Getting SAMBA to work

One of my colics have trouble setting up samba for his linux server.
apt-get install samba smbfs
Edit the samba config file at /etc/samba/smb.conf
# Global parameters
[global]
       workgroup = HOME
       netbios name = SAMBA
       server string = Samba Server %v
       map to guest = Bad User
       log file = /var/log/samba/log.%m
       max log size = 50
       socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
       preferred master = No
       local master = No
       dns proxy = No
       security = User
        hosts allow = 127. XXX.XXX
        interfaces = 127.0.0.1/8 XXX.XXX.XXX.XXX/16
        bind interfaces only = yes
        guest account = nobody
        null passwords = no
        username level = 6
        #password level = 6
        encrypt passwords = true
        unix password sync = yes
        domain master = no
        preserve case = yes
        short preserve case = yes
# Share
[files]
       path = /files/
       valid users = SOMEUSERHERE
       read only = No
       create mask = 0777
       directory mask = 0777

useradd -c "NAME HERE" SOMEUSERHERE
smbpasswd -a SOMEUSERHERE

*Note that usually samba will not start if your config is wrong..

Single boot kali into MAC

Friend has an old imac around.

Decided to install it with kali.

Pop in kali usb and press OPTION to boot menu.

Should see a WINDOWS and EFI BOOT partition.

Choose windows and install normally.

After installation, boot back to LIVE MODE.

root@kali:~# gdisk /dev/sda
zsh: correct 'gdisk' to 'fdisk' [nyae]? n
GPT fdisk (gdisk) version 0.8.5

Partition table scan:
  MBR: protective
  BSD: not present
  APM: not present
  GPT: present

Found valid GPT with protective MBR; using GPT.


Command (? for help): p
Disk /dev/sda: 976773168 sectors, 465.8 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): B6A4398E-3590-4BB7-AA57-D64EF74860D0
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 976773134
Partitions will be aligned on 2048-sector boundaries
Total free space is 4077 sectors (2.0 MiB)

Number  Start (sector)    End (sector)  Size       Code  Name
   1      2048      4095   1024.0 KiB  EF02
   2      4096       943585279   449.9 GiB   0700
   3       943585280       976771071   15.8 GiB    8200

Command (? for help): r

Recovery/transformation command (? for help): h

WARNING! Hybrid MBRs are flaky and dangerous! If you decide not to use one,
just hit the Enter key at the below prompt and your MBR partition table will
be untouched.

Type from one to three GPT partition numbers, separated by spaces, to be
added to the hybrid MBR, in sequence: 2
Place EFI GPT (0xEE) partition first in MBR (good for GRUB)? (Y/N): y

Creating entry for GPT partition #2 (MBR partition #2)
Enter an MBR hex code (default 07): 83
Set the bootable flag? (Y/N): y

Unused partition space(s) found. Use one to protect more partitions? (Y/N): n

Recovery/transformation command (? for help): w

Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!

Do you want to proceed? (Y/N): y
OK; writing new GUID partition table (GPT) to /dev/sda.
Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot.
The operation has completed successfully.
root@kali:~#

Syncing Apple Wireless Mouse and keyboard to kali

And so i have an old apple mouse and keyboard and decided to sync it to kali via bluetooth instead!

Holding on the keyboard power button throughout the syncing not sure if it works.

Bluetooth setup was a hassle.

So...

apt-get install blueman

Then run blueman-manager
:P

Setting up mod-security for apache.

And so we were looking into WAF for our sites....
Lets go...

apt-get install libapache2-modsecurity

Verify that all is well. If there is a shared, all is well.
apachectl -M | grep --color security

Rename the config file..
mv /etc/modsecurity/modsecurity.conf{-recommended,}

Restart apache
/etc/init.d/apache2 restart

Logs should be in /var/log/apache2/modsec_audit.log

Let's enable modsecurity
nano /etc/modsecurity/modsecurity.conf
SecRuleEngine DetectionOnly becomes SecRuleEngine On
SecResponseBodyAccess On becomes SecResponseBodyAccess Off
Restart apache

Test SQL injection
Create a php

<html> <body> <?php if(isset($_POST['login'])) { $username = $_POST['username']; $password = $_POST['password']; $con = mysqli_connect('localhost','root','password','sample'); $result = mysqli_query($con, "SELECT * FROM `users` WHERE username='$username' AND password='$password'"); if(mysqli_num_rows($result) == 0) echo 'Invalid username or password'; else echo '<h1> Logged in</h1> <p> A Secret for you....</p> '; } else { ?> <form action="" method="post"> Username: <input type="text" name="username"/><br /> Password: <input type="password" name="password"/><br /> <input type="submit" name="login" value="Login"/> </form> <?php } ?> </body> </html>
Change password to suit your database.

Login to MYSQL.
mysql -u root -p
create database sample;
connect sample;
create table users(username VARCHAR(100),password VARCHAR(100));
insert into users values('jesin','pwd');
insert into users values('alice','secret');
quit;

Test your page to see if can login.
Then under username, use this: ' or true -- 
Note the space behind --
You should be able to login. FUCK!!!!

Lets get the ruleset.
wget "https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/v2.2.5"
tar -zxf 

Lets move the ruleset
rm -rf /usr/share/modsecurity-crs/*
mkdir /usr/share/modsecurity-crs
mv SpiderLabs-owasp-modsecurity-crs-5c28b52/* /usr/share/modsecurity-crs/
cd /usr/share/modsecurity-crs/
mv modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf
cd /usr/share/modsecurity-crs/activated_rules/
ln -s ../modsecurity_crs_10_setup.conf .
for f in `ls /usr/share/modsecurity-crs/base_rules/` ; do sudo ln -s /usr/share/modsecurity-crs/base_rules/$f /usr/share/modsecurity-crs/activated_rules/$f ; done
for f in `ls /usr/share/modsecurity-crs/optional_rules/` ; do sudo ln -s /usr/share/modsecurity-crs/optional_rules/$f /usr/share/modsecurity-crs/activated_rules/$f ; done

nano /etc/apache2/mods-available/mod-security.conf
Add in the following 2 lines
        Include "/usr/share/modsecurity-crs/*.conf"

        Include "/usr/share/modsecurity-crs/activated_rules/*.conf"

Make sure that mod-security.conf is something like that...


        # Default Debian dir for modsecurity's persistent data
        SecDataDir /var/cache/modsecurity

        # Include all the *.conf files in /etc/modsecurity.
        # Keeping your local configuration in that directory
        # will allow for an easy upgrade of THIS file and
        # make your life easier
        Include "/etc/modsecurity/*.conf"
        Include "/usr/share/modsecurity-crs/*.conf"
        Include "/usr/share/modsecurity-crs/activated_rules/*.conf"

Make sure that mod-security.load is something like that...

LoadFile libxml2.so.2

LoadModule security2_module /usr/lib/apache2/modules/mod_security2.so

Make sure that mod-security is loaded via a2enmod. It should be done by default.

Restart your apache.

You might need to a2enmod headers or apt-get install libapache2-mod-proxy-html
Remove relevant rules if needed.
Also check that the mod-security.conf does not load duplicate conf
Test your injection, it should fail.

The site: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project requires modsecurity >= 2.7.

PFSense with snort

And so i was tasked to settle the pfsense for a small network.
Decided to install snort.

Go to System > Packages > Available Packages > find Snort
Install it.
Get oinkcode from snort website.
Go back to services > snort
Go to global settings
Tick Install Snort VRT Rules
Paste oinkcode
Check Install Snort Community
Check ETOpen
Set auto update to 1 day.
Save.

Go to updates tab.
Update the rules.

Go back to Snort Interfaces tab.
Add a new interface
Set interface to WAN.
Save

Edit the WAN interface.
Check the snort Snort GPLv2 Community Rules (VRT CERTIFED) to enable the snort rules.

and remember to save!

Reference: https://techknight.eu/2015/03/14/pfsense-snort-idsips-basic-setup-and-configuration/

Connect WPA2 on linux

And so i have a linux that is far from the router.
And i need to connect it via wifi.

apt-get install 

Know your interface first...
nano /etc/network/interfaces

auto wlan0

iface lo inet loopback

iface eth0 inet dhcp

allow-hotplug wlan0

iface wlan0 inet static ( Else use iface wlan0 inet dhcp )

address 192.168.1.155

netmask 255.255.255.0

gateway 192.168.1.1

wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

iface default inet dhcp

nano /etc/wpa_supplicant/wpa_supplicant.conf

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev

update_config=1

network={

ssid="NYO_WWWP"

psk="topsecret"

proto=RSN

key_mgmt=WPA-PSK

pairwise=CCMP

auth_alg=OPEN

}

Install .Net Framework 3.5 on windows 10

DISM /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:d:\sources\sxs

VMWare Workstation 12 - Kali Rolling - No internet too...

And so i decided to install Kali on my office laptop.
Which unfortunately, LAN and WIFI is spoilt...
Being a poor guy as usual, did not have money to buy a USB wireless adapter....
So.... 
Lets do it the HARD CORE USB THUMBDRIVE WAY!

Install VMWare.
Get the installer from the website. It's a bundle file.
chmod +x {bundle name}
./{bundle name}
VMWare installation will start.
Next all the way, for CDKEY, google youtube. There's a key out there that works...

After installation, while trying to run vmware
Should get an error saying that some headers are not found.

FUGGGGGG!
No internet, how to update?????

On another internet PC somewhere far far away...
On kali-rolling, the headers are unfortunately linux-headers-4.0.0 ( uname -r )
In the kali-rolling repo, the headers are 4.4.0 ( apt-cache search linux-headers )
HOW HOW HOW!

Let's revert the apt/sources.list and change it to SANA repo.
nano /etc/apt/sources.list
deb http://http.kali.org/kali sana main non-free contrib deb http://security.kali.org/kali-security sana/updates main contrib non-free deb-src http://http.kali.org/kali sana main non-free contrib deb-src http://security.kali.org/kali-security sana/updates main contrib non-free

apt-get flush && apt-get autoremove
apt-get update
apt-cache search linux-headers
You should see that there is a linux-headers-4.0.0

Lets download this and move it to the lousy office laptop.
This command will list the packages (deb) files needed and output to a urls.txt
apt-get -qq --print-uris install build-essential linux-headers-$(uname -r) | cut -d\' -f2 > urls.txt

Lets download the deb files...
mkdir temp
mv urls.txt temp/
cd temp
wget -i urls.txt

Once done, move everything over to the no internet laptop.
dpkg -i *.deb

Kali Rolling - Lets update

Well, Kali linux just got an upgrade ( Quite some time back ).
Feeling bored with Natasha, decided that i should do an upgrade for my VM.

Edit your /etc/apt/sources.list.
Change it to:
deb http://http.kali.org/kali kali-rolling main contrib non-free
deb-src http://http.kali.org/kali kali-rolling main contrib non-free

If you are still on SANA,which you should not be...
deb http://http.kali.org/kali sana main non-free contrib
deb http://security.kali.org/kali-security sana/updates main contrib non-free
# For source package access, uncomment the following line
# deb-src http://http.kali.org/kali sana main non-free contrib
# deb-src http://security.kali.org/kali-security sana/updates main contrib non-free

Note that sometimes, you might get a package error.
I find that using the mirror could be a better choice. ( http://http.kali.org/README.mirrorlist )
I'm using archive-3.kali.org mirror.
So my sources.list look something like this..
deb http://archive-3.kali.org/kali kali-rolling main contrib non-free
deb-src http://archive-3.kali.org/kali kali-rolling main contrib non-free

Finally, do a apt-get update && apt-get dist-upgrade
It's GOING to take some time... Took about 1GB of network data...