CentOS on Windows? Why not?

This post is about installing Linux distribution CentOS on Vmware under Windows. Sometimes a (wo)man needs a CentOS...and you can set it up easily based on this list!

1. Download latest Vmware Player 64 bit version(vmware.org), it's free.
2. Install it on Windows.
3. Go to http://www.osboxes.org/centos/ and download latest CentOS image.
4. Unzip it and edit CentOSXXX_64.vmx file, put this line there: ethernet0.virtualDev = "e1000"
5. Reboot your computer and check the virtualization settings in BIOS: they must be enabled (disabled by default on many computer, names vary per manufacturer).
6. Start Vmware player and open the CentOS virtual machine from the place you have unzipped it.
7. Edit virtual machine settings: at the network adapter the "Bridged" option should be set.
8. Start the virtual machine.
9. Whenever the CentOS is started you have to configure the network manually. As root go to /etc/sysconfig/ and check that the file called 'network' contains this line:

NETWORKING=yes

If not, add it (use nano or vi as editor ).
11. Reboot your virtual machine.
12. Open a console and type : nmcli d -> this command should list your network interfaces.
13. As root go to /etc/sysconfig/network-scripts and check if there is a file like this: ifcfg-YOUR_NETWORK_INTERFACE_NAME (e.g. ifcfg-eno1561651)
If not, create it (touch + name).
14. This file should contain the following lines:

DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes

15. Go to Network settings on the UI (Applications - System Tools - Settings) and you should see a connection like "Wired". Press add profile and with default settings save the profile.

Now you should have a working CentOS with a working internet connection. Try it out with a browser and you will see immediately if the world is available. Enjoy!

How to access a windows system without logging in?

Yes, it is possible. And it's relatively easy. What do you need to do this?

If you managed to get in a Windows system with e.g. password guessing, brute force attack, eavesdropping or using any other technique, it can be important to set up a backdoor there, because if your intrusion is detected later, the user / pw pair you used can be removed or changed and you have lost your way in.
One solution for this is to do a little trick as soon as you got in.

The secret is the following: whenever the Windows asks a login name / pw pair, you can press the shift key a couple of times (five, to be precise) to switch on the socalled Sticky Keys. This option lets you use the SHIFT, CTRL, ALT and Windows Logo keys by pressing one key at a time.

Anyway, you have to realize that an application is run by Windows BEFORE you log in. And you just have to utilize this fact! So once you are in (with e.g. guessed pw), go to system32, find sethc.exe, create a backup for this file and copy cmd.exe to sethc.exe (overwrite). That's it! Next time when you log off and Windows asks for username / pw, you just hit the SHIFT key five times and you will get a command prompt...

Which opens up the system for you without logging in.

Voilá!

What data can you find on the net using just Google?

During a normal, usual penetration testing session the tester can use a broad range of free tools to scan the client's web application, web server, network, users, etc., and eventually he can write some new ones if he has time and experience in scripting. The information gathering (reconnaissance)  phase is all about searching for data. This can be done by actively pinging the client's network and servers or...how else? In a passive way? That sounds much better in some cases...

Every piece of functionality is already coded somewhere by someone, you just have to find it.

Even the searching is automated. By whom? Google, for example. I guess you know this company. Very hard to escape from them. Good work, Larry & Sergey!

So the secret is that Google can help you a lot in the information gathering phase.  You just have to be familiar with some searching operators, commands, which is interpreted by the Google searching engine and you will find your gold mine. You can find a lot of tutorials in the wild about the operators. Read everything carefully, take your time. 

Also, you can find a lot of examples. You can practice based on this and other ideas. You'll be surprised.

You might ask the question: what can you find on the net? 

Well, this question is not OK. 

Better would be: is anything that you can NOT find on the internet?

Google search tricks for penetration testers (ethical hackers) are called google hacks or google dorks. There is even a database for these search phrases! I mean, at least one.

You can find passwords, SSNs, private pictures, hidden webcams, police reports, salary lists, etc, etc. 

Oh. My. God. 

Yes.

 Learn something new every day about google search. Knowledge is power!

--- --- --- ---

Do you have a web page with important data? Do you sleep well?

Professional penetration testing. Mitigate the risk.

--- --- --- ---

News from cybersecurity world, 16th of October

I'd like to share some interesting news from the Internet security & penetration testing world.

- The new OWASP Test guide is out! It's a must have for all the pentesters I believe. You will always learn new things from these guys. Big thanks to them for this, btw!

- Google found a huge bug in SSL v3, details here. If you are using IE or FF, you should take care of your configuration!

- There are news on the web about Dropbox being hacked and millions of user names and passwords stolen. Dropbox says it's not true. One thing is sure: you have to change your Dropbox pw as soon as possible!

- Russian hackers won't stop learning and self-developing, so you should not do it either. Read this and if you believe only the half of it, you shold still feel the pressure. 

- Finally a very good news: Facebook doubled the fees for a bug found by anyone in their systems! So prepare yourself, finetune your tools and start gunning.

Happy reading and don't forget: "The quieter you become, the more you are able to hear. "

How to be a penetration tester? And why?

Good question. The answer is...well, it's not easy, but very rewarding!

    Today you can not open any news web site without facing an article about hackers penetrating some high level US government institute server, data breaches, stolen credit card numbers and secure codes, defaced websites, huge and very old bugs found in different applications, etc. The internet is fulll of these stories. You can (and should, btw) ask the question: what is going on out there? Who are behind these attack? How are they so successful?

    Tough questions, but it's easy to answer the last one: the attacks are successful, because a) the systems, applications currently used on the net are not well designed and maintained from a security point of view b) and not tested thoroughly or not tested at all from a security point of view. Why not? Cost cutting is the magic phrase (as usually in the QA world). And sometimes lack of education as well.

    Here is the point where the penetration tester can step into the game. If you check recent testing job ads, you can see a trend among companies hiring more and more skillful pentesters to ensure the security and protection of their systems. And the good news for you is that there are very few guys out there who are skillfull, have experience and know anything about nmap and metasploit. This is a very promising market gap for testers. It is possible to do it remotely as there is no reason to get into the office. Or you can do it as an entrepreneur. So it's time to change your mindset, turn up your sleeves and start learning!

    You can do learning in two ways: self education and trainings. I suggest to choose the first one but it's your decision, of course. Firstly you have to see that the learning phase is a never ending story. Especially in IT you have to learn something new every day as it is a contantly changing industry. Secondly you have to be unwavering: never stop reading articles, books, practicing with tools. You can have breaks, which can last days or weeks, but the more you practice the more skillfull you will be. Thirdly: try to find a mentor. A mentor can help you a lot in showing what tools are the best, what is worth to read and learn. He/she may be on the other side of the planet but can be a huge aid.

    OK, so you are eager to start? I guess you are!

    Here are some ideas how to start: find and read books about security, collect bookmarks of different security and pentesting related web sites, news pages, forums, join groups which discuss pentesting topics, buy a laptop if you don't have one, install Kali linux (forget windows), read the manuals, try out the tools. I guarantee that in 1 year you will know more about security than the 99,9 % of the people of planet Earth.

    What else can you do? I suggest to stop wasting time for activities which are not making you more complex. Examples: facebooking, watching tv, reading celebrity and political news, etc. You should use the time for practicing. Don't forget: it's a long term investment but it will pay you more than would you think!