Rss

  • linkedin

How to install Kippo SSH honeypot on OpenBSD 5.5 with chroot

This is a basic guide how to install Kippo SSH Honeypot on OpenBSD 5.5 using chroot.

Please remember that this might be dangerous since the hacker depending of the skill set might find a way to escape from the honeypot or tries to find other service that are related to you. Only run a honeypot if you know what you are doing since the offender might retaliate

More information about Kippo can be found here: https://code.google.com/p/kippo/

Don’t run Kippo as root and use ports above 1024 (non privileged ports). Use port forwarding if you want to listen on port 22

How to install Naemon 0.8.0 on CentOS 6.5

Naemon 0.8.0This is a guide how to install Naemon 0.8.0 on CentOS 6.5 64-bit system. 32-bit packages are also available, just change download links bellow.

Download precompiled packages, you will find/verify the links from Naemon homepage: http://naemon.org

This instructions are created with CentOS minimal installation in mind, some packages may already exist if you have any other kind of installation.

Download wget

Download packages

Enable epel repository, required for both dependency (mod_fcgid), nrpe and nagios-plugins

Install mod_fcgid

Install Naemon

Disable SELinux, not supported by Thruk

Make it persistent

edit row: “SELINUX=enforcing”
replace with: “SELINUX=disabled”

Install nagios-plugins and NRPE agent, available via epel repository

Modify path to nagios plugins, edit /etc/naemon/resource.cfg

edit row: “$USER1$=/usr/lib64/naemon/plugins”
replace with: “$USER1$=/usr/lib64/nagios/plugins”

Start services (also after boot)

Installation complete, test your installation. Visit http://your-server/naemon/ and use default password admin/admin

Howto: build Naemon from source for Ubuntu 12.04

It’s quite straight forward to build Naemon from source with Ubuntu, all required softwares can be found as packages from the standard repository

Install dependencies

Get latest version of Naemon

Update source (meta package may not be updated)

Build Naemon

Create DEB

Install Naemon

Restart Apache

Change path to Nagios-plugins for Naemon

Find row: $USER1$=/usr/lib/naemon/plugins
Change to: $USER1$=/usr/lib/nagios/plugins

Reload config for Naemon

Done!
Browse to server/naemon and use admin/admin

Howto: build Naemon from source for CentOS 6.5

CentOS are a bit of tricky since a lot of packages are not available from standard repository. We needs to download a lot of components and build from source.

Build Naemon

Install dependencies for Naemon

Enable epel repository, we need this for nagios-plugins and mod_fcgid

Install nagios-plugins and mod_fcgid

Get latest version of Naemon

Ignore yui-compressor, are not available as a package

Update source (meta package may not be updated)

Create compiler configuration

Create RPM

Disable SELinux, not supported by Thruk

Make it persistent

edit row: “SELINUX=enforcing”
replace with: “SELINUX=disabled”

Install Naemon

Enable new services on boot and start them

Done!

Browse to server/naemon and use admin/admin

How to build monitoring-plugins for CentOS 6.5 for Naemon

This is a quick guide how to build monitoring-plugins (formerly known as nagios-plugins) on CentOS 6.5 (64-bit) for Naemon
cd ~/
# Get monitoring-plugins source
wget https://www.monitoring-plugins.org/download/nagios-plugins-1.5.tar.gz
tar -xzvf nagios-plugins-1.5.tar.gz -C /usr/local/src/
rm -rf nagios-plugins-1.5.tar.gz
# Get qstat precompiled package, can't find source code to build from source
wget http://pkgs.repoforge.org/qstat/qstat-2.11-1.el6.rf.uname -p.rpm
rpm -i --nosignature qstat-2.11-1.el6.rf.*.rpm
rm -rf qstat-2.11-1.el6.rf.*.rpm
# Get fping source
wget http://fping.org/dist/fping-3.8.tar.gz
tar -xzvf fping-3.8.tar.gz -C /usr/local/src/
rm -rf fping-3.8.tar.gz
# Get radiusclient-ng source
wget http://downloads.sourceforge.net/project/radiusclient-ng.berlios/radiusclient-ng-0.5.6.tar.gz
tar -xzvf radiusclient-ng-0.5.6.tar.gz -C /usr/local/src/
rm -rf radiusclient-ng-0.5.6.tar.gz
# Get lmutil, this is a tricky one. lmstat is the component that are required but it's
# not longer available. All little tools have been incorporated within lmutil but
# we can create a substitute that will work
wget http://www.globes.com/products/utilities/v11.12/lmutil-x64_lsb-11.12.0.0v6.tar.gz
tar -xzvf lmutil-x64_lsb-11.12.0.0v6.tar.gz -C /usr/local/bin/
rm -rf lmutil-x64_lsb-11.12.0.0v6.tar.gz
chmod +x /usr/local/bin/lmutil
echo #!/bin/bash > /usr/local/bin/lmstat
echo /usr/local/bin/lmutil lmstat "$@" >> /usr/local/bin/lmstat
chmod +x /usr/local/bin/lmstat
# Build and install radiusclient-nt
cd /usr/local/src/radiusclient-ng-0.5.6
./configure
make
make install
# Build and install fping
cd /usr/local/src/fping-3.8/
./configure
make
make install
# Install dependencies
yum install net-snmp-utils postgresql-devel libdbi-devel bind-utils samba-client
# Install perl modules
PERL_MM_USE_DEFAULT=1 perl -MCPAN -e 'install Net::SNMP'
# Build and install nagios-plugins
cd /usr/local/src/nagios-plugins-1.5
./configure --with-nagios-user=naemon --with-nagios-group=naemon --libexec=/usr/lib64/naemon/plugins/
make
make install

smtpd instead of sendmail in OpenBSD

sendmail is in my opinion unessisary advanced and compicated for the most installations and there are a more simpler solution already in base for OpenBSD which is smtpd. This daemon is not active by default but it’s simple to change.

Stop sendmail

pkill sendmail

Edit /etc/mailer.conf and change to the following

sendmail       /usr/sbin/smtpctl

send-mail     /usr/sbin/smtpctl

mailq           /usr/sbin/smtpctl

makemap         /usr/libexec/smtpd/makemap

newaliases      /usr/libexec/smtpd/makemap

hoststat        /usr/libexec/sendmail/sendmail

purgestat       /usr/libexec/sendmail/sendmail

Rebuild aliases database

newaliases

Make sure smtpd starts with the system and stop sendmail

echo “sendmail_flags=NO” >> /etc/rc.conf.local

echo “smtpd_flags=” >> /etc/rc.conf.local

Start smtpd

smtpd

Done!

Modifiy /etc/mail/smtpd.conf for your system, it’s a dream in comparison to sendmail

–  Johan Ryberg

Preorder OpenBSD 5.1 today

Theo de Raadt announced today that it’s now possible to preorder OpenBSD 5.1 that will be released May 1 2012. As usual is the preorders delivered a few days before the release date.  It’s also important to buy since the money is used by the developers to keep the project running.

It is that time again.  I have just activated pre-orders for CDs,
tshirts, and posters for the 5.1 release — due May 1.

http://openbsd.org/orders.html

At the same time, I am making available the song that will come out
with the release (hmm, it is still moving out to the ftp mirrors at
the moment, but that is ok).  The song and details of it are linked
from:

http://openbsd.org/lyrics.html

And there is something else.  Five years ago we made available an
Audio CD that contained 5 years of songs.  Well, we have made a new
audio CD since enough new songs have been made.  It is not very
expensive, so please consider buying this as well when you place any
order.  It has some rather nice liner notes.  Had some great fun
coming up with the cover for that CD:

http://openbsd.org/images/cdaudio2.gif

I’d also like you remind you that Michael Lucas new “SSH Mastery” book
is also now available, in case anyone was waiting for the 5.1 release
to place one order.

http://openbsd.org/books.html#book9

Please consider purchasing these items and/or making a donation, since
this is a very important revenue source which keeps the project going.

– Johan Ryberg

Vulnerabilities in Remote Desktop Could Allow Remote Code Execution – Update is released

Microsoft just released a security bulletin MS12-02 where they stated that an attacker could execute code on the targeted machine via Remote Desktop (tcp port 3389) and it’s a critical vulnerability and the patch should be applied at once. If the computer by any reason can’t be updated it should be turned off at once.

More info: http://technet.microsoft.com/en-us/security/bulletin/ms12-020

–  Johan Ryberg

How to compile Reaver under Ubuntu 12.04 (and aircrack-ng)

This is a quick how-to compile and install Reaver under Ubuntu 12.04

Steps:

  1. download source
  2. install required libraries and tools
  3. download and build aircrack-ng
  4. compile and install
  5. run =)

Download Source

First you need to download the latest source from http://code.google.com/p/reaver-wps/

wget http://reaver-wps.googlecode.com/files/reaver-1.4.tar.gz

Extract the tarball

tar -xzvf reaver-1.4.tar.gz

Install Required Libraries and Tools

Before you can build Reaver you need pcaplib and later on aircrack-ng (iw) to run Reaver

sudo apt-get install libpcap-dev sqlite3 libsqlite3-dev libpcap0.8-dev

Compile and Install

Build Reaver

cd reaver-1.4
cd src
./configure
make

Install Reaver

sudo make install

Download aircrack-ng source and build it

Since Ubuntu 12.04 aircrack-ng is not longer in the repository but you can still download it from source and compile it. It’s only one little tweak that need to be done since it will not build without the following errors.

johan@ubuntu-lab:~/aircrack-ng-1.1$ make
make -C src all
make[1]: Entering directory /home/johan/aircrack-ng-1.1/src'
make -C osdep
make[2]: Entering directory
/home/johan/aircrack-ng-1.1/src/osdep’
Building for Linux
make[3]: Entering directory /home/johan/aircrack-ng-1.1/src/osdep'
gcc -g -W -Wall -Werror -O3 -D_FILE_OFFSET_BITS=64 -D_REVISION=0  -fPIC -I..    -c -o osdep.o osdep.c
gcc -g -W -Wall -Werror -O3 -D_FILE_OFFSET_BITS=64 -D_REVISION=0  -fPIC -I..    -c -o network.o network.c
gcc -g -W -Wall -Werror -O3 -D_FILE_OFFSET_BITS=64 -D_REVISION=0  -fPIC -I..    -c -o linux.o linux.c
linux.c: In function ‘is_ndiswrapper’:
linux.c:165:17: error: variable ‘unused’ set but not used [-Werror=unused-but-set-variable]
linux.c: In function ‘linux_set_rate’:
linux.c:334:22: error: variable ‘unused’ set but not used [-Werror=unused-but-set-variable]
linux.c: In function ‘linux_set_channel’:
linux.c:807:22: error: variable ‘unused’ set but not used [-Werror=unused-but-set-variable]
linux.c: In function ‘linux_set_freq’:
linux.c:896:22: error: variable ‘unused’ set but not used [-Werror=unused-but-set-variable]
linux.c: In function ‘set_monitor’:
linux.c:1022:22: error: variable ‘unused’ set but not used [-Werror=unused-but-set-variable]
linux.c: In function ‘do_linux_open’:
linux.c:1366:12: error: variable ‘unused_str’ set but not used [-Werror=unused-but-set-variable]
linux.c:1352:15: error: variable ‘unused’ set but not used [-Werror=unused-but-set-variable]
linux.c: In function ‘get_battery_state’:
linux.c:1982:35: error: variable ‘current’ set but not used [-Werror=unused-but-set-variable]
cc1: all warnings being treated as errors
make[3]: *** [linux.o] Error 1
make[3]: Leaving directory
/home/johan/aircrack-ng-1.1/src/osdep’
make[2]: *** [all] Error 2
make[2]: Leaving directory /home/johan/aircrack-ng-1.1/src/osdep'
make[1]: *** [osd] Error 2
make[1]: Leaving directory
/home/johan/aircrack-ng-1.1/src’
make: *** [all] Error 2

This is how to build aircrack-ng under Ubuntu 12.04

sudo apt-get install build-essential
sudo apt-get install libssl-dev
wget http://download.aircrack-ng.org/aircrack-ng-1.1.tar.gz
tar -zxvf aircrack-ng-1.1.tar.gz
cd aircrack-ng-1.1

Edit common.mak with vi as example

vi common.mak

Find the following row

CFLAGS          ?= -g -W -Wall -Werror -O3

Remove “-Werror” so that it looks like this

CFLAGS          ?= -g -W -Wall -O3

Save the file, build and install

make
sudo make install

Run

Reaver is now installed and ready to use. You will first need to put the wifi adapter info monitor mode before you can start and the most easiest way is to use airmon-ng (part of aircrack-ng) that you just installed.

First put your adapter info monitor mode, in my case it’s wlan0

sudo airmon-ng start wlan0

Run Reaver

sudo reaver -i mon0 -b 00:00:00:00:00:00

Replace MAC 00:00:00:00:00:00 with the actual AP:s MAC address to crack

– Johan Ryberg

Guide: How to make Gobi 2000 Wirless modem work under Ubuntu 12.04

Install 3G-modemet Sierra Wireless, Inc. Gobi 2000 Wireless Modem

This is a how-to install the 3G modem “Sierra Wireless, Inc. Gobi 2000 Wireless Modem” under Ubuntu 12.04 LTS (Precise Pangolin) with basic support for GPS

This guide should work with the following models:

  • Fujitsu CELSIUS H700
  • Fujitsu LIFEBOOK A530 / AH530
  • Fujitsu LIFEBOOK A550 / AH550 (Intel Gfx)
  • Fujitsu LIFEBOOK AH550 (NVidia Gfx)
  • Fujitsu LIFEBOOK E780 (Intel Gfx)
  • Fujitsu LIFEBOOK E780 (NVidia Gfx)
  • Fujitsu LIFEBOOK P3110
  • Fujitsu LIFEBOOK P770
  • Fujitsu LIFEBOOK P8110
  • Fujitsu LIFEBOOK PH530
  • Fujitsu LIFEBOOK S710
  • Fujitsu LIFEBOOK S760
  • Fujitsu LIFEBOOK T4410/ T4310
  • Fujitsu LIFEBOOK T580
  • Fujitsu LIFEBOOK T730
  • Fujitsu LIFEBOOK T900
  • Fujitsu LIFEBOOK TH700
  • Fujitsu LIFEBOOK UH900
  • and other models from HP, Lenovo and others with Sierra Wireless, Inc. Gobi 2000 Wireless Modem

First, control so that you really have the integrated modem in you computer with lsusb

johan@ubuntu-lab:~$ lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 003: ID 1199:9000 Sierra Wireless, Inc. Gobi 2000 Wireless Modem (QDL mode)
Bus 001 Device 004: ID 04f2:b186 Chicony Electronics Co., Ltd
Bus 002 Device 003: ID 08ff:2550 AuthenTec, Inc.
Bus 002 Device 004: ID 1b96:0008 N-Trig
Bus 002 Device 005: ID 1690:0741 Askey Computer Corp. [hex]
Bus 001 Device 005: ID 1234:ffff Unknown

Install the wrapper for Gobi that is needed to load the 3G modem firmware and wine that you need to extract the firmware from the driver for the Microsoft Windows XP/Windows 7 installation packet.

johan@ubuntu-lab:~$ sudo apt-get install gobi-loader wine

Download the drivers from http://support.ts.fujitsu.com/Download/Download.asp?SoftwareGUID=BE060271-9410-4E34-B732-D7D016F9EC27&Filename=FTS_SierraWirelessGobi2000HSUSBMobileBroadband_11180_1053221.zip

Start a terminal and navigate to the path where you saved the download. In my case it’s in ~/Downloads.

johan@ubuntu-lab:~$ cd Downloads/

Extract the archive with command unzip FTS_SierraWirelessGobi2000HSUSBMobileBroadband_11180_1053221.zip

johan@ubuntu-lab:~/Downloads$ unzip FTS_SierraWirelessGobi2000HSUSBMobileBroadband_11180_1053221.zip

Navigate to the folder that just been created

johan@ubuntu-lab:~/Downloads$ cd 72-VR322-15_1.1.180

Use wine and the command msiexec to extract the drivers from the MSI-file. The files will be saved in the “virtual” c: for wine that’s really saved under ~/.wine/drive_c

johan@ubuntu-lab:~/Downloads/72-VR322-15_1.1.180$ wine msiexec /a GobiInstaller.msi /qb TARGETDIR="c:temp"

Create the folder /lib/firmware/gobi and copy the driver to that path

johan@ubuntu-lab:~/Downloads/72-VR322-15_1.1.180$ sudo mkdir /lib/firmware/gobi
johan@ubuntu-lab:~/Downloads/72-VR322-15_1.1.180$ sudo cp ~/.wine/drive_c/temp/Images/Sierra/UMTS/* /lib/firmware/gobi/
johan@ubuntu-lab:~/Downloads/72-VR322-15_1.1.180$ sudo cp ~/.wine/drive_c/temp/Images/Sierra/0/UQCN.mbn /lib/firmware/gobi/

It’s now time to restart the computer to make the 3G modem to load it’s firmware and after that it will be visible in network-manager for example.

GPS

Some models of Gobi 2000 has internal GPS and it’s also possible to use but in my case the 3G modem is disappearing every time I communicate with the GPS and I have not solved that problem yet. If you have any tips that may solve this problem I would be happy.

Install any GPS client of your choice. I have chosen gpsd

johan@ubuntu-lab:~$ sudo apt-get install gpsd gpsd-clients

Configure gpsd

johan@ubuntu-lab:~$ sudo /lib/udev/gpsd.hotplug add /dev/ttyUSB2
johan@ubuntu-lab:~$ sudo dpkg-reconfigure gpsd

Enter /dev/ttyUSB2 as the path to the GPS

Start gpsd

johan@ubuntu-lab:~$ sudo service gpsd start

The GPS wont work until you tell it to do so and you need to manually start it with the following command. Please notice that the 3G modem will stop working as fast as you start to communicate with /dev/ttyUSB2

johan@ubuntu-lab:~$ sudo su -
root@ubuntu-lab:~$ echo "$GPS_START" > /dev/ttyUSB2

To stop the GPS enter the following command

johan@ubuntu-lab:~$ sudo su -
root@ubuntu-lab:~$ echo "$GPS_STOP" > /dev/ttyUSB2

– Johan Ryberg