Linux Things : UBER-COOL things I Learned this Year(2k19)

Linux things You must know

Some Cool Linux Uber-cool things I learned this year


i3wm

Starting with i3wm, I know its not a new thing out there in the open source market but still I see many people suffering in managing their task management thing. So here we start with i3 Window Manager.

Platform Availability:

Available for various Linux sweet flavors.


Stable Version: [Click here]
Download Link : [Click here]


or install using Cli.

sudo apt install i3

Setting up i3wm

As of now, I won’t be mentioning the steps which I used in setting up my i3wm but will share resources which are really good to start with and believe me they are really good even I started with these resources only. I will also be sharing complete layman written documentation of my own on setting up i3wm.

Resource 1 (Code Cast): Watch here

Notes:
1. Watch carefully each step and would recommend having patience and trying the steps shown in the tutorial again and again in case you find yourself stuck somewhere.
2. Don’t try to copy and paste someone else i3 dotfiles as it might mess your entire Linux environment because there may be different dependencies or tools installed while writing those dotfiles.

Resource 2(i3wm docs): Read here

Resource 3(Docs Links): Read here
Read here

Running your application Inside Linux Containers

We all use application, tools or say softwares in our linux OS but what if we somehow run everything inside linux containers which will provide isolation, save memory and a lot of other things.

If you don’t get it then say running each application virtually or say in virtual machines. The only difference will be that it will be linux container technology instead of virtual machines. If you want to learn the difference between container technology and Virtual machines, I recommend reading my gitbook page where I have explained with pictorial example.

Click me

Okay I hope you read it and understand what we are dealing with now.

Motivation: Jessie Frazelle - Dockercon SF 2015

well thats true I got motivated to use everything inside containers just after I saw Jessie Frazelle giving her talk Container Hacks and Fun Images.

How To:

Wireshark in Container

Steps:

First of all we need to write dockerfunctions which on called will run container. Either you can write your own or you may use Jessie Frazzle github repo where she has created various functions under .dockerfunc file for different software and services.

Clone the repo Clone and then move .dockerfunc to home directory
Change diretory to cloned directory which in this case will be dotfiles

mv .dockerfunc /home/${USER}

It will move .dockerfunc to logged user home directory.

Now open Bashrc file i.e, .bashrc

cd ~
nano .bashrc

and paste the following code at the end of .bashrc file before unset file.

for file in ~/.{dockerfunc}; do
if [[ -r "$file" ]] && [[ -f "$file" ]]; then
	source "$file"
fi
done

Now try to run the container for example wireshark or any other software or service defined in .dockerfunc file. NOTE that sometimes it gives error for incorrect username and Password in that case just login again to docker into your CLI

docker login

Note: First when you run any service, it will first download the container image locally so that it can store it into local image repository for lator use.

Everytime you run a new service, it will fetch images from jess Docker repo. You may also download all the dockerFiles written by Jessie Frazzle and can build images again and push to your own DockerHub repo to make it do a pull from your repo.

But I would recommend contributing to Jessie Frazzle repo.

Download DockerFiles from Here

You are all set, now just run application or service available or say written inside .dockerfunc. Also contribute to Jessie Frazzle repo to add more docker function of tools and services which should be run in container and are missing from the .dockerfunc file.

Linux Commands

Use of Aliases to make things short and to save more time.

Example:

alias h="history"
alias update="sudo apt update"

Now what you can do is to write all the shortform name or say aliases of commands which you want to and save it inside .bashrc file.

You might also give a look at Jessie Frazzle aliases file for better examples and use.

Alias dotfile

create a file in your user home directory named .aliases

cd ~
nano .aliases

and paste all the content from this github file

Now open .bashrc file and at the end add aliases in the for loop we created while playing with linux containers.

for file in ~/.{dockerfunc,aliases}; do
if [[ -r "$file" ]] && [[ -f "$file" ]]; then
	source "$file"
fi
done

You are all done to use aliases for commands which you feel take your time.

zsh

It is a open source project or say framework to add themes to your terminal or increase it capabilities

Some cool themes of this framework are:

Ohmyz.sh

In order to install it, you may follow these below mentioned resources.

Resources 1: Install Ohmyzsh

Resource 2: Installation Guide

Note

It does not end here, I have so many other things on my plate which I will keep adding lator on


BSides Delhi - The Survival Guide

BSides Delhi 2k19 | SecurityBsides | BSidesDelhi Conference

About BSides Delhi

The cyber security industry is now bigger and more active than ever before. So, a lot of activities and conferences being held every year. Now, here i am introducing you all with one of the major conference BSides Delhi. Security BSides is a community driven framework for building events by and for information security community members. These events are already happening in major cities all over the world! They are responsible for organizing an independent BSides approved event for Delhi, India.

It is a volunteer organized event (it has no paid staff), and truly strive to keep information accessible for everyone.

I am Volunteering | YEAHHH!!!

So, I am Priyam Singh and I am volunteering this year in BSides Delhi 2k19. I really thank BSides Delhi #team for giving me such an incredible opportunity. I am really glad and excited to attend the conference on 11th October,2019. The event venue is Vivanta New Delhi, Dwarka.

Insights About Conference

The event is going to start with Keynote Talk by Leigh-Anne Galloway(Security Researcher) and Adam Laurie (Global Associate Partner and Lead Hardware Hacker, IBM X-Force Red) then technical talks, workshops, village speakers, panel discussion and in last the sub-events.

As it is the first conference I am attending, I desire that it turns out to be overwhelming for being around to some of the best security researchers from India and outside, being able to meet them and have their valuable advice. Nothing short of a goldmine to say, for many of whom who are getting started with and are trying to make a career in Security. If you are eager to know about these best security researcher follow below link.

Speakers

From last two years I have heard a lot from my friends who already have been part of this conference, about what all activities held and organised and what all things one can learn with such conferences.

Now few things I would like to mention if its your first time so that you dont miss anything and get the most out of the conference.

Important Key Notes
* Don't miss your pass of conference.
* Coming early and grabing your SWAG and IDs and become familier with the environment.
* Prepare a pre-list of all talks and workshops a day before the conference which you are interested to attend.
* During talks make note on important points
* Ask questions from the speaker at the end of the talk or during the Q&A session and try to have an interactive session.
* Try to interact with other attendees also.
* Ask volunteer's if you need any help, they are right person to guide you.
* Apart from the talks, they might have organised a special party in the evening, surely attend it if you are invited.
* Party is another important thing not to miss in the conference.
* Interact with people and introduce yourself, also try to increase your network and share social profiles which might be useful for you further.

Apart from this you might glimse the beauty of Delhi.

  • You can visit nearby historical sites at one go so you can visit something of your choice. Places like:

Red Fort # Jama Masjid # Tuglaqabad Fort # Qutub Minar # Meharauli Archeological Park # Humayun’s Tomb # Hauz Khas Fort # Lodhi Garden # Lotus Temple and Jantar Mantar

  • If you really want to pick one, try going to Humayun’s tomb or visit Qutub Complex.
  • Also go to Rashtrapati Bhavan, Lutyens Delhi and India Gate.
  • Also Delhi is the Food Capital of India, so go and taste varios different delicious dishes.

  • Despite being the hub of world class shopping malls, the true Delhi lies in its bazaars. Lajpat Nagar, Sarojini Nagar, Kamala Nagar Market, Janpath and Karol Baghare some of the most happening shopping destinations.

This is all from me, do not forget to meet me in conference. I will be part of Volunteering Team this time. Find me at @DevOpsgirl_ or Linkedin

Hope, this event goes a great success and everyone coming learn and experience many new things which will be of immense importance.

Matrix 1

Description

Matrix is a intermediate level boot2root challenge. The OVA is tested on both VMware and Virtual Box.


Flags: Goal is to get root and read `/root/flag.txt`
Networking : DHCP: Enabled IP Address: automatically assigned

Download link: [Link 1] || [Torrent]
Download Size : 552 MB
For more details: Visit [Vulnhub.com](https://www.vulnhub.com/entry/matrix-1,259/)

Walkthrough

First we nedd to do IP discovery of our target machine. So that we can get the IP to interact with the machine. Because we don’t have login credentials for logging inside the matrix machine.

For IP discovery : If you have Blue Team Field Manual(BTFM). Then open it and under scanning and Vulnerbility you will find below commands

You may discover using netdiscover or nmap.

Open your terminal

$ netdiscover

or

$ nmap -sn -PE 192.168.1.0/24    

nmap image

if you want to be more specific then you may use below command

$ nmap -sn -PE 192.168.1.0/24 | grep scan | cut -d " " -f 5

Here

-sn: Ping Scan -Disable port scan
-PE: ICMP Echo request
Do man for grep and cut
Example : $ man grep

Now we have the IP
Next if you see in BTFM book, you will see Scan and show open ports, determine open services,scan TCP and UDP ports. Lets use it all together to be more verbose and save it to a file matrix_nmap.txt

$ nmap  -T3 -A -v -oN matrix_nmap.txt 192.168.1.38

If you see the output then, we have 3 open ports

port 22 SSH
port 80 http
port 31337 http

we have 2 http ports, so lets explore them in our browser

Starting with port 80

After opening it in browser, you will get a page saying “Follow the white rabbit

And ya there is a rabbit at end of page I have highlighted it. so I know what you are thinking, yes we will do inspect element over it and we get this.

We have port 31337 as hint.

Lets open it in browser that is http://192.168.1.38:31337

Again this page tell something about Cyber, but if you read the quato carefully, then it says at the end Ignorance is bliss. be carefull, don’t start decoding it and get trapped into rabbit hole.

Act normal and check the page source.

you already have figured it out that it is base64 encoded. Don’t think much go and decode it by using whatever tool, website you want.

ZWNobyAiVGhlbiB5b3UnbGwgc2VlLCB0aGF0IGl0IGlzIG5vdCB0aGUgc3Bvb24gdGhhdCBiZW5kcywgaXQgaXMgb25seSB5b3Vyc2VsZi4gIiA+IEN5cGhlci5tYXRyaXg=

For most decoding or encoding part I use string-functions

we get the decoded string as

echo "Then you'll see, that it is not the spoon that bends, it is only yourself. " > Cypher.matrix

I hope you understand that some text is echoed and saved in Cypher.matrix But wait what it has to do with this machine. Because we have not yet found any field where we can pass input.

Why not to try this file in url.

    http://192.168.1.38:31337/Cypher.matrix

Once you type this in url. It will ask you to save a file name Cyber.matrix

Save the file and open it into your terminal with your favorite editor.

You will see some really weird thing but after spending some time on google, you will find that this is Brainfuck programming Language. So lets decode it using online decoder If not able to decode, try changing the browsers. Once decoded, you will find below text.

You can enter into matrix as guest, with password k1ll0rXX
Note: Actually, I forget last two characters so I have replaced with XX try your luck and find correct string of password

After reading above decoded text. We have

Username of machine: Guest Password : k1ll0rXX

Here, as he forgot the last 2 character, so what we can do is generate wordlist with k1ll0rXX

You may use any tool to generate wordlist like Crunch or mp64

Here we will be using mp64 which is basically maskprocessor(mp)

$ mp64 -o matrix_wordlist.txt k1ll0r?a?a

Note: If you are using any shell like zsh, you might face problem generating wordlist. So switch to your default shell .

Now we have list and need to bruteforce it against matrix machine. So we will use Hydra and will try to login via SSH as a guest.

$ hydra -l guest -P matrix_wordlist.txt ssh://192.168.1.38

So login using SSH command, and use password k1ll0r7n

$ ssh guest@192.168.1.38
USER OWNED

Fially we are in, but wait I am not able to execute any command. Which means its a restricted shell. This shell is used for security reasons say to restrict users from certain commands.

But don’t worry, there is always a solution. Lets use **export **command to export all the child processes running in current shell.

$ export

Here, we can see that our shell is /bin/rbash which is restricted bash shell. Also if you see the path environment varible, it is /home/guest/prog

Lets explore the path env variable, we see that we can use echo command. And also know that by doing echo /*we can check available programs and files.

So I tried with echo /home/guest/* and found prog directory when explored further then resulted in the following.

$ echo /home/guest/prog/*

So now we know that we have vi vim editor available to use. We know that we can spawn a shell using popular and powerfull editors which allow command exec.

In Vi, while saving or quiting a file using vi, we pass some commands like :! or :wq!

and we know in order to change shell we just need to type /bin/bash

so lets open a file in vi and try exiting it with following /bin/bash command.

In above image, I am quiting :! file following /bin/bash

Now when you do ls, you will see you can. So we have esclated the restricted shell rbash. Now we can executed commands we want. So lets finally look what we have here.

Lets try to switch the user to root using sudo su or su, you will see error command not found. Lets get over this by changing the environment path.

We can change the Path env variable suing export command

export PATH=/usr/bin:/bin/

It will work, just copy and paste above command and check path variable using export command.

Now we can switch user.

Use the same password which we used for guest account. It worked for me. (k1ll0r7n)

R00T OWNED

Now in root directory, you will find your flag.

Docker Installation

Docker | Install | EC2 Ubuntu Docker Install

How to install Docker | Adding local user to EC2 ubuntu Instance | Adding user to Sudoers file


Docker

An open-source project that automates the deployment of software applications inside containers by providing an additional layer of abstraction and automation of OS-level virtualization on Linux.

In simple, Docker is a tool that allows developers, sys-admins etc. to deploy applications in a sandbox (which in docker world we call it containers) to run over the host operating system.

For more information, read Docker Docs

Pre-requisites
* Ubuntu 18.04+ / AWS EC2 Ubuntu Instance

If you are on EC2 ubuntu Instance then lets first create a local user and add SSH priveleges to it and in order to get rid of use of user password again and again. We will also add that user to sudoers group. If you are not on AWS EC2 then ignore and continue from adding user to Sudoers.

Procedure
  • Login to your EC2 ubuntu instance using your private key.
$ ssh -i "myprivatekey.pem" ubuntu@public-dns.compute.amazonaws.com

Once you are in, lets start with creating a user and assinging priveleges to it. In my case, I am creating user named ninja

$ sudo adduser ninja --disabled-password

In our case we will be using –disabled-password. Using –disabled-password, you can create a account without use of password. If you want to create user with password then follow below command.

$ sudo adduser ninja 

Now lets switch to user ninja,

$ sudo su - ninja

Now its time to add SSH public key to the user account.

  • start with creating a SSH directory
$ mkdir .ssh 
  • Assign owner direcoty, read, write and execute permission(700);
$ chmod 700 .ssh
  • Adding SSH keys to Ninja
$ touch .ssh/authorized_keys
  • Giving permission to authorized_keys Owner read and write permission.
$ chmod 600 .ssh/authorized_keys

Open the authorized_keys using your favorite editor and copy the public key for the key pair into the file auth_keys.

 Remember your key pair which you downloaded while creating instance. Yes I am talking about that key only. Which you used for login to SSH

In order to open you key pair and copy its key. Use below command from your own system where you downloaded your key pair.

$ ssh-keygen -y -f myprivatekey.pem

Copy the key and paste it into authorized_keys file.

Note: You will not able to run nano or vim. So logout from ninja user and first install nano or vim using user named ubuntu. Once installed, switch to user ninja again using below command.

$ sudo su - ninja

Now paste your key which you will get after using the ssh-keygen command.

The key will look something like given in below image.

Copy it and paste under .ssh/authorized_keys

Use nano to open authorisez_keys file.

nano .ssh/authorised_keys

If somehow your command $ ssh-keygen -y -f myprivatekey.pem fails. Make sure that you have given proper 400 permission to your private key “myprivatekey.pem” if not given,

$ chmod 400 myprivatekey.pem

Now login using SSH but this time our user name is ninja.

$ ssh -i "myprivatekey.pem" ninja@public-dns.compute.amazonaws.com

Adding User ninja to sudoers group
  • Login to your EC2 ubuntu instance with default user ubuntu.

  • Now in order to add ninja to sudoers, follow below steps

$ sudo nano /etc/sudoers

I have highlighted User privilege specification

  • Add ninja ALL=(ALL) NOPASSWD:ALL just below root ALL=(ALL:ALL) ALL. Follow screenshot for better understanding.

Exit and login again with user ninja, now you will not be asked to enter user password again and again while installing Docker or while performing any other action.

Installing Docker

We will start by first updating existing list of packages.

$ sudo apt update

Now, lets install prerequisite packages so that apt can use packages over HTTPS.

$ sudo apt install apt-transport-https ca-certificates curl software-properties-common

Adding GPG key for the official Docker repository

$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

Now add the Docker repo to APT sources

sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable" && sudo apt update

Inorder to check Docker repo version table and installation candidate, use below command.

$ apt-cache policy docker-ce

Finally, lets install Docker

$ sudo apt install docker-ce

Inorder to check running status of Docker

$ sudo service docker status
Executing Docker commands without **Sudo**:

Typing sudo again and again becomes a problem because all commands in Docker need sudo access. But Docker understands its users and hence they allow users to execute Docker commands without use of sudo. Follow below steps to do so.

$ sudo usermod -aG docker ${USER}

Please reboot your machine inorder for changes to take effect.

You may also declare user mannualy by typing the name of user. For example:

$ sudo usermod -aG docker pankaj