Tag: linux

Stuff to throw in your C:\Windows\System32 directory and %PATH% variable

by on Feb.27, 2015, under Posts

Ah… WINKEY+R and cmd.exe, two awesome means of launching programs and commands within a Windows environment. In my humble opinion, WINKEY+R is probably one of the best keyboard shortcuts to know,  especially if you work in the tech industry. I mention this because I find myself using this keyboard shortcut a lot and it’s nice just to call out the name of a program rather than hunting around for it in a GUI. Need to see trace route for google.com? WINKEY+R then tracert www.google.com. Need to do a force shutdown? WINKEY+R then shutdown -s -t 0 -f . The list goes on but today we will be adding to this list because we all know that there are a myriad of utilities out there that don’t come with Windows installations by default and it’s nice to have them sitting in your System32 directory or in your %PATH% variable to quickly execute. I will warn you that some of the utilities I will recommend may make it easier for your system to be used as a pivot point if your system gets compromised. Additionally some of these tools may be detected as ‘viruses’ by anti-virus programs. Lastly, this article isn’t a comprehensive list of ALL the utilities that could be added or desired. It’s merely a means of getting you started. With that being said, let’s continue.

Cygwin:

For those of you who want to give your Windows system more a UNIX/Linux feel, I strongly recommend installing Cygwin and customizing your install to have all the Unix based goodies that your little heart desires. Once you’ve done this, add the /bin/ directory to your %PATH% variable. Now you can use egrep instead of findstr. Also you can now use wget, curl, ssh utilities suite, netcat, perl and other powerful scripting languages from cmd.exe! (Provided you have selected to install these during the customization part of your Cygwin install.)

https://www.cygwin.com/

Sysinternals Tools:

Mark Russinovich deserves a medal of some sort. Practically every tool he makes for Windows is a must have if you work on Windows systems. So feel free to download and copy all of these .exe files to your System32 directory:

https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

I personally use autoruns.exe all the time as a much greater alternative to msconfig and hijackthis.

Putty software suite:

If you forgot to install the ssh utilities under Cygwin, don’t worry and put these in your System32 directory:

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html


Other useful tools to have:

Here’s a list of some other tools that are very useful to have in your System32 directory:

Bluescreenview – great utility for getting information on BSODs

coretemp – (pretty self explanatory)

cpuz– very useful tool for getting information about your CPU, Motherboard, and RAM

fciv – Microsoft’s hash checksum utility

gpuz – like cpuz but for graphics cards

p95 –useful tool to benchmark your system

rufus -Create bootable USB drives with picky distros (not all work with YUMI)

Speccy -great alternative to msinfo32 that is better in some departments

usbdeview -useful for getting information about usb devices that have been plugged into your system

vncviewer

YUMI – create multi linux distro and OS bootable flash drives (see: http://zitstif.no-ip.org/?p=973 )

Of course this list isn’t complete but I strongly feel that this is a good start. If you feel inclined to suggest some tools/utilities to add to the list feel free to leave a comment or send me an email.

Leave a Comment :, , , , , , , , , , , , , , , , , , , more...

Android Lollipop breaks Kali chroot [UPDATE]

by on Nov.28, 2014, under Posts

http://www.memegasms.com/media/created/vhyfxm.jpg

Chainfire, who I’m sure you know of if you’re into rooting Android devices, has pushed out an update 11/26/2014 and now the Kali chroot environment works! Keep in mind, I still have this installed: http://forum.xda-developers.com/google-nexus-5/development/fix-bypassing-pie-security-check-t2797731.

However, the chroot environment is not quite perfect yet (nor has it necessarily been). I am receiving this error when issuing commands in the environment: ERROR: ld.so: object ‘/system/lib/libsigchain.so’ from LD_PRELOAD cannot be preloaded: ignored. I have added this following line to the kali shell script located at /sdcard/kali/kali, ‘export LD_PRELOAD=/system/lib/libsigchain.so‘, however this does not fix the issue. I would appreciate any words of wisdom/solutions if anyone has any.

#Update 11/30/2014

To not see the LD_PRELOAD error, all you need to do is add this to your .bashrc file:

unset LD_PRELOAD;

5 Comments :, , , , , more...

Android Lollipop breaks Kali chroot

by on Nov.17, 2014, under Posts

For those of you who are looking to update your Android version to Lollipop and wish to continue using the chroot environment I have shown how to setup here, please hold off! You can do so but at your own risk. Currently my chroot environment is not functional because I get ‘permission denied’ when I try to run the same script as I’ve always done before with my rooted Nexus 4 with previous versions of Android (up to 4.4.4). I’m highly confident that the issue is related to Android Lollipop’s PIE system, though I could be wrong. Over at the XDA forums, it appears that there is a workaround, but it still doesn’t fix the ‘permission denied’ issue that I’m experiencing. However it may help you with other apps:

http://forum.xda-developers.com/google-nexus-5/development/fix-bypassing-pie-security-check-t2797731

This bypass method did fix SSHDroid, but caused some issues with other apps.

1 Comment :, , , , , , , more...

Creating Your Own USB Katana Sword

by on Sep.20, 2014, under Posts

JP Dunning (https://twitter.com/r0wnin) is the creator of the Katana: Portable Multi-Boot Security Suite. Upon visiting www.hackfromacave.com, it appears that this projects have come to a halt. It is true that you can still obtain the Katana toolkit via torrents (http://securityiskey.blogspot.com/2012/08/katana-3-beta-torrent.html for those are interested). However, I can’t recommend downloading this toolkit as of now because a lot the Linux distributions within the Katana toolkit have been superseded by newer distributions. Another issue with Katana is that it’s kind of a pain to customize and add and remove distributions.

With that being said, this post’s objective is to inform those who how to create a multi-booting USB flash drive toolkit that is easily customizable for end user’s specific needs. For this we will be heavily relying on YUMI (http://www.pendrivelinux.com/yumi-multiboot-usb-creator/). Using YUMI is pretty straight forward and I don’t believe there is a strong need for myself to create a tutorial (https://www.google.com/#q=YUMI+tutorial).

To create our “Home Made Katana”, you will need:

-Time
-32GB Flash drive (smaller may work but I recommend 32GB or larger)
-YUMI ( http://www.pendrivelinux.com/yumi-multiboot-usb-creator/ )
-HomeMadeKatana.zip ( https://ia601401.us.archive.org/15/items/HomeMadeKatana/HomeMadeKatana.zip )

HomeMadeKatana.zip file hash
MD5: dc5b97133c9e6ca9a848b26b234f2210
SHA-1: 8a13ce78c380a05f60602a40790bf77021d52de9

NOTE: TOOLS IN THIS ARCHIVE WILL SET OFF AV SYSTEMS

The root directory of this zip file contains:

Disk Investigator
HxD
KatanaToolKit.exe
odbg201
PortableApps
Speccy
SysinternalsSuite
windows-binaries-from-Kali
zittools

I pulled the PortableApps directory and the KatanaToolKit.exe from the Katana:
Portable Multi-Boot Security Suite. I meant to add herdProtect portable scanner but forgot to. Feel free to add this if you want: http://www.herdprotect.com/installers/herdProtectScan_Portable.exe .

To create our “Home Made Katana”, do as follows:

1.) Backup any data you want on your flash drive
2.) Wipe the flash drive
3.) Download YUMI
4.) I recommend the following distributions/bootable tools:

Caine
Clonezilla (Backup + Clone Tool)
DBAN
Deft (Forensics)
GParted
Hiren’s Boot CD
Kali
Kon-Boot Floppy Image
Mint Linux
Offline NT Password & Registry Editor
Ophcrack Vista/7
Ophcrack XP
Tails
Ultimate Boot CD
Windows 7
Windows 8
Windows Defender Offline

5.) Download and extract HomeMadeKatana.zip to the root of the flash drive.

You may ask yourself why would I recommend putting Windows 8 on your flash drive? I recommend this because newer systems are now using UEFI and a lot of systems are shipping without optical drives. For instance if you need to reset a Windows 8 local account password ( http://pcsupport.about.com/od/windows-8/a/reset-password-windows-8.htm ), having Windows 8 on your “Home Made Katana” would be of great use.

An additional note that should be taken into consideration when dealing with newer UEFI computers. To boot into Linux distros or even to boot from USB or optical drives with software that doesn’t necessarily support secure booting you will need to turn the secure boot option off and/or enable legacy booting and/or enable compatibility support module (CSM).

In retrospect, what we have done is create a mutlibootable and powerful flash drive with utilities for penetration testers, IT gurus and network administrators. In addition, I would also recommend getting a USB Rubber Ducky (https://hakshop.myshopify.com/collections/usb-rubber-ducky) especially if you’re into penetration testing. If you have any questions, comments or input feel free to post a comment below.

Leave a Comment :, , , , , , , , , , , , , , more...

Steps Toward Weaponizing the Android Platform

by on May.11, 2013, under Posts

(4/16/2015) – NOTE: THIS SOLUTION HAS BEEN KIND OF SUPERSEDED BY https://www.kali.org/kali-linux-nethunter/ , if nethunter doesn’t work for you then continue on with this post:

The mobile and tablet market have been flooded by millions upon millions of Android based devices. I wonder if Ken Thompson or Dennis Ritchie would have ever imagined that their invention from nearly 44 years ago would have influenced the likes of the Linux kernel,  Google, Apple, and beyond. We are now in a sea of Unix-like devices that now can easily fit in individuals pockets, which have multiple core processing power and can easily access SCADA systems with a few keystrokes.  It has never been a better time for pocket sized penetration testing devices.

In this article I will be covering ways that one can turn their Android based device into a powerful pocket sized penetration testing tool. If you’re looking to do wireless sniffing or packet injection with your Android based device, this article will be of little help. (If interested please see this, this, this, this, and this.) To do so, one needs a specific Android device that supports OTG, with a custom ROM, and you’ll most likely need an external USB wireless adapter. (Honestly, if you’re looking for a device for cracking WEP keys without any external USB wireless adapters, then I highly still recommend the Nokia N900.)

(NOTE: If you’re strictly looking to do wireless sniffing,  there is AndroidPCAP which I have tested with my Nexus 7 and a RTL8187 based wireless USB adapter.)

Firstly, before progressing on towards the weaponizing of your Android device, please take the time to back up any vital information. Have a look at this.  Reason being, is that you’ll need to root your Android based device. Depending on your device and the method of rooting, rooting your device and unlocking the bootloader can wipe your device.

Setting up Kali Linux ARM Chroot on your rooted Android based device that has about 6GB of free space

1.) Install BusyBox
2.) Install Terminal Emulator
3.) I created a Kali Linux ARM IMG that one can easily mount and it can be downloaded here:
http://goo.gl/qmGle
https://archive.org/details/Kali.nogui.armel.zitstif.chroot.482013

kali.nogui.armel.zitstif.chroot.482013.7z

md5: d60c5a52bcea35834daecb860bd8a5c7
sha1: f62c2633d214de9edad1842c9209f443bcea385d

kali.img

MD5: be61799f8eb2d98ff8874daaf572a1d5
SHA-1: f9c6a820349530350bbb902d17ae6b4a5173937c

NOTE: This image gives you about 2GB of free space in the environment to play with so use with care.

4.) Extract the 7z file and make sure that there’s a folder in this following location: /sdcard/kali
5.) In this folder you should have shell script named ‘kali’ and the ‘kali.img’ image file.
6.) To mount the kali.img file as root do this: sh /sdcard/kali/kali

Optional:
If you want Terminal Emulator to open up and go directly to the chroot environment do as follows:
1.) Open up Terminal Emulator
2.) Go to preferences
3.) Tap on Initial Command
4.) Enter this: su -c “cd /sdcard/kali && sh kali”

Now if you tap on Terminal Emulator, you’ll go directly to your Kali chroot environment. If you want to leave the environment and back to the Android command line, simply type exit.

Optional: If you want to access files from /sdcard/ from your Kali chroot envrionment, one way is to have an Openssh server on your Android device that listens on all interfaces. Then under your chroot envrionment do: mkdir /media/sdcard/ and then connect to your ssh server on your loopback interface to store the ssh key. Then you could use a script like this in your chroot environment (or even edit your .bashrc file to run it automatically):

http://zitstif.no-ip.org/mountsdcard.py #You’ll need to edit the username and password appropriately for your situation.

I should warn you that this Kali image is not setup with the idea of using a window manager or really any GUI tools. In my humble opinion to take advantage of Kali Linux, you don’t need a GUI. Using the terminal to access tools like nmap, netcat, w3af_console, sqlmap, xsser, and metasploit will be sufficient to get one started on their penetration test.

Once you’re in the Kali Linux chroot environment, please do the following:

apt-get update && apt-get upgrade && msfupdate

In addition to setting up the Kali Linux chroot environment, here are a list of other tools and a quick description of each that I recommend you to install:

2X Client – Remote desktop client
AndFTP – ftp/sftp client
androidVNC – vnc viewer client
AndSMB – Android Samba client
AnyTAG NFC Launcher – Automate your phone by scanning NFC tags
APG – OpenGPG for Android
CardTest –  Test your NFC enabled credit cards
Checksum –  basically a GUI tool for md5sum and shasum tools
ConnectBot – powerful ssh client
DNS Lookup – perform DNS and WHOIS lookups
Dolphin Browser – a browser that easily allows you to change your UserAgent
DroidSQLi – automated MySQL injection tool
dSploit – Android Network Penetration Suite
Electronic Pickpocket –  wirelessly read NFC enabled cards
Exif Viewer – shows exif data from photos and can remove this information
Fast notepad – simple but useful notepad application
Find My Router’s Password – title explains it all (mostly for default passwords)
Fing – very similar to Look@LAN tool for Windows
Goomanager –  see link for more information
Hacker’s Keyboard –  Miss the easily accessible CTRL key? This app is for you
HashPass – translate text into hashes
Hex Editor –  a very usable hex editor for Android
inSSIDer – wireless network scanner
intercepter-NG – multi-function network tool, sniffer, cookie intercepter, arp poisoner
IP info Detective – find out all sorts of info on an IP address
IP Webcam – turn your Android device into an IP security camera
Network Signal Info – basically a graphical tool for iwconfig
NFC Reader – used for reading various NFC technologies including some keycards
NFC ReTAG – Re-use/recycle write protected NFC Tags such as hotel key-cards, access badges, etc
NFC TagInfo -another NFC reader
OpenVPN Connect – open vpn client
Orbot – tor on Android
Packet Injection – poorman’s GUI version of scapy
ProxyDroid – use your socks5 proxy with this application
Root Browser – great file manager for Android
Routerpwn – test how secure your router is
SandroProxy – kind of like Webscarab
Secret Letter – a  poorman’s stegonagraphy tool
SSHDroid – openssh server for android
Supersu – manage what programs access root functions
Teamviewer – remotely control Windows, OSX, and Linux based systems
Terminal Emulator – no explanation needed
tPacketCapture – packet sniffer that doesn’t require root
VirusTotal Uploader – test your malicious payloads
Voodoo OTA RootKeeper – maintain root access even after updates
Wifi File Transfer – access files on your phone from a web browser via an http server
WifiFinder – simple wireless scanner
WiGLE Wifi wardriving – wardriving/warwalking application

Of course this is probably not complete, but I believe this is a very good suite of tools to get one started. If you can think of any more tools or if you have any suggestions, please feel free to leave a comment below.

24 Comments :, , , , , , , , , , , , , , , , , , , , , , , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!