Diving into Metasploit – Configuring local environment

This semester I have a great excuse to learn the Metasploit framework since it is a required topic on the course on Penetration Testing I’m taking at Seneca.

I want to document the steps of being introduced to metasploit from a software developer’s point of view.
I had never used metasploit before and the goal by the end of the semester if to be fairly fluent with the framework.

To get started I want to cover the environment installation.

1. Choosing virtualization tool

My dev machine is a mac, I’m running Mavericks.
There are a few options to virtualize an OS on mac.
You could use Paralles, VMWare or VirtualBox. There is also the possibility of running containers but that’s the topic of another post.
So between the main three virtualization tools, hands down VirtualBox is the bestΒ  if you plan to run linux os. It comes with pointer integration and drag and drop out of the box while Paralles and VMWare don’t. Also we can’t forget the fact that VirtualBox is free which makes even easier to get started with.

VirtualBox website

2. Planning network architecture

Once I had the tools in place to virtualize my environment it was time to plan out the network configuration.
I’m sticking with a very basic setup:
network: 10.10.0.0/24
static pool: 10.10.0.1-100
dhcp pool: 10.10.0.101-254
domain: dpi902.shogun
hosts: {osName}{number}

To create a network on VirtualBox is very simple, only a few steps required:
Screen Shot 2014-01-28 at 9.39.31 PM

Screen Shot 2014-01-28 at 9.39.27 PM

Screen Shot 2014-01-28 at 9.39.19 PM

To get more information on the network types supported by VirtualBox check out their manual:https://www.virtualbox.org/manual/ch06.html

3. Configure Interfaces

With the host-only network created, the next step is to configure the network interfaces of the VMs you’ll be using. I’m starting with Kali and Metasploitable-2

I like to set up as the eth0 the host-only network I’ll be configuring the static IPs.
eth2 I leave for the bridge interface where I’ll get internet connection whenever needed.
Screen Shot 2014-01-28 at 9.44.14 PM

Screen Shot 2014-01-28 at 9.44.08 PM
Since Kali and Metasploitable are debian base we can set static ips the same way we do it on ubuntu:

vim /etc/network/interfaces

auto eth0
iface eth0 inet static
address		10.10.0.22
gateway		10.10.0.1
brodcast	10.10.0.255
netmask		255.255.255.0

auto eth1
iface eth1 inet dhcp

post-up route add default gw 10.0.0.1 metric 2
pre-down route del default gw 10.0.0.1

A couple of things to note:

  1. By simply adding a virtual interface to VirtualBox doesn’t mean that it will be brought up by default by the network service, it needs to be brought up manually or configure in the interfaces file.
  2. I guess since I’m bridging eth1 the default gateway being used is from eth0, which doesn’t have internet connection. To circumvent the problem I just set the default gateway manually when the network service gets started. One issue I foresee with this is when I use a network with a segment different than 10.0.0.0. I’ll need to do some more readings on this topic but I’m thinking of configuring the gateway dynamically or setting the bridge interface on eth0. We’ll see.

So that’s pretty much it.
An environment to play around with metasploit

TODO:
Use the virtualbox api in conjunction with puppet to orchestrate the deployment/config of VMs in a test environment.

Advertisements

VirtualBox and USB devices, vboxusers.

By default when installing VirtualBox on Ubuntu, you won’t be able to access USB devices in the VM.

To get around that problem is very simple, below are listed the steps needed to get access to USB devices in the VM.

First, make sure you have the latest version of the software:
Download VirtualBox

You also need to install the extension pack:
Get Extension Pack

and the Guest Additions:

Guest Additions Manual

After installing all the extra dependencies, it is time to enable USB access to the VM.

First

Right click on the VM and select settings:

You will get this message:


Failed to access the USB subsystem

VirtualBox is not currently allowed to access USB devices. You can change this by adding your user to the ‘vboxusers’ group. Please see the user manual for a more detailed explanation.

It tells that you need to add your user to the vboxusers group.

Second

There are two ways to add users to groups in Ubuntu.
Via the GUI

If you want something faster, it is also possible to add a user to a group via the command line:

After adding the user to the vboxusers group you need to restart Ubuntu.

Third

Now after adding the user to the vboxusers group, it is time to select which USB device you want to mount in the VM

Forth

Access USB devices in the VM

More Info:
http://www.howtogeek.com/howto/31726/mount-usb-devices-in-virtualbox-with-ubuntu/


Installing Lua on Ubuntu

I’ve been hearing about Lua for a few years now, but I never took the time to sit down and read more about the language, the only thing I knew was that WoW used it, and that it was created by a group of teachers in Brazil

Speaking with my brother in law, that now works in the same university as the teachers that created Lua, recommended to me a podcast where the main creator of Lua talks about the language in general.

The podcast is VERY good, Roberto Ierusalimschy explains why he created Lua, all the architectural design behind it, his philosophy regarding the project, some good use cases for the language and the future for Lua(the podcast is in Portuguese)

After listening to the podcast, I was really surprised to hear that Lua’s only data structure is Tables, much like the object notation in javscript, and that a lot of features in the new JS engines today are somewhat derived from Lua.
I decided to give a try and play a bit with the language.

Bellow is a simple tutorial to get Lua up and running on Ubuntu

Installing Lua

There are a few different ways you can install Lua on your machine, I decided to get the source code and compile it.
Lua it self is not that big, ~20,000 lines of code.

You can download the code here:

I downloaded the latest stable version, 5.2.0

After downloading/extracting, you’ll ge this files:

/doc
Makefile
README
src

All it takes to compile Lua is a simple:

make linux test

linux species which platform you want to build.
The complete list of supported platforms:

  • aix
  • ansi
  • bsd
  • freebsd
  • generic
  • linux
  • macosx
  • mingw
  • posix
  • solaris

test just prints the version of Lua to stdout

After compiling, the Lua executable will be created in your /src dir

To open the Lua shell: ./lua

*If you want to add the lua executable to your path there are several different ways to do it. A simple way is to create a symbolic link to lua in your $HOME/bin dir. It will automatically add lua to your PATH next time you log in

**You might get this error if you don’t have the readline lib installed:

To install the readline lib:

sudo apt-get install libreadline5-dev

After installing the lib, you should get this output:

If you don’t want to install the readline lib, you can make a few modifications to their build system:
Changing src/Makefile

linux:
  $(MAKE) $(ALL) SYSCFLAGS="-DLUA_USE_LINUX" SYSLIBS="-Wl,-E -ldl -lreadline -lncurses"

to

linux:
  $(MAKE) $(ALL) SYSCFLAGS="-DLUA_USE_LINUX" SYSLIBS="-Wl,-E -ldl -lncurses"

also removing the lib from src/luaconf.h

#if defined(Lua_USE_LINUX)
#define Lua_USE_POSIX
#define Lua_USE_DLOPEN    /* needs an extra library: -ldl */
#define Lua_USE_READLINE  /* needs some extra libraries */
#define Lua_USE_STRTODHEX /* assume 'strtod' handles hexa formats */
#define Lua_USE_AFORMAT   /* assume 'printf' handles 'aA' specifiers */
#define Lua_USE_LONGLONG  /* assume support for long long */
#endif

or just do a:

make ansi

More info here.

Running Some Programs:

To get started, lets run the famous Hello World program.
In Lua, all it takes is a simple:

print("Hello World!")

To run the program:

lua hello-world.lua

Another example using tables:

obj = {
  a = 1,
  b = {
    str = "b1",
    dec = 2.1
  },
  c = 3,
  f = function (x)
        return x*2
      end
}

for index,value in pairs(obj) do print(index,value) end

print(obj.f(2))
print(obj.b.str)
print(obj.b.dec)

Much like in javascript, you can create tables using the object notation: { }

You can think of tables as an associative array, a key value pair structure, just like a hash.

That’s very powerful and gives a lot of flexibility when writing programs.
You can create very complex data structures with a few lines of code.

Use Cases

The Lua project has more than 15 year of existence, being tested and used by several different companies

Adobe has more than 100 engineers working specifically with Lua.
The Adobe Light Room was mainly written in Lua.

Huawei, the second largest network and telecommunications equipment company in the world has more than 1 million lines of Lua written in their products

Some other well known projects that use Lua are:

The list of games is huge, close to a total of 160 different titles:

You can check the complete list here:

Lua and the Web

What got me really excited about Lua, was the fact that it can also be used as a web server.
Actually, some benchmarks show that Lua can be up to 3 times faster than node.js and the VM is also a lot smaller than node.

There are a few projects that started porting Lua to be much like a nodejs server. Using the Lua VM instead of the V8 engine, but keeping all the awesome architecture existing in node

One of the projects is Luvit.
The project is still on its early stages of dev, but looks very promising πŸ™‚

Other cool projects involving Lua:
LuaLibEvent
lua-ev
LuaNode
JSON4Lua
lunit


Debug Build of Firefox on Ubuntu

Following the tutorial on MDN  and with the help of the #developer channel on IRC I was able to build firefox in debug mode.
These are the steps I followed to get the build working:

Install dependencies:

apt-get build-dep firefox
apt-get install mercurial libasound2-dev libcurl4-openssl-dev libnotify-dev libxt-dev libiw-dev mesa-common-dev autoconf2.13 yasm

Create .mozconfig file in the root of your project

. $topsrcdir/browser/config/mozconfig
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/ff-dbg
ac_add_options –disable-optimize
ac_add_options –enable-debug
ac_add_options –enable-tests

Then

make -f client.mk build

It took me around 1h 10min to finish the build

To run firefox:

cd ff-dbg/dist/bin
./firefox

**
For some reason, when I start the browser, after a few seconds it goes to sleep and crashes

Also if I try to run the firefox-bin I get this error:


Installing MongoDB on Ubuntu

This tutorial will cover the basics to get MongoDB running on Ubuntu

I’ll break down the tutorial in 6 parts:

  • 1 – Setting up the environment
  • 2 – Adding repo key
  • 3 – Adding repo source
  • 4 – Installing mongo
  • 5 – Running Mongo
  • 6 – Tips

1 – Setting up the environment

If you tried to install mongo before and wasn’t successful, the best option is to uninstall all the existing mongo packages,. To do that you can run:

diogogmt@diogogmt-ID54-Series:~$ dpkg -l | grep mongo

If you see mongodb-10gen installed, then you have the right version, if you see mongodb-server, then you’ve installed from Ubuntu’s repository.
10gen repo is always up to date, and contains all mongo’s updates. So its better to install mongo using their repo.

If mongodb-server is installed, to remove the package run:

dpkg mongodb-server -P

A small description of dpkg:

dpkg is a tool to install, build, remove and manage Debian packages. The primary and more user-friendly front-end for dpkg is aptitude. dpkg itself is controlled entirely via command line parameters, which consist of exactly one action and zero or more options. The action-parameter tells dpkg what to do and options control the behavior of the action in some way.

**Some extra info, on how Ubuntu handles deb packages:
There are several tools to install a deb package on Ubuntu. The base tool that actually do the installation is the dpkg command.
Before the dpkg, is the apt system, which serves as a front end for dpkg. The synapitc, aptitute are a front end for the apt system, which is contained in the apt (Debian package). From apt that all the commands, apt-get, apt-update, apt-key comes from.

This blog has some very good information on how deb packages are handle :
http://algebraicthunk.net/~dburrows/blog/

2- Adding repo key

On this tutorial we’ll install mongo using 10gen official repo.

To be able to download mongo with apititude from 10gen repo, a key must be added first. That will verify if the repository is trusted.
The key can be added using apt-key
A quick description for the command:

apt-key is used to manage the list of keys used by apt to authenticate packages. Packages which have been authenticated using these keys will be considered trusted.

Here is the command to add the key:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10

Breaking down the command:
Another command used in the authentication of the key is gpg, because apt-key is called passing adv as an option, gpg will be invoked
GDP quick description:

gpg is the OpenPGP part of the GNU Privacy Guard (GnuPG). It is a tool to provide digital encryption and signing services using the OpenPGP standard. gpg features complete key management and all bells and whistles you can expect from a decent OpenPGP implementation.

More information on GnuPG : http://www.gnupg.org/
More info on OpenGP : http://www.openpgp.org/

3- Adding repo source

After you added the key, you can go and add the repository to your list.

On mongo’s website, it says to add

deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen

as an apt source.
If you add the source manually by editing the /etc/apt/sources.list like they recommend on the website it will work. However if you go to the Ubuntu Software Centre GUI and add the repo there. Two entries will be made to the /etc/apt/sources.list one as deb repourl and the other as deb-src repo url
For some reason, having the db-src will fail to get the updates.

Solution:

Manually enter

deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen

to

/etc/apt/sources.list

or use the Ubuntu Software Centre GUI, and after
deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen
is added, uncheck deb-src.

**Sysvinit and upstart.

On mongo’s website, there is the option of choosing the upstart and sysvinit repos. If you are using a recent version of Ubuntu(6 >) you can select the upstart.
Sysvinit used to be the startup boot program for ubuntu. Since version 6 Ubuntu has been using upstart.
If you notice, on the /etc/init.d/ dir, a lot of files are links to an upstart job

More info on boot management: https://help.ubuntu.com/community/UbuntuBootupHowto

4- Installing mongo

With the repository, and key added to your system, now is time to install mongo.

apt-get install mongodb-10gen

Congratualitions, you have MongoDB installed in your system.

5- Running mongo

If you installed mongo in a new version of Ubuntu it will be possible to start and stop the it as a service. However, if you run the command start mongodb you’ll and get this message:

diogogmt@diogogmt-ID54-Series:~$ start mongodb
start: Rejected send message, 1 matched rules; type="method_call", sender=":1.62" (uid=1000 pid=6540 comm="start mongodb ") interface="com.ubuntu.Upstart0_6.Job" member="Start" error name="(unset)" requested_reply=0 destination="com.ubuntu.Upstart" (uid=0 pid=1 comm="/sbin/init"))

don’t be afraid! Even though the message is not very user friendly, what happens is that you must be root to start/stop a service, so if you run:

diogogmt@diogogmt-ID54-Series:~$ sudo start mongodb
mongodb start/running, process 6482

It will work

To run mongo there are a couple of options.
You can start as a service
Or you can simple run the program

Both options have their benefits, some times you just want to create an instance for some project that you are testing

Others you want to have mongo running consistently on the background

If you start mongo as a service, you cannot pass any arguments in the command, example:

diogogmt@diogogmt-ID54-Series:~$ sudo start mongodb --port 27001
start: invalid option: --port
Try `start --help' for more information.

All the configuration for mongo will be in the /etc/mongodb.conf
So every time you start mongo as a service it will have the configuration specified on the mongo.conf file.

Now comparing to running an instance of mongo, every time you start that instance it will have the default configuration.
To change its configuration, you can then pass the options in the star up, for example:

diogogmt@diogogmt-ID54-Series:~$ mongod --port 27001 --dbpath /home/diogogmt/data
Mon Oct 24 01:19:03 [initandlisten] MongoDB starting : pid=6576 port=27001 dbpath=/home/diogogmt/data 64-bit host=diogogmt-ID54-Series
Mon Oct 24 01:19:03 [initandlisten] db version v2.0.1, pdfile version 4.5
Mon Oct 24 01:19:03 [initandlisten] git version: 3a5cf0e2134a830d38d2d1aae7e88cac31bdd684
Mon Oct 24 01:19:03 [initandlisten] build info: Linux bs-linux64.10gen.cc 2.6.21.7-2.ec2.v1.2.fc8xen #1 SMP Fri Nov 20 17:48:28 EST 2009 x86_64 BOOST_LIB_VERSION=1_41
Mon Oct 24 01:19:03 [initandlisten] options: { dbpath: "/home/diogogmt/data", port: 27001 }
Mon Oct 24 01:19:03 [initandlisten] journal dir=/home/diogogmt/data/journal
Mon Oct 24 01:19:03 [initandlisten] recover : no journal files present, no recovery needed

or if you want you can load a configuration file passing as an argument:

sudo mongod --config /etc/mongodb.conf

it will create an instance of mongo with the same configuration settings as starting mongo as a service.

6- Tips

Here are just a few tips, that maybe helpful if you’re getting started with mongo:

As you can see mongo gives you a lot of flexibility on how to run an configure your servers.

Like I said before, if you are testing a new project, you can create a new instance of mongo and give a different port and dbpath, so all the changes you make it wont effect the one running as a service.

Another difference, is that when you start mongo as a service, it won’t sit on your terminal listing all the interaction, to see the details of the server you can access http://localhost:28017/ or whatever port you decided to run it.

If you click on the listDatabases tab, it will say that REST is not enable, and you must start mongo with –rest option. However, you can’t pass arguments when you start mongo as a service, and if you check the /etc/mongodb.conf it doesn’t have any REST option.
To fix this is very simple, just add “rest = true” to the conf file.
For a list of all the posible configuration for mongo check their official website: http://www.mongodb.org/display/DOCS/File+Based+Configuration

**You can also just download mongo from their website: http://www.mongodb.org/downloads
After you unzip, you will see a bin folder, there are all the commands that you need to run mongo.
This way doesn’t give you a lot of flexibility, but if you just want to give it a quick and fast try, it is an option.

In the end, there are several ways to download, install, and run mongo. Choose the one it suits you better.

Good references:
http://www.javahotchocolate.com/tutorials/mongodb.html
http://www.mongodb.org/display/DOCS/Ubuntu+and+Debian+packages


CodeIgniter Default Controller

I had a very odd bug using codeigniter. Just an overview: I started doing the development of a web application on a Windows environment. I installed wamp, and that was my dev server. During the development phase everything worked fine. I didn’t have any problem regarding codeigniter configurations.

Once the development phase was finished, it was time to move to production. We decided to host the application on a2 hosting. We uploaded the application to the server, everything seemed to be working, when suddenly we discovered that the default route wasn’t working. That is a BIG problem! Imagine, every time we typed http://www.domainName.com it would throw a 404 error. The odd part, is that on the local wamp server, the default route was working. All the configurations were right. We had the .htaccess to remap the requests. We had all the routes and the default controller defined. Everything was good.

I had a problem searching for a solution, since it would always lead me to the default controller configuration, and that’s wasn’t the problem. Realizing I wouldn’t find a solution on google, I tried to go to the codeigniter channel on IRC. Nobody there could help me, some suggested that the problem was because I did the dev on a wamp server, and the host was a lamp server. That made sense, but didn’t help me much.

I was getting really frustrated, the client wanted the website online, and I had no clue what to do.
With no other option, I sat on the computer, and told me self I wouldn’t leave until the problem was fixed. First I began changing all the configurations of the application, hoping that the problem would be there. However I wasn’t lucky enough =/
100% sure that the problem wasn’t on the configuration settings of the application, I decided to change the default controller, just to see what would happen. At first it didn’t work, the second time magically worked πŸ™‚
Now here is the deal, as simple as this might be, comparing to all other bugs I faced using codeigniter, this was the hardest to solve it, check it out:

The default controller was set to publicUser.
The first time I changed to controlPanel and still didn’t work.
Then I changed to admin and it worked!

The problem was in the camel case name of the controllers!!
For some reason, running on wamp locally I didn’t have any problems with that, but uploading to a LAMP host the default controller wouldn’t work, but only the default controller, all the other controllers worked fine, the problem was to define a camel case named controller to the default route of the application. Of course, I changed all the controller names to lower case, just in case πŸ˜›

**PS
I found a note in the codeigniter user-guide saying that classes should not be named in camel case convention, and rather use underscores. However, the big questions remains, why throw an error only for the default controller and only in a hosted LAMP server?