Category Archives: How to

List hardware components with BASH

For troubleshooting purposes you might need to list the hardware components via BASH.

This can be achieved via the following executables.

List all components:
lshw -short

Or individually:

List the installed hard drives (Brand, model).
lshw -class disk

View partition info, including RAID:
lsblk

View installed processor:
lscpu

List PCI card and controllers:
lspci

List main board Brand and model:
dmidecode -t 2

List network card:
lshw -short | grep network

List RAM modules and capacity:
dmidecode –type 17- see the “part number” and google the code.
Example:
Part Number: CT102464BA160B.C16 –> Crucible

Power supply:
dmidecode –type 39

Sensors information:
apt-get install lm-sensors
sensors-detect
sensors

Posted in How to. Tagged with .

Analyze wordlists to generate password statistics and hashcat mask files

If you want to analyze wordlists and generate password occurrence statistics and generate advanced masks for hashcat from a wordlist or a cracked hashes file, you would need to use the Password Analysis and Cracking Kit.

As the author specifies in the manual, the PACK (Password Analysis and Cracking Toolkit) is a collection of utilities developed to aid in analysis of password attacks by analyzing common ways that people create passwords.

To install use git or if you have Kali, PACK should already be installed and ready to use.

git clone https://gitlab.com/kalilinux/packages/pack.git
Example usage for a wordlist called hashes2.txt:
sudo python ./pack/statsgen.py hashes2.txt --output=hashes2.masks

Generating the hashcat masks file from the hashes2.masks file generated from above:

sudo python ./pack/maskgen.py ./hashes2.masks -o ./hashes1_generated.hcmask --occurrence --pps=100000000

Output:

The result of the last command should be a hashcat compatible hcmask file, which can be used to crack hashes:

Example of a hcmask file:

?l?l?l?l?l?l?l?l
?l?l?l?l?l?l?l?l?l?l
?l?l?l?l?l?l?l?l?l

The syntax for hashcat mask attack looks like this:

./hashcat.exe -a 3 -m 0 ./hashes1.txt ./masks/hashes2_generated.hcmask -w 3 –status -O

Happy cracking!

Posted in How to.

How to run hashcat on Windows Subsystem for Linux

If you don’t know how to run hashcat on Windows Subsystem for Linux, meaning that you want to use the Linux bash command line interpreter directly on your Windows desktop, there is a possibility to get the full potential out of hashcat and the OpenCL acceleration of your GPU (nVidia, AMD) .

This tutorial assumes that you already have the Windows Subsystem for Linux installed on your Windows 10 system.

If you don’t have it, just do the following:

  • Click the Windows 10 start button
  • Search for “turn Windows features on or off”. Open it.
  • Locate “Windows subsytem for Linux”. Check it.
  • Click, OK/Apply
  • Reboot
  • Go to the Windows Store and search for Ubuntu, Kali Linux or any other Linux distro you find there.
  • Install it!
  • You are ready to continue.
Installing the Windows subsytem for Linux.
Installing the Windows subsytem for Linux.

Now, truth be told, there are simpler ways to run hashcat: directly on a Linux or Windows host.

This can be achieved by downloading and installing the latest hashcat release from the hashcat website and by installing the latest nVidia or AMD driver.

So, if you just like to over-complicate things or you need something to work on (like me), just follow along.

The first step that I did, as any normal Linux user would, I installed hashcat and the nVidia drivers directly from the bash shell:

sudo apt install hashcat nvidia-384 

The installation went smoothly, but hashcat would not recognize the GPU and this was not acceptable to me because the GPU (GTX 1060 M) is 10 times faster than my Intel i9 CPU.

So what I ended up doing was to download the latest hashcat release directly to my Windows Desktop. Unpack the archive (using 7zip).

And now comes the weird part. Did you know that the Windows Subsystem for Linux can run Windows binaries out of the box? I didn’t. Until now.

So what I ended up doing was to run the Windows hashcat binary directly from bash. Confusing, isn’t it?

Here’s me navigating to the Windows hashcat binary folder and running the crack session:

cd /mnt/c/Users/nixware/Desktop/hashcat-5.1.0
./hashcat64.exe -a 0 -m 5100 C:/Users/nixware/Desktop/hashcat-5.1.0/test.hash d:/wordlists/wordlist.txt -w 3 --status
Running hashcat on the Windows subsytem for Linux.
Running hashcat on the Windows subsytem for Linux.

As you can see, you will find your C: or D: drives in /mnt directory of the Windows Subsystem for Linux.

As for the cracking speed of the GPU via the subsytem and bash, I can confirm that there is no difference between running directly on a Linux/Windows guest system and the Windows Subsystem for Linux.

If you receive an “Token length exception” error, please check this article.

And that is it. Happy cracking session

Posted in BASH, cracking, hashcat, How to. Tagged with , .

The skeptic’s OSCP skills requirements guide

It’s been almost one year since I got my OSCP and I never got the chance to write about it. And since almost everyone does a general review about the Offensive Security Certified Professional certification, I decided to do a short write-up about the actual skill requirements for hacking through the OSCP labs and obtaining the OSCP certification.

So what do you need to know prior to starting the OSCP?

  • general OS internals knowledge (Linux, Windows) – have you ever installed Linux/Win? Know what a partition is? What is a log and where to find it?
  • general networking knowledge (what is a IP subnet, netmask, gateway, how are packets routed)
  • troubleshooting skills
  • using a search engine with advanced parameters (filetype, site, inurl, etc)
  • what is ARP, a firewall, antivirus
  • can you navigate/list/check or change permissions of files with cmd/bash?
  • can you read simple code (BASH, Python, Powershell) scripts?
  • can you write 2 liner scripts in linux?
  • Do you know what this does?

for ip in $(seq 1 254);do ping -c 1 192.168.1.$ip | grep “bytes from”; done

Missing some of the above? You can catch up, it’s not rocket science.

What is not mandatory, but great to have?

  • any kind of programming/scripting experience
  • any kind of experience in the IT Security field
  • experience as a sysadmin, tech support engineer or similar background.

Did OSCP help me with finding a job in IT Security?

  • YES!!

Are you ready for Pain & Sufferance? Brace for impact and register for OSCP. You will bleed, but it will change the way you look at IT Security and Pentesting.

Over and out – OS18010

Posted in How to, OSCP. Tagged with .

Fix bricked Seagate ST31000340AS hard disk. BSY error

9 years ago I had this 1TB Seagate ST31000340AS hard disk that I was using as a primary drive for my OS and also the place to store all my photos, video clips and other important stuff.
At some point it simply failed to work. No strange sounds, no nothing. The BIOS would not recognize it, OS would not see it.

I left it like that for for 6-7 years, but in the last week I started informing myself about how to fix it.
I knew there wasn’t any mechanical issue with it and I was suspecting HDD firmware issues.

And my suspicion was right. There was a known glitch with multiple series of Seagate models, more specific – with their SD15 firmware.
Now the fun begins, because there is a solution to this issue.

  • The materials needed to fix:
    bricked Seagate HDD
  • Torx T6 screwdriver

  • USB to UART Prolific PL2303HX convertor cable (3$). link to Amazon. Also found as “PL2303HX USB to UART TTL Cable Module 4p 4 pin RS232 Converter”.

  • A postit or a piece of paper, folded  2-3 times or any other slim non electric conductive material.
  • Prolific PL2303HX drivers that actually work on Windows 10 (get them from here, not the manufacturer’s website).
  • (optional) External HDD rack or connect the HDD directly to your motherboard via SATA and Molex ATX power cable.

Before we start, please be aware that there is a slight possibility that you will lose your data or break your HDD if you are not careful.

If you have important data that you cannot afford to lose, please go to a data recovery company to fix your hard drive.

Start the fixing process:

  • power off your PC or your external USB hard disk rack.
  • Important: make sure that the SATA or USB cable is disconnected from your PC/external HDD rack.
  • Remove any jumpers from the HDD. If you have any.
  • Take the Torx T6 screw driver and remove all 6 screws and detach the HDD PCB. Remember that the long screws are always connected on the corners of the HDD.
  • Place the folded postit between the PCB and the contacts for the drive head.  Leave the drive motor contacts in place.  Tighten the three screws closest to the motor contacts.  Leave the other three screws loose or removed.

HDD drive head

  • Install the USB adapter’s drivers (from the link provided at the beginning of the post) and make sure that Windows sees it as COM port in Device manager and you don’t have any yellow errors on it. Reboot if necessary.
  • Connect the USB adapter to the PC.
  • Go to Device manager and right click>> properties and make the following settings on you new installed USB/COM adapter:
  • Choose 38400, 8, None, 1, None in the COM properties box.

You will need to connect 3 wires from the USB adapter to the HDD. The 4th is not used:

  • GREEN cable is RX on the USB cable -> connects to TX on HDD
  • WHITE cable is TX on the USB cable -> connects to RX on HDD
  • BLACK cable is the grounding -> connects to the ground pin on HDD
  • You should connect the TX pin of the hard drive to the RX pin of the adapter, and the hard drive’s RX pin to the adapter’s TX pin.  This is the theory. In the real life it worked backwards for me.
  • Connect the 3 pins like this:

These pins are located next to the hard drive’s SATA connector.

If you can’t fit the pins on the HDD, strip the plastic shielding from the pins.

  • After inserting the pins, power on the PC or the external USB rack. The SATA cable should be disconnected from the HDD. Same for the external rack.

RX, TX and ground pins connected to the hdd

(RX, TX and ground pins connected to the HDD)

  1. Download putty from their official site.
  2. Open putty and make these settings. Make sure you are using the correct COM port number. Mine was COM8, but it might be different for you. Go to device manager to check the actual port number.
    • Baud 38400 
    • Data Bits 8 
    • Stop Bits  1 
    • Parity none 
    • Flow Control  none

  • Hit save and open.
  • You should see a blank screen. Hit Ctrl+Z.
  • If you connected the pins correctly you should see a prompt like this:

 F3 T>

If not, you may have the TX & RX wires swapped.  Switch the green wire with the white one and try again

Go to Access Level 2 (type /2):

F3 T>/2   (hit enter)
F3 2>

Wait about 30 seconds, then spin down the motor:

F3 2>Z (enter)

  Spin Down Complete
    Elapsed Time 0.147 msecs
F3 2>

If you instead see a message similar to this:

LED: 000000CE  FAddr: 00280D4D

Then you entered the commands too quickly after supplying power to the drive.

Poweroff the HDD, wait 30 seconds, then begin again.
If everything went smooth until this point, carefully remove the red postit that you placed between the PCB and the drive head contacts.

Tighten the all screws.  Then start the motor:

F3 2>U (enter)

Spin Up Complete
    Elapsed Time 7.093 secs
F3 2>

Next go to Level 1 (type /1):

F3 2>/1  (hit enter)

And do a S.M.A.R.T. erase (create S.M.A.R.T. sector):

F3 1>N1 ( hit enter)

When the prompt comes back up, turn off power to the hard drive, wait a few seconds, then turn it back on.  Wait about 20 seconds, then finally do partition regeneration:

Note, the command bellow contains Zero, not o – as in order.

F3 T>m0,2,2,0,0,0,0,22 (hit enter)

After 15-30 seconds, you should see something like:

Max Wr Retries = 00, Max Rd Retries = 00, Max ECC T-Level = 14, Max Certify Rewrite Retries = 00C8

    User Partition Format 10% complete, Zone 00, Pass 00, LBA 00004339, ErrCode 00000080, Elapsed Time 0 mins 05 secs

    User Partition Format Successful – Elapsed Time 0 mins 05 secs

Do not turn off drive until you see this message.
Once seen, drive can be turned off.
Power down everything, place drive back into your computer, and confirm that it’s working.

Update the firmware to the latest version! Google is your friend.

 
You are welcome ūüôā
 

Posted in hacks, hardware, How to. Tagged with , , , , , .

Delete files older than

find ./your_directory/ -mtime +30 -type f -delete
Posted in BASH, How to. Tagged with .

Install truecrypt on Linux CentOS

This is small guide on how to install truecrypt on Linux CentOS.

Truecrypt is probably the greatest encryption software that I’ve used to protect my files, unfortunately it has been discontinued by it’s developers for some very strange reasons.

However, that doesn’t mean that you cannot install it on your Linux machine.
So here goes the install process for truecrypt 7.1a, the console version of this crypto tool:

1.  Download the tar.gz archive from here or use wget from the command line, see below.

- wget http://nixware.net/wp-content/uploads/2015/06/truecrypt-7.1a-linux-console-x86.tar.gz

2. Extract the truecrypt archive:

tar -xvf ./ truecrypt-7.1a-linux-console-x86.tar.gz
cd ./truecrypt-7.1a-linux-console-x86

3. Give execution permissions to the installer script.

chmod 755 ./truecrypt-7.1a-linux-console-x86

4.  Install the requirements: libstdc++.so.6 and libfuse.so.2

yum install libfuse.so.2 libstdc++.so.6

5. Run the truecrypt installer:

[root@lnx truecrypt]# ./truecrypt-7.1a-setup-console-x86

– select option 1

6.  Create a new volume with:

/usr/bin/truecrypt -c

– follow the easy steps in the volume setup

7. Mount the container to a specified directory:

[root@nix truecrypt]# truecrypt -t -k "" --protect-hidden=no container1 /media/truecrypt1
Enter password for /home/user1/truecrypt/container1:
[root@nix truecrypt]# cd /media/truecrypt1
[root@nix truecrypt1]# ls
[root@nix truecrypt1]# pwd
/media/truecrypt1

8. Dismount a container:

truecrypt -d 

9.  (Optional) Check https://www.grc.com/misc/truecrypt/truecrypt.htm for some nice info

That’s it. Have fun hiding your stuff!

Posted in How to. Tagged with , , , .

How to empty large log files

If you want to empty large log files (aka lots of GB) without deleting the file, here’s how you can do that:

 

 

nix# > mylargelog.log

or

nix# echo " " > mylargelog.log

Tadaa!!

Posted in BASH, How to. Tagged with , , , .

Search in archives

When using the linux shell daily we encounter situations when we need to search specific strings in one or more archives. If you are wondering how to search in archives for different patterns or strings, this tutorial will show you how.

You might have an archived log file and you want to search for the word “error”, here’s how you can do it.

Presenting zcat:

zcat is a linux console utility that takes as input compressed data files and send to stdout the results. Used with advanced utilities like cut, grep or awk, zcat becomes a very powerful application that helps the linux system administrator to search through archived files.

Here’s an example.

[root@nyx /]# zcat httpd-log_20140821.gz | awk -F ";" '($6~"error")

[Wed Aug 27 11:08:27 2014] [error] [client 91.196.46.169] PHP Warning: date_default_timezone_get(): It is not safe to rely on the system's timezone settings.

The explaining:

zcat parses¬†httpd-log_20140821.gz, outputs the lines that have the word “error” in the 6th column of the log file.

Another example:

zcat logs_2014082* | awk -F ";" '($1=="Transaction timed out") | sort -u

Alert: a Transaction timed out error was received at 2014-08-20 1:33

Alert: a Transaction timed out error was received at 2014-08-21 10:03

The explanation:

zcat parses the archived files hat start with ”¬†logs_2014082″, searches if the 1st column contains “Transaction timed out” then sorts the output and removes duplicate lines.

Introducing zgrep.
Like the similar grep command, zgrep is a linux utility that was developed for the sole purpose of matching patters or strings inside an archived file.

Example:

zgrep error httpd.log.gz

[Sat Aug 23 06:12:20 2014] [error] [client 141.8.147.29] File does not exist: /www/html/nixware.net/httpdocs/index
[Sat Aug 23 06:12:21 2014] [error] [client 37.58.100.76] File does not exist: /www/html/nixware.net/httpdocs/forum

 

The explanation: zgrep searches the¬†httpd.log.gz file for the “error” word and sends the output to stdout.

zmore:

– allows you to filter archived or plain text files one screen a a time. As it’s name says it does basically the same thing as more but it can search.

Posted in BASH, How to. Tagged with , , , , .

How to save iptables

In this article you will find out how to save iptables firewall rules in Linux CentOS, Redhat, Debian and Ubuntu.

Iptables  is a Linux application built for the purpose of allowing a system administrator to configure and maintain specific firewall tables/rules provided by the Linux kernel firewall module.
There are currently 3 different kernel modules build for the IPv4, IPv6 and ARP stack protocols (iptables is used for IPv4, ip6tables refferes to IPv6, arptables to Addres Resolution Protocol).

The most used and the one used in this tutorial is iptables. In order to execute iptables related commands you need root privileges or to be in the sudoers file in Debian/Ubuntu OSes.

So here’s how to save iptables and how to list existing ones:

The syntax used to check the iptables service status is:

service iptables status  ##CentOS, Redhat
sudo iptables -L -n -v   ##Debian, Ubuntu

 

To start iptables:

service iptables start ##CentOS, Redhat
sudo ufw enable ##Ubuntu

 

To list iptables rules:

iptables -L

 

Save iptables rules:

iptables-save  #Debian
sudo iptables-save  #Ubuntu
service iptables save #CentOS

On CentOS, for example, you would see an output like this:

iptables save

 

 

 

 

To restore iptables rules:

~ # iptables-restore < /etc/sysconfig/iptables
root@nyxware
~ #
Posted in BASH, How to, linux, Networking, tutorial. Tagged with , , , , , , , , .