Category Archives: installing

Import & export installed Cygwin packages

Recently I’ve changed my workstation to new one. Previously I’ve installed bunch of Cygwin packages on my old workstation.

So I thought; can I somehow migrate my installed Cygwin packages from my old workstation to new workstation?

The answer is yes. Follow me along to this wonderful journey XD

First you’ll need to save list of what you have installed on your Cygwin on old workstation.
To do this, open the Cygwin terminal/console & run this command below:

grep " 1$" /etc/setup/installed.db | awk '{printf "%s%s",sep,$1; sep=","} END{print ""}' > cygwin_packages.txt

Its basically dump a list of installed Cygwin packages in your workstation & save it to text file with comma-separated.

Next, go to your Cygwin home folder (commonly locate at “C:\cygwin64\home\“), open the “cygwin_packages.txt” file that we save before & copy all the content inside the text file.

Next, at your new workstation, ensure you have downloaded the latest Cygwin installer “setup-x86.exe” (32-bit) or “setup-x86_64.exe” (64-bit).

Then, open your Windows cmd & change you directory to where you save the Cygwin installer. E.g. for my case here, I save it in my Downloads folder “C:\Users\Zam\Downloads>”.

Then, run this command below on your Windows cmd; replacing/inserting the content of cygwin_packages.txt inside the double-quote as below:

setup-x86.exe -q -P "<paste the cygwin_packages.txt content here>"

You should see the Cygwin GUI opened & UAC requesting permission pop-up:

Click “Yes”, go through “Next” button & wait until the installation finished.

Installing bulk_extractor on Mac OS X

All reference is taken at here: https://github.com/simsong/bulk_extractor/wiki/Installing-bulk_extractor

bulk_extractor is a computer forensics tool that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. The results can be easily inspected, parsed, or processed with automated tools.

To install bulk_extractor, first install required library via Macports:

sudo port install flex autoconf automake pkgconfig

All install dev library:

sudo port install libewf openssl tre libxml2

Download libewf source code:

https://github.com/libyal/libewf

Then install libewf from source (because libewf via ports too old):

./configure
make
sudo make install
sudo ldconfig./configure
make
sudo make install
sudo ldconfig

Wifi Pineapple Mark V MR3020 – Bypass verify_pineapple LED pattern

wrong pattern entered during verify pineapple.

wrong pattern entered during verify pineapple.

Recently, I have a cool weekend project to do at home. Kinda spending a good time with my gadgets. πŸ˜€ I decided to install Wifi Pineapple Mark 5 version 2.2.0 on TP-Link MR3020 version 1.9. Its a straight forward step and you can follow that tutorial on my personal wiki at wiki.khairulazam.net.

After the installation finished, you need to go through the pineapple security measure as a part of setting up pineapple for the first time.

You need to select the correct pattern on that page to match with the blinking LED on your device. But… You know. Shit happen. Maybe because you installing the firmware on different hardware. πŸ™

So, if you also have and facing the same problem, its okay. With a help from Mr. Fikri Fadzil, lets bypass the pattern verification. >_<

First, power off you device, which in my case, I’m using TP-Link MR3020.

After that, unplug the USB pendrive that contain pineapple firmware and plug in it to your computer. I use Ubuntu Desktop to make this step easier.

Go to this directory:

/media/a7ac8712-5a08-49da-b9e1-2ede31828bda/pineapple/includes/

* /media/a7ac8712-5a08-49da-b9e1-2ede31828bda/ may be different as yours. take note what your USB drive mounted on your OS

And edit this file:

welcome.inc.php

Go to line 199. Or search for keyword “array_search” in this “welcome.inc.php” file.

Edit the code from this:

if (array_search($post['amber'], $action_array) == $current_state[0]
    && array_search($post['blue'], $action_array) == $current_state[1]
    && array_search($post['red'], $action_array) == $current_state[2]
) {
    $_SESSION['verified'] = true;
    return passwordForm();
  }

to this:

if (true)
{
    $_SESSION['verified'] = true;
    return passwordForm();
}

Save this code. Unmount/eject your USB pendrive and plug in on your MR3020 back.

After that, just power on your device, and try to go through the verify pattern step back again. At this time, it will accept any pattern you like.

Then proceed to the next step. Happy hacking! πŸ™‚

Allow root login on FreeBSD

To allow root login via ssh on FreeBSD, edit sshd_config file:

sudo vi /etc/ssh/sshd_config

Find this line:

#PermitRootLogin no

and change it to:

PermitRootLogin yes

Now Restart sshd:

[email protected]:~ # /etc/rc.d/sshd restart
Performing sanity check on sshd configuration.
Stopping sshd.
Waiting for PIDS: 1698.
Performing sanity check on sshd configuration.
Starting sshd.

Maltrieve on Mac OS X

Maltrieve originated as a fork of mwcrawler. It retrieves malware directly from the sources as listed at a number of sites, including:

  • Malc0de
  • Malware Black List
  • Malware Domain List
  • VX Vault
  • URLqery
  • CleanMX
  • .

    If you want to install maltrieve on your Mac OS X, below is the steps to install it.

    • First, install beautifulsoup4 via pip
    sudo pip install beautifulsoup4
    • Install required dependencies via apt-get
    sudo port install libxml2 libxslt py-lxml
    • Download maltrieve from github
    sudo git clone https://github.com/technoskald/maltrieve.git
    cd maltrieve
    python maltrieve.py -d pull -l maltrieve.log

    Done. Now you can use the Maltrieve on your Mac OS X.

    Installing Conpot on Ubuntu 12.04

    Conpot is a low interactive server side Industrial Control Systems (ICS) honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems.

    For more info, you can refer at here

    First, edit your apt list file and insert this line below:

    nano /etc/apt/sources.list
    deb http://us.archive.ubuntu.com/ubuntu precise main multiverse

    After that, update your OS:

    sudo apt-get update

    Then, install required dependencies:

    sudo apt-get install libsmi2ldbl snmp-mibs-downloader python-dev libevent-dev libxslt1-dev libxml2-dev sqlite sqlite3 git

    Some of dependencies need to be install via pip:

    pip install --upgrade gevent pysnmp lxml bottle jinja2 beautifulsoup4 requests sphinx libtaxii xlrd crc16
    • Ensure that you have installed python-pip before you run this command.

    Install Modbus-tk (to create modbus app easily with Python):

    cd /opt
    git clone https://github.com/glastopf/modbus-tk.git
    cd modbus-tk
    python setup.py build
    python setup.py install

    Install Conpot:

    cd /opt
    git clone https://github.com/glastopf/conpot.git
    cd conpot
    python setup.py build
    python setup.py install

    Finish! Next step is to run the conpot:

    conpot

    Conpot is running on these port:

    $ netstat -lnput | grep python
    tcp        0      0 0.0.0.0:102             0.0.0.0:*               LISTEN      62822/python
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      62822/python
    tcp        0      0 0.0.0.0:502             0.0.0.0:*               LISTEN      62822/python
    udp        0      0 0.0.0.0:161             0.0.0.0:*                           62822/python

    Do ensure that those port is not occupied or used yet.

    How to install Volatility on Mac OS X Mavericks (10.9.2)

    Requirements

    Install Xcode
    Command Line Tools in the ‘Components’ tab.

    Installing Homebrew

    ruby -e "$(curl -fsSL https://raw.github.com/mxcl/homebrew/go)"
    brew doctor

    Installing XQuartz:
    Download installer from http://xquartz.macosforge.org/landing/
    Install using the installer.

    Installing Wine with Homebrew

    brew install wine

    Note: Keeping Wine up-to-date:

    brew update
    brew upgrade

    Installing Wget with Homebrew

    brew install wget

    Installing pcre with Homebrew

    brew install pcre

    Installing pip

    sudo easy_install pip

    Recommended packages

    Note: Change ownership of ‘opt’ directory to your user account:

    sudo chown -R [USERNAME] /opt
    e.g.:
    sudo chown -R zam /opt

    Installing Distorm3

    cd /opt/
    wget http://distorm.googlecode.com/files/distorm-package3.1.zip
    unzip distorm-package3.1.zip
    rm distorm-package3.1.zip
    cd /opt/distorm3
    python setup.py build
    sudo python setup.py install

    Installing Yara

    cd /opt/
    wget http://yara-project.googlecode.com/files/yara-1.7.tar.gz
    tar xvzf yara-1.7.tar.gz
    rm yara-1.7.tar.gz
    mv yara-1.7 yara
    cd /opt/yara
    ./configure CFLAGS=-std=gnu89
    make
    sudo make install

    Installing Yara-Python

    cd /opt/
    wget http://yara-project.googlecode.com/files/yara-python-1.7.tar.gz
    tar xvzf yara-python-1.7.tar.gz
    rm yara-python-1.7.tar.gz
    mv yara-python-1.7 yara-python
    cd /opt/yara-python
    python setup.py build
    sudo python setup.py install

    Test by running python shell:

    python
    >>> import yara

    Installing PyCrypto

    cd /opt/
    wget https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.tar.gz
    tar xvzf pycrypto-2.6.tar.gz
    rm pycrypto-2.6.tar.gz
    mv pycrypto-2.6 pycrypto
    cd /opt/pycrypto
    python setup.py build
    sudo python setup.py install

    Installing PIL – Python Imaging Library

    brew install libtiff libjpeg webp little-cms2
    pip install Pillow

    Installing OpenPyxl

    sudo pip install openpyxl

    Installing Graphviz

    brew install libtool

    Download: www.graphviz.org/pub/graphviz/stable/macos/mountainlion/graphviz-2.32.0.pkg
    Install Graphviz using the installer.

    Optional packages

    Installing pytz

    cd/opt/
    wget http://downloads.sourceforge.net/pytz/pytz/2006p/pytz-2006p.zip
    unzip pytz-2006p.zip
    rm pytz-2006p.zip
    mv pytz-2006p pytz
    cd /opt/pytz
    python setup.py build
    sudo python setup.py install

    IPython
    Installing Anaconda:

    cd ~/Downloads
    wget http://09c8d0b2229f813c1b93-c95ac804525aac4b6dba79b00b39d1d3.r79.cf1.rackcdn.com/Anaconda-1.6.1-MacOSX-x86_64.sh
    bash Anaconda-1.6.1-MacOSX-x86_64.sh

    Installing IPython:

    conda update conda
    conda update ipython

    Installing pyxpress:

    cd/opt/
    mkdir pyxpress
    cd /opt/pyxpress
    wget https://rekall.googlecode.com/git/contrib/pyxpress/README
    wget https://rekall.googlecode.com/git/contrib/pyxpress/pyxpress.c
    wget https://rekall.googlecode.com/git/contrib/pyxpress/setup.py
    python setup.py build
    sudo python setup.py install

    Installing libforensic1394:

    cd /opt/
    git clone git://git.freddie.witherden.org/forensic1394.git
    cd forensic1394

    Download: www.cmake.org/files/v2.8/cmake-2.8.11.2-Darwin64-universal.dmg

    Install CMake:

    cmake CMakeLists.txt
    sudo make install
    cd python
    sudo python setup.py install

    Installing Sysinternals Strings:

    cd /opt/
    mkdir Tools
    cd /opt/Tools
    wget http://download.sysinternals.com/files/Strings.zip
    unzip Strings.zip
    rm Strings.zip && rm Eula.txt

    Volatility

    Installing Volatility 2.3_beta

    cd /opt/
    sudo svn checkout http://volatility.googlecode.com/svn/trunk Volatility
    cd /opt/Volatility
    python setup.py build
    sudo python setup.py install
    sudo chmod +x vol.py

    How to install Volatility on Mac OS X (Version 10.8.4)

    Installing Comodo Positive SSL Certs on Apache

    Recently, I purchased Comodo Positive SSL for one of my web. Since this is my new experience on installing SSL onto Apache, I write this article so that anyone can refer to this step and also as my personal note.

    1. Before you install the certificates, you need to set up your virtual hosts and Apache configuration.
      In /etc/apache2/ports.conf add this line:
    NameVirtualHost *:443

    So the ports.conf will be something like this:

    NameVirtualHost *:80
    Listen 80
    
    NameVirtualHost *:443
    1. Then in your vhost file which is usually located at /etc/apache2/sites-enabled/default-ssl, edit or make sure this line is there:
    <VirtualHost _default_:443>
    
    SSLEngine on
    SSLCertificateFile    /etc/ssl/crt/www_your_domainname_org.crt
    SSLCertificateKeyFile /etc/ssl/crt/private.key
    SSLCACertificatePath /etc/ssl/crt/
    SSLCACertificateFile /etc/ssl/crt/www_your_domainname_org.cer

    SSLCertificateFile
    This is the actual SSL certificate. Comodo will name it after your domain e.g. www_your_domainname_org.crt. So just copy the file into the correct directory /etc/ssl/crt/ and make sure your vhost file points to it.

    SSLCertificateKeyFile
    When you first generated your CSR to send to the commercial SSL issuer you should have gotten a key file. You just need to move it into the same folder as your SSL cert if it’s not there already and point the line to your vhost config.

    SSLCACertificateFile
    Comodo sends you that zip file with 3 individual CRT files in it you need to combine a couple of them into one file. You can ignore the file named after your domain and just focus on the other two. You need to combine them into one file in a very specific order.

    Run this command to generate a file that matches your vhost config, remembering to change the file names to whatever the SSL issuer has given you:

    cat PositiveSSLCA2.crt AddTrustExternalCARoot.crt > www_your_domainname_org.cer

    Then, restart your server:

    sudo a2enmod ssl
    sudo service apache2 restart