Sunday, June 23, 2013

What is a Penetration Testing?

The following videos are making by Rapid7.

What is a Penetration Test?



Justifying your Penetration Testing budget



That's all! See you.

REVIEW : MacBook Air (Mid 2013)

In 70's, I was attracted by Apple ][. I then started to learn how to program in BASIC. Apple products were very expensive that I could not afford when I was a teenager. Later, IBM PC launched. Everyone focused to it in my country. I started to use PC DOS in 80's. In 90's, everyone was using Windows. I was attracted by the concept of Open Source and started to learn Linux in 90's.

I have some experience in using Windows but except the Windows 8. I have been using Linux for over 15 years. Last year, I was attracted by MacBook Pro Retina. I bought one and it was the highest model of MacBook Pro. It is Intel i7 CPU, 16GB RAM and 768GB SSD as well as 15" Retina display. It comes with Mac OS X 10.8.x. When the new MacBook Air comes out in Mid 2013, I bought one. It is 13", Intel i7 CPU, 8GB RAM and 512GB SSD. Meanwhile, I also purchased 3TB Time Capsule.

After using Mac OS X with Pro and Air for months and days, I like Apple products very much. It is very well designed. Users are not required to have much computing knowledge. Almost all her products are plug and play.

The boot up time is in several seconds with SSD. The Time Machine is working great that I do not need to take part in the operation. It is 100% automatically backup your Mac hourly, monthly and yearly. The Time Capsule recognised my network automatically and no setting is required. The WiFi feature of the Time Capsule is one of the function in my network in a ease.

My MacBook Pro/Air comes with some useful programs, such as iMove, which is very useful for me to record the screen by QuickTime and then edit with iMove. You can also learn how to use iMove in Apple's Workshop. It is free of charge. Meanwhile, Apple's programs are not as expensive as Windows. It is just several dollars or just a hundred something (USD).

Being an experienced Linux user, I find out that Linux Desktop cannot beat Mac OS X, even Ubuntu Desktop cannot. The learning curve for Mac OS X is none comparing with Linux and Windows. Mac OS X and Linux are not required to use Anti-Virus programs. Meanwhile, Mac OS is lesser vulnerability than Linux and Windows.

In conclusion, if you want to switch from Windows or Linux, Mac is your first choice. I grantee you will 100% satisfied.

That's all! See you.

Sunday, June 09, 2013

HOWTO : CERT Basic Fuzzing Framework (BFF) on Ubuntu Desktop 12.04 LTS

BFF is a fuzzing framework.

Step 1 :

sudo -sH
mkdir /opt/bff
cd /opt/bff
wget http://www.cert.org/download/bff/BFF-2.6.zip
unzip BFF-2.6.zip


Step 2 :

sudo -sH
apt-get install python-numpy python-scipy valgrind libtool libcaca0 caca-utils zzuf python-memcache imagemagick


Step 3 :

sudo -sH
mv /usr/bin/strip /usr/bin/strip-original
ln -s /bin/true /usr/bin/strip
ln -s /usr/bin/convert /root/convert

echo "kernel.randomize_va_space=0" >> /etc/sysctl.conf


Reboot your system.

Step 4 :

To run it (for the examples).

sudo -sH
cd /opt/bff
./batch.sh


The result is located at /root/results.

The example is situated at /opt/bff/seedfiles/examples. Those are .bmp, .gif, .ppm and .psd files only. You can fuzz binary file too.

To quit it.

cd /opt/bff
./reset_bff.sh 1


Step 5 (Optional) :

wget http://www.cert.org/download/bff/DebianFuzz-2.6.zip

Please read the Download page for detail of installation of Debian based virtual machine fuzzer. The BFF is running under the virtual machine (VMWare).

ImageMagick Fuzzing Tutorial



Analyzer Scripts Tutorial



Fuzz Testing: Vulnerabilities and Exploit mitigation (PDF)

That's all! See you.

Thursday, June 06, 2013

HOWTO : T50 on Ubuntu Desktop 12.04 LTS

T50 Experimental Mixed Packet Injector (f.k.a. F22 Raptor) is a tool designed to perform "Stress Testing". The concept started on 2001, right after release 'nb-isakmp.c', and the main goal was having a tool to perform TCP/IP protocol fuzzer, covering common regular protocols, such as: ICMP, TCP and UDP.

It also can simulate Distributed Denial-of-Service and Denial-of-Service attacks, validating firewall rules, router ACLs, Intrusion Detection System and Intrusion Prevention System policies.

Step 1 :

sudo -sH
cd /opt

git clone https://github.com/merces/t50.git

cd t50
make
make install


Step 2 :

To run it.

sudo -sH
cd /opt/t50

./t50 192.168.10.100 --flood --turbo --dport 80 -S TCP UDP EIGRP OSPF




That's all! See you.

Monday, June 03, 2013

HOWTO : DirBuster on Ubuntu Desktop 12.04 LTS

DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.

Step 1 :

sudo -sH

cd /opt

wget "http://downloads.sourceforge.net/project/dirbuster/DirBuster%20%28jar%20%2B%20lists%29/1.0-RC1/DirBuster-1.0-RC1.tar.bz2?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fdirbuster%2Ffiles%2FDirBuster%2520%2528jar%2520%252B%2520lists%2529%2F1.0-RC1%2F&ts=1370262745&use_mirror=nchc" -O DirBuster-1.0-RC1.tar.bz2

tar -xjvf DirBuster-1.0-RC1.tar.bz2

mv DirBuster-1.0-RC1 DirBuster

rm DirBuster-1.0-RC1.tar.bz2


Step 2 :

To run it.

sudo -sH

cd /opt/DirBuster

./DirBuster-1.0-RC1.sh


That's all! See you.

Sunday, June 02, 2013

HOWTO : TP-Link TL-WR1043ND as WiFi Pineapple Made Easy

Please be informed that this tutorial is written for Pineapple Mark IV only

Hardware

(1) TP-Link TL-WR1043ND v1.x
(2) SanDisk Cruzer Fit USB Flash Drive (8GB)

Software

(1) OpenWrt
(2) Wifi Pineapple firmware

Wifi Pineapple is created by Hak5. It is quite expensive device. It is also named as Jasager (in German). The meaning in English is "Yes Man".

Wifi Pineapple is the Rouge Wifi Access Point (AP) to answer “Yes” to all Wifi probe requests by mobile devices.

If a Wifi client is looking for the SSID of Macdonld the Pineapple (or Jasager) will reply “That’s Me!”. If another Wifi client is looking for an SSID of Starbucks, again the Pineapple will reply “That's Me!”

Once victims' mobile devices connected to Wifi Pineapple, you can carry out a Man-in-the-Middle attack against the victims.

Now, we are going to make a custom Wifi Pineapple in a much cheaper price, e.g about $62-USD or less in a much more simply way.

You may also consider to buy 3 TP-Link 8dBi Indoor Omni-directional Antenna (TL-ANT2408CL) for $8-USD each.

Basically, TL-WR1043ND is faster and the wifi signal is stronger than TL-MR3020.

Step 1 :

To download the OpenWRT (Attitude Adjustment 12.09, r36088 - at this time of writing) :

If you are fresh install from the stock version of the TP-Link TL-WR1043ND -
wget http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/openwrt-ar71xx-generic-tl-wr1043nd-v1-squashfs-factory.bin

If you are upgrade from the previous installed OpenWRT -
wget http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/openwrt-ar71xx-generic-tl-wr1043nd-v1-squashfs-sysupgrade.bin

Configure your computer to static IP address :

IP address : 192.168.0.10
Gateway : 192.168.0.1


Connect the TL-WR1043ND to your computer with cable. The default IP address of stock TP-Link TL-WR1043ND is 192.168.1.1. Then browse to the stock IP address.

The username and password of the stock TP-Link TL-WR1043ND are both "admin".

Go to the "System Tools" -- "Firmware Upgrade" to upgrade from the just downloaded .bin file.

Step 2 :

Once upgraded to OpenWRT, your device's IP address will changed to 192.168.1.1.

Configure your computer to static IP address :

IP address : 192.168.1.10
Gateway : 192.168.1.1


Then set the very STRONG root password at "System" -- "Administration".

Network -- Wifi -- Generic MAC80211 802.11bgn (radio0) -- Disable

Network -- Wifi -- Generic 802.11 Wireless Controller (radio1) -- Enable

Save & Apply

To enable DHCP at "Network" -- "Interfaces" - "LAN" -- "Edit" -- select "DHCP Client" and select "OpenWrt" by clicking "Switch Protocol".

Save & Apply

If you take too much time to re-load the page, it is fine. It is because the IP address cannot be get. Just go ahead.

Now, connect your ethernet cable to the TL-WR1043ND and your existing router. Connect your computer to the TL-WR1043ND via wifi and the SSID is "OpenWrt".

Once you get the IP address, such as 192.168.1.100, you can connect to the TL-WR1043ND via ssh.

Make sure you complete the following step as it enable the wireless interface :

Point your browser to http://172.16.42.1/index.html

Network -- Wifi -- Generic MAC80211 802.11bgn (radio1) -- Enable

ssh 192.168.1.100 -lroot

Enter your just created very STRONG root password.

Install the following packages :

opkg update
opkg install kmod-usb-storage
opkg install kmod-fs-ext4
opkg install block-mount


Step 3 :

Format your USB pendrive (8GB) as ext4 and swap, e.g. 2GB for swap (sda1) and 6GB for ext4 (sda2).

Then insert the USB pendrive to the TL-WR1043ND. Execute the following command line by line.

mkdir -p /mnt/sda2
mount /dev/sda2 /mnt/sda2
mkdir -p /tmp/cproot
mount --bind / /tmp/cproot
tar -C /tmp/cproot -cvf - . | tar -C /mnt/sda2 -xf -
umount /tmp/cproot
umount /mnt/sda2


Step 4 :

/etc/init.d/fstab enable
/etc/init.d/fstab start


vi /etc/config/fstab

Change the content as the following :

config mount
        option target /
        option device /dev/sda2
        option fstype ext4
        option options rw,sync
        option enabled 1
        option enabled_fsck 0

config swap
        option device /dev/sda1
        option enabled 1


The following is the command for the vi if you do not familiar with vi :

i - go to the insert mode and ready for edit
Esc - exit from insert mode
:w - write the changes to the file
:q - quit the vi

Then type the following command to reboot the device :

reboot

Once it boot up again, you login to it via ssh.

To check if the USB pendrive is mounted as "/" or not :

mount
df


Step 5 :

Turn off the TL-WR1043ND and take the USB Pendrive out from the TL-WR1043ND and insert to your computer.

Back up the USB Pendrive to your computer.

mkdir wr1043nd
sudo cp -R /media/1234....1123/* ~/wr1043nd/
sudo cp -R ~/wr1043nd/lib ~/wr1043nd/lib-original


*** Where /media/1234....1123/ is different from yours.

You also need to make a backup of the /lib directory.

Do not take out the USB Pendrive from your computer.

Step 6 :

Download the upgrade package of Pineapple to your computer, such as Ubuntu :

wget http://wifipineapple.com/index.php?downloads&downloadUpgrade=2.8.1

Install unsquashfs on your Ubuntu if you do not have it :

sudo apt-get install squashfs-tools

Extract the files from the upgrade-2.8.1.bin :

unsquashfs upgrade-2.8.1.bin

cd squashfs-root


Copy the requested directories to the USB Pendrive.

sudo cp -R bin/* /media/1234....1123/bin/
sudo cp -R sbin/* /media/1234....1123/sbin/
sudo cp -R usr/* /media/1234....1123/usr/
sudo cp -R etc/* /media/1234....1123/etc/
sudo cp -R www/* /media/1234....1123/www/
sudo cp -R pineapple /media/1234....1123/
sudo cp -R lib/firmware/* /media/1234....1123/lib/firmware/
sudo cp lib/* /media/1234....1123/lib/
sudo cp lib/wifi/* /media/1234....1123/lib/wifi/

sudo cp ~/wr1043nd/etc/config/fstab /media/1234....1123/etc/config/
sudo cp ~/wr1043nd/etc/passwd /media/1234....1123/etc/
sudo cp ~/wr1043nd/etc/shadow /media/1234....1123/etc/
sudo cp -R ~/wr1043nd/lib-original /media/1234....1123/


Step 6a :

To allow the victim to surf the internet via Pineapple, you need to change the DNS and Gateway at /etc/config/dhcp from 172.16.42.1 to 172.16.42.42.

Step 7 :

Insert back the USB Pendrive to TL-WR1043ND.

The Pineapple SSID will be "pineapple". The username is "root" and the password is your very STRONG password.

Step 8 (Connectivity) :

The following is one of the ways to use the Pineapple (TL-WR1043ND) by the way of tethering :

Connect your laptop to internet via wireless or 3G.

Set Wired Connection at the Network Manager of the Ubuntu to :

Uncheck Connect Automatically at the wired connection of Network Manager of Ubuntu.

Then connect the CAT5/5e/6 cable to the Pineapple and your laptop.

At the laptop, download the script.

wget http://wifipineapple.com/wp4.sh
chmod +x wp4.sh
sudo ./wp4.sh




The source code of wp4.sh :



Now, your computer (laptop) can access internet and also can access the TL-MR3020. Victims can also access the internet when they connected to your Pineapple.

Once you want to reset what wp4.sh set, you need to run the following script that is created by me.

sudo ./killwp4.sh



When the TL-WR1043ND is rebooted, you need to run wp4.sh again to get the access.

Important

There are TWO important things you should NOT do, otherwise, you will brick the TL-WR1043ND. They are :

First - Do NOT upgrade the OpenWrt from the web interface as the USB pendrive will not be mounted. Unless, you install the related packages again as above stated.

Second - Do NOT upgrade the Pineapple in the normal way. Make sure keep away from the /lib directory. Or, if you have a backup, you can copy the /lib directory back.

Third - Do NOT long press the "QSS" or "Reset" button on the TL-WR1043ND; otherwise, the OpenWrt will be reset and the USB pendrive cannot be mounted. Unless, you install the related packages again as above stated.

Fourth - Some infusions (or modules) cannot be installed as it required to install to USB storage but you have not. (the user of Hak5 forum, newbi3, advised the solution and I think this solution is the best.)

Remarks

The Karma is not so powerful as the Android 4.0.4 or up will not do the probe requests. Meanwhile, victims need to connect to the open network instead of encrypted. Otherwise, Karma will not work.

The final word is that I think we can build one with the same or similar steps and procedure for TP-Link TL-WR703N too (however, I cannot get WR703N in my country) or TP-Link TL-MR3040 (self battery powered). However, it may take risk. Make sure you have the same version/revision of the router and the OpenWrt firmware. Otherwise, you may brick the router. I Just bricked a TP-Link TL-MR3220v2 :P.

Reference

Blue for the Pineapple
The beginners guide to breaking website security with nothing more than a Pineapple
Getting Started with the Wi-Fi Pineapple IV (Video)
Security4Plus Youtube Channel (Video)
How To: Configure a WiFi Pineapple For Use With Mac OS X (Video)
The Wifi Pineapple Book - Free Download
WiFi Pineapple – First Impression
You just can't trust wireless: covertly hijacking wifi and stealing passwords using sslstrip
All about WiFi Pineapple (Video)

That's all! See you.