Social Icons

Sunday, July 23, 2017

Kali Linux 2 : Installing and Setting up OPENVAS

1.     This post will be useful for users who have just installed Kali Linux 2 and wish to install and setup OPENVAS.OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The framework is part of GreenBone Networks commercial vulnerability management solution from which developments are contributed to the Open Source community since 2009. 

 2.   The following set of commands vide a Kali terminal will be in the following sequence :

:~ apt-get update
:~ apt-get -y upgrade
:~ apt-get install openvas
:~ openvas-check-setup

after you run the open-check-setup command ,there is a possibility of something going wrong during installation...if there are some errors ...do the following at the terminal

:~ openvasmd --rebuild

next you might be prompted to create a user

:~ openvasmd --create-user= --role=Admin && openvasmd --user= --new-password=yourpassword

:~ greenbone-certdata-sync

Run the check setup again :

:~ openvas-check-setup


 the check setup screen should look like below :

 Final step to the access will need to browse you at the link as below to access Greenbone web interface

https://localhost:9392


 Thats all...start exploring the interface

Generate Public Key- Private Key Pair and Test them

The Public and Private key pair comprises of two uniquely related cryptographic keys.The Public Key is made available to everyone via a publicly accessible repository or directory. On the other hand, the Private Key must remain confidential to its respective owner. Because the key pair is mathematically related, whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key and vice versa.In this post we will see how to generate a set of private and public keys and then test to encrypt with public and decrypt with private key.I have a Ubuntu system...and I attempt all here on the terminal.The following commands will be used as we work with RSA keys:

openssl genrsa: Generates an RSA private keys.
openssl rsautl: Encrypt and decrypt files with RSA keys.
openssl rsa: Manage RSA private keys (includes generating a public key from it).

Firstly to generate the key,the terminal command will be as follows and shown in the screenshot :

 :~ openssl genrsa -des3 -out private.pem 2048

 The following command will generate a public key from the private key generated above
: ~ openssl rsa -in private.pem -outform PEM -pubout -out public.pem
 So now we have generated a set of private key and public key with the extension .pem
 To just verify the generation,chk the contents inside as seen below :

:~ more public.pem
 :~ more private.pem
 Use the following command to generate the random key:
 :~ openssl rand -base64 128 -out key.bin
 Encrypt the sample pdf or any other file you want to encrypt with this key vide the following command :

:~ openssl enc -aes-256-cbc -salt -in anupam.pdf -out anupam.pdf.enc -pass file:./key.bin
 So now you have the original file here anupam.pdf and the encrypted file as anupam.pdf.enc
 We see that the files do not have much of a size difference but the file is encrypted.
Now use the following command to encrypt the random keyfile with the other persons public key:

:~ openssl rsautl -encrypt -inkey public.pem -pubin -in key.bin -out key.bin.enc
 The key.bin is encrypted now.
: ~ openssl rsautl -decrypt -inkey private.pem -in key.bin.enc -out key.bin1
 and finally we decrypt the pdf.enc file to original .pdf extension

:~ openssl enc -d -aes-256-cbc -in anupam.pdf.enc -out anupam1.pdf -pass file:./key.bin

Thursday, June 22, 2017

BLOCKCHAIN and BITCOIN : A TECHNICAL OVERVIEW

Presented a talk on "Blockchain and Bitcoins : A Technical overview" for the Summer Interns at Gurgaon Commisioner of Police Office.The program was being conducted under aegis of Rakshit Tandon .

Sharing the same here that brings out the technical side involved in the awesome technology ...aka BLOCKCHAIN


Sunday, June 18, 2017

Broadcom Wireless Drivers Installation : Ubuntu[SOLVED]

While one installs a fresh Ubuntu OS in any machine,typically he finds an initial deterrent as the Wifi adapter is not found  installed.This post gives a step by step direction on how and what to do,to get the Wifi working....and this happens since the same is not installed by default.

Since the PCI.ID initials for any Wifi broadcom adapter is prefixed 14e4,thus first we need to find the exact PCI.ID

Type 
lspci -nn -d 14e4:
  
Once you get the PCI.ID,you just need to ref the following table and find the corresponding driver to be installed.In our case is 14e4:4365 rev 01,so we choos the corresponding bcmwl-kernel-source
PCI.ID              14.04 LTS                        16.04+
------------------------------------------------------------------------------------
14e4:0576           Special Case #1                   UNKNOWN      
14e4:4301           firmware-b43-installer            firmware-b43-installer      
14e4:4306           firmware-b43-installer            firmware-b43-installer      
14e4:4306 rev 02    firmware-b43-installer            firmware-b43-installer      
14e4:4306 rev 03    firmware-b43-installer            firmware-b43-installer      
14e4:4307           firmware-b43-installer            firmware-b43-installer      
14e4:4311           firmware-b43-installer            firmware-b43-installer      
14e4:4311 rev 01    firmware-b43-installer            firmware-b43-installer      
14e4:4312           firmware-b43-installer            firmware-b43-installer      
14e4:4313           firmware-b43-installer            firmware-b43-installer               
14e4:4315           firmware-b43-installer            firmware-b43-installer      
14e4:4315 rev 01    firmware-b43-installer            firmware-b43-installer
14e4:4318           firmware-b43-installer            firmware-b43-installer                
14e4:4318 rev 02    firmware-b43-installer            firmware-b43-installer                
14e4:4319           firmware-b43-installer            firmware-b43-installer               
14e4:4320 rev 02    firmware-b43-installer            firmware-b43-installer               
14e4:4320 rev 03    firmware-b43-installer            firmware-b43-installer            
14e4:4321           firmware-b43-installer            firmware-b43-installer  
14e4:4324           firmware-b43-installer            firmware-b43-installer        
14e4:4325           firmware-b43-installer            firmware-b43-installer      
14e4:4328           firmware-b43-installer            firmware-b43-installer         
14e4:4329           bcmwl-kernel-source               bcmwl-kernel-source        
14e4:432a           bcmwl-kernel-source               bcmwl-kernel-source        
14e4:432b           bcmwl-kernel-source               bcmwl-kernel-source        
14e4:432c           bcmwl-kernel-source               bcmwl-kernel-source        
14e4:432d           bcmwl-kernel-source               bcmwl-kernel-source       
14e4:4331           firmware-b43-installer            firmware-b43-installer          
14e4:4335           firmware-b43-installer            firmware-b43-installer      
14e4:4350           firmware-b43-installer            firmware-b43-installer  
14e4:4353           Special Case #1                   UNKNOWN        
14e4:4353 rev 01    Special Case #1                   UNKNOWN                 
14e4:4357           Special Case #1                   UNKNOWN        
14e4:4358           bcmwl-kernel-source               bcmwl-kernel-source
14e4:4359           bcmwl-kernel-source               bcmwl-kernel-source       
14e4:4360           bcmwl-kernel-source               bcmwl-kernel-source    
14e4:4365           bcmwl-kernel-source               bcmwl-kernel-source      
14e4:4365 rev 01    bcmwl-kernel-source               bcmwl-kernel-source      
14e4:43a0           bcmwl-kernel-source               bcmwl-kernel-source
14e4:43ae rev 02    UNKNOWN                           UNKNOWN     
14e4:43b1           bcmwl-kernel-source               bcmwl-kernel-source        
14e4:43b1 rev 03    bcmwl-kernel-source               bcmwl-kernel-source              
14e4:4727           bcmwl-kernel-source               bcmwl-kernel-source        
14e4:4727 rev 01    bcmwl-kernel-source               bcmwl-kernel-source        
14e4:a962           firmware-b43-installer            firmware-b43-installer
Thats all folks...ready to go

Sunday, February 26, 2017

BITCOIN FORENSICS

1.  The increased use of cryptocurrencies such as Bitcoin among private users and some businesses has opened a new avenue of research in the field of digital forensics involving cryptocurrencies. Since the creation of Bitcoin in 2008, cryptocurrencies have begun to make a presence in the world of e-commerce. Cryptography serves as the underlying foundation for Bitcoin, which gives it the benefits of confidentiality, integrity, nonrepudiation and authentication. Having been designed and built upon the foundation of these four objectives makes Bitcoin an attractive alternative to mainstream currency and provides users with the benefits of payment freedom, security, very low fees, and fewer risks for merchants.This presentation brings out the FORENSICS aspects as associated with BITCOINS.

2.  I gave this presentation at DICE-2017 http://digitalinvestigatorsassociation.org/dice/

3.  Sharing the copy here for info please to all interested neitizens

4.   Few pics enclosed below :








5.    A small clip from the conference below


Sunday, September 25, 2016

Privacy Concerns & Server Locations : Hike-Telegram-Whatspp

1.    I have always seen and observed discussions amongst my friends and circle about which Chat Messenger is safe and which is not in terms of safety and privacy aspects.Whether the servers are located inside the country or they are off-shores,how their data is shared and how is their privacy likely to be compromised bu third parties.....So to just do a over view check,here I present an over view of such FAQs in context of Server Locations and data sharing aspects,primarily sourced from the original websites.

Sunday, September 04, 2016

Nextcloud 10 installation @ Ubuntu 16.04 LTS

1.   Nextcloud is open source file sync and share software for everyone from individuals operating the free Nextcloud Server in the privacy of their own home, to large enterprises and service providers supported by the Nextcloud Enterprise Subscription. Nextcloud provides a safe, secure, and compliant file synchronization and sharing solution on servers that you control.

2.   This post shares screen shots of my installation of the same in UBUNTU 16.04 LTS.The screen-shots are self explanatory along with the command sets available for direct lift if one is interested.

Reference help of this post : https://www.facebook.com/expertresearcher
Video post of this at https://www.youtube.com/watch?v=nXr_muYB6xI

Here's my ip address configuration as set on the virtual machine Ubuntu.
Terminal commands :

> apt-get update
 
 > apt-get install lamp-server^


> apt-get install libapache2-mod-php7.0 php7.0-mbstring php7.0-curl php7.0-zip php7.0-gd php7.0-mysql php7.0-mcrypt
> apt-get install php-xml
Goto the nextcloud site at https://nextcloud.com/install/ and download the zip file for nextcloud installation.This one is version 10

Downloading here as seen completing :
Goto the Downloads folder and unzip it
> unzip nextcloud-10.0.0.zip

> mv nextcloud /var/www/html
> chown -R www-data:www-data /var/www/html/nextcloud

Now we need to Configure MariaDB for this vide these commands as mentioned :
> mysql_secure_installation
Type Yes for all except may be root password which u might want to retain.

CREATE DATABASE nextcloud;
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextcloud'@'localhost' IDENTIFIED BY 'anupam';
FLUSH PRIVILEGES;
exit;



> Gedit /etc/mysql/my.cnf

Add the following three lines at the end:
log-bin = /var/log/mysql/mariadb-bin
log-bin-index = /var/log/mysql/mariadb-bin.index
binlog_format = mixed

 

Now we need to Configure Apache Web Server
> sudo a2enmod rewrite
> touch /etc/apache2/sites-available/nextcloud.conf
> ln -s /etc/apache2/sites-available/nextcloud.conf /etc/apache2/sites-enabled/nextcloud.conf
> nano /etc/apache2/sites-available/nextcloud.conf


Add the following:

ServerAdmin admin@ubuntu
DocumentRoot "/var/www/html/nextcloud/"
ServerName youripaddress
ServerAlias ubuntu

Options FollowSymLinks
AllowOverride All
Order allow,deny
allow from all

ErrorLog /var/log/apache2/your-domain.com-error_log
CustomLog /var/log/apache2/your-domain.com-access_log common

here you ready to go....just type the ipaddress in the web browser...

Powered By Blogger