Category: Security
Persistent mount for luks with unlock Key
creating a encrypted disk with luks our Little problem here to mount a encrypted disk automatically on boot so no need to enter the pass for mounting but this risky if the machine theft happen because we will use a key inside the system and it will be leaked if our machine stolen so lets
Linux Disk Encryption with LUKS
today we going to make an encrypted disk partition list prepare our partition I have a new disk in /dev/sdb I will create a partition 100 on it with fdisk
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
[root@localhost ~]# fdisk /dev/sdb Welcome to fdisk (util-linux 2.25.2). Changes will remain in memory only, until you decide to write them. Be careful before using the write command. /dev/sdb: device contains a valid 'crypto_LUKS' signature, it's strongly recommended to wipe the device by command wipefs(8) if this setup is unexpected to avoid possible collisions. Device does not contain a recognized partition table. Created a new DOS disklabel with disk identifier 0xc0e7edd0. Command (m for help): p Disk /dev/sdb: 1 GiB, 1073741824 bytes, 2097152 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0xc0e7edd0 Command (m for help): n Partition type p primary (0 primary, 0 extended, 4 free) e extended (container for logical partitions) Select (default p): p Partition number (1-4, default 1): First sector (2048-2097151, default 2048): Last sector, +sectors or +size{K,M,G,T,P} (2048-2097151, default 2097151): +100M Created a new partition 1 of type 'Linux' and of size 100 MiB. Command (m for help): w The partition table has been altered. Calling ioctl() to re-read partition table. Syncing disks. [root@localhost ~]# fdisk /dev/sdb Welcome to fdisk (util-linux 2.25.2). Changes will remain in memory only, until you decide to write them. Be careful before using the write command. Command (m for help): p Disk /dev/sdb: 1 GiB, 1073741824 bytes, 2097152 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0xc0e7edd0 Device Boot Start End Sectors Size Id Type /dev/sdb1 2048 206847 204800 100M 83 Linux |
RPM integrity and scripts
Yum repository comes with gpg and md5 support to verify the validity of the package You can list installed gpg keys in your system via
|
1 |
rpm -qa gpg-pubkey |
It will show the unique id for the installed keys in your system gpg-pubkey-e8562897-459f07a4 gpg-pubkey-217521f6-45e8a532 To list all information related to a key rpm -qi pgp-key-unique-id
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
Name : gpg-pubkey Relocations: (not relocatable) Version : 6b8d79e6 Vendor: (none) Release : 3f49313d Build Date: Wed Jan 16 03:03:02 2013 Install Date: Wed Jan 16 03:03:02 2013 Build Host: localhost Group : Public Keys Source RPM: (none) Size : 0 License: pubkey Signature : (none) Summary : gpg(Dag Wieers (Dag Apt Repository v1.0) <dag@wieers.com>) Description : -----BEGIN PGP PUBLIC KEY BLOCK----- Version: rpm-4.4.2.3 (NSS-3) mQGiBD9JMT0RBAC9Q2B0AloUMTxaK73sD0cOu1MMdD8yuDagbMlDtUYA1aGeJVO6 TV02JLGr67OBY+UkYuC1c3PUwmb3+jakZd5bW1L8E2L705wS0129xQOZPz6J+alF 5rTzVkiefg8ch1yEcMayK20NdyOmhDGXQXNQS8OJFLTIC6bJs+7MZL83/wCg3cG3 3q7MWHm3IpJb+6QKpB9YH58D/2WjPDK+7YIky/JbFBT4JPgTSBy611+bLqHA6PXq 39tzY6un8KDznAMNtm+NAsr6FEG8PHe406+tbgd7tBkecz3HPX8nR5v0JtDT+gzN 8fM3kAiAzjCHUAFWVAMAZLr5TXuoq4lGTTxvZbwTjZfyjCm7gIieCu8+qnPWh6hm 30NgA/0ZyEHG6I4rOWqPks4vZuD+wlp5XL8moBXEKfEVOMh2MCNDRGnvVHu1P3eD oHOooVMt9sWrGcgxpYuupPNL4Uf6B6smiLlH6D4tEg+qCxC17zABI5572XJTJ170 JklZJrPGtnkPrrKMamnN9MU4RjGmjh9JZPa7rKjZHyWP/z/CBrQ1RGFnIFdpZWVy cyAoRGFnIEFwdCBSZXBvc2l0b3J5IHYxLjApIDxkYWdAd2llZXJzLmNvbT6IWQQT EQIAGQUCP0kxPQQLBwMCAxUCAwMWAgECHgECF4AACgkQog5SFGuNeeYvDQCeKHST hIq/WzFBXtJOnQkJGSqAoHoAnRtsJVWYmzYKHqzkRx1qAzL18Sd0iEYEEBECAAYF Aj9JMWAACgkQoj2iXPqnmevnOACfRQaageMcESHVE1+RSuP3txPUvoEAoJAtOHon g+3SzVNSZLn/g7/Ljfw+uQENBD9JMT8QBACj1QzRptL6hbpWl5DdQ2T+3ekEjJGt llCwt4Mwt/yOHDhzLe8SzUNyYxTXUL4TPfFvVW9/j8WOkNGvffbs7g84k7a5h/+l IJTTlP9V9NruDt1dlrBe+mWF6eCY55OFHjb6nOIkcJwKxRd3nGlWnLsz0ce9Hjrg 6lMrn0lPsMV6swADBQP9H42sss6mlqnJEFA97Fl3V9s+7UVJoAIA5uSVXxEOwVoh Vq7uECQRvWzif6tzOY+vHkUxOBRvD6oIU6tlmuG3WByKyA1d0MTqMr3eWieSYf/L n5VA9NuD7NwjFA1kLkoDwfSbsF51LppTMkUggzwgvwE46MB6yyuqAVI1kReAWw+I RgQYEQIABgUCP0kxPwAKCRCiDlIUa4155oktAKDAzm9QYbDpk6SrQhkSFy016BjE BACeJU1hpElFnUZCL4yKj4EuLnlo8kc= =mqUt-----END PGP PUBLIC KEY BLOCK----- |
It
nmap cheat sheet
nmap scan sheet cheat 😀 Host Discovery
|
1 2 3 |
nmap -PE <range> nmap -PP <range> nmap -PM <range> |
arp scan
|
1 |
nmap -PR <range> |
Stealth Scan
|
1 |
nmap -sS <range> |
Idle Scan
|
1 |
nmap -sI zombie <range> |
Version Scan
|
1 |
nmap -sV <range> |
port forward & pivoting with meterpreter
Let’s assume u attacked machine with 2 nic cards our IP is 10.0.0.5 first, one ip is 10.0.0.10 that you reach it from and in ifconfig shows, the machine has a different IP 10.0.2.30 you can scan the network 10.0.2.x via meterpreter arp_scan
|
1 |
meterpreter > run arp_scan -r 10.0.2.1-255 |
we can connect to the RDP server of the machine 10.0.2.30
MetaSploit Payload to Executable EXE
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
# msfvenom No options Usage: /opt/metasploit/apps/pro/msf3/msfvenom [options] <var=val> Options: -p, --payload <payload> Payload to use. Specify a '-' or stdin to use custom payloads -l, --list [module_type] List a module type example: payloads, encoders, nops, all -n, --nopsled <length> Prepend a nopsled of [length] size on to the payload -f, --format <format> Output format (use --help-formats for a list) -e, --encoder [encoder] The encoder to use -a, --arch <architecture> The architecture to use --platform <platform> The platform of the payload -s, --space <length> The maximum size of the resulting payload -b, --bad-chars <list> The list of characters to avoid example: '\x00\xff' -i, --iterations <count> The number of times to encode the payload -c, --add-code <path> Specify an additional win32 shellcode file to include -x, --template <path> Specify a custom executable file to use as a template -k, --keep Preserve the template behavior and inject the payload as a new thread -o, --options List the payload's standard options -h, --help Show this message --help-formats List available formats |
SMASH THE STACK LEVEL6
Smash The Stack Level 6
|
1 2 |
level6@io:/levels$ ./level06 a b Hi a |
this app take 2 argument 1 – username 2- password it takes it then say hi also, it checks ur env language and change the msg
|
1 2 3 4 5 6 7 8 |
level6@io:/levels$ export LANG=fr level6@io:/levels$ ./level06 a b Bienvenue a level6@io:/levels$ export LANG=de level6@io:/levels$ ./level06 a b Willkommen a level6@io:/levels$ |
let’s make some love with gdb btw without change ur language, it will not overwrite the EIP
Get Environment Variable memory Address
some time u put the shellcode inside the environment and u will need the address of it to build ur payload here is a simple C code to get the address
|
1 2 3 4 5 6 7 8 9 |
1 #include <stdio.h> 2 #include <stdlib.h> 3 4 int main(int argc, char *argv[]) 5 { 6 char *nix = getenv("NIX"); 7 printf("%p\n", nix); 8 return 0; 9 } |
Duplicate File Finder By MD5SUM
Hello this is a simple script to find the duplicated files by md5sum so if u have 2 files with the same content but with different names, u still can catch them
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 |
#duplicate file finder by file md5sum #author N1X import sys import os import subprocess from os.path import join, abspath from os import walk from time import sleep try: sys.argv[1] except IndexError: print "usage: python filedub.py /full/path/to/dir/" sys.exit() fileList = {} targetdir = sys.argv[1] totalfiles = 0 devnull = open('/dev/null', 'w') print "#" * 20 print '#' * 5 , 'Scan Start on :' , targetdir print '#' * 20 print 'Total Founded:' for root, dirs, files in os.walk(targetdir, topdown=True, onerror=None, followlinks=False): totalfiles += len(files) for file in files: file = abspath(join(root, file)) cmd = 'md5sum "%s"' % file sum = subprocess.Popen(cmd , stderr=subprocess.PIPE, shell=True, stdout=subprocess.PIPE) sum = sum.communicate()[0] print sum sum = sum.split() try: sum[0] except IndexError: continue sum = sum[0] if fileList.has_key(sum): fileList[sum].append(file) else: fileList[sum] = [file] print '\r%s'%totalfiles, sys.stdout.flush() sleep(0.5) for key in fileList.keys(): if len(fileList[key]) > 1 : print "\n" print "Total Duplicate for checksum[%s] is : %s)" %(key,len(fileList[key])) i=0 for dub in fileList[key]: i = i + 1 print i,":" ,dub,"if you want to delete this file pres y" action = raw_input('--> ') if action == "y": os.remove(dub) |
TrueCrypt Password bruteforce
hello, guys, this script will simply mount the container with the password form the given password list
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
#!/usr/bin/env python #TrueCrypt Crack Passowrd Based In Dic Attack #Author : N1X import subprocess import sys file = open(sys.argv[2]) passlist=file.readlines() for password in passlist: print password.strip() command = "truecrypt -t --non-interactive %s -p %s" %(sys.argv[1],password.strip()) p = subprocess.Popen(command,shell=True,stderr=subprocess.PIPE) r = p.stderr.read() if r.startswith('Error'): pass else: print "Found Passowrd is :" + password exit() |