The following videos are making by Rapid7.
What is a Penetration Test?
Justifying your Penetration Testing budget
That's all! See you.
Sunday, June 23, 2013
REVIEW : MacBook Air (Mid 2013)
In 70's, I was attracted by Apple ][. I then started to learn how to program in BASIC. Apple products were very expensive that I could not afford when I was a teenager. Later, IBM PC launched. Everyone focused to it in my country. I started to use PC DOS in 80's. In 90's, everyone was using Windows. I was attracted by the concept of Open Source and started to learn Linux in 90's.
I have some experience in using Windows but except the Windows 8. I have been using Linux for over 15 years. Last year, I was attracted by MacBook Pro Retina. I bought one and it was the highest model of MacBook Pro. It is Intel i7 CPU, 16GB RAM and 768GB SSD as well as 15" Retina display. It comes with Mac OS X 10.8.x. When the new MacBook Air comes out in Mid 2013, I bought one. It is 13", Intel i7 CPU, 8GB RAM and 512GB SSD. Meanwhile, I also purchased 3TB Time Capsule.
After using Mac OS X with Pro and Air for months and days, I like Apple products very much. It is very well designed. Users are not required to have much computing knowledge. Almost all her products are plug and play.
The boot up time is in several seconds with SSD. The Time Machine is working great that I do not need to take part in the operation. It is 100% automatically backup your Mac hourly, monthly and yearly. The Time Capsule recognised my network automatically and no setting is required. The WiFi feature of the Time Capsule is one of the function in my network in a ease.
My MacBook Pro/Air comes with some useful programs, such as iMove, which is very useful for me to record the screen by QuickTime and then edit with iMove. You can also learn how to use iMove in Apple's Workshop. It is free of charge. Meanwhile, Apple's programs are not as expensive as Windows. It is just several dollars or just a hundred something (USD).
Being an experienced Linux user, I find out that Linux Desktop cannot beat Mac OS X, even Ubuntu Desktop cannot. The learning curve for Mac OS X is none comparing with Linux and Windows. Mac OS X and Linux are not required to use Anti-Virus programs. Meanwhile, Mac OS is lesser vulnerability than Linux and Windows.
In conclusion, if you want to switch from Windows or Linux, Mac is your first choice. I grantee you will 100% satisfied.
That's all! See you.
I have some experience in using Windows but except the Windows 8. I have been using Linux for over 15 years. Last year, I was attracted by MacBook Pro Retina. I bought one and it was the highest model of MacBook Pro. It is Intel i7 CPU, 16GB RAM and 768GB SSD as well as 15" Retina display. It comes with Mac OS X 10.8.x. When the new MacBook Air comes out in Mid 2013, I bought one. It is 13", Intel i7 CPU, 8GB RAM and 512GB SSD. Meanwhile, I also purchased 3TB Time Capsule.
After using Mac OS X with Pro and Air for months and days, I like Apple products very much. It is very well designed. Users are not required to have much computing knowledge. Almost all her products are plug and play.
The boot up time is in several seconds with SSD. The Time Machine is working great that I do not need to take part in the operation. It is 100% automatically backup your Mac hourly, monthly and yearly. The Time Capsule recognised my network automatically and no setting is required. The WiFi feature of the Time Capsule is one of the function in my network in a ease.
My MacBook Pro/Air comes with some useful programs, such as iMove, which is very useful for me to record the screen by QuickTime and then edit with iMove. You can also learn how to use iMove in Apple's Workshop. It is free of charge. Meanwhile, Apple's programs are not as expensive as Windows. It is just several dollars or just a hundred something (USD).
Being an experienced Linux user, I find out that Linux Desktop cannot beat Mac OS X, even Ubuntu Desktop cannot. The learning curve for Mac OS X is none comparing with Linux and Windows. Mac OS X and Linux are not required to use Anti-Virus programs. Meanwhile, Mac OS is lesser vulnerability than Linux and Windows.
In conclusion, if you want to switch from Windows or Linux, Mac is your first choice. I grantee you will 100% satisfied.
That's all! See you.
Sunday, June 09, 2013
HOWTO : CERT Basic Fuzzing Framework (BFF) on Ubuntu Desktop 12.04 LTS
BFF is a fuzzing framework.
Step 1 :
Step 2 :
Step 3 :
Reboot your system.
Step 4 :
To run it (for the examples).
The result is located at
The example is situated at
To quit it.
Step 5 (Optional) :
Please read the Download page for detail of installation of Debian based virtual machine fuzzer. The BFF is running under the virtual machine (VMWare).
ImageMagick Fuzzing Tutorial
Analyzer Scripts Tutorial
Fuzz Testing: Vulnerabilities and Exploit mitigation (PDF)
That's all! See you.
Step 1 :
sudo -sH
mkdir /opt/bff
cd /opt/bff
wget http://www.cert.org/download/bff/BFF-2.6.zip
unzip BFF-2.6.zipStep 2 :
sudo -sH
apt-get install python-numpy python-scipy valgrind libtool libcaca0 caca-utils zzuf python-memcache imagemagickStep 3 :
sudo -sH
mv /usr/bin/strip /usr/bin/strip-original
ln -s /bin/true /usr/bin/strip
ln -s /usr/bin/convert /root/convert
echo "kernel.randomize_va_space=0" >> /etc/sysctl.confReboot your system.
Step 4 :
To run it (for the examples).
sudo -sH
cd /opt/bff
./batch.shThe result is located at
/root/results.The example is situated at
/opt/bff/seedfiles/examples. Those are .bmp, .gif, .ppm and .psd files only. You can fuzz binary file too.To quit it.
cd /opt/bff
./reset_bff.sh 1Step 5 (Optional) :
wget http://www.cert.org/download/bff/DebianFuzz-2.6.zipPlease read the Download page for detail of installation of Debian based virtual machine fuzzer. The BFF is running under the virtual machine (VMWare).
ImageMagick Fuzzing Tutorial
Analyzer Scripts Tutorial
Fuzz Testing: Vulnerabilities and Exploit mitigation (PDF)
That's all! See you.
Thursday, June 06, 2013
HOWTO : T50 on Ubuntu Desktop 12.04 LTS
T50 Experimental Mixed Packet Injector (f.k.a. F22 Raptor) is a tool designed to perform "Stress Testing". The concept started on 2001, right after release
'nb-isakmp.c', and the main goal was having a tool to perform TCP/IP protocol fuzzer, covering common regular protocols, such as: ICMP, TCP and UDP.
It also can simulate Distributed Denial-of-Service and Denial-of-Service attacks, validating firewall rules, router ACLs, Intrusion Detection System and Intrusion Prevention System policies.
Step 1 :
Step 2 :
To run it.
That's all! See you.
It also can simulate Distributed Denial-of-Service and Denial-of-Service attacks, validating firewall rules, router ACLs, Intrusion Detection System and Intrusion Prevention System policies.
Step 1 :
sudo -sH
cd /opt
git clone https://github.com/merces/t50.git
cd t50
make
make installStep 2 :
To run it.
sudo -sH
cd /opt/t50
./t50 192.168.10.100 --flood --turbo --dport 80 -S TCP UDP EIGRP OSPFThat's all! See you.
Monday, June 03, 2013
HOWTO : DirBuster on Ubuntu Desktop 12.04 LTS
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.
Step 1 :
Step 2 :
To run it.
That's all! See you.
Step 1 :
sudo -sH
cd /opt
wget "http://downloads.sourceforge.net/project/dirbuster/DirBuster%20%28jar%20%2B%20lists%29/1.0-RC1/DirBuster-1.0-RC1.tar.bz2?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fdirbuster%2Ffiles%2FDirBuster%2520%2528jar%2520%252B%2520lists%2529%2F1.0-RC1%2F&ts=1370262745&use_mirror=nchc" -O DirBuster-1.0-RC1.tar.bz2
tar -xjvf DirBuster-1.0-RC1.tar.bz2
mv DirBuster-1.0-RC1 DirBuster
rm DirBuster-1.0-RC1.tar.bz2Step 2 :
To run it.
sudo -sH
cd /opt/DirBuster
./DirBuster-1.0-RC1.shThat's all! See you.
Sunday, June 02, 2013
HOWTO : TP-Link TL-WR1043ND as WiFi Pineapple Made Easy
Please be informed that this tutorial is written for Pineapple Mark IV only
Hardware
(1) TP-Link TL-WR1043ND v1.x
(2) SanDisk Cruzer Fit USB Flash Drive (8GB)
Software
(1) OpenWrt
(2) Wifi Pineapple firmware
Wifi Pineapple is created by Hak5. It is quite expensive device. It is also named as Jasager (in German). The meaning in English is "Yes Man".
Wifi Pineapple is the Rouge Wifi Access Point (AP) to answer “Yes” to all Wifi probe requests by mobile devices.
If a Wifi client is looking for the SSID of Macdonld the Pineapple (or Jasager) will reply “That’s Me!”. If another Wifi client is looking for an SSID of Starbucks, again the Pineapple will reply “That's Me!”
Once victims' mobile devices connected to Wifi Pineapple, you can carry out a Man-in-the-Middle attack against the victims.
Now, we are going to make a custom Wifi Pineapple in a much cheaper price, e.g about $62-USD or less in a much more simply way.
You may also consider to buy 3 TP-Link 8dBi Indoor Omni-directional Antenna (TL-ANT2408CL) for $8-USD each.
Basically, TL-WR1043ND is faster and the wifi signal is stronger than TL-MR3020.
Step 1 :
To download the OpenWRT (Attitude Adjustment 12.09, r36088 - at this time of writing) :
If you are fresh install from the stock version of the TP-Link TL-WR1043ND -
If you are upgrade from the previous installed OpenWRT -
Configure your computer to static IP address :
Connect the TL-WR1043ND to your computer with cable. The default IP address of stock TP-Link TL-WR1043ND is
The username and password of the stock TP-Link TL-WR1043ND are both "
Go to the "
Step 2 :
Once upgraded to OpenWRT, your device's IP address will changed to
Configure your computer to static IP address :
Then set the very STRONG root password at "
To enable DHCP at "
If you take too much time to re-load the page, it is fine. It is because the IP address cannot be get. Just go ahead.
Now, connect your ethernet cable to the TL-WR1043ND and your existing router. Connect your computer to the TL-WR1043ND via wifi and the SSID is "
Once you get the IP address, such as
Make sure you complete the following step as it enable the wireless interface :
Point your browser to
Enter your just created very STRONG root password.
Install the following packages :
Step 3 :
Format your USB pendrive (8GB) as ext4 and swap, e.g. 2GB for swap (sda1) and 6GB for ext4 (sda2).
Then insert the USB pendrive to the TL-WR1043ND. Execute the following command line by line.
Step 4 :
Change the content as the following :
The following is the command for the vi if you do not familiar with vi :
i - go to the insert mode and ready for edit
Esc - exit from insert mode
:w - write the changes to the file
:q - quit the vi
Then type the following command to reboot the device :
Once it boot up again, you login to it via ssh.
To check if the USB pendrive is mounted as "
Step 5 :
Turn off the TL-WR1043ND and take the USB Pendrive out from the TL-WR1043ND and insert to your computer.
Back up the USB Pendrive to your computer.
*** Where
You also need to make a backup of the
Do not take out the USB Pendrive from your computer.
Step 6 :
Download the upgrade package of Pineapple to your computer, such as Ubuntu :
Install unsquashfs on your Ubuntu if you do not have it :
Extract the files from the
Copy the requested directories to the USB Pendrive.
Step 6a :
To allow the victim to surf the internet via Pineapple, you need to change the DNS and Gateway at
Step 7 :
Insert back the USB Pendrive to TL-WR1043ND.
The Pineapple SSID will be "
Step 8 (Connectivity) :
The following is one of the ways to use the Pineapple (TL-WR1043ND) by the way of tethering :
Connect your laptop to internet via wireless or 3G.
Set Wired Connection at the Network Manager of the Ubuntu to :
Uncheck
Then connect the CAT5/5e/6 cable to the Pineapple and your laptop.
At the laptop, download the script.
The source code of wp4.sh :
Now, your computer (laptop) can access internet and also can access the TL-MR3020. Victims can also access the internet when they connected to your Pineapple.
Once you want to reset what wp4.sh set, you need to run the following script that is created by me.
When the TL-WR1043ND is rebooted, you need to run
Important
There are TWO important things you should NOT do, otherwise, you will brick the TL-WR1043ND. They are :
First - Do NOT upgrade the OpenWrt from the web interface as the USB pendrive will not be mounted. Unless, you install the related packages again as above stated.
Second - Do NOT upgrade the Pineapple in the normal way. Make sure keep away from the
Third - Do NOT long press the "
Fourth - Some infusions (or modules) cannot be installed as it required to install to USB storage but you have not. (the user of Hak5 forum, newbi3, advised the solution and I think this solution is the best.)
Remarks
The Karma is not so powerful as the Android 4.0.4 or up will not do the probe requests. Meanwhile, victims need to connect to the open network instead of encrypted. Otherwise, Karma will not work.
The final word is that I think we can build one with the same or similar steps and procedure for TP-Link TL-WR703N too (however, I cannot get WR703N in my country) or TP-Link TL-MR3040 (self battery powered). However, it may take risk. Make sure you have the same version/revision of the router and the OpenWrt firmware. Otherwise, you may brick the router. I Just bricked a TP-Link TL-MR3220v2 :P.
Reference
Blue for the Pineapple
The beginners guide to breaking website security with nothing more than a Pineapple
Getting Started with the Wi-Fi Pineapple IV (Video)
Security4Plus Youtube Channel (Video)
How To: Configure a WiFi Pineapple For Use With Mac OS X (Video)
The Wifi Pineapple Book - Free Download
WiFi Pineapple – First Impression
You just can't trust wireless: covertly hijacking wifi and stealing passwords using sslstrip
All about WiFi Pineapple (Video)
That's all! See you.
Hardware
(1) TP-Link TL-WR1043ND v1.x
(2) SanDisk Cruzer Fit USB Flash Drive (8GB)
Software
(1) OpenWrt
(2) Wifi Pineapple firmware
Wifi Pineapple is created by Hak5. It is quite expensive device. It is also named as Jasager (in German). The meaning in English is "Yes Man".
Wifi Pineapple is the Rouge Wifi Access Point (AP) to answer “Yes” to all Wifi probe requests by mobile devices.
If a Wifi client is looking for the SSID of Macdonld the Pineapple (or Jasager) will reply “That’s Me!”. If another Wifi client is looking for an SSID of Starbucks, again the Pineapple will reply “That's Me!”
Once victims' mobile devices connected to Wifi Pineapple, you can carry out a Man-in-the-Middle attack against the victims.
Now, we are going to make a custom Wifi Pineapple in a much cheaper price, e.g about $62-USD or less in a much more simply way.
You may also consider to buy 3 TP-Link 8dBi Indoor Omni-directional Antenna (TL-ANT2408CL) for $8-USD each.
Basically, TL-WR1043ND is faster and the wifi signal is stronger than TL-MR3020.
Step 1 :
To download the OpenWRT (Attitude Adjustment 12.09, r36088 - at this time of writing) :
If you are fresh install from the stock version of the TP-Link TL-WR1043ND -
wget http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/openwrt-ar71xx-generic-tl-wr1043nd-v1-squashfs-factory.binIf you are upgrade from the previous installed OpenWRT -
wget http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/openwrt-ar71xx-generic-tl-wr1043nd-v1-squashfs-sysupgrade.binConfigure your computer to static IP address :
IP address : 192.168.0.10
Gateway : 192.168.0.1Connect the TL-WR1043ND to your computer with cable. The default IP address of stock TP-Link TL-WR1043ND is
192.168.1.1. Then browse to the stock IP address.The username and password of the stock TP-Link TL-WR1043ND are both "
admin".Go to the "
System Tools" -- "Firmware Upgrade" to upgrade from the just downloaded .bin file.Step 2 :
Once upgraded to OpenWRT, your device's IP address will changed to
192.168.1.1.Configure your computer to static IP address :
IP address : 192.168.1.10
Gateway : 192.168.1.1Then set the very STRONG root password at "
System" -- "Administration".Network -- Wifi -- Generic MAC80211 802.11bgn (radio0) -- DisableNetwork -- Wifi -- Generic 802.11 Wireless Controller (radio1) -- EnableSave & ApplyTo enable DHCP at "
Network" -- "Interfaces" - "LAN" -- "Edit" -- select "DHCP Client" and select "OpenWrt" by clicking "Switch Protocol".Save & ApplyIf you take too much time to re-load the page, it is fine. It is because the IP address cannot be get. Just go ahead.
Now, connect your ethernet cable to the TL-WR1043ND and your existing router. Connect your computer to the TL-WR1043ND via wifi and the SSID is "
OpenWrt".Once you get the IP address, such as
192.168.1.100, you can connect to the TL-WR1043ND via ssh.Make sure you complete the following step as it enable the wireless interface :
Point your browser to
http://172.16.42.1/index.htmlNetwork -- Wifi -- Generic MAC80211 802.11bgn (radio1) -- Enablessh 192.168.1.100 -lrootEnter your just created very STRONG root password.
Install the following packages :
opkg update
opkg install kmod-usb-storage
opkg install kmod-fs-ext4
opkg install block-mountStep 3 :
Format your USB pendrive (8GB) as ext4 and swap, e.g. 2GB for swap (sda1) and 6GB for ext4 (sda2).
Then insert the USB pendrive to the TL-WR1043ND. Execute the following command line by line.
mkdir -p /mnt/sda2
mount /dev/sda2 /mnt/sda2
mkdir -p /tmp/cproot
mount --bind / /tmp/cproot
tar -C /tmp/cproot -cvf - . | tar -C /mnt/sda2 -xf -
umount /tmp/cproot
umount /mnt/sda2Step 4 :
/etc/init.d/fstab enable
/etc/init.d/fstab startvi /etc/config/fstabChange the content as the following :
config mount
option target /
option device /dev/sda2
option fstype ext4
option options rw,sync
option enabled 1
option enabled_fsck 0
config swap
option device /dev/sda1
option enabled 1The following is the command for the vi if you do not familiar with vi :
i - go to the insert mode and ready for edit
Esc - exit from insert mode
:w - write the changes to the file
:q - quit the vi
Then type the following command to reboot the device :
rebootOnce it boot up again, you login to it via ssh.
To check if the USB pendrive is mounted as "
/" or not :mount
dfStep 5 :
Turn off the TL-WR1043ND and take the USB Pendrive out from the TL-WR1043ND and insert to your computer.
Back up the USB Pendrive to your computer.
mkdir wr1043nd
sudo cp -R /media/1234....1123/* ~/wr1043nd/
sudo cp -R ~/wr1043nd/lib ~/wr1043nd/lib-original*** Where
/media/1234....1123/ is different from yours.You also need to make a backup of the
/lib directory.Do not take out the USB Pendrive from your computer.
Step 6 :
Download the upgrade package of Pineapple to your computer, such as Ubuntu :
wget http://wifipineapple.com/index.php?downloads&downloadUpgrade=2.8.1Install unsquashfs on your Ubuntu if you do not have it :
sudo apt-get install squashfs-toolsExtract the files from the
upgrade-2.8.1.bin :unsquashfs upgrade-2.8.1.bin
cd squashfs-rootCopy the requested directories to the USB Pendrive.
sudo cp -R bin/* /media/1234....1123/bin/
sudo cp -R sbin/* /media/1234....1123/sbin/
sudo cp -R usr/* /media/1234....1123/usr/
sudo cp -R etc/* /media/1234....1123/etc/
sudo cp -R www/* /media/1234....1123/www/
sudo cp -R pineapple /media/1234....1123/
sudo cp -R lib/firmware/* /media/1234....1123/lib/firmware/
sudo cp lib/* /media/1234....1123/lib/
sudo cp lib/wifi/* /media/1234....1123/lib/wifi/
sudo cp ~/wr1043nd/etc/config/fstab /media/1234....1123/etc/config/
sudo cp ~/wr1043nd/etc/passwd /media/1234....1123/etc/
sudo cp ~/wr1043nd/etc/shadow /media/1234....1123/etc/
sudo cp -R ~/wr1043nd/lib-original /media/1234....1123/Step 6a :
To allow the victim to surf the internet via Pineapple, you need to change the DNS and Gateway at
/etc/config/dhcp from 172.16.42.1 to 172.16.42.42.Step 7 :
Insert back the USB Pendrive to TL-WR1043ND.
The Pineapple SSID will be "
pineapple". The username is "root" and the password is your very STRONG password.Step 8 (Connectivity) :
The following is one of the ways to use the Pineapple (TL-WR1043ND) by the way of tethering :
Connect your laptop to internet via wireless or 3G.
Set Wired Connection at the Network Manager of the Ubuntu to :
Uncheck
Connect Automatically at the wired connection of Network Manager of Ubuntu.Then connect the CAT5/5e/6 cable to the Pineapple and your laptop.
At the laptop, download the script.
wget http://wifipineapple.com/wp4.sh
chmod +x wp4.sh
sudo ./wp4.shThe source code of wp4.sh :
Now, your computer (laptop) can access internet and also can access the TL-MR3020. Victims can also access the internet when they connected to your Pineapple.
Once you want to reset what wp4.sh set, you need to run the following script that is created by me.
sudo ./killwp4.shWhen the TL-WR1043ND is rebooted, you need to run
wp4.sh again to get the access.Important
There are TWO important things you should NOT do, otherwise, you will brick the TL-WR1043ND. They are :
First - Do NOT upgrade the OpenWrt from the web interface as the USB pendrive will not be mounted. Unless, you install the related packages again as above stated.
Second - Do NOT upgrade the Pineapple in the normal way. Make sure keep away from the
/lib directory. Or, if you have a backup, you can copy the /lib directory back.Third - Do NOT long press the "
QSS" or "Reset" button on the TL-WR1043ND; otherwise, the OpenWrt will be reset and the USB pendrive cannot be mounted. Unless, you install the related packages again as above stated.Fourth - Some infusions (or modules) cannot be installed as it required to install to USB storage but you have not. (the user of Hak5 forum, newbi3, advised the solution and I think this solution is the best.)
Remarks
The Karma is not so powerful as the Android 4.0.4 or up will not do the probe requests. Meanwhile, victims need to connect to the open network instead of encrypted. Otherwise, Karma will not work.
The final word is that I think we can build one with the same or similar steps and procedure for TP-Link TL-WR703N too (however, I cannot get WR703N in my country) or TP-Link TL-MR3040 (self battery powered). However, it may take risk. Make sure you have the same version/revision of the router and the OpenWrt firmware. Otherwise, you may brick the router. I Just bricked a TP-Link TL-MR3220v2 :P.
Reference
Blue for the Pineapple
The beginners guide to breaking website security with nothing more than a Pineapple
Getting Started with the Wi-Fi Pineapple IV (Video)
Security4Plus Youtube Channel (Video)
How To: Configure a WiFi Pineapple For Use With Mac OS X (Video)
The Wifi Pineapple Book - Free Download
WiFi Pineapple – First Impression
You just can't trust wireless: covertly hijacking wifi and stealing passwords using sslstrip
All about WiFi Pineapple (Video)
That's all! See you.
Subscribe to:
Posts (Atom)