Wednesday, 26 February 2014

How To Monitor Failed SSH Attempts

Disable Password Authentication for better Security

More about SSH can be found here.

You might be astonished how many people try to break into your computer via ssh. It is advisable to use key-based authentication only. Article for key-based authentication.

Enable monitoring

sudo gedit /etc/ssh/sshd_config
--> change LogLevel INFO to LogLevel VERBOSE

SSH login attempts will now be saved in your /var/log/auth.log file.

Accessing the information

sudo cat /var/log/auth.log | grep sshd
sudo cat /var/log/auth.log | grep Fail

sudo cat /var/log/auth.log | grep Invalid

Disabling SSH all-together

sudo mv /etc/init/ssh.conf /etc/init/ssh.conf.disabled

Tuesday, 25 February 2014

WPScan Tutorial (Debian, Ubuntu etc..)



WPScan is a tool to automatically scan Wordpress-Blogs for vulnerabilities. Furthermore it can enumerate user names and carry out bruteforce attacks on accounts associated with the blog.

Link: http://wpscan.org/

Install

sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev git
git clone https://github.com/wpscanteam/wpscan.git 
cd wpscan 
sudo gem install bundler && bundle install --without test development

Enumerate vulnerable plugins and themes

  • Plugins  
ruby wpscan.rb --url http://www.wpblog.com --enumerate vp
  • Themes
ruby wpscan.rb --url http://www.wpblog.com --enumerate vt

Get usernames

ruby wpscan.rb --url http://www.wpblog.com --enumerate u

Brute-forcing accounts

Most of the time, user don't chance the default 'admin' username, so you should start here.

ruby wpscan.rb --url www.wpblog.com --wordlist YOURWORDLIST --username admin

You can get an extremely good wordlist here: https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm

If you have any questions, drop me a line.

Monday, 24 February 2014

Locking The Screen In Openbox

I guess most of you (including me) would like to lock their screens.  You  accomplish this  in Openbox by installing and using XscreenSaver.


XScreenSaver

Terminal

sudo apt-get install xscreensaver
sudo nano /home/YOURUSERNAME/.config/openbox/autostart.sh
#ad this line
xscreensaver -no-splash &#save and exit
sudo chmod +x /home/YOURUSERNAME/.config/openbox/autostart.sh

Adding an entry to obmenu
obmenu
new item ==> label: lock ==> action: execute ==> execute: xscreensaver-command -lock
save the menu & exit

You should now be able to lock your screen. 

Sunday, 16 February 2014

Installing Flappy Bird on Android (and iPhone)


http://theadvertisingoutlet.files.wordpress.com/2014/02/flappy-bird.jpg

It might be ''Game Over'' for Flappy Bird on the iTunes store, but its still possible to install and play the game.

Download: File


iPhone 

Download and install iFunBox to your computer
Connect iPhone to your computer
Open iFunBox and click the <<Install App>> button
Open the Flappy Bird .IPA file

Android

Settings > Security > Enable Unknown sources
Open a web browser and download the Flappy Bird zip file
Extract
Open and install the file (.apk)


That's it. 

Saturday, 15 February 2014

How To Mine Your First Litecoins For Free

Before we start with the guide, I would like to point out that if you want to get serious, you need the invest some money.  This is what I would recommend and run myself (I have 4 rigs):

3 * ASUS R9 280X-DC2T-3GD5 Graphics Cards 
1 * ASRock MB-970EX4 Socket AM3+/ AMD 970
1 * AMD Sempron 145 Processor
1* Corsair Professional Series AX 1200 Watt
1* Kingston Hyper X Blu 4 GB 
PCI-E PCI Express 16X Riser  

The 280x graphics cards currently offer the best bang for the buck and yield 740-760 khs each.


Litecoin is scrypt-based


But now back to the actual topic: i.e. how to mine your first Litecoins for free. ;)

Requirements

  • sign up for a mining pool such as LTCRabbit and create a worker (LTCRabbit: My Account > My Workers > Add New Worker)
  • an azure trial account
  • approx. 15 min of your time
The Azure Account

You need a credit card to qualify for the trial period of 1 month (Link: Trial). Note that the subscription will end automatically. (You can even sign up twice with the same card ;) )

After you have access, click on + new - compute - virtual machine -quick create.

==> choose Ubuntu server 12.04 LTS + Extra large

Back to your machine

Download Putty and open it. Link.

Host: yourdnsname.cloudapp.net (the one you've chosen when creating the virtual machine)
User: azureuser
Password: yourpassword (password you've set before)

You will be presented with a Linux terminal.

Issue the following commands

sudo su
apt-get install build-essential libcurl4-openssl-dev
wget http://sourceforge.net/projects/cpuminer/files/pooler-cpuminer-2.3.2.tar.gz
tar xzf pooler-cpuminer-*.tar.gz
cd cpuminer-*
./configure CFLAGS="-O3"
make
./minerd --url=stratum+tcp://stratum+tcp://eu.ltcrabbit.com:3333 --userpass=username.worker:password --background

Of course you need to adjust the settings (e.g. "username.worker:password"). Login to LTCRabbit  and you will be able to see your KH/S rate if everything is set up right.

Now create another virtual machine and repeat the above steps.

Any questions? Leave me a comment!

Saturday, 1 February 2014

OpenVpn Connected, But Not Directing/Routing Traffic (Windows 7 and Riseup VPN)


I recently encountered a problem with OpenVpn and the riseup VPN on a friend's notebook. Although it connected and seemed to work none of the traffic was going over the RiseupVPN.


This is the configuration of the .ovpn file that did the trick for me. Save it under C:\Program Files\OpenVPN\config\RiseupVpn.ovpn.
client
dev tun
remote vpn.riseup.net
auth-user-pass
ca RiseupCA.pem
redirect-gateway def1
verb 4

Or alternatively download the file here: https://drive.google.com/file/d/0B06EJahqJCOCOVV2NERwNEtVRlE/edit?usp=sharing

Also, make sure to run  OpenVpn as administrator. Right click on the OpenVPN application >> choose “Run as Administrator"