Saturday, 31 August 2013

Additional, useful Unix tools in Kali via apt-get

Hey there,

just today I found a new useful linux command called "mtr", ok this tool is available since the late 90s of the last century, but for me it was new. It is an enhanced traceroute and is much quicker than traceroute, as it combines traceroute with ping and you can gather much more information with mtr than with traceroute. As I also install some more useful Unix commands via apt-get on my Kali Linux for Raspberry Pi, I just give a short overview about them (also as reminder for me):

- mtr (as explained above, much more powerful than traceroute)
- htop (nicer view than the normal top)
- dstat (nice view of resource  consumption with timestamp, e.g. dstat --tclmgry)
- tree (shorter and much powerful version of "find . -type d")
- links (if you need a browser in the shell; it is no fun to surf the web in a cli, but sometimes it can be useful)
- bc (little calculator in the shell)
- colordiff (you can guess it by the name, it enhances diff by adding color)
- tmux (alternative to screen)
- vim (no, I don't use emacs ;-)

A really great tool is tmux, that makes you're life in the shell much more easy. You should read the FAQ of OpenBSD to tmux for a quick'n'dirty introduction in it.

If you have any commands that are also useful for you regarding pentesting or to work more efficiently just leave a comment.

Another very useful tool for Mac OS X, regarding ssh is csshX. You can install it easily via homebrew on your Mac and you can manage different ssh sessions at once and you have also a master window that sends all input to every ssh session. Pretty neat.

Wednesday, 28 August 2013

Raspberry PI and Pentesting

Hey everybody,

I've got a Raspberry PI for one year now and at the beginning I was just playing around with it as Media Center, but then it was laying around and I didn't use it for several months.

This had to change, so I ordered a HDMI2DVI cable from Amazon, as I wanted to use it on my monitor that has only DVI and no HDMI. I ordered also a 16 GB SanDisk Class 10 Ultra SHDC memory card, You can find a detailed overview about memory cards that are working with the Raspbery Pi here.

Here you can find a list of several distributions available for the Raspebry Pi. Here are also detailed explanations of general installation instructions of an image to a memory card on Linux, Windows and Mac OS.

There are some Raspberry Pi distributions available, that can be used for Pentesting:
I installed the Kali image, as it is most likely that this distribution will be maintained better than the other two. PwnPi and Raspberry Pwn are both from 2012.

If you install the Kali image on a Unix system, just use dd:

root@kali:~ dd if=kali-pi.img of=/dev/sdb bs=512k

Of course you need to change /dev/sdb to your actual device where you want to write the image to.

If you install the Kali image to the memory card on a Windows system, you can use Win32 Disk Imager.

After installation just plug the memory card into your Raspberry Pi and boot up Kali Linux. After login with user root and password toor your should reset the root password and start the ssh-service. The basics for Kali can be found here.

If you connect now via ssh to your Raspberry Pi and ask yourself: "How can I start tools that need a X-Server?", just do the following on your Linux / Mac OS X client:

ssh -X <username>@<IP-of-Raspberry-Pi>

After you connected to it you can start for example wireshark and it will pop up on your client but will run on your Raspberry Pi. So you don't need any monitor or keyboard on it, you can do anything from remote.

If you are using Windows, you can also do this trick via the -X flag. You just need to install an X-Server on your windows machine, like Xming and connect via Putty.

To automatically start ssh during the boot process, just execute the following command:
update-rc.d ssh enable
Now you have a simple little pentesting gadget that you can use either to support you during onsite penetration tests or as an intruder showcase to just scare your management/customer as how an attacker could easily hide the gadget in the suspended ceiling of the office and eavesdrop your network.