Wednesday, October 20, 2010

What I've been up to...

In case you didn't know, Ubuntu 10.10 was released on 10.10.10. I've not upgraded my systems as I am quite happy with 10.04 and the promise of it's LTS (Long Term Support). That said, I'll pick one of my machines and see how good 10.10 is and post my findings at a later date.

What have I been up to lately? My friend (droll) introduced me to a nifty little device called the Nokia N900 which is based of Maemo which is derived from Debian Linux.

I've gotten a nifty overclocking which allows my to underclock the device at 125MHz all the way to 1.15GHz (the stock speeds at 250MHz till 600MHz). I've also gotten kismet and nmap installed on this device so wireless testing is now simply putting my phone in my pocket and walking around. I will soon be trying to get install OpenVAS which should make for a rather complete basic pentesting setup, all on my phone. I may even try Ubuntu 9.04 which somebody ported over to the N900 (it's ARM based).

Though this site is called "Life with Ubuntu", I guess I'll be including some Maemo/MeeGo blogs in the future.

Saturday, July 31, 2010

News of interest for the month of July 2010...

inundator v0.5 Released – IDS/IPS/WAF Evasion & Flooding Tool

inundator is a multi-threaded, queue-driven, IDS evasion tool. Its purpose is to anonymously flood intrusion detection systems (specifically Snort) with traffic designed to trigger false positives via a SOCKS proxy in order to obfuscate a real attack.

Safe3 SQL Injector – Automatic Detection & Exploitation Of SQL Injection Flaws

Safe3 SQL Injector is one of the most powerful penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers.

REMnux: A Linux Distribution For Reverse-Engineering Malware

REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser.

Andiparos – Open Source Web Application Security Assessment Tool

Andiparos is a fork of the famous Paros Proxy. It is an open source web application security assessment tool that gives penetration testers the ability to spider websites, analyze content, intercept and modify requests, etc.

Metasploit Framework 3.4.1 Released – 16 New Exploits, 22 Modules & 11 Meterpreter Scripts

The Metasploit Project is proud to announce the release of the Metasploit Framework version 3.4.1. This release sees the first official non-Windows Meterpreter payload, in PHP.

thc-ipv6 Toolkit – Attacking the IPV6 Protocol

A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. Please note to get full access to all the available tools you need to develop IPV6 tools yourself or submit patches, tools and feedback to the thc-ipv6 project.

Sagan – Real-time System & Event Log (syslog) Monitoring System

Sagan is a multi-threaded, real time system- and event-log monitoring system, but with a twist. Sagan uses a “Snort” like rule set for detecting “bad things” happening on your network and/or computer systems. If Sagan detects a “bad thing” happening, that event can be stored to a Snort database (MySQL/PostgreSQL) and Sagan will correlate the event with your Snort Intrusion Detection/Intrusion Prevention (IDS/IPS) system. Sagan is meant to be used in a ‘centralized’ logging environment, but will work fine as part of a standalone Host IDS system for workstations.

PlainSight – Open Source Computer Forensics LiveCD

PlainSight is a versatile computer forensics environment that allows inexperienced forensic practitioners perform common tasks using powerful open source tools such as RegRipper, Pasco, Mork, Foremost and many more.

WPA2 Vulnerability Discovered – “Hole 196″ – A Flaw In GTK (Group Temporal Key)

Malicious insiders can exploit the vulnerability, named “Hole 196″ by the researcher who discovered it at wireless security company AirTight Networks. The moniker refers to the page of the IEEE 802.11 Standard (Revision, 2007) on which the vulnerability is buried. Hole 196 lends itself to man-in-the-middle-style exploits, whereby an internal, authorized Wi-Fi user can decrypt, over the air, the private data of others, inject malicious traffic into the network and compromise other authorized devices using open source software, according to AirTight.

iKAT – Interactive Kiosk Attack Tool v3

iKAT was designed to aid security consultants with the task of auditing the security of a Windows based internet Kiosk terminal. iKAT is designed to provide access to the underlying operating system of a Kiosk terminal by invoking native OS functionality. This tool should be (and is) used by Kiosk vendors/developers/suppliers to test the security of their own Kiosk products.

Knock v1.4.2b – Subdomain Enumeration/Brute-Forcing Tool

Knock is a python script designed to enumerate sub-domains on a target domain through a wordlist.

Websecurify 0.7RC1 - powerful web application security testing

Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.

Saturday, June 26, 2010

News of interest for the month of June 2010...

Websecurify 0.6 - powerful web application security testing

Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.

w3af 1.0-rc3 Available For Download – Web Application Attack & Audit Framework

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

OpenSCAP – Framework For Implementing SCAP (Security Content Automation Protocol)

The OpenSCAP Project was created to provide an open-source framework to the community which enables integration with the Security Content Automation Protocol (SCAP) suite of standards and capabilities. It is the goal of OpenSCAP to provide a simple, easy to use set of interfaces to serve as the framework for community use of SCAP.

Onapsis Bizploit – ERP Penetration Testing Framework

Bizploit is the first Opensource ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests.

Samurai Web Testing Framework v0.8 Released – Pen Testing Security LiveCD

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites.

Knock v1.3b – Subdomain Enumeration/Brute-Forcing Tool

Knock is a python script designed to enumerate sub-domains on a target domain through a wordlist.

sectool – Security Audit Tool and IDS

sectool is a security tool that can be used both as a security audit as well as a part of an intrusion detection system. It consists of set of tests, library and textual/graphical frontend. Tests are sorted into groups and security levels. Administrators can run selected tests, groups or whole security levels.

Monday, June 21, 2010

Anti-virus revisited...

I remember writing a short post (read here) about why Ubuntu users don't need an anti-virus. However, over the past few months, my opinion on this has changed.

For starters, linux (unix in general) is more secure by design unless you are the village idiot who insist on logging into your Ubuntu setup as root (you actually need to hack this as Ubuntu by default prevents users from logging is as the root user). What few viruses/worms that do exist can only affect the user as per his/her access rights to the system.

However (I did say I've changed my opinion on this), Ubuntu users do receive a lot of files from other users who (gasp!) use Windoze (and Macs) and these platforms do have viruses/worms. What we do not want to be is a carrier for those malware. So installing an anti-virus should be done only for the occasional health scan and to maybe scan new files as you get them.

I have Googled around for a decent, free, linux based anti-virus and have found the following:

  1. ClamAV (URL or check with Synaptics
  2. avast! (URL
  3. AVG (URL
  4. F-Prot (URL
I ended up using AVG for myself since it was a CLI only installer (yes, no GUI) and didn't require me to register to use it (as you can see, I only tested one product). In any case, if you want to give it a try, these are the free ones I could find. Feel free to let me know what you think of this post or the product if you tried them.

You can also check the Ubuntu page on anti-viruses here.

Tuesday, June 15, 2010

Eee-control is still alive!

Grigori Goronzy, the developer of eee-control has just release version 0.9.6 of the utility for Lucid Lynx (URL I strongly suggest all Asus EeePC users install this fantastic utility into their Ubuntu setups. Will test this myself when I get home. :)

Friday, May 21, 2010

Installing Sun/Oracle Java 6 Update 20 in Lucid...

Since Ubuntu 9.10 (Karmic Koala), Canonical has dropped support of Sun Java on Ubuntu. However, I noticed that Canonical has slowly reintroduced Sun Java to Ubuntu by placing the .deb installers into the Ubuntu 'partner' repository. To install, type in the following:

sudo add-apt-repository “deb lucid partner”

This will add the associated Ubuntu repository to your Ubuntu. Next, you'll want to install Java 6 Update 20, this can be done by:

sudo apt-get install sun-java6-jre sun-java6-plugin sun-java6-fonts

You will now have a proper version of Java in your Ubuntu setup.

Sunday, May 16, 2010

Upgraded my laptop to Lucid Lynx...

I finally upgraded my laptop from Karmic -> Lucid today. If you've read my last post here about my initial reservations on upgrading to Lucid and how I checked if my laptop was affected by booting up the Lucid live CD, I am happy to report that I successfully upgraded to Lucid. The only problem I had after the upgrade was Plymouth not showing me the startup animation.

First thing I did was install the ppa-purge utility (see my blog post here). I then systematically checked the entries in /etc/apt/source.list and all the .list files in /etc/apt/source.list.d and purged all the PPA (Personal Package Archives) I was using and replacing them with official Karmic versions from the Ubuntu repository.

I then downloaded the ubuntu-10.04-alternate-i386.iso file from one of Ubuntu's mirror sites and following the instructions here, upgraded my setup to Ubuntu 10.04 (Lucid Lynx).

I rebooted the computer and did another update (since there are updates to some of the packages since the release on 29-Apr-2010) in a terminal shell by typing:

sudo apt-get update && sudo apt-get upgrade -y

Everything worked correctly as expected except by Plymouth. A quick Google search landed me here and my setup works exactly as expected.

I am now a happy lemming lynx. :)

Wednesday, May 12, 2010

Upgrading problems for Intel Graphic owners to Ubuntu 10.04 Lucid Lynx...

I am usually one of the first few people to upgrade my Ubuntu installation every time Canonical releases a new build of Ubuntu. However, I had noticed a few users having problems with their upgrades and decided to "wait and see".

There are now quite a few users reporting that Intel Graphic owners have problems with the KMS (Kernel Mode Switch) with the new kernels. I strongly suggest owners to wait until this problem is resolved and stick with Karmic Koala until then. You can find out more about this issue at the site with a Google query here.

I've read some websites saying that there is a quick fix to the problem where the kernel switches off KMS on known problematic graphic chipsets. Though this makes it easier to move from Karmic to Lucid, I'm personally going to wait until the problem is fixed (fixed with functionality, not fixed by switching the function off on problem machines). You can read about this workaround here.

Saturday, May 1, 2010

Upgrading from Karmic Koala to Lucid Lynx...

Now that Ubuntu 10.04 (Lucid Lynx) is out, I am sure most users will want to upgrade their Ubuntu 9.10 (Karmic Koala) to the new and improved. My advise to new users or those unfamiliar with the terminal bash shell to wait for other more experienced users to upgrade and see if they encounter any problems. If they have a similar setup or hardware as you have, then read or wait till the problem is solved. You can quickly check how by using Google and doing a query like this.

For the power users and those familiar with the workings of Ubuntu, you most probably also use a lot of PPAs (Personal Package Archives) either from Launchpad or some other repository. In case you didn't know, upgrading your Karmic to Lucid will result in:
  1. The upgrade will disable all non-Ubuntu repositories from your source.list file or source.list.d folder.
  2. The applications/packages that you have already installed may not work correctly, break, and/or damage your setup after the upgrade due to architecture differences or dependencies.
The easiest way for a Karmic user to ensure that their upgrade to Lynx is successful, is to first make a backup copy of their source.list file and sources.list.d folder. Then remove all software installed by the PPA and reinstall the same software from the Ubuntu repositories.

This used to be quite a laborious task as this was usually done manually. Now, you can use a program called ppa-purge which you can get for Karmic only here. Once you have installed this, simply type:

ppa-purge ppa:ubuntu-mozilla-daily/ppa

Replace "ppa:ubuntu-mozilla-daily/ppa" with the PPAs that you use. This will remove the installed applications from the said repository, remove the repository reference from Ubuntu and then reinstall the official supported version of the same application from Ubuntu's repository.

Once you have cleaned up all your PPAs, you can safely upgrade to Lucid Lynx. Once there, you can simply enable your favorite PPAs from your source.list and source.list.d folder and replace the keyword karmic with lucid. Before doing so, I strongly suggest you visit each developer's PPA page to see if they have a better version of the same software that the Ubuntu repositories has before upgrading to the PPA version.

I am not giving detailed steps for this post as this post is meant for power users who should know what I am talking about.

Ubuntu 10.04 Lucid Lynx is now available...

Ubuntu 10.04 (Lucid Lynx) LTS (Long Term Support) is now available. I know I may seem to be two days late with this news, but on the eve of release, a critical bug (bug #570765) was found in the final build. This resulted in the Ubuntu team having to fix the bug, re-test and rebuild the ISO images.

Anyway, the bug has been fixed and 10.04 is now ready for the masses. Go get your copy here. If you have a very slow internet connection or need to install/upgrade Ubuntu at a location that is without internet access, you can order a copy of 10.04 disc (it's free) from here.

Thursday, April 15, 2010

Nessus 4.2.2 released today...

Took the below from an email I got today.


Nessus 4.2.2 has been released today. This release contains the following fixes:


- Proxy issues have been resolved


- Fixed a memory leak in the NASL xmlparse() function


- Fixed IPv6 routing when talking to a remote host (FreeBSD, Mac OS X)

- Packet forgery was not always working on ES5 64 bits


- Fixed the Debian /etc/rc init script

- Upgraded OpenSSL to version 0.9.8n (Windows, Solaris)


- Fixed a possible crash when using a badly written custom plugin

- Fixed a possible crash when running out of BPFs on Windows

Sunday, April 11, 2010

Installing OpenVAS 3.0.x on Ubuntu Linux...

This is a follow-up to my earlier article on Installing OpenVAS 2.0.x on Ubuntu Linux...

Updating your Ubuntu Setup

Before we begin, it is best that we update our Ubuntu libraries and applications to the latest versions by typing the following in a terminal:

sudo apt-get update
sudo apt-get upgrade

Installing the libraries that OpenVAS uses

Once you have updated your machine, we will need to install the following libraries and applications to compile and install OpenVAS. Again, in the terminal:

sudo apt-get install cmake build-essential libgtk2.0-dev libglib2.0-dev libssl-dev htmldoc libgnutls-dev libpcap0.8-dev bison libgpgme11-dev libsmbclient-dev snmp pnscan

Downloading the source code and compiling them

Now that the machine is ready to work with the OpenVAS sources, you then need to download the following source codes from the OpenVAS website. You can find the sources at URL

Download the latest version of the following:

openvas-libraries (latest v3.0.x, I used 3.0.4)
openvas-scanner (latest v3.0.x, I used 3.0.2)
openvas-client (latest v3.0.x, I used 3.0.0)

You will need to install OpenVAS in the above listed order. To install each component, you will need to do the following:

tar -zxvf [filename of .tar.gz file]
cd [sub-folder of same name as .tar.gz file]
sudo make install
cd ..

If you are using the 64-bit version of Ubuntu, you may get an error message ("/usr/bin/ld: cannot find -lcrypto") when you 'make' the openvas-client. You can fix this by typing:

sudo ln -s /usr/lib/ /usr/lib/

Once all three components are compiled and installed, you will then need to let Ubuntu know about the new libraries you have just compiled before the can be used by typing in:

sudo ldconfig -v

First time OpenVAS users

For the first time use of OpenVAS, you will need to create a new cert and add in the first user that can login into the OpenVAS server by running both:

sudo openvas-mkcert
sudo openvas-adduser

Updating the latest plug-ins

Periodically (I usually run it once every day, or just before I am about to use OpenVAS), you will need to update the plugins that OpenVAS uses to detect newer vulnerabilities which are found everyday. You can do that by typing:

sudo openvas-nvt-sync

Note: There is a bug in the update script and you will get an error message (as of today, 11-Apr-2010). A quick look at the OpenVAS forums showed a typo made by one of the developers and the way to fix this is do the following (in a terminal):

gksu gedit /usr/local/sbin/openvas-nvt-sync

Search for the string (my script had it on line 63):

SYNC_TMP_DIR='mktemp -d openvas-nvt-sync'

and change it to:

SYNC_TMP_DIR='mktemp -d openvas-nvt-sync.XXXXXXXXXX -t'

To start the OpenVAS server, activate the server by typing in:

sudo openvassd

And running the OpenVAS client by typing:

sudo OpenVAS-Client

If you want to learn or know more about OpenVAS, visit them at

Note: Tested on Ubuntu 9.10, and I assume you are doing all this with user access (that is why, some root only commands have the "sudo" command in front of them) and am running the kernel in i386 (32-bit) mode. Also, as I did not test this on a 64-bit system, the 64-bit only error/solution mentioned in my article comes from the forums and I have not tested them myself.

Saturday, March 13, 2010

Installing Firefox 3.6 into Ubuntu 9.10 (Karmic)

If you are like me and constantly want the latest version of everything in your Ubuntu installation, you will most probably want to install Firefox 3.6 into your Ubuntu installation. You first have the add in the Mozilla Team's firefox-stable repository by typing the following in a terminal shell:

sudo add-apt-repository ppa:mozillateam/firefox-stable

Once you have that entry in your source.list file, you will need to update the available installers with the command:

sudo apt-get update

Now you can simply get firefox 3.6 installed with the command:

sudo apt-get install firefox-3.6

Warning, this will remove your current installation of Firefox.

:::::::::::: For older Ubuntu users :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

If you are a Jaunty, Intrepid or Hardy user, you will need to edit the source.list file by typing the following into the terminal shell:

gksudo gedit /etc/apt/sources.list

You then need to add in the following two lines at the end of the file:

deb BUILDNAME main

Remember to replace the name
BUILDNAME, with jaunty, intrepid or hardy (depending on which version of Ubuntu you have installed).

You will then need to import the correct public key so that Ubuntu will trust the repository. To do that, please read my earlier post on Getting the public key of a Ubuntu repository.

Again, once you have done the above, you will need to issue the command for Ubuntu to update and install the repository data and install Firefox 3.6:

sudo apt-get update

sudo apt-get install firefox-3.6

You now have Firefox 3.6 installed. :)

Tuesday, January 12, 2010

Securing your Apache 2 web server...

I have done a lot of server security testing and one of the most common mistakes I see in most web server implementation of customer's web server is:

1. The server banner of the web server displays the product and version number of the seb server application.

2. The web server has the debug command TRACE enabled by default in the production environment.

When you install Apache 2 in a Ubuntu box (may be similar for other Linux distros), the above two options are by default enabled.

The easiest way to remove TRACE and obfuscate the server banner version is to add the following commands into apache2.conf found in the /etc/apache2/ folder. They are:

ServerTokens ProductOnly
ServerSignature Off
TraceEnable Off

The commands are self explainatory and you really should google for them...