Skip to content

Security

Tradepub is Giving Away “Learning Network Forensics” For Free, Here’s the Link

I just got an email offer for a free digital copy of “Learning Network Forensics” by Samir Datt (2016).  This is a PACKT book that was just released this year.  It is currently selling for $49.99 on Amazon.  I have not read it yet, but it has been on my reading list.  Here is link I used to get it.

 

Full Disclosure:  I do not benefit from this in any way.  This was an offer I received on a daily email digest from “The Hacker News” website.  Tradepub is the company actually giving it away.  I’m pretty sure the link above somehow benefits “The Hacker News” but for free, I don’t mind.

Click Here To Keep Reading!

Hacking In Windows Using Nishang With Windows PowerShell, Like A Boss!

As requested, this is the first post of many I’m doing on “hacking” and “pentesting.”  Many admins aren’t comfortable with Linux, or just want to use convenient Windows-based tools, so that’s what we’re going to do.  We’ll talk about a tool called Nishang, which you can use to do many different pentesting and security auditing techniques, using the Windows PowerShell 3.0.

To get started, you will need to download Nishang.  You can click here to go directly to the GibHub page or click the link below to download the latest version directly.  First, here’s a video the creator of Nishang gave at Defcon 21.

 

Download & Install

 

Click here to download the latest version of Nishang from GibHub (master.zip).

 

Once you’ve downloaded the zip file, extract it, rename the folder to nishang.ps and put it in the root of your c: drive.

 

snag-11-4-2016-3-52-07-pm

 

Open the Windows PowerShell command prompt as Administrator.  On Windows 10, click the start button and type “powershell” then right click and select “Run as Administrator.”

Click Here To Continue Reading!

Do You Have a Reliable IP Scanner Installed? Advanced IP Scanner is Quick & Easy.

Every Network Administrator or Security Administrator should have a few basic tools installed and ready to go at a moments notice.  Advanced IP scanner is a reliable and free network scanner.  It offers complete analysis of your entire LAN, showing live IP addresses and giving you the ability to remotely control systems with RDP and Radmin.  It’s installable or fully portable, so you can keep it in your Dropbox or NextCloud folder for convenient access.

 

Key features of Advanced IP Scanner include:

  • Remote Shutdown (and Wake-on-Lan)
  • MAC address to IP resolution
  • Exportable scan results via CSV
  • Quick access to discovered network shares
  • Remote Control via Radmin & RDP
  • Built-in tools such as SSH, tracert, telnet and ping.

 

Click Here to Keep Reading!

Secure Apache In No Time, For Free, With an SSL Certificate From Let’s Encrypt!

Recently, I found out about a non-profit organization called Let’s Encrypt, which came into existence earlier this year.  Let’s Encrypt is a publicly trusted certificate authority that issues FREE SSL certificates.  The SSL Certificates are fully functional and extremely easy to request and install.  In fact, using Let’s Encrypt, it only takes about a minute to request and install an SSL certificate on Apache via the Linux command line, using a few simple commands.  If you have a Linux server(s) running any sort of public facing web server, there is no reason not to do this right now.  Here’s how to do it on Ubuntu 16.04 (although it should be the same process on any version of Ubuntu)!

 

Prerequisites

To install an SSL certificate from Let’s encrypt using this guide, you will need a couple things.

  • A server running Ubuntu 16.04 (although this should work on any version of Ubuntu)
  • Apache installed with a domain name(s) that is resolvable to the IP of the server.
    • If you are hosting multiple domains, you will need to be sure you have Virtual Hosts configured that properly specify the ServerName variable.

 

Install the Let’s Encrypt Client

 

To make things easy, there is a client available, based on python, that will do all of the hard work for you.  The package is called python-letsencrypt-apache.  Let’s use Aptitude to install it.

 

#  sudo apt-get update

# sudo apt-get install python-letsencrypt-apache

 

The client is now installed and we can move on to setting up the SSL certificate.

Click Here to Keep Reading!!

One user cannot add ActiveSync Exchange mailbox to iPhone / Android

Today I ran into a problem that was very unique.  We had one user, with a brand new iPhone, that was unable to successfully add their Exchange Activesync mailbox to their iPhone (this would apply to android as well).  The account would add to the phone, but when they would open the mail app and refresh, they would just get an error message that said “Unable to get mail.”  We could add any other users mailbox to the phone and it would work perfectly.  It ended up having to do with some of the security groups they were a member of, but more importantly, Inheritance had been disabled on their Active Directory account.  We are running Exchange 2013, but I’ve seen this issue apply to Exchange 2010 and other versions as well.

Like I said, we could add the account, but when trying to refresh mail on the phone, we got this nice popup box on the iPhone.

 

cannot-get-mail-server-failed

 

 

To troubleshoot further, I went to http://www.testexchangeconnectivity.com  to see if I could get some more details.  Come to find out, the server was kicking back the following:  “Exchange ActiveSync returned an HTTP 500 response (Internal Server Error).  Only on that one specific user account did we get this error.  Any and every other account worked perfectly.  After some digging and troubleshooting, we found a fix.

Click Here To Keep Reading!

How to install Arachni, Nikto, and Wapiti for OpenVAS on Ubuntu 14.04 LTS

If you don’t already have OpenVAS installed, click here if you need help installing OpenVAS 8 on Ubuntu 14.04, or click here if you need help installing OpenVAS 7 on CentOS 7. If you have installed OpenVAS 8 (or an older version), you might have noticed some of these peculiar errors in your scan reports.

Vulnerability Detection Result
Arachni could not be found in your system path.
OpenVAS was unable to execute Arachni and to perform the scan you
requested.
Please make sure that Arachni is installed and that arachni is
available in the PATH variable defined for your environment.

Screen Shot 2015-06-05 at 8.41.47 PM

Vulnerability Detection Result
Nikto could not be found in your system path.
OpenVAS was unable to execute Nikto and to perform the scan you
requested.
Please make sure that Nikto is installed and that nikto.pl or nikto is
available in the PATH variable defined for your environment.

Click Here To Read The Rest!

Step By Step – Install OpenVAS 7 On CentOS 7 – Run Vulnerability Assessments and Pen Tests

Recently, I published a guide outlining how to install OpenVAS 8, from source, on Ubuntu 14. I got some feedback from some folks requesting a guide on installing OpenVAS on CentOS 7, from the binary packages available via yum. FYI, as of this writing, there are no binary packages for OpenVAS 8, hopefully they will come soon. OpenVAS is a top-knoch Open Source package for running vulnerability scans against networks and servers. Every network administration should have an OpenVAS installation tucked away on a virtual machine somewhere. It’s just so easy to monitor all of your systems for vulnerabilities, there’s no excuse not to. Installing OpenVAS from packages is much easier than installing from source. So, as requested, here you go.

How to install OpenVAS 7 on CentOS 7

Although time consuming, compared to installing from source, installing OpenVAS from binary package is a much less involved process. There are a few ‘gotchya’s” when installing to CentOS 7, mostly related to redis, which I’ll cover in this guide.

This guide assumes you have a minimal CentOS 7 server installation and you are logged into the console or via SSH.

First, we need to install a few prerequisites. To do that, run this command.

yum -y update

yum install -y wget net-tools nano

The OpenVAS binary packages aren’t included with the stock repositories. So, we need to enable the Atomicorp repository.

wget -q -O - http://www.atomicorp.com/installers/atomic |sh

yum -y upgrade

Now, we will install redis and OpenVAS 7.

yum -y install redis openvas

Click Here To View The Entire Tutorial!