Search

The Life of Josh

Computer Engineer, Security Consultant, and Tech Nerd.

Category

Security

LazyKali reboot

I am making available the beginning of a re-write of what I think is a helpful utility for Kali Linux systems. These systems are used for penetration testing, and are not typically day-to-day systems. I find myself doing the same installs and maintenance with every re-install of Kali so I wanted to create a tool to simplify this. It appears that until about 3 years ago someone else had a similar idea, but they seem to have abandoned it. If anyone knows if there is a current version of lazykali out there in the Interweb could you please point me to it so that I might contribute to that instead of maintaining this fork. If Reaperz73 sees this please contact me to let me know you are out there.

Continue reading “LazyKali reboot”

Advertisements

Kali Linux install on a Lenovo T430s

I have been working with Kali Linux lately for the pentest tools, and to keep my skills current. To that end I wanted to put the latest version of Kali on a Lenovo T430s laptop. I started with the kali-linux-2016.1-amd64.iso download. Then I wrote that to a USB key using Universal USB Installer ( http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/ ) and tried to install Kali on my laptop.

Continue reading “Kali Linux install on a Lenovo T430s”

Hacking made easy and good reads

I was just watching Mr. Robot … an excellent TV show that any security person should find interest in, and they use actual hacking tools and techniques in the show. I saw the Social Engineering Toolkit used on S2 E1. I’ve used Kali Linux before, but never gave much thought to the SET application. If you have 22 minutes to spare and want to see how easy it is to social engineer your way to compromise credentials then watch this…

Continue reading “Hacking made easy and good reads”

NewsBlur Subscriptions to share

To help my IT friends at my job I’m leaving, I’m trying to share things that will help them. Below is a link to my NewsBlur subscriptions. I have A LOT of Mac stuff in here. The NewsBlur system costs $2/month ($3 if you are feeling it is worth it and have spare $). It is extremely worthwhile especially since the demise of Google Reader. There’s also an iPhone and iPad app you can use on the go. The stuff in the Engineering – Mac feeds will help someone do most of what I do.

Continue reading “NewsBlur Subscriptions to share”

Microsoft Security update MS10-015 broke your computer

If your Windows computer stopped working in the past week or so then you may have had a type of virus called a Rootkit on your system. Microsoft released a security update this month that unintentionally made a machine stop booting if you were infected. Your best bet if you are not technical is to have someone come copy your data off and setup your machine fresh. There are articles about removing the patch that breaks your machine but if you do that you will simply have a virus infected machine.

Continue reading “Microsoft Security update MS10-015 broke your computer”

Hack attempts from Afghanistan

I have a couple of servers that sit out on the Internet, and every day I get a little report on how they are doing, and if someone is trying to break in to them. Today I got this report;

sshd:
Authentication Failures:
root (121.100.48.130): 1353 Time(s)
unknown (121.100.48.130): 1148 Time(s)
root (61.168.227.12): 582 Time(s)
root (125.141.237.100): 165 Time(s)
root (180.68.206.31): 99 Time(s)
unknown (125.141.237.100): 93 Time(s)
unknown (61.168.227.12): 60 Time(s)
unknown (180.68.206.31): 42 Time(s)
root (222.211.78.20): 23 Time(s)
adm (121.100.48.130): 6 Time(s)
bin (121.100.48.130): 3 Time(s)
dbus (121.100.48.130): 3 Time(s)
ftp (121.100.48.130): 3 Time(s)
games (121.100.48.130): 3 Time(s)
gopher (121.100.48.130): 3 Time(s)
halt (121.100.48.130): 3 Time(s)
lp (121.100.48.130): 3 Time(s)
mail (121.100.48.130): 3 Time(s)
mailnull (121.100.48.130): 3 Time(s)
mysql (121.100.48.130): 3 Time(s)
mysql (125.141.237.100): 3 Time(s)
named (121.100.48.130): 3 Time(s)
news (121.100.48.130): 3 Time(s)
nobody (121.100.48.130): 3 Time(s)
nscd (121.100.48.130): 3 Time(s)
operator (121.100.48.130): 3 Time(s)
pcap (121.100.48.130): 3 Time(s)
root (123.30.98.50): 3 Time(s)
rpc (121.100.48.130): 3 Time(s)
shutdown (121.100.48.130): 3 Time(s)
smmsp (121.100.48.130): 3 Time(s)
sshd (121.100.48.130): 3 Time(s)
sync (121.100.48.130): 3 Time(s)
unknown (222.211.78.20): 3 Time(s)
uucp (121.100.48.130): 3 Time(s)
nfsnobody (121.100.48.130): 2 Time(s)
rpcuser (121.100.48.130): 2 Time(s)
haldaemon (121.100.48.130): 1 Time(s)
unknown (123.30.98.50): 1 Time(s)

Continue reading “Hack attempts from Afghanistan”

False positives in Symantec Endpoint Security

The other day I started noticing that our SEP clients were saying that install_flash_player.exe was a Trojan Horse. I got a lot of alerts like the below;

 At least one security risk found: 

Risk name: Trojan Horse
File path: C:\Documents and Settings\username\My Documents\Downloads\install_flash_player.exe
Event time: 2010-01-28 09:35:13 GMT
Database insert time: 2010-01-28 15:25:05 GMT
User: SYSTEM
Computer: XXXXXXXXXX
IP Address: 0.0.0.0
Domain: system
Server: XXXXXXXXXX
Client Group: My Company\XXXX
Action taken on risk: Quarantined

Continue reading “False positives in Symantec Endpoint Security”

Mac OS X 10.4.11 Tiger vulnerable to libc/strtod(3) buffer overflow too

I read the advisory for the libc/strtod(3) buffer overflow over the weekend and wondered if 10.4.11 wasn’t included simply because nobody tested, and I think I’m right. I logged in to a 10.4.11 machine in Console by entering “>console” in the Name: field of the login window. Then I logged in as my local admin account and typed “printf %1.262159f 1.1” and sure enough I was knocked out of my session back to the login window. It would appear to me that 10.4.11 is vulnerable to this overflow. Now let’s see if Apple goes back and makes a patch for 10.4.11 as well as 10.5.8 and 10.6.2. I would imagine now would be a good time for folks to remove anything older than 10.4.11 from your environment, and depending on Apple’s response you may end up moving all your 10.4.11 to 10.5.8 or 10.6.2 if they don’t issue a patch.

 

SmoothWall the Opensource Firewall

Now that I have my Actiontec FiOS router acting as a double bridge I am able to put devices on public IP space since I have 13 static IPs from Verizon. The problem is that I don’t really want to hang much on public IP space with no protection. It sounds ironic that I went through all that effort to double bridge only to hide devices, but it really does make sense. 🙂

Continue reading “SmoothWall the Opensource Firewall”

Blog at WordPress.com.

Up ↑

%d bloggers like this: