I installed Kali (successor to Backtrack) on my Raspberry Pi because it was there. I've been meaning to practice some pen testing for a while, so I looked into Backtrack. It has been updated, and the new release is called Kali. I first installed it to a VM to play with. I saw that there was a version for the Raspberry Pi, so I decided to give it a try.
Here is a short guide to installing using dd in Linux:
http://docs.kali.org/armel-armhf/install-kali-linux-arm-raspberry-pi
Here is another one using win32diskimager:
http://tghc.co/metasploit-postgres-on-kali-raspberry-pi/
First, download the image from here:
http://www.kali.org/downloads/
The image turns out to be in .xz format, which is a stripped down version of 7zip. I have 7zip, so I was able to extract it. The image is just under 8GB, so it will fit on an 8GB SD card. I tried to install to two different SD cards, but ran into file issues when booting on the Raspberry Pi.
The image creates a 60MB fat16 partition and a larger ext4 partition. I decided to try and extend the partition using GParted in Linux Mint. I put that in the Raspberry Pi and booted. It got farther, but then froze up. This was better than the inode errors that it was throwing before.
Then I tried to copy the image using dd as suggested:
$ dd if=kali-linux-1.0.4-armel-rpi.img of=/dev/sdb bs=512k
This was on a 16GB SD card. I inserted that into the Raspberry Pi and booted. This time, it complained about having too many blocks for the device size. I put it back in Linux Mint and resized the second partition using GParted so that it used all of the remaining space. This worked, and the Rapberry Pi booted up and I was able to log in.
Wednesday, July 31, 2013
Sunday, July 14, 2013
Raw Device Mapping using ESXi on HP ProLiant N54L
I have ESXi 5.1 running on a 250GB drive in the HP N54L. I just added four new 3TB drives (after running surface scans) and booted back up. I want to add the four drives to the OpenMediaVault virtual machine using raw device mapping (RDM).
My first thought was to add new drives and select RDM when adding. It looks like this does not work for local drives, or at least not for the local drives on this machine. The option was disabled.
I've already read about some command line options to do this, so that was my next step. This post has some directions for ESXi 4.1, which also worked on ESXi 5.1.
The first step was to enable SSH access. I had to go to the physical server, access the settings, go to "Troubleshooting Options," and enable SSH access. Then I was able to ssh in using Putty.
The command to create the RDM VMDK is:
#vmkfstools -z /vmfs/devices/disks/<name of disk> /vmfs/volumes/<name of local volume>/<make a raw disk name>.vmdk
For me, a command was:
# vmkfstools -z /vmfs/devices/disks/t10.ATA_____WDC_WD30EFRX2D68AX9N0_________________________WD
2DWMC1T3154102 /vmfs/volumes/250GB\ datastore/WD_WMC1T3154102.vmdk
This assumes that the raw disk was t10.ATA_____WDC_WD30EFRX2D68AX9N0_________________________WD
2DWMC1T3154102 and the spinning disk was mapped to /vmfs/volumes/250GB\ datastore/
Then, I was able to go to the VM, add a disk, select "Existing Disk," and browse to the new vmdks. By default, when selecting "Existing Disk," my datastore was listed. I had to browse into it to see the vmdks.
The post that I referenced suggested putting the RDM disks on a new virtual SCSI controller. I did that in the nest step by selecting SCSI controller 1:0. I also selected Independent Mode, Persistent. Independent means that the disk is not included in snapshots. So if I took a snapshot of the VM, the RDM disks would not be included. If I revert the VM, the RDM disks will not change. Persistent means that changes to the files get written to disk. Non-persistent means that changes are lost after a reboot of the VM. That would be very bad for a NAS.
I powered on the OpenMediaVault VM after I added the four drives as SCSI 1:0, 1:1, 1:2, and 1:3. I logged into the web interface and was able to see the new drives under Storage | Physical Disks.
The next step is to add and configure the RAID. I haven't decided if I'll use RAID 5 for ~9TB or RAID 10 for ~6TB. Since I don't need the high throughput of RAID 10, I'll probably stick to RAID 5.
My first thought was to add new drives and select RDM when adding. It looks like this does not work for local drives, or at least not for the local drives on this machine. The option was disabled.
I've already read about some command line options to do this, so that was my next step. This post has some directions for ESXi 4.1, which also worked on ESXi 5.1.
The first step was to enable SSH access. I had to go to the physical server, access the settings, go to "Troubleshooting Options," and enable SSH access. Then I was able to ssh in using Putty.
The command to create the RDM VMDK is:
#vmkfstools -z /vmfs/devices/disks/<name of disk> /vmfs/volumes/<name of local volume>/<make a raw disk name>.vmdk
For me, a command was:
# vmkfstools -z /vmfs/devices/disks/t10.ATA_____WDC_WD30EFRX2D68AX9N0_________________________WD
2DWMC1T3154102 /vmfs/volumes/250GB\ datastore/WD_WMC1T3154102.vmdk
This assumes that the raw disk was t10.ATA_____WDC_WD30EFRX2D68AX9N0_________________________WD
2DWMC1T3154102 and the spinning disk was mapped to /vmfs/volumes/250GB\ datastore/
Then, I was able to go to the VM, add a disk, select "Existing Disk," and browse to the new vmdks. By default, when selecting "Existing Disk," my datastore was listed. I had to browse into it to see the vmdks.
The post that I referenced suggested putting the RDM disks on a new virtual SCSI controller. I did that in the nest step by selecting SCSI controller 1:0. I also selected Independent Mode, Persistent. Independent means that the disk is not included in snapshots. So if I took a snapshot of the VM, the RDM disks would not be included. If I revert the VM, the RDM disks will not change. Persistent means that changes to the files get written to disk. Non-persistent means that changes are lost after a reboot of the VM. That would be very bad for a NAS.
I powered on the OpenMediaVault VM after I added the four drives as SCSI 1:0, 1:1, 1:2, and 1:3. I logged into the web interface and was able to see the new drives under Storage | Physical Disks.
The next step is to add and configure the RAID. I haven't decided if I'll use RAID 5 for ~9TB or RAID 10 for ~6TB. Since I don't need the high throughput of RAID 10, I'll probably stick to RAID 5.
Wednesday, July 10, 2013
SANS Webinar: Why Defense, Why Now
The webinar "Why Defense, Why Now" was given on May 30, 2013. I watched it on July 10, 2013. These notes are my evidence that I watched it in case of audit as I submit this for CPE credit.
APTs almost always come in via email using one of these four vectors:
So, do we really need these to come in via email? Almost never, so disable these to significantly reduce risk from APTs.
Malware usually does these things
Can use an outbound proxy. It will break most command and control connections.
Organizations aren't detecting attacks. Need to shift mentality to one that assumes we are going to get compromised, so figure out how to detect and neutralize compromises.
Much like the APT webinar, he suggests looking at your network diagram and identifying all of the preventative devices and the detective devices. The average is 88% preventive. All the effort is on prevention and little to none on detection. Need to start focusing more on detection. Also 95% of the prevention is on inbound.
Prevention is ideal, but detection is a must!
Notes
"A" in APT is not for advanced threat, but rather an advanced adversary.APTs almost always come in via email using one of these four vectors:
- attached executable
- macros (office)
- active scripting
- html embedded content
So, do we really need these to come in via email? Almost never, so disable these to significantly reduce risk from APTs.
Malware usually does these things
- Upload code
- Start a process
- Establish connection
- Modify startup or sytem files
Can use an outbound proxy. It will break most command and control connections.
Organizations aren't detecting attacks. Need to shift mentality to one that assumes we are going to get compromised, so figure out how to detect and neutralize compromises.
Much like the APT webinar, he suggests looking at your network diagram and identifying all of the preventative devices and the detective devices. The average is 88% preventive. All the effort is on prevention and little to none on detection. Need to start focusing more on detection. Also 95% of the prevention is on inbound.
Prevention is ideal, but detection is a must!
Suggestions
- Know your systems
- up-to-date network diagram
- network visibility map
- cm and change control
- Defense in depth
- inbound prevention
- outbound detection
- log correlation
- anomaly detection
- Common metrics
- utilize the critical controls
- security defines the metrics
- IT implements the metrics
- audit validates the metrics
- executives track the metrics
Monday, July 8, 2013
Install Plex to OpenMediaVault
I have ESXi 5.1 on an HP ProLiant N54L microserver. I created a VM and installed OpenMediaVault 0.4.32_amd64. Now I want to install Plex.
There is a very good guide here. Here is the abbreviated version.
There is a very good guide here. Here is the abbreviated version.
- Log into the web administration page using default credentials. Change password and enable ssh. Changing the password for admin (web access) changes the password for root.
- ssh into the box as root using the new password. I use Putty.
- Install aptitude and run an update. If it doesn't work, it is because the web page has a lock on the package updater. Reboot or find the process and kill it.
- apt-get install aptitude
- aptitude update
- Install curl
- aptitude install curl
- Update /etc/apt/source.list.d/plexmediaserver.list to have 'deb http://shell.ninthgate.se/packages/debian squeeze main'
- Add the key
- curl http://shell.ninthgate.se/packages/shell-ninthgate-se-keyring.key | sudo apt-key add -
- Update again. I saw 2 new packages from the last update. Install plexmediaserver.
- aptitude update
- aptitude install plexmediaserver
- Make sure it is running (/etc/init.d/plexmediaserver status), then go to the web page at <IP>:32400/web.
Sunday, July 7, 2013
Install ESXi 5.x to HP ProLiant N54L
I got one of the new HP microservers to use as a NAS. As long as I had it, I figured that I'd install ESXi and then install a NAS OS to a VM. Then I could run another VM or two on there.
The first step was to add memory, which requires disassembling the machine almost completely to pull the motherboard out. After that, I moved the included 250GB hard drive from one of the 4 drive bays to the 5.25" bay using a 3.5" to 5.25" adapter.
I got a license from VMware and downloaded a version of ESXi with HP drivers from this page. I used vSphere 5.1 U1 Apr 2013, which was really this image: HP Custom Image for ESXi 5.1.0 Update 1 Install CD.
I "burned" the iso to a usb stick using unetbootin-windows-584. I put the stick in the server and booted. It promptly complained about the media failing a check. I formatted the stick and ran unetbootin as administrator. This time, the microserver booted to a VMware ESXi 5.1.0 Installation.
At this point, I also had a USB stick inserted on the motherboard to install to, in addition to the 250GB hard drive. I planned to install ESXi to the USB stick, and use the 250GB for VMs. I'm going to add 4 hard drives later and try to add them to the NAS via Raw Device Mapping (RDM).
The install took a while, but completed with a few inputs from me (disk, location, verification, etc.). I removed the install media and rebooted to a 60 day trial version. Unfortunately, I had not connected the server to the network, so the IP address was 0.0.0.0, then 169.254.241.82. It noted that DHCP failed. I plugged in a cable, and it picked up an address in a minute or two.
I connected from my workstation to the address listed. It pointed me to various VMware tools, including the vSphere client. I already had the current version: VMware-viclient-all-5.1.0-1064113.exe.
I installed the client and logged in using the IP address and root user/password. I had to verify/allow a security certificate.
After logging in, I saw a note that the license would expire in 60 days. There was a link, which took me to the VMware site, where I logged in. I then saw that I had a license key for a 60 day evaluation. It took me a while to figure out how to update the license, which I had requested earlier for evaluation.
To add the license, go to the Home view, then select Inventory. This should show the host. on the right, go to Software, then click on "Licensed Features." It should show 60 days.
There is an "Edit..." link in the top right. Click on that, then add the key.
I created a datastore using the 250GB disk, and then I was off making VMs!
The first step was to add memory, which requires disassembling the machine almost completely to pull the motherboard out. After that, I moved the included 250GB hard drive from one of the 4 drive bays to the 5.25" bay using a 3.5" to 5.25" adapter.
I got a license from VMware and downloaded a version of ESXi with HP drivers from this page. I used vSphere 5.1 U1 Apr 2013, which was really this image: HP Custom Image for ESXi 5.1.0 Update 1 Install CD.
I "burned" the iso to a usb stick using unetbootin-windows-584. I put the stick in the server and booted. It promptly complained about the media failing a check. I formatted the stick and ran unetbootin as administrator. This time, the microserver booted to a VMware ESXi 5.1.0 Installation.
At this point, I also had a USB stick inserted on the motherboard to install to, in addition to the 250GB hard drive. I planned to install ESXi to the USB stick, and use the 250GB for VMs. I'm going to add 4 hard drives later and try to add them to the NAS via Raw Device Mapping (RDM).
The install took a while, but completed with a few inputs from me (disk, location, verification, etc.). I removed the install media and rebooted to a 60 day trial version. Unfortunately, I had not connected the server to the network, so the IP address was 0.0.0.0, then 169.254.241.82. It noted that DHCP failed. I plugged in a cable, and it picked up an address in a minute or two.
I connected from my workstation to the address listed. It pointed me to various VMware tools, including the vSphere client. I already had the current version: VMware-viclient-all-5.1.0-1064113.exe.
I installed the client and logged in using the IP address and root user/password. I had to verify/allow a security certificate.
After logging in, I saw a note that the license would expire in 60 days. There was a link, which took me to the VMware site, where I logged in. I then saw that I had a license key for a 60 day evaluation. It took me a while to figure out how to update the license, which I had requested earlier for evaluation.
To add the license, go to the Home view, then select Inventory. This should show the host. on the right, go to Software, then click on "Licensed Features." It should show 60 days.
There is an "Edit..." link in the top right. Click on that, then add the key.
I created a datastore using the 250GB disk, and then I was off making VMs!
Subscribe to:
Posts (Atom)