Skip to content

KALI – How to write the BOOM Script – For Loops – The Visual Guide

Bash Scripting allows the creation of “for loops”.  Here we make the boom script using bash scripting in nano.

Step 1 – Open Nano

nano boom.sh

{This creates a file called boom.sh}

Step 2 – Enter this code

 #!/bin/bash

for i in `seq 10 -1 1`

do

echo -en “${1} …”

done ; echo “BOOM”

boom script

Step 3 – Save the Script

Ctrl+O = save the script

It should automatically name itself boom.sh

Ctrl+X = exit nano

****

Step 4 = Make the script executable

chmod +x boom.sh

Step 5 – Run the boom script

./boom.sh

boom outputFor loops work on FIXED lists of items

Here it counts down from 10 to 1, minus 1 at each loop.

It display the variable each time

At the end of the program, after the for loop has completed it prints out “BOOM”.

boom output 2

 

References

University of South Wales Reading list

PARKER, S.  2011.  Shell Scripting – Expert recipes for Linux, Bash, and More.  Indianapolis: John Wiley & Sons.

 

KALI – First things to do after installing Kali Debian Linux – The Visual Guide

http://uwnthesis.wordpress.com/2014/07/20/kali-first-things-to-do-after-installing-kali-debian-linux-the-visual-guide/

KALI – How to format a USB drive in Linux to FAT32 – The Visual Guide

We use GPARTED to format usb drives in Linux.  Sometimes it works for FAT32, sometimes we have to opt for NTFS, and then use Windows to downgrade it to FAT32.  Here goes..

Step 1 – Run GPARTED in the root terminal

gparted

gparted 1

Step 2 – GPARTED

Change to /dev/sdb

gparted for usbSelect unallocated partition

Device > Create Partition Table

or.. right click on the unallocated partition > New

gparted device create partition 2A warning will appear > Apply

gparted device create partition 3Drop Down Boxes will appear.

  • Use these to apply NTFS, FAT32 etc > ADD

  • Create as: Primary

  • File System: FAT32

  • Label: Whatever you want to call your USB pen

gparted device create partition new 4

ADD > Green Tick {apply operations}

gparted green tick

Now Gparted wasn’t successful with FAT32 for me.. but it loved NTFS.

gparted device ntfs usbSo then I sloped off to a Windows system, to reformat the NTFS usb to FAT32.

The Windows system didn’t like the unallocated USB – but loved the NTFS version created by KALI.

But if Gparted or windows formatting fails… don’t worry.. mixed and match them.

*****

 KALI – First things to do after installing Kali Debian Linux – The Visual Guide

http://uwnthesis.wordpress.com/2014/07/20/kali-first-things-to-do-after-installing-kali-debian-linux-the-visual-guide/

 

 

 

KALI – How to use DD to wipe your USB pen – The Visual Guide

Yesterday we discovered the most efficient tool to overwrite and destroy data is the dd command. Kali has this installed by default, so lets use this to securely delete any data on an old USB drive.  Neither Windows nor MAC deletes the file, they remove the pointer not the contents of the file.  This is like removing the house number and pretending the house isn’t there.  Of course, the house, TV and contents are all still operational… it’s just the house number that’s gone.  This is horrendous for privacy, or simply if you wish to resell equipment.

Step 1 – Find the right drive

We can use either mount or dmesg.

mount

vm mount usb 2

dmesg | grep “\[sd”

Here we find the KINGSTON USB pen is /dev/sdb1

Look at the output… make sure you’re overwriting the right drive… as there is no way back… Try it out on a USB pen first, to get a feel for the procedure.

****

Step 2 – Unmount the drive

You must make sure you unmount the drive first.  The Unmount command is actually umount {watch out for this GOTCHA}.

umount /dev/sdb1

umount usb step 3

Step 3 – Use DD to zero over the USB pen data

This command writes an endless stream of zeroes to the usb pen /dev/sdb1.  DD will write zeroes to the drive until it runs out of space – which is how we know that it’s finished.  We’ll get an error “No space left on drive”… woohoo!!

dd if=/dev/zero of=/dev/sdb bs=1M

vm overwrite all zeroes step 4When it’s finished, you’ll see “No space left on device” and the wiping speed ie 69 MB/s.

vm drive wiped

Step 4 – Super Secure Overwriting

Instead of all zeroes next we use all random gibberish from the /dev/urandom function.  This fills the USB pen with random gibberish.  Again it’s a constant stream of gibberish, rather than just zeroes.

You’ll probably find urandom much slower than zeroes.

dd if=/dev/urandom of=/dev/sdb bs=1M

vm random wipe code

dd is heavy on your CPU = here we see a whopping 98% of CPU usage is dd.

vm dd heavy on cpu with arrowNotice how much slower /dev/urandom is – a mere 9.3 MB/s.

vm dd random finishedThe drive will need to be reformatted to use it.  Windows issues this notice to format the drive.

vm format usb in windows

So what next?  How do we make our USB totally secure?

*****

Step 5 – Combine both Zero and /dev/urandom wipes

We start by assigning a variable instead of the /dev/sdb drive name, as this makes less work for us.  Start by assigning the WIPEUSB variable to the correct drive – again, don’t make a mistake here, or you’re in big trouble…

WIPEUSB=/dev/sdb;

echo $WIPEUSB {to double check /dev/sdb is assigned}

vm variable set wipeusb

WIPEUSB=/dev/sdb;

dd if=/dev/zero of=$WIPEUSB bs=1M;

dd if=/dev/urandom of=$WIPEUSB bs=1M;

dd if=/dev/zero of=$WIPEUSB bs=1M;

Military standards are 6 overwrites, here we have specified 3 overwrites.  So double this and we’re at military standard data destruction.

****

Step 7 – Make  a BASH script to wipe your USB drives for you.

Use the dmesg | grep “\[sd” option in a script…

Test this out using nano… to ensure that you can locate /dev/sdb

nano usbwipe.sh {create the script in nano – use Ctrl+O to save}

chmod +x  usbwipe.sh {make the script executable}

./usbwipe.sh {./ means the current directory}

vm nano usbwipe script

Now edit the usbwipe.sh script to run an all zero wipe on /dev/sdb – enter in the commands from Step 3.  And execute the script.

./usbwipe.sh

vm nano full script zeroesvm nano script runningDid we forget a “umount” in the script?  Okay, we’ll need to go back and insert that step.

vm umout command

 

If you want to add a user prompt

 #!/bin/bash
echo -n “Enter the USB drive to wipe eg /dev/sdb1: “
read usbwipe
echo “Hello, you selected $usbwipe”

echo “About to unmount $usbwipe”
umount $usbwipe

echo “You are about to overwrite usb $usbwipe with zeroes”
dd if=/dev/zero  of=/dev/sdb bs=1M

echo “USBWIPE has completed”

****

A script with user input and wipe with random data (slow)

#!/bin/bash
echo -n “Enter the USB drive to wipe eg /dev/sdb1: “
read usbwipe
echo “Hello, you selected $usbwipe”

echo “About to unmount $usbwipe”
umount $usbwipe

echo “You are about to overwrite usb $usbwipe with random data:”
dd if=/dev/urandom of=/dev/sdb bs=1M

echo “USBWIPERANDOM.sh has completed”

That’s it.  Yay!! We can now nuke our USB pens using the dd command.

*****

VMWare users

How to connect the USB drive in VMware

VM > Removable Devices > Drop down list of USB Drives > Connect (Disconnect from Host)

vm connect usb*****

KALI – First things to do after installing Kali Debian Linux – The Visual Guide

http://uwnthesis.wordpress.com/2014/07/20/kali-first-things-to-do-after-installing-kali-debian-linux-the-visual-guide/

SDelete – How to securely wipe SSD drives in Windows 7 – The Visual Guide

SSD drives actively avoid overwriting data due to wear-levelling and device under provisioning, which provide maximum functionality and speed.  They are a privacy violation waiting to happen.  So how do we counter SSD technology ?

1. Windows 7 – Use SDelete

Download SDelete from Technet.

http://technet.microsoft.com/en-gb/sysinternals/bb897443.aspx

sdelete download

Make a c:\sdelete folder

Run a Command prompt and change directories to

cd c:\sdelete

sdelete sdelete -c {this will wipe free space}

sdelete -c c: {wipes free space on c drive}

sdelete -c d: {wipes free space on d drive}

zapped

Sdelete can run multiple passes and delete a specific directory

sdelete -p2 -s c:\Users\smile\Downloads

sdelete path-p 2 = run 2 passes

-s = delete this directory and its subdirectories for c:\Users\smile\Downloads

******

2. Linux – Use DD

DD is the most effective SSD drive wiping technology.  DD is better than other tested drive wiping software.

ddAnd the results… were MEGA – DD had zero files found and zero loadable files.  AWESOME!!

dd results

3.  EFF recommends Eraser – don’t use this

Both Eraser and Wipe proved the least efficient drive wiping software on SSD drives  – leaving thousands of files on the drive when tested (3,866 files on test one, totaling 13925 MB).

eraser

ummh, so DD and Sdelete is it then.

****

Hiccups when cleaning SSD Drives – why are they a privacy concern?

So what’s going on with SSD drives… why is so much data being found on them?

Hiccup 1

Wear Leveling avoids data deletion at all costs… do you realise what this means for privacy? Because of the mean time between failure, it ensures data is evenly saved across the drive – to reduce the failure rates, but in doing so avoids overwrites or deletions.  Yep, your data is kept forever…  if the SSD has it’s way.  Not so keen on SSD  technology now are we!

ssd dont delete

 

Hiccup 2 – SSD have 2.2 GB more than a HDD (29.8 GB)

Your OS will assume it has 29.8 GB, whereas we have a lurking 2.2 GB excess in which files could be found.  Oh this just gets better and better!!

ssd problem 1

Hiccup 3 – Writes in 4 KB pages but deletes in 512 KB Blocks.

Yeah, I know, tell me about it!!

So it writes in 4KB pages… but has to delete in 512 KB Blocks… and it avoids deletion due to wear leveling technology.  My oh my, not good is it?

ssd store data

Known flaw of SDelete – misses file names located in free space – Sdelete is not perfect, but it is pretty good.

sdelete hiccup

References

Secure State Deletion

http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1064&context=adf

Edward Snowden And Daniel Ellsberg Rock The House At Hacker Convention!

http://xrepublic.tv/node/10009

We have a civil duty to teach people in our society how to interact with technology, safely.

  1. The next stage is to hide not just the communication, but to hide the metadata.

  2. Metadata is the same information that a private detective collects, who met whom, at what time and where.

 This correlates precisely with the EU’s goal of “Privacy Enhancing Technology”.

 

Basic questions to ask:

1. Do you log my IP?

2. Do you keep server logs and for how long?

3. What type of encryption is used?  Look for Perfect Forward Secrecy.

******

What next?

1. Learn to use Encryption

2. Learn to use Privacy tools

3. Learn to use OpenVPN

Use VPN providers such as http://www.ivpn.net – who delete their logs every 10 minutes

4. Avoid search engines like Google.

Use EU proxies like http://www.startpage.com that hide your IP from Google, keep no server logs on your queries and have Perfect Forward Secrecy to secure your communications.  Startpage do not store your IP or your queries.

startpage

They are audited by the EU – and have won 2 EU privacy awards (called the EU Europrise Award).  They’re covering your back.   Go for it!

PXE BOOTING – How Network Booting works in Linux

Pixie or PXE booting is booting systems without a hard-drive, using RAM and a Network card.  So how do we do this?  Home routers won’t work, as you need a second DHCP function which does not conflict with existing DHCP servers.

Step 1 – PXE Capable Router & Client is needed

A home router won’t be able to PXE boot, as it needs to be able to operate 2 DHCP servers, a standard and an extended DHCP server – with extra pixie options.

Step 2 – Client sends the DHCP DISCOVER to Port 67

The client sends a DHCP DISCOVER packet extended with PXE options is sent to UDP port 4011 or UDP port 67.

pxe 1

Step 3 – Contact the “next server” by IP address

The client connects to the server that gave it the DHCP lease…. OR

If the “next-server” parameter is set, it will download from the IP set as the “next server” – ensure an IP not a hostname is used.

pxe 2

Step 4 – DHCP OFFER from server

The extended DHCP Offer replies to the client on UDP port 68.

DHCP is set up in the /etc/dhcp.conf

/etc/dhcp.conf can be configured to hand out pixie boot IP’s for a single IP, MAC or an entire subnet.

We need to look closely at 2 pixe specific sections…. SUBNET block and HOST block.

dhcp conf

The Host block has 2 pixie specific parameters, “filename” and “next-server” 192.168.0.1

The “next-server” must be an IP address.  If the “next-server” is omitted then it should default to the IP of the DHCP server, however there is a hiccup.  Some motherboards will send packets to 0.0.0.0 if the “next-server” IP is missing.

host

This host block is for a single hardware MAC 00:0c:6E:64:D8:B4

subnet

We can set the IP to boot on an entire subnet.

The “filename” sets the file to be downloaded ie “pxelinux.o” in the above example.

Step 5 – Network Bootstrap attempts to Download file using TFTP

The PXE client attempts to download the specified file in Step 2 using TFTP.

pxe boot

It then executes this file.

 

*****

PXE Stack before booting and after booting

 

pxe stack

References

PXE Booting

http://pxe.dev.aboveaverageurl.com/index.php/PXE_Booting

 

Preboot Execution Environment(PXE) Specification

http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf

 

 

 

KALI Linux – How to find the HASHING algorithm – The Visual Guide

The default hashing algorithm for /etc/shadow files is SHA512 in Kali Linux.  Here’s the coding which relates “SHA512″ to $6$.kali hash $6 code

Step 1 – View your /etc/shadow file

cat /etc/shadow

hash id shadow fileIs there a $6 ?  Thought so, as SHA512 is default for Kali.

****

Step 2 – Codes for other Hashing Algorithms

You can hash the passwords in several algorithms.  These are revealed in the  /etc/shadow file – for instance here we consider a $1 – which indicates MD5 hashing has been used.

$1   $Etg2ExUZ$F9NTP7omafhKIlqaBMqng1

md5 The different hashes revealed in the /etc/shadow file include:

$0 = DES

$1 = MD5 Hashing

$2 = Blowfish

$2A = eksblowfish

$5 = SHA256

$6 = SHA512

******

Field 2 format =  3 components

$Hashing Algorithm $ SALT  $ Encoded password (includes the SALT).

eg: $1$Etg2ExUZ$F9NTP7omafhKIlqaBMqng1

md5

  • The encoded password is using MD5 hashing algorithm (because the of $1$)
  • Salt value is Etg2ExUZ (the content between the second and third $ sign)
  • And the hash value of “PASSWORD + SALT”.

******

What is the SALT?

If there is no salt, a plain dictionary attack could identify the password from the hash. If a salt value is in use,  then 2 users with the same passwords will have different hashes.  A random salt is generated when the password is being set.. therefore 2 users with the same password will have totally different salts, and totally different encrypted passwords.

*****

Order of the /etc/shadow file – Useful to know

/etc/shadow” contains the following.

 ...
user1:$1$Xop0FYH9$IfxyQwBe9b8tiyIkt2P4F/:13262:0:99999:7:::
user2:$1$vXGZLVbS$ElyErNf/agUDsm1DehJMS/:13261:0:99999:7:::
 ...

As explained in shadow(5), each “:” separated entry of this file means the following.

  • Login name
  • Encrypted password (The initial “$1$” indicates use of the MD5 encryption. The “*” indicates no login.)
  • Date of the last password change, expressed as the number of days since Jan 1, 1970
  • Number of days the user will have to wait before she will be allowed to change her password again
  • Number of days after which the user will have to change her password
  • Number of days before a password is going to expire during which the user should be warned
  • Number of days after a password has expired during which the password should still be accepted
  • Date of expiration of the account, expressed as the number of days since Jan 1, 1970

 

 

References:

Code for SHA512

https://github.com/lattera/glibc/blob/master/crypt/sha512-crypt.c

Debian Linux – Authentication

http://www.debian.org/doc/manuals/debian-reference/ch04.en.html

 

How are passwords stored in Linux?

http://www.slashroot.in/how-are-passwords-stored-linux-understanding-hashing-shadow-utils

 

KALI – First things to do after installing Kali Debian Linux – The Visual Guide

http://uwnthesis.wordpress.com/2014/07/20/kali-first-things-to-do-after-installing-kali-debian-linux-the-visual-guide/

KALI – How to install Notepad++ – The Visual Guide

We all love Notepad++, luckily we can install this on Kali.

Step 1 – Install Wine

sudo apt-get install wine

wine

*****

Step 2 – Download Notepad++

http://notepad-plus-plus.org/download/v6.6.7.html

notepad frog

Save

Installercreate new folder > Notepad – save the download in this folder

notepad 3

 Step 3 – Use wine to open npp.6.6.7.Installer.exe

Open a terminal

cd notepad

ls

wine npp.6.6.7.Installer.exe

notepad installer**If you’re on a 64 bit machine you’ll get an error about Multi Architecture instructions.

notepad installer 2Okay, so lets fix this, and make your machine able to cope with multiple architectures.

Step 4 – Make 64 bit machines “Multi Architecture”

In a root terminal type

dpkg  –add-architecture i386

apt-get update

apt-get install wine-bin:i386

Now, lets try step 3 again.

wine after multi archNow the wine installer runs

Okay > Next > I Agree

wine installer runs

Accept defaults in Setup

Next > Next >

setup

Tick the box to create a shortcut on the desktop

Install > Finish > Run Notepad++

shortcutHere’s your shortcut..

icon

Viola!  Easey Peasey

finished*****

KALI – First things to do after installing Kali Debian Linux – The Visual Guide

http://uwnthesis.wordpress.com/2014/07/20/kali-first-things-to-do-after-installing-kali-debian-linux-the-visual-guide/

KALI – First things to do after installing Kali Debian Linux – The Visual Guide

Step 1 – Install Synaptic Package Manager

apt-get install synaptic

synapticSystem Tools > Administration > Synaptic

******

Step 2 – Install the AMAZING Lazy Kali Script

 http://uwnthesis.wordpress.com/2013/07/31/kali-how-to-easily-update-kali-lazy-kali-script/

https://code.google.com/p/lazykali/downloads/list

lazyLazy Kali is a mandatory step.  Install it – and you’ll understand my enthusiasm for this legendary script.

Use Lazy Kali to install hackpack.

hackpack

Step 3 – Make 64 Bit into a multi architecture system.

Root Terminal

dpkg –add-architecture i386

apt-get update

apt-get install wine-bin:i386


This means you now have a multi architecture system and the Configure Wine option under System Tools.

This is really useful where your printer drivers are 32 bit and your Kali is 64 bit.

*****

Step 4  – Set Vista in Wine

Applications > System Tools > Configure Wine

Application Tab

Select “XP” or “Vista”.

Click Apply

Step 5 – Run Office 2007

Places > Office 2007 CD > look for setup.exe

Right click Setup.exe > Open with Wine Windows Program Loader

***
Step 6 – Run Office 2007

Applications > Wine > Programs > Microsoft Office

All apps apart from Powerpoint will work.

*****
Step 7 – Fix Powerpoint

Applications > System Tools > Configure wine

Libraries Tab

“New override for library”

Select “riched20.dll”, then click ADD


Click on the newly added “riched20.dll” file, click Edit and select “Native (Windows” option.

****
Step 8 – Launch Office 2007

Applications > Programs > Microsoft Office > Word


*****

Step 9 – Install Nessus

http://uwnthesis.wordpress.com/2013/07/31/kali-how-to-install-nessus-on-kali/

32 or 64 bit version – check the package name).

dpkg -i Nessus-5.2.1-debian6_amd64.deb

*****

nessus dpkg

*****

/etc/init.d/nessusd start

nessus start

Step 10 – Install Notepad++

http://uwnthesis.wordpress.com/2014/07/21/kali-how-to-install-notepad-the-visual-guide/

finished

KALI – BASH SCRIPTING – How to write a FOR loop – The Visual Guide

The for loop starts with a list of items and works it’s way through them until it reaches the end.  A for loop does not test conditions.

Step 1 – Root Terminal and Nano editor

Start a root terminal, then enter the word nano – the nano editor will appear.

nano editornano open

We save a file using Ctrl+O.

 Step 2 – Write a for loop for 3 items

nano fruit.sh

kali FOR

Step 3 – Make the script executable

chmod +x fruit.sh

./fruit.sh

kali fruit for loop running

Step 4 – Analysis of For Loop

The for loop is reading in a fixed list (apples, orange, pear).

It assigns a variable called fruit – and writes each item of the list into this variable

The first time fruit=apple, second time fruit=orange, third time fruit=pear.  The variable fruit is changing as it runs through our fixed list.

Do is the start of the loop.

Done shows the end of the loop.

After the loop is complete, it prints out “lets make a fruit salad”!.

*****

Different ways of “feeding” the FOR LOOP with data

 fruit = “apple orange pear”

kali fruit variable 2

./fruit.sh

kali fruit salad for tea****

User Input to “FEED DATA” into our FOR LOOP

nano fruituser.sh

fruituserCode for User Input

echo -en “Please tell me your favourite fruit: “

read fruit

for fruit in $fruit

user input 2Make fruituser.sh executeable

fruituser chmod rights User Input read in, and used in code

fruit user outputEnter multiple fruits – output on a new line for each item in list

 

multiple fruit

References

University of South Wales Reading list

PARKER, S.  2011.  Shell Scripting – Expert recipes for Linux, Bash, and More.  Indianapolis: John Wiley & Sons.

*****

KALI – First things to do after installing Kali Debian Linux – The Visual Guide

http://uwnthesis.wordpress.com/2014/07/20/kali-first-things-to-do-after-installing-kali-debian-linux-the-visual-guide/

Follow

Get every new post delivered to your Inbox.

Join 136 other followers