Exploit-Dev : Heartbleed (CVE-2014-0160) Final

Updated the source code on April 20, 2014 to version 0.8.




Since the code that wrote at here is not working for getting the RSA Private key from the Heartbleed vulnerable server, I modified another python script at here. This script is developed by mothran. The script use his version tlslite library to write his code.

I modified his code but I have no time to test the most important feature, capture the RSA Private key. If anyone who have time to test the code that I modified for that purpose, please let me know the result. I can be reached at here.

The limitation of the script is not the power of the attacker's machine but the victim's server. If you use threading feature, the limitation for the threading may be up to 40. Meanwhile, the screen output of the script will be in a mess. However, I set a private key found flag detection in the script.

Be keep in mind that this script may have bug as it is a Proof-of-Concept code. You are reminded that this code may vulnerable to Lucky-Thirteen.

Furthermore, this code may not trigger the IDS/IPS or iptables rules that is target for the first released exploit code. Hereby, I attached the version 0.3 0.4 0.5 0.6 0.7 0.8 here.

If the code is quit unexpectedly for the first try, it is either the victim is not enabled SSL or the victim is not vulnerable. Meanwhile, it is very interesting to know that when the victim server is under the attack, the loading of the server is very low and there is no entry in the access log of the server. Wonderful, right?

REMARK :

May be I am not so lucky to capture the private key from my lab (Apache with OpenSSL). I cannot capture the private key even running the script for days against my lab virtual machine. Does the private key remains in the memory only in some situation? Or, I am not so lucky? Please let me know the reason, thanks.

UPDATE :

According to the first winner of Cloudflare Challenge, Fedor Indutny that we need some luck to get the private key even you know how to get it.

To install Node.js, please follow this link.

UPDATE 2 :

I even cannot get the private key from Nginx with OpenSSL by Fedor Indutny's code. I wonder if it is because of the Nginx and OpenSSL setting or not. I following this link to set up the Nginx Server.

Recently find the Cloudflare SSL setting on Nginx server at here. I think it is the matter. Meanwhile, according to this article, Ubuntu 13.10 was used in Cloudflare Challenge.

Found a needle in the haystack!



Version : 0.8



REFERENCE

How I obtained the private key for www.cloudflarechallenge.com - Python
Extracting server private key using Heartbleed OpenSSL vulnerability - Node.js
OpenSSL Heartbleed (CVE-2014-0160) vulnerability scanner, data miner and RSA key-restore tools - Python3

That's all! See you.

Exploit-Dev : Heartbleed (CVE-2014-0160) Reload

Please note that this method may not retrieve the RSA Private key properly but it can retrieve other information from the memory, e.g. session id, cookie, username, password and etc. A working version of the RSA Private key dump will be posted later when it is done.

I modified the Proof-of-Concept by Jared Stafford and Michael Davis at here yesterday. The code is to dump the cookie, session as well as username and password from the memory of the victim server.

If you want to dump the data other than the above mentioned, for example, private key, you need the another method. I modified the source code of Derek Callaway and then monitor the dump by using ngrep.

poc-tls-samiux.py :


exploit-heartbleed.sh :


ngrep-heartbleed.sh :


For the usage, please read the bash script files for details.



See Also :
Exploit-Dev : Heartbleed (CVE-2014-0160) Final
Modified version by Mike Baker for scanning .onion addresses

That's all! See you.

Exploit-Dev : Heartbleed (CVE-2014-0160)

Jared Stafford developed a Proof-of-Concept code at here for the bug in OpenSSL namely Heartbleed, CVE-2014-0160. You can test the site in question at Heartbleed test.

To test for the client, you need this site

Michael Davis modified the code of Jared Stafford at here to dump the cookie from the memory of the victim server.

Since some parameters in the source code of Michael Davis are hard coded, I modified his work and make the parameters more feasible. Hereby, I am going to explain how to use this piece of code.



For the default value of port (443), cookie id (session) and length of the cookie (1024) :

python heartbleed-samiux.py victim_server

For customized value of port, cookie id and length of the cookie :

python heartbleed-samiux.py victim_server -p 8080 -c sessionid -l 4096

The result will be printed out on the screen.

Please note that the format of the victim_server should be "samiux.org".

python heartbleed-samiux.py samiux.org

Update for Version 2 (dated April 11, 2014)

This version is updated for handling different version of SSL/TLS.



Related : Exploit-Dev : Heartbleed (CVE-2014-0160) Reload
See Also : Exploit-Dev : Heartbleed (CVE-2014-0160) Final


That's all! See you.

Ebury SSH Rookit/Backdoor Trojan

About 3 days ago, an Ubuntu user (aka Empire-Phoenix) shouted for help at Ubuntu Forums - Security Discussions that his server has been infected by Ebury SSH Rookit/Backdoor Trojan. In his case, his mail server IP address has been blacklisted due to the infection. His story is here.

CERT Bund has announced the details about this rootkit/backdoor and they also include the Snort rule for the detection. The link is here.

The only solution is to re-install the server(s).

However, the main question is how the intruder(s) compromise our server(s) and install the rootkit? Our server(s) is/are compromised via SSH or other vulnerabilities in the server(s)?

Even if we re-install our server(s) after the infection but leave the unknown factor(s) behind, our server(s) will be infected again. If we installed IDS, we will be notified about the infection but we also need to re-install the server(s) that in question.

I supposed that the server of the captioned Ubuntu user is up-to-date and he had nothing to do with this infection as his server is a production server and he also do not know what is the problem on his server before the infection. The defensive solution is to do penetration test on the server in a regular time and it may prevent this from happening.

Update

More news here.

That's all! See you.

To Be (In)Secure on Kali Linux?

Kali Linux is developed based on Debian 7 (Wheezy). Kali is designed for Penetration Testing and it is running in root privilege. However, almost all the Kali Linux users will also use it as a primary operating system.

When it is using as a Penetration Testing toolkit, the root privilege is in use. When it is using as a primary operating system, the non-root privilege is a good practice. Therefore, a sudoer will be a good choice. However, be keep in mind that sudoer will not guarantee your sudoer account will not be compromised if it equipped with a weak password and easy guess user name.

Penetration Testers or Information Security Researchers will use their browser most of the time as same as other general users. Kali Linux equipped with Iceweasel, which is based on Firefox, and it can use Firefox add-ons. In the BackTrack's old days, we will use "NoScript" Firefox add-on. However, almost all the web sites nowadays are using javascript. It is impossible to disable the javascript or the web broswing experience will be difference. Therefore, "NoScript" is not the solution. However, "NoScript" is blocking XSS attacks by default even the "NoScript" is set to globally allowed.

Kali Linux and tools developers cannot guarantee that their products are free from vulnerabilities. How about if we are being intruded when we are doing pentesting? So embarrassing, right?

If we enable firewall when we are doing pentesting, you will shooting on our toes. If we do not enable the firewall when we are using Kali Linux as primary operating system, we will worrying if anyone can attack our box or not.

Now, we know that what we are facing at the moment. Surfing internet with "NoScript" is not a good solution and we maybe facing vulnerabilites. I think that the best solution for Debian based Linux system is Apparmor.

"AppArmor is an effective and easy-to-use Linux application security system. AppArmor proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good behavior and preventing even unknown application flaws from being exploited. AppArmor security policies completely define what system resources individual applications can access, and with what privileges. A number of default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours." -- Quoted from Apparmor WiKi.

It is very easy to enable Apparmor on Kali Linux. Just passing some kernel parameters when boot and install related packages.

We can enable (or enforce) all the Apparmor profiles (which includes log systems and some services) as well as we can create our own profiles for Iceweasel and any internet connectivity applications, such as HexChat and VirtualBox. If we have Iceweasel Apparmor profile in action, there is no javascript/java malware can successfully attack the browser. For details, We can refer to the documention of Apparmor at here.

Meanwhile, Kali Linux does not equipped with firewall or firewall is not enabled. There is almost no running service by default setting unless you enable it. Therefore, there is no opening port leaving at the Kali Linux box. In general speaking, firewall is not required in this situation.

In conclusion, if we applying Apparmor to Kali Linux, we will not shooting on our toes when doing pentesting. Meanwhile, Apparmor will also give us some protestion on using Kali Linux as Penetration Testing toolkit and as primary operating system. So, we have the balance.

In case you need to disable Javascript, I would recommend to use Firefox Add-ons - QuickJS. One click to disable and enable Javascript on the toolbar.

Reference

HOWTO : Kali Linux 1.0.6 for All Purpose
HOWTO : Perfect Dual Boot Kali Linux 1.0.6 on MacBook Air (Mid 2013) with rEFInd 0.7.7

That's all! See you.

HOWTO : Perfect Dual Boot Kali Linux 1.0.6 on MacBook Air (Mid 2013) with rEFInd 0.7.7

IMPORTANT : DO NOT UPGRADE YOUR MAC OSX TO YOSEMITE (10.10) AS REFIND (Version 0.8.3) WILL NOT WORKING PROPERLY AND IT FAILS TO DUAL BOOT.


rEFInd version 0.8.4 is compatible with Mac OSX 10.10.x Yosemite. Existing users please refer to the official site for installation.


UPDATED FOR REFIND 0.8.3 on July 13, 2014

This tutorial is written for MacBook Air (may be other models of Apple computers) and Kali Linux users who want to dual boot Mac OSX and Kali Linux.

Pros :

(1) Use GRUB2 for EFI
(2) Simple and Easy to Use and Install
(3) Mac OSX can be Encrypted but reqires extra work (not in this HOWTO)
(4) Kali Linux can be Encrypted

Cons :

(1) Conexists with Mac OSX
(2) Kali Linux Bootable Live USB cannot be booted with rEFInd (use Option key to boot instead)

Background

Since Kali Linux 1.0.6 is based on Debian 7.0 (Wheezy) which is not EFI enabled by default, the GRUB2 (EFI) will not be installed when installing Kali Linux 1.0.6.

We need to use rEFInd which installed in Mac OSX and post-install the GRUB2 on Kali Linux. Meanwhile, the old GRUB should be removed before hand; otherwise, you will break the system.

Making of Kali Linux Install USB

Please refer to the Kali Linux Documentation of making the install USB at here.

You can also refer to this article for making a persistence USB for the installation if you do not have "Thunderbolt to Ethernet" or "USB 3.0 Gigabit USB LAN Adapter". These two devices can be recognized by Kali Linux out of the box.

Install rEFInd on MacBook Air

Boot up MacBook Air to Mac OSX. Download the rEFInd binary zip file and extract it. Go to "Downloads/refind-bin-0.7.7" "Downloads/refind-bin-0.8.3" and install the rEFInd.

cd Downloads/refind-bin-0.7.7 cd Downloads/refind-bin-0.8.3
sudo ./install.sh --alldrivers

Installation and Partitioning

At the MacBook Air with Mac OSX, execute the "Disk Utility". Create a new partition and making it as two, one is "Macintosh HD" and the new one is "Macintosh HD 2". Applied the change. Then remove the newest created partition (Macintosh HD 2). Do not format it and leave it as is. After that, shut it down.

Insert Kali Linux Live Install USB to the MacBook Air and then power on the MacBook Air with long pressing "Option" key. When the Kali Linux Boot Menu displayed. Select "Live (amd64)" and press "Tab" to append "persistence" at the end of the line. After that, press "Enter". Make sure you are connected to the internet. If not, your install will be failed.

The Kali Linux Live will be launched. Select "Install Kali Linux" from the Menu (Applications -- System Tools). Follow the instructions for the installation. Make sure you have a very strong root password. When you are prompted to do partitioning, you just select "Guided - use the largest continuous free space" for non-encryption installation. Do not select "entire disk" options as it will delete the Mac OSX partitions.

The partitioning for normal install is : /etc/sda1 is EFI, /etc/sda2 is Macintosh HD, /etc/sda3 is Recovery HD, /etc/sda4 is biosgrub (unformatted), /etc/sda5 is / (Kali Linux) and /etc/sda6 is SWAP.

If you want to install whole disk encryption, you need to select "Manual". Do not select "entire disk" options as it will delete the Mac OSX partitions. First of all, create a 400MB to 1024MB EXT2 partition which is mount to "/boot". Then, select "Configure encrypted volumes" and name it as "encrypt_vol" for the remaining available spaces. Choose "/dev/sda free #3" for the encrypt volume. Enter the strong "Encryption passphrase". After that, select "Configure the Logical Volume Manager". Create volume group and name it as "kali". Select "/dev/mapper/sda5_crypt" for the volume group. Select "Create logical volume" and name it as "root" with desired capacity. Re-select "Create logical volume" and name it as "swap" with the remaining spaces. Set mount point "/" as EXT4 for "LVM VG kali, LV root" and "swap" as SWAP for for "LVM VG kali, LV swap".

The encrypted volume should be "sda5_crypt" and it is /dev/sda5 too. We need to get its UUID for the bug fix later. It is because Kali Linux Manual partitioning has a serious bug that not allowing you to boot the box.

The partitioning for encryption install is : /etc/sda1 is EFI, /etc/sda2 is Macintosh HD, /etc/sda3 is Recovery HD, /etc/sda4 is /boot (Kali Linux, EXT2) and /etc/sda5 is Encrypted LVM volume which includes / and SWAP.

When asking for installing the GRUB to MBR, just skip it. We do not need it. If you do so, you will kill the system and you need to reinstall the Mac OSX. After that, wait for the installation to complete.

Install EFI on Kali Linux

When the installation is completed, it will return to the Live Kali Linux. Do not reboot it.

Open a terminal. And complete the following commands :

(A) Normal install without luks encryption

mkdir /mnt/root
mount /dev/sda5 /mnt/root

cd /mnt/root
mount -t proc proc proc/
mount -t sysfs sys sys/
mount -o bind /dev dev/
mkdir boot/efi
mount /dev/sda1 boot/efi

chroot /mnt/root

apt-get --purge remove grub-pc
apt-get --purge autoremove
apt-get install grub-efi-amd64

nano /etc/default/grub

Change from :

GRUB_CMDLINE_LINUX_DEFAULT="quiet"

Change to :

GRUB_CMDLINE_LINUX_DEFAULT="quiet apparmor=1 security=apparmor pcie_aspm=force radeon.dpm=1 acpi_backlight=vendor libata.force=noncq"

grub-install
update-grub

exit
reboot

(B) LVM with luks encryption

blkid /dev/sda5

Write down the UUID and the others for further use.

cryptsetup luksOpen /dev/sda5 sda5_crypt
vgchange -ay kali

mkdir /mnt/root
mount /dev/mapper/kali-root /mnt/root

cd /mnt/root
mount -t proc proc proc/
mount -t sysfs sys sys/
mount -o bind /dev dev/
mount /dev/sda4 boot/
mkdir boot/efi
mount /dev/sda1 boot/efi

chroot /mnt/root

apt-get --purge remove grub-pc
apt-get --purge autoremove
apt-get install grub-efi-amd64

nano /etc/default/grub

Change from :

GRUB_CMDLINE_LINUX_DEFAULT="quiet"

Change to :

GRUB_CMDLINE_LINUX_DEFAULT="quiet apparmor=1 security=apparmor pcie_aspm=force radeon.dpm=1 acpi_backlight=vendor libata.force=noncq"

grub-install
update-grub
update-initramfs -u

exit
reboot

In case if the Kali Linux cannot be booted and drop you to a initramfs shell. Do not panic. We can fix it.

cryptsetup luksOpen /dev/sda5 sda5_crypt
vgchange -ay
exit

The Kali Linux can be booted up fine. Upon booted up, you need to do the following :

update-initramfs -u

exit
reboot

Configuration of rEFInd

Boot to Mac OSX and configure the refind.conf.

sudo nano /EFI/refind/refind.conf

Change from :

scan_all_linux_kernels #scan_all_linux_kernels false

Change to :

#scan_all_linux_kernels scan_all_linux_kernels false

Then, you can boot to Kali Linux without problem.

Tailor-made Kali Linux

Boot to Kali Linux. Then configure it by refering to this guide and this guide.

That's all! See you.

HOWTO : Dual Boot Kali Linux 1.0.6 on MacBook Air (Mid 2013) with rEFInd 0.7.7

A better method to dual boot Kali Linux on MacBook Air with rEFInd is here.


Pros :

(1) Simple to Use and Install
(2) Straight Forward
(3) Easy to Use and Install

Cons :

(1) No GRUB on Kali Linux
(2) Need to be coexist with Mac OSX
(3) Bootloader is situated in Mac OSX
(4) Need to Edit rEFInd configure file when the Kali Linux Kernel is upgraded
(5) The Mac OSX should not be whole disk encrypted
(6) The Kali Linux cannot be full disk encryption

Step 1 :

First of all, you are required to create a bootable USB pendrive for Kali Linux. Please refer to the Kali Linux Documentation for the procedure at here. I recommend to use 4GB (or larger) USB 2.0 pendrive.

Step 2 :

Boot up Macbook Air and resize the existing partition by adding one more partition with "Disk Utilities". After applied the change, you need to delete the partition that you just created (the partition without Mac OSX). Then leave it unformated.

Step 3 :

Go to rEFInd official site and download the binary zip file. Unzip the downloaded file.

cd Download/refind-bin-0.7.7/
sudo ./install.sh --alldrivers

Step 4 :

Insert the bootable Kali Linux USB pendrive and reboot the Macbook Air with long pressing the "Option" or (alt) key. Upon the boot menu is displayed, select the "Windows" icon to boot the Kali Linux.

Make sure you are connected to the internet by "Thunderbolt to Ethernet" or "PCi USB 3.0 Gagabit LAN Adapter UE-1000T-G3". If you want to connect to internet with wifi, you are required to install the wireless driver by following this guide.

Select "Install" or "Graphical Install". When going to the partition part, select "Install on the available free space". Do not select entire disk; otherwise, you will delete the Mac OSX partitions.

Follow the instruction on screen to install. When you are prompted to select where to install the GRUB, just skip it. GRUB is not required to install.

Then finish the install. Reboot and unplug the USB pendrive.

Step 5 :

Boot to Kali Linux via rEFInd Boot Manager menu. Find out the UUID of EXT4 partition. You can find it at /etc/fstab or "System Monitor". You are also required to write down the file names of /boot. After that, reboot to Mac OSX.

Step 6 :

Boot to Mac OSX via rEFInd Boot Manager menu. Go to the /EFI/refind.

cd /EFI/refind
sudo nano refind.conf

Append the following to the end of the file :



* replace the captioned UUID with your UUID; otherwise, it will not be booted up.

* where 'volume "3:"' is the forth partition that the Kali Linux root is situated.

Step 7 :

Reboot and you will see two Linux icons. The first one is detected automatically which has no optional kernel parameters. Select the second Linux icon which is labelled "Kali Linux". If you can boot to the Kali Linux. The setup is almost completed.

Step 8 :

Reboot to Mac OSX again. Go to the /EFI/refind/refind.conf.

Locate "scan_all_linux_kernels" and comment it out with "#" in the front of the line.

Step 9 :

Reboot to Kali Linux and configure the Kali Linux by following this guide and also this guide. Do not follow the "CUDA" part if you have no nVidia display card.

Step 10 :

After done the Step 9, you can reboot to Kali Linux by selecting the only Linux icon. Now, the setup is completed. Enjoy!

Remarks :

If the Kali Linux kernel is upgraded, you need to change the kernel version at the rEFInd config file.

The full disk encryption for Kali Linux and Mac OSX are not supported.

You may consider to add "noatime, nodiratime, discard" to the /etc/fstab.

That's all! See you.

HOWTO : Kali Linux 1.0.6 for All Purpose

This article is also suit for Kali Linux 1.0.9a

Kali Linux is designed for penetration testing. I am going to make it for daily use operating system as well as for penetration testing.

Installation

Make sure you select full disk encryption when install the Kali Linux on your computer. Your root password should be as strong as possible.

(A) Sudoer

Basic user of Kali Linux is root. For daily usage, a sudoer is much better.

Login as root. Create a new user, e.g. "Samiux" at Applications -- System Tools -- Preferences -- System Settings -- User Accounts. Make sure the new user password is strong enough.

adduser samiux sudo

* where samiux is the new user name.

Then, you need to logout and re-login to make the setting effective. Now, you can use command with "sudo" with your user's password.

(B) Apparmor

It is not effective to use "NoScript" Add-ons on Iceweasel as almost all web pages are using javascript. To protect your browser from being compromised, an alternative way is to implement the Apparmor. Apparmor for Iceweasel can be used in penetration testing and daily use.

sudo apt-get install apparmor apparmor-docs apparmor-notify apparmor-profiles apparmor-utils dh-apparmor python-libapparmor

Edit the /etc/default/grub to make apparmor to active after boot.

sudo nano /etc/default/grub

Locate the following string :

GRUB_CMDLINE_LINUX_DEFAULT="quiet"

To make it looks like :

GRUB_CMDLINE_LINUX_DEFAULT="quiet apparmor=1 security=apparmor"

Then run the following command :

sudo update-grub

After that, create a file namely usr.lib.iceweasel.iceweasel at /etc/apparmor.d/ :

sudo nano /etc/apparmor.d/usr.lib.iceweasel.iceweasel

Copy the following content to the file and save it.



Then change the mode of iceweasel apparmor to enforce by using the following command :

sudo aa-enforce /etc/apparmor.d/usr.lib.iceweasel.iceweasel

To update the rule of apparmor, just run the following command and ask some questions. Most likely, you just need to answer "Allow".

sudo aa-logprof

(C) Iceweasel Add-ons

You may need to install "FoxyProxy" Add-ons to Iceweasel.

sudo apt-get install xul-ext-foxyproxy-standard

You can install any available Add-ons by searching the database :

sudo apt-cache search xul-ext

(D) Power Saving for Laptop

Applying the following setting, your battery life of your laptop will be extended a bit, for example 2 hours battery life more. I have tested this setting on Lenovo ThinkPad X201s and Apple MacBook Air (Mid 2013) with Live USB as well as a Zotac small PC with nVidia display.

Although the i915 is for Intel display, but it is no harm to add them to your box.

nano /etc/modprobe.d/i915.conf

Append the following :

options i915 i915_enable_rc6=1
options i915 i915_enable_fbc=1
options i915 lvds_downclock=1

update-initramfs -u

This file "99macbookair6" is for USB 3.0 power saving. Download this file, "99macbookair6", make it executable and place it at /etc/pm/power.d/99macbookair6



nano /etc/rc.local

Insert the following before "exit 0".

/etc/pm/power.d/99macbookair6 true

Then install the tlp.

nano /etc/apt/sources.list

Append the following :

deb http://ppa.launchpad.net/linrunner/tlp/ubuntu lucid main

Save and exit. Then run the following :

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 02D65EFF

apt-get update
apt-get install tlp tlp-rdw

nano /etc/default/tlp

Change the following values.

DISK_IDLE_SECS_ON_AC=0
DISK_IDLE_SECS_ON_BAT=2
MAX_LOST_WORK_SECS_ON_BAT=60
CPU_SCALING_GOVERNOR_ON_BAT=powersave
DISK_APM_LEVEL_ON_BAT="1 1"
RUNTIME_PM_ALL=1
RESTORE_DEVICE_STATE_ON_STARTUP=1

* Or, leave the /etc/default/tlp settings untouch

To examine the power saving condition, you can install and run "powertop" or/and run "tlp-stat".

sudo apt-get install powertop

sudo nano /etc/default/grub

Locate the following string :

GRUB_CMDLINE_LINUX_DEFAULT="quiet apparmor=1 security=apparmor"

And make it looks like :

GRUB_CMDLINE_LINUX_DEFAULT="quiet pcie_aspm=force apparmor=1 security=apparmor radeon.dpm=1 acpi_backlight=vendor"

Then run the following command :

sudo update-grub

No matter your display card is Intel, nVidia or AMD Radeon, you can apply the captioned setting. Meanwhile, you can alter the settings at the /etc/default/tlp for your display card (any) even the settings labelled as "radeon".

If your laptop is Lenovo ThinkPad, you need to install the following too. After that, restart the tlp or reboot.

sudo apt-get install tp-smapi-dkms acpi-call-tools

(E) Changing Repositories Mirror

If your Kali Linux update/upgrade is slow due to slow mirror, you can hard code the repositories mirror in order to improve the update/upgrade performance.

There is a mirror list of Kali Linux. You can change the mirror at /etc/apt/sources.list by refering to this link.

(F) nVidia CUDA

If you have an nVidia card and wanted to use CUDA to do password cracking, you can refer to this link for the installation.

(G) Some Useful Applications

There are some useful applications that you may want to install to the Kali Linux. You can refer to this link for the installation.

Apparmor for Hexchat (/etc/apparmor.d/usr.bin.hexchat) :



Apparmor for Radiotray (/etc/apparmor.d/usr.bin.radiotray) :



Apparmor for VirtualBox (/etc/apparmor.d/usr.bin.VBox) :



(H) Lenovo ThinkPad TrackPoint

nano /usr/share/X11/xorg.conf.d/20-thinkpad.conf

Copy the following to the 20-thinkpad.conf :



(I) Kali Linux GRUB Background Reborn

After the installation, the GRUB background of the Kali Linux will be blue on black. However, it should be a Kali Linux background. We are going to get it back.

sudo apt-get update
sudo apt-get remove grub-pc
sudo apt-get install grub-pc

After that, you can reboot your computer.

That's all! See you.

HOWTO : CUDA on Kali Linux 1.0.6

Step 1 :

apt-get install libcudart4 linux-headers-$(uname -r) nvidia-cuda-toolkit

Step 2 :

mkdir /etc/X11/xorg.conf.d

echo -e 'Section "Device"\n\tIdentifier "nVidia GPU"\n\tDriver "nvidia"\n\tOption "NoLogo" "1"\n\tOption "RenderAccel" "1"\n\tOption "TripleBuffr" "true"\n\tOption "MigrationHeuristic" "greedy"\nEndSection' > /etc/X11/xorg.conf.d/20-nvidia.conf

OR

apt-get install nvidia-xconfig
nvidia-xconfig

Step 3 :

Update the boot loader to disable the open source nvidia display driver.

sed 's/quiet/quiet nouveau.modeset=0/g' -i /etc/default/grub
update-grub
reboot

Step 4 (Optional) :

To test the CUDA with multiforcer.

# multiforcer for nvidia (example)
cd /usr/share/multiforcer/
multiforcer -h NTLM -c charsets/charsetall -f test_hashes/Hashes-NTLM-Full.txt --noopencl --nocpu

Step 5 (Optional) :

John the Ripper for CUDA.

# 64-bit
wget http://www.openwall.com/john/g/john-1.7.9-jumbo-7.tar.gz
tar -xvzf john-1.7.9-jumbo-7.tar.gz
cd john-1.7.9-jumbo-7/src
make
make clean linux-x86-64-gpu

cd ../run
./john --help

That's all! See you.

HOWTO : Kali Linux 1.0.6 on MacBook Air (Mid 2013) 13 inches

I make a persistence USB pendrive for the Kali Linux 1.0.6 (x86_64). I boot it up and find out that almost everything is working out of the box on my MacBook Air (Mid 2013) 13 inches.

The procedure of making a persistence Kali Linux USB pendrive and how to boot to persistence mode, please refer to the official site of Kali Linux.

One of the out-of-order devices is wireless. The wireless device of my MacBook Air is Broadcom 4360. Since Ubuntu is based on Debian and Kali Linux is based on Debian, I steal the Broadcom STA driver from Ubuntu and apply to Kali Linux.

Wireless

The Broadcom driver of Ubuntu is situated at here.

Step 1 :

apt-get install dkms linux-headers-$(uname -r)

Step 2 :

Download the latest version of the source file.

wget http://ftp.wa.co.za/pub/ubuntu/ubuntu/pool/restricted/b/bcmwl/bcmwl-kernel-source_6.30.223.141+bdcom-0ubuntu2_amd64.deb

dpkg -i bcmwl-kernel-source_6.30.223.141+bdcom-0ubuntu2_amd64.deb

After the installation, the wireless APs will be detected and login.

Keyboard

Step 3 :

The keyboard is not mapping correctly and the following will fix it.

nano /etc/modprobe.d/hid_apple.conf

Append the following :

options hid_apple iso_layout=0
options hid_apple fnmode=1


For reference, please refer to this article.

Power Saving

You can have more than 10 hours battery life if you apply the following.

Step 4 :

nano /etc/modprobe.d/i915.conf

Append the following :

options i915 i915_enable_rc6=1
options i915 i915_enable_fbc=1
options i915 lvds_downclock=1

Step 5 :

Download this file, "99macbookair6", make it executable and place it at /etc/pm/power.d/99macbookair6



nano /etc/rc.local

Insert the following before "exit 0".

/etc/pm/power.d/99macbookair6 true

Step 6 :

nano /etc/apt/sources.list

Append the following :

deb http://ppa.launchpad.net/linrunner/tlp/ubuntu lucid main

Save and exit. Then run the following :

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 02D65EFF

apt-get update
apt-get install tlp tlp-rdw

nano /etc/default/tlp

Change the following values.

DISK_IDLE_SECS_ON_AC=0
DISK_IDLE_SECS_ON_BAT=2
MAX_LOST_WORK_SECS_ON_BAT=60
CPU_SCALING_GOVERNOR_ON_BAT=powersave
DISK_APM_LEVEL_ON_BAT="1 1"
RUNTIME_PM_ALL=1
RESTORE_DEVICE_STATE_ON_STARTUP=1

* Or, leave the /etc/default/tlp settings untouch

Step 7 :

Reboot. Upon bootup, press <tab>, and append "persistence" to launch Kali Linux.

Step 8 :

To examine the power saving condition, you can install "powertop" and run "tlp-stat".

Remark

You can apply the power saving part to any Linux laptop.

If you want to install Kali Linux on your MacBook Air (Mid 2013), you have to fight to EFI.

By the way, this Kali Linux USB pendrive can boot from any laptop that support x86_64 CPU.

If you are using USB 3.0 pendrive, after the making the live USB or updated the live USB, you need to boot it up once on USB 2.0 computer. Otherwise, the USB 3.0 pendrive cannot be bootup on MacBook Air. It is very interesting.

If Kali Linux is installed on the MacBook Air, you need to do the following :

update-initramfs -u

Meanwhile, if Kali Linux is installed on the MacBook Air, you need to add "noatime, nodiratime" to ext4 at /etc/fstab.

For dual boot Kali Linux on MacBook Air, you can refer to this guide.

Reference

(1) Ubuntu Documentation - Apple MacBook Air (Mid 2013)
(2) Debian Documentation - Apple Keyboard
(3) TLP - Linux Advanced Power Management

That's all! See you.

Interview with a BlackHat

Robert Hansen, who is a holder of CISSP, is the Director of Product Management at WhiteHat Security. He has an interview with a BlackHat who has decided to go legit.

The following are the Blog of Robert Hansen for the interview. Worth to read if you are a law enforcement, whitehat, admin, programmer, users :

Interview with a blackhat - Part 1
Interview with a blackhat - Part 2
Interview with a blackhat - Part 3

That's all! See you.

HOWTO : Chatting in Freenode Anonymously with NightHawk

NightHawk is running Tor (The Onion Router) transparently as a middle box. You can chatting in Freenode anonymously with Nighthawk with a little bit change in the configuration.

Start up the NightHawk and running it behind a router. Then configure the IRC Client as the following :

(1) The address of the chat.freenode.net is replaced by one of the following urls :

frxleqtzgvwkv7oz.onion
p567hbjdstqvg7xw.onion
2hktdmgt6bg2hjuc.onion
l4wvhvf666nifnpg.onion

The first one is the most used and you may find that you cannot login to the Freenode often especially in the peak hours. You can then select the others.

(2) Disable the Proxy setting.

(3) You can use normal port (e.g. 6667) or SSL port (e.g. 6697).

(4) Make sure you use SASL for the server. Therefore, you need to register your username. For the Freenode configuration, please refer to her official site or user manual.

That's all! See you.

HOWTO : Browsing Anonymously with Google Nexus 5 (Android)

In order to browse internet anonymously with Android, you need to run Tor (The Onion Router) and Firefox with some other related Firefox Add-ons.

Hardware

Google Nexus 5 (or other Android mobile phone)

Software

(1) Firefox Browser for Android
(2) Orbot
(3) Proxy Mobile (Firefox Add-ons)
(4) Phony (Firefox Add-ons)
(5) Clear Quit (Firefox Add-ons)
(6) Self-Destructing Cookies (Firefox Add-ons)
(7) DuckDuckgo (TOR) (Firefox Add-ons)

Orbot

You can get the Orbot from Google Play Store. It can install to any Android mobile phone (with or without rooted). It will run the Tor. Once the Tor is running, your browser will not functioning properly. You need to install Proxy Mobile. When the browser is working, your Google search engine will refuse to work. It is because Google Search Engine banned the Tor network. You are required to install DuckDuckgo Search Engine. Make sure Orbot is set to active when boot if you want to browse the internet forever.

Firefox Browser for Android

You can get the Firefox Browser for Android from Google Play Store.

Proxy Mobile

You can get the Proxy Mobile from Google Play Store. After the installation, you need to configure it to make it function with the Firefox.

Use Proxy - Enable
SOCKS Proxy host - 127.0.0.1
SOCKS Proxy Port - 9050
SOCKS Remote DNS - Enable

Phony

You can get the Phony from Google Play Store. You can change the User Agent of the Firefox when you like or leave it untouched as default.

Clear Quit and Self-Destructing Cookies

You can get them from the following link.

Guardian Project

DuckDuckgo (TOR)

You can get the DuckDuckgo (TOR) from Google Play Store. Make sure you set it as default search engine or enable to list all the available engines. When search, you should select DuckDuckgo to carry out the search.

When all the required softwares and add-ons have been installed, you are required to reboot the Google Nexus 5 if it cannot browse the internet properly.

One of the drawback is the speed. The speed of the browsing will be slightly deducted. If your mobile phone plan is a slow one, you will be suffer and it is not recommended to run Tor.

When you are going to browse the internet, start the Firefox with "New Private Tab" after the Orbot is started.

That's all! See you.

Catch Me If You Can 2

Last year, I was talking about how to use 3G/4G pre-paid SIM card to do malicious things. The full article is here. However, many countries required to register the buyer's personal particulars when they purchase 3G/4G pre-paid SIM card. Today, I will introduce another method that you can use wired or mobile network to do malicious things untraceable.

First of all, you need a virtual machine (VMWare, VirtualBox or Parallels, etc) or a standalone computer. A router when you are connecting to the internet in wire. Otherwise, a pocket 3G/4G WiFi router is a must for mobile connection.

I prefer virtual machine if you have a suitable hardware (for example, more than 4GB RAM and a large hard drive or SSD).

Secondary, you need to install Ubuntu Server 12.04 LTS (x86 or x86_64) with openssh installed on the virtual machine (or a standalone computer if your prefer).

Thirdly, after installed Ubuntu server 12.04 LTS, you need to install NightHawk. Make sure your MAC address of the network interface (NIC) is changed or customized by macchanger. I recommended not to use the default MAC address even you are using virtual machine.

Fourthly, you connect to the virtual machine (NightHawk) with PPTP VPN and then you can do everything (including maliciously) untraceable. Make sure you change the DNS to others (not your real ISP) in your host computer (PPTP setting).

Finally, if you are using Kali Linux, you can install the VPN client as the following :

apt-get install network-manager-pptp-gnome network-manager-pptp
/etc/init.d/network-manager restart

For the setup of NightHawk, please refer to here.

Two things you should remember, one is to change the MAC address of the NIC at virtual machine; and the other is to change the DNS entries of PPTP configuration. By the way, do NOT use reverse connection or you need to use hidden services (I am not tried yet). Javascript and Flash should be disabled on browser too. Otherwise, you will be traced.

Final thought, after the successful and amazing malicious attack, you can securely and completely delete the virtual machine. In addition, you are recommended to fully encrypt your Kali Linux box and implement the self-destruction. Then, you can destroy your Kali Linux box with "nuke" passphrase in case you are being caught. Nice?

That's all! See you.

See Also

Catch Me If You Can
Catch Me If You Can 3
Catch Me If You Can 4

HOWTO : Update Kali Linux 1.0.5

Copy the code to file namely "update_kali".

chmod +x update_kali

./update_kali

That's all! See you.

HOWTO : Linux Malware Detect on Ubuntu 12.04 LTS 64-bit

What is Linux Malware Detect?

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

The driving force behind LMD is that there is currently limited availability of open source/restriction free tools for Linux systems that focus on malware detection and more important that get it right. Many of the AV products that perform malware detection on Linux have a very poor track record of detecting threats, especially those targeted at shared hosted environments.

The threat landscape in shared hosted environments is unique from that of the standard AV products detection suite in that they are detecting primarily OS level trojans, rootkits and traditional file-infecting viruses but missing the ever increasing variety of malware on the user account level which serves as an attack platform.

Shared Hosting Environments Only?

Although LMD is designed for Red Hat based system on shared hosting environments with Apache, it can run on Debian or Ubuntu server and desktop editions without any problem. Running Hiawatha is no problem too.

Installation

Step 1 :

sudo apt-get install libc6-i386

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xvzf maldetect-current.tar.gz
cd maldetect-*
sudo ./install.sh

Step 2 :

sudo maldet -d -u

Step 3 :

sudo nano /usr/local/maldetect/conf.maldet

change the value of the following variables :

email_alert=1
email_addr="samiux@samiux.com"
* change to your email address

quar_hits=1
maxfilesize="10240k"
string_length_scan="1"

clamav_scan=0
* if ClamAV is not installed.

clamav_scan=1
* if ClamAV is installed.

Step 4 :

sudo nano /etc/rc.local

Append one of the following lines in front of "exit 0" :

/usr/local/maldetect/maldet -m /tmp,/run/shm,/var
* if you are running server edition

/usr/local/maldetect/maldet -m /tmp,/run/shm,/home
* if you are running desktop edition

Step 5 :

sudo maldet -m /tmp,/run/shm,/var
* if you are running server edition

sudo maldet -m /tmp,/run/shm,/home
* if you are running desktop edition

Step 6 :

Make sure the LMD is running properly :

sudo ps aux | grep maldet
sudo ps aux | grep inotify

How it works?

The signature will be updated on daily basis. LMD is monitoring the directories that you entered at Step 4 or 5. Once the malware is detected, you will be informed by email if you set it at Step 3. The detected malware will be quarantine and deleted too.

If you are running Apache, you may consider to install mod_security and mod_evasive in order to enhance the security of the web server. If you installed them, you need to set "public_scan=1".

You may also consider to install ClamAV when it is necessary.

Remarks

Please note that any signature based scanner or defense can be bypassed.

That's all. See you!

The Truth About Exercise - BBC Horizons

This time I will not discuss about IT or InfoSec but health. The following is a video, which was produced by BBC in 2012, talking about keeping fit with HIT (High Intensive Training) and LIT (Low Intensive Training) without sweating. Ideal for busy people like us.

BBC Horizons (January 2012) - The Truth About Exercise from Henry Dimaano on Vimeo.

HOWTO : Build a Fortress for Your Home/SOHO Network

**** Content is updated for SmoothSec 3.4-1 on January 30, 2014 ****

Hardware

(A) Unified Threat Management System (UTM)
Minix Mini HD PC (J&W) :
CPU - Intel ATOM D2550 (dual-core and 4 Hyper-Threading)
Chipset - Intel NM10
GPU - Intel GMA 3600 Series
RAM - 2 x 2GB (DDR3-1066 SO-DIMM) 4GB
Hard Drive - 1 x 2.5-inch Hard Drive (80GB or above)
Networking - Dual Broadcom 57788 Gigabit Ethernet

(B) Intrusion Detection/Prevention System (IDS/IPS)
Minix Mini HD PC (J&W) :
CPU - Intel ATOM D2550 (dual-core and 4 Hyper-Threading)
Chipset - Intel NM10
GPU - Intel GMA 3600 Series
RAM - 2 x 4GB (DDR3-1066 SO-DIMM) 8GB
Hard Drive - 1 x 2.5-inch Hard Drive (120GB or above)
Networking - Dual Broadcom 57788 Gigabit Ethernet
USB Networking - PCi USB 3.0 Gigabit LAN Adapter UE-1000T-G3 or Level One USB Gigabit Ethernet USB-0401

* A switch is also required for this setup if you have more than one computer.

I prefer the setup is as the following :

Internet - SmoothSec (Suricata) - Router (Untangle UTM) - Switch (any switch) - Computers

Software

(A) Untangle 10.0 (64-bit) as UTM
Make sure you install the Lite Package which is free of charge. If you want to purchase their services, such as Standard, you can install Standard Package. For home/SOHO, Lite Package is enough.

After the basic installation, you need to create an account to the untangle.com in order to install Lite Package (or Standard Package).

(B) SmoothSec 3.4-1 (64-bit) as IDS/IPS with Suricata
Before setting up your SmoothSec, you need to upgrade the SmoothSec scripts to 3.6 and follow the instruction at the link just provided.

To set up IDS/IPS with Suricata, you can follow this section. Make sure you select “suricata” as AF_ENGINE in the configure file. Meanwhile, you should follow this section to set up.

For rules handling, you can refer to this link.

To fully understand the setup, you can read this article even it is written for 3.6 (not yet released at the moment) and the concept is the same.

Conclusion

Due to the high performance of AF_PACKET of Suricata, Broadcom 57788 Gigabit Ethernet and the Intel ATOM D2550 CPU, the network can play 1440p Youtube video without problem. The QoS is set to Medium in the Untangle 10.0 is recommended.

Meanwhile, Minix Mini HD PC is around $120-US (barebone without RAM and Hard drive) and the hardware cost is not too expensive to setup a fortress to your home/SOHO network. The running cost of this setup is very low as the software are free of charge. The footprint of the Minix Mini HD PC is very small. Smaller than a standard ITX computer case.

If you do not know how to manage SmoothSec (Suricata), you can install Untangle only.

HOWTO : NoCloudAllowed on Kali Linux

Cloudflare is designed to protect the websites from being Denial of Service (DoS) or Distributed Denial of Service (DDoS). It is acting a proxy and the real IP address of the websites are hidden. She also acts as a Web Application Firewall (WAF) to the websites that behind her services.

However, there is a number of ways to bypass this protection. Since FTP services cannot be protected by Cloudflare, the ftp sub-domain of the websites will be disclosed by using penetration testing tool - Fierce Domain Scan (fierce.pl). There may be some other services that cannot be protected by Cloudflare too.

Another way is using NetCraft.com to find the IP address history of the websites. Why it works? It is because some websites have been published for a while before using Cloudflare service. The IP address of the websites are being archived by NetCraft.com. However, the IP address of those websites cannot be changed or the SysAdmin overlooked it.

The captioned methods had been mentioned at my previous article.

How about there is no FTP service and no IP address history at NetCraft.com? So, we are panic? Be patient! Allison Nixon found a way to overcome this problem. She did a presentation at BlackHat 2013 in the title of Denying Service to DDoS Protection Services.

She (or with her team) developed a tool - NoCloudAllowed. How it works? The tool compare a range of IP addresses with the content of the origin website in order to find the real IP address of the origin website. The tool is written in Perl.

Now, I will show you how to install it on Kali Linux.

Step 1 :

Install of String::Compare.

perl -MCPAN -e 'shell'
install ExtUtils::MakeMaker
install String::Compare
exit

Step 2 :

Download nocloudallowed.pl.

wget http://nocloudallowed.com/nocloudallowed.pl



Type the following for “help” :

perl nocloudallowed.pl --help

Step 3 :

Refer to the BlackHat 2013 video, the website NoCloudAllowed.com is protected by Cloudflare and there is no previous IP address history at NetCraft.com.

Let’s us ping the website to see the IP address :

ping nocloudallowed.com
PING nocloudallowed.com (199.83.134.211) 56(84) bytes of data.
64 bytes from 199.83.134.211.ip.incapdns.net (199.83.134.211): icmp_req=1 ttl=128 time=818 ms
64 bytes from 199.83.134.211.ip.incapdns.net (199.83.134.211): icmp_req=2 ttl=128 time=262 ms
64 bytes from 199.83.134.211.ip.incapdns.net (199.83.134.211): icmp_req=3 ttl=128 time=274 ms
64 bytes from 199.83.134.211.ip.incapdns.net (199.83.134.211): icmp_req=4 ttl=128 time=502 ms
64 bytes from 199.83.134.211.ip.incapdns.net (199.83.134.211): icmp_req=5 ttl=128 time=264 ms
^C
--- nocloudallowed.com ping statistics ---
6 packets transmitted, 5 received, 16% packet loss, time 6209ms rtt min/avg/max/mdev = 262.464/424.601/818.947/217.222 ms

ping www.nocloudallowed.com
PING 2ruek.x.incapdns.net (103.28.248.171) 56(84) bytes of data.
64 bytes from 103.28.248.171.ip.incapdns.net (103.28.248.171): icmp_req=1 ttl=128 time=1433 ms
64 bytes from 103.28.248.171.ip.incapdns.net (103.28.248.171): icmp_req=2 ttl=128 time=450 ms
64 bytes from 103.28.248.171.ip.incapdns.net (103.28.248.171): icmp_req=3 ttl=128 time=278 ms
64 bytes from 103.28.248.171.ip.incapdns.net (103.28.248.171): icmp_req=4 ttl=128 time=472 ms
64 bytes from 103.28.248.171.ip.incapdns.net (103.28.248.171): icmp_req=5 ttl=128 time=495 ms
64 bytes from 103.28.248.171.ip.incapdns.net (103.28.248.171): icmp_req=6 ttl=128 time=519 ms
^C
--- 2ruek.x.incapdns.net ping statistics ---
7 packets transmitted, 6 received, 14% packet loss, time 6009ms rtt min/avg/max/mdev = 278.957/608.262/1433.255/377.086 ms, pipe 2

The result is that we got 2 different IP addresses - 199.83.134.211 and 103.28.248.171.

Step 4 :

There are two ways to use the nocloudallowed.pl. By "string matching" and "page percentage matching". Since the real IP address of nocloudallowed.com is 54.226.206.170, we limited the IP range from between 54.226.206.0 and 54.226.206.255 for the demo.

For realistic cases, the IP range may be from between 1.0.0.1 to 255.255.255.255. It will take a longer time to the result as predicted.

String matching :

perl nocloudallowed.pl -u http://www.nocloudallowed.com/ -i 54.226.206.0-54.226.206.255 -s @nixonnixoff

54.226.206.170 matched string

*** We select an unique string - @nixonnixoff at the front page of www.nocloudallowed.com for the matching purpose.

Page percentage matching :

perl nocloudallowed.pl -u http://www.nocloudallowed.com/ -i 54.226.206.0-54.226.206.255

54.226.206.46 is a 4.28008963583708% match 54.226.206.8 is a 4.97538454727825% match
54.226.206.96 is a 6.4580555778227% match 54.226.206.170 is a 76.6947984574021% match
54.226.206.178 is a 2.6906293003467% match 54.226.206.153 is a 13.6152088933292% match
54.226.206.196 is a 5.90278413052861% match 54.226.206.219 is a 6.97554375390092% match
54.226.206.149 is a 1.88944750445606% match 54.226.206.254 is a 3.71636207826023% match
54.226.206.252 is a 5.23038802551876% match 54.226.206.248 is a 9.19859919167773% match

The conclusion is that Cloudflare cannot protect your website as expected.

That’s all! See you.

BlackHat 2013 - Denying Service to DDoS Protection Services

Speaker :

Allison Nixon
Integralis

Allison Nixon does penetration testing and incident response at Integralis, either assisting companies in post-compromise situation, or compromising them. She gained an interest in security by cheating at video games, but quickly learned that the only way to make real gold is to work for a real company. She is intensely interested in all facets of security and continues to perform security research spanning any and all topics. Allison is a regular host on the Pauldotcom podcast, has spoken at B-Sides Boston 2013, local OWASP meetings, and sits on the executive board of MalShare. She also designed the electronics and software for the laser maze at the 2012 Braintank conference.

Briefing :

In this age of cheap and easy DDOS attacks, DDOS protection services promise to go between your server and the Internet to protect you from attackers. Cloud based DDOS protection suffers from several fundamental flaws that will be demonstrated in this talk. This was originally discovered in the process of investigating malicious websites protected by Cloudflare- but the issue also affects a number of other cloud based services including other cloud based anti-DDOS and WAF providers. We have developed a tool – called No Cloud Allowed – that will exploit this new cloud security bypass method and unmask a properly configured DDOS protected website. This talk will also discuss other unmasking methods and provide you with an arsenal to audit your cloud based DDOS or WAF protection.



Archives :

Presentation & Paper

PoC :

NoCloudAllowed.com

After Thought :

Once the Cloudflare is bypassed and the origin IP address is obtained, you (attacker) can do anything on the origin as normal since the origin is not protected by the Cloudflare's WAF.

Reference :

HOWTO - NoCloudAllowed on Kali Linux

That’s all! See you.