HOWTO : Protect you from being ARP spoofing

Updated on Dec 4, 2014.

ARP spoofing is a kind of Man-in-the-Middle (MiTM) attack and it affects the machines in the subnet.

Who will affected? Almost all. Free wifi connection even it is encrypted by WPA/WPA2. Your local network. The machines inside a subnet.

How about using SSL and SSH as well as VPNs? No, those cannot protect you from being attacked by ARP spoofing. Even a switch cannot protect you from being attacked. Please refer to this presentation.

ARP security often ignored and nobody cares about lower layer security nowadays. ARP attacks are real threat with high impact.

How can I protect myself from being attacked? Yes, you can. The following tools will alert you when the attack is taking place.

If you are Linux users, you can use ArpON. If you are Windows users, you can use XARP - Advanced ARP Spoofing Detection.

For Ubuntu or Debian users, you can install it by the instruction at ArpON on Kali Linux 1.0.9a.

If you are Mac OS X users, you can use ARP Guard. ArpON on Mac OS X Yosemite 10.10.1

If you are Android users, you can use WiFi ARP Guard.

ArpON for Linux can protect you from the attacks and the others are just alert you for the attacks only. In addition, ARP Guard costs money while the others are free of charge.

Or, if you do not want to install the captioned software and your router can set static ARP, do it and your subnet is protected upon set.

Please note that ARP Guard for Mac OS does not do the job well. It cannot detect any ARP spoofing when I test it on Mac OS X 10.10.1.

There is another way to protect your from ARP spoofing attack if you are a Linux user and do not want to install the captioned software. You can follow the instructions in the following video which was created by xiedi01 :



Want to see a demo how ARP spoofing works? Yes, the demo is by Hak5 and it starts at 07:24 for the first demo.





The following demo is conducted under Back|Track 5 R2 by MasterButcher68.



There are some tools that make this attack automatically and the attackers requires no skill to do so. Even a script kiddies can handle it. The following is one of the tools, namely YAMAS - Yet Another Man in The Middle Automation Script.



That's all! See you.

HOWTO : BackTrack 5 R2 on Intel X79 Express and nVidia display cards (The better way)

Uninstall the manual installed driver

Previous HOWTO is here.

If you followed the previous HOWTO to install the nVidia driver, you can uninstall it by the following command :

./NVIDIA-Linux-x86-295.20.run --uninstall

The better way to install nVidia driver

Step 1 :

add-apt-repository ppa:ubuntu-x-swat/x-updates

apt-get update
apt-get install nvidia-current nvidia-current-modaliases nvidia-settings

Step 2 :

Reboot your system.

After reboot, you issue the following command :

nvidia-xconfig
splash-fix

Then, reboot your system again.

If you install the nVidia driver this way, you are not required to reinstall the driver after the kernel is updated.

You can follow the other parts of tutorial in the previous HOWTO for sample code of CUDA and Pyrit.

That's all! See you.

HOWTO : VPN (PPTP) on BackTrack 5 R2

Step 1 :

apt-get update
apt-get dist-upgrade

apt-get install network-manager-gnome network-manager-pptp

Step 2 :

cp /etc/network/interfaces /etc/network/interfaces.bak

nano /etc/network/interfaces

Delete all entries but left the first two lines behind.

auto lo
iface lo inet loopback

Step 3 :

service network-manager start

Step 4 :

System >> Startup Applications >> Network Manager

Append "&" on the end of the Command. It will be looked like this :

nm-applet --sm-disable &

Make sure Start dhclient is enabled in the menu of Startup Applications.

Reboot the system and then configure your VPN (PPTP) as usual.

Make sure Advanced >> Use Point-to-Point encryption (MPPE) is enabled in the Configuration of PPTP.

That's all! See you.


HOWTO : Flash-Aid 2.2.3 for Ubuntu

Do you encounter blue faces or wrong colour displayed on the YouTube videos on your Ubuntu 12.04 box? If yes, I recommend you to install Flash-Aid which can solve the problem.

Open your Firefox and go to here to install the plugin. Once the plugin is installed, you can click on the icon on the right top hand corner to install the correct Flash.

The official wording of Flash-Aid :

Remove conflicting flash plugins from Ubuntu/Debian Linux systems, install the appropriate version according to system architecture and apply some tweaks to improve performance and fix common issues.

That's all! See you.

UPDATED on May 23, 2012 :

If your problem is still there and you have nVidia display card with "libvdpau1" installed, you should follow the steps below to solve the problem.

sudo add-apt-repository ppa:tikhonov/misc
sudo apt-get update
sudo apt-get install libvdpau1

This solution is workable on Ubuntu 12.04 LTS with flashplugin-installer 11.2.202.235ubuntu0.12.04.1 but not with Flash-Aid 2.2.3.

HOWTO : Cracking WPA/WPA2 without dictionary

This video is not created by me. It is created by Kardipapa. The original video is here.

I upload here for my reference only.

That's all! See you.

UPDATED on May 22, 2012 :

The following links are my Proof of Concept (PoC) that written on April 16, 2010 and May 22, 2011 respectively. Kardipapa confirmed my Proof of Concept is workable.

Using John the Ripper (which is written by me on April 16, 2010 for my Proof of Concept) :

HOWTO : Crack WPA/WPA2-PSK with John the Ripper

Using Crunch and Pyrit (which is written by me on May 22, 2011 for my Proof of Concept) :

HOWTO : WPA/WPA2 cracking with Back|Track 5

HOWTO : Scapy 2.2.0 on Ubuntu 12.04 LTS

To install Scapy

sudo apt-get update sudo apt-get install python-scapy python-pyx python-gnuplot

To run Scapy interactively

sudo scapy

The scapy shell will be displayed :
WARNING: No route found for IPv6 destination :: (no default route?)
Welcome to Scapy (2.2.0)
>>>

To quit Scapy

>>>quit()
That's all! See you.

HOWTO : VulnImage (Manual & Automated)

These videos are not created by me, they are created by g0tmi1k. Please credit to him.

The amazing method is Manual and you can find the original post at here. It is talking about exploit development on the fly.

The automated method is here.

You can download the VulnImage at here.

Manual Method

Automated Method

That's all! See you.

HOWTO : Kioptrix 4 (Level 1.3)

The following videos are not created by me. They are created by one of my mentors, g0tmi1k. I re-post here for reference. Please credit to g0tmi1k.

To get Kioptrix 4 (Level 1.3) at here.

To find some hints and solutions, please refer to g0tmi1k's blog at here

g0tmi1k find three different ways to compromise the Kioptrix, here you are (Enjoy!!!) :

SQL Injection

Local File Inclusion


Limited Shell



That's all! See you.

Undetectable Trojan on Windows 7 SP1 and AVG Anti-Virus Free Edition 2012

Maybe someone out there think that their systems are safe when anti-virus programs are installed and the firewall is enabled. However, it is not true.

This video is to proof that anti-virus program and firewall can be bypassed. This video is going to WARN you all NOT to download any pirate software and cracked software as well as NOT to download any software from any untrusted source.

The technique used in the video can be used in any file format, such as video, pdf, photo/picture, audio and executable file.

About the video

The demo Windows 7 SP1 in the video is in default settings upon installed.

- Windows 7 SP1 is fully updated as on April 11, 2012.
- AVG Anti-Virus Free Edition 2012 is installed and fully updated as on April 11, 2012.
- UAC is set to default on Windows 7 SP1.
- Firewall is enabled and no extra program is allowed (default settings).
- AVG Anti-Virus Free Edition 2012 has no whitelist set

As a result, the Trojan Injected PuTTY program is undetected by AVG Anti-Virus program and UAC/Defender on Windows 7 SP1 as well as firewall.



That's all! See you.

Undetectable Trojan on Windows 7 and AVG Anti-Virus

Maybe someone out there think that their systems are safe when anti-virus programs are installed and the firewall is enabled. However, it is not true.

This video is to proof that anti-virus programs and firewalls can be bypassed. This video is going to WARN you all NOT to download any pirate software and cracked software as well as NOT to download any software from any untrusted source.

The technique used in the video can be used in any file format, such as video, pdf, photo/picture, audio and executable file.

About the video

The demo Windows 7 in the video is in default settings upon installed.

- Windows 7 is fully updated as on April 10, 2012.
- AVG Anti-Virus is installed and fully updated as on April 10, 2012.
- UAC is set to default on Windows 7.
- Firewall is enabled and no extra program is allowed (default settings).
- AVG Anti-Virus has no whitelist set

As a result, the Trojan Injected PuTTY program is undetected by AVG Anti-Virus program and UAC/Defender on Windows 7 as well as firewall.



That's all! See you.

HOWTO : Anonymously using The Onion Router (Tor)

Part A - Installation of Tor

(A1) Ubuntu or BackTrack 5 R2

Step 1 :

sudo add-apt-repository ppa:ubun-tor/ppa
sudo apt-get update
sudo apt-get install tor tor-geoipdb privoxy vidalia

Step 2 :

sudo nano /etc/privoxy/config

Append the following line :

forward-socks5 / 127.0.0.1:9050 .

sudo /etc/init.d/privoxy start
sudo /etc/init.d/tor start

Step 2a (Optional) :

If you are behind firewall or NAT as well as router, you should append the following line at the configure file.

forward 192.168.*.*/ .

Step 3 :

Go to the Tor official site to download and install Tor button for Firefox.

https://www.torproject.org/dist/torbutton/torbutton-current.xpi

(A2) Windows 7

Download the current version of Tor Browser Bundle 2.2.35-8.

https://www.torproject.org/dist/torbrowser/tor-browser-2.2.35-8_en-US.exe

Extract it and placed the files inside a folder and make a shortcut on the desktop.

Part B - Installation of xChat

(B1) Ubuntu or BackTrack 5 R2

Step 4 :

dig +short irc.tor.freenode.net cname

The result is :

p4fsi4ockecnea7l.onion.

sudo nano /etc/tor/torrc

Append the following line.

mapaddress 10.40.40.40 p4fsi4ockecnea7l.onion

Step 5 :

sudo /etc/init.d/tor restart

sudo apt-get install xchat

Step 6 :

If you already have your username in Freenode, you can skip this this step.

/msg nickserv register [password] [email]

/msg nickserv set hidemail on

Step 7 :

At the xChat, go to "Settings" | "Preferences" | "Network" | "Network setup" | "Proxy server", enter :

Hostname : 127.0.0.1
Port : 9050
Type : Socks5
Use proxy for : IRC Server Only

Step 8 :

Create a new server "TorifiedFreenode" at xChat of the server list.

Press "Add" and then fill it as "10.40.40.40".

Step 9 :

Download the cap_sasl_xchat.pl at http://lwsitu.com/xchat/cap_sasl_xchat.pl and save it at ~/.xchat2 and make it executable.

Step 10 :

At the status windows of xChat :

/sasl set TorifiedFreenode [your_Freenode_Nickname] [your_Nick_password] PLAIN

Step 11 :

Block CTCP and DCC commands and inquiries that sent to your IRC client software :

/ignore *!*@* CTCP DCC
/ignore * CTCP DCC

/set irc_hide_version ON
/set dcc_auto_chat 0
/set dcc_auto_resume OFF
/set dcc_auto_send 0

(B2) Windows 7

Step 12 :

Download the xChat at http://www.silverex.org/download/ and then install it.

Step 12a :

At the Vidalia Control Panel, select "Settings" | "Advanced" | "Edit current torrc", append the following line :

mapaddress 10.40.40.40 p4fsi4ockecnea7l.onion

Step 13 :

Download the ActivePerl version 5.12.4.1205 at http://www.activestate.com/activeperl/downloads/thank-you?dl=http://downloads.activestate.com/ActivePerl/releases/5.12.4.1205/ActivePerl-5.12.4.1205-MSWin32-x86-294981.msi

Step 14 :

Download the xcperl5.12.1.dll at http://lwsitu.com/xchat/xcperl5.12.1.dll

Then save it at c:\Program Files (x86)\X-Chat 2\plugins. And delete the xcperl.dll after that.

Step 15 :

Follow the above Step 6 to 11.

Part C - Installation of Filezilla

(C1) Ubuntu and BackTrack 5 R2

Step 16 :

sudo apt-get update
sudo apt-get install filezilla

Step 17 :

Open Filezilla, go to "Edit" | "Settings" | "Generic proxy" :

Select "Socks5"

proxy host : 127.0.0.1
proxy port : 9050


(C2) Windows 7

Step 18 :

Download the current Windows version :

http://filezilla-project.org/download.php?type=client

Then follow the above Step 17.

Part D - Using Tor in Console

Ubuntu and BackTrack 5 R2 only.

Step 19 :

sudo apt-get update
sudo apt-get install proxychains elinks

Step 20 :

sudo nano /etc/proxychains.conf

Change the following line :

socks4 127.0.0.1 9050

To :

socks5 127.0.0.1 9050

Step 21 :

Usage -

proxychains nmap google.com
proxychains elinks cmyip.com
proxychains elinks www.whatismyip.com

That's all! See you.

HOWTO : Encrypt/Decrypt BackTrack 5 R2 with Passphrase

Credit to : Infosec Ramblings and Hak5.org

Step 1 :

The hard drive partitioning is as the following :

/dev/sda1 for /boot
/dev/sda5 for /

Assume the hard drive is band new.

fdisk /dev/sda
n
p
1
+4G
n
e
2
n
l
p
w

* where +4G is set to 4GB for the /dev/sda1 as /boot. You can set it to +1024M or smaller.

Step 2 :

cryptsetup -y -c aes-xts-plain -s 512 luksFormat /dev/sda5
cryptsetup luksOpen /dev/sda5 haktop

* where haktop is the device label

Step 3 :

mkfs.ext2 /dev/sda1
mkfs.ext4 /dev/mapper/haktop

Step 4 :

Install BackTrack 5 R2 as is. However, select custom partitioning. Do not format the partitions. Select /dev/mapper/haktop as ext4 and / while select /dev/sda1 as ext2 and /boot.

Make sure the bootloader is installed at /dev/sda.

Step 5 :

Once the installation is completed, select "Continue testing" and do not reboot the system.

mkdir /mnt/haktop

mount /dev/mapper/haktop /mnt/haktop/
mount /dev/sda1 /mnt/haktop/boot

chroot /mnt/haktop/

mount -t proc proc /proc
mount -t sysfs sys /sys/

Step 6 :

Get the UUID of sda5 by opening another terminal :

blkid /dev/sda5

Copy down the UUID of the /dev/sda5.

nano /etc/crypttab

haktop /dev/disk/by-uuid/<UUID Key> none luks

Step 7 :

nano /usr/share/initramfs-tools/scripts/local-top/cryptroot

Locate the following :

# Try to get a satisfactory password $crypttries times
   count=0
   while [ $crypttries -le 0 ] || [ $count -lt $crypttries ]; do

Change to :

count=0
echo "Unlocking the disk $cryptsource ($crypttarget)"
while [ $crypttries -le 0 ] || [ $count -lt $crypttries ]; do

Locate the following :

if [ -z "$cryptkeyscript" ]; then
   cryptkey="Unlocking the disk $cryptsource ($crypttarget)\nEnter passphrase: "
if [ -x /bin/plymouth ] && plymouth --ping; then

Change to :

if [ -z "$cryptkeyscript" ]; then
   cryptkey="Enter passphrase: "
if [ -x /bin/plymouth ] && plymouth --ping; then

Step 7a :

update-initramfs -u

fix-splash

Now, reboot the system. The bootup will halt at the wallpaper of BackTrack 5. Just press F8 and deleted the prompted "****" and then enter your passphrase to boot the system.

Or, you can just key in the passphrase when the bootup process is stopped at the wallpaper.

Step 8 : (Optional)

If you do not want to press F8, you can delete the "splash" from the following line.

nano /boot/grub/grub.cfg

Locate the following :

linux /vmliunx-3.2.6 root=/dev/mapper/haktop ro text splash vga=791

To make it look likes :

linux /vmliunx-3.2.6 root=/dev/mapper/haktop ro text vga=791

Then, you will be prompted for entering your passphrase on every boot up.

Step 9 :

After the system is boot up, it is required to create swap file.

dd if=/dev/zero of=/swapfile1 bs=1M count=8192

* Where count=8192 is 8GB

mkswap /swapfile1
chown root:root /swapfile1
chmod 0600 /swapfile1

swapon /swapfile1

nano /etc/fstab

/swapfile1 swap swap defaults 0 0

Then reboot the system.

See Also : HOWTO : Encrypt/Decrypt BackTrack 5 R2 with USB stick


That's all! See you.

HOWTO : Encrypt/Decrypt BackTrack 5 R2 with USB stick

Credit to : Hak5.org

Step 1 :

To check the device label :

sfdisk -l /dev/sda
sfdisk -l /dev/sdc

*** Where sda is my hard drive and sdc is the USB stick

Step 2 :

To format the following devices with linux format :

fdisk /dev/sda
d
n
p
1
p
w

fdisk /dev/sdc
d
n
p
1
p
w

Step 3 :

dd if=/dev/sdc bs=1 count=64 skip=32 of=/tmp/first.key

cryptsetup -c aes-xts-plain -s 512 luksFormat /dev/sda1 /tmp/first.key

cryptsetup -d /tmp/first.key luksOpen /dev/sda1 mylaptop

ls /dev/mapper

Step 4 :

mkfs.ext2 /dev/sdc1

mkfs.ext4 /dev/mapper/mylaptop

*** Where mylaptop is the label of the device.

Step 5 :

Install BackTrack 5 R2 as usual. However, do not format the partitions. Select /dev/mapper/mylaptop as ext4 and /. Then, select /dev/sdc1 as ext2 and /boot.

After that, make sure the bootloader is installed at /dev/sdc

Step 6 :

Once the installation is completed, select "Continue testing" and do not reboot.

dd if=/dev/sdc bs=1 count=64 skip=32 of=/tmp/second.key

Make sure the keys are different.

sha1sum /tmp/*key

Step 7 :

cryptsetup -d /tmp/first.key luksAddKey /dev/sda1 /tmp/second.key

mkdir /mnt/mylaptop

mount /dev/mapper/mylaptop /mnt/mylaptop/
mount /dev/sdc1 /mnt/mylaptop/boot

chroot /mnt/mylaptop/

mount -t proc proc /proc
mount -t sysfs sys /sys/

Step 8 :

nano /etc/crypttab

blkid /dev/sda1

mylaptop /dev/disk/by-uuid/<UUID Key> none luks

nano /etc/fstab

/dev/sdb1 /boot ext2 defaults 0 2

Step 9 :

After that, boot BackTrack 5 R2 from the USB stick. It will drop to the busybox.

At the busybox, enter the following commands to unlock the partition. You are required to enter these commands on every boot up.

dd if=/dev/sdb bs=1 count=64 skip=32 of=/tmp/mykey.key

cryptsetup -d /tmp/mykey.key luksOpen /dev/sda1 mylaptop

Then press Ctrl-D to continue the boot process.

Step 10 :

After the system is boot up, it is required to create swap file.

dd if=/dev/zero of=/swapfile1 bs=1M count=512

* Where count=512 is 512M

mkswap /swapfile1
chown root:root /swapfile1
chmod 0600 /swapfile1

swapon /swapfile1

nano /etc/fstab

/swapfile1 swap swap defaults 0 0

Then reboot the system.

Remarks :

You are required to enter these commands on every boot up.

dd if=/dev/sdb bs=1 count=64 skip=32 of=/tmp/mykey.key

cryptsetup -d /tmp/mykey.key luksOpen /dev/sda1 mylaptop

See Also : HOWTO : Encrypt/Decrypt BackTrack 5 R2 with Passphrase

That's all! See you.

HOWTO : Pyrit Cluster with BackTrack 5 R2

Install nVidia CUDA drivers and Pyrit as described here

(A) The server (with the GPUs) Settings

At least run the pyrit once and you will have the following file at ~/.pyrit/config.

default_storage = file://
limit_ncpus = 0
rpc_announce = true
rpc_announce_broadcast = false
rpc_knownclients =
rpc_server = false
workunit_size = 75000

If your system is enabled Hyper-Threading, the "limit_ncpus" should be set to the number of the real CPU cores. For example, my system have 6 real CPU cores and HT is enabled, the setting will be as the following :

limit_ncpus = 6

Bug fix :

nano /usr/local/lib/python2.6/dist-packages/cpyrit/network.py

Locate the following lines :

except socket.error:
   break
if essid != '' or pwbuffer != '':
   pwlist = storage.PAW2_Buffer()
   pwlist.unpack(pwbuffer.data)
   self.client.enqueue(essid, pwlist)
else:
   time.sleep(1)

Change it to :

except socket.error:
   break
if essid != '' or pwbuffer != '':
   pwlist = storage.PAW2_Buffer(pwbuffer.data)
   self.client.enqueue(essid, pwlist)
else:
   time.sleep(1)

Boost the network performance :

nano /usr/local/lib/python2.6/dist-packages/cpyrit/network.py

Locate the following lines :

essid, pwbuffer = \
   self.server.gather(self.client.uuid, 5000)

Change it to :

essid, pwbuffer = \
   self.server.gather(self.client.uuid, 90000)

(B) The client (without or with GPUs) Settings

Client is not required to install nVidia drivers. Just install the BackTrack 5 R2 as is. However, if you client has nvidia display card installed, you should install the nVidia drivers as the captioned mentioned.

The following settings should be set on every client machine.

At least run the pyrit once and you will have the following file at ~/.pyrit/config.

default_storage = file://
limit_ncpus = 0
rpc_announce = true
rpc_announce_broadcast = false
rpc_knownclients = 192.168.0.100
rpc_server = true
workunit_size = 75000

** if you have more than one server, you should set it to (where the IP addresses are the IP address of your servers) :

rpc_knownclients = 192.168.0.100 192.168.0.150

Bug fix :

nano /usr/local/lib/python2.6/dist-packages/cpyrit/network.py

Locate the following lines :

except socket.error:
   break
if essid != '' or pwbuffer != '':
   pwlist = storage.PAW2_Buffer()
   pwlist.unpack(pwbuffer.data)
   self.client.enqueue(essid, pwlist)
else:
   time.sleep(1)

Change it to :

except socket.error:
   break
if essid != '' or pwbuffer != '':
   pwlist = storage.PAW2_Buffer(pwbuffer.data)
   self.client.enqueue(essid, pwlist)
else:
   time.sleep(1)

Boost the network performance :

nano /usr/local/lib/python2.6/dist-packages/cpyrit/network.py

Locate the following lines :

essid, pwbuffer = \
   self.server.gather(self.client.uuid, 5000)

Change it to :

essid, pwbuffer = \
   self.server.gather(self.client.uuid, 90000)

(C) How to run

On the server

pyrit serve

On the client

pyrit benchmark

Remarks :

I have tested this settings on my system with VirtualBox client. The performance of the Pyrit dropped about by half. It is because the VirtualBox client is not on a real network and the CPUs of the VirtualBox client are not real.

By the way, the performance of the cluster will be dropped a lot even in a home gigabit network environment - ThinkPad X100e (AMD CPU with no GPU). I think Pyrit is not very good at network environment at this moment and the CPU power of the client does matter too.

That's all! See you.

HOWTO : BackTrack 5 R2 on Intel X79 Express and nVidia display cards chipset

UPDATE : The better way is here.

Hardware

CPU : Intel i7-3930K (Socket 2011, 12 cores with HT)
Display card : 2 x nVidia GeForce GTX 590 (1024 CUDA cores per card)

Installation of BackTrack 5 R2

BackTrack 5 R2 can be boot up on Intel X79 Express chipset motherboard with 2 nVidia GeForce GTX 590 display cards. However, "nomodeset" should be applied to the boot option by pressing "tab" on the boot menu.

Install the BackTrack 5 R2 as usual. When it is required to reboot, do not remove the BackTrack 5 R2 CD. Boot up the CD accordingly. After the BackTrack 5 R2 is booted up, mount the hard drive and add "nomodeset" to boot option of the grub.cfg at /boot/grub.

After that, reboot the system and remove the CD. The system will be boot into BackTrack 5 R2 without problem.

If the kernel is upgraded, you should rebuild the kernel headers by the following steps :

prepare-kernel-sources
cd /usr/src/linux
cp -rf include/generated/* include/linux/

Installation of nVidia display driver

Go to nVidia Deleloper Zone CUDA Toolkit 4.1 to download the following. Do not enter to X11 by issuing "startx"; otherwise, the installation will be failed.

(1) Download "Latest Drivers for Linux (295.20)" for the nVidia Driver. You can download the driver before not going to the X11.

32-bit :
http://www.nvidia.com/object/linux-display-ia32-295.20-driver.html

64-bit :
http://www.nvidia.com/object/linux-display-amd64-295.20-driver.html

Installation :

32-bit :
chmod +x NVIDIA-Linux-x86-295.20.run
./NVIDIA-Linux-x86-295.20.run

64-bit :
chmod +x NVIDIA-Linux-x86_64-295.20.run
./NVIDIA-Linux-x86_64-295.20.run

After that, you can reboot your system.

Then run the following command to make the suitable resolution :
nvidia-xconfig

(2) Download "CUDA Toolkit for Ubuntu Linux 10.04" for the CUDA Toolkit.

32-bit :
wget http://developer.download.nvidia.com/compute/cuda/4_1/rel/toolkit/cudatoolkit_4.1.28_linux_32_ubuntu10.04.run

64-bit :
wget http://developer.download.nvidia.com/compute/cuda/4_1/rel/toolkit/cudatoolkit_4.1.28_linux_64_ubuntu10.04.run

chmod +x http://developer.download.nvidia.com/compute/cuda/4_1/rel/toolkit/cudatoolkit_4.1.28_linux_xx_ubuntu10.04.run

*** Accept the default settings.

(3) Download "GPU Computing SDK" for the nVidia SDK.

wget http://developer.download.nvidia.com/compute/cuda/4_1/rel/sdk/gpucomputingsdk_4.1.28_linux.run

chmod +x gpucomputingsdk_4.1.28_linux.run
./gpucomputingsdk_4.1.28_linux.run

nano /root/.bashrc

Append the following :

PATH=$PATH:/usr/local/cuda/bin
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/cuda/lib:/usr/local/cuda/lib64
export PATH
export LD_LIBRARY

source /root/.bashrc
ldconfig

After that, reboot the system to make the nVidia driver effect.

Compile Sample code of CUDA

apt-get install freeglut3-dev libxi-dev libXmu-dev

cd NVIDIA_GPU_computing_SDK/C
make

Then, run the sample codes at :

cd NVIDIA_GPU_computing_SDK/C/bin/linux/release
./deviceQuery
./nbody

Installation of pyrit

Add the following to /etc/apt/sources.list :

deb http://security.ubuntu.com/ubuntu lucid-security main
apt-get update
apt-get libssl-dev scapy python-dev

Then, delete the newly added entry of the sources.list.

apt-get update

Go to the official site of pyrit.

cd ~
svn checkout http://pyrit.googlecode.com/svn/trunk/ pyrit

cd pyrit
python setup.py build
python setup.py install

cd cpyrit
python setup.py build
python setup.py install

To test if the installation is correct or not.

pyrit list_cores
pyrit benchmark
pyrit benchmark_long

Remarks :

Fix the splash :
fix-splash

Install the sensors :
apt-get install sensors-applet

Pyrit Cluster Setup
John the Ripper Cluster Setup

See Also : HOWTO : Pyrit Cluster with BackTrack 5 R2

*** Whenever the linux kernel is updated or upgraded, the nVidia driver should be required to reinstalled to match the upgraded kernel version.

That's all! See you.

Before water cooling



After water cooling

Course Review - Offensive Security Wireless Attacks (WiFu)

The Background

After passing the OSCP, I enrolled for the Offensive Security Wireless Attacks (aka WiFu) course. This course is talking about how to attack a wireless rotuer no matter it is set to WEP, WPA or WPA2.

The Hardware

You are required to have at least one wireless device to act as victim (laptop with wireless card or smartphone, such as Android or iPhone) and a computer which is installed with BackTrack 5 R1 as an attacker. The attacker machine is recommended to have a USB adaptor (the USB adaptors that recommended on the official site). If you do not have wireless device as victim, you may consider to buy a wireless USB dongle for your desktop.

Furthermore, you are also required to have a wireless router or access point that equipped with WEP and WPA/WPA2 features (the models are recommeded on the official site).

Beware that not all the wireless dongles or wireless cards can be injected and in monitor mode. In addition, some wireless routers behaved unexpectedly when doing the attacks. For example, my dd-wrt flashed TP-LINK TL-WR1043ND do not perform some of the attacks, such as Korek Chopchop attack. However, not all access points can perform Korek Chopchop attack indeed. Therefore, the suggested hardwares in the official website are recommended to buy.

At the time of this writing, Netgear WNR1000v2h2 N150 can be bought in Hong Kong and it is not so expensive. However, I am not sure if this model is the one stated in the official site. You should not upgrade the firmware but you should downgrade it to v1.0.1.1 as the other version of firmwares do not provide WEP function. The older firmware can be downloaded from the Netgear official site.

My hardwares for the lab are as the following. Hope they can give you some idea :
(1) Access Point - TP-LINK TL-WR1043ND (flashed with dd-wrt v24-sp2 18024) (can be injected)
(2) Access Point - Netgear WNR1000v2h2 N150 (firmware v1.0.1.1)
(3) Victim - Google Nexus One (Android 2.3.6)
(4) Victim - TP-LINK TL-WN321G (54Mbps, Ver 4.1) (can be injected and in monitor mode)
(5) Victim - TP-LINK TL-WN821N (300Mbps, Ver 3.1) (can be injected and in monitor mode)
(6) Attacker - Cloned ALFA Networks AWUS036H USB 500mW (Realtek RTL8187L)

The Course

This course, version 3.0, is designed for beginners. It teaches you the wireless concept and its weakness. The most mentioned tool is Aircrack-NG Suite but it also mentioned others, such as tool that using GPUs for the brute forcing and other advanced tools. However, it does not cover the WPA/WPA2-Enterprise attack.

Offensive Security does not provide any lab for your access. You are required to set up your lab for practice. The hardwares that mentioned above are required for setting up your own lab.

The Challenge

The four hours challenge requires you to SSH to a BackTrack box in order to complete the objectives. After the challenge, you are required to submit your report within 24 hours.

Finally, the exam was over. Within 3 business days, I received an email which informed me that I passed the challenge. If you passed the challenge, you will be an Offensive Security Wireless Professional (OSWP). I am an OSWP now!

The Conclusion

In conclusion, this course will teach you all the basic wireless cracking.

Automatic Backdoor Generator for Windows System

Astr0baby developed an automatic tools to generate a backdoor for Windows system.

Later, www.coresec.org modified his work to make it workable on Back|Track 5. So, I made the modified source code available at here.

Then, I slightly modified coresec.org's work and make a video at here for reference.



The evasion of anti-virus of the captioned generated file is not too good as some of the users posted the generated file to the free anti-virus scanners on the web and/or local anti-virus programs to confirm if it can be detected or not. The problem is that the free scanners on the web will submit the code to their companies for further analysis. So, their detection rate will be higher, just a kind of honeypot. Therefore, if you want to test the generated file locally, please make sure the box cannot surf the internet as the result will be submitted to the anti-virus company after the scan.

I found generation of backdoor automatically is quite interesting. I completely rewrite the code and it can embedded to an executable file. The code can do some simple input data validation too. The current version is 0.2 at the time of this writing. I made a video for the demo. However, the code will not be available at the moment as I am still consider to release the source code or not.



PDFs and image files can also be embedded backdoor to them in the similar way. Therefore, do not download any programs, PDFs and image files from any untrusted sources. Especially, any cracked softwares and free licensed ebooks are to be alerted. This does not only affected Windows system, Linux or Mac OS can be infected too.

That's all! See you.

HOWTO : FreeNAS 8.0.3 RELEASE p1 USB device boot bug fix

The Problem

When I upgraded my FreeNAS to the latest version FreeNAS 8.0.3 RELEASE p1, it refused to boot and stop at the following message.

mountroot> GEOM: da0s1: geometry does not match label (16h,63s != 255h,63s).
GEOM: da0s2: geometry does not match label (16h,63s != 255h,63s).

I typed the following command and it boots fine.

ufs:/dev/da0s1a

The problem is that I need to type the captioned command on each boot up. How to solve this problem? Yes, I can.

The Solution

After the system is booting up and a menu is displayed. Select "9) Shell" to go to the shell prompt where we can do the following.

Step 1 :

nano /etc/fstab

Change from :
/dev/ufs/FreeNASs1a / ufs ro 1 1

To :
/dev/ufs/FreeNASs1a / ufs rw 1 1

Step 2 :

Then, save and exit the editor. Execute the following command :

mount -a

Step 3 :

Next, open up another file :

nano /boot/loader.conf

Change from :
#Fix booting from USB device bug
kern.cam.boot_delay=10000

To :
#Fix booting from USB device bug
kern.cam.boot_delay=20000

Save and exit the editor. Then reboot. This time, the boot up is much slower than before but it works. Problem solved!

That's all! See you.

HOWTO : Using USB Devices on VirtualBox 4.1.8

Using USB devices on VirtualBox 4.1.8, which is installed on Ubuntu 12.04 LTS, is easy.

sudo usermod -a samiux -G vboxusers

*where samiux is the user name

Then, logout and re-login. Or, reboot your system.

Now, you can use USB devices on VirtualBox without any problem. However, some devices do not work properly on USB 2.0 enabled on VirtualBox.

That's all! See you.

HOWTO : Create a normal user on MySQL and MariaDB

Using a root account on the web applications as user is risky. It is more secure to create a normal user for the web applications.

Step 1 :

mysqladmin -u samiux -p create mydatabase

*where samiux is the normal username and mydatabase is the name of the database of the web applications

Step 2 :

mysql -u root -p

Step 3 :

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON mydatabase.* TO 'samiux'@'localhost' IDENTIFIED BY 'mypassword';

*where mypassword is the password of the user samiux

That's all! See you.