Tuesday, February 28, 2017

HTTPS Update (1)

Options Indexes FollowSymLinks if you want to have directory indexing working on a site where SSL has been enabled and you need a directory open.

Otherwise it redirects to a 403.

Upgraded wifi speeds are great

So I recently upgraded to 100+ MBit/s internet access, after navigating Comcast's purchasing process. However, not everything can support those sorts of speeds. So, I purchased an Intel PCI card that can handle gigabit speeds, for my old XPS-8300, and also a new wireless adapter (AC, dual-band). The PCI card has been a disappointment, not being able to pull down more than 20 Mbits/s, but the wifi has been much better, getting an average of 114 Mbit/s down and the same ~5 mbits/s up. It also has Bluetooth, which is fun to use for the first time ever.

Unfortunately, there have been strange issues with maintaining access to the network on the new cards. Sometimes connections get dropped on the 5 GHz network. For now, I'm attempting to alleviate that issue by restricting the 5GHz connection to 20 MHz spread instead of 40, which drops the speed to around 80 Mbits/s but also gives me channel 165 (center frequency 5825 MHz) all to myself to avoid interference from neighboring traffic.

The new Lenovo Thinkpad T460p laptop also has a persistent issue across several Linux kernels, in that the wireless chip is not supported by a recent kernel version (4.6 or 4.7), leading to the wifi just dropping out unexpectedly for a few moments, every six-seven minutes. That's unacceptable. There are some fixes, but they're not good enough, so I've been trying out different OSes, keeping in mind potentially putting VMWare Workstation on the final result. For now Fedora KDE is installed, but I may try debian as the fix to the iwlwifi driver there might work better.

Worst comes to worst, I'll try RHEL and put VMWare workstation on it for the VMs. I purchased the machine for pentesting in VMs, for general VM practice, and not much else, therefore it doesn't matter what runs underneath.

Thursday, February 23, 2017

Building a better home network

After long, stressful hours, I like to spend time imagining what a better home network would be like. The more I read about labs, and the more services I put on the network, and also after discovering the homelab subreddit, the more I understand that a better network is a must.

Currently, there is a consumer-grade EA7500 device performing four layers-worth of functions, connected to the modem. An 8-port switch is connected to it, and all the Raspberry Pis, of which there are now five, are plugged into that. One of the Raspberry Pis is a tor relay, separated with a DMZ setting on the EA7500 router device, attached to the switch as well. My workstation for personal and work computers uses wireless connection, because they are physically separate from the rest of the equipment.

I'd like to simultaneously expand the reach of network cabling (in an apartment), separate out the EA 7500 device's functions into a router, firewall, and two Wireless APs, and build a network capable of supporting everything plus a home lab area, all in one.

Goals:

  • 2 APs for best coverage
  • Network cabling attached to the walls to provide access to fun stuff (e.g. Raspberry Pis), workstation area (several computers), and home-lab area
  • Have enough capacity for expansion
  • Implement external and internal firewall solution because it's the sane way and because I'd be able to have a proper DMZ
  • Minimize collision and broadcast domains

Here's a preliminary drawing, open to suggestions:


Yes, I know, tall orders all around. Some more things:

  • Received my new laptop. It's a Thinkpad 460P, with an upgraded 500 GB SSD and upgraded 32 GB RAM. It will form the foundation of the lab, as I can add VMs there more easily.
  • This new laptop will also be a personal laptop, which means I may occasionally plug it into a different area (workstation section).
  • Everything after the second router (or firewall) would be separate VLANs for practice, and use iptables to manage everything.

I'd love to integrate Troy Hunt's fascinating journey with Ubiquiti, since an smooth-looking interface for all the data would be deeee-licious. If I'm already fiddling with everything else on a daily basis, working with OpenWRT or DDWRT is not interesting, plus I'd really love to see data flows across the network. (The five-port Edgerouter from Ubiquiti that I'd bought earlier has a similar beautiful interface.)

To practice wireless testing I'd most likely stand up an ad-hoc non-Internet-enabled wifi network with an old linksys router.

Sunday, February 19, 2017

HTTPS

Blogs don't need HTTPS? Brochureware doesn't need it either, you say? That's what I thought too, but with the advent of Free HTTPS sites there's a growing consensus that everything should have HTTPS, and damn the computational overload on legacy systems.

So I've enabled HTTPS on this blog, and will be doing so for my website as well. After all, as a security professional I might get dinged otherwise.

Update: Followed this guide to fix the issue I was having with infinite redirects when using CPanel's URL redirect functionality, instead of changing the .htaccess file as in the article.

Parsing .Nessus files - Part 1

It's Part 1 because I'm using someone else's script instead of writing my own, or modifying the original. But this one has served well for now.

What do you do when you have the results of several Nessus scans, and you have to use them in a report? You could use the Executive Summary, results outputted by plugin (never host), and click back and forth in multiple HTML documents, in IE for instance. Or you could use this perl script, together with the merger.py code located here, to merge the files into one and output a nice Excel spreadsheet with all the data.

Downside is, it's written in Perl, and I use a clean Kali install on a dedicated pentesting laptop for each job. This necessitates reinstalling all the perl modules, etc, each time. So I finally got tired of it and followed the example of a colleague who packaged them all into a Windows executable.

I did everything in Windows. First, I installed Strawberry perl, then installed cpanm and updated old versions of existing packages and other stuff. It took a while, but gave the nice feeling after a long "apt-get dist-upgrade" has completed. I used Perl Packager, and issued the following command to output an executable (saves you the trouble):

pp -M JSON -M PAR::Dist -M URI::Escape -M LWP::UserAgent -M HTTP::Cookies -M Data::Dump -M Data::Dumper -M XML::Hash::XS -M XML::TreePP -M MIME::Base64 -M Math::Round -M Excel::Writer::XLSX  -M Excel::Writer::XLSX::Chart -M Excel::Writer::XLSX::Chart::Pie -M Data::Table -M Getopt::Std  parse_nessus_xml.v22.pl

...and voila, an executable emerges that can be used from the command line.

Here's a copy. Update: Note that this copy changes as I start to amend the the original. In the latest version, the IPs output in the IP column of the "Vulnerability to IP Summary" worksheet are newline-delimited, rather than colon-delimited. Saves a find/replace step in SublimeText.

P.S. Adding file version information and more is listed here.

Thursday, February 16, 2017

Creating a Raspberry Pi Media Center

I was first introduced to the wonders of media centers with the previously-mentioned PirateBox. Being able to power up a little router, then stream music from it on my phone while cooking was rather convenient. This led to the idea that maybe a centralized media center on a Raspberry Pi would be a great idea. Ideally, I would be able to navigate to an IP address on the home network and stream music on any computer, without having to install an app.

The actual first thing I tried was installing MusicBox, but that only works on a Raspberry Pi 2 and I'd just bought two Pi 3s. Maybe if the next solutions don't work, I'll revert.

The next thing I've tried is installing OSMC on a Raspberry Pi, following this guide. I created a script with the following lines which seem to need to be run each time for the VNC Server to start.

cd /home/osmc/dispmanx_vnc-master/
sudo modprobe uinput
sudo  chmod 666 /dev/uinput
./dispman_vncserver

Had to use the following to make sure input was accepted from the keyboard and mouse (which is attached using a 4 port KVM Switch):

https://github.com/patrikolausson/dispmanx_vnc#if-the-keyboard-or-mouse-does-not-work

 But this wasn't quite what I wanted. I need a device very much like the Piratebox, that contains the files, that could then be played, preferably via a web interface or an application, on a client device such as a phone or laptop. The Raspberry Pi should not be playing any music or video itself, and there's no need to control any interface on the RPi itself via any external remotes or VNC installs.

I remembered the Piratebox used DLNA or UPnP and found this guide:

https://www.s-config.com/minidlna-server-raspberry-pi/

Followed the guide, but apparently DLNA requires a certain directory structure, which none of my phone apps could discover properly.

So I'm moving on to this guide:

https://www.element14.com/community/community/raspberry-pi/raspberrypi_projects/blog/2016/03/11/a-more-powerful-plex-media-server-using-raspberry-pi-3

This is to set up Plex media server on the Raspberry Pi 3.

At last it worked. Lots of features, and all accessible over a powerful web interface. Too bad you need to register to get HTTPS.

This link was also useful to properly mount the USB drive.

Tuesday, February 07, 2017

Posting and thoughts and more

Just as I had begun to post more frequently, a month's hiatus occurred.

Some thoughts:

One of the difficult parts of this consulting jobs is that each person is their own brand. Additionally, everyone has very different schedules. Unlike colleagues at a non-consulting job, whom you see every day, interact with frequently, and who may do the same work as you, here the ones closest to what you do are scattered around the country. At work I sit in a small, windowless lab, perpetually cold to ensure the safety of the server rack next door, surrounded (when they're here) by IT Auditors, who work long hours in Excel, examining standards and compliance. It's a world away from my background, and, regardless of how much personal time I invest in it, my day-to-day work. I stress that maybe other people won't care for me to reach out and talk to them, off-the-cuff, about anything. Everyone is always so busy, every interaction is preceded by a quick Outlook calendar check, and I never know how much they care to chat.

It's very much a job of solitude. Fortunately, I have a mentor with whom I talk twice monthly, and a couple of people I've worked with before. Performing a challenging penetration testing assessment is a good bonding experience. In this job I know one has to seek out speaking opportunities, but that's just your brand. What if you just want to shoot the s**t about work?

In other news:

Interesting experience yesterday of donating platelets/plasma. They decided to go for a bit more platelets than usual, draining me of 1.07 L of liquid. That was unusual. The machine always adjusts too high to the veins and draws and drains much too quickly.

I took the plunge at last and bought a personal laptop to function as a work computer. Not a netbook or Chromebook, purposeful though those may be. It's something I'd felt the lack of even in college, six years ago, when I hauled a desktop and monitor to school in a carry-on bag just to work on it in a lab, hiding from assistants locking it up for the night, trying to finish a project the night before it was due.

The choice was a Thinkpad T460p - which I'll upgrade to having 32 GB of RAM and a 512GB SSD. I've never used a computer with an SSD so it should be fast. Plan to install Ubuntu to dual-boot it and the Windows 10 OS that comes pre-installed, with the intention of keeping the Windows part for pentesting and Ubuntu for regular use. i5 processor, but that shouldn't be an issue. Total cost, about $1400.

A project I've started working on is writing a Python script for the Pimoroni display0tron 3000 that will monitor a tor relay's traffic (rx for now) and display it on the Display0Tron's LEDs. A next step would be to pair the color display to the LED counter to have 36 levels of traffic so I can visually identify traffic rates (other than by simply staring at the flickering lights on the switch). Probably will use the 'psutil' library, but will have to do some subtraction to get a current number. There are shell commands to display this data, like vnstat, and some information is logged somewhere in /opt, but I'd rather not splice shell commands and python together for now. Also vnstat lags by about 10 seconds compared to starting at the traffic using the 'arm' tool on the tor relay itself.