{"id":677,"date":"2018-03-10T16:04:56","date_gmt":"2018-03-10T16:04:56","guid":{"rendered":"http:\/\/netpipe.ca\/?page_id=677"},"modified":"2021-01-19T06:57:50","modified_gmt":"2021-01-19T06:57:50","slug":"computer-security","status":"publish","type":"page","link":"https:\/\/netpipe.ca\/?page_id=677","title":{"rendered":"Computer Security"},"content":{"rendered":"<hr \/>\n<hr \/>\n<p>SubTen &#8211; *nix \/ windows remote administration tool.<\/p>\n<p><a href=\"https:\/\/github.com\/tecan\/subten\">https:\/\/github.com\/netpipe\/subten<\/a><\/p>\n<p><a href=\"https:\/\/blackarch.org\/\">https:\/\/blackarch.org\/<\/a> 8gb linux distro aimed at penetration testing this thing is pretty much fully loaded. runs good in a virtualbox without network too for decompiling or debuging things.<\/p>\n<p><a href=\"https:\/\/www.tecmint.com\/linux-password-protect-files-with-encryption\/\">https:\/\/www.tecmint.com\/linux-password-protect-files-with-encryption\/<\/a><\/p>\n<p>on the router block incomming and outgoing udp ports also you can limit outgoing speed with iptable rules. see openwrt section for more info.<\/p>\n<p>&nbsp;<\/p>\n<p>webhosting control panel for ubuntu like cpanel &#8211; EHCP 18.04.1 &#8211; had used this many years ago and it installed\/worked fine on ubuntu. without much modification I still have the VM if anyone would like a copy- used to run really nicely inside virtualbox as a webhost.<\/p>\n<hr \/>\n<p>other tools<\/p>\n<hr \/>\n<p>Radare2 &#8211; &#8220;Radare project started as a forensics tool, a scriptable<br \/>\ncommandline hexadecimal editor able to open disk files,<br \/>\nbut later support for analyzing binaries, disassembling<br \/>\ncode, debugging programs, attaching to remote gdb servers,&#8221;<\/p>\n<p>binwalk &#8211; &#8220;Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.&#8221;<\/p>\n<p>pyew &#8211; PYEW! A Python tool for malware analysis Version<\/p>\n<p>wxHexEditor<\/p>\n<p>debuggers<\/p>\n<ul>\n<li>edb &#8211; debugger<\/li>\n<li>DDD &#8211; debugger<\/li>\n<li>gdb<\/li>\n<\/ul>\n<p>https:\/\/en.wikipedia.org\/wiki\/OllyDbg for windows<\/p>\n<hr \/>\n<p>Web Security<\/p>\n<hr \/>\n<p>its nice online to use an alias last name for some signup services and it still works at the post office if it looks close to the orig.<\/p>\n<p>Common Password<\/p>\n<ul>\n<li>memorize a few passwords 3 or 4 minimal number for most signup, basic sites using the same password can be reused. use different levels of caution for each password incase its compromised and where you use it.<\/li>\n<li>for sites that require longer passwords one easy way to make web password is the site name plus a mod number like awebsite.com would be awebsite234. If thats the password modifier so you then only need to remember 234 as your common password (not very secure but easier to remember).<\/li>\n<\/ul>\n<p>Patator multi bruteforcer<\/p>\n<ul>\n<li>Available modules:<br \/>\n+ ftp_login : Brute-force FTP<br \/>\n+ ssh_login : Brute-force SSH<br \/>\n+ telnet_login : Brute-force Telnet<br \/>\n+ smtp_login : Brute-force SMTP<br \/>\n+ smtp_vrfy : Enumerate valid users using SMTP VRFY<br \/>\n+ smtp_rcpt : Enumerate valid users using SMTP RCPT TO<br \/>\n+ finger_lookup : Enumerate valid users using Finger<br \/>\n+ http_fuzz : Brute-force HTTP<br \/>\n+ pop_login : Brute-force POP3<br \/>\n+ pop_passd : Brute-force poppassd (http:\/\/netwinsite.com\/poppassd\/)<br \/>\n+ imap_login : Brute-force IMAP4<br \/>\n+ ldap_login : Brute-force LDAP<br \/>\n+ smb_login : Brute-force SMB<br \/>\n+ smb_lookupsid : Brute-force SMB SID-lookup<br \/>\n+ rlogin_login : Brute-force rlogin<br \/>\n+ vmauthd_login : Brute-force VMware Authentication Daemon<br \/>\n+ mssql_login : Brute-force MSSQL<br \/>\n+ oracle_login : Brute-force Oracle<br \/>\n+ mysql_login : Brute-force MySQL<br \/>\n+ mysql_query : Brute-force MySQL queries<br \/>\n+ pgsql_login : Brute-force PostgreSQL<br \/>\n+ vnc_login : Brute-force VNC<br \/>\n+ dns_forward : Forward lookup names<br \/>\n+ dns_reverse : Reverse lookup subnets<br \/>\n+ snmp_login : Brute-force SNMP v1\/2\/3<br \/>\n+ unzip_pass : Brute-force the password of encrypted ZIP files<br \/>\n+ keystore_pass : Brute-force the password of Java keystore files<br \/>\n+ umbraco_crack : Crack Umbraco HMAC-SHA1 password hashes<br \/>\n+ tcp_fuzz : Fuzz TCP services<br \/>\n+ dummy_test : Testing module<\/li>\n<\/ul>\n<hr \/>\n<p style=\"text-align: center;\">Hardening<\/p>\n<hr \/>\n<p>for virtualmachines it is nice to have a host that is not connected to the internet and guest os&#8217;s that have usb access to a network adapter for more secure virtual os&#8217;s.<\/p>\n<p>GUFW firewall rules<\/p>\n<p><a href=\"http:\/\/netpipe.ca\/paste\/paste.php?id=1\">http:\/\/netpipe.ca\/paste\/paste.php?id=1<\/a> outdated- maybe update it soon.<\/p>\n<p>&nbsp;<\/p>\n<p>suse firewall has been broken for years if you installed firewalld uninstall and use custom rules. issues blocking traffic so dont use it, instead use ip tables , put these iptables rules in \/etc\/init.d\/boot\/mfirewall<\/p>\n<pre>[Unit]<\/pre>\n<pre>Description=Firewall\r\n[Service]<\/pre>\n<pre>Type=oneshot<\/pre>\n<pre>TimeoutStartSec=300<\/pre>\n<pre>#ExecStart=\/etc\/udev\/rules.d\/obsolete\/liquid.sh<\/pre>\n<pre>#ExecStartPre=\/usr\/local\/bin\/kuhlerd<\/pre>\n<pre>ExecStart=\/etc\/systemd\/scripts\/firewall.sh<\/pre>\n<pre>RemainAfterExit=no\r\n\r\n\r\n<\/pre>\n<pre><\/pre>\n<p>put this in \/etc\/systemd\/scripts\/firewall.sh\u00a0 \u00a0also ide put it in \/etc\/init.d\/boot and \/etc\/init.d aswell with chmod +x. yast has a option called services locate firewall in there and select atboot.<\/p>\n<p>#!\/bin\/sh<\/p>\n<p># SERVER_IP=&#8221;&#8221;<br \/>\n# # Allow incoming ssh only<br \/>\n# iptables -A INPUT -p tcp -s 0\/0 -d $SERVER_IP &#8211;sport 513:65535 &#8211;dport 22 -m state &#8211;state NEW,ESTABLISHED -j ACCEPT<br \/>\n# iptables -A OUTPUT -p tcp -s $SERVER_IP -d 0\/0 &#8211;sport 22 &#8211;dport 513:65535 -m state &#8211;state ESTABLISHED -j ACCEPT<br \/>\n# # make sure nothing comes or goes out of this box<br \/>\n# iptables -A INPUT -j DROP<br \/>\n# iptables -A OUTPUT -j DROP<br \/>\niptables -F<br \/>\niptables -X<br \/>\niptables -P INPUT DROP<br \/>\niptables -P OUTPUT DROP<br \/>\niptables -P FORWARD DROP<br \/>\n# iptables -A INPUT -j DROP<br \/>\n# iptables -A OUTPUT -j DROP<br \/>\n# make a commandline addremove feature<br \/>\niptables -A INPUT -m state &#8211;state RELATED,ESTABLISHED -j ACCEPT<br \/>\n#telnet<br \/>\niptables -A INPUT -p tcp -m tcp &#8211;dport 20 -j ACCEPT<br \/>\niptables -A OUTPUT -p tcp -m tcp &#8211;dport 20 -j ACCEPT<br \/>\n#ftp<br \/>\n#iptables -A INPUT -p tcp -m tcp &#8211;dport 21 -j ACCEPT<br \/>\niptables -A OUTPUT -p tcp -m tcp &#8211;dport 21 -j ACCEPT<br \/>\n#<br \/>\n#iptables -A OUTPUT -p tcp -m tcp &#8211;dport 22 -j LOG_ACCEPT<br \/>\n#iptables -A OUTPUT -p tcp -m tcp &#8211;dport 22 -j ACCEPT<\/p>\n<p>iptables -A OUTPUT -p tcp -m tcp &#8211;dport 23 -j ACCEPT<\/p>\n<p>#SMTP<br \/>\niptables -A INPUT -p tcp -m tcp &#8211;dport 25 -j LOG_ACCEPT<br \/>\niptables -A OUTPUT -p tcp -m tcp &#8211;dport 25 -j ACCEPT<br \/>\n#WHOIS<br \/>\niptables -A INPUT -p tcp -m tcp &#8211;dport 43 -j ACCEPT<br \/>\niptables -A OUTPUT -p tcp -m tcp &#8211;dport 43 -j ACCEPT<br \/>\n#DNS<br \/>\niptables -A INPUT -p udp -m udp &#8211;dport 53 -j ACCEPT<br \/>\niptables -A OUTPUT -p udp -m udp &#8211;dport 53 -j ACCEPT<br \/>\n#HTTP<br \/>\niptables -A INPUT -p tcp -m tcp &#8211;dport 80 -j ACCEPT<br \/>\niptables -A OUTPUT -p tcp -m tcp &#8211;dport 80 -j ACCEPT<br \/>\n#HTTPS<br \/>\niptables -A INPUT -p tcp -m tcp &#8211;dport 110 -j ACCEPT<br \/>\niptables -A OUTPUT -p tcp -m tcp &#8211;dport 110 -j ACCEPT<br \/>\n#email<br \/>\niptables -A INPUT -p tcp -m tcp &#8211;dport 143 -j ACCEPT<br \/>\niptables -A OUTPUT -p tcp -m tcp &#8211;dport 143 -j ACCEPT<br \/>\n#ssl webtraffic<br \/>\niptables -A INPUT -p tcp -m tcp &#8211;dport 443 -j ACCEPT<br \/>\niptables -A OUTPUT -p tcp -m tcp &#8211;dport 443 -j ACCEPT<br \/>\n#email &#8211; SMTP<br \/>\niptables -A INPUT -p tcp -m tcp &#8211;dport 465 -j ACCEPT<br \/>\niptables -A OUTPUT -p tcp -m tcp &#8211;dport 465 -j ACCEPT<br \/>\n#email &#8211; imapssl<br \/>\niptables -A INPUT -p tcp -m tcp &#8211;dport 995 -j ACCEPT<br \/>\niptables -A OUTPUT -p tcp -m tcp &#8211;dport 995 -j ACCEPT<br \/>\n#email &#8211; popssl<br \/>\niptables -A INPUT -p tcp -m tcp &#8211;dport 993 -j ACCEPT<br \/>\niptables -A OUTPUT -p tcp -m tcp &#8211;dport 993 -j ACCEPT<br \/>\n#hobohost<br \/>\niptables -A INPUT -p tcp -m tcp &#8211;dport 2083 -j ACCEPT<br \/>\niptables -A OUTPUT -p tcp -m tcp &#8211;dport 2083 -j ACCEPT<br \/>\n#shoutcast<br \/>\niptables -A INPUT -p tcp -m tcp &#8211;dport 8000 -j ACCEPT<br \/>\niptables -A OUTPUT -p tcp -m tcp &#8211;dport 8000 -j ACCEPT<br \/>\n#irc<br \/>\niptables -A INPUT -p tcp -m tcp &#8211;dport 6667 -j ACCEPT<br \/>\niptables -A OUTPUT -p tcp -m tcp &#8211;dport 6667 -j ACCEPT<br \/>\niptables -A INPUT -p tcp -m tcp &#8211;dport 9999 -j ACCEPT<br \/>\niptables -A OUTPUT -p tcp -m tcp &#8211;dport 9999 -j ACCEPT<br \/>\niptables -A INPUT -p tcp -m tcp &#8211;dport 6668 -j ACCEPT<br \/>\niptables -A OUTPUT -p tcp -m tcp &#8211;dport 6668 -j ACCEPT<br \/>\niptables -A INPUT -p tcp -m tcp &#8211;dport 6669 -j ACCEPT<br \/>\niptables -A OUTPUT -p tcp -m tcp &#8211;dport 6669 -j ACCEPT<br \/>\niptables -A INPUT -p tcp -m tcp &#8211;dport 7001 -j ACCEPT<br \/>\niptables -A OUTPUT -p tcp -m tcp &#8211;dport 7001 -j ACCEPT<\/p>\n<p>iptables -A INPUT -p tcp -m tcp &#8211;dport 3306 -j ACCEPT<br \/>\niptables -A OUTPUT -p tcp -m tcp &#8211;dport 3306 -j ACCEPT<\/p>\n<p>#iptables -I INPUT -m conntrack &#8211;ctstate ESTABLISHED,RELATED -j ACCEPT<\/p>\n<p>iptables -I INPUT -p icmp -j DROP<br \/>\niptables -I INPUT -p udp -j DROP<br \/>\niptables -I OUTPUT -p icmp -j DROP<br \/>\niptables -I OUTPUT -p udp -j DROP<\/p>\n<p>iptables -A INPUT -i lo -j ACCEPT<br \/>\niptables -A OUTPUT -o lo -j ACCEPT<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SubTen &#8211; *nix \/ windows remote administration tool. https:\/\/github.com\/netpipe\/subten https:\/\/blackarch.org\/ 8gb linux distro aimed at penetration testing this thing is pretty much fully loaded. runs good in a virtualbox without network too for decompiling or debuging things. https:\/\/www.tecmint.com\/linux-password-protect-files-with-encryption\/ on the router block incomming and outgoing udp ports also you can limit outgoing speed with iptable [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":81,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-677","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/netpipe.ca\/index.php?rest_route=\/wp\/v2\/pages\/677","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/netpipe.ca\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/netpipe.ca\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/netpipe.ca\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/netpipe.ca\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=677"}],"version-history":[{"count":23,"href":"https:\/\/netpipe.ca\/index.php?rest_route=\/wp\/v2\/pages\/677\/revisions"}],"predecessor-version":[{"id":4844,"href":"https:\/\/netpipe.ca\/index.php?rest_route=\/wp\/v2\/pages\/677\/revisions\/4844"}],"up":[{"embeddable":true,"href":"https:\/\/netpipe.ca\/index.php?rest_route=\/wp\/v2\/pages\/81"}],"wp:attachment":[{"href":"https:\/\/netpipe.ca\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}