tmacuk

For a while now I have been trying to find ways in which I can have my pen-testing computer and personal computer together. At the end of the day as long as my work reports and test results are encrypted, and I am not doing anything stupid in my personal time on the computer why not have them together.

I currently have two working computers. I have my laptop which I use most of the time as it is (at the moment) the best machine I own. I also have a very old computer that was built around when I was about 13. The laptop is currently running Ubuntu 9.10 (although as soon as the upgrade to 10.10 is made public I will defiantly be off of this) and the computer was running BackTrack.

BackTrack is a great pen-testing distribution, it does exactly what it is supposed to do. However as a personal opinion and someone who is really used the gnome interface and just Ubuntu as a whole, I prefer Ubuntu. I have been trying for a while (and not succeeding) in creating my own personal distro that I can install all the tool that I need using Ubuntu Minimal. At first it seemed like a great idea, but the time quickly came upon me and with Uni and work commitments I found myself having to throw the project to the side into a very high pile.

That was until however I saw a post on Twitter mentioning Ubuntu Pen-Testing Edition. I quickly jumped on to the website at which point I found out that they were changing to a new dedicated website and the download wasn’t going to be available till tomorrow. Let me please point out however that the lead developer of this project, Vitomir Margetic, has been so helpful right from the start of my life with the distribution – every email I have sent has been answered with the utmost quickness and respect, so thank you.

After some server issues when it first came up I finally got it downloaded and installed into a virtual machine – which if your planning on doing make sure you allocate at least 1gb of ram or more. As soon as it was installed I knew I was at home. Ubuntu PE was everything I liked about Ubuntu and BackTrack all into one. Ubuntu – because I knew how to get everything working exactly how I wanted it i.e. Adobe Air, Sound, Play on Linux etc and BackTrack – because I used it in my pen-testing for work that evening and I wasn’t a tool short, that night anyway.

There are a large amount of tools within Ubuntu that I must admit are within BackTrack, however there are other tools in there that are not. Then on the other hand there are parts of Ubuntu PE that I would want to change.

First of all I installed it because I liked the gnome interface, the one bar at bottom and the other at the top, that wasn’t there. It was a gnome interface alright, but looked like a copy of KDE, just the one bar at the bottom type thing. That was changed straight away. Secondly there are tools I have installed on my computer that I use for testing that were not installed. An example of this is the screenshot taker – Shutter which if I am honest I couldn’t live without so take a look.

All in all it is much simpler. Which to be fair is exactly what Ubuntu was designed for. Somebody who is new to Linux (in my opinion anyway). The argument you have here is that should somebody who needs something simple be using hacking tools that are included in both of these Distro’s? If they struggle with BT should they not really be thinking is this the Distro for me? I think it all comes down to how you want to use your pen-testing machine. Do you want a machine that you can use for everyday use as well or do want a machine just for your work? In my personal opinion the more things I can bunch together the better, this way I can use my other computer as a vulnerable machine to test my tools on.

I am moving away from Ubuntu soon, primarily because I think I am ready to move on to a harder distro so that I can learn more things about Linux itself, but secondly because of the way Ubuntu is changing – especially the new memory storage in version 10.10. So as for using this as my main system I would have to say no. However over BackTrack I will use this. It is new, easier and quicker to get going with and it does the job that I need it to do. I know you all may think all you need is the terminal window, but when your writing reports and taking screenshots its always better to have a look at something graphical that just text; and because I know my way around Ubuntu so well now and I can edit it the way I look i.e. RandomStorm logo on the bars etc. it works better for me.

This review wasn’t a dig at either community, just my personal opinion.

If you would like to download Ubuntu PE please visit – http://www.netinfinity.org/

There are new feature being developed as I am typing this review, I have some new found friends in Dundee that are getting involved with creating and making this a better distro for pen testers to use. A repository is currently being created so that you can port all the tools into an already existant Ubuntu setup – again some you can do with BackTrack but without having to read countless guides on how to do it.

Thanks -
Thomas MacKenzie

So last night a friend and I spent our time trying to get Linux installed onto my laptop. I don’t know if any of you had seen on Twitter but I was having some problems getting Ubuntu installed.

I ended up settling for what he uses which is Sabayon. I had used this briefly a few years ago just as I was getting into the whole Linux scene, but at that time I really didn’t understand what Linux was.

At first glance Sabayon was brilliant. It looks smart and it runs with Gnome so what I have learnt with Ubuntu hadn’t been wasted. The problem came when I tried to get my wireless working. I was looking everywhere on the Internet for help with getting it installed and all I could find was the bloody Ubuntu forums, they were being too helpful for once. In the end I just followed one hoping that it would work. I used ndiswrapper again with the Win2k version of the driver and after some tinkering about I can now get the laptop running through my wireless. The only problem I have now is that I have to run sudo modprobe ndiswapper at boot through the terminal. I have added ndiswrapper to /etc/modules but it is still not running at boot. There must be something slightly different I have to do with Sabayon which I cannot figure out yet but no worries I don’t have Windows to keep me busy now.

The aim now is to get myself to grips with their package manager. I am loving my new found love for Linux, probably because when people see it they stop to say “hey what’s that” and it also stops my girlfriend trying to get on my PC/Laptop too

It has been a while since I have done a good blog post and its going to be slightly longer too. I have been off of University for Christmas break and in that time my laptop has completely broken. Some of you maybe aware the screen was smashed, well I was using an external monitor then that stopped working, so it has been in for repair. It is a 16 inch monitor and there are apparently hard to come by so the guy has been busy for looking for suppliers. I should get the bugger back tomorrow.

Plans

• Back up what I need on that laptop and reinstall Win7 as primary operating system but with a partition of 20 gig.

• Have the rest as a Ubuntu partition.

• Kit my portable HDD out with tools etc. so that I can have a messy port. HDD and clean laptop HDD.

• Go back to University this weekend so I need to pack and find everything I need to take back.

• Finish assignment on Information Gathering Using The Facebook API

So what is happening with the blog?

I am going to carry on with my Student interviews, just been difficult getting people to partake when I haven’t been around them. I am also going to start interview with a  Black Hat. I know a few people who have gone a different way from myself and I am going to ask them a few questions about where they learn there “skillz” and what they do with them.

I am also planning on getting some form of discussion forum on here as well and maybe a photo album that updates with my Facebook profile. Something along those lines anyway.

For now that is all

It has been a while since I posted about my Linux experience so here I am. If I am completely 100% honest I haven’t used it much since I last blogged however when I have used it I have been using it to learn some really complicated thing (well complicated for me anyway).

The biggest project I set myself when I first started using Ubuntu was to set up a wireless access point using my box. The problem at the time was that I didn’t have a wireless card, until now. I managed to get myself a WG311v3 wireless card and I plugged it in – here comes the difficultly regarding installation. I installed it okay, followed a tutorial and everything was going great. That was until the very end command I typed into terminal didn’t seem to be working (sudo ndiswrapper –m) this made sure that the wireless card was active every boot. I eventually was told that I had to add ndiswrapper into etc/modules which worked.

I then started to play with ad-hoc networking and the first time I tried it it worked like a charm. This is where the saying if it is not broke don’t try to fix it comes from. I entered a stupid SSID and created a new network that was called something sensible. Since then I have not been able to connect to the internet on my Win7 laptop through ubuntu, it will connect to the machine, but Win7 will not be able to identify they network it is connected to.

I then thought to myself maybe I should try setting up an access point. So I carried on with a new tutorial – it asked me to go to root so sudo –i etc. The problem was when I went into tasksel. I feel such an idiot to admitting to this but as I was installing what I needed I unchecked Ubuntu-desktop. It reloaded in CLI – I know hardly any commands as f1nux can tell you. I had to ring my friend and we were up till 5 in the morning trying to fix it. It had uninstalled my NIC’s so I couldn’t connect to the internet, we got that working and then I tried to connect but because I am in accommodation I have to mess about logging in and out every time and I could not connect to the net to do that. In the end I did another clean install – which is something I had done just a few hours previous. On the plus side I know have some nice partitions for future distros that I want to try out and I know a lot more about command line.

The future things that I am working on are a python script that I can send emails from, as an alternative to Thunderbird just to get my head around the programming and also to try and receive the emails too.

Before I start I would like to say a huge thanks to f1nux at finux.co.uk for helping me get to speed with the terminal commands that I am talking about in this blog post.

Linux has made my life so much easier when it comes to the course I am studying at University. There are so many cool little tricks that I have learnt in the process of doing some information gathering and a sort of vulnerability assessment for a company. Simple commands like whois www.domain.com and dig www.domain.com

I have also sorted out the problem with my email/rss feeds using Mozilla Thunderbird, something which I highly recommend. It took me some getting used to at first, but after sitting with it for ten or so minutes it feels very familiar because I am so used to Firefox.

I can’t really comment on the access point at this moment in time, until I get myself a wireless card for this box. Just running a little behind on funds at the moment and when that has been taken care of the access point is what I will be focusing all my attention on. I think you can now do it using Windows 7, so I may have a look at that until I get myself sorted.

Overall so far, I would still recommend Ubuntu to anyone interested in learning about another option to Windows, it is something that I am going to stick with for sure. I however am still disappointed that I cannot play my games on it and if anyone knows anything about running Steam on Linux, please get in touch with me.

After a huge mistake in the installation of my windows laptop, I have made it so that I have to reinstall the OS in a months time. My friend told me that he had a spare key for windows 7 ultimate and it was actually the upgrade serial number. So I installed Ultimate, knowing that at Christmas my Home Premium will be coming and I have no CD key for the Ultimate installation that it is going to deactivate in 30 days. So I’m running the 30 day trial on my laptop so I have something to game on, and using Ubuntu as my main OS.

Just got 9.10 installed after a problem with the BIOS on my pc, the boot menu wasn’t showing up and wouldn’t allow me to boot from CD. I eventually got that working and got to work with repartitioning the HDD and installing Karmic. I was at the time luckily talking to f1nux and he was able to guide me through some of the installation features that Linux uses i.e. swap partitions.

The idea of this series is to document my usage of the OS up until Christmas when I get Windows 7 Home Premium. I have got this installed on its own on a computer that I used to run XP off.

There are a number of things I want to figure out how to do before my next post.

1.Either add a plug-in into evolution mail to allow me to read RSS feeds like in Outlook or install one that is independent.
2.Start researching how to use Ubuntu as a access point for my other wireless devices so that I can connect to the Internet though this box (f1nux said it can be done)

Thanks,

tmAcUK