maanantai 6. elokuuta 2018

Certbot with Varnish and Apache

Assigning SSL certificates with certbot https://certbot.eff.org/lets-encrypt/ubuntuartful-apache for my new server was quite a pain. I installed good old apache2 and varnish in front of it. Like I learned back in 2012 or something. But assigning new certificates for this setup was quite hard as the automatic tool requires apache virtualhost to have port 80. I have port 8080 because Varnish is listening on 80.

So in order to do this, use the following command to issue certificate only:

certbot certonly -d domain.com -d www.domain.com --authenticator webroot -w /home/username/public_html/

Then use command certbot --apache to create the ssl files properly.  Use option 2 for new sites to redirect all to HTTPS. Aaaaand ta-da it works. To confirm it is possible to renew domains run:

sudo certbot renew --dry-run

Also notice that if you have Varnish proxy or something else before your backend server, you might wanna use --staging parameter to try ssl certificate generation is successful. Like

certbot certonly -d domain.com -d www.domain.com --authenticator webroot -w /home/username/public_html/ --staging

For the future virtualhost files REMOVE redirects, these are generated with certbot:

<VirtualHost *:8080>
ServerAdmin email
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /blaablaaa

<Directory />
                Options FollowSymLinks
                AllowOverride All
        </Directory>
        <Directory /blaablaa/>
                Options Indexes FollowSymLinks
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>
</VirtualHost>

tiistai 20. syyskuuta 2016

Learning Linux at University

I had to learn more about Linux at the university and so far I have learned couple of handy things.


  1. You can configure nano settings with .nanorc file
  2. Add alias commands to  .bash_aliases
  3. Make some ALIAS. ls --color=auto for ls
  4. Alias O for ls -latr listing all files in order, newest at bottom.
  5. SCP files with scp filename username@host:/Where in remote
  6. ssh-keygen -t RSA -b 4096 Generates ssh keys
  7. ssh-add starts ssh-agent until computer is shutdown. 
  8. Adding id_rsa.pub file content to authorized_keys in server allows ssh without typing password
  9. in ~/.ssh create config file without file extension and set ssh configs. Like:
    Host NAME
        HostName nikiahlskog.com
        User USERNAME
        Identityfile ~/.ssh/id_rsa.pub
    Then you can just use ssh name for example.
  10. RSYNC. It copies only changed files. Very handy! use it like: rsync --progress filename user@server:dir handle -a copies folder content
  11. Crontab. Using crontab -e is dangerous. Because crontab -r empties whole table and there is no undo. Create folder for cronjobs and create file for example cron.tab add your job to the file for example: 0,30 * * * * echo `date +%Y-%m-%H\ %k:%M:%S` cron job done then add this file to crontab with crontab ~/cronjobs/cron.tab see all your cron jobs with crontab -l to remove cronjobs juse handle -e


tiistai 5. huhtikuuta 2016

Mount shared folder on Virtualbox. Windows host, linux guest.

To mount / share a folder between host and guest OS first create a folder in windows which you want to share.

For example: C:\myshare

Then assign it from the virtualbox settings-->shared folders-->+ icon: set folder path, tick Auto-Mount

Then boot up your guest os. Create a folder where you want to point the host os folder, for example /~share/. Then launch terminal and type:

sudo mount -t vboxsf myshare ~/share/

Then you should see items inside that folder.


torstai 21. tammikuuta 2016

OpenVpn save Username and Password to a file.

So I have created ShellScript which opens VPN connection but everytime it asks my password and I wanted to automate this. So do the following:

Inside your vpn key folder should be file called config.opvn or something that ends with .ovpn. Open it up and look for auth-user-pass if your file doesn't contain this add it to the bottom. Right after it add one space and filename.txt like this:

auth-user-pass vpnpass.txt

Then inside the same folder where your .ovpn file is add new file called vpnpass.txt and insert your username and password separated with enter. Like this:

myusername
mypassword

Save both files and now your VPN shouldn't ask password or username.

torstai 10. joulukuuta 2015

Shellscripting like a boss

It is good idea to put all your shell script commands in a directory and export it to the path. In order to do this open up your .bashrc file of .profile

nano ~/.bashrc

Add this line to it 

export PATH=$PATH:~/scripts

It means in your home folder there should be a folder named scripts. Like /home/username/scripts.

Then reload your bashrc file 

source ~/.bashrc

And now you are ready for scripting. Add new file named hello to the script folder. 

Add this

#!/bin/bash 
echo My first program

Then in any directory type hello and your script executes.

Adding parameters to script:

#!/bin/bash

function echoshit() {
    echo "No parameter found or wrong parameter"
}

if [[ $1 == --trolli ]];
then
  echo "trolli echoed"
else
  echoshit;
fi


Read more: http://www.bashguru.com/2009/11/how-to-pass-arguments-to-shell-script.html

keskiviikko 21. lokakuuta 2015

Hacking with Kali Linux

I was curious about hacking things and the so called "dark side of the internet" so I installed Kali linux to my virtualbox and checked out few things.

Finding website admin panel with dictionary scan


So first thing I wanted to check is how you can find admin panels. In every content management systems (CMS) there must be admin panel to login and maintain it. So I found perl script that scans target site with different admin panel names. Unfortunately this is so called dictionary attack and if the name doesnt happen to be in the list, it wont find anything.

Open up your Kali linux and download this file: http://www.2shared.com/complete/R1eEFhs3/def_adminfinder.html

CD to your download folder and just run:

perl def_adminfinder.pl 

and it will launch. Then the script will ask the target site, type your site and enter.


Then we can see the script checking possible admin panel locations.


You have to wait for the script to finish to see the results unless you can spot status: found from the output stream. This is very simple tool to find admin panel, but it is a weak dictionary tool. This is not even hacking, cracking what so ever. I would say it is a tool.

How to generate a password list


When hacker is bruteforcing in to a system, it basically means to try every possible combination of numbers, letters and special marks that are defined. For that we need to create a list of those words. Linux can generate these files with a tool called crunch. 

type in: crunch 4 4 123456 > passwords.lst

The first number means how long the password should be atleast (minimum). Second number is how long it should (maximum) and then I have defined combinations with numbers 123456 and put them to a file called passwords.lst. Now this command will create every single possible combination of 123456 length of four. 





As you can see we have different combinations in a list. Try next crunch 2 2 abcd > passwords2.lst
to explore how this works.


Then we have all the combinations with abcd length minimum and maximum 2

Crunch is a tool to create password lists for bruteforce attacks which can take very long time. You can also download most used password lists by googling a little bit.

Password attack with Hydra to basic authentication


Now if you have website which has basic authentication you could create a massive list of words and then "bruteforce" yourself in to that site. Other way is to download ready made password list to speed up things a little bit, you can find some here: https://github.com/danielmiessler/SecLists/tree/master/Passwords

Basic authentication box will look like this:



Give command:

hydra -L accounts.txt -P passwords.txt http://www.yoursite.com

-L gives account list as parameter and -P option gives the password list. Then hydra will try every combination with the words in the lists. 


And the account + password combination in my list matched. I have successfully logged in.


SQLmap injection tool

if PHP page url looks like this: page.php?id=1 you can try if the page is vulnerable to sql attacks by adding ' to the end of url like www.yourpage.com/page.php?id=1'

If the answer you get is: "You have error in your sql syntax" the page is vulnerable to attacks. 

Simple command to find out databases is: sqlmap -u www.yoursite.com --dbs 
This will try different sql injections and list all the databases available.  


And as you can see, I found vulnerable website. Now I know their technology and what databases they have. This is just short demonstration what you can do with this tool.

To continue checking what is inside this table use command:

sqlmap -u www.yoursite.com/ -D information_schema --tables

This will check what is inside information_schema table.

Scanning email addresses with harvester

If you want to do email scan using search engines there is a tool called "theharvester". Fire up your Kali Linux and type theharvester to get information about the app.

You can scan emails with command theharvester -d www.nikiahlskog.com -l 50 -b all

From the information we can find that -d is the url we are searching. -l is the amount of results we look and -b is the search engine if I understood this correctly. After scannin my own site I have found 3 email addresses, but none of them is real. 





Using Hydra to hack login form


To attack login form you need: passwordlist and usernames list. User command:

hydra -L usernames.txt -P passwords.txt testsite.com http-get-form "/index.php:admin_username=^USER^&passwordfield=^PASS^:Denied"

-L is the usernamelist, -P is password list. http-get gets the right page, then comes the username field we try to hack, then password field and after : we put a word that hydra will be looking if the login is denid. 

Cracking Wlan passwords with reaver

Will continue this later probably...

airmon-ng start/check/stop
airodump-ng wlan0mon
wash -i wlan0mon -C
reaver -i wlan0mon -b BSSID --fail-wait=360

airodump-ng -bssid -c 6 --write/root/Desktop/crack-wpa wlan0mon

Free VPN with vpnbook and openvpn, how to use with Linux

VPN the tool for everyone who wants to be anonymous on the internet! I am happy that there is a place called http://www.vpnbook.com/ which is 100% free.

Start by surfing to http://www.vpnbook.com/freevpn and download for example  Euro1 OpenVPN Certificate Bundle to your Linux computer. It will be a zip file, so extract it somewhere in your system.

Next install openvpn client. sudo apt-get update && sudo apt-get install openvpn 

This will update your repositories and install openvpn client. Then CD to the folder where you have extracted the certificate bundle. To start VPN use command:

sudo openvpn --config vpnbook-euro1-tcp443.ovpn for example. It will ask username and password which you can find here: http://www.vpnbook.com/freevpn

Then just type in the credentials and wait few seconds. After that try geolocation finder and you can see your IP and country has changed! Notice that the command needs to be run with sudo in order to work.


You need to leave terminal open as long as you want to run the VPN. To close connection hit
CTRL + C

I am originally from finland, but after VPN tunnel my location is:


Also notice that the certifications and passwords may change occasionally, so always keep them updated.