Wifi Monitor Mode Basics

There are several ways to enable monitor mode for Wifi interfaces. Depending to your OS, installed packages, installed drivers and the Wifi model these methods are available and/or useful. In this tutorial I will explain three different ways.

3 different ways

The first example enables the monitor mode via iwconfig. To start/stop the interface the ip command is used, but you could also use ifconfig command.

The second example enables monitor mode via airmon-ng. The explicit start or stop of the interface is not necessary here. Attention, this method will change the name of the interface.

The third example enables monitor mode via iw. To start/stop the interface the ifconfig command is used, but you could also use ip command.

It may happen that your interface crashes during the scan. In that case, you should choose a different method. If none of the shown examples works properly, it could be due to the Network Manager. In this case, turn it off. Attention, this action is then valid for all interfaces and can disturb your internet connection.

Troubleshoot SELinux Centos7 Apache

On my test environment, I had an permission denied issue with a simple HTML file. Shit all permissions looking good … but wait a minute SELinux was activated and I did not want to disable it. Here is the simple solution.

Cool … the problem is solved. All pages are visible without permission issues. It also works recursively if several files are affected.

Unseal Vault with PGP

In this tutorial I will show an example for unsealing Vault using GPG. We generate for two users the keys and each user will use them to unseal. For the storage we use Consul.

Conditions

Host Preparation

First we need to setup, configure and start Consul and Vault.

Note: Because of the security settings of my provider, spaces are after “etc”. Please delete it after copy/paste.

Do not stop and/or close any terminal sessions!

Your project folder now should look like this:

Client Preparation

As I wrote – we need to simulate two users. Now to the Docker client’s…

Both client’s need similar configuration, so please execute the following steps on both containers.

Your project folder now should look like this:

Initialize and Unseal Vault

On the host we initialize the Vault and share unseal key’s back to the client’s.

Note: Save now all keys and share the correspondending <unseal keys> to the client’s!

Now our client’s can start the unseal of Vault. Even here, please execute the following steps on both containers.

Just for information

We configured both services (Consul and Vault) with WebUI.

Use the “Initial Root Token” to login into Vault’s WebUI.

Hashicorp Vault SSH OTP

With Vault’s SSH secret engine you can provide an secure authentication and authorization for SSH. With the One-Time SSH Password (OTP) you don’t need to manage keys anymore. The client requests the credentials from the Vault service and (if authorized) can connect to target service(s). Vault will take care that the OTP can be used only once and the access is logged. This tutorial will provide needed steps on a simple Docker infrastructure. Attention, in that tutorial Vault and Vault-SSH-Helper are running in Development Mode – don’t do that in production!

Conditions

  • Docker installed (latest CE)

Vault server

Let’s start and prepare the vault service.

Don’t stop or close terminal session! Open new terminal. Note: The IP’s I use in this tutorial may be different to yours.

Target server

Now we create and configure the target service.

Note: Because of the security settings of my provider, spaces are after “etc”. Please delete it after copy/paste.

Pam SSHD configuration (on target server)

SSHD configuration (on target server)

Client server

Last container is for simulating a client.

Usage

Most work is already done. Now we use the demo environment.

Note: Because of the security settings of my provider, spaces are after “root”. Please delete it after copy/paste.

Start with Vault 0.10.x

HashiCorp released Vault version 0.10.x on April 2018. The 0.10.x release delivers many new features and changes (eq. K/V Secrets Engine v2, Vault Web UI, etc.). Please have a look on vault/CHANGELOG for more informations. This tiny tutorial will concentrate now on usage of Vault’s Key-Value Secrets Engine via CLI.

Preparation

Start Vault server in development mode

Do not stop the process and open new tab on terminal [COMMAND] + [t].

Create, Read, Update and Delete secrets

As you can see, there are minor changes to previous versions of Vault.

Note: The API for the Vault KV secrets engine even changed.

Okay, back to CLI and some examples which are better for automation. We will use the STDIN and a simple JSON file.

Web UI

Previously the Web UI was for Enterprise only, now it has been made open source.

Now you can use the root token to sign in.

Create phishing sites with SocialFish

With SocialFish you can easily and quickly create phishing sites. Of course, only for learning purposes! Here is a little tutorial to getting started.

Requirements

  • make, PHP, sudo
  • Python 2.7
  • Python PIP
  • Python virtualenv

Preparation

Usage

Here an phishing example for GitHub.

SocialFish

😉 super easy …

Setup learning environment for security testing

In a previous tutorial, I showed you how to set up a security learning environment quickly. Since there are some changes now (ex: Webswing), I’ll do the tutorial again. By the way i use macOS, some commands could be different but similar for Linux or Windows.

Requirements

  • Docker (17.12.0-ce)
  • Safari (11.02)
  • Firefox (58.0)

Search and download needed docker images

Run DVWA container

DVWA inside Browser

…Setup/create new database…

setup dvwa

Run ZAP container

ZAP inside browser

Please check via “Tools” -> “Options” -> “Local Proxies” the right configuration!

ZAP Proxy configuration

You need do use the non-routable meta address (0.0.0.0)!

Run ThreadFix container

Login into ThreadFix with “user/password

ThreadFix login

Create new team with application.

Configure Firefox

Configure manual proxy with your local IP and 2nd ZAP port (8090). Afterwards you enable checkbox “Use this proxy server for all protocols” and press OK button.

Firefox proxy configuration

When all the configurations have been made, you can temporarily quit Firefox.

Use environment

Start recording and save your XML report “Report -> Generate XML Report”.

Save ZAP XML report

Import XML report

Next steps

Now it’s time to study! If you need help, you can found a lot of training materials on Youtube.

Fingerprinting with Spaghetti

In this tutorial I would like to introduce Spaghetti. Spaghetti is a cool project by m4ll0k on GitHub written in Python with less dependencies. The main idea behind Spaghetti is to find out fingerprints from Server, Web Frameworks, WAF, CMS, OS and languages. The following tutorial will show you how to set up and use spaghetti quickly and easily.

Requirements

  • Python (2.7.x)
  • Virtualenv

Prepare Project

Usage