Tech Access Tips and Fixes

Setting Up and Configuring Ubuntu Server 9.04 VMWare with SSH, VSFTPD (TSL/SSL), OpenVPN, Fail2ban (PART 1)

Finally, after much tinkering and reading many guides...

My goal was to make a server with these components installed so I could practice breaking into it. Like any logical "practice" server, I made it a VM. Here's a guide on how to set up one of your own...

Things assumed and required:

You have VMWare Server Installed
You have Ubuntu Server 9.04 installed in a VM with no services preinstalled (i.e. LAMP)
You have mounted the VMWare tools installer
I am using the username mario for my default username and have set the server IP to 192.168.3.100
You have a free domain name setup and registered with DynDNS.org.

Let's get started:

The first thing to do is to login, via VMWare console, and change some fundamental settings. What we are going to do is change the root password, update the server with any patches available, and install some needed dependencies:

sudo su
passwd root
apt-get update
apt-get upgrade
uname -r
apt-get install g++ gcc gawk make unzip zip linux-headers-'uname -r' build-essential

Now to install VMWare tools...its not necessary, but might be helpful in some instances:

mkdir /mnt/cdrom
mount /dev/cdrom /mnt/cdrom
cp /mnt/cdrom/VMWare*.tar.gz /home/mario
tar xzf VMWare*.tar.gz
cd vmware*
vmware-install.pl
(Use all the defaults and when finished)
reboot

Once the system has rebooted, log back in and set a static IP on the interface eth0 and remove apparmor:

su
nano /etc/network/interfaces
(Modify your config to look like this)
inet eth0 iface static
      address 192.68.3.100
      netmask 255.255.255.0
      network 192.168.3.0
      broadcast 192.168.3.255
      gateway 192.168.3.1
/etc/init.d/networking restart
echo techaccesstips.servehome.net > /etc/hostname

/etc/init.d/hostname.sh start
nano /etc/hosts (Make the top portion look like the following)
127.0.0.1          localhost.localdomain        localhost
192.168.3.100     techaccesstips.servehome.net     servername
/etc/init.d/apparmor stop
update-rc.d -f apparmor remove
apt-get purge apparmor apparmor-utils

Now install the SSH server and configure it:

apt-get install ssh openssh-server
nano /etc/ssh/sshd_config
(Change "PermitRootLogin" to "no" and change the port number if you wish)
/etc/init.d/ssh restart

Ok, now SSH into your server to test it out with the following command:

ssh -l mario -p 12345 192.168.3.100
(Leave the -p switch out if you didn't change the port number)

Continue with Part 2...

Install BT3 with Compiz and Conky to Hard Drive

Ok...yes...there are a lot of guides out there for this...but this is what worked for me.

This guide assumes your HDD is clean (no partitions) and is /dev/hda...use fdisk -l if you're not sure.

Partition your hard drive with the following format:
hda1=/boot (ext2)
hda2=swap
hda3=/ (ext2)

I used one of the partitioners found on Hirens BootCD to partition my drives...but you can use whatever you want just as long as it's in that format.

Next make a USB BT3 drive and boot from it selecting BT3 with compiz.

Now follow these steps:

mkdir /mnt/backtrack
mount /dev/hda3 /mnt/backtrack/
mkdir /mnt/backtrack/boot/
mount /dev/hda1 /mnt/backtrack/boot/
cp --preserve -R /{bin,dev,home,pentest,root,usr,etc,lib,opt,sbin,var} /mnt/backtrack/
mkdir /mnt/backtrack/{mnt,proc,sys,tmp}
mount --bind /dev/ /mnt/backtrack/dev/
mount -t proc proc /mnt/backtrack/proc/
cp /boot/vmlinuz /mnt/backtrack/boot/
chroot /mnt/backtrack /bin/bash
nano /etc/lilo.conf (make changes to the boot section to /dev/hda root section to point to /dev/hda3)
lilo
exit
reboot

Now remove your USB drive and hope you boot.
If successful, you should boot and compiz should be working...
Now for conky...
Download the latest release from the website then:

tar xzf conky*
cd conky*
./configure --with-rss
make
make install

I'm using a configuration found here.
Download it and extract it. I took the weather section out of mine and added an rss feed...to do that just:

nano conkyrc

Then delete the weather section at the bottom and add:

${color white}RSS ${hr 1}${color}
${rss http://www.feedurl.com/feed.xml 0 item_titles 10}

Save as whatever you want...I saved mine as conky.conf
Now to get conky to have a transparent background and still have compiz running...you need to follow these steps:
Download giblib and feh.

tar xzf giblib*
cd giblib*
./configure
make
make install
cd ..
tar xzf feh*
cd feh*
./configure
make
make install
/sbin/ldconfig -v | greb gib
feh --bg-scale 'dcop kdesktop KBackgroundIface currentWallpaper 1'

Now run conky with your conf location with

conky -c /root/conky.conf

Now conky's looking good with compiz. Let me know if this doesn't work for you or theres an easier way to do things...

References:
Based the BT3 install on one found on Remote-Exploit Forums (http://forums.remote-exploit.org/showthread.php?t=14751)
Conky Transparency (http://briancarper.net/blog/transparent-conky-in-kde-part-2)
ldconfig Fix (http://www.netadmintools.com/art410.html)

Cracking Cached Passwords with Cachedump and John the Ripper (JTR)

So if you are looking to audit password strength in a Windows Domain environment, there are two tools that will be of help to you. FGDump is a compilation of PWDump and Cachedump. It also has a some useful switches, but documentation for those can be found here. PWdump will pull hashes for local accounts such as Administrator. Cachedump however will pull the cached hashes from network users who have logged into the machine.

Here is how to grab the hashes.

Download FGDump from here and place the executable on a flashdrive (if you have a U3 device, I will soon be posting how to run fgdump without any user interaction).
Plug the flashdrive into the target computer and open up a command prompt.
Navigate to your flashdrive and execute fgdump.exe.
Wait for it to finish and once it is successful, open up the 127.0.0.1.cachedump file in notepad to see the hashes.
Copy the hashes to a file and save in this format: filename.txt.
Next download John:

wget http://openwall.com/john/f/john-1.7.2.tar.gz
tar xzf john-1.7.2.tar.gz

Now we are going to have to patch it to let it recognize the cachedump format:

wget http://openwall.com/john/contrib/john-1.7.2-mscash-alainesp-4.1.diff.gz
cd john-1.7.2
zcat ../john-1.7.2-mscash-alainesp-4.1.diff.gz | patch -p1 -Z

If you do not have the zcat command, then patch it with gzip:

gzip -dc ../john-VERSION-WHAT-REVISION.diff.gz | patch -p1
cd src
make
make clean SYSTEM (which ever system type you have as displayed with make)

Once successful:

cd run
./john --test

Now lets crack the cached file

./john -format:mscash hashes.txt

or

./john -w:passwordlist.txt -format:mscash hashes.txt

Give me some feedback if this helped you.

Convert OGV to AVI (gtk-recordMyDesktop)

For a while I have been looking for a good way to make some video tutorials in Linux and be able to upload them in good quality to a video hosting site. I finally found a good piece of software that would let me choose where I wanted to record, gtk-recordMyDesktop. This can be obtained by typing sudo apt-get install gtk-recordmydesktop or through the Add/Remove Programs feature. The output of the recorded file is in a .ogv format. I want to convert it to a .avi format so I can upload it. Here is the command to do so:

mencoder -idx input.ogv -ovc lavc -oac mp3lame -o output

There is another way to do this through ffmpeg with this command:

ffmpeg -i input.ogv output.avi

Either one works, but to keep things easy, I made a script to assist with the conversion:

#!/bin/bash
echo "Convert from .OGV to .AVI"
NAME=$(whoami)
read -p "Is the file on your Desktop? (y/n):" DESKTOP
if [ "$DESKTOP" = "y" ]; then
{
    read -p "Please specify the name of the .OGV file: /home/$NAME/Desktop/" OGV
    read -p "Please specify the desired output filename: /home/$NAME/Desktop/" AVI
    mencoder -idx /home/$NAME/Desktop/$OGV -ovc lavc -oac mp3lame -o /home/$NAME/Desktop/$AVI
    echo "Conversion completed."
}
else
{
    read -p "Please specify the location of the .OGV file: " OGV
    read -p "Please specify the desired output filename: " AVI2
    mencoder -idx $OGV -ovc lavc -oac mp3lame -o $AVI2
    echo "Conversion completed."
}
fi
read -p "Would you like to play the converted movie? (y/n):" PLAY

if [ "$PLAY" = "y" ]; then
{
    if [ "$DESKTOP" = "y" ]; then
            totem /home/$NAME/Desktop/$AVI
            echo "Process Completed Successfully!"
            clear
            exit
    else
            totem $AVI2
            clear
            echo "Process Completed Successfully!"
            exit
    fi
}
else
    clear
    echo "Process Completed Successfully!"
    sleep 2
fi
exit

Just make sure to issue chmod 755 ogvtoavi before running it.

So now you can expect some videos in the upcoming days...

Installing BT3 on SD Card for Asus EEE PC

After recently buying a EEE PC online, the first thing I wanted to do was load backtrack on it. I didn't want to load it on the hard drive as the Ubuntu netbook remix looked pretty cool and I thought I would have that as a backup. I went out and bought a 4Gb SDHC card and loaded BT3 on it with changes. It acts as a USB device, but its not as pesky as a USB dongle. I read around and found you can't natively boot to backtrack. So I had to modify my bootable flash drive to include a module special to the EEE PC. This will fix the resolution and allow you to start the x server. Here's what I did to get it working.

1. Inserted the SD card and made a bootable USB BT drive (follow my tutorial if you don't have one already). However, i added the 901_net_gfx (my EEE is the 901) module to the /BT3/optional folder, and it can be downloaded here. Once that was added, you much modify the syslinux.cfg (/boot/syslinux/syslinux.cfg) file to include this under the APPEND section: load=901_net_gfx. That's it, now boot your USB drive and select the option you added the 901_net_gfx tag to.
2. Once booted, issue a fdisk -l and find your SD card.
3. You can either use fdisk to format it or use gparted. For gparted, open up a terminal and type in gparted. Modify your SD card to have one 1024Mb partition formated in FAT32 and the rest of the card to be formatted in ext2.
4. Commit the changes and then copy the boot and BT3 folders from your flash drives FAT32 partition to your SD card's partition: cp -R /mnt/sda1/{boot,BT3} /mnt/sdb1/ (this can be done through the gui using Konqueror)
5. Now make the changes directory in the ext2 partition: mkdir /mnt/sdb2/changes
6. Once that is complete, reboot the machine and remove your USB drive. Then press ESC during the poweron to get a boot menu and select your SD card.

Hope this helps. Let me know if you run in to any problems.

Make Bootable BT3 USB Drive With Changes and Storage Folder

Ok, so lately I have really been wanting to keep my portable drive that I take from computer to computer and also have a bootable BT3 drive with changes. Here are the steps I took to make it happen.

You are going to need:
1. A USB drive of at least 2Gb
2. A copy of the USB BT3 iso, found here.
3. A machine (virtual or real) running Windows.
4. A BT Live CD or BT VM.

Ok here we go...
1. Boot into windows and have your flash drive recognized.
2. I used Acronis Disk Director to partition the drive and made a minimum of 1.5Gb FAT32 partition labeled "BT3", however you can label it whatever you want. If you do not have Acronis Disk Director, then see the steps below...if you do, then move to step 3.
**EDIT** If you do not have a copy of Acronis Disk Director...then boot from the Live CD and use fdisk to partition. Use the following commands:

fdisk -l (find your USB drive)
fdisk /dev/sda
d (delete the partitions until the drive is blank)
1
n (create a new paritition)
p
1
(enter)
+1.3G (the size you want for your install)
n
p
2
(enter)
(enter) (the size you want for your changes...this assumes the rest of the drive)
w
mkfs.vfat -F 32 /dev/sda1
mkfs.ext2 /dev/sda2
umount /dev/sda1
umount /dev/sda2

Now move to step 4

3. Then I partitioned the rest of the drive in ext2 format and labeled it changes.
4. Restart the computer for the changes to be applied (you may not have to do this depending on your partitioner) and boot back into Windows.
5. Extract all files found in the bt3final_usb.iso with WinRAR.
6. Take the extracted files and copy them to your USB drive (the only partition recognized in Windows)
7. Open up a command prompt and enter the following commands:

e: (or the drive letter of your USB drive)
cd boot
bootinst.bat

8. Once it completes, hit enter and restart into your BT Live CD or simply switch to your BT vm.
9. Navigate to your flash drive: cd /mnt/sda1 (replacing sda1 with your flash drive).
10. Enter the following commands:

mkdir X (you can name this what you want, this is for your personal data)
cd /boot/syslinux
chmod +Xx lilo
chmod +Xx syslinux
nano syslinux.cfg

And find the label pchanges and by APPEND, change the changes=/changes/changes.dat to changes=/dev/sda2

mkdir /mnt/sdb2/changes

11. Now restart and boot to your flash drive and select the Persistent Changes option.

Let me know if you found a different way or if this doesn't work for you. I'm hoping to get a video up of this soon.

Eee Tutorials coming soon!

Change XP Serial Number

So, there are a lot of posts out there on various ways to do this, but I have found this method to be the easiest and most successful.

Click Start > Run
In the Open box, type regedit and hit enter.
Go to the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Cur rent Version\WPAEvents
In the right pane, double click OOBETimer, and change the value of any one of the digits (you can change it to whatever you like). You have now just deactivated Windows.
Go to Start > Run.
In the dialogue box type:
%systemroot%\system32\oobe\msoobe.exe /a
Select "Yes, I want to telephone a customer service representative to activate Windows" and then click next.
Click "Change Product key".
Type in the new product key and then click "Update".
If you return to the previous window, click "Remind me later", then restart the computer.