Friday, November 24, 2017

Backing up Pi using Synology and rsync (works for DSM 6)

I followed this guide, but made some changes. For starters, DSM had been updated after the guide was written, so the following link needs to be used to change the root password.

https://superuser.com/questions/1056922/synology-ssh-root-password-does-not-work

Before configuring each Pi for which a backup is desired, make the following temporary change:

sudo nano /etc/ssh/sshd_config
PermitRootLogin yes
sudo /etc/init.d/ssh restart

then change back to "PermitRootLogin without-password" once finished with setup and restart the SSH service.

Additionally, make sure to switch to root on the Pi using sudo -i and create a ".ssh" directory with mkdir .ssh.

Also, use the following "backup_target.sh" because the path to rsync has changed from the original, and because this provides a better log format (imho).



 SERVER=$1  
 ADDRESS=$2  
 NOW=`date +"%Y-%m-%d"`  
 LOGFILE="$SERVER-$NOW-log.txt"  
 ping $ADDRESS -c 10 >> /volume1/backups/logs/$LOGFILE  
 /usr/bin/rsync -av --delete --exclude-from=/volume1/backups/_scripts/rsync-exclude.txt -e "ssh -p 22" root@$ADDRESS:/ /volume1/backups/$SERVER/ >> /volume1/backups/logs/$LOGFILE 2>&1  

Todo: https://unix.stackexchange.com/questions/14191/scp-without-replacing-existing-files-in-the-destination

Update (For the life of me, can't get this to work): http://blog.tafkas.net/2015/01/15/monitoring-a-synology-diskstation-with-munin/

Thursday, November 23, 2017

Projects so far - 1

Set up and configure conky for immediate inclusion in all future Kali installs (!!), like this

Well that's done:

 
Obtain links to (cough cough) videos on a website, write a bash script to download everything.








Done. Let BurpSuite run for a bit, and saved all the links I wanted. The bash script reads the txt file with the links and feeds them to hls-fetch one by one. One-off of course, so probably I'll break it up.
 
Convert TS files into an MP4 after all.

 Not yet, will do eventually.

Learn enough PHP to make a web app to avoid having to login to the Plex Server Pi everytime I want to download something new

Turns out this is rather difficult. See my previous post about alltube.

Sanitize old pentesting reports - in progress

Finally finish my wireless sharing Pi Zero project (the existing Pi zero didn't like getting jostled across the US of A and died)

After struggling with getting USB wifi dongles such as the RT5370 and Edimax to work, I'm temporarily abandoning this project on the Pi Zero. The first zero wasn't actually dead, just the SD card had stopped working. So there goes the original form factor idea, which was to get it to fit inside a wallet. Tried instructions meant for a Pi 3 on a Pi 2 Model B v1.1 and had to redo the sd card. 

Installing alltube on a Raspberry Pi 3

1. Assuming you already have apache2, otherwise:

 sudo apt-get install apache2  

(and whatever else is needed for apache2 or custom /etc/apache2/apache2.conf or sites-enabled/000-default.conf)

2. Obtain the package on this page and unzip into /var/www/html folder: https://github.com/Rudloff/alltube

3:

 sudo apt-get install libapache-mod-jk-doc libapache-mime4j-java php5-curl rtmpdump  

 sudo apt-get install php5 php5-intl libapache2-mod-php5  

 sudo rm /var/www/html/index.html  

 sudo mkdir /var/www/html/config/  

 sudo nano /var/www/html/config/config.yml  

 # Path to your youtube-dl binary  
 #youtubedl: vendor/rg3/youtube-dl/youtube_dl/__main__.py  
 youtubedl: /usr/local/bin/youtube-dl  
 # Path to your python binary  
 python: /usr/bin/python  
 # An array of parameters to pass to youtube-dl  
 params:  
   - --no-playlist  
   - --no-warnings  
   - --playlist-end  
   - 1  
 # True to enable audio conversion  
 convert: true  
 # Path to your avconv or ffmpeg binary  
 # I commented out the included avconv as it is already installed for use with Plex on the same device  
 # avconv: vendor/bin/ffmpeg  
 avconv: /usr/bin/avconv  
 # Path to your rtmpdump binary  
 rtmpdump: vendor/bin/rtmpdump  
 # True to disable URL rewriting  
 uglyUrls: true  
 # True to stream videos through server  
 stream: false  


This worked, but the download speed of the completed file is oddly much slower than the intranet network speeds 10 MB/s vs 90 kb/s. So for now I've settled on https://github.com/MrS0m30n3/youtube-dl-gui, (edit) which has all sorts of options and also works with playlists, and download the music to a connected NAS folder for later transfer to the Plex server on the Pi. Probably will set up a script on the NAS to periodically check the folder for files and move them over directly.

Second update: The bookmarklet idea here, preserved below, is cute and I'll be sure to try it out someday:
 "
My quick and dirty equivalent:

Saved as ytdl.php, with the youtube-dl binary in the same directory.
I then put the following bookmarklet on my browser toolbar:
javascript:location.href='https://myserver/ytdl.php?v='+document.location.href;
Which works like a charm.
"
 

Wednesday, November 22, 2017

Brain dump time - Planned projects

Lest I forget my project plans, here is a current list on my mind:

0. Set up and configure conky for immediate inclusion in all future Kali installs (!!), like this
1. Rsync to backup all raspberry pis daily to NAS
2. Obtain links to (cough cough) videos on a website, write a bash script to download everything.
2a. Convert TS files into an MP4 after all.
3. Learn enough PHP to make a web app to avoid having to login to the Plex Server Pi everytime I want to download something new
4. Sanitize old pentesting reports
5. Work reports
6. Read 2017 Verizon DBIR report
7. Read Wi-foo book
8. Clean-up Munin install
9. Update base images of VMs
10. Finally finish my wireless sharing Pi Zero project (the existing Pi zero didn't like getting jostled across the US of A and died)
11.  Plunge into the Edgerouter X, break everything, and cry miserably when it doesn't work (e.g. move fast and break things)
12. Learn how to use Graylog and extract cool data from nzyme.
13. Read this ICS/SCADA primer again and actually look into some of the protocols.
14. Keep listening to Professor Messer Network+ videos (in mp3 format) while working out at the gym

And finally, setting up a VM environment for the lab discussed here:

https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20workshops/DEFCON-25-Workshop-Gabriel-Ryan-Advanced-Wireless-Attacks-Against-Enterprise-Networks.pdf

And also considering implementing EAP-PEAP on my home network for practice with this lab. 

Playing with hls-fetch - part deux?

The site that I'm using hls-fetch for has teaser videos for non-members and full videos for members. The naming structure is quite similar with the exception of a little something extra on the tail end of the URL. Since I can't predict what the full URL will be, a different route is to spider the listing of videos using BurpSuite spider, then right click to copy all the URLs in the discovered pages, and take out the m3u8 files and the subtitle files for later extraction.

Next, I'll write a quick bash script to read files line by line and download everything, via a handy Raspberry Pi Plex server, to a NAS. Currently If it detects an existing TS file, hls-fetch will helpfully skip it.

I also found that VLC recognizes TS files without needing to convert them to MP4.

Note: Lest anyone get any funny ideas, the site is for streaming music videos. I'm intentionally vague to avoid letting the word out.

P.S. On a different note, check out the ultimate wardriving (warwalking?) rig:

https://blog.adafruit.com/2017/08/02/wificactus-when-you-need-to-know-about-hackers-wearablewednesday/

 

Tuesday, November 21, 2017

Reporting (again)

There's something about writing reports that stimulates the creative thoughts. Wracking your brains for a better way to word a finding really gets the mind to think about anything else. Fortunately, Thanksgiving is coming up - a great opportunity to do some small side projects and finish up the dratted CPE training that is required at KPMG, of which I have about 10 hours left. Investing 101, here I come!

Regardless, some other posts about fun stuff are bound to come by during these days.


Wednesday, November 15, 2017

First November post

Wow, not a single post in November yet? I'll admit to finding it difficult to muster up energy for my usual escapades. The trip to Europe was great, but mostly it made me want to quit and go travel Europe for a few months. Imagine, I've had a sweet Synology NAS since early October and still haven't set up rsync to backup my raspberry pi systems on a regular basis.

My CISSP training was cancelled due to conflicts, but at least I have the CISSP book.