Thursday, April 17, 2014

Exploit-Dev : Heartbleed (CVE-2014-0160) Final

Updated the source code on April 20, 2014 to version 0.8.




Since the code that wrote at here is not working for getting the RSA Private key from the Heartbleed vulnerable server, I modified another python script at here. This script is developed by mothran. The script use his version tlslite library to write his code.

I modified his code but I have no time to test the most important feature, capture the RSA Private key. If anyone who have time to test the code that I modified for that purpose, please let me know the result. I can be reached at here.

The limitation of the script is not the power of the attacker's machine but the vicitm's server. If you use threading feature, the limitation for the threading may be up to 40. Meanwhile, the screen output of the script will be in a mess. However, I set a private key found flag detection in the script.

Be keep in mind that this script may have bug as it is a Proof-of-Concept code. You are reminded that this code may vulnerable to Lucky-Thirteen.

Furthermore, this code may not trigger the IDS/IPS or iptables rules that is target for the first released exploit code. Hereby, I attached the version 0.3 0.4 0.5 0.6 0.7 0.8 here.

If the code is quit unexpectedly for the first try, it is either the victim is not enabled SSL or the victim is not vulnerable. Meanwhile, it is very interesting to know that when the victim server is under the attack, the loading of the server is very low and there is no entry in the access log of the server. Wonderful, right?

REMARK :

May be I am not so lucky to capture the private key from my lab (Apache with OpenSSL). I cannot capture the private key even running the script for days against my lab virtual machine. Does the private key remains in the memory only in some situation? Or, I am not so lucky? Please let me know the reason, thanks.

UPDATE :

According to the first winner of Cloudflare Challenge, Fedor Indutny that we need some luck to get the private key even you know how to get it.

Found a needle in the haystack!



Version : 0.8



REFERENCE

How I obtained the private key for www.cloudflarechallenge.com - Python
Extracting server private key using Heartbleed OpenSSL vulnerability - Node.js
OpenSSL Heartbleed (CVE-2014-0160) vulnerability scanner, data miner and RSA key-restore tools - Python3

That's all! See you.

Friday, April 11, 2014

Exploit-Dev : Heartbleed (CVE-2014-0160) Reload


Please note that this method may not retrieve the RSA Private key properly but it can retrieve other information from the memory, e.g. session id, cookie, username, password and etc. A working version of the RSA Private key dump will be posted later when it is done.

I modified the Proof-of-Concept by Jared Stafford and Michael Davis at here yesterday. The code is to dump the cookie, session as well as username and password from the memory of the victim server.

If you want to dump the data other than the above mentioned, for example, private key, you need the another method. I modified the source code of Derek Callaway and then monitor the dump by using ngrep.

poc-tls-samiux.py :


exploit-heartbleed.sh :


ngrep-heartbleed.sh :


For the usage, please read the bash script files for details.



See Also : Exploit-Dev : Heartbleed (CVE-2014-0160) Final

That's all! See you.

Thursday, April 10, 2014

Exploit-Dev : Heartbleed (CVE-2014-0160)

Jared Stafford developed a Proof-of-Concept code at here for the bug in OpenSSL namely Heartbleed, CVE-2014-0160. You can test the site in question at Heartbleed test.

To test for the client, you need this site

Michael Davis modified the code of Jared Stafford at here to dump the cookie from the memory of the victim server.

Since some parameters in the source code of Michael Davis are hard coded, I modified his work and make the parameters more feasible. Hereby, I am going to explain how to use this piece of code.



For the default value of port (443), cookie id (session) and length of the cookie (1024) :

python heartbleed-samiux.py victim_server

For customized value of port, cookie id and length of the cookie :

python heartbleed-samiux.py victim_server -p 8080 -c sessionid -l 4096

The result will be printed out on the screen.

Please note that the format of the victim_server should be "samiux.org".

python heartbleed-samiux.py samiux.org

Update for Version 2 (dated April 11, 2014)

This version is updated for handling different version of SSL/TLS.



Related : Exploit-Dev : Heartbleed (CVE-2014-0160) Reload
See Also : Exploit-Dev : Heartbleed (CVE-2014-0160) Final


That's all! See you.

Friday, March 28, 2014

What is AssHat?

We know that there are WhiteHat, GreyHat and BlackHat. So, what is AssHat? Please continue to read ....

When I was searching news about Nicholas Lemonias, I hopped to this site by accident.

After reading the news about Nicholas Lemonias on this site, I found a funny page about Shon Harris, who is a CISSP Superstar and editor of the best selling "CISSP All-In-One Exam Guide".

I have no other intention, just sharing and have a laugh.

Hope you enjoy!

That's all! See you.

Tuesday, March 11, 2014

Ebury SSH Rookit/Backdoor Trojan

About 3 days ago, an Ubuntu user (aka Empire-Phoenix) shouted for help at Ubuntu Forums - Security Discussions that his server has been infected by Ebury SSH Rookit/Backdoor Trojan. In his case, his mail server IP address has been blacklisted due to the infection. His story is here.

CERT Bund has announced the details about this rootkit/backdoor and they also include the Snort rule for the detection. The link is here.

The only solution is to re-install the server(s).

However, the main question is how the intruder(s) compromise our server(s) and install the rootkit? Our server(s) is/are compromised via SSH or other vulnerabilities in the server(s)?

Even if we re-install our server(s) after the infection but leave the unknown factor(s) behind, our server(s) will be infected again. If we installed IDS, we will be notified about the infection but we also need to re-install the server(s) that in question.

I supposed that the server of the captioned Ubuntu user is up-to-date and he had nothing to do with this infection as his server is a production server and he also do not know what is the problem on his server before the infection. The defensive solution is to do penetration test on the server in a regular time and it may prevent this from happening.

Update

More news here.

That's all! See you.

To Be (In)Secure on Kali Linux?

Kali Linux is developed based on Debian 7 (Wheezy). Kali is designed for Penetration Testing and it is running in root privilege. However, almost all the Kali Linux users will also use it as a primary operating system.

When it is using as a Penetration Testing toolkit, the root privilege is in use. When it is using as a primary operating system, the non-root privilege is a good practice. Therefore, a sudoer will be a good choice. However, be keep in mind that sudoer will not guarantee your sudoer account will not be compromised if it equipped with a weak password and easy guess user name.

Penetration Testers or Information Security Researchers will use their browser most of the time as same as other general users. Kali Linux equipped with Iceweasel, which is based on Firefox, and it can use Firefox add-ons. In the BackTrack's old days, we will use "NoScript" Firefox add-on. However, almost all the web sites nowadays are using javascript. It is impossible to disable the javascript or the web broswing experience will be difference. Therefore, "NoScript" is not the solution.

Kali Linux and tools developers cannot guarantee that their products are free from vulnerabilities. How about if we are being intruded when we are doing pentesting? So embarrassing, right?

If we enable firewall when we are doing pentesting, you will shooting on our toes. If we do not enable the firewall when we are using Kali Linux as primary operating system, we will worrying if anyone can attack our box or not.

Now, we know that what we are facing at the moment. Surfing internet with "NoScript" is not a good solution and we maybe facing vulnerabilites. I think that the best solution for Debian based Linux system is Apparmor.

"AppArmor is an effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited. AppArmor security policies completely define what system resources individual applications can access, and with what privileges. A number of default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours." -- Quoted from Apparmor WiKi.

It is very easy to enable Apparmor on Kali Linux. Just passing some kernel parameters when boot and install related packages.

We can enable (or enforce) all the Apparmor profiles (which includes log systems and some services) as well as we can create our own profiles for Iceweasel and any internet connectivity applications, such as HexChat and VirtualBox. If we have Iceweasel Apparmor profile in action, there is no javascript/java malware can successfully attack the browser. For details, We can refer to the documention of Apparmor at here.

Meanwhile, Kali Linux does not equipped with firewall or firewall is not enabled. There is almost no running service by default setting unless you enable it. Therefore, there is no opening port leaving at the Kali Linux box. In general speaking, firewall is not required in this situation.

In conclusion, if we applying Apparmor to Kali Linux, we will not shooting on our toes when doing pentesting. Meanwhile, Apparmor will also give us some protestion on using Kali Linux as Penetration Testing toolkit and as primary operating system. So, we have the balance.

In case you need to disable Javascript, I would recommend to use Firefox Add-ons - QuickJS. One click to disable and enable Javascript on the toolbar.

Reference

HOWTO : Kali Linux 1.0.6 for All Purpose
HOWTO : Perfect Dual Boot Kali Linux 1.0.6 on MacBook Air (Mid 2013) with rEFInd 0.7.7

That's all! See you.

Saturday, March 08, 2014

HOWTO : Perfect Dual Boot Kali Linux 1.0.6 on MacBook Air (Mid 2013) with rEFInd 0.7.7

This tutorial is written for MacBook Air (may be other models of Apple computers) and Kali Linux users who want to dual boot Mac OSX and Kali Linux.

Pros :

(1) Use GRUB2 for EFI
(2) Simple and Easy to Use and Install
(3) Mac OSX can be Encrypted but reqires extra work (not in this HOWTO)
(4) Kali Linux can be Encrypted

Cons :

(1) Conexists with Mac OSX
(2) Kali Linux Bootable Live USB cannot be booted with rEFInd (use Option key to boot instead)

Background

Since Kali Linux 1.0.6 is based on Debian 7.0 (Wheezy) which is not EFI enabled by default, the GRUB2 (EFI) will not be installed when installing Kali Linux 1.0.6.

We need to use rEFInd which installed in Mac OSX and post-install the GRUB2 on Kali Linux. Meanwhile, the old GRUB should be removed before hand; otherwise, you will break the system.

Making of Kali Linux Install USB

Please refer to the Kali Linux Documentation of making the install USB at here.

You can also refer to this article for making a persistence USB for the installation if you do not have "Thunderbolt to Ethernet" or "USB 3.0 Gigabit USB LAN Adapter". These two devices can be recognized by Kali Linux out of the box.

Install rEFInd on MacBook Air

Boot up MacBook Air to Mac OSX. Download the rEFInd binary zip file and extract it. Go to "Downloads/refind-bin-0.7.7" and install the rEFInd.

cd Downloads/refind-bin-0.7.7
sudo ./install.sh --alldrivers


Installation and Partitioning

At the MacBook Air with Mac OSX, execute the "Disk Utility". Create a new partition and making it as two, one is "Macintosh HD" and the new one is "Macintosh HD 2". Applied the change. Then remove the newest created partition (Macintosh HD 2). Do not format it and leave it as is. After that, shut it down.

Insert Kali Linux Live Install USB to the MacBook Air and then power on the MacBook Air with long pressing "Option" key. When the Kali Linux Boot Menu displayed. Select "Live (amd64)" and press "Tab" to append "persistence" at the end of the line. After that, press "Enter". Make sure you are connected to the internet. If not, your install will be failed.

The Kali Linux Live will be launched. Select "Install Kali Linux" from the Menu (Applications -- System Tools). Follow the instructions for the installation. Make sure you have a very strong root password. When you are prompted to do partitioning, you just select "Guided - use the largest continuous free space" for non-encryption installation. Do not select "entire disk" options as it will delete the Mac OSX partitions.

The partitioning for normal install is : /etc/sda1 is EFI, /etc/sda2 is Macintosh HD, /etc/sda3 is Recovery HD, /etc/sda4 is biosgrub (unformatted), /etc/sda5 is / (Kali Linux) and /etc/sda6 is SWAP.

If you want to install whole disk encryption, you need to select "Manual". Do not select "entire disk" options as it will delete the Mac OSX partitions. First of all, create a 400MB to 1024MB EXT2 partition which is mount to "/boot". Then, select "Configure encrypted volumes" and name it as "encrypt_vol" for the remaining available spaces. Choose "/dev/sda free #3" for the encrypt volume. Enter the strong "Encryption passphrase". After that, select "Configure the Logical Volume Manager". Create volume group and name it as "kali". Select "/dev/mapper/sda5_crypt" for the volume group. Select "Create logical volume" and name it as "root" with desired capacity. Re-select "Create logical volume" and name it as "swap" with the remaining spaces. Set mount point "/" as EXT4 for "LVM VG kali, LV root" and "swap" as SWAP for for "LVM VG kali, LV swap".

The encrypted volume should be "sda5_crypt" and it is /dev/sda5 too. We need to get its UUID for the bug fix later. It is because Kali Linux Manual partitioning has a serious bug that not allowing you to boot the box.

The partitioning for encryption install is : /etc/sda1 is EFI, /etc/sda2 is Macintosh HD, /etc/sda3 is Recovery HD, /etc/sda4 is /boot (Kali Linux, EXT2) and /etc/sda5 is Encrypted LVM volume which includes / and SWAP.

When asking for installing the GRUB to MBR, just skip it. We do not need it. If you do so, you will kill the system and you need to reinstall the Mac OSX. After that, wait for the installation to complete.

Install EFI on Kali Linux

When the installation is completed, it will return to the Live Kali Linux. Do not reboot it.

Open a terminal. And complete the following commands :

(A) Normal install without luks encryption

mkdir /mnt/root
mount /dev/sda5 /mnt/root

cd /mnt/root
mount -t proc proc proc/
mount -t sysfs sys sys/
mount -o bind /dev dev/
mkdir boot/efi
mount /dev/sda1 boot/efi

chroot /mnt/root

apt-get --purge remove grub-pc
apt-get --purge autoremove
apt-get install grub-efi-amd64

nano /etc/default/grub


Change from :

GRUB_CMDLINE_LINUX_DEFAULT="quiet"

Change to :

GRUB_CMDLINE_LINUX_DEFAULT="quiet apparmor=1 security=apparmor pcie_aspm=force radeon.dpm=1 acpi_backlight=vendor libata.force=noncq"

grub-install
update-grub

exit
reboot


(B) LVM with luks encryption

blkid /dev/sda5

Write down the UUID and the others for further use.

cryptsetup luksOpen /dev/sda5 sda5_crypt
vgchange -ay kali

mkdir /mnt/root
mount /dev/mapper/kali-root /mnt/root

cd /mnt/root
mount -t proc proc proc/
mount -t sysfs sys sys/
mount -o bind /dev dev/
mount /dev/sda4 boot/
mkdir boot/efi
mount /dev/sda1 boot/efi

chroot /mnt/root

apt-get --purge remove grub-pc
apt-get --purge autoremove
apt-get install grub-efi-amd64

nano /etc/default/grub


Change from :

GRUB_CMDLINE_LINUX_DEFAULT="quiet"

Change to :

GRUB_CMDLINE_LINUX_DEFAULT="quiet apparmor=1 security=apparmor pcie_aspm=force radeon.dpm=1 acpi_backlight=vendor libata.force=noncq"

grub-install
update-grub
update-initramfs -u

exit
reboot


In case if the Kali Linux cannot be booted and drop you to a initramfs shell. Do not panic. We can fix it.

cryptsetup luksOpen /dev/sda5 sda5_crypt
vgchange -ay
exit


The Kali Linux can be booted up fine. Upon booted up, you need to do the following :

update-initramfs -u

exit
reboot

Configuration of rEFInd

Boot to Mac OSX and configure the refind.conf.

sudo nano /EFI/refind/refind.conf

Change from :

scan_all_linux_kernels

Change to :

#scan_all_linux_kernels

Then, you can boot to Kali Linux without problem.

Tailor-made Kali Linux

Boot to Kali Linux. Then configure it by refering to this guide and this guide.

That's all! See you.

Thursday, March 06, 2014

HOWTO : Dual Boot Kali Linux 1.0.6 on MacBook Air (Mid 2013) with rEFInd 0.7.7

A better method to dual boot Kali Linux on MacBook Air with rEFInd is here.


Pros :

(1) Simple to Use and Install
(2) Straight Forward
(3) Easy to Use and Install

Cons :

(1) No GRUB on Kali Linux
(2) Need to be coexist with Mac OSX
(3) Bootloader is situated in Mac OSX
(4) Need to Edit rEFInd configure file when the Kali Linux Kernel is upgraded
(5) The Mac OSX should not be whole disk encrypted
(6) The Kali Linux cannot be full disk encryption

Step 1 :

First of all, you are required to create a bootable USB pendrive for Kali Linux. Please refer to the Kali Linux Documentation for the procedure at here. I recommend to use 4GB (or larger) USB 2.0 pendrive.

Step 2 :

Boot up Macbook Air and resize the existing partition by adding one more partition with "Disk Utilities". After applied the change, you need to delete the partition that you just created (the partition without Mac OSX). Then leave it unformated.

Step 3 :

Go to rEFInd official site and download the binary zip file. Unzip the downloaded file.

cd Download/refind-bin-0.7.7/
sudo ./install.sh --alldrivers


Step 4 :

Insert the bootable Kali Linux USB pendrive and reboot the Macbook Air with long pressing the "Option" or (alt) key. Upon the boot menu is displayed, select the "Windows" icon to boot the Kali Linux.

Make sure you are connected to the internet by "Thunderbolt to Ethernet" or "PCi USB 3.0 Gagabit LAN Adapter UE-1000T-G3". If you want to connect to internet with wifi, you are required to install the wireless driver by following this guide.

Select "Install" or "Graphical Install". When going to the partition part, select "Install on the available free space". Do not select entire disk; otherwise, you will delete the Mac OSX partitions.

Follow the instruction on screen to install. When you are prompted to select where to install the GRUB, just skip it. GRUB is not required to install.

Then finish the install. Reboot and unplug the USB pendrive.

Step 5 :

Boot to Kali Linux via rEFInd Boot Manager menu. Find out the UUID of EXT4 partition. You can find it at /etc/fstab or "System Monitor". You are also required to write down the file names of /boot. After that, reboot to Mac OSX.

Step 6 :

Boot to Mac OSX via rEFInd Boot Manager menu. Go to the /EFI/refind.

cd /EFI/refind
sudo nano refind.conf


Append the following to the end of the file :



* replace the captioned UUID with your UUID; otherwise, it will not be booted up.

* where 'volume "3:"' is the forth partition that the Kali Linux root is situated.

Step 7 :

Reboot and you will see two Linux icons. The first one is detected automatically which has no optional kernel parameters. Select the second Linux icon which is labelled "Kali Linux". If you can boot to the Kali Linux. The setup is almost completed.

Step 8 :

Reboot to Mac OSX again. Go to the /EFI/refind/refind.conf.

Locate "scan_all_linux_kernels" and comment it out with "#" in the front of the line.

Step 9 :

Reboot to Kali Linux and configure the Kali Linux by following this guide and also this guide. Do not follow the "CUDA" part if you have no nVidia display card.

Step 10 :

After done the Step 9, you can reboot to Kali Linux by selecting the only Linux icon. Now, the setup is completed. Enjoy!

Remarks :

If the Kali Linux kernel is upgraded, you need to change the kernel version at the rEFInd config file.

The full disk encryption for Kali Linux and Mac OSX are not supported.

You may consider to add "noatime, nodiratime, discard" to the /etc/fstab.

That's all! See you.

Saturday, March 01, 2014

HOWTO : Kali Linux 1.0.6 for All Purpose

Kali Linux is designed for penetration testing. I am going to make it for daily use operating system as well as for penetration testing.

Installation

Make sure you select full disk encryption when install the Kali Linux on your computer. Your root password should be as strong as possible.

(A) Sudoer

Basic user of Kali Linux is root. For daily usage, a sudoer is much better.

Login as root. Create a new user, e.g. "Samiux" at Applications -- System Tools -- Preferences -- System Settings -- User Accounts. Make sure the new user password is strong enough.

adduser samiux sudo

* where samiux is the new user name.

Then, you need to logout and re-login to make the setting effective. Now, you can use command with "sudo" with your user's password.

(B) Apparmor

It is not effective to use "NoScript" Add-ons on Iceweasel as almost all web pages are using javascript. To protect your browser from being compromised, an alternative way is to implement the Apparmor. Apparmor for Iceweasel can be used in penetration testing and daily use.

sudo apt-get install apparmor apparmor-docs apparmor-notify apparmor-profiles apparmor-utils dh-apparmor python-libapparmor

Edit the /etc/default/grub to make apparmor to active after boot.

sudo nano /etc/default/grub

Locate the following string :

GRUB_CMDLINE_LINUX_DEFAULT="quiet"

To make it looks like :

GRUB_CMDLINE_LINUX_DEFAULT="quiet apparmor=1 security=apparmor"

Then run the following command :

sudo update-grub

After that, create a file namely usr.lib.iceweasel.iceweasel at /etc/apparmor.d/ :

sudo nano /etc/apparmor.d/usr.lib.iceweasel.iceweasel

Copy the following content to the file and save it.



Then change the mode of iceweasel apparmor to enforce by using the following command :

sudo aa-enforce /etc/apparmor.d/usr.lib.iceweasel.iceweasel

To update the rule of apparmor, just run the following command and ask some questions. Most likely, you just need to answer "Allow".

sudo aa-logprof

(C) Iceweasel Add-ons

You may need to install "FoxyProxy" Add-ons to Iceweasel.

sudo apt-get install xul-ext-foxyproxy-standard

You can install any available Add-ons by searching the database :

sudo apt-cache search xul-ext

(D) Power Saving for Laptop

Applying the following setting, your battery life of your laptop will be extended a bit, for example 2 hours battery life more. I have tested this setting on Lenovo ThinkPad X201s and Apple MacBook Air (Mid 2013) with Live USB as well as a Zotac small PC with nVidia display.

Although the i915 is for Intel display, but it is no harm to add them to your box.

nano /etc/modprobe.d/i915.conf

Append the following :

options i915 i915_enable_rc6=1
options i915 i915_enable_fbc=1
options i915 lvds_downclock=1


update-initramfs -u

This file "99macbookair6" is for USB 3.0 power saving. Download this file, "99macbookair6", make it executable and place it at /etc/pm/power.d/99macbookair6



nano /etc/rc.local

Insert the following before "exit 0".

/etc/pm/power.d/99macbookair6 true

Then install the tlp.

nano /etc/apt/sources.list

Append the following :

deb http://ppa.launchpad.net/linrunner/tlp/ubuntu lucid main

Save and exit. Then run the following :

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 02D65EFF

apt-get update
apt-get install tlp tlp-rdw


nano /etc/default/tlp

Change the following values.

DISK_IDLE_SECS_ON_AC=0
DISK_IDLE_SECS_ON_BAT=2
MAX_LOST_WORK_SECS_ON_BAT=60
CPU_SCALING_GOVERNOR_ON_BAT=powersave
DISK_APM_LEVEL_ON_BAT="1 1"
RUNTIME_PM_ALL=1
RESTORE_DEVICE_STATE_ON_STARTUP=1


* Or, leave the /etc/default/tlp settings untouch

To examine the power saving condition, you can install and run "powertop" or/and run "tlp-stat".

sudo apt-get install powertop

sudo nano /etc/default/grub

Locate the following string :

GRUB_CMDLINE_LINUX_DEFAULT="quiet apparmor=1 security=apparmor"

And make it looks like :

GRUB_CMDLINE_LINUX_DEFAULT="quiet pcie_aspm=force apparmor=1 security=apparmor radeon.dpm=1 acpi_backlight=vendor"

Then run the following command :

sudo update-grub

No matter your display card is Intel, nVidia or AMD Radeon, you can apply the captioned setting. Meanwhile, you can alter the settings at the /etc/default/tlp for your display card (any) even the settings labelled as "radeon".

If your laptop is Lenovo ThinkPad, you need to install the following too. After that, restart the tlp or reboot.

sudo apt-get install tp-smapi-dkms acpi-call-tools

(E) Changing Repositories Mirror

If your Kali Linux update/upgrade is slow due to slow mirror, you can hard code the repositories mirror in order to improve the update/upgrade performance.

There is a mirror list of Kali Linux. You can change the mirror at /etc/apt/sources.list by refering to this link.

(F) nVidia CUDA

If you have an nVidia card and wanted to use CUDA to do password cracking, you can refer to this link for the installation.

(G) Some Useful Applications

There are some useful applications that you may want to install to the Kali Linux. You can refer to this link for the installation.

Apparmor for Hexchat (/etc/apparmor.d/usr.bin.hexchat) :



Apparmor for Radiotray (/etc/apparmor.d/usr.bin.radiotray) :



Apparmor for VirtualBox (/etc/apparmor.d/usr.bin.VBox) :



(H) Lenovo ThinkPad TrackPoint

nano /usr/share/X11/xorg.conf.d/20-thinkpad.conf

Copy the following to the 20-thinkpad.conf :



(I) Kali Linux GRUB Background Reborn

After the installation, the GRUB background of the Kali Linux will be blue on black. However, it should be a Kali Linux background. We are going to get it back.

sudo apt-get update
sudo apt-get remove grub-pc
sudo apt-get install grub-pc


After that, you can reboot your computer.

That's all! See you.

Saturday, February 15, 2014

HOWTO : CUDA on Kali Linux 1.0.6

Step 1 :

apt-get install libcudart4 linux-headers-$(uname -r) nvidia-cuda-toolkit

Step 2 :

mkdir /etc/X11/xorg.conf.d

echo -e 'Section "Device"\n\tIdentifier "nVidia GPU"\n\tDriver "nvidia"\n\tOption "NoLogo" "1"\n\tOption "RenderAccel" "1"\n\tOption "TripleBuffr" "true"\n\tOption "MigrationHeuristic" "greedy"\nEndSection' > /etc/X11/xorg.conf.d/20-nvidia.conf


OR

apt-get install nvidia-xconfig
nvidia-xconfig


Step 3 :

Update the boot loader to disable the open source nvidia display driver.

sed 's/quiet/quiet nouveau.modeset=0/g' -i /etc/default/grub
update-grub
reboot


Step 4 (Optional) :

To test the CUDA with multiforcer.

# multiforcer for nvidia (example)
cd /usr/share/multiforcer/
multiforcer -h NTLM -c charsets/charsetall -f test_hashes/Hashes-NTLM-Full.txt --noopencl --nocpu


Step 5 (Optional) :

John the Ripper for CUDA.

# 64-bit
wget http://www.openwall.com/john/g/john-1.7.9-jumbo-7.tar.gz
tar -xvzf john-1.7.9-jumbo-7.tar.gz
cd john-1.7.9-jumbo-7/src
make
make clean linux-x86-64-gpu

cd ../run
./john --help


That's all! See you.

Wednesday, February 12, 2014

HOWTO : Kali Linux 1.0.6 on MacBook Air (Mid 2013) 13 inches

I make a persistence USB pendrive for the Kali Linux 1.0.6 (x86_64). I boot it up and find out that almost everything is working out of the box on my MacBook Air (Mid 2013) 13 inches.

The procedure of making a persistence Kali Linux USB pendrive and how to boot to persistence mode, please refer to the official site of Kali Linux.

One of the out-of-order devices is wireless. The wireless device of my MacBook Air is Broadcom 4360. Since Ubuntu is based on Debian and Kali Linux is based on Debian, I steal the Broadcom STA driver from Ubuntu and apply to Kali Linux.

Wireless


The Broadcom driver of Ubuntu is situated at here.

Step 1 :

apt-get install dkms linux-headers-$(uname -r)

Step 2 :

Download the latest version of the source file.

wget http://ftp.wa.co.za/pub/ubuntu/ubuntu/pool/restricted/b/bcmwl/bcmwl-kernel-source_6.30.223.141+bdcom-0ubuntu2_amd64.deb

dpkg -i bcmwl-kernel-source_6.30.223.141+bdcom-0ubuntu2_amd64.deb


After the installation, the wireless APs will be detected and login.

Keyboard


Step 3 :

The keyboard is not mapping correctly and the following will fix it.

nano /etc/modprobe.d/hid_apple.conf

Append the following :

options hid_apple iso_layout=0
options hid_apple fnmode=1



For reference, please refer to this article.

Power Saving


You can have more than 10 hours battery life if you apply the following.

Step 4 :

nano /etc/modprobe.d/i915.conf

Append the following :

options i915 i915_enable_rc6=1
options i915 i915_enable_fbc=1
options i915 lvds_downclock=1


Step 5 :

Download this file, "99macbookair6", make it executable and place it at /etc/pm/power.d/99macbookair6



nano /etc/rc.local

Insert the following before "exit 0".

/etc/pm/power.d/99macbookair6 true

Step 6 :

nano /etc/apt/sources.list

Append the following :

deb http://ppa.launchpad.net/linrunner/tlp/ubuntu lucid main

Save and exit. Then run the following :

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 02D65EFF

apt-get update
apt-get install tlp tlp-rdw


nano /etc/default/tlp

Change the following values.

DISK_IDLE_SECS_ON_AC=0
DISK_IDLE_SECS_ON_BAT=2
MAX_LOST_WORK_SECS_ON_BAT=60
CPU_SCALING_GOVERNOR_ON_BAT=powersave
DISK_APM_LEVEL_ON_BAT="1 1"
RUNTIME_PM_ALL=1
RESTORE_DEVICE_STATE_ON_STARTUP=1


* Or, leave the /etc/default/tlp settings untouch

Step 7 :

Reboot. Upon bootup, press <tab>, and append "persistence" to launch Kali Linux.

Step 8 :

To examine the power saving condition, you can install "powertop" and run "tlp-stat".

Remark


You can apply the power saving part to any Linux laptop.

If you want to install Kali Linux on your MacBook Air (Mid 2013), you have to fight to EFI.

By the way, this Kali Linux USB pendrive can boot from any laptop that support x86_64 CPU.

If you are using USB 3.0 pendrive, after the making the live USB or updated the live USB, you need to boot it up once on USB 2.0 computer. Otherwise, the USB 3.0 pendrive cannot be bootup on MacBook Air. It is very interesting.

If Kali Linux is installed on the MacBook Air, you need to do the following :

update-initramfs -u

Meanwhile, if Kali Linux is installed on the MacBook Air, you need to add "noatime, nodiratime" to ext4 at /etc/fstab.

For dual boot Kali Linux on MacBook Air, you can refer to this guide.

Reference


(1) Ubuntu Documentation - Apple MacBook Air (Mid 2013)
(2) Debian Documentation - Apple Keyboard
(3) TLP - Linux Advanced Power Management

That's all! See you.

Saturday, February 01, 2014

Interview with a BlackHat

Robert Hansen, who is a holder of CISSP, is the Director of Product Management at WhiteHat Security. He has an interview with a BlackHat who has decided to go legit.

The following are the Blog of Robert Hansen for the interview. Worth to read if you are a law enforcement, whitehat, admin, programmer, users :

Interview with a blackhat - Part 1
Interview with a blackhat - Part 2
Interview with a blackhat - Part 3

That's all! See you.