public addresses can reach their locations. Traffic to destination public addresses are reachable on the Internet. For example, when an organization is assigned a CIDR block in the form of a network ID and subnet mask, that [network ID, subnet mask] pair also exists as a route in the routers of the Internet. IP packets destined to an address within the CIDR block are routed to the proper destination. In this post I will show several ways to find your public IP address from Linux terminal. This though seems like a waste for normal users, but when you are in a terminal of a headless Linux server(i.e. no GUI or you’re connected as a user with minimal tools). Either way, being able to get public IP from Linux terminal can be useful in many cases or it could be one of those things that might just come in handy someday.
Read the rest of it here: How to get Public IP from Linux Terminal?
#Command-Line-Interface-(CLI), #How-to, #Linux, #Networking #Command-Line-Interface-CLI, #Linux-Terminal, #Public-IP
Monday, May 18, 2015
DoS website in Kali Linux using GoldenEye
I’ve talked about testing few DoS tools that can put heavy load on HTTP servers in order to bring them to their knees by exhausting resource pools. GoldenEye is the first of those tools and it is one of the newest I discovered in GitHub. You can DoS websites with GoldenEye and bring it down almost within 30 seconds depending on how big their memory pool is. Of course, it wont work on protected servers and servers behind a proper WAF, IDS, but this is a great tool to test your own Web Server for load testing and amend your iptables/Firewall rules accordingly.
You can also use DoS using hping3 to simulate similar attacks or PHP exploit to attack WordPress websites. There’s also few great tools that will allow you view live DDoS attacks maps worldwide in almost realtime.
- Tool Name: GoldenEye
- Author: Jan Seidl
- Website: http://wroot.org/
- This tool is meant for research purposes only and any malicious usage of this tool is prohibited.
- GoldenEye is an python app for SECURITY TESTING PURPOSES ONLY!
- GoldenEye is a HTTP DoS Test Tool.
- Attack Vector exploited: HTTP Keep Alive + NoCache
Types of DoS or DDoS attacks
Let’s go over some very basic info regarding DoS or DDoS attacks. There are basically three types of DoS and DDoS attacks:- Application layer DoS and DDoS attacks
- Protocol layer DoS and DDoS attacks
- Volume-based DoS and DDoS attacks
Application layer DoS and DDoS attacks
Application-layer DoS and DDoS attacks are attacks that target Windows, Apache, OpenBSD, or other software vulnerabilities to perform the attack and crash the server.Protocol layer DoS and DDoS attacks
A protocol DoS and DDoS attacks is an attack on the protocol level. This category includes Synflood, Ping of Death, and more.Volume-based DoS and DDoS attacks attacks
This type of DoS and DDoS attacks includes ICMP floods, UDP floods, and other kind of floods performed via spoofed packets.The word DoS and DDoS is used loosely as when you attack from a single machine, it’s usually considered as a DoS attack. Multiply a single attacker from a botnet (or a group) then it becomes a DDoS attack. There are many explanations to it, but just know that no matter which type of attack it is, they are equally detrimental for a server/network.
Read the rest of it here: DoS website in Kali Linux using GoldenEye
Tuesday, May 12, 2015
Generating self-signed x509 certificate with 2048-bit key and sign with sha256 hash using OpenSSL
With Google, Microsoft and every major technological giants sunsetting sha-1 due to it’s vulnerability, sha256 is the new standard. It seems to be an issue almost all Infrastructure Administrators are facing right now. Those who are using managed PKI console, it’s very easy and straight forward and the signing authority such a Symantec/Verisign or GoDaddy will take care of the signature hash. Users just select if they want to use sha1, sha256 and so on. But for those who have a test infrastructure where you are using self signed SSL/TLS certificate, they need to generate and or replace all their existing certificates with self-signed x509 certificate with 2048-bit key and sign with sha256 hash using OpenSSL. Generating a 2048-bit public key x509 certificate with sha256 digest algorithm is not very tough. But OpenSSL help menu can be confusing. This post would help anyone who had to walk that path of upgrading sha1 or issuing a new self-signed x509 certificate with 2048-bit key and sign with sha256 hash.
Read the rest of it here: Generating self-signed x509 certificate with 2048-bit key and sign with sha256 hash using OpenSSL
Thursday, May 7, 2015
Encrypting and decrypting files with password in Linux
Read full details here: Encrypting and decrypting files with password in Linux
- Put the file in an FTP or Web server the requires a second set of username and passwords.
- To further secure, you can put a firewall rule to allow a single IP/Network to access that location.
- Send the file via email as an attachment.
- Send the file via encrypted email. (double encryption). We will look into email encryption soon.
- Create a torrent file and send it securely as a private torrent if the file is too big. (i.e. movies, large files etc.)
Read the rest of it here: Encrypting and decrypting files with password in Linux
Wednesday, May 6, 2015
Three effective solutions for Google Analytics Referral spam
I published this post darodar.com referrer spam and should you be worried? back in December and I am still seeing a constant influx of frustrated website owners and concerned netizens getting worried about similar spams. I happen to be one of the first to detect this spam and post about it. I didn’t pay much attention to it as referral spam or web analytics is not my primary concern when it comes to computing. Working in IT field for over a decade and specifically IT security, I have a different view on spam and how they can be stopped. I opened my Analytics account yesterday cause I saw 25% traffic increase from Facebook, Twitter and many random sources and 83% increase on the root (“/”) of the server. Well, 25% is nothing, it can happen due to a post going viral. But this wasn’t the case this time as 83% increase was specific to the root (“/”) of the server It seems, our ‘beloved’ ‘Vitaly Popov’ has started a new stream of referral spam. He’s got more crafty as I predicted in my original post. He’s now actually using Facebook, Twitter as referrals including some new domains. In this post I will show three effective solutions for Google Analytics Referral spam.
Some facts about Google Analytics Referral spam:
- By this time you know that Ghost Google Analytics Referrals spam cannot be blocked by .htaccess or web configuration.
- Ghost Google Analytics Referrals spam bots doesn’t really visit your website, so no trace of IP address be found in server logs.
- Ghost Google Analytics Referrals spam only abuse Google Analytics.
- Google Analytics hasn’t done anything about it, yet (officially).
- Google implemented encryption for all of their AdSense traffic.
- Ghost Google Analytics Referrals spam only affects Google Analytics.
- *** Ghost Referrals spam also affecting Yandex and few other search engines.
- As these bots doesn’t visit your website, they have no idea what your page title is. So Analytics will show (“/”) as the page title.
- These Ghost Google Analytics referral spam bots only targets your primary Tracking ID i.e. ‘UA-XXXX-1′
List of known Google Analytics Referral spam domains
Click to open list containing known Google Analytics Referral spam domains:
List of 194 new Google Analytics Referral spam domains
I now have a list of another 194 spammer domains that started yesterday.Click to open list of new 194 new Google Analytics Referral spam domains
So it seems very soon filters wont be enough. Actually it’s already not enough. Despite what the Analytics experts says, you can’t go around every day to filter hundreds of domains. Yes, you could filter for .be (i.e. Belgium) domains, but that’s a whole country we are talking about. So what is the best fix?
Read the rest of it here: Three effective solutions for Google Analytics Referral spam
Thursday, April 23, 2015
Poll: Vote for best USB Wireless cards for Kali Linux
A simple poll for readers to vote for the “Best USB Wireless Cards for Kali Linux”.
There isn’t a “best” card. There is whatever is right for YOU.A common problem in pentest distro such as Kali or BackTrack Linux is when users trying to use a card which is not supported or there just isn’t a supported driver. Most of the following cards are priced below $50USD and they take care of a massive headache and saves time to troubleshoot driver issues rather than investing time to actually do something. With each update these makeshift fixes seems to break old drivers and you end up doing the whole thing again and again.
A good card will allow you to crack WiFi on the fly or at least make it easier. I’ve included only the cards recommended in this post. If you think there’s a different card that worked for you, please put that in the comment section and I will update this poll.
I guess the idea is to come up with as many cards as possible that worked for pentesting. Standard criteria’s to consider:
- Supports monitor mode
- Supports injection
- Works out of the box (plug and play)
Read the rest of it here: Poll: Vote for best USB Wireless cards for Kali Linux
Tuesday, April 21, 2015
Denial-of-service Attack - DoS using hping3 with spoofed IP in Kali Linux
In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, the motives for, and targets of a DoS attack vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. In this article I will show how to carry out a Denial-of-service Attack or DoS using hping3 with spoofed IP in Kali Linux.
As clarification, distributed denial-of-service attacks are sent by two or more persons, or bots, and denial-of-service attacks are sent by one person or system. As of 2014, the frequency of recognized DDoS attacks had reached an average rate of 28 per hour.
Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.
Denial-of-service threats are also common in business, and are sometimes responsible for website attacks.
This technique has now seen extensive use in certain games, used by server owners, or disgruntled competitors on games, such as popular Minecraft servers. Increasingly, DoS attacks have also been used as a form of resistance. Richard Stallman has stated that DoS is a form of ‘Internet Street Protests’. The term is generally used relating to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management.
One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
Denial-of-service attacks are considered violations of the Internet Architecture Board’s Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations.
I recently published another post that shows you DoS attack map in Realtime. So if you got a good connection and enough bandwidth, hey, you might even see your own attack on that map.
Our take on Denial-of-service Attack – DoS using hping3
Let’s face it, you installed Kali Linux to learn how to DoS, how to crack into your neighbors Wireless router, how to hack into a remote Windows machine be that a Windows 2008 R2 server or Windows 7 or learn how to hack a website using SQL Injection. There’s lot’s of guide that explain it all. In this guide, I am about to demonstrate how to DoS using hping3 with random source IP on Kali Linux. That means,- You are executing a Denial of Service attack or DoS using hping3
- You are hiding your a$$ (I meant your source IP address).
- Your destination machine will see source from random source IP addresses than yours (IP masquerading)
- Your destination machine will get overwhelmed within 5 minutes and stop responding.
Read the rest of it here: Denial-of-service Attack - DoS using hping3 with spoofed IP in Kali Linux
Tuesday, April 14, 2015
3D Robotics reveals its new 3DR Solo Quadcopter running on Linux
I am big fan of QuadCopters. Just the look of them reminds me of my childhood fantasies of traveling around unknown alien world on a weirdly looking powerful aircraft. A new drone from 3D Robotics named Solo just got my attention. If you are a fan of QuaCopters, 3DR Solo would definitely blow your mind. It’s stylish, it’s awesomely designed and it can be fitted with a GoPro camera. And as if the alienish, perfectly slick and smooth design was not enough to make you drool, under the hood it’s the first-ever consumer drone run by two full-blown computers running on1 GHz ARM Cortex-A9-powered Linux computer on both the copter and the controller. heavy breathing
Read the rest of it here: 3D Robotics reveals its new 3DR Solo Quadcopter running on Linux
Saturday, April 11, 2015
Website Password hacking using WireShark
Did you knew every time you fill in your username and password on a website and press ENTER, you are sending your password. Well, of course you know that. How else you’re going to authenticate yourself to the website?? But, (yes, there’s a small BUT here).. when a website allows you to authenticate using HTTP (PlainText), it is very simple to capture that traffic and later analyze that from any machine over LAN (and even Internet). That bring us to this website password hacking guide that works on any site that is using HTTP protocol for authentication. Well, to do it over Internet, you need to be able to sit on a Gateway or central HUB (BGP routers would do – if you go access and the traffic is routed via that).
But to do it from a LAN is easy and at the same time makes you wonder, how insecure HTTP really is. You could be doing to to your roommate, Work Network or even School, College, University network assuming the network allows broadcast traffic and your LAN card can be set to promiscuous mode.
So lets try this on a simple website. I will hide part of the website name (just for the fact that they are nice people and I respect their privacy.). For the sake of this guide, I will just show everything done on a single machine. As for you, try it between two VirtualBox/VMWare/Physical machines.
p.s. Note that some routers doesn’t broadcast traffic, so it might fail for those particular ones.
Read the rest of it here: Website Password hacking using WireShark
Monday, April 6, 2015
New Mozilla Firefox Version 37.0 fixed 13 security issues and introduced Opportunistic Encryption support
Mozilla Foundation just released it's latest Firefox (Version 37.0). It's been rolled out for Windows, Mac, Linux and Android operating systems. Those who don't know, it was released on the week of March 31st. Well to be honest, as of writing this article, Version 37.0.1 was already out on April 3, 2015 that fixed 2 more issues since.
Firefox 37 disabled insecure TLS version fallback for site security by default and improved protection against site impersonation via OneCRL centralized certificate revocation. It removed support for DSA which improves certificate and TLS communication security. All in all, a massive overhaul was done in SSL and TLS security space.
Read the rest of it here: New Mozilla Firefox Version 37.0 fixed 13 security issues and introduced Opportunistic Encryption support
Thursday, March 26, 2015
Setup DHCP or static IP address from command line in Linux
Did you ever had trouble with Network Manager and felt that you need to try to setup DHCP or static IP address from command Line in Linux? I once accidentally removed Gnome (my bad, wasn't paying attention and did an apt-get autoremove -y .. how bad is that.. ) So I was stuck, I couldn't connect to Internet to reinstall my Gnome Network Manager because I'm in TEXT mode network-manager was broken. I learned a good lesson. you need internet for almost anything these days unless you've memorized all those manual command.
This guide will guide you on how to setup DHCP or static IP address from command Line in Linux. It saved me when I was in trouble, hopefully you will find it useful as well. In case you've only got Wireless, you can use this guide to connect to WiFi network from command line in Linux.
Note that my network interface is eth0 for this whole guide. Change eth0 to match your network interface.
Static assignment of IP addresses is typically used to eliminate the network traffic associated with DHCP/DNS and to lock an element in the address space to provide a consistent IP target.
Step 1 : STOP and START Networking service
Some people would argue restart would work, but I prefer STOP-START to do a complete rehash. Also if it's not working already, why bother?# /etc/init.d/networking stop [ ok ] Deconfiguring network interfaces...done. # /etc/init.d/networking start [ ok ] Configuring network interfaces...done.
Step 2 : STOP and START Network-Manage
Read the rest of it here: Setup DHCP or static IP address from command line in Linux
Monday, March 23, 2015
Spoof or change MAC address in Linux
Change MAC address in Linux
Read the rest of it here: Spoof or change MAC address in Linux
Monday, March 16, 2015
Free VPN providers of 2015
VPNs allow employees to securely access their company’s intranet while traveling outside the office. Similarly, VPNs securely connect geographically disparate offices of an organization, creating one cohesive network. VPN technology is also used by Internet users to connect to proxy servers for the purpose of protecting personal identity and location.
Benefits of using VPN
Here’s my top 11 reasons why you would want to use VPN services.- VPN provides Privacy and cloaks your IP address.
- Use any network (public or private or free WiFi) with encryption
- Login to your home or Work network from anywhere with confidence.
- Bypass censorship and content monitoring.
- Browse and bypass Firewall and censorship policy at work or Anywhere!
- Access region restricted services from anywhere (i.e. Youtube videos, NetFlix or BBC Player etc.)
- Transfer or receive files with privacy.
- Hide your voice/VOIP calls.
- Use Search Engines while hiding some of your identity.
- Hide yourself
- Cause you like to be anonymous.
Free VPN providers of 2015
Privacy is a realistic goal than anonymity. Privacy is inherently personal and has different definitions for different people, but privacy generally means the ability to exclude information about yourself. Privacy can also mean the right to express yourself. VPN or TOR, nothing makes you truly anonymous, but they can protect your privacy to a greater extent. Here’s 9 free VPN providers of 2015 for you to play with.- HotSpot Shield Free [Windows Only, asked for my Phone Number!]
- Private Tunnel Free [Just 100mb data only]
Read the rest of it here: Free VPN providers of 2015
Wednesday, March 4, 2015
cPanel logs location
cPanel logs location
Finding cPanel logs been always an issue for everyone. cPanel seems to distribute the logs in all over the disk. Saying that, cPanel got a nice Poster that you can print out but the PDF file is 42MB. This post is a collection of all the cPanel logs location for access, Apache, email, error, ftp, mysql, WHM and other possible applications.If you live in USA, Canada or Mexico, they will even send you a high resolution printed copy. Select open in New Window to on the image below to view full-size.
Following log locations are covered in this guide:
- Access logs
- Apache Web Server Logs
- Email logs
- Error logs
- Ftp logs
- MySQL logs and
- WHM logs.
Read the rest of it here: cPanel logs location
Sunday, March 1, 2015
A very detailed guide on how to setup VPN on Kali Linux and Ubuntu
Every day millions of people uses different VPN service providers to protect their online privacy. But it not all VPN providers are as anonymous or as secured or dedicated to protecting your Online privacy as they claim to be. Some VPN service providers even log your activity and if you are living in a country where certain sites are not allowed or you might get prosecuted for doing something as simple as scanning a network (yes, it’s in-fact an offense in many First World countries). I wrote this article on fixing VPN grayed out problem in Kali Linux. Many readers asked me to write a complete guide on how to set up VPN and which ones are secured.
Fact is, I simply cannot test all VPN providers. I cannot vouch for other users experiences and I usually only write stuffs I am sure about. Of many VPN providers, PrivateInternetAccess is claimed to be the best and fastest and according to their ToS and Privacy Policy, they seems to be well praised and recommended by several reviews such as done by TorrentFreak and LifeHacker. I strongly suggest readers to do some research before committing to any providers.
Following eight questions were taken from TF website and I feel that you should be asking yourself the same questions before going for any VPN providers: (I’ve added some comments below, your opinion might be different).
- Do you keep ANY logs which would allow you to
match an IP-address and a time stamp to a user of your service? If so,
exactly what information do you hold and for how long?
- No logs.
- Under
what jurisdictions does your company operate and under what exact
circumstances will you share the information you hold with a 3rd party?
- Out of US, GB or any NATO affiliated countries if possible. But then you compromise on speed. Alternatively suspend user account instead of handing over logs or data.
- What tools are used to monitor and mitigate abuse of your service?
- Other than abuse blocking and service uptime, no monitor at all.
- In the event you receive a DMCA takedown notice or European equivalent, how are these handled?
- Suspend user account instead of handing over logs or data.
- What steps are taken when a valid court order requires your company to identify an active user of your service?
- Suspend user account instead of handing over logs or data.
- Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why?
- I never cared for BT, but I guess no discrimination on any type of traffic.
- Which payment systems do you use and how are these linked to individual user accounts?
- Anything and everything. Best would be BitCoin. Setup own BTminer and pay with that. In that way, little/no online trace whatever.
- What is the most secure VPN connection and encryption algorithm you would recommend to your users?
- AES-128, RSA2048 or higher supported. Don’t use SHA1.
Read the rest of it here: A very detailed guide on how to setup VPN on Kali Linux and Ubuntu
Sunday, February 15, 2015
In light of recent Linux exploits, Linux security audit is a must!
How many Linux vulnerabilities and exploits were exposed since last 6 months? Many! With recent Shellshock, Heartbleed, Poodle, Ghost and maybe many more to come. Suddenly, I didn’t feel that much secure anymore with my Linux as it’s the core packages that are affected.. What’s next? My openVPN is not secured anymore? My SSH session keys are vulnerable? I decided to do a Linux security audit of my Linux system. After setting up an external firewall, I suddenly realized, it’s just too big for me to do it manually. That’s when I found Lynis. Lynis is an open source security auditing tool. It was reasonably well documented and did many things quickly that could’ve took me ages.
For this whole test, I used Lynis free version.
How Linux security audit works?
Lynis will perform hundreds of individual tests to determine the security state of the system. Many of these tests are also part of common security guidelines and standards. Examples include searching for installed software and determine possible configuration flaws. Lynis goes further and does also test individual software components, checks related configuration files and measures performance. After these tests, a scan report will be displayed with all discovered findings.Typical use cases for Lynis:
- Security auditing
- Vulnerability scanning
- System hardening
Installation
You can install Lynis from repository (i.e. using yum or apt-get) but I found that it’s not the most up-to-date version of Lynis. You’re better off downloading it to a local directory and running it from there.Lynis with Installation – package
Although no installation is needed, a common method to use Lynis is installing it via a package. This could be with the repositories provided by the operating system, or a manually created package. Please note that some repositories go for stability and don’t update software after the release, with exception of security updates. This might result in using a very old version of Lynis and is usually not preferred. So before using a package, confirm that updates are provided.Red Hat based: $ sudo yum install lynis Debian based: $ sudo apt-get install lynis
Read the rest of it here: In light of recent Linux exploits, Linux security audit is a must!
Saturday, February 14, 2015
Linux file system hierarchy
What is a file in Linux? What is file system in Linux? Where are all the configuration files? Where do I keep my downloaded applications? Is there really a filesystem standard structure in Linux? Well, the above image explains Linux file system hierarchy in a very simple and non-complex way. It’s very useful when you’re looking for a configuration file or a binary file. I’ve added some explanation and examples below, but that’s TLDR.
What is a file in Linux?
A simple description of the UNIX system, also applicable to Linux, is this:On a UNIX system, everything is a file; if something is not a file, it is a process.This statement is true because there are special files that are more than just files (named pipes and sockets, for instance), but to keep things simple, saying that everything is a file is an acceptable generalization. A Linux system, just like UNIX, makes no difference between a file and a directory, since a directory is just a file containing names of other files. Programs, services, texts, images, and so forth, are all files. Input and output devices, and generally all devices, are considered to be files, according to the system.
In order to manage all those files in an orderly fashion, man likes to think of them in an ordered tree-like structure on the hard disk, as we know from MS-DOS (Disk Operating System) for instance. The large branches contain more branches, and the branches at the end contain the tree’s leaves or normal files. For now we will use this image of the tree, but we will find out later why this is not a fully accurate image.
Read the rest of it here: Linux file system hierarchy
Thursday, February 12, 2015
Kali Linux 1.1.0 kernel 3.18 - Install proprietary NVIDIA driver - NVIDIA Accelerated Linux Graphics Driver
Install NVIDIA driver on Kali Linux 1.1.0
This guide explains how to install proprietary "NVIDIA Accelerated Linux Graphics Driver" or NVIDIA driver on Kali Linux 1.1.0 kernel 3.18 system. By default Kali Linux installs open source NVIDIA drivernouveau
which works great if you just want a display. Open source drivers can be confirmed by using lsmod | grep nouveau
command. But like I said in my previous guides, it doesn't give you 3D
acceleration features or GPU acceleration based applications (such as
CUDA and GPU pass through). That means you MUST install proprietary
NVIDIA driver.The proprietary "NVIDIA Accelerated Linux Graphics Driver" provides optimized hardware acceleration of OpenGL applications via a direct-rendering X server. It is a binary-only Xorg driver requiring a Linux kernel module for its use. The first step is to fully update your Kali Linux system and make sure you have the kernel headers installed.
This guide replaces the old guides
- How to Install NVIDIA Kernel Module CUDA and Pyrit in Kali Linux
- Install proprietary NVIDIA driver on Kali Linux – NVIDIA Accelerated Linux Graphics Driver
- Kali Linux 1.0.7 kernel 3.14 – Install proprietary NVIDIA driver
- Kali Linux 1.1.0 kernel 3.18 - Install proprietary NVIDIA driver - NVIDIA Accelerated Linux Graphics Driver
- Kali Linux 1.1.0 kernel 3.18 - Install NVIDIA driver kernel Module CUDA and Pyrit on Kali Linux – CUDA, Pyrit and Cpyrit-cuda (pending)
I've included as much details I can, including troubleshooting steps and checks but I would like to hear your part of the story, so leave a comment with your findings and issues.
Read the rest of it here: Kali Linux 1.1.0 kernel 3.18 - Install proprietary NVIDIA driver - NVIDIA Accelerated Linux Graphics Driver
Monday, January 12, 2015
Introducing Kali Linux NetHunter and NetHunter supported devices
NetHunter is an Android penetration testing platform for Nexus and OnePlus devices built on top of Kali Linux, which includes some special and unique features. Of course, you have all the usual Kali tools in NetHunter as well as the ability to get a full VNC session from your phone to a graphical Kali chroot, however the strength of NetHunter does not end there.
As an experienced penetration tester or security professional, it is imperative that you trust the tools you work with. One way to achieve this trust is by having full transparency and familiarity with the code you are running. You are free to read, investigate, and change NetHunter protects build scripts for the NetHunter images. All of this goodness from the house of Offensive Security and developers of Kali Linux!
Read the rest of it here: Introducing Kali Linux NetHunter and NetHunter supported devices
Thursday, January 8, 2015
Denial of Service Attack Proof of Concept PHP Exploit for WordPress DoS Attack - CVE-2014-9034
Proof of Concept PHP exploit for WordPress DoS Attack CVE-2014-9034 worked like a charm on my own WordPress website. Surprisingly, CVE-2014-9034 was published for sometime and it seems WordPress still hasn't fixed this issue. I will explain how to use this Proof of Concept tool and test your own WordPress website for vulnerabilities.
WordPress DoS Attack - CVE-2014-9034
Credit for WordPress DoS Attack (Denial of Service Proof of Concept PHP Exploit CVE-2014-9034: WordPress <=4.0) goes to John from http://secureli.com. I will explain how to use this Proof of Concept tool and test your own WordPress website for vulnerability.Searching exploit using searchspoit
How many of you usedsearchsploit
in Kali Linux? It's a nice tool that updates and downloads exploits often. I use it quite extensively along with MetaSploit.Use
searchsploit
to search specific exploits. You can use it like this:root@kali:~# searchsploit wordpress denial
---------------------------------------------|----------------------------------
Description | Path
---------------------------------------------|----------------------------------
WordPress <=4.0 Denial of Service Exploit | /php/webapps/35413.php
Wordpress < 4.0.1 - Denial of Service | /php/webapps/35414.txt
---------------------------------------------|----------------------------------
root@kali:~#
Read the rest of it here: Denial of Service Attack Proof of Concept PHP Exploit for <=4.0 WordPress DoS Attack - CVE-2014-9034