ITIL, ITSM, IT Security focused blog.
Thursday, March 31, 2016
Thursday, January 28, 2016
OK enough customizing took me some time to get back in the groove. So here is where I post the boring hammer is just a hammer thing.
OK look this material can be used to break the law (duh!) so don't. OK below is the longer legal brown stinky stuff. Look seriously I do this because I love the intellectual challenges and I like to teach others. If you learn something I am happy. But come on guys lets not give Hollywood more BS fodder about us hackers being evil and all.
Now I am not of the white, black and grey hat mind set. Hacking used to mean being curious, testing things and challenging yourself. This blog is to help bring that back. So after this post the real fun will start. Now I know the first few coming posts may put some of you to sleep. I am going to cover some basic Linux commands. I know YAWN!!!! Well I like to start simple and more to the more complex, I promise you I have much better material in the words. Keep in mind I do have a full time job and life and a lot of work goes into each blog and they are FREE!
So please don't cause trouble, have fun, learn and push the boundaries without breaking them. Peace everyone :)
OK look this material can be used to break the law (duh!) so don't. OK below is the longer legal brown stinky stuff. Look seriously I do this because I love the intellectual challenges and I like to teach others. If you learn something I am happy. But come on guys lets not give Hollywood more BS fodder about us hackers being evil and all.
Now I am not of the white, black and grey hat mind set. Hacking used to mean being curious, testing things and challenging yourself. This blog is to help bring that back. So after this post the real fun will start. Now I know the first few coming posts may put some of you to sleep. I am going to cover some basic Linux commands. I know YAWN!!!! Well I like to start simple and more to the more complex, I promise you I have much better material in the words. Keep in mind I do have a full time job and life and a lot of work goes into each blog and they are FREE!
So please don't cause trouble, have fun, learn and push the boundaries without breaking them. Peace everyone :)
Disclaimer
Any actions and or activities related to the material contained within this blog is solely your responsibility.The misuse of the information in this blog can result in criminal charges brought against the persons in question. The author(s) of this blog will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this blog to break the law.
This blog contains materials that can be potentially damaging or dangerous. If you do not fully understand something on this blog, then LEARN more about it, ask questions, or just skip it. Refer to the laws in your province/country before accessing, using,or in any other way utilizing these materials. These materials are for educational and research purposes only. My advise is that you do not attempt to violate the law with anything contained here. If this is your intention, then I am not your parents so best of luck to you! Neither administration of this blog, the author(s) of this material, or anyone else affiliated in any way, is going to accept responsibility for your actions. The author(s) of this blog are NOT responsible for the comments posted on this blog.
Any linked sites are not under the control of author(s) of this blog and are not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Any and all links or the inclusion of any link does not imply endorsement by us.
Finally we can only ask you to PLEASE play nice.
One last note I will be covering viruses and other issues of controversy, again this material is for RESEARCH and learning. I am not going to self censor, so you are warned the critters you will see are REAL and can bite if launched on you system. So PLEASE use sandboxie of a even better get a junk system with NO network connection and a valid image to rebuild quickly. You have been warned.
Post ideas questions, I may not get back to you. I am really busy, but I will try to read all comments. OK Alice lets jump down that rabbit hole.
Peace everyone
Monday, January 25, 2016
Saturday, January 11, 2014
Coming soon
Hey readers been a while since I have posted on this site. But lots of changes have occurred. Thus I am excited to report that soon (next few days) ORS will start to post ITIL and other security training tutorials on YouTube). Will post updates as they become available.
Saturday, March 30, 2013
Root your Nexus 7
So you have a Android based tablet. Awesome and you do IT Security (Cool) what can you do....OH a whole lot, now Google is great and the android market is great too. But, there are some applications that lets just say do not really belong in the market such as...oh, really cool hacking and security tools.
How would you like to Foot Print with a Nexus 7. Yep, no more laptop, here is a little secret when I do foot printing I now use the Nexus 7 as my initial "on-site" or "near on-site" tool, why? Because it is small, concealable and Innocent.
Now remember these tutorials are to teach and what you do with this is YOUR RESPONSIBILITY!
Now the first thing you need to do is what is called ROOT you tablet. Now this term is not really 100% accurate, the real term is "Give yourself and other applications Root Access to the android OS". Sound dangerous, it can be as you may know messing up root access can BRICK your tablet. Well kind of I will show you a little emergency thing you can do. Although I should note i have never had a root access go bad yet.
So if you choose to do what this tutorial is about to outline, do it at your own risk. You have been warned.
Now that the the boring part is over lets get into the tutorial.
First you need to download:
How would you like to Foot Print with a Nexus 7. Yep, no more laptop, here is a little secret when I do foot printing I now use the Nexus 7 as my initial "on-site" or "near on-site" tool, why? Because it is small, concealable and Innocent.
Now remember these tutorials are to teach and what you do with this is YOUR RESPONSIBILITY!
Now the first thing you need to do is what is called ROOT you tablet. Now this term is not really 100% accurate, the real term is "Give yourself and other applications Root Access to the android OS". Sound dangerous, it can be as you may know messing up root access can BRICK your tablet. Well kind of I will show you a little emergency thing you can do. Although I should note i have never had a root access go bad yet.
So if you choose to do what this tutorial is about to outline, do it at your own risk. You have been warned.
Now that the the boring part is over lets get into the tutorial.
First you need to download:
Nexus Root Toolkit v1.6.3
You can find it from the link above. At the time of this writing the latest version was 1.6.3 and it will look for updates on its own.
Double click the installer and you will see this screen, choose Install.
Now after the install you will see this screen. Now this is REALLY important make sure you choose the correct device and OS, you can get the OS by going to settings and about Tablet.
DO NOT MAKE A MISTAKE HERE, if you do I am confident you will have problems.
For this tutorial I used a Nexus 7 so I choose a Nexus 7.
Latest OS is Jellybean and this is the technical data on it: Android 4.2.2 - Build JDQ39
Next you will see this screen FOLLOW THE DIRECTIONS!
Choose OK
This is the normal update progress bar.
Next this screen will come up, choose OK.
Yet another progress bar for you viewing entertainment.
OK welcome to the Root Kit Toolkit. Check to make sure the model and all match what you have. If not chose change and correct the error. Remember take your time this is not a race. Do it right the first time and you will be fine.
Now here is the Emergency Exit I told you about choose BACK-UP first before you move forward. Again FOLLOW the directions.
Choose a location to save you back-up.
Ouch cropped the screen capture. Now this is regrettably where I need to end due to some technical errors, I deleted the remaining screen captures by accident.
This back-up takes time, so be patient it is working it is just slow.
After the back-up is complete choose "Unlock" it will wipe all your data. You will need to re-register the tablet to your Google account, yes you will loose saved games etc.
After this choose Root and follow the directions. I apologize for the lack of additional screen shots, but let me end with the real meat and potatoes of this tutorial.
Go to the android market and get the following app.
In the android market search for Pentest Tools
This is a database with links to some GREAT tools you can install but many require root access to work. Some require you to pay, I only use the free ones.
It is well worth the download and time.
Behind the Scenes
So if you have any interest in what goes into this blog here is a little bit of behind the scenes. I use Screen Hunter 6 Free edition for all my Windows Screen Shots, for linux I just do print screens and edit them in Adobe Photoshop. Anyhow this is the a short tutorial on install and configuration. You can find it by just searching for "Screen Hunter:.
First Install screen select next.
Here you can choose to add shortcuts or not. I usually just have it start on startup and not put a short cut on the desktop but you can choose whatever suits you.
The ever loved progress bar.
Choose Finish
Now this is the main screen and you need it open to take screen shots. Don't worry it does not show up in screen captures. The main button the one you will use all the time is the circle in the middle saying "Capture Now"
Now in the main screen I use the following settings.
1) I choose to capture ONLY the active window, this saves me a lot of Photoshop work later on.
2) I DO NOT include the mouse pointer. (I find it distracting in screen captures)
Now if you choose "TO"
I make the following changes here.
1) I choose to save a JPEG
2) I choose a custom folder to save to: You I just call mine Screen Shots
Well that is it for this simple behind the scenes look, again I should have the new Linux Lab up today and will start to make the new tutorials then.
Peace Out.
Updates coming soon...Promise!
Just a quick note more coming to the blog VERY soon.
Set up a new Linux BackTrack Lab (Now having 3 Computers and 2 Wireless Networks), should be complete this weekend.
The story behind the Logos, (if anyone cares) ORS or Occams Razor Security is my IT and IT Security Consulting Company, PGHN is the Parent Company or my personal brand associated with the blog.
Now for the record, I have been doing consulting on and off for many years (over 15 years easy), so I am now at the point in my life where I need to "Settle Down" as far as employment goes, so being the type of person I am. I am doing two what I like to call future job vectors.
1) Try to get ORS to be a viable and "Family Supporting Business"
or
2) Find a challenging position at an organization where I can stay until retirement (like that will ever happen).
So seriously this posting is for potential employers who I have and will send resumes to and to those of you who read the tutorials. If I find the later (challenging position) I will shut down ORS.
Bottom line ORS may or may not last but I (PGHN) will still keep posting tutorials for a VERY long time, I find them fun and challenging to create. For the record each one does take many hours since the use a lot of screen shots and really want you the visitor to really understand what is happening. I want you to become a ethical hacker and not a script kiddie.
So thank you all for the support and reading this blog, I hope you continue.
Peace and as always Happy Hacking.
Set up a new Linux BackTrack Lab (Now having 3 Computers and 2 Wireless Networks), should be complete this weekend.
The story behind the Logos, (if anyone cares) ORS or Occams Razor Security is my IT and IT Security Consulting Company, PGHN is the Parent Company or my personal brand associated with the blog.
Now for the record, I have been doing consulting on and off for many years (over 15 years easy), so I am now at the point in my life where I need to "Settle Down" as far as employment goes, so being the type of person I am. I am doing two what I like to call future job vectors.
1) Try to get ORS to be a viable and "Family Supporting Business"
or
2) Find a challenging position at an organization where I can stay until retirement (like that will ever happen).
So seriously this posting is for potential employers who I have and will send resumes to and to those of you who read the tutorials. If I find the later (challenging position) I will shut down ORS.
Bottom line ORS may or may not last but I (PGHN) will still keep posting tutorials for a VERY long time, I find them fun and challenging to create. For the record each one does take many hours since the use a lot of screen shots and really want you the visitor to really understand what is happening. I want you to become a ethical hacker and not a script kiddie.
So thank you all for the support and reading this blog, I hope you continue.
Peace and as always Happy Hacking.
Saturday, November 10, 2012
Ghost Dialing
OK so this is side security post. I just stated using the Motorola Elite.
With the Motarola Razor Max (which I switched to for the excellent battery life and talk time). However I usually keep the ear piece in the charging case (which has its own battery capable of charing the head set up to 3 times) so in theory you can get 20 hours of talk time on the head set with out a charge.
So recently have noticed that when in my pocket it may try to ghost dial the last number called. To solve this I first tried to enable and then disable airplane mode with Verizon Wireless which did seem to work for a bit but then the same problem came back.
However I can now post a real simple and FREE solution. The app is called "Tiny Call Confirm" and it essentially put up a Yes/No confirm screen to all outgoing calls. You can find it at:
https://play.google.com/store/apps/details?id=com.perracolabs.tcc&hl=en
I highly recommend it It prevents ghost dialing. I would also note the that the motospeak application FREE as well works great with the headset and reads text messages for you and allows you to respond by talking and it transcribes for you; very convenient when driving or working.
All in all a excellent product with a minor issue.
More soon.
.
Saturday, September 22, 2012
Job Interview
So the job market sucks. No big news there; But even though the market is in the (blank) you need to be careful when interviewing. I am going to cover a few important points that will not only help you with the interview but also ensure you find a job you will be happy with.
Now let me say you may need to settle for a lower pay rate or work with is not really in your ideal but you should not find yourself in the "Bait and Switch" position.
Now what follows are recommendations and not rules.
Now let me say you may need to settle for a lower pay rate or work with is not really in your ideal but you should not find yourself in the "Bait and Switch" position.
Now what follows are recommendations and not rules.
- Ask to get your job function in writing now this may not be super detailed but should be fairly accurate.
- Ask to speak to your perspective co-workers without the manager present. THIS IS CRITICAL. You may learn things which will affect you decision.
- What are their qualifications for the position they are in? (Education, time on job etc.)
- Who was in the position before you and what happened to them?
- Why are they hiring (was the last person fired or left?)
- How are they on lunch (1/2 hour 1 hour)
- if you work late one day can you come in late the following day.
- Do people leave right at the end of there time or do they put in extra time?
- Look at their desks and body language.
- If the manger says you CANNOT speak to your perspective co-workers then say thank you and walk away. Think about it what are they trying to hide?!
- Get everything: salary, vacation days etc. in WRITING!
- NEVER MAKE A DECISION ON THE SPOT! Think it over and consider all expenses etc.
Feel free to post your experiences.
Good Luck in your search.
Thursday, September 6, 2012
Oracle Virtual Box and Backtrack 5 R3
So you want to work with BackTrack 5 R3 and you either do not have spare computers (try eBay) or maybe you just want some additional portability in testing.
There can be numerous reasons for going virtual, now I can not tell that this is better then a physical lab. I am old school and will take physical systems over going VM (Virtual Machine) any day. But this is purely a personal preference and arguably produces better testing (but I can already see some people saying "I don't think so...". That said this posting is all about introducing VM and how to install BackTrack under VM.
The best option our there today is hands down Oracles Virtual Box, and it is FREE. Will not cost you one cent and it is fairly easy to use and configure. I would suggest that if you are interested download it and play with it more then the basic levels which I will be covering in this tutorial.
As a side note want to be a good Ethical Hacker Security person, learn to master the Art of Free security software. Why the Black Hat Hackers are very good at it and you will need to learn to fight fire with fire. Thus lets move forward.
First off you need to download virtual box.
First off go to Google (or any preferred search engine), no I do not get any commission for promoting Chrome. (I wish I did..hint...hint....Google if you are reading this.)
Search for Virtual Box.
You should now see this page or something very similar.
On the right hand side there is download.
Choose the version of the OS that you are using.
You may also want to select the Virtualbox 4.1.20 Oracle VM VirtualBox Extension Pack It offers support for USB 2.0 which may be helpful. In may case I use a Ultra Book as one of my laptops and it has no internal DVD so the USB 2.0 support was beneficial.
On a side note Ultra Books are AWESOME, SSD are great. Once you go SSD you will never want to go back.
Once you double click the installer you will be presented with this screen.
Once you push next you will see this screen. You can leave the defaults if you want to.
Next you choose next.
This is the network interface warning screen. The reason you are seeing this is that in VM you can have multiple network interfaces available to you VM..
In this screen choose Yes
Now choose Install
Now one should see this screen.
Progress working...
Now choose finish, make sure the check box to Start Oracle VM VirtualBox 4.1.20 after installation is selected.
You should now see the default VirtualBox.
Choose New from the menu on the top.
Once you choose new you should see this screen. Now push Next.
This is the default screen you will need to make some changes.
In the name field, you can choose any name you want. Now I from habit stick to no space names.
Also make sure you set the:
Operating System: Linux
Version: Linux 2.6 (32-Bit or 64-Bit)
//this will vary based on your system.
Next you need to choose how much ram you want to allocate for you virtual systems. My advice is go to the task manager (right click the windows bar and choose task manager) Then select Performance to see the Ram usage. From here you can determine how much free ram you can allocate. Do note not to allocate all your remaining ram (leave some fudge ram for the system and other programs.
In this screen choose Create new hard disk.
Choose VDI (VirtualBox Disk Image)
Now here the default is Dynamically allocated. You will want to change this. Primarily due to the fact that even though it sounds great (which it does) it has one tiny problem...IT DOES NOT RELEASE SPACE ONCE ALLOCATED!. Opps Oracle!
So you will want to change this.
So as said above you will want to go with fixed size and press Next.
In his case I have set it to 30 GB you can set it to what you wish. I would recommend a minimum of 8 GB.
Now you will see the summary screen and choose Create.
Progress bar...(oh joy...time will var depending on your drive....blah blah blah...you get the idea)
This is the network screen and adapter one will default to NAT. Which is fine for this case.
Oracles explanation is:
"When you first create a virtual machine, VirtualBox by default enables one virtual network card and selects the "Network Address Translation" (NAT) mode for it. This way the guest can connect to the outside world using the host's networking and the outside world can connect to services on the guest which you choose to make visible outside of the virtual machine.
This default setup is good for probably 95% of VirtualBox users. However, VirtualBox is extremely flexible in how it can virtualize networking. It supports many virtual network cards per virtual machine, the first four of which can be configured in detail in the Manager window. Additional network cards can be configured on the command line with VBoxManage."
To learn more goto: http://www.virtualbox.org/manual/ch06.html
Now look you are going to be testing with BackTrack which can lead to "Incidents" inadvertently happening. So BE CAREFUL!
You can set the adapter 2 etc to a real network adapter in your computer...
Next you will need to install BackTrack to do this we are going to walk through the DVD method because this is a the most common and if you need to is the best way to install it fully on a system.
In this example we are using the D drive which is the default External DVD for this computer.
You should then see this summary screen.
You should then see the VirtualBox splash screen.
You will then see this blank screen (Don't Worry)
In a fe seconds you should see this screen.
From here just press Enter.
You will then see this Start Up Screen choose option 1 (the default).
Press Enter
You will then see this screen as the install begins
You may get this pop upp window depending on your display driver. You can just select Do Not Show this Message Again and press OK
I do not know why this came up for me seeing how the system is running at 32 Bit color.
You will then see this screen
You will then see this prompt.
Type Startx This will start x-Windows
Double lclick the Install BackTrack icon (shown on the top left corner)
This will start the install process
Just Press Forward
OK now here is where sometimes it seems a bit scary. The whole "Erase and use entire disk" part. But do not worry you are in a VIRTUAL environment. Now here I also need to point out one "documentation" mistake I made you see I did not have time to create this tutorial in one sitting. So you will notice my drive suddenly lost 10 GB. The HD is 21.5 GB this is due to me setting a smaller drive side.
Anyhow just use the option shown and DO NOT WORRY, this will NOT fry your whole drive just the VM one.
This is the final screen before the install.
Press Install
Now you will see this progress bar.
WARNING: this is REALLY slow process (as in many minutes to hours). Remember this is VM so it takes longer to do the initial install.
Well thats it, once complete you can launch VirtualBox and then choose your BackTrack 5 R3.
Look at older posts for more tutorials.
As always have fun and keep it legal.
There can be numerous reasons for going virtual, now I can not tell that this is better then a physical lab. I am old school and will take physical systems over going VM (Virtual Machine) any day. But this is purely a personal preference and arguably produces better testing (but I can already see some people saying "I don't think so...". That said this posting is all about introducing VM and how to install BackTrack under VM.
The best option our there today is hands down Oracles Virtual Box, and it is FREE. Will not cost you one cent and it is fairly easy to use and configure. I would suggest that if you are interested download it and play with it more then the basic levels which I will be covering in this tutorial.
As a side note want to be a good Ethical Hacker Security person, learn to master the Art of Free security software. Why the Black Hat Hackers are very good at it and you will need to learn to fight fire with fire. Thus lets move forward.
First off you need to download virtual box.
 |
| Search Google for Oracle Virtual Box |
Search for Virtual Box.
 |
| Virtual Box Web Site |
You should now see this page or something very similar.
On the right hand side there is download.
Choose the version of the OS that you are using.
You may also want to select the Virtualbox 4.1.20 Oracle VM VirtualBox Extension Pack It offers support for USB 2.0 which may be helpful. In may case I use a Ultra Book as one of my laptops and it has no internal DVD so the USB 2.0 support was beneficial.
On a side note Ultra Books are AWESOME, SSD are great. Once you go SSD you will never want to go back.
Once you double click the installer you will be presented with this screen.
Once you push next you will see this screen. You can leave the defaults if you want to.
Next you choose next.
This is the network interface warning screen. The reason you are seeing this is that in VM you can have multiple network interfaces available to you VM..
In this screen choose Yes
Now choose Install
Now one should see this screen.
Progress working...
Now choose finish, make sure the check box to Start Oracle VM VirtualBox 4.1.20 after installation is selected.
You should now see the default VirtualBox.
Choose New from the menu on the top.
Once you choose new you should see this screen. Now push Next.
This is the default screen you will need to make some changes.
In the name field, you can choose any name you want. Now I from habit stick to no space names.
Also make sure you set the:
Operating System: Linux
Version: Linux 2.6 (32-Bit or 64-Bit)
//this will vary based on your system.
Next you need to choose how much ram you want to allocate for you virtual systems. My advice is go to the task manager (right click the windows bar and choose task manager) Then select Performance to see the Ram usage. From here you can determine how much free ram you can allocate. Do note not to allocate all your remaining ram (leave some fudge ram for the system and other programs.
In this screen choose Create new hard disk.
Choose VDI (VirtualBox Disk Image)
Now here the default is Dynamically allocated. You will want to change this. Primarily due to the fact that even though it sounds great (which it does) it has one tiny problem...IT DOES NOT RELEASE SPACE ONCE ALLOCATED!. Opps Oracle!
So you will want to change this.
So as said above you will want to go with fixed size and press Next.
In his case I have set it to 30 GB you can set it to what you wish. I would recommend a minimum of 8 GB.
Now you will see the summary screen and choose Create.
Progress bar...(oh joy...time will var depending on your drive....blah blah blah...you get the idea)
Ok it's not an animated Gif but you get the idea. :) SSD to...compare with standard.
Once complete you will now see this screen.
Next choose Settings
This is the default settings screen.
Oracles explanation is:
"When you first create a virtual machine, VirtualBox by default enables one virtual network card and selects the "Network Address Translation" (NAT) mode for it. This way the guest can connect to the outside world using the host's networking and the outside world can connect to services on the guest which you choose to make visible outside of the virtual machine.
This default setup is good for probably 95% of VirtualBox users. However, VirtualBox is extremely flexible in how it can virtualize networking. It supports many virtual network cards per virtual machine, the first four of which can be configured in detail in the Manager window. Additional network cards can be configured on the command line with VBoxManage."
To learn more goto: http://www.virtualbox.org/manual/ch06.html
Now look you are going to be testing with BackTrack which can lead to "Incidents" inadvertently happening. So BE CAREFUL!
You can set the adapter 2 etc to a real network adapter in your computer...
ON this screen you can choose OK.
You can choose "Do not show this message again"
In this example we are using the D drive which is the default External DVD for this computer.
You should then see this summary screen.
You will then see this blank screen (Don't Worry)
In a fe seconds you should see this screen.
From here just press Enter.
You will then see this Start Up Screen choose option 1 (the default).
Press Enter
You will then see this screen as the install begins
You may get this pop upp window depending on your display driver. You can just select Do Not Show this Message Again and press OK
I do not know why this came up for me seeing how the system is running at 32 Bit color.
You will then see this screen
You will then see this prompt.
Type Startx This will start x-Windows
Double lclick the Install BackTrack icon (shown on the top left corner)
This will start the install process
Just Press Forward
Choose you time zone.
You can click on the map or us the pull down menu (showing Chicago)
Here you need to choose you keyboard. You can use the empty box area to test your keyboard settings. Usually you can keep the default.
Anyhow just use the option shown and DO NOT WORRY, this will NOT fry your whole drive just the VM one.
This is the final screen before the install.
Press Install
Now you will see this progress bar.
WARNING: this is REALLY slow process (as in many minutes to hours). Remember this is VM so it takes longer to do the initial install.
Well thats it, once complete you can launch VirtualBox and then choose your BackTrack 5 R3.
Look at older posts for more tutorials.
As always have fun and keep it legal.
Subscribe to:
Posts (Atom)