Computer Security



SubTen – *nix / windows remote administration tool.

https://github.com/tecan/subten

https://blackarch.org/ 8gb linux distro aimed at penetration testing this thing is pretty much fully loaded. runs good in a virtualbox without network too for decompiling or debuging things.

https://www.tecmint.com/linux-password-protect-files-with-encryption/

on the router block incomming and outgoing udp ports also you can limit outgoing speed with iptable rules. see openwrt section for more info.


other tools


Radare2 – “Radare project started as a forensics tool, a scriptable
commandline hexadecimal editor able to open disk files,
but later support for analyzing binaries, disassembling
code, debugging programs, attaching to remote gdb servers,”

binwalk – “Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.”

pyew – PYEW! A Python tool for malware analysis Version

wxHexEditor

debuggers

  • edb – debugger
  • DDD – debugger
  • gdb

https://en.wikipedia.org/wiki/OllyDbg for windows


Web Security


its nice online to use an alias last name for some signup services and it still works at the post office if it looks close to the orig.

Common Password

  • memorize a few passwords 3 or 4 minimal number for most signup, basic sites using the same password can be reused. use different levels of caution for each password incase its compromised and where you use it.
  • for sites that require longer passwords one easy way to make web password is the site name plus a mod number like awebsite.com would be awebsite234. If thats the password modifier so you then only need to remember 234 as your common password (not very secure but easier to remember).

Patator multi bruteforcer

  • Available modules:
    + ftp_login : Brute-force FTP
    + ssh_login : Brute-force SSH
    + telnet_login : Brute-force Telnet
    + smtp_login : Brute-force SMTP
    + smtp_vrfy : Enumerate valid users using SMTP VRFY
    + smtp_rcpt : Enumerate valid users using SMTP RCPT TO
    + finger_lookup : Enumerate valid users using Finger
    + http_fuzz : Brute-force HTTP
    + pop_login : Brute-force POP3
    + pop_passd : Brute-force poppassd (http://netwinsite.com/poppassd/)
    + imap_login : Brute-force IMAP4
    + ldap_login : Brute-force LDAP
    + smb_login : Brute-force SMB
    + smb_lookupsid : Brute-force SMB SID-lookup
    + rlogin_login : Brute-force rlogin
    + vmauthd_login : Brute-force VMware Authentication Daemon
    + mssql_login : Brute-force MSSQL
    + oracle_login : Brute-force Oracle
    + mysql_login : Brute-force MySQL
    + mysql_query : Brute-force MySQL queries
    + pgsql_login : Brute-force PostgreSQL
    + vnc_login : Brute-force VNC
    + dns_forward : Forward lookup names
    + dns_reverse : Reverse lookup subnets
    + snmp_login : Brute-force SNMP v1/2/3
    + unzip_pass : Brute-force the password of encrypted ZIP files
    + keystore_pass : Brute-force the password of Java keystore files
    + umbraco_crack : Crack Umbraco HMAC-SHA1 password hashes
    + tcp_fuzz : Fuzz TCP services
    + dummy_test : Testing module

Hardening


for virtualmachines it is nice to have a host that is not connected to the internet and guest os’s that have usb access to a network adapter for more secure virtual os’s.

GUFW firewall rules

http://netpipe.ca/paste/paste.php?id=1 outdated- maybe update it soon.

 

suse firewall has been broken for years if you installed firewalld uninstall and use custom rules. issues blocking traffic so dont use it, instead use ip tables , put these iptables rules in /etc/init.d/boot/mfirewall

[Unit]
Description=Firewall
[Service]
Type=oneshot
TimeoutStartSec=300
#ExecStart=/etc/udev/rules.d/obsolete/liquid.sh
#ExecStartPre=/usr/local/bin/kuhlerd
ExecStart=/etc/systemd/scripts/firewall.sh
RemainAfterExit=no



put this in /etc/systemd/scripts/firewall.sh   also ide put it in /etc/init.d/boot and /etc/init.d aswell with chmod +x. yast has a option called services locate firewall in there and select atboot.

#!/bin/sh

# SERVER_IP=””
# # Allow incoming ssh only
# iptables -A INPUT -p tcp -s 0/0 -d $SERVER_IP –sport 513:65535 –dport 22 -m state –state NEW,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT -p tcp -s $SERVER_IP -d 0/0 –sport 22 –dport 513:65535 -m state –state ESTABLISHED -j ACCEPT
# # make sure nothing comes or goes out of this box
# iptables -A INPUT -j DROP
# iptables -A OUTPUT -j DROP
iptables -F
iptables -X
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# iptables -A INPUT -j DROP
# iptables -A OUTPUT -j DROP
# make a commandline addremove feature
iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
#telnet
iptables -A INPUT -p tcp -m tcp –dport 20 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 20 -j ACCEPT
#ftp
#iptables -A INPUT -p tcp -m tcp –dport 21 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 21 -j ACCEPT
#
#iptables -A OUTPUT -p tcp -m tcp –dport 22 -j LOG_ACCEPT
#iptables -A OUTPUT -p tcp -m tcp –dport 22 -j ACCEPT

iptables -A OUTPUT -p tcp -m tcp –dport 23 -j ACCEPT

#SMTP
iptables -A INPUT -p tcp -m tcp –dport 25 -j LOG_ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 25 -j ACCEPT
#WHOIS
iptables -A INPUT -p tcp -m tcp –dport 43 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 43 -j ACCEPT
#DNS
iptables -A INPUT -p udp -m udp –dport 53 -j ACCEPT
iptables -A OUTPUT -p udp -m udp –dport 53 -j ACCEPT
#HTTP
iptables -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 80 -j ACCEPT
#HTTPS
iptables -A INPUT -p tcp -m tcp –dport 110 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 110 -j ACCEPT
#email
iptables -A INPUT -p tcp -m tcp –dport 143 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 143 -j ACCEPT
#ssl webtraffic
iptables -A INPUT -p tcp -m tcp –dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 443 -j ACCEPT
#email – SMTP
iptables -A INPUT -p tcp -m tcp –dport 465 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 465 -j ACCEPT
#email – imapssl
iptables -A INPUT -p tcp -m tcp –dport 995 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 995 -j ACCEPT
#email – popssl
iptables -A INPUT -p tcp -m tcp –dport 993 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 993 -j ACCEPT
#hobohost
iptables -A INPUT -p tcp -m tcp –dport 2083 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 2083 -j ACCEPT
#shoutcast
iptables -A INPUT -p tcp -m tcp –dport 8000 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 8000 -j ACCEPT
#irc
iptables -A INPUT -p tcp -m tcp –dport 6667 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 6667 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 9999 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 9999 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 6668 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 6668 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 6669 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 6669 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 7001 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 7001 -j ACCEPT

iptables -A INPUT -p tcp -m tcp –dport 3306 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp –dport 3306 -j ACCEPT

#iptables -I INPUT -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT

iptables -I INPUT -p icmp -j DROP
iptables -I INPUT -p udp -j DROP
iptables -I OUTPUT -p icmp -j DROP
iptables -I OUTPUT -p udp -j DROP

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT