So I am setting up a Backtrack 5r3 system to do some mobile app assessment. I want to set up the system as a wireless access point and be able to capture all the traffic. To do this I am using hostapd. Backtrack has this as a standard package available via: apt-get install hostapd
Unfortunately this is an older version of the program, 0.6.9 I believe, and it would not work with the ath9k I have in this system. The program threw an error each time I tried to run it. The latest stable build of hostapd is 1.0 and is available to download here. The problem is that you need to install the libnl-dev package in Backtrack before it will cleanly compile. After downloading and compiling hostapd 1.0 everything was good to go. So here are the commands to run for all you script kiddies out there.
apt-get install libnl-dev
tar –xzvf hostapd-1.0.tar.gz
cp defconfig .config
for i in hostapd hostapd_cli; do cp -f $i /usr/local/bin/$i; done
Congratulations you now have a fully functioning hostapd 1.0 install that will work with the ath9k wireless chipset on Backtrack 5r3.
I am playing around with konboot after first hearing about it on the Hak5 podcast. If you haven’t heard about it, it is a boot disk you can create on a floppy, CD or USB drive (see Irongeek’s site for USB instructions). The disk changes the windows or Linux kernel on the fly while booting to allow you to bypass the login password. In windows you just use any valid user name and a blank or garbage password, you will then be logged in as that user and can access all their files. So naturally you will probably want to try the local administrator user which will allow you to access all files on the computer. In Linux you will use the user name kon-usr and no password. This will give you full root access on the Linux machine.
I have found it works well if the system is not muti-boot. On my systems which are all multi-boot it would only work on one system and only on one OS which happen to be EEEbuntu. My other laptop gave me error about the cylinder number being too high like the old school days of LILO where the boot image had to be below cylinder 1024. I am assuming this is the same issue as the days of old. Also a caveat don’t use Konboot to login to a domain account on a computer that is connected to the network. This will disable the account on the domain and won’t allow you to login. In most environments user credentials are cached in case the network goes down. So air gap the computer before using a domain account.
Remediation steps are fairly simple. Lock the bios with a password and only allow the system to boot from the hard drive. This should already be in the check list of task to perform when deploying a new PC. Since this type of threat isn’t new kon-boot just make it a little simpler to access the PC than loading up a live linux distro like knopix. If there is any sensitive information on the hard drive encryption should be used of course since if someone steals the computer or hard drive its game over. With the breach notification laws in most states that is not a fun proposition.
I was setting up a test VM with 4 one TB SAN LUNS. After successfully creating and testing the VMware image I blew it away without touching the LVM. After greating the production image I tried to add the LUNS back to the LVM and I of course got errors when adding the LUNS to the LVM. The meta data for the old volume group was still there and the OS refused to add the LUNS to the existing volume group. I then tried to remove the volume group with the vgremove but since the devices with the UUIDs themselfs were long gone I could not do it.
I finally found a very simple solution just DD the damn things with zeros. That will blow out all the metadata. So for each lun I ran
if=/dev/zero of=/dev/XXX bs=512 count=5
Probably only needed a count=1 but what the hell I don’t care I didn’t have anydata on the LUNS anyways. After that running lvscan came back clean with no orphaned UUID’s and I was able to initialize the LUNS again and add them to the new volume group.
This series by Keith Loutit really make me want a shift tilt lens. I have seen plans online to make one since I will never be able to afford one.
Note to self use IE History View to view index.dat files for IE7. Index.dat spy no longer works.
On second thought just use encase.
I hear this argument all the time that Mac OS X is better than windows becuase it is more secure. The proof alot of people stat is there are very few virus and spyware on OS X. Yes that is true there are also very few on OS/2 warp, minux, BeOS, windows 3.11, NT 3.51, Irix, linux, solaris, BSD, and pretty much every other operating system know to man compared to windows. That doesn’t make them more secure. That makes them a small target compared to windows, it doesn’t make OS X more secure. There is a reason why tons of bugs were found in safari when Apple ported it to windows. Was the code so different from the OS X code base? I doupt it, there are many more automated security tools build for use on windows which also makes it that much easier to find the flaws in XP and Vista than in OS X. Any one who thinks apple cares that much about security let me remind you it took apple three weeks to patch the DNS vulnurability!! Weeks after there were working exploits. The larger the market share grows for Apple the more virus and malware you will see released targeting OS X.
Apple fan boys please don’t bug me. I personally use a mac as my main lap top now. I personally like OS X better than Vista and XP because I am a unix fan boy. But that is a personal choice. Also Linux fan boys I love linux and am a RHCE but I need an OS for my day to day work where I don’t have to wory about breaking everything because I upgraded lib c compat, or installed a new kernel. I run Cent OS on all my servers when I can and I also have another Ubuntu laptop that I use for certain security tools. Windows fan boys, securing mainly windows boxs is my bread and butter. Windows with AD in an enterprise is the way to go.
Best damn fark comment ever.
“I like to eat a bowl of Kraft Dinner (a.k.a. “KD”) while watching some opera or ballet. There’s nothing better than a little arts & Kraft.”
In response to winy poor Canadians not wanting to eat free kraft mac and cheese.