A few of the old ESXi servers are lying around and needs to be upgraded.
Power all VM.
Turn on maintenance mode.
Enable SSH
SSH into the server
esxcli network firewall ruleset set -e false -r httpClient
esxcli software sources profile list --depot=https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml | grep 6.7
esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-6.7.0-8169922-standard
Might wanna open another SSH
tail -f /var/log/esxupdate.log
esxcli network firewall ruleset set -e false -r httpClient
reboot
6.7.0 (Build 8169922) -> :)
Copied from: https://tinkertry.com/easy-update-to-esxi-67
Friday, July 27, 2018
Wednesday, July 25, 2018
Using OSX High Sierra on a VMWARE ESXi
Steps to convert the stupid installer into an iso for other uses...
hdiutil create -o /tmp/HighSierra.cdr -size 5200m -layout SPUD -fs HFS+J
hdiutil attach /tmp/HighSierra.cdr.dmg -noverify -mountpoint /Volumes/install_build
sudo /Applications/Install\ macOS\ High\ Sierra.app/Contents/Resources/createinstallmedia --volume /Volumes/install_build
mv /tmp/HighSierra.cdr.dmg ~/Desktop/InstallSystem.dmg
hdiutil detach /Volumes/Install\ macOS\ High\ Sierra
hdiutil convert ~/Desktop/InstallSystem.dmg -format UDTO -o ~/Desktop/HighSierra.iso
hdiutil create -o /tmp/HighSierra.cdr -size 5200m -layout SPUD -fs HFS+J
hdiutil attach /tmp/HighSierra.cdr.dmg -noverify -mountpoint /Volumes/install_build
sudo /Applications/Install\ macOS\ High\ Sierra.app/Contents/Resources/createinstallmedia --volume /Volumes/install_build
mv /tmp/HighSierra.cdr.dmg ~/Desktop/InstallSystem.dmg
hdiutil detach /Volumes/Install\ macOS\ High\ Sierra
hdiutil convert ~/Desktop/InstallSystem.dmg -format UDTO -o ~/Desktop/HighSierra.iso
Monday, November 13, 2017
Kali Linux - Creating your own distro
A colic of mine was trying to act cute and said he wanted his own custom version of kali linux.
As remaster-sys might not work, ( i think ), went on to figure if it's really possible.
As he sucks in googling, here are the steps for my own reference.
Install Kali to a VM.
apt update && apt install curl git live-build
git clone git://git.kali.org/live-build-config.git
cd live-build-config
Inside the kali-config folder, there are various "environments" available.
I choose the LIGHT version as though it's a variant of the XFCE env, it's really light.
With this in mind, lets add some "special" packages that my colic wants.
Edit the config in kali-config/variant-light/package-lists/kali.list.chroot
Add your packages etc.
As he wanted to add custom "code and scripts" as well, add them to kali-config/common/includes.chroot/ folder. EG: root/Desktop/aaa.txt will make the aaa.txt appear on the root desktop.
To enable SSH on startup,
echo ‘update-rc.d -f ssh enable’ >> kali-config/common/hooks/01-start-ssh.chroot
chmod 755 kali-config/common/hooks/01-start-ssh.chroot
Once done, build the image.
./build.sh --variant light --verbose
Drink coffee and the build ISO will be at: images/xxx.iso
REF: https://www.cybrary.it/0p3n/create-kali-linux-iso/
REF: https://kali.training/chapter-9/building-custom-kali-live-iso-images/
As remaster-sys might not work, ( i think ), went on to figure if it's really possible.
As he sucks in googling, here are the steps for my own reference.
Install Kali to a VM.
apt update && apt install curl git live-build
git clone git://git.kali.org/live-build-config.git
cd live-build-config
Inside the kali-config folder, there are various "environments" available.
I choose the LIGHT version as though it's a variant of the XFCE env, it's really light.
With this in mind, lets add some "special" packages that my colic wants.
Edit the config in kali-config/variant-light/package-lists/kali.list.chroot
Add your packages etc.
As he wanted to add custom "code and scripts" as well, add them to kali-config/common/includes.chroot/ folder. EG: root/Desktop/aaa.txt will make the aaa.txt appear on the root desktop.
To enable SSH on startup,
echo ‘update-rc.d -f ssh enable’ >> kali-config/common/hooks/01-start-ssh.chroot
chmod 755 kali-config/common/hooks/01-start-ssh.chroot
Once done, build the image.
./build.sh --variant light --verbose
Drink coffee and the build ISO will be at: images/xxx.iso
REF: https://www.cybrary.it/0p3n/create-kali-linux-iso/
REF: https://kali.training/chapter-9/building-custom-kali-live-iso-images/
Tuesday, October 31, 2017
VM Fusion Persistant Disk
Add a new hard disk to your VM Fusion.
Open up the VMX File in your editor.
Search for your workdisk
scsi0:1.fileName = "YOUROWKDISK-000001.vmdk"
Add in the following lines
scsi0:1.mode = "independent-persistent"
snapshot.disabled = "TRUE"
snapshot.action = "keep"
To take snapshot. Shut down the VM.
Then take the snapshot
Open up the VMX File in your editor.
Search for your workdisk
scsi0:1.fileName = "YOUROWKDISK-000001.vmdk"
Add in the following lines
scsi0:1.mode = "independent-persistent"
snapshot.disabled = "TRUE"
snapshot.action = "keep"
To take snapshot. Shut down the VM.
Then take the snapshot
Wednesday, October 04, 2017
Blank screen after some dist-upgrade
So my kali was doing some dist-upgrade.
Took wayyyyy too long and i just killed it.
However, next reboot, everything was black. =_+''
After booting, press Ctrl+Alt+F1~F12.
This should get you a terminal.
Login as root
dpkg --configure -a
WAIT PATIENTLY ( which i failed )
Once done, reboot, volia.
Took wayyyyy too long and i just killed it.
However, next reboot, everything was black. =_+''
After booting, press Ctrl+Alt+F1~F12.
This should get you a terminal.
Login as root
dpkg --configure -a
WAIT PATIENTLY ( which i failed )
Once done, reboot, volia.
Friday, June 09, 2017
Auto Backup MYSQL DB table structure
Usually during coding, one would often forgot about the MySQL databases structure.
I would usually check in my code but not my DB design.
Below is a sh file that backup the MySQL table structure.
Not the best script. But it does the job.
#!/bin/bash
Host=localhost
BDir=/root/SQLStructureBackup/
Dump="/usr/bin/mysqldump -d -h $Host -u BACKUPUSER -pSOMEPASSWORDHERE "
MySQL=/usr/bin/mysql
Today=$(date +%Y-%b-%d)
# Get a list of all databases
Databases=$(echo "SHOW DATABASES" | $MySQL -u BACKUPUSER -pSOMEPASSWORDHERE)
for db in $Databases; do
date=`date`
file="$BDir/$Today-$db.sql.gz"
echo "Backing up '$db' from '$Host' on '$date' to: "
echo " $file"
$Dump $db | gzip > $file
done
I would usually check in my code but not my DB design.
Below is a sh file that backup the MySQL table structure.
Not the best script. But it does the job.
#!/bin/bash
Host=localhost
BDir=/root/SQLStructureBackup/
Dump="/usr/bin/mysqldump -d -h $Host -u BACKUPUSER -pSOMEPASSWORDHERE "
MySQL=/usr/bin/mysql
Today=$(date +%Y-%b-%d)
# Get a list of all databases
Databases=$(echo "SHOW DATABASES" | $MySQL -u BACKUPUSER -pSOMEPASSWORDHERE)
for db in $Databases; do
date=`date`
file="$BDir/$Today-$db.sql.gz"
echo "Backing up '$db' from '$Host' on '$date' to: "
echo " $file"
$Dump $db | gzip > $file
done
Tuesday, June 07, 2016
Getting SAMBA to work
One of my colics have trouble setting up samba for his linux server.
apt-get install samba smbfs
Edit the samba config file at /etc/samba/smb.conf
# Global parameters
[global]
workgroup = HOME
netbios name = SAMBA
server string = Samba Server %v
map to guest = Bad User
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = No
local master = No
dns proxy = No
security = User
hosts allow = 127. XXX.XXX
interfaces = 127.0.0.1/8 XXX.XXX.XXX.XXX/16
bind interfaces only = yes
guest account = nobody
null passwords = no
username level = 6
#password level = 6
encrypt passwords = true
unix password sync = yes
domain master = no
preserve case = yes
short preserve case = yes
# Share
[files]
path = /files/
valid users = SOMEUSERHERE
read only = No
create mask = 0777
directory mask = 0777
useradd -c "NAME HERE" SOMEUSERHERE
smbpasswd -a SOMEUSERHERE
*Note that usually samba will not start if your config is wrong..
apt-get install samba smbfs
Edit the samba config file at /etc/samba/smb.conf
# Global parameters
[global]
workgroup = HOME
netbios name = SAMBA
server string = Samba Server %v
map to guest = Bad User
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = No
local master = No
dns proxy = No
security = User
hosts allow = 127. XXX.XXX
interfaces = 127.0.0.1/8 XXX.XXX.XXX.XXX/16
bind interfaces only = yes
guest account = nobody
null passwords = no
username level = 6
#password level = 6
encrypt passwords = true
unix password sync = yes
domain master = no
preserve case = yes
short preserve case = yes
# Share
[files]
path = /files/
valid users = SOMEUSERHERE
read only = No
create mask = 0777
directory mask = 0777
useradd -c "NAME HERE" SOMEUSERHERE
smbpasswd -a SOMEUSERHERE
*Note that usually samba will not start if your config is wrong..
Friday, April 15, 2016
Single boot kali into MAC
Friend has an old imac around.
Decided to install it with kali.
Pop in kali usb and press OPTION to boot menu.
Should see a WINDOWS and EFI BOOT partition.
Choose windows and install normally.
After installation, boot back to LIVE MODE.
Decided to install it with kali.
Pop in kali usb and press OPTION to boot menu.
Should see a WINDOWS and EFI BOOT partition.
Choose windows and install normally.
After installation, boot back to LIVE MODE.
root@kali:~# gdisk /dev/sda
zsh: correct 'gdisk' to 'fdisk' [nyae]? n
GPT fdisk (gdisk) version 0.8.5
Partition table scan:
MBR: protective
BSD: not present
APM: not present
GPT: present
Found valid GPT with protective MBR; using GPT.
Command (? for help): p
Disk /dev/sda: 976773168 sectors, 465.8 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): B6A4398E-3590-4BB7-AA57-D64EF74860D0
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 976773134
Partitions will be aligned on 2048-sector boundaries
Total free space is 4077 sectors (2.0 MiB)
Number Start (sector) End (sector) Size Code Name
1 2048 4095 1024.0 KiB EF02
2 4096 943585279 449.9 GiB 0700
3 943585280 976771071 15.8 GiB 8200
Command (? for help): r
Recovery/transformation command (? for help): h
WARNING! Hybrid MBRs are flaky and dangerous! If you decide not to use one,
just hit the Enter key at the below prompt and your MBR partition table will
be untouched.
Type from one to three GPT partition numbers, separated by spaces, to be
added to the hybrid MBR, in sequence: 2
Place EFI GPT (0xEE) partition first in MBR (good for GRUB)? (Y/N): y
Creating entry for GPT partition #2 (MBR partition #2)
Enter an MBR hex code (default 07): 83
Set the bootable flag? (Y/N): y
Unused partition space(s) found. Use one to protect more partitions? (Y/N): n
Recovery/transformation command (? for help): w
Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!
Do you want to proceed? (Y/N): y
OK; writing new GUID partition table (GPT) to /dev/sda.
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot.
The operation has completed successfully.
root@kali:~#
zsh: correct 'gdisk' to 'fdisk' [nyae]? n
GPT fdisk (gdisk) version 0.8.5
Partition table scan:
MBR: protective
BSD: not present
APM: not present
GPT: present
Found valid GPT with protective MBR; using GPT.
Command (? for help): p
Disk /dev/sda: 976773168 sectors, 465.8 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): B6A4398E-3590-4BB7-AA57-D64EF74860D0
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 976773134
Partitions will be aligned on 2048-sector boundaries
Total free space is 4077 sectors (2.0 MiB)
Number Start (sector) End (sector) Size Code Name
1 2048 4095 1024.0 KiB EF02
2 4096 943585279 449.9 GiB 0700
3 943585280 976771071 15.8 GiB 8200
Command (? for help): r
Recovery/transformation command (? for help): h
WARNING! Hybrid MBRs are flaky and dangerous! If you decide not to use one,
just hit the Enter key at the below prompt and your MBR partition table will
be untouched.
Type from one to three GPT partition numbers, separated by spaces, to be
added to the hybrid MBR, in sequence: 2
Place EFI GPT (0xEE) partition first in MBR (good for GRUB)? (Y/N): y
Creating entry for GPT partition #2 (MBR partition #2)
Enter an MBR hex code (default 07): 83
Set the bootable flag? (Y/N): y
Unused partition space(s) found. Use one to protect more partitions? (Y/N): n
Recovery/transformation command (? for help): w
Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!
Do you want to proceed? (Y/N): y
OK; writing new GUID partition table (GPT) to /dev/sda.
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot.
The operation has completed successfully.
root@kali:~#
Syncing Apple Wireless Mouse and keyboard to kali
And so i have an old apple mouse and keyboard and decided to sync it to kali via bluetooth instead!
Holding on the keyboard power button throughout the syncing not sure if it works.
Bluetooth setup was a hassle.
So...
apt-get install blueman
Then run blueman-manager
:P
Holding on the keyboard power button throughout the syncing not sure if it works.
Bluetooth setup was a hassle.
So...
apt-get install blueman
Then run blueman-manager
:P
Thursday, April 07, 2016
Setting up mod-security for apache.
And so we were looking into WAF for our sites....
Lets go...
apt-get install libapache2-modsecurity
Verify that all is well. If there is a shared, all is well.
apachectl -M | grep --color security
Rename the config file..
mv /etc/modsecurity/modsecurity.conf{-recommended,}
Restart apache
/etc/init.d/apache2 restart
Logs should be in /var/log/apache2/modsec_audit.log
Let's enable modsecurity
nano /etc/modsecurity/modsecurity.conf
SecRuleEngine DetectionOnly becomes SecRuleEngine On
SecResponseBodyAccess On becomes SecResponseBodyAccess Off
Restart apache
Test SQL injection
Create a php
Change password to suit your database.
Login to MYSQL.
mysql -u root -p
create database sample;
connect sample;
create table users(username VARCHAR(100),password VARCHAR(100));
insert into users values('jesin','pwd');
insert into users values('alice','secret');
quit;
Test your page to see if can login.
Then under username, use this: ' or true --
Note the space behind --
You should be able to login. FUCK!!!!
Lets get the ruleset.
wget "https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/v2.2.5"
tar -zxf
Lets move the ruleset
rm -rf /usr/share/modsecurity-crs/*
mkdir /usr/share/modsecurity-crs
mv SpiderLabs-owasp-modsecurity-crs-5c28b52/* /usr/share/modsecurity-crs/
cd /usr/share/modsecurity-crs/
mv modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf
cd /usr/share/modsecurity-crs/activated_rules/
ln -s ../modsecurity_crs_10_setup.conf .
for f in `ls /usr/share/modsecurity-crs/base_rules/` ; do sudo ln -s /usr/share/modsecurity-crs/base_rules/$f /usr/share/modsecurity-crs/activated_rules/$f ; done
for f in `ls /usr/share/modsecurity-crs/optional_rules/` ; do sudo ln -s /usr/share/modsecurity-crs/optional_rules/$f /usr/share/modsecurity-crs/activated_rules/$f ; done
nano /etc/apache2/mods-available/mod-security.conf
Add in the following 2 lines
Include "/usr/share/modsecurity-crs/*.conf"
Include "/usr/share/modsecurity-crs/activated_rules/*.conf"
Make sure that mod-security.conf is something like that...
# Default Debian dir for modsecurity's persistent data
SecDataDir /var/cache/modsecurity
# Include all the *.conf files in /etc/modsecurity.
# Keeping your local configuration in that directory
# will allow for an easy upgrade of THIS file and
# make your life easier
Include "/etc/modsecurity/*.conf"
Include "/usr/share/modsecurity-crs/*.conf"
Include "/usr/share/modsecurity-crs/activated_rules/*.conf"
Restart your apache.
You might need to a2enmod headers or apt-get install libapache2-mod-proxy-html
Remove relevant rules if needed.
Also check that the mod-security.conf does not load duplicate conf
Test your injection, it should fail.
The site: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project requires modsecurity >= 2.7.
Lets go...
apt-get install libapache2-modsecurity
Verify that all is well. If there is a shared, all is well.
apachectl -M | grep --color security
Rename the config file..
mv /etc/modsecurity/modsecurity.conf{-recommended,}
Restart apache
/etc/init.d/apache2 restart
Logs should be in /var/log/apache2/modsec_audit.log
Let's enable modsecurity
nano /etc/modsecurity/modsecurity.conf
SecRuleEngine DetectionOnly becomes SecRuleEngine On
SecResponseBodyAccess On becomes SecResponseBodyAccess Off
Restart apache
Test SQL injection
Create a php
Change password to suit your database.
Login to MYSQL.
mysql -u root -p
create database sample;
connect sample;
create table users(username VARCHAR(100),password VARCHAR(100));
insert into users values('jesin','pwd');
insert into users values('alice','secret');
quit;
Test your page to see if can login.
Then under username, use this: ' or true --
Note the space behind --
You should be able to login. FUCK!!!!
Lets get the ruleset.
wget "https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/v2.2.5"
tar -zxf
Lets move the ruleset
rm -rf /usr/share/modsecurity-crs/*
mkdir /usr/share/modsecurity-crs
mv SpiderLabs-owasp-modsecurity-crs-5c28b52/* /usr/share/modsecurity-crs/
cd /usr/share/modsecurity-crs/
mv modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf
cd /usr/share/modsecurity-crs/activated_rules/
ln -s ../modsecurity_crs_10_setup.conf .
for f in `ls /usr/share/modsecurity-crs/base_rules/` ; do sudo ln -s /usr/share/modsecurity-crs/base_rules/$f /usr/share/modsecurity-crs/activated_rules/$f ; done
for f in `ls /usr/share/modsecurity-crs/optional_rules/` ; do sudo ln -s /usr/share/modsecurity-crs/optional_rules/$f /usr/share/modsecurity-crs/activated_rules/$f ; done
nano /etc/apache2/mods-available/mod-security.conf
Add in the following 2 lines
Include "/usr/share/modsecurity-crs/*.conf"
Include "/usr/share/modsecurity-crs/activated_rules/*.conf"
Make sure that mod-security.conf is something like that...
# Default Debian dir for modsecurity's persistent data
SecDataDir /var/cache/modsecurity
# Include all the *.conf files in /etc/modsecurity.
# Keeping your local configuration in that directory
# will allow for an easy upgrade of THIS file and
# make your life easier
Include "/etc/modsecurity/*.conf"
Include "/usr/share/modsecurity-crs/*.conf"
Include "/usr/share/modsecurity-crs/activated_rules/*.conf"
Make sure that mod-security.load is something like that...
LoadFile libxml2.so.2
LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so
Make sure that mod-security is loaded via a2enmod. It should be done by default.
You might need to a2enmod headers or apt-get install libapache2-mod-proxy-html
Remove relevant rules if needed.
Also check that the mod-security.conf does not load duplicate conf
Test your injection, it should fail.
The site: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project requires modsecurity >= 2.7.
PFSense with snort
And so i was tasked to settle the pfsense for a small network.
Decided to install snort.
Go to System > Packages > Available Packages > find Snort
Install it.
Get oinkcode from snort website.
Go back to services > snort
Go to global settings
Tick Install Snort VRT Rules
Paste oinkcode
Check Install Snort Community
Check ETOpen
Set auto update to 1 day.
Save.
Go to updates tab.
Update the rules.
Go back to Snort Interfaces tab.
Add a new interface
Set interface to WAN.
Save
Edit the WAN interface.
Check the snort Snort GPLv2 Community Rules (VRT CERTIFED) to enable the snort rules.
and remember to save!
Reference: https://techknight.eu/2015/03/14/pfsense-snort-idsips-basic-setup-and-configuration/
Decided to install snort.
Go to System > Packages > Available Packages > find Snort
Install it.
Get oinkcode from snort website.
Go back to services > snort
Go to global settings
Tick Install Snort VRT Rules
Paste oinkcode
Check Install Snort Community
Check ETOpen
Set auto update to 1 day.
Save.
Go to updates tab.
Update the rules.
Go back to Snort Interfaces tab.
Add a new interface
Set interface to WAN.
Save
Edit the WAN interface.
Check the snort Snort GPLv2 Community Rules (VRT CERTIFED) to enable the snort rules.
and remember to save!
Reference: https://techknight.eu/2015/03/14/pfsense-snort-idsips-basic-setup-and-configuration/
Wednesday, April 06, 2016
Connect WPA2 on linux
And so i have a linux that is far from the router.
And i need to connect it via wifi.
apt-get install
Know your interface first...
nano /etc/network/interfaces
And i need to connect it via wifi.
apt-get install
Know your interface first...
nano /etc/network/interfaces
| auto wlan0 |
| iface lo inet loopback |
| iface eth0 inet dhcp |
| allow-hotplug wlan0 |
| iface wlan0 inet static ( Else use iface wlan0 inet dhcp ) |
| address 192.168.1.155 |
| netmask 255.255.255.0 |
| gateway 192.168.1.1 |
| wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf |
| iface default inet dhcp |
nano /etc/wpa_supplicant/wpa_supplicant.conf
| ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev |
| update_config=1 |
| network={ |
| ssid="NYO_WWWP" |
| psk="topsecret" |
| proto=RSN |
| key_mgmt=WPA-PSK |
| pairwise=CCMP |
| auth_alg=OPEN |
| } |
Monday, April 04, 2016
Install .Net Framework 3.5 on windows 10
DISM /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:d:\sources\sxs
Monday, March 28, 2016
VMWare Workstation 12 - Kali Rolling - No internet too...
And so i decided to install Kali on my office laptop.
Which unfortunately, LAN and WIFI is spoilt...
Being a poor guy as usual, did not have money to buy a USB wireless adapter....
So....
Lets do it the HARD CORE USB THUMBDRIVE WAY!
Install VMWare.
Get the installer from the website. It's a bundle file.
chmod +x {bundle name}
./{bundle name}
VMWare installation will start.
Next all the way, for CDKEY, google youtube. There's a key out there that works...
After installation, while trying to run vmware
Should get an error saying that some headers are not found.
FUGGGGGG!
No internet, how to update?????
On another internet PC somewhere far far away...
On kali-rolling, the headers are unfortunately linux-headers-4.0.0 ( uname -r )
In the kali-rolling repo, the headers are 4.4.0 ( apt-cache search linux-headers )
HOW HOW HOW!
Let's revert the apt/sources.list and change it to SANA repo.
nano /etc/apt/sources.list
deb http://http.kali.org/kali sana main non-free contrib deb http://security.kali.org/kali-security sana/updates main contrib non-free deb-src http://http.kali.org/kali sana main non-free contrib deb-src http://security.kali.org/kali-security sana/updates main contrib non-free
apt-get flush && apt-get autoremove
apt-get update
apt-cache search linux-headers
You should see that there is a linux-headers-4.0.0
Lets download this and move it to the lousy office laptop.
This command will list the packages (deb) files needed and output to a urls.txt
apt-get -qq --print-uris install build-essential linux-headers-$(uname -r) | cut -d\' -f2 > urls.txt
Lets download the deb files...
mkdir temp
mv urls.txt temp/
cd temp
wget -i urls.txt
Once done, move everything over to the no internet laptop.
dpkg -i *.deb
Which unfortunately, LAN and WIFI is spoilt...
Being a poor guy as usual, did not have money to buy a USB wireless adapter....
So....
Lets do it the HARD CORE USB THUMBDRIVE WAY!
Install VMWare.
Get the installer from the website. It's a bundle file.
chmod +x {bundle name}
./{bundle name}
VMWare installation will start.
Next all the way, for CDKEY, google youtube. There's a key out there that works...
After installation, while trying to run vmware
Should get an error saying that some headers are not found.
FUGGGGGG!
No internet, how to update?????
On another internet PC somewhere far far away...
On kali-rolling, the headers are unfortunately linux-headers-4.0.0 ( uname -r )
In the kali-rolling repo, the headers are 4.4.0 ( apt-cache search linux-headers )
HOW HOW HOW!
Let's revert the apt/sources.list and change it to SANA repo.
nano /etc/apt/sources.list
deb http://http.kali.org/kali sana main non-free contrib deb http://security.kali.org/kali-security sana/updates main contrib non-free deb-src http://http.kali.org/kali sana main non-free contrib deb-src http://security.kali.org/kali-security sana/updates main contrib non-free
apt-get flush && apt-get autoremove
apt-get update
apt-cache search linux-headers
You should see that there is a linux-headers-4.0.0
Lets download this and move it to the lousy office laptop.
This command will list the packages (deb) files needed and output to a urls.txt
apt-get -qq --print-uris install build-essential linux-headers-$(uname -r) | cut -d\' -f2 > urls.txt
Lets download the deb files...
mkdir temp
mv urls.txt temp/
cd temp
wget -i urls.txt
Once done, move everything over to the no internet laptop.
dpkg -i *.deb
Kali Rolling - Lets update
Well, Kali linux just got an upgrade ( Quite some time back ).
Feeling bored with Natasha, decided that i should do an upgrade for my VM.
Edit your /etc/apt/sources.list.
Change it to:
deb http://http.kali.org/kali kali-rolling main contrib non-free
deb-src http://http.kali.org/kali kali-rolling main contrib non-free
If you are still on SANA,which you should not be...
deb http://http.kali.org/kali sana main non-free contrib
deb http://security.kali.org/kali-security sana/updates main contrib non-free
# For source package access, uncomment the following line
# deb-src http://http.kali.org/kali sana main non-free contrib
# deb-src http://security.kali.org/kali-security sana/updates main contrib non-free
Note that sometimes, you might get a package error.
I find that using the mirror could be a better choice. ( http://http.kali.org/README.mirrorlist )
I'm using archive-3.kali.org mirror.
So my sources.list look something like this..
deb http://archive-3.kali.org/kali kali-rolling main contrib non-free
deb-src http://archive-3.kali.org/kali kali-rolling main contrib non-free
Finally, do a apt-get update && apt-get dist-upgrade
It's GOING to take some time... Took about 1GB of network data...
Feeling bored with Natasha, decided that i should do an upgrade for my VM.
Edit your /etc/apt/sources.list.
Change it to:
deb http://http.kali.org/kali kali-rolling main contrib non-free
deb-src http://http.kali.org/kali kali-rolling main contrib non-free
If you are still on SANA,which you should not be...
deb http://http.kali.org/kali sana main non-free contrib
deb http://security.kali.org/kali-security sana/updates main contrib non-free
# For source package access, uncomment the following line
# deb-src http://http.kali.org/kali sana main non-free contrib
# deb-src http://security.kali.org/kali-security sana/updates main contrib non-free
Note that sometimes, you might get a package error.
I find that using the mirror could be a better choice. ( http://http.kali.org/README.mirrorlist )
I'm using archive-3.kali.org mirror.
So my sources.list look something like this..
deb http://archive-3.kali.org/kali kali-rolling main contrib non-free
deb-src http://archive-3.kali.org/kali kali-rolling main contrib non-free
Finally, do a apt-get update && apt-get dist-upgrade
It's GOING to take some time... Took about 1GB of network data...
Thursday, July 02, 2015
Google Fonts Downloader
I've been trying to download templates and stuff for my clients.
However, usually they would want those in their "internal" network that means NO INTERNET!
What about those fonts that most templates use now?
How can i make those google fonts offline?
-> https://google-webfonts-helper.herokuapp.com/fonts
:P
However, usually they would want those in their "internal" network that means NO INTERNET!
What about those fonts that most templates use now?
How can i make those google fonts offline?
-> https://google-webfonts-helper.herokuapp.com/fonts
:P
Wednesday, April 29, 2015
Ubuntu for VMWARE splitting into 2 screens!
And so i was testing a ubuntu installation on a VMware.
However, was given 2 screens.
Mirroring each other...
How How How...
Disable vmwgfx fbdev in ubuntu.
Edit the VM file /etc/modprobe.d/vmwgfx-fbdev.conf to say
options vmwgfx enable_fbdev=0
sudo update-initramfs -u && reboot
Heng ah!
However, was given 2 screens.
Mirroring each other...
How How How...
Disable vmwgfx fbdev in ubuntu.
Edit the VM file /etc/modprobe.d/vmwgfx-fbdev.conf to say
options vmwgfx enable_fbdev=0
sudo update-initramfs -u && reboot
Heng ah!
Sunday, April 12, 2015
Installing Google Chrome on Kali Linux
Lets get Google GNU GPG Keys.
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
Lets create a new Chrome Repository
echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list
apt-get update
apt-get install google-chrome-stable
To run.
Create a non-root user
useradd -m chromeuser
Create a shortcut to run google chrome
gksu -u chromeuser google-chrome
Thursday, April 02, 2015
Learning Git & Installing Gitlist
The company that i've worked for has tons of codes EVERYWHERE.
And using a file directory system guess it's not gonna work for them.
Introducing GIT....
Which i hope will be able to solve the problem... hahaha!
Which i hope will be able to solve the problem... hahaha!
Install Debian
apt-get update
apt-get install php5 apache2 git
Now I will assume the following:
Path to my git is at : /home/code/
mkdir /home/code/
chmod -R 744 /home/code/
chown -R www-data:www-data /home/code/
Install gitlist ( Web for git )
http://gitlist.org/ or cd /var/www/ && wget "https://s3.amazonaws.com/gitlist/gitlist-0.5.0.tar.gz"
tar -zxf gitlist-0.5.0.tar.gz
cd /var/www/gitlist/
rm config.ini-example ( Or you can rename it to config.ini with the following contents )
nano config.ini
[git]
client = '/usr/bin/git' ; Your git executable path
default_branch = 'master' ; Default branch when HEAD is detached
repositories[] = '/home/code/' ; Path to your repositories
; If you wish to add more repositories, just add a new line
; WINDOWS USERS
;client = '"C:\Program Files (x86)\Git\bin\git.exe"' ; Your git executable path
;repositories[] = 'C:\Path\to\Repos\' ; Path to your repositories
; You can hide repositories from GitList, just copy this for each repository you want to hide
; hidden[] = '/home/git/repositories/BetaTest'
[app]
debug = false
cache = true
theme = "default"
title = ""
baseurl = 'http://localhost/gitlist';
; If you need to specify custom filetypes for certain extensions, do this here
[filetypes]
; extension = type
; dist = xml
; If you need to set file types as binary or not, do this here
[binary_filetypes]
; extension = true
; svh = false
; map = true
; set the timezone
[date]
; timezone = UTC
; format = 'd/m/Y H:i:s'
Lets enable mod-rewrite
a2enmod rewrite
For the .htaccess in /var/www/gitlist/, make sure the rewrite rule becomes /gitlist/index.php instead of the original index.php
root@gitlist:/var/www/gitlist# cat .htaccess
Options -MultiViews +SymLinksIfOwnerMatch
RewriteEngine On
#RewriteBase /var/www/gitlist/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /gitlist/index.php/$1 [L,NC]
order allow,deny
deny from all
Make a directory called cache and chmod 777 to it
mkdir cache
chmod 777 /var/www/gitlist/cache/
chown -R www-data:www-data /var/www/gitlist/
/etc/init.d/apache2 restart
Lets init an empty git.
cd /home/code/
git init --bare my-project.git
Tuesday, March 03, 2015
Creating a HTTPS client authentication based web server with CRL.
Ok.
I am in need of a web server that uses HTTPS client certificate authentication.
I think this should keep those without the client cert off my https! :P
Lets start
Lets create a directory to store every thing
Lets echo a number for our CRLNumber file ( CRL number is for the next number for the next cert )
echo 1000 > crlnumber
Lets touch an index. ( A database of all the certs in there )
touch index.txt
Lets create an openssl.cnf file. This will be the config file passed in to all the commands.
===== Start =====
dir = /xxx
[ ca ]
default_ca = CA_default
[ CA_default ]
serial = $dir/crlnumber
new_certs_dir = $dir/certs
database = $dir/index.txt
policy = policy_match
default_days = 365
default_md = md5
default_crl_days = 1
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
[ v3_ca ]
# Extensions for a typical CA
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = CA:true
keyUsage = cRLSign, keyCertSign
[ req ]
distinguished_name = req_distinguished_name
string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = SG
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Singapore
localityName = Locality Name (eg, city)
localityName_default = Singapore
0.organizationName = Organization Name (eg, company)
0.organizationName_default = XXX
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
# SET-ex3 = SET extension number 3
===== Start =====
Lets create a CA ( Remember the password )
openssl genrsa -aes256 -out ca.key.pem 4096
Lets create the cert out of the key!
openssl req -new -x509 -days 3650 -key ca.key.pem -sha256 -extensions v3_ca -out ca.cert.pem
Ok, the CA seems to be fixed now.
Lets create our apache web server key and cert
openssl genrsa -out server.key.pem 4096
Create a CSR out of it
openssl req -sha256 -new -key server.key.pem -out server.csr.pem
Lets sign it
openssl ca -keyfile ca.key.pem -cert ca.cert.pem -extensions usr_cert -notext -md sha256 -in server.csr.pem -out server.cert.pem -config openssl.cnf
Lets fix Apache
SSLEngine on
SSLCertificateFile /xxx/server.cert.pem
SSLCertificateKeyFile /xxx/server.key.pem
SSLCACertificateFile /xxx/ca.cert.pem
Now your apache should be HTTPS enabled.
Though you should get a cert not trusted sign.
Lets move on to allow our clients to login...
SSLCARevocationFile /xxx/crl.pem
SSLVerifyClient require
SSLVerifyDepth 1
==== Create user script
#!/bin/bash
echo "Creating Private Key for $1"
openssl genrsa -out $1.key.pem 4096
echo "Creating CSR for $1"
openssl req -new -key $1.key.pem -out $1.csr.pem -config openssl.cnf
echo "Signing CSR from CA Key"
openssl ca -keyfile ca.key.pem -cert ca.cert.pem -extensions usr_cert -notext -md sha1 -in $1.csr.pem -out $1.cert.pem -config openssl.cnf
echo "Creating P12 keys"
openssl pkcs12 -export -clcerts -in $1.cert.pem -inkey $1.key.pem -out $1.p12
==== Create user script
==== revokeUser.sh
#!/bin/bash
echo "Revoke user: $1"
openssl ca -keyfile ca.key.pem -cert ca.cert.pem -revoke $1.cert.pem -config openssl.cnf
clear
echo "Generating new CRL"
openssl ca -keyfile ca.key.pem -cert ca.cert.pem -gencrl -out crl.pem -config openssl.cnf
/etc/init.d/apache2 restart
==== revokeUser.sh
To create the user ./createUser.sh nameofuser
To revoke ./revokeUser.sh nameofuser
I am in need of a web server that uses HTTPS client certificate authentication.
I think this should keep those without the client cert off my https! :P
Lets start
Lets create a directory to store every thing
Lets echo a number for our CRLNumber file ( CRL number is for the next number for the next cert )
echo 1000 > crlnumber
Lets touch an index. ( A database of all the certs in there )
touch index.txt
Lets create an openssl.cnf file. This will be the config file passed in to all the commands.
===== Start =====
dir = /xxx
[ ca ]
default_ca = CA_default
[ CA_default ]
serial = $dir/crlnumber
new_certs_dir = $dir/certs
database = $dir/index.txt
policy = policy_match
default_days = 365
default_md = md5
default_crl_days = 1
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
basicConstraints=CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
[ v3_ca ]
# Extensions for a typical CA
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = CA:true
keyUsage = cRLSign, keyCertSign
[ req ]
distinguished_name = req_distinguished_name
string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = SG
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Singapore
localityName = Locality Name (eg, city)
localityName_default = Singapore
0.organizationName = Organization Name (eg, company)
0.organizationName_default = XXX
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default =
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
# SET-ex3 = SET extension number 3
===== Start =====
Lets create a CA ( Remember the password )
openssl genrsa -aes256 -out ca.key.pem 4096
Lets create the cert out of the key!
openssl req -new -x509 -days 3650 -key ca.key.pem -sha256 -extensions v3_ca -out ca.cert.pem
Ok, the CA seems to be fixed now.
Lets create our apache web server key and cert
openssl genrsa -out server.key.pem 4096
Create a CSR out of it
openssl req -sha256 -new -key server.key.pem -out server.csr.pem
Lets sign it
openssl ca -keyfile ca.key.pem -cert ca.cert.pem -extensions usr_cert -notext -md sha256 -in server.csr.pem -out server.cert.pem -config openssl.cnf
Lets fix Apache
SSLEngine on
SSLCertificateFile /xxx/server.cert.pem
SSLCertificateKeyFile /xxx/server.key.pem
SSLCACertificateFile /xxx/ca.cert.pem
Now your apache should be HTTPS enabled.
Though you should get a cert not trusted sign.
Lets move on to allow our clients to login...
SSLCARevocationFile /xxx/crl.pem
SSLVerifyClient require
SSLVerifyDepth 1
==== Create user script
#!/bin/bash
echo "Creating Private Key for $1"
openssl genrsa -out $1.key.pem 4096
echo "Creating CSR for $1"
openssl req -new -key $1.key.pem -out $1.csr.pem -config openssl.cnf
echo "Signing CSR from CA Key"
openssl ca -keyfile ca.key.pem -cert ca.cert.pem -extensions usr_cert -notext -md sha1 -in $1.csr.pem -out $1.cert.pem -config openssl.cnf
echo "Creating P12 keys"
openssl pkcs12 -export -clcerts -in $1.cert.pem -inkey $1.key.pem -out $1.p12
==== Create user script
==== revokeUser.sh
#!/bin/bash
echo "Revoke user: $1"
openssl ca -keyfile ca.key.pem -cert ca.cert.pem -revoke $1.cert.pem -config openssl.cnf
clear
echo "Generating new CRL"
openssl ca -keyfile ca.key.pem -cert ca.cert.pem -gencrl -out crl.pem -config openssl.cnf
/etc/init.d/apache2 restart
==== revokeUser.sh
To create the user ./createUser.sh nameofuser
To revoke ./revokeUser.sh nameofuser
Subscribe to:
Posts (Atom)