Linux – Dan Vasile

Updating Kali Linux from behind a restrictive proxy

I installed Kali Linux from the mini ISO, so I ended up with a fully functioning Linux system but with little to no tools (just nmap and ncat).

In order to install the tools that are making Kali what it is, I had to install the metapackages. For me, the easiest option was to install all of them (kali-linux-all).

It sounds simple:

# apt-get install kali-linux-all

but it was failing constantly

Failed to fetch http://http.kali.org/kali/pool/main/##whatever_package## Size mismatch

A little bit of research and trying to download the actual package from the host machine made me realize that the proxy was blocking access to the packages.

I decided to check if Tor traffic is allowed. Luckily it was. So I installed it

# apt-get install tor

started it

# tor &

and used torify to pass all the traffic through Tor

# torify apt-get install kali-linux-all

A few more minutes (6+ GB) and I had my fully featured Kali installation.

Updating your Raspberry Pi

Once you’ve installed Raspbian on your Raspberry Pi, it’s time to upgrade the Pi and the OS. Four simple commands:

# sudo apt-get install rpi-update
# sudo rpi-update
# sudo apt-get update
# sudo apt-get upgrade

Installing Raspbian from scratch without a keyboard or a monitor

So, you got your Raspberry Pi, a nice SD card, but you can’t remember the last time you saw a keyboard and the only thing around you is a laptop with Windows. Don’t worry, there’s a simple solution.

Download the latest version of Raspbian and Win32 Disk Imager.

Start Win32 Disk Imager (“Run as Administrator”). After installation start the program, select your SD card and the Raspbian image that you downloaded earlier. Lay back for a few minutes.

Since you don’t have any other means to access Raspbian other than SSH, you need to figure the IP address.

You can set up your router to assign a unique IP address via DHCP for the MAC address corresponding to your Raspberry Pi.

Or you can scan for open SSH ports in your LAN:

# nmap -sT -p 22 -v 192.168.x.1-255

Once you’ve identified the IP of your Raspberry, SSH into it.

The default user/password is pi/raspberry. Needless to say, you should change your default password. You can also set a root password, just “sudo su” from the command line and run “passwd” once you have root privileges.

Now it’s time to set a static IP address. SSH into the box once you know the IP address and do the following.

# sudo cp /etc/network/interfaces /etc/network/interfaces.old
# sudo nano /etc/network/interfaces

In the end, the configuration file should look like this:

auto lo
 iface lo inet loopback

 auto eth0
 iface eth0 inet static
 address 192.168.x.222
 gateway 192.168.x.1
 netmask 255.255.255.0
 network 192.168.x.0
 broadcast 192.168.x.255

 allow-hotplug wlan0
 iface wlan0 inet manual
 wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
 iface default inet dhcp

You just need to restart the network

# sudo /etc/init.d/networking restart

and you can SSH on the new static IP address.

Change MAC address in iOS for iPhone/iPad

In older versions it used to be as easy as:

# ifconfig en0 ether xx:xx:xx:xx:xx:xx

For iOS versions >5 you have to resort to nvram:

# nvram wifiaddr=xx:xx:xx:xx:xx:xx

and then reboot the device.

Prerequisite: jailbroken device, terminal access (local or SSH) and sudo.

Traffic mirroring in Linux

It comes in hand when analyzing traffic to forward a copy of the traffic to a specific IP where a machine is listening and running Wireshark & stuff. It’s very useful for routers that don’t have the capabilities to run network analysis tools (like DD-WRT).

Just run the following commands replacing the xxx.xxx.xxx.xxx field with the IP of your listening machine:

# iptables -t mangle -A POSTROUTING -d 0.0.0.0/0 -j ROUTE --tee --gw xxx.xxx.xxx.xxx

# iptables -t mangle -A PREROUTING -s 0.0.0.0/0 -j ROUTE --tee --gw xxx.xxx.xxx.xxx

Permanent IP forwarding in Linux

We usually do

# echo 1 > /proc/sys/net/ipv4/ip_forward

when we want to enable forwarding in Linux.

If you want to make this change permanent, you need to edit the /etc/sysctl.conf file and add or uncomment the following line

net.ipv4.ip_forward = 1

Webmin and Virtualmin installation on Debian

Now that we have a fresh and clean Debian installation we can proceed to Webmin and Virtualmin installation.

Althou installing Apache, MySQL and other stuff needed for a web server by hand is not hard and you can find a lot of support I prefer installing Webmin and Virtualmin to ease the administrative tasks.

If you’re planning for a new server you should start with a fresh Debian installation with only the basic stuff on it.

Fast Debian installation of Webmin:

# wget http://www.webmin.com/download/deb/webmin-current.deb

# dpkg --install webmin-current.deb

You probably will miss some dependencies and will have to install them via ‘apt-get install‘. On my fresh Debian I was missing some perl modules so I did ‘apt-get install perl’, again dependecies missing, but with a ‘apt-get install -f‘ (as instructed) I solved it.

Install a clean Debian on Virtualbox

I don’t test my ‘ideas’ on live servers, nor do I keep unnecessary hardware around the house to play with them. So I use the other option in hand, a virtual machine. Despite the fact that this will be a VM installation of Debian, the idea for a very clean and basic installation is the same for a real hardware installation.

For my testing purposes I prefer Oracle VM VirtualBox instead of VMWare. First of all because it’s free for home use and secondly it’s smaller and faster for the applications I run. If you don’t already have it installed you can download it from https://www.virtualbox.org/wiki/Downloads.

You might have noticed that I’m a Debian fan, these is the system I have worked for a long time so it’s more of a habit now. For our clean installation we’ll use the so called NetInstall version. It’s a small ISO image (under 200MB), containing only the basics for the installation, the rest of the applications will be downloaded during the install phase. So you must have internet access during installation (if you read this article you surely do, but pay attention when installing on real hardware). So, download the latest version of Debian NetInstall from http://www.debian.org/CD/netinst/.

Start VirtualBox and let’s create a new Virtual Machine, by selecting New:

[Tool] Check if an email address is valid – the php way

In an older post we talked about checking the validity of an email address.

Now let’s make a php function to automate this task. We can use this type of validation to check for example if a user is using a correct address when registering for a service.

Check if an email address is valid – the telnet way

You can use telnet to check if an email is valid. You can actually send emails via telnet, but we’ll stick to checking for now. Remember that this is not a string validation but a complete check with the mail server if the user is valid.

For this example we will use [email protected].

Socks proxy for non-socks applications

For several reasons you may want to use a socks proxy, but a lot of command line applications are not able to work with a socks proxy.

wget for example is unable to work directly with a socks proxy. Also, configuring wget to work with a http proxy is a pain. You can’t specify the proxy from the command line.

SSH tunnels, an alternative to VPN

What do you do when you need a connection to the Internet and the only thing in hand is an unsecured wireless network or hotspot? Do you realize the dangers involved? Would you trust this connection and send confidential data over it?

Of course VPN is the favorite method, but what if you don’t have such an option? Let’s say all you have is a DD-WRT router with no VPN (because you have a mini or generic firmware). Just for the sake of argument. How do you route your traffic through this router from the Internet?