KringleCon | Stall Mucking Report & Data Repo Analysis | CTF Challenge Solution

Written by Pranshu Bajpai | Twitter | LinkedIn

Wunorse Openslae: Stall Mucking Report

We are told that a Samba share with shared network credentials is used to upload the file on the server. These 

shared credentials can be revealed via ‘ps’ if they were entered in command-line mode. We use ps with the -e 

(view every process on system) and -ww (unlimited width) flag to reveal the username and password used for 

uploading the report.

Once we have the credentials, we can use them to upload the report using smbclient:

smbclient //localhost/report-upload/ -c ‘report.txt ; put report.txt’ -U 

report-upload directreindeerflatterystable

Bonus

The password to the Samba share (‘directreindeerflatterystable’) seems to be a play on 

‘correcthorsebatterystaple’ -- the xkcd comic.

Suggested remediation: Using something like secret-tool to look up passwords in the Gnome keyring is 

safer than passing credentials in the command-line or storing them in a file.

Question 4

Wunorse Openslae gave us the tip to use the tool ‘truffleHog’ to dig through code repositories for exposed 

credentials. TruffleHog searches through repos, locating strings with high entropy. Sensitive information such 

as passwords traditionally have higher entropy. This tool was a great find for me and it quite straightforward to 

use. It was able to locate the password in the North Pole Git repository in no time.

trufflehog https://git.kringlecastle.com/Upatree/santas_castle_automation

So much for “hopefully this is the last time we have to change our password against until next Christmas”.

'apt-add-repository' command not found Debian / Ubuntu [Solution]

Written by Pranshu Bajpai | Join me on Google+ | LinkedIn

You might have encountered certain non-standard packages that have no installation candidates in your current repositories. In such cases, you can try to add a new repository. However, you might have encountered an error that says: 'apt-add repository' command not found. The system currently has no path to the binary 'apt-add-repository' which is why it says it cannot find that command.

Here's the fix

Execute the following commands in your terminal:

$wget http://blog.anantshri.info/content/uploads/2010/09/add-apt-repository.sh.txt

(thanks to the author this script!)

$mv add-apt-repository.sh.txt /usr/sbin/add-apt-repository

$chmod o+x /usr/sbin/add-apt-repository

$chown root:root /usr/sbin/add-apt-repository

If you are not using a 'root' account, then add a 'sudo' infront of each of these commands before executing them.

Now, trying adding the new repository again. For example:

$add-apt-repository ppa:webupd8team/sublime-text-2

$apt-get update

(the repository you are trying to add might be different in your case)


You should now be able to add new repositories to your system and install non-standard packages.

Please let me know in the comments below if you come across any issues.

How to get WiFi to work after installing Ubuntu or Lubuntu on Macbook?

Written by Pranshu Bajpai | Join me on Google+ | LinkedIn

Problem: No WiFi connectivity in Lubuntu after installing it on a Macbook Air.

I recently installed Lubuntu to breath life into my old Macbook Air 1,1 (2008). The installation went smooth and the operating system is giving me no problems so far. The only thing that does not work right off the bat is WiFi -- in that I have no WiFi drivers or the icon. However, the icon is not a problem, getting the right drivers is.

After sifting through a lot of content on the Internet, I was able to get it working on my Mac Air 2008 and another Mac Air late 2010 3,2 model. Both of these have slightly different WiFi cards -- although both are Broadcom -- and so require slightly different procedures. But these steps should work for most people out there.

How to unable WiFi in Lubuntu on a Macbook?

Ubuntu, or Lubuntu, seems to be missing drivers for the Broadcom network hardware installed on a Macbook -- which leads to the problem of no WiFi. You need to get the drivers appropriate for your device.

With Internet connection

WiFi is obviously not working on this device yet, but if you have any other means of obtaining connectivity on this Macbook, then that simplies things a lot. Just type the following commands:

#sudo apt-get update
#sudo apt-get purge bcmwl-kernel-source
#sudo apt-get install firmware-b43-installer

The 'purge' part is to get rid of 'bcmwl-kernel-source' if you have been trying versions of that driver. It may or may not work for some systems. I tested on 2 different Macbook Air's (2008 and 2010) and both reacted different to it. I found 'firmware-b43-installer' to be more reliable.

Since you have connectivity, the apt-get command will simply load the best-suited version of the driver on your machine, and after a reboot, you should be able to get WiFi working. I wasn't so lucky though...

Without Internet connection

Find out exactly what WiFi hardware you have on your Macbook by using the following command:

#lspci -nn | grep Network

That will tell you the details you need to know. For instance, in my case, I received the following output:

01:00.0 Network controller [0280]: Broadcom Corporation BCM43224 802.11a/b/g/n [14e4:4353] (rev 01)

Here, 'BCM43224' is the important part. Look around for the best suited version of the following drivers for your card.

Now, you can go ahead and obtain b43_updated, unzip it, and copy it's contents into /lib/firmware/:

#sudo cp b43/ /lib/firmware
#sudo modprobe -rv b43
#sudo modprobe -v b43

Your /lib/firmware/ folder should now hold the necessary files:

Now reboot, and you should have the WiFi working.

WiFi network connectivity icon missing from panel

Do you still not see a difference? Maybe you're looking for the WiFi connection icon on the taskbar panel and it's just not there. In that case, 'nm-applet' is missing from your environment. You can fix this in the following manner:

Preferences --> Default applications for Lxsessions --> Autostart --> Manual Autostart -> type: nm-applet --> click: 'Add'

Logout and log back in. The WiFi applet should be there now.

/var/log Disk Space Issues | Ubuntu, Kali, Debian Linux | /var/log Fills Up Fast

Written by Pranshu Bajpai | Join me on Google+ | LinkedIn

Recently, I started noticing that my computer keeps running out of space for no reason at all. I mean I didn't download any large files and my root drive should not be having any space issues, and yet my computer kept tellling me that I had '0' bytes available or free on my /root/ drive. As I found it hard to believe, I invoked the 'df' command (for disk space usage):

#df

So clearly, 100% of the disk partition is in use, and '0' is available to me. Again, I tried to see if the system simply ran out of 'inodes' to assign to new files; this could happen if there are a lot of small files of '0' bytes or so on your machine.

#df -i

Only 11% inodes were in use, so this was clearly not a problem of running out of inodes. This was completely baffling. First thing to do was to locate the cause of the problem. Computers never lie. If the machine tells me that I am running out of space on the root drive then there must be some files that I do not know about, mostly likely these are some 'system' files created during routine operations.

To locate the cause of the problem, I executed the following command to find all files of size greater than ~2GB:

# find / -size +2000M

Clearly, the folder '/var/log' needs my attention. Seems like some kernel log files are humongous in size and have not been 'rotated' (explained later). So, I listed the contents of this directory arranged in order of decreasing size:

#ls -s -S

That one log file 'messages.1' was 12 GB in size and the next two were 5.5 GB. So this is what has been eating up my space. First thing I did, was run 'logrotate':

#/etc/cron.daily/logrotate 

It ran for a while as it rotated the logs. logrotate is meant to automate the task of administrating log files on systems that generate a heavy amount of logs. It is responsible for compressing, rotating, and delivering log files. Read more about it here.

What I hoped by running logrotate was that it would rotate and compress the old log files so I can quickly remove those from my system. Why didn't I just delete that '/var/log' directory directly? Because that would break things. '/var/log' is needed by the system and the system expects to see it. Deleting it is a bad idea. So, I needed to ensure that I don't delete anything of significance.

After a while, logrotate completed execution and I was able to see some '.gz' compresses files in this directory. I quickly removed (or deleted) these.

Still, there were two files of around 5 GB: messages.1 and kern.log.1.  Since these had already been rotated, I figured it would be safe to remove these as well. But instead of doing an 'rm' to remove them, I decided to just empty them (in case they were being used somewhere).

#> messages.1
#> kern.log.1

The size of both of these was reduced to '0' bytes. Great! Freed up a lot of disk space this way and nothing 'broken' in the process.

How did the log files become so large over such a small time period?

This is killing me. Normally, log files should not reach this kind of sizes if logrotate is doing its job properly or if everything is running right. I am still interested in knowing how did the log files got so huge in the first place. It is probably some service, application or process creating a lot of errors maybe? Maybe logrotate is not able to execute under 'cron' jobs? I don't know. Before 'emptying' these log files I did take a look inside them to find repetitive patterns. But then I quickly gave up on reading 5 GB files as I was short on time.

Since this is my personal laptop that I shut down at night, as opposed to a server that is up all the time, I have installed 'anacron' and will set 'logrotate' to run under 'anacron' instead of cron. I did this since I have my suspicions that cron is not executing logrotate daily. We will see what the results are.

I will update this post when I have discovered the root cause of this problem.

Multiple Screens in (Kali) Linux | How To

Written by Pranshu Bajpai | Join me on Google+ | LinkedIn

I have felt the need for multiple screens several times simply because of the many tabs and terminal windows I keep open on my box. Hence, to avoid constantly switching between these, I decided to bring in multiple screens . You might have felt the same--especially if you work on multiple applications simultaneously. Some people use these multiple screens while playing games as well.

Before I brought in new screens, I wanted to get a 'feel' of using them, and decide whether this is something I would be comfortable with while working. Fortunately, I had an old LG 17'' CRT monitor lying around which I used for testing this set up of multiple screens. Here, the operating system I am using is Kali Linux (Debian 7 wheezy) but the process is fairly straightforward and would work for any Linux (or Windows) box.

How to set up multiple screen on (Kali) Linux

Firstly, you need to make the hardware connection, that is, connect the other screen's display cable to your machine. In my case, I connected the old CRT monitor's VGA cable to my HP laptop.

You need to locate the 'Display' panel to set up the initial configuration. This should not be hard to do. On a Debian or Kali Linux box, this would be under 'Applications' --> 'System Tools' --> 'Preferences' --> 'System Settings' --> 'Displays'

The location of 'Displays' could vary according to your Linux distro, however, again, it should not be hard to locate. Once inside, you will see that your OS has detected the two displays. Uncheck 'Mirror displays'. By default, your laptop's screen is the primary display and would be on the left. You can drag and change this so that the laptop's display is on the right--as I have done here.

How to set the primary display screen

By default, your laptop's screen is your primary display. This means that the top panel, containing 'Applications' and 'Places', and the bottom panel, tracking open windows and tabs, would be available on the laptop's screen only. I wanted to change this so that my CRT monitor's screen was the primary screen. To do so, I edited the monitors.xml file in Linux.

Locate 'monitors.xml' in '/home/.config/monitors.xml' or '/root/.config/monitors.xml'. Now, edit it in a text editor so that you modify the line containing '<primary>yes/no</primary>'.

In my case, I have modified the xml file so that the part corresponding to my laptop's screen says  '<primary>no</primary>', and the part corresponding to the CRT monitor says '<primary>yes</primary>'.

Now, the CRT monitor is the primary screen and the 'Applications', 'Places' etc would show up here. After all the set up, this is what it looks like on my box:

Note that this is the extended display corresponding to both the screens, that is, half of this shows up on one screen and half on the other. This is a picture of my set up:

Note: The Guake terminal (yellow font) has been configured to show up on both the screens. For this, I edited the '/usr/bin/guake' and changed the width from '100' to '200'.

So far, I am pleased with this multiple screen set up as it offers me a lot more work space, but it will take a little getting used to.

How To Recover Grub After Installing Windows | Ubuntu / Kali / Debian Linux

Written by Pranshu Bajpai | Join me on Google+ | LinkedIn

A Little Rant

It's 2014 and Windows still assumes that it's the only OS out there.

When you install windows and then install Linux, in the grub boot menu you would find Windows properly accounted for. Grub recognized windows and creates an entry for it in the Boot Menu.

Should we assume Microsoft likes bullying (since there's no apparent technical reason for why they won't make a windows boot-loader that would recognize and make an entry for Linux in the Boot menu).

So if you have Linux and then you try to install Windows, it's nasty boot-manager would remove the linux entry and all you will see at Boot time is Windows and no entry for linux.

Kali Linux is the primary OS that I use on my laptop. I rarely ever use windows so I removed it altogether. However I was developing an App for Windows and needed to code in Windows SDK (Visual Studio) since I needed some libraries like 'wlanapi' that weren't present in Linux IDEs

Long story short, I installed Windows on top of Kali and as I expected, it removed the entry to Kali from the boot menu.

Here are a few commands that I used to solve this issue. This is by far the easiest way to bring the Linux / Ubuntu / Kali boot entry back.

How To Recover Grub (Kali Linux Boot Menu Entry) After Installing Windows 

For this you need:

1. Ubuntu (or Any linux) Live CD / USB

2. Eyes to read and Fingers to Type some commands 

Step 1. Boot from the Ubuntu / Kali / Fedora (any linux) live disk OR USB

Step 2. After the 'Live CD Desktop' loads up, Find Terminal.

Step 3. After the Terminal comes up. Type the following commands:

#sudo mount /dev/sda10 /mnt 

#Note that here for me the root ( / ) of my Kali Linux was on device '/dev/sda10'. For you this would be different and you should check this out under 'Disk Manager' in your Live CD. You are looking for the partition number of your main partition

#for i in /sys /proc /run /dev; do sudo mount --bind "$i" "/mnt$i"; done

#sudo chroot /mnt

#update-grub

#grub-install /dev/sda

#update-grub

Step 5. That's it. Exit the Terminal and reboot.

You should now see Grub restored. This is one of the ways in which you can easily and quickly restore grub after installing windows

Note that sometimes you may loose the entry to your Windows OS after these steps. But all you need to do is run these 3 commands to get it back:

#apt-get install os-prober

#os-prober

#update-grub

 

Update

 

I recently lost Linux grub again after installing Windows 7 on my laptop and this time I decided to try an ISO called 'boot-repair disk'. I had heard of this a lot and seems to be the tool of choice for people who don't want to get their hands dirty using the linux terminal.

The tool is pretty good in that it does what it is meant for, without any glitches. This is all you have to do:

1. Download 'boot-repair disk' ISO

2. Burn it to a CD or make a bootable Pendrive

3. Boot into the boot-repair disk ISO

After that, it is all automated. As soon as you boot into this live disk, it will automatically begin mounting all your file systems and looking for grub. Once it is located, it will be restored automatically and at the end a message will be displayed to you.

So if you are someone who isn't all that thrilled about typing commands on a Linux terminal in the method I discussed previously, this ISO is for you.

References:

AskUbuntu.com

'remindme.py' A Simple Python Script To Remind You About Events That You Want To Remember | Pranshu

Written by Pranshu Bajpai | Google+ Pranshu Bajpai | LinkedIn

This is a simple Linux utility that I coded long ago for personal use that would remind me about events that I want to remember. It reminds you of a given event on a certain data after you log onto your computer on that date.

This is a basic script in Python. Please feel free to improve it to suit your particular needs.

Functionality:

-Displays a Graphical Notification in Top Right Corner Each Time you Login
-You Manually Enter Events and Corresponding dates

How to Use:

Create a Folder called "python codes" in your root directory and place "remindme.py" there

(Path is hard coded in the script. This is bad coding, but I was in a hurry. Like I said, feel free to improve the code)

Create a File in this folder called "remindme.data"

Enter the Dates and Events in this format and Save:

MonthDay Event
Example for 10th of Oct:
1010 EventName

Add remindme.py to 'Startup'  (Applications -> System Tools -> Preferences -> Startup)

(I have added a module for 'Auto-Add to Startup' but it was giving issues, so I commented it out, feel free to correct that)

Each Time you login now, remindme will check the remindme.data file and see if there's an Event listed for today. If an event is listed, it will display a notification:

If you're new to Python you might like to read the code:

#!/usr/bin/python

import time       #for checking current date
import gtk.gdk    
import pynotify   #For Notifications

today = time.strftime("%m%d")
Remind_Me_Path = "python /root/python\ codes/remindme.py"  #Path to script


#Following Function that checks whether Startup Entry is already made
#Coz We don't want multiple startup entries made, everytime program runs

def check_startup_entry():                   
 flag = 0
 file = open ("/root/.bash_profile", 'r')
        for line in file:
                if Remind_Me_Path in line:
   flag = 1
 if flag == 0:
  add_to_startup()  

#Following Function adds the startup entry if it check_startup didn't find one

def add_to_startup():
 file = open ("/root/.bash_profile", 'a+')
 file.write(Remind_Me_Path)
 file.write("\n")
 file.close() 

#Following Function checks for Events in Remind_Me.data file

def check_for_event():
 file = open ("/root/python codes/remindme.data", 'r')
 for line in file:
  if today in line:
   notify(line)
 file.close()


#Following Function is called by check_for_event for notification

def notify(arg):
 pynotify.init("Basic")
 n = pynotify.Notification("Remind_Me: " + arg)
 n.set_hint('x', gtk.gdk.screen_width()/2.)
 n.set_hint('y', gtk.gdk.screen_height()/2.)
 n.show()

check_startup_entry()
check_for_event()

Quick Github Tutorial For Beginners | Using Git In Linux | Kali Linux, Ubuntu, Debian, Backtrack | How To

Written by: Pranshu | Find Pranshu on Google+ And LinkedIn

This is not meant to be an exhaustive tutorial. This does not discuss the concepts of Git that you should know (like working directory, staging area, head). This is a very quick demonstration of how to get started.

Quick Github Tutorial Or How To use Git in Linux

1. Visit Github

2. Make an Account.

3. Create a New Repository (of your current coding project)

4. Initial Git Setup (in your Terminal):

#git config --global user.name "lifeofpentester"
#git config --global user.email "......pranshu@gmail.com"
#git config --global credential.helper cache

If you use a Proxy Server to connect to the Internet:

#git config --global http.proxy http://user:pass@proxyserver:port

After you've configured the git global settings, you can check them:

#git config --list 

4. In your Terminal:

Navigate to the folder where your current project files reside and:

#git init
#git add .                                                                              #to add all files

OR

#git add huntpass.py                                                           #to add a particular file

OR

#git add '*.py'                                                                      #to add all files of a specific type

#git commit -m "Initial Commit"

 #git status

Now, we need to 'push' these changes to the remote location:

#git remote add origin https://github.com/lifeofpentester/huntpass.git
#git push -u origin master

Note: You might come across the error that says 'Fatal: remote origin already exists'. In this case, you need to remove that origin first. For this, you can use the following command:

#git remote rm origin

Fire up your browser and goto https://github.com and login

Under profile, click 'Repos' and visit the repository.

If you have done it all right this Repo will now reflect the "pushed" files

VPN Configuration / VPN Client in Kali Linux / Debian / Ubuntu / Backtrack | How to | Anonymous Internet | VPN Secure Connection

Written by: Pranshu | Find Pranshu on Google+ And LinkedIn

As a penetration tester, I have a variety of concerns while using the Internet:

1. Security: While I work as a penetration tester for remote clients, I like to make sure my "tunnel" to the internet is free from eavesdroppers and is reasonably secure. VPN tunneling takes care of that.

2. Anonymity: All of us need  privacy and anonymity for one reason or another. VPN servers allow that by 'not storing' logs of usage on their servers.

3. Over-blocking and "Internet-usage Policies": ISPs and local network administrators can get overzealous about restricting user activity on their networks (this is specially so for college and office networks). The network that I use takes pride in blocking categories like "file transfer" and "hacking". On several occasions, I have a legitimate need for visiting a hack forum or a "file transfer" service since most email providers don't allow 'attachments' to go over 25 - 30 MB.

(By the way, you can also use TOR for anonymity and unblocking websites. I have written about how to use TOR in Kali Linux here)

How to set up / configure VPN in Linux:

Step 1. Subscribe to a VPN Service. I have subscribed to AirVPN (around $9 a month)

Step 2. Login to the VPN service provider's website (AirVPN in my case) and locate 'Generate Configuration file'




Step 3. Download the .opvn file

Additionally, a .proxyauth file will be provided if a proxy authentication is required in your local network proxy (see HTTP code 407)

Step 4. In Terminal type:

             #apt-get install openvpn
             #openvpn --version
             #openvpn --config <file_you_downloaded.opvn>

This should configure that VPN.

            #ifconfig

Notice the presence of a new interface 'tun0', along with its IP address (a private IP address provided by the VPN network).

Now remove any local proxy setting you might be using in your browsers or system and connect to the Internet through the VPN tunnel.

How to Install New Cool / Hacker Fonts in Kali Linux / BackTrack / Debian

Written by: Pranshu | Find Pranshu on Google+ And LinkedIn

Are you looking to install new cool "HaX0r" fonts on your Linux distro?

My Advice: Don't

Reason: Most of the "hacker" fonts out there are illegible and not suitable for the long hours that you might be spending typing on Terminals as a penetration tester.

Here's how to install a new font in Linux:

Step 1: Download a .ttf font from the Internet. Google it, you will find many. As I have stressed before, avoid "cool hacker" fonts. Look for something comfortable to read.

Step 2.

        #gnome-font-viewer <font_location_on_drive>

(Notice the illegibility of the font)

Step 3. Install font

That's it. The new font will now show up in your 'Set Font' option in Terminal 'Preferences' or wherever you need to use it.

Given below are a couple of images of fonts that were too "Kewl" or "Elite" for me to use. I uninstalled them immediately.

Sub-Process /usr/bin/dpkg returned an error code (1) [SOLUTION] for Kali Linux / BackTrack / Debian

Written by: Pranshu Bajpai | Find Pranshu on Google+ And LinkedIn

If you have worked in Linux long enough, you might have come across this nasty error while installing new packages. I'm saying it's nasty simply because you'll try all you know to get rid of it but it just won't go away.

Here's what the error looks like when you try to remove the package that is creating the problem:

This next screen shows what happens when you try to install a new package:

The solution to this would be to remove any traces of this package, in this case vsftpd, in two locations:

Location 1: cd /var/lib/dpkg/info

Location 2: cd /var/cache/apt/archives/

Navigate to these paths and remove the vsftpd files, nomatter what the extension of that file.

After removing said files, the problem should resolve, and you should be able to install new packages.

Note: This solution is something that worked for me and should work for others as well, but if it doesn't, let me know in comments below.

'Ping: sendmsg: Operation not Permitted' Error Solution in Linux

Written by: Pranshu Bajpai | Find Pranshu on Google+ And LinkedIn

This is a simple error that you receive while trying to ping another machine. The solution is simple enough but it might take a while if you don't know the cause.

In my case, the reason behind the failure was the firewall which was blocking ping packets.

Torrents in Kali Linux - Best Torrent Client to Use in Kali Linux / BackTrack [Screenshot Included]

Written by: Pranshu Bajpai | Find Pranshu on Google+ And LinkedIn

I tried the following client for downloading torrents in Kali Linux and it worked really well. Nice light-weight application with no bells and whistles. It's called Transmission.

            #apt-get install transmission

Here's a screenshot:

Do not use TOR (onion router) to download torrents (if torrents are blocked on your network). TOR is for anonymous web surfing purpose only. Their servers are not able to handle the massive traffic generated by peer to peer networks.

Disclaimer: I do not endorse downloading copyrighted files for free using peer to peer networks. This post was made only to demonstrate a peer to peer client for Linux.

CATALINA_HOME /conf/server.xml can’t be read Error | Solution | Tomcat And Netbeans

First make sure you have Java Web apps plugin installed in Netbeans.

Then if you're using tomcat7:

# ln -s /etc/tomcat7 /usr/share/tomcat7/conf

Now enter your <CATALINA_HOME>  as "/usr/share/tomcat7/conf

This should resolve the problem.