Category Archives: installing

Import & export installed Cygwin packages

Recently I’ve changed my workstation to new one. Previously I’ve installed bunch of Cygwin packages on my old workstation.

So I thought; can I somehow migrate my installed Cygwin packages from my old workstation to new workstation?

The answer is yes. Follow me along to this wonderful journey XD

First you’ll need to save list of what you have installed on your Cygwin on old workstation.

To do this, open the Cygwin terminal/console & run this command below:

grep " 1$" /etc/setup/installed.db | awk '{printf "%s%s",sep,$1; sep=","} END{print ""}' > cygwin_packages.txt

Its basically dump list of installed Cygwin packages in your workstation & save it to text file named “cygwin_packages.txt” with comma-separated.

Next, go to your Cygwin home folder (commonly locate at “C:\cygwin64\home\”), open the “cygwin_packages.txt” file that we save before & copy all the content inside the text file (CTRL-C).

Next, at your new workstation, ensure you have downloaded the latest Cygwin installer “setup-x86.exe” (32-bit) or “setup-x86_64.exe” (64-bit).

Then, open your Windows cmd & change you directory to where you save the Cygwin installer; for my case here, I save it in my Downloads folder “C:\Users\Zam\Downloads”.

Then, run this command below on your Windows cmd; replacing/inserting the content of cygwin_packages.txt inside the double-quote as below:

setup-x86.exe -q -P "<paste the cygwin_packages.txt content here>"

You should see the Cygwin GUI opened & UAC requesting permission pop-up:

Click “Yes”, go through “Next” button & wait until the installation finished.

Suricata rule management using Oinkmaster

It is possible to download and install rules manually, but there is a much easier and quicker way to do so. There are special programs which you can use for downloading and installing rules. For example, Pulled Pork and Oinkmaster. Here I’m going to show how to install & use Oinkmaster.

To install Oinkmaster, enter:

sudo apt-get install oinkmaster

There are several rulesets available. There are Emerging Threats (ET), ET Pro and VRT. In this example we are using ET Free edition.

Oinkmaster need to know where these rules can be found. These rules can be found at:
http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz

To configure your Oinkmaster rules location, open oinkmaster.conf and add the link/url as below:

sudo nano /etc/oinkmaster.conf

Then add this line below:
url = http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz

In the new rules directory, a file named classification.config and reference.config can be found. The directories of both need to be added into suricata.yaml file. Do so by entering as below:

sudo nano /etc/suricata/suricata.yaml

Add this line below:

classification-file: /etc/suricata/rules/classification.config
reference-config-file: /etc/suricata/rules/reference.config

Let’s try run the Oinkmaster:

sudo oinkmaster -C /etc/oinkmaster.conf -o /etc/suricata/rules

The rules in locate at /etc/suricata/rules.

  • https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule_Management_with_Oinkmaster
  • https://web.nsrc.org/workshops/2015/pacnog17-ws/raw-attachment/wiki/Track2Agenda/ex-suricata-rules.htm

Installing bulk_extractor on Mac OS X

All reference is taken at here: https://github.com/simsong/bulk_extractor/wiki/Installing-bulk_extractor

bulk_extractor is a computer forensics tool that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures. The results can be easily inspected, parsed, or processed with automated tools.

To install bulk_extractor, first install required library via Macports:

sudo port install flex autoconf automake pkgconfig

All install dev library:

sudo port install libewf openssl tre libxml2

Download libewf source code:

https://github.com/libyal/libewf

Then install libewf from source (because libewf via ports too old):

./configure
make
sudo make install
sudo ldconfig./configure
make
sudo make install
sudo ldconfig

Wifi Pineapple Mark V MR3020 – Bypass verify_pineapple LED pattern

wrong pattern entered during verify pineapple.
wrong pattern entered during verify pineapple.

Recently, I have a cool weekend project to do at home. Kinda spending a good time with my gadgets. 😀 So I decided to install Wifi Pineapple Mark 5 version 2.2.0 on my TP-Link MR3020 version 1.9. Its a straight forward step and you can follow that tutorial on my personal wiki at wiki.khairulazam.net.

After the installation finished, you need to go through the pineapple security measure as a part of setting up pineapple for the first time.

You need to select the correct pattern on that page to match with the blinking LED on your device. But… you know why. because you installing the firmware on different hardware. LOL

So, if you also have and facing the same problem, its okay. With a help from Fikri Fadzil, lets bypass the pattern verification >_<

First, power off you device. After that, unplug the USB pendrive that contain pineapple firmware and plug in it to your computer. I use Ubuntu Desktop to make this step easier.

Go to this directory:

/media/a7ac8712-5a08-49da-b9e1-2ede31828bda/pineapple/includes/

* /media/a7ac8712-5a08-49da-b9e1-2ede31828bda/ may be different as yours. take note what your USB drive mounted on your OS.

And edit this file:

welcome.inc.php

Go to line 199. Or search for keyword “array_search” in this “welcome.inc.php” file.

Edit the code from this:

if (array_search($post['amber'], $action_array) == $current_state[0]
    && array_search($post['blue'], $action_array) == $current_state[1]
    && array_search($post['red'], $action_array) == $current_state[2]
) {
    $_SESSION['verified'] = true;
    return passwordForm();
  }

to this:

if (true)
{
    $_SESSION['verified'] = true;
    return passwordForm();
}

Save this code. Unmount/eject your USB pendrive and plug in on your MR3020 back.

After that, just power on your device, and try to go through the verify pattern step back again. At this time, it will accept any pattern you like.

Then proceed to the next step. Happy hacking! 🙂

Allow root login on FreeBSD

To allow root login via ssh on FreeBSD, edit sshd_config file:

sudo vi /etc/ssh/sshd_config

Find this line:

#PermitRootLogin no

and change it to:

PermitRootLogin yes

Now Restart sshd:

root@Freebsd10:~ # /etc/rc.d/sshd restart
Performing sanity check on sshd configuration.
Stopping sshd.
Waiting for PIDS: 1698.
Performing sanity check on sshd configuration.
Starting sshd.

Maltrieve on Mac OS X

Maltrieve originated as a fork of mwcrawler. It retrieves malware directly from the sources as listed at a number of sites, including:

  • Malc0de
  • Malware Black List
  • Malware Domain List
  • VX Vault
  • URLqery
  • CleanMX

If you want to install maltrieve on your Mac OS X, below is the steps to install it.

  • First, install beautifulsoup4 via pip
sudo pip install beautifulsoup4
  • Install required dependencies via apt-get
sudo port install libxml2 libxslt py-lxml
  • Download maltrieve from github
sudo git clone https://github.com/technoskald/maltrieve.git
cd maltrieve
python maltrieve.py -d pull -l maltrieve.log

Done. Now you can use the Maltrieve on your Mac OS X.

Installing Conpot on Ubuntu 12.04

Conpot is a low interactive server side Industrial Control Systems (ICS) honeypot with the goal to collect intelligence about the motives and methods of adversaries targeting industrial control systems.

For more info, you can refer at here

First, edit your apt list file and insert this line below:

nano /etc/apt/sources.list
deb http://us.archive.ubuntu.com/ubuntu precise main multiverse

After that, update your OS:

sudo apt-get update

Then, install required dependencies:

sudo apt-get install libsmi2ldbl snmp-mibs-downloader python-dev libevent-dev libxslt1-dev libxml2-dev sqlite sqlite3 git

Some of dependencies need to be install via pip:

pip install --upgrade gevent pysnmp lxml bottle jinja2 beautifulsoup4 requests sphinx libtaxii xlrd crc16
  • Ensure that you have installed python-pip before you run this command.

Install Modbus-tk (to create modbus app easily with Python):

cd /opt
git clone https://github.com/glastopf/modbus-tk.git
cd modbus-tk
python setup.py build
python setup.py install

Install Conpot:

cd /opt
git clone https://github.com/glastopf/conpot.git
cd conpot
python setup.py build
python setup.py install

Finish! Next step is to run the conpot:

$ conpot

Conpot is running on these port:

$ netstat -lnput | grep python
tcp 0 0 0.0.0.0:102 0.0.0.0:* LISTEN 62822/python
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 62822/python
tcp 0 0 0.0.0.0:502 0.0.0.0:* LISTEN 62822/python
udp 0 0 0.0.0.0:161 0.0.0.0:* 62822/python

Do ensure that those port is not occupied or used yet.

How to install Volatility on Mac OS X Mavericks (10.9.2)

Requirements

Install Xcode
Command Line Tools in the ‘Components’ tab.

Installing Homebrew

ruby -e "$(curl -fsSL https://raw.github.com/mxcl/homebrew/go)"
brew doctor

Installing XQuartz:
Download installer from http://xquartz.macosforge.org/landing/
Install using the installer downloaded from the website.

Installing Wine with Homebrew

brew install wine

Note: Keeping Wine up-to-date:

brew update
brew upgrade

Installing Wget with Homebrew

brew install wget

Installing pcre with Homebrew

brew install pcre

Installing pip

sudo easy_install pip

Recommended packages

Note: Change ownership of ‘opt’ directory to your user account:

sudo chown -R [USERNAME] /opt
e.g.:
sudo chown -R zam /opt

Installing Distorm3

cd /opt/
wget http://distorm.googlecode.com/files/distorm-package3.1.zip
unzip distorm-package3.1.zip
rm distorm-package3.1.zip
cd /opt/distorm3
python setup.py build
sudo python setup.py install

Installing Yara

cd /opt/
wget http://yara-project.googlecode.com/files/yara-1.7.tar.gz
tar xvzf yara-1.7.tar.gz
rm yara-1.7.tar.gz
mv yara-1.7 yara
cd /opt/yara
./configure CFLAGS=-std=gnu89
make
sudo make install

Installing Yara-Python

cd /opt/
wget http://yara-project.googlecode.com/files/yara-python-1.7.tar.gz
tar xvzf yara-python-1.7.tar.gz
rm yara-python-1.7.tar.gz
mv yara-python-1.7 yara-python
cd /opt/yara-python
python setup.py build
sudo python setup.py install

Test by running python shell:

python
>>> import yara

Installing PyCrypto

cd /opt/
wget https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.tar.gz
tar xvzf pycrypto-2.6.tar.gz
rm pycrypto-2.6.tar.gz
mv pycrypto-2.6 pycrypto
cd /opt/pycrypto
python setup.py build
sudo python setup.py install

Installing PIL – Python Imaging Library

brew install libtiff libjpeg webp little-cms2
pip install Pillow

Installing OpenPyxl

sudo pip install openpyxl

Installing Graphviz

brew install libtool

Download: www.graphviz.org/pub/graphviz/stable/macos/mountainlion/graphviz-2.32.0.pkg
Install Graphviz using the installer downloaded.

Optional packages

Installing pytz

cd/opt/
wget http://downloads.sourceforge.net/pytz/pytz/2006p/pytz-2006p.zip
unzip pytz-2006p.zip
rm pytz-2006p.zip
mv pytz-2006p pytz
cd /opt/pytz
python setup.py build
sudo python setup.py install

IPython
Installing Anaconda:

cd ~/Downloads
wget http://09c8d0b2229f813c1b93-c95ac804525aac4b6dba79b00b39d1d3.r79.cf1.rackcdn.com/Anaconda-1.6.1-MacOSX-x86_64.sh
bash Anaconda-1.6.1-MacOSX-x86_64.sh

Installing IPython:

conda update conda
conda update ipython

Installing pyxpress:

cd/opt/
mkdir pyxpress
cd /opt/pyxpress
wget https://rekall.googlecode.com/git/contrib/pyxpress/README
wget https://rekall.googlecode.com/git/contrib/pyxpress/pyxpress.c
wget https://rekall.googlecode.com/git/contrib/pyxpress/setup.py
python setup.py build
sudo python setup.py install

Installing libforensic1394:

cd /opt/
git clone git://git.freddie.witherden.org/forensic1394.git
cd forensic1394

Download: www.cmake.org/files/v2.8/cmake-2.8.11.2-Darwin64-universal.dmg

Install CMake:

cmake CMakeLists.txt
sudo make install
cd python
sudo python setup.py install

Installing Sysinternals Strings:

cd /opt/
mkdir Tools
cd /opt/Tools
wget http://download.sysinternals.com/files/Strings.zip
unzip Strings.zip
rm Strings.zip && rm Eula.txt

Volatility

Installing Volatility 2.3_beta

cd /opt/
sudo svn checkout http://volatility.googlecode.com/svn/trunk Volatility
cd /opt/Volatility
python setup.py build
sudo python setup.py install
sudo chmod +x vol.py

Finished! You can run it by using this command:

$ python vol.py

Reference: http://www.evild3ad.com/2459/how-to-install-volatility-on-mac-os-x-version-10-8-4/