Archive for the ‘Linux’ Category

May 10th, 2014  Posted at   Kali, Linux

There are two things that bother me a little when using Kali with Gnome Desktop. There is no Trash icon on the Desktop and the need of pressing ctrl+del to send a file or directory to the Trash. If you feel the same way read the following lines to solve it.

– Showing Trash and Home icons on desktop –

From a terminal type the following:

dconf-editor

The “Configurator Editor” pops up. From the left panel select the following schema:

org >> gnome >> nautilus >> desktop

In the right panel you will see some interesting properties like “computer-icon-visible“, “home-icon-visible” and “trash-icon-visible“. You have to check them in order to show those icons on the Desktop. If they are already checked and you don’t see the icon, uncheck them and check them again.

dconf
kalidesktop

– Deleting using the “Delete” key –

This was a little more painful but I finally found a solution. There is a way by activating the “can-change-accels” property using the dconf-editor utility shown previously, but the problem is that we lose our changes when nautilus is restarted.

So here is the method that worked for me using the console:

Create the folder /root/.gnome2/accels:

mkdir /root/.gnome2/accels

Create the file /root/.gnome2/accels/nautilus and write the following line:

(gtk_accel_path “/DirViewActions/Trash” “Delete”)

Save the file. Now restart nautilus:

nautilus -q

That’s all.

Enjoy :)

August 26th, 2013  Posted at   Backtrack, Blackbuntu, Kali, Linux, Windows

Few weeks ago, during cleaning up, I found an old access point/router. I wanted to attach it to my network and do some tests, but I did not remember the password for configuring it through its web access page. I knew it had to be some default user/password but I did not succeed in my tries. I thought it was the right time to prepare a small dictionary attack. There are many powerful tools for this task but I used “Burp Suite” because I love it and I try to use it whenever I can. Furthermore is a perfect tool for understanding what happen behind the scenes during these kind of attacks.

I made the following video trying to explain this process. I hope you find it helpful.

If you want you can download the ‘combinator’ script used in the video -> combinator.rb.

Enjoy.

 

August 16th, 2013  Posted at   Linux, Raspberry Pi, Raspbian

When I bought my Raspberry Pi I also ordered this tiny usb wifi adapter (TP-LINK TL-WN725N) in order to play with my raspi everywhere. I got this adapter because  I read it worked out of the box, it was cheaper than others and it supported WiFi-N. As you may guess I am writing this post because the first advantage, the out of the box one, did not work for me.

Raspi with TP-LINK WN725N

I read some forums and it seemed that I had purchased a newer version of this adapter, the TL-WN725N v2. It needs a different driver, the Realtek 8188eu, which is not included by default in the Raspbian distributed by the official web site of Raspberry Pi. So, to sum up, I was able to find the driver source code and now I have a wireless raspi. If you have the same problem with this adapter, read the following lines to obtain directly the .ko object and you will be done. If you want you can download the driver source code (link at the end), compile and install it on your own.

To make it work just download the kernel object (.ko) file which is the compiled module driver for the kernel. I will be updating this section for different kernel versions.

For raspbian image: 2013-07-26-wheezy-raspbian.img
8188eu.ko (Compiled in 2013-08) (Working in kernel Linux raspberrypi 3.6.11+ #474 PREEMPT)

For raspbian image: 2013-09-25-wheezy-raspbian.img
8188eu.ko (Compiled in 2013-10) (Working in kernel Linux raspberrypi 3.6.11+ #538 PREEMPT)

For raspbian image: 2013-12-20-wheezy-raspbian.img & 2014-01-07-wheezy-raspbian.img
8188eu.ko & firmware (Compiled in 2014-01) (Working in kernel Linux raspberrypi 3.10.24+ #614 PREEMPT & 3.10.25+ #622 PREEMPT)

For raspbian image: 2014-06-20-wheezy-raspbian.img
8188eu.ko & firmware (Compiled in 2014-06) (Working in kernel Linux raspberrypi 3.12.22+ #691 PREEMPT)

For raspbian image: 2014-09-09-wheezy-raspbian.img
8188eu.ko & firmware (Compiled in 2014-09) (Working in kernel Linux raspberrypi 3.12.28+ #709 PREEMPT)

For raspbian image: 2014-12-24-wheezy-raspbian.img
8188eu.ko & firmware (Compiled in 2014-12) (Working in kernel Linux raspberrypi 3.12.35+ #730 PREEMPT)

Place the .ko object in the following path:

/lib/modules/(your-kernel-version)/kernel/drivers/net/wireless

In my case it is the following path:

/lib/modules/3.6.11+/kernel/drivers/net/wireless

Last version of the rtl8188eu driver includes a firmware file called rtl8188eufw.bin you have to place this file under:

/lib/firmware/rtlwifi/

Now execute the following commands

depmod -a

modprobe 8188eu

We are done. You should see now the new interface (wlan0 normally) when the device is connected.

Driver source code: https://github.com/lwfinger/rtl8188eu

Enjoy.

 

July 1st, 2012  Posted at   Blackbuntu

If you’re using Blackbuntu nowadays you might have found the following error lines when you execute apt-get update:

W: Failed to fetch http://deb.torproject.org/torproject.org/dists/maverick/main/source/Sources.gz 404 Not Found

W: Failed to fetch http://deb.torproject.org/torproject.org/dists/experimental-maverick/main/binary-i386/Packages.gz 404 Not Found

The thing is that maverick is not longer supported in the tor’s repositories and it’s been replaced by lucid. So we have to do the same in order to fix it:

nano /etc/apt/sources.list

Now go to the TOR repositories section and replace the following lines:

# Tor Project
deb-src http://deb.torproject.org/torproject.org maverick main
deb http://deb.torproject.org/torproject.org experimental-maverick main

with these lines:

# Tor Project
deb-src http://deb.torproject.org/torproject.org lucid main
deb http://deb.torproject.org/torproject.org experimental-lucid main

Now finally execute:

apt-get update
apt-get upgrade

Done.

Enjoy!

March 26th, 2012  Posted at   Backtrack, Linux

By default sshd is not enabled in Backtrack 5 but of course is installed.

Just run this command:

sshd-generate

And now we can start the service, choose one of the following ways:

 service ssh start

/etc/init.d/ssh start

start ssh

Done. Service is listening on port 22. You can access using root/toor.

You can change the configuration by editing /etc/ssh/sshd_config.

 

Enjoy.

January 10th, 2012  Posted at   Backtrack, Linux

This was a feature that many people requested for long time. In previous versions of metasploit, msfupdate didn’t allow us to use proxies. Now that is based on subversion, we can do it. I’ll show you how using Backtrack 5.

Although we configured the proxy using the Network Proxy Preferences window in gnome:

And therefore we have the environment variables set in the shell:

$ env | grep http

http_proxy=http://myuser:mypass@proxy.mydomain.com:8080/
HTTP_PROXY=http://myuser:mypass@proxy.mydomain.com:8080/

Something seems to be missing when we use msfupdate or svn. So the following steps are the key ones.

Edit the file ~/.subversion/servers

Go to global section (normally at the end) and modify it to look like this:

[global]
http-proxy-host = proxy.mydomain.com
http-proxy-port = 8080
http-proxy-username = myuser
http-proxy-password = mypass

If your proxy doesn’t require authentication just comment out the user and password lines.

Save and close. Now go to /pentest/exploits/framework and launch the following command.

svn update

Done.

Enjoy.

December 30th, 2011  Posted at   Backtrack, Linux

Let’s face it, we all use tty1 to login as root/toor and launch startx… so why not boot automatically into our favorite desktop environment? In the following lines I’ll explain how to achieve this in three simple steps.

  • Step 1: Install mingetty.

We need a small application that allows us to auto login as the user that we want. There are severals apps in the repositories to do this task. In fact, you can write your own app to do this in C like many tutorials suggest on the Internet. I’ll use mingetty.

apt-get install mingetty

  • Step 2: Configuration of tty1

Now we need to change the behaviour of tty1 to use mingetty instead of the standard getty. To achieve this we need to edit the file /etc/init/tty1.conf, so use your favourite editor. I’ll use nano.

nano /etc/init/tty1.conf

Let’s comment out the getty line so it looks like this:

#exec /sbin/getty -8 38400 tty1

Just below this commented line, add the following one:

exec /sbin/mingetty –autologin root –noclear tty1

Save and close the file.

  • Step 3: startx right after login

The last thing we need to do is launch the startx command just after the login. To do this we need to edit the file /root/.bash_profile. Everything we write in this file is going to be executed just after the root logs in. By default there is no such file in BT5 installation but maybe you added some useful command for you and you want to keep it, so we are going to run the following command:

echo “startx” >> ~/.bash_profile

Done. Restart to see it working.

Enjoy.

December 28th, 2011  Posted at   Backtrack, Debian, Java, Languages, Linux
   |   No Comments

I think this is very useful. I know there are powerful script languages like python or ruby which, by the way, I strongly recommend you to learn. But maybe you feel comfortable (like me) using Java for simple and not so simple programs or scripts. I’m writing this post because the other day I wanted to create a word list file to use in Backtrack with specific restrictions that I had in mind. It had been long time without using Ruby and I had to refresh my knowledge about it to make it. But then I thought that I could have made the word list faster just with a few lines of Java. But of course we don’t want to use an IDE like Eclipse o NetBeans for this kind of programs, we just want our lovely console :).

Enough chatter let’s go to practice. We’re going to create a HelloWorld.java and run it all from the console.

First of all we need to install the Java Development Kit (JDK) in order to run the Java compiler (javac). We can use the one from Sun, but I’ll be using openjdk which is installed in my Backtrack.

If you don’t have it installed yet, just type:

apt-get install openjdk-6-jdk

or

apt-get install default-jdk

We are going to use the Java Compiler (javac) to create the binary file HelloWorld.class, the one that can be executed by the Java Virtual Machine (JVM).

Let’s write the source code. Use your favorite editor, I’ll use nano:

nano HelloWorld.java

And now the code:

/* Java Hello World from mendrugox */
 
public class HelloWorld
{
	public static void main(String[] args)
	{
		System.out.println("Hello World!");
	}
}

Save and close (Ctrl +x in nano).

Now we have our code in the HelloWorld.java file, let’s compile it:

javac HelloWorld.java

The file HelloWorld.class is created and now we can execute our program:

java HelloWorld

*Notice that I put HelloWorld and not HelloWorld.class.

 

We’re done.

Enjoy.

November 13th, 2011  Posted at   Linux

When we want to connect to a wireless network protected using WPA/WPA2 schema using command line we cannot use iwconfig to achieve it. We need to use a “supplicant” program. The most common is wpa_supplicant. To use this program we need to provide it a config file, so let’s do it.

Create a new file with the following content:

# WPA/WPA2 PSK Config file

network={

	ssid="MyNetwork"

	scan_ssid=1

	key_mgmt=WPA-PSK

	psk="MyKey"
}

Where “MyNetwork” is the name (ESSID) of the network you want to connect to and “MyKey” is the Pre-Shared Key for the network.

Save this file wherever you want. I’ll use /root/wpa.conf (I’m using BT5 right now :)).

** If the example file configuration does not meet your requirements you can find other configurations in the following file:

http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/wpa_supplicant.conf

The interface I’ll be using for this connection is eth1.

The command we need to launch to finally connect to this network is the following:

wpa_supplicant -Dwext -c/root/wpa.conf -ieth1

Parameters meaning:

-D driver to use. (wext -> Linux wireless extensions (generic))

-c config file to use. (/root/wpa.conf -> our new config file)

-i interface to use. (eth1 -> my wireless interface)

As the wpa_supplicant command that we use needs to be active permanently while we are connected to the network it’s better to launch it in the background so we’ll use the following command:

wpa_supplicant -Dwext -c/root/wpa.conf -ieth1 &

If you’re using a graphical interface like Gnome or KDE you can also press ALT+F2 to run the program in background mode:

And that’s it, you’re connected.

Remember that once you’ve done this you need to configure the IP parameters for the network. If there is a DHCP server running you can use:

dhclient eth1

Enjoy.

October 22nd, 2011  Posted at   Backtrack, Linux

I like to use an old laptop in which I’ve installed BT5. From being an useless thing inside a closet it has become a wonderful tool for me nowadays. Although I’ve a neat Alpha AWUS036H card,  it was reasonable that I wanted that its internal ipw2200bg card worked too. That is something that doesn’t happen when you run BT5 with its default configuration.

If we run dmesg we’ll see that our internal card is detected but something is happening with its firmware.

ipw2200: Detected Intel PRO/Wireless 2200BG Network Connection
ipw2200: ipw2200-bss.fw request_firmware failed: Reason -2
ipw2200: Unable to load firmware: -2
ipw2200: failed to register network device

To solve this issue we have to download the latest firmware for the card. You can get it from the official site http://ipw2200.sourceforge.net/firmware.php. I’ve uploaded the latest version at present, 3.1, so you can get it directly from here: ipw2200-fw-3.1.tgz

Once you get it extract the firmware files:

tar xvfz ipw2200-fw-3.1.tgz

Copy the .fw files to /lib/firmware:

cp ipw2200-fw-3.1/*.fw /lib/firmware/

Reset the driver:

modprobe -r ipw2200

modprobe ipw2200

Done.

Enjoy.