May 17, 2012

Short note about password recovery in Ubuntu.

   I know that there are a lot of ways and posts about password recovery. But I'd like to write it as small instruction for myself. Also it is one of ways to enable root account in Ubuntu. I'm not going to discuss whether it is right or not. Every user can answer this question to himself. 
  Let's start. We need LiveCD with Ubuntu.
Step 1. Load to LiveCD. Execute terminal.
Step 2. Type
sudo fdisk -l
We will see partitions, hard disk name. Remember the name of partition, where Linux is installed. We will need it further.
Step 3. Then mount remembered partition using:
sudo mkdir /media/linux
Step 4. Then we should change root on mounted partition
sudo chroot /media/linux
Step 5. Finally use "passwd" to change password to any user or root.
Step 6. Reboot and use.

  My next posts will be about FreeBSD gateway with NAT, firewall, squid and some other services in network with Active Directory.

May 14, 2012

Ubuntu 12.04 LTS joining Active Directory.

After joining OpenSuse I was ready for Ubuntu. I thought that it wil be rather similar to OpenSuse. But I was very happy, because it was much easier for Ubuntu. Watch my steps:
Step 1. I changed my /etc/nsswitch.conf. I deleted value in hosts string, changing to dns value. It looked like:
hosts             dns
Step 2. Than I installed likewise-open and likewise-open-gui by synaptic. It was very convenient.
Step 3. Finally, I started installed GUI program called AD Membership. Entering computer name, domain, clicked "Join". Admin login and password finished domain joining.
Step 4. I rebooted my computer and couldn't find opportunity to manual login. It was my account and guest. After some I found the way to overcome such problem. I added such string in /etc/lightdm/lightdm.conf:
greeter-show-manual-login=true 
Rebooting computer and logged as Active Directory user.

In addition I would like to say, that it is oblivious that joinig AD by ubuntu was rather easier than such operation with OpenSuse. But thanks to OpenSuse I read about Kerberos, samba and some basics network things.
The next post will be devoted to change ubuntu password or how to activate root account. I know that there are a lot of manuals, but it will be useful for me as a reminder.
OpenSuse 12.01 & Ubuntu 12.04 LTS join Active Directory.

   During my work it becomes necessary to install to several users Linux on desktop. One of them wanted OpenSuse 12.01, another was a fan of Ubuntu. The latest long-term support Ubuntu is 12.04. It is not so stable right now, but I think it will be better in future. Well, first of all, I've started with OpenSuse 12.01.
    I didn't have enough time, that's why I tried to install everything from GUI.
Step 1. I installed necessary packages: krb5-client, samba-client, samba, samba-winbind, pam-krb5.
Step 2. Then I edited /etc/hosts. There I added string with IP-Domain. For example,
192.168.0.1 - DOMAIN.LOCAL
Step 3. Synced my time between workstation and PDC. I did it by hands, because seconds didn't matter.
Step 4. I performed some changes in config files.
   A) My krb5.conf looked like:
[libdefaults]
   default_realm = DOMAIN.LOCAL
   renew_lifetime = 24h
   ticket_licfetime = 24h
[realms]
   DOMAIN.LOCAL = {
      kdc = 192.168.0.1
      admin_server = 192.168.0.1
      default_domain = domain.local
   }
[domain_realm]
   .domain.local = DOMAIN.LOCAL
   domain.local = DOMAIN.LOCAL
[logging]
   kdc = FILE:/var/log/krb/krb5kdc.log
        admin_server = FILE:/var/log/krb/kadmin.log
        default = FILE:/var/log/krb/krb5lib.log 
B) Then I changed smb.conf

[global]
workgroup               = DOMAIN
security                = ADS
password server         = 192.168.0.1
realm                   = DOMAIN.LOCAL
netbios name            = deep
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
 I know, that there are over 9000 different ways to change configs, but this was my shortest way to join domain without hours of googling and reading tons of manuals. But without any doubt I'm going to learn more about samba and Kerberos.
Step 5. After all I was ready to try getting Kerberos ticket, typed klist and ooops:
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_1000)
 Well, often we can solve this problem by making such command as:

kinit aduser - where aduser is one of domain users
 Then I tried again and successfully got the ticket.

Ticket cache: FILE:/tmp/krb5cc_0
Default principal: drchi@DOMAIN.LOCAL
Valid starting     Expires            Service principal
05/05/12 11:16:21  05/06/12 22:10:23  krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL
   renew until 05/06/12 11:16:21
Kerberos 4 ticket cache: /tmp/tkt0 

Step 6. I was ready to make an attempt to join Active Directory. Typed such command:
net join -S 192.168.0.1 -W DOMAIN -U drchi
Then I entered drchi password. But I got error:
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in Kerberos database
I was very disappointed. Finally I googled such interesting decision. First I leave domain:
net ads leave -U <username>
After leaving I tried again and got it.
net ads join -U <username>

Step 7. I rebooted my computer and got error that "Suse Theme doesn't supported winbind/samba login". Decision was found in one forum, it was known issue # 721782. I changed in /etc/sysconfig/displaymanager parameter DISPLAYMANAGER_KDM_THEME to empty string.
Another reboot and I joined my Active Directory.
Continue about Ubuntu will be in my next post

April 25, 2012

OpenVAS on Ubuntu 12.04 LTS

   After getting my results during scanning I was looking for good free vulnerable scanner. Of course, one of the most popular scanners was OpenVAS version 4. It is a fork of Nessus, which became commercial. Now I 'm going to tell you about installation on my Ubuntu 12.04.
   Firstly, I tried to follow instruction on openvas.org. Unfortunately, I could not add repository and had no time to try understand my mistake. Well, I went to their repository by browser, download files: libmicrohttpd10_0.9.19, libopenvas4_4.0.6, greenbone-security-assistant_2.0.1, openvas-scanner_3.2.5, openvas-manager_2.0.4, openvas-cli_1.1.4, openvas-admin_1.1.2, gsd_1.2.1. I can't but mention that it is recommended to install sqlite3, xsltproc. Their was no directory for Ubuntu 12.04, but I successfully used deb packages for Ubuntu 11.10
   Well, I made setup by using ubuntu software center. You should setup libmicrohttpd10_0.9.19 and libopenvas4_4.0.6 first, then the order is no matter. During reading their web-site I found very useful script - openvas-check-setup. After installation, I executed it with sudo. It found and fixed problems. Every time I followed script's advices. By the order, they were:
1. openvas-nvt-sync - synced nvt.
2. openvas-mkcert-client -n om -i - client certificate creation.
3. openvasmd --rebuild
4. openvassd - downloaded all plugins, it took nearly an hour.
5. after 4 again made openvasmd --rebuild
6. openvasad -c 'add_user' -n root -r Admin - admin account creation. Don't forget your password
7. during gsad setup it was a mistake - it will not work without libqt4-webkit. I installed it by sudo apt-get install libqt4-webkit.
8. Then I started services, they occupied such ports:
openvassd - scanner used 9391
openvasmd - manager used 9390
openvasad - administrative tool used 9393
gsad - desktop interface used 443.

   Well, then I connected to my OpenVAS by browser - 127.0.0.1:9392 - greenbone security desktop(gsad).
   In conclusion, I would like to thanks OpenVAS developers with such useful and easy configured security analizer. My next post will be about using OpenVAS during my security audit and results which I will get.

April 22, 2012

My auditing experience.

   Recently my company fired previous administrator and asked me to make a network security audition. At home I installed on my Ubuntu nmap + Zenmap as a first step. I was desperate to check open ports without logging on Firewall (Kerio). I used:

nmap -sS -PN -T2 -p 1-5000 victim_ip.

   As for me I prefer to use -T2 not to be logged (at monday I will check my idea), -sS is a stealth scan without any full TCP-connection (as I know there are special rules to find out this type of scanning, but they are not so often) -PN skip host discovery, because a lot of administrators block all ICMP replies from their servers. nmap showed that all ports are filtered except 21. As we know it is ftp. From public computer I connected to it by web-browser. Another surprise was that ftp allowed anonymous connection.

   During my google searching I found interesting and old information about FTP-bounce attack.  Briefly this nmap option gives us an opportunity to scan all ports on target server by using existing FTP. Nmap sends packets to FTP-server, it bounces to open FTP-port and packets go through firewall.
   I used as FTP-server opened  port and tried to find out open ports on same server. I used nmap in such way:
nmap -T2 -PN -p 1-65535 -b victim_ftp_server victim_server

I think till morning I will get results and now I'm going to find instruments for future steps.