Wednesday, January 31, 2018

Administration

  • Autoconf, automake, and libtool are the GNU Autotools family that generate the installation script:

./configure
make
make install

The Makefile generated by Autoconf and automake has more commands that you can run:

    make all Build programs, libraries, documentation, etc. (same as make).

    make install Install what needs to be installed, copying the files from the package’s tree to system-wide directories.

    make install-strip Same as make install, then strip debugging symbols. Some users like to trade space for useful bug reports…

    make uninstall The opposite of make install: erase the installed files. (This needs to be run from the same build tree that was installed.)

    make clean Erase from the build tree the files built by make all.

    make maintainer-clean Erase files that generated by autoconf.

    make distclean Additionally erase anything ./configure created.

    make check Run the test suite if any.

    make installcheck Check the installed programs or libraries if supported.

    make dist Recreate package-version.tar.gz from all the source files.


http://www.idryman.org/blog/2016/03/10/autoconf-tutorial-1/



  • 2.2.2 Standard Makefile Targets

So far we have come across four ways to run make in the GNU Build System: make, make check, make install, and make installcheck. The words check, install, and installcheck, passed as arguments to make, are called targets. make is a shorthand for make all, all being the default target in the GNU Build System.
https://www.gnu.org/software/automake/manual/html_node/Standard-Targets.html#Standard-Targets


  • This tutorial looks at the GNU Build System. From an end-user's perspective, it first describes how to build the binary executable of a GNU free and open source software package from the available source code and install it on your system. Then, from a programmer's perspective it looks at the GNU Build System for generating the scripts and makefiles which provide the infrastructure that enables the end user to build and install the GNU software executables.

https://www.softprayog.in/tutorials/understanding-gnu-build-system

  • "Owl" (or "Openwall GNU/*/Linux"; please, note that only the "O" is capitalized in either case) is a security-enhanced operating system with Linux and GNU software as its core, compatible with other major distributions of GNU/*/Linux. It is intended as a server platform

Owl can be used as a base for installing whatever software is generally available for GNU/*/Linux systems.
the same CDs and ISOs also contain packages to be installed on a hard drive (using the included installer program called "settle") and full source code.

Owl includes a complete build environment capable to re-build the entire system from a source with one simple command ("make buildworld")
However, the implementation of "make buildworld" on Owl is very different from that available with *BSD. It is in fact more similar to *BSD ports/packages, covering the entire Owl userland (that is, everything but the Linux kernel).

In particular, in most cases it is possible to install applications packaged for a certain version of Red Hat Enterprise Linux, CentOS, or Fedora on Owl.
http://www.openwall.com/Owl/CONCEPTS.shtml
  • The key idea of the AppImage format is one app = one file. Every AppImage contains an app and all the files the app needs to run. In other words, each AppImage has no dependencies other than what is included in the targeted base operating system (s).

https://askubuntu.com/questions/774490/what-is-an-appimage-how-do-i-install-it

  • Free Thinomenon Remote Desktop Client allows running Windows® applications from various access devices including laptops, desktops, tablets and smartphones. Use Thinomenon's free RDP client for access from legacy Windows, Apple OS X and iOS, Google Android, Linux and other platforms.

http://www.thinomenon.com/products/RemoteDesktopClient/linux.aspx


  • What is WinConn

WinConn simplifies creation, management and desktop integration of remote windows applications in Ubuntu Linux. It uses RemoteApp technology, implemented by FreeRDP project to provide seamless user experience. The applications run in their own window and can be used like any other locally installed Ubuntu application, without bringing the full windows desktop to the user.
http://stanev.org/winconn/

  • Cmder is a software package created out of pure frustration over absence of usable console emulator on Windows. It is based on ConEmu with major config overhaul, comes with a Monokai color scheme, amazing clink (further enhanced by clink-completions) and a custom prompt layout.

https://github.com/cmderdev/cmder?lipi=urn%3Ali%3Apage%3Ad_flagship3_pulse_read%3BPFIXAkvnT%2Fq%2B3GqxhjgNdA%3D%3D


  • Gow (Gnu On Windows) is the lightweight alternative to Cygwin. It uses a convenient NSIS installer that installs over 100 extremely useful open source UNIX applications compiled as native win32 binaries.

https://github.com/bmatzelle/gow/wiki?lipi=urn%3Ali%3Apage%3Ad_flagship3_pulse_read%3BPFIXAkvnT%2Fq%2B3GqxhjgNdA%3D%3D


  • Functionally, vim is almost a proper superset of vi. Therefore, everything that is in vi is available in vim.


Vim adds onto those features. Here are some extended vim features:

    Vim has been ported to a much wider range of OS's than vi.
    Vim includes support (syntax highlighting, code folding, etc) for several popular programming languages (C/C++, Python, Perl, shell, etc).
    Vim integrates with cscope.
    Vim can be used to edit files using network protocols like SSH and HTTP.
    Vim includes multilevel undo/redo.
    Vim allows the screen to be split for editing multiple files.
    Vim can edit files inside a compressed archive (gzip, zip, tar, etc).
    Vim includes a built in diff for comparing files (vimdiff).
    Vim includes support for plugins, and finer control over config and startup files.
    Vim can be scripted with vimscript, or with an external scripting language (e.g. python, perl, shell)
https://askubuntu.com/questions/418396/what-is-the-difference-between-vi-and-vim

  • The ancestral vi is long gone, replaced eons ago by Vim -- vi IMproved.
Vim includes extensive documentation, unless your distro installs only vim-tiny, which strips out the documentation and other fripperies, which is another reason to know the basics without having to look them up.
Most distros symlink vi to Vim, so you should be able to start it with either vi or vim.
https://www.linux.com/learn/intro-to-linux/2017/2/vim-sysadmins

  • X-based VNC server
Xvnc is the Unix VNC server, which is based on a standard X server.  Applications can display themselves on it as if it were a normal X display, but they will actually appear on any connected VNC viewers rather than on a physical screen.
http://www.hep.phy.cam.ac.uk/vnc_docs/xvnc.html


  • An open source remote desktop protocol(rdp) server.
http://www.xrdp.org/


  • Understand Linux Load Averages and Monitor Performance of Linux

Multi-processor Vs Multi-core
Multi-processor – is where two or more physical CPU’s are integrated into a single computer system.
Multi-core processor – is a single physical CPU which has at least two or more separate cores (or what we can also refer to as processing units) that work in parallel. Meaning a dual-core has 2 two processing units, a quad-core has 4 processing units and so on.

Furthermore, there is also a processor technology which was first introduced by Intel to improve parallel computing, referred to as hyper threading.
Under hyper threading, a single physical CPU core appears as two logical CPUs core to an operating system (but in reality, there is one physical hardware component).
Present-day Intel CPUs use a combination of both multiple cores and hyper-threading technology.

Let’s say we have load averages below
On a single core system this would mean:

    The CPU was fully (100%) utilized on average; 1 processes was running on the CPU (1.00) over the last 1 minute.
    The CPU was idle by 60% on average; no processes were waiting for CPU time (0.40) over the last 5 minutes.
    The CPU was overloaded by 235% on average; 2.35 processes were waiting for CPU time (3.35) over the last 15 minutes.

On a dual-core system this would mean:

    The one CPU was 100% idle on average, one CPU was being used; no processes were waiting for CPU time(1.00) over the last 1 minute.
    The CPUs were idle by 160% on average; no processes were waiting for CPU time. (0.40) over the last 5 minutes.
    The CPUs were overloaded by 135% on average; 1.35 processes were waiting for CPU time. (3.35) over the last 15 minutes.

https://www.tecmint.com/understand-linux-load-averages-and-monitor-performance/

vbox networking

NAT - Your host will act as a router (firewall) and your guests will be on a private subnet. Use this if you are not running servers on the guests.

Bridged - Your guests will get a ip address on the same subnet as your host.

Internal networking

    This can be used to create a different kind of software-based network which is visible to selected virtual machines, but not to applications running on the host or to the outside world.
Host-only networking

    This can be used to create a network containing the host and a set of virtual machines, without the need for the host's physical network interface. Instead, a virtual network interface (similar to a loopback interface) is created on the host, providing connectivity among virtual machines and the host.
   

Testing Lab

  • Setting Up A Penetration Testing Lab


Setting up a test lab on a single machine
If you have limited resources, the best way thing to do is use a single machine to set up your virtual machines and Metasploit Framework box.


Setting up a test lab on multiple machines

In this type of test lab environment, you will want to keep your vulnerable machines unavailable to any machine except for your penetration testing box; therefore, it’s important to make the vulnerable machine dependent on the Metasploit Framework box for connectivity. In the section below, we’ll show you how to set up the access to go out on eth0 for the Metasploit Framework box and access to go to the target box on eth1.

The Metasploitable and UltimateLAMP vulnerable VMs are Ubuntu machines running vulnerable services and containing weak accounts.
The Metasploitable VM focuses on network-layer vulnerabilities, while the UltimateLAMP VM is primarily focused on web vulnerabilities.
The Metasploitable VM also contains a weak system account with the username user and the password user.
The default login is msfadmin:msfadmin. Several vulnerable applications have been installed on the VM.


The UltimateLAMP VM's default credentials are: root:vmware. Each application is available by browsing to :80 on the VM's assigned IP address.

https://kb.help.rapid7.com/v1.0/docs/setting-up-a-penetration-testing-lab


  • Features

UltimateLAMP includes a long list of popular LAMP stack applications. For more information take a look a the UltimateLAMP products list.
With the success of this first product, research has already commenced in our next two products UltimateLAMJ (Open Source Java Based Applications) and UltimateLAMR (Open Source Ruby Applications).
https://www.vulnhub.com/entry/ultimatelamp_02,36/


  • Metasploitable is a virtual machine based on Linux that contains several intentional vulnerabilities for you to exploit. Metasploitable is essentially a penetration testing lab in a box, available as a VMware virtual machine (VMX). (The Metasploitable login is “msfadmin”; the password is also “msfadmin”.)

https://information.rapid7.com/metasploit-framework.html

  • Metasploit and Metasploitable 2 installation
Username: msfadmin
Password: msfadmin
Metasploitable 2 is an intentionally vulnerable Linux machine which can be downloaded and setup as a virtual machine in any hypervisor such as VMware Player and Virtual box. In the Metasploitable 2 tutorial we will be setting up the vulnerable Linux machine in VMware Player.
https://www.hackingtutorials.org/metasploit-tutorials/metasploit-metasploitable-2-installation/

  • The Samurai Web Testing Framework is a virtual machine, supported on VirtualBox and VMWare, that has been pre-configured to function as a web pen-testing environment. The VM contains the best of the open source and free tools that focus on testing and attacking websites.


We have included the tools used in all four steps of a web pen-test.
reconnaissance tools such as the Fierce domain scanner and Maltego.
mapping tools such as WebScarab and ratproxy.
discovery
w3af and burp
exploitation
BeEF, AJAXShell
http://www.samurai-wtf.org/


  • Emulab is a network testbed, giving researchers a wide range of environments in which to develop, debug, and evaluate their systems.

https://www.emulab.net


  • ORBIT is a two-tier wireless network emulator/field trial designed to achieve reproducible experimentation, while also supporting realistic evaluation of protocols and applications. 

http://www.orbit-lab.org/


  • PlanetLab is a global research network that supports the development of new network services.

https://www.planet-lab.org/

  • These virtual machine hacking challenges, more commonly known as boot2roots, are relatively easy to make
It begins with an idea; think of a challenge (or a set of challenges), that you’d like a player to solve. A goal should be set, such as obtaining root access on the virtual machine, or getting access to a flag. The challenges that you come up with, will define the difficulty level of the boot2root
I prefer creating my boot2roots using VMware ESXi and exporting it into an OVA file. OVAs can be imported by all incarnations of VMware, and by VirtualBox
Whatever hypervisor you choose, you should try to test it on the popular ones such as VMware Player and VirtualBox - both of which are free.
When you’re satisfied with everything, it’s time to make your boot2root public! Announce it on Twitter, your blog, IRC, whatever. VulnHub makes a slew of boot2roots available so you should definitely consider having it hosted there.
https://blog.techorganic.com/2013/12/10/creating-a-virtual-machine-hacking-challenge/

  • when we connect to an IP address, the device provides a banner identifying itself and some of its parameters.
This information can be VERY useful for searching for vulnerable or unprotected devices.
It was developed by John Matherly in 2009 and it is named Shodan. You can find it at www.shodan.io
Matherly's crawler scans each IP address (there are 4.3B IPv4 IP addresses) and attempts to pull and collect the banner information from each device.
This information in the banner usually includes the manufacturer of the device and some key parameters.
It's important to note here that Shodan indexes the data that is presented in the banner.
It has no way of knowing whether the banner is accurate.
Some firms that are vigilant about security actually replace these banners with fake or bogus banners to throw off Shodan or attackers.
https://www.hackers-arise.com/single-post/2016/06/22/Using-Shodan-The-Worlds-Most-Dangerous-Search-Engine


  • CHECK POINT THREAT ALERT: SHODAN
Shodan can identify the physical location of any Internet-connected equipment, as well as its IP address, and often even what type of software it’s running.. This provides sufficient information for hackers to carry out targeted attacks.
https://blog.checkpoint.com/2016/01/04/check-point-threat-alert-shodan/


  • information disclosure in server banner. In Apache 2.4, there is a default setting “ServerTokens Full” which means Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules.
To prevent the disclosure of configuration information by your Apache instance, the best general-purpose strategy is to implement the CIS Benchmark for establishing a secure configuration posture for Apache HTTP Server. In CIS Apache HTTP Server 2.4 Benchmark, more than 15% of the recommendations relate to prohibiting unnecessary but sensitive information disclosure, and provide a good baseline for most environments
https://blog.qualys.com/securitylabs/2015/01/26/protect-your-applications-from-hacker-research