Author Archive
How many times have you wondered about your systems security ? Using Linux or Mac is not enough! You must check and configure your systems to be as secure as possible. To do this we can use Lynis, a command-line utility to check system(s) against malware, system misconfigurations, systems integrity, etc…
Lynis is easy to install and is available for Debian like and RedHat like distros, FreeBSD and MacOSX.
As well explained on rootkit.nl website “Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.
This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems. It can be run without prior installation, so inclusion on read only storage is no problem (USB stick, cd/dvd).
Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOX (Sarbanes-Oxley) compliance audits.”
In this article I’ll show you how to install and run Lynis on your PC.
Read the rest of this entry »
No Comments »
Every time we access an Internet resource (web, mail, IRC, etc…) our ADSL modem or router is connected “directly”: all packets transmitted by our computer are addressed via routers and switches across the net to their final destination.
Every time our packets pass through a network device, someone could read, analyze, intercept and hijack our communications.
In order to avoid this and protect our information, our identity and our connections we can use the widely downloaded software FreeNet.
Using Freenet we can access anonymous resources across the internet, using a decentralized encrypted network or we can create our private network between friends to chat, share information and messages.
As reported on Freenet official web site (https://freenetproject.org/index.html) Freenet is free software which lets you anonymously share files, browse and publish “freesites” (web sites accessible only through Freenet) and chat on forums, without fear of censorship. Freenet is decentralised to make it less vulnerable to attack, and if used in “darknet” mode, where users only connect to their friends, is very difficult to detect.
Communications by Freenet nodes are encrypted and are routed through other nodes to make it extremely difficult to determine who is requesting the information and what its content is.”
In this tutorial I will explain how to create an encrypted Virtual Machine that you can use to access FreeNet resources.
For this guide I’m using VmWare Workstation 8.0.6 but you can choose your best Virtual manager such as kvm, qemu or VirtualBox. I will not explain how to create a Virtual Machine using VmWare or Virtualbox because there are already millions guides available across the web. I will start the tutorial from Operating system setup. I choose Ubuntu 12.10 x64 to do this because it supports full disk encryption out of the box.
Read the rest of this entry »
No Comments »
My article about Home Computer Security has been published by VareseNews (an Italian online newspaper) under it’s “Ventuno” blog.
Take a look on http://www3.varesenews.it/blog/ventuno/2013/04/26/il-nostro-computer-e-veramente-protetto-prima-parte/
The original article is in Italian language, but you can read it in English clicking here.
No Comments »
Finally my Raspberry PI Model B Rev.2 is arrived !! I choose to buy an used one just to start some testing 
I choose PWNPI 3.0 as operating system because it contains lots of useful tools to help me in my pentesting activities.
In this article I’ll show you how to install and configure PWNPI 3.0 in a 64Gb SD card. In order to complete the task you need:
- Raspberry PI
- PWNPI 3.0 image (download from PWNPI official website)
- SD Card (I’m using a Sandisk 64Gb SDXC Class 10 for maximum performance)
First of all you have to uncomprezz the 7zip image. Using Ubuntu 12.10 right click on the image and select “Extract Here”. The uncompressed size of the PWNPI 3.0 image will be about 3.4Gb so be sure you have enough space on your disk.
At the end of uncompression, insert your SD card into the reader and delete all the partitions already present: we need an unformatted unpartitioned SD card to proceed! Under Linux you can choose gparted to complete this task.
If the previous task is completed without errors, you can proceed to transfer PWNPI 3.0 image on your SD card. Personally I like to have progress bar during dd operations, so I can see the status. To do this you must have installed “pv” on your system. In Debian/Ubuntu distro just type
sudo apt-get install pv
sudo pv ./pwnpi-3.0.img | sudo dd of=/dev/mmcblk0 bs=4M
In the example above I’m running the command rom the same directory where the image is.
Please be sure to specify the right parameter in your target device !! I’m using /dev/mmcblk0 because the SD card reader is embedded in my Sony Vaio. If you are using an USB device, please be sure to select the right path (probably /dev/sdx)
Now you have to wait that dd will finish the image….depend of your hardware it could require some time!
At the end of the process you can eject your SD card and insert in your raspberry. Boot your little system and connect using ssh client.
Default credentials are user root with password root.
In the next article I’ll show you how to expand the SD partition and start to configure and optimize the distro.
No Comments »
“Netsniff-ng is a free, high performance Linux networking toolkit. The gain of performance is reached by zero-copy mechanisms, so that on packet reception and transmission the kernel does not need to copy packets from kernel space to user space and vice versa.” The official website is netsniff-ng.org
In this tutorial I’ll try to explain how to install this powerful network tool on a Debian-like distribution (I have tested the procedure under Debian 6.0.6 Squeeze x64).
1) Download netsniff-ng sources from official web site http://netsniff-ng.org/ (at the moment the last stable release is netsniff-ng 0.5.7) into your work directory
2) Extract the archive: tar zxvf netsniff-ng-0.5.7.tar.gz
3) Install required dipendencies: apt-get install cmake libcli-dev libnl-dev libnetfilter-conntrack-dev liburcu-dev libgeoip-dev libncurses5-dev libncurses libpcap-dev ccache libpthread-stubs0-dev flex bison
4) Move into src dir: cd ./netsniff-ng-0.5.7/src
5) Create building directory: mkdir build
6) Move into the curvetun directory: cd curvetun
7) Compile NaCl as root: sudo sh build_nacl.sh /tmp Please be patient because compiling require some time…
8) If you have no errors in the previous step you can move into the building dir: cd ../build
9) Start cmake: cmake .. (If you have errors during thi step, try to remove CMakeCache.txt file before remake)
10) If you have no errors in the previous step you can compile the package: make
11) And now, as root, install the package: sudo make install
The netsniff-ng package is now installed and ready to use: please referer to netsniff-ng --help for inline help or netsniff-ng.org
No Comments »
What is a MD5 hash ? I asked Wikipedia and it told me that is a “widely used cryptographic hash function that produces a 128-bit (16-byte) hash value“. To be more specific, Wikipedia gain report that “has is an algorithm that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that any (accidental or intentional) change to the data will (with very high probability) change the hash value.” The function is one-way, so you cannot use the same algorithm or reverse to obtain the original string.
The MD5 hashes are widely use to encrypt passwords, check integrity, etc… and in some cases could be useful to have original string starting from the hash.
Using Google and lots of online resources you can crack MD5 hashes (and of course also other hashes like NTLM, LM, ecc…).
The first option is to search the MD5 string directly in Google: if the string is quite common you will easily find it !
The second option is to use a free cracking services in the cloud like the following:
MD5 RAINBOW – http://www.md5rainbow.com/
This service is a quite simple web pages to search MD5. I suggest to use it as parameter in your forensic or analysis software: for example create a right click context menu for http://www.md5rainbow.com/{1} where ’1′ is your hash passed as parameter.
ONLINE HASH CRACK – http://www.onlinehashcrack.com/
Great site that support also MD5 – LM – NTLM – SHA1 – MySQL – MD4 – WPA(2) hashes. Here you can find also an hash calculator
CRACK STATION – http://crackstation.net/
This service support LM, NTLM, md2, md4, md5, md5(md5), md5-half, sha1, sha1(sha1_bin()), sha224, sha256, sha384, sha512, ripeMD160, whirlpool, MySQL 4.1+ protocols.
Using the textbox available you can submit up to 10 hashes!!
The third option is to use your own rainbow tables !
No Comments »
In this post I will try to explain how to scan a remote host anonymously using Nmap, tor and proxychains tools. This tutorial is based on Debian-like distributions.
IÂ don’t explain how to install every single tools because you can find lots of stuff about this googling around: search for How to install Tor, Vidalia, Torbutton, Nmap and proxychains.
So, if you have finished to install everything and it works well, you can start to hands on 
Read the rest of this entry »
No Comments »
As you probably know, patching process is a very important aspect of security strategy and lifecycle: both Windows and *nix systems must be patched against vulnerabilities and exploits. During the past months I heard sysadmins requesting firewall rules to permit servers (from internal LAN or DMZ) to access Internet web sites directly for patch download. This is not the right approach!
On Linux systems (debian/ubuntu or RHEL/CentOS) you can easily configure wget, apt-get or yum to use a proxy. The command is the same for all the applications and can be inserted in your updating scripts.
export http_proxy=http://proxyip:proxyport/
The above commands will forward each wget, apt-get or yum request to your proxy. If you need  a proxy also for https or ftp protocol you have to run also the following commands:
export https_proxy=https://proxyip:proxyport/
export ftp_proxy=ftp://proxyip:proxyport/
Keep in mind that if your proxy require authentication you should configure username and password into the script…but I don`t suggest to do this because you will store credentials in clear text and you have to set the password as never expires.
Probably it is better to configure the proxy to allow http/https/ftp requests coming from server ip without authentication only if directed to update and patches sites.
Keep patched!
No Comments »
This is a step-by-step guide to install Debian 6.0.6 32-bit on a headless appliance. This is slightly different by previous guide published for CentOs and Ubuntu.
So…let’s start , we will prepare an ISO image with Serial Console output using 9600 as speed and 8,N,1 as config.
Read the rest of this entry »
No Comments »
|
Entries (RSS)