Linux Mint Hacked (/rant)

So I recently  heard in the news that a quite popular Linux distro that is currently a competitor to Ubuntu (Linux Mint) has been hacked. The hackers took control of their servers and infected one of the downloadable ISO.

It’s not the first time a distribution has been hacked and I really don’t blame the Linux Mint admins for that. Security is a quite complex topic and it’s even harder if you’re on the defender side. All the attacker needs to do is find a single flaw,  whether it’s a plugin on the blog you’re using or something that might seem really insignificant. But the results can be really devastating even though you have taken strict security measures on the network side of things.

Anyway, what I really wanted to talk about is the important role gpg has to play in this. For example, I’ve recently made a fresh Arch Linux install from scratch. Before getting started I had to verify the integrity of the ISO that I downloaded to make sure the downloaded image is the same image that I’m supposed to receive from the server. But just verifying the integrity of the image successfully doesn’t guarantee that it is the exact image that the original authors had created. To verify that it is coming from the intended author I also had to download the signature file that came with it, receive the key from key-server and verify the signature using gpg.

This extra step of verifying the signature is something that I’ve noticed on distros like Arch, Gentoo, etc. Personally I think gpg is not that hard to use, although some people find it confusing and even most distros like Ubuntu (back when I was using it) doesn’t provide this extra step of signature verification.

So why is this important? Well let’s say in the case of Linux Mint after it was hacked, if signature verification was there the users could see if the image came signed with a key from one of the official developers and could further inquire about it if anything looked suspicious. I don’t think it’s easy for a random attacker to forge the signature of the developers but it does provide an extra layer of security on the user side.

Anyway, I actually support the decision made by the Linux Mint community to immediately announce to it’s users of the compromise and taking appropriate measures. There are perhaps a lot of distros out there that don’t like to reveal such stuff publicly for fear of losing their image in the community. But Linux Mint developers do really care about their users so props to them for being so transparent about the whole thing.

P.S. If you’re really paranoid about your security/privacy, try doing an Arch Linux install from scratch. I know it takes a lot of time on your first run but the learning experience is totally worth it. Goodluck!:)

 

 

 

 

 

Efficient browsing / productivity with Vimium

For quite a while now I’ve been doing pretty much everything on Linux with just keyboard shortcuts. I’ve switched to a tiling window manager called i3 which eliminates the need for a mouse as everything from resizing window frames, making them full screen or tiling them in a certain way can be done with the press of a few buttons. I’ve found that it increased my productivity by quite a big margin and I feel like mouse was just a block in the road towards productivity.

Only place mouse was needed for me was for browsing the web. Luckily, even though a bit late I’ve found a way to even get rid of that by using a plugin called Vimium for Chrome. I’m a big time Vim user and it’s kind of funny that I thought the learning curve that I had to go through for vim and the hours I spent learning it could only be used for stuff like coding / text editing. The time I invested learning vim actually pays off when you consider plugins like Vimium, which allows you to use the same keyboard shortcut like features you’re used to in Vim and works as a replacement for your mouse.

It’s actually difficult to imagine how the experience is like when you consider the fact that there’s no mouse at all, you just press keys and things work the same way as if you had a mouse. From opening links in new tabs, scrolling, interacting with custom frames, clicking on elements, opening older tabs from history or going through your bookmarks; everything works smoothly as if you’re doing it with a real mouse.

I’m starting to get used to it, so far it seems pretty easy to get started and I highly encourage people to try it out and see for yourself how it’s like. You don’t actually need previous experience with vim and the shortcuts can be configured as the plugin is quite flexible. Try it out, who knows you might even like it:)

 

 

 

 

Linux Kernel Module / Hardware Tinkering

When I first got into the Linux world (5-6 years ago), I was a beginner at the time and as usual if something didn’t work out of the box (hardware / software) I used to blame the distro and move on to the next one. I thought it was a “fair” way to do things coming from the Windows world as a Windows user. Given that there were so many distros out there at the time it wasn’t actually a bad move though, but I knew that I’d have to change my mentality if I were to survive in the Linux world.

Slowly, as my experience and skills with Linux matured I realized that I actually enjoyed if things didn’t work and I wanted things to not work as expected so that I can learn how to fix it and make it better.

In most cases just a simple google will work, but if the problem is complex; like something related to hardware perhaps the only way to go about fixing it is by being really persistent. Like the old saying goes “If there’s a will, there’s a way”.

Today I will share some of the little things I’ve learned as a Linux user on how to mess around with kernel modules, learn what features of your hardware are supported by the module and how to disable / enable them.

Mainly I’m documenting this as a self reference in case I forget somethings in the near future.

Okay first of all, if you want to see what hardware you have; which kernel modules are being used by them or in general learn more about what’s happening with your hardware you can use the following commands:

1) lspci -k
2) lshw -short
3) inxi -b
4) lsusb
5) dmesg | grep -i “keyword” //Replace keyword with something specific to your hardware / kernel module

Note that you may have to install inxi and lshw, they’re by default not installed on most distros.

Okay now, let’s say you’ve found the kernel module being used by the hardware you want to debug (Command #1).

You can see what options are supported by the kernel module with the command below.

modinfo -p [module name]

In my case, I wanted to debug my internal atheros wireless card ath9k.

To see what parameters / options are enabled / disabled by the module at the moment you can try:

systool -v -m [module name]

Selection_008

Note that in the section parameters, 1 means enabled and 0 means disabled.

By default most distributions try to have some basic module configs so that your hardware works as expected or so that some other module doesn’t interfere with your hardware by blacklisting them. But it’s not practical to predict what kind of hardware you might have and there’s so many different types of hardware, so it’s better to debug your own hardware and tune the configs to something that is optimal for you.

At the time when I was debugging my wireless card, the powersaving option was disabled (ps_enable=0) and hardware crypt was enabled (nohwcrypt=0) which is why my wireless card was using a lot of power and was slow at the same time.

You can configure them to use the parameters that you want by writing a config file in the /etc/modprobe.d/ directory. What you name the file doesn’t matter, but it needs to have a .conf extension for it to be recognized as a config file.

Usually it’s a good practice to name the file according to the module name, in my case it’s ath9k.conf.

This is the format of how you enter the parameters in the config file:

options [module name] [parameter=value]

Selection_009

You can have multiple parameters side by side separated by space.

After the changes have been written, you can simply remove the module and reload it to have the changes implemented or a reboot works fine too like in windows:)

Removing module:
modprobe -r [module name]

Reloading module:
modprobe [module name]

Another thing that was interesting to learn was that let’s say there are some hardware or module that you want to disable or don’t want running.

For example, I find that I never really use the webcam and bluetooth devices on my laptop so disabling them is also a good way to save power and increase battery life.

You can blacklist modules by just having a config file with they key word blacklist followed by the module name. But in some cases, a module may be a dependency to another module and therefore blacklist feature might not work as expected and the module might end up being loaded anyway.

So to prevent that you can write the config file this way:

install [module name] /bin/false

For those wondering the bluetooth module by default is btusb and webcam module being uvcvideo.

Anyway, that’s it for today. I really didn’t wanna make this post since a lot of this info can be found publicly or in Arch Wiki.

But a part of me insisted that I do since a lot of stuff I learned were by trial and error. Usually Arch Wiki tells you what to do but not why, it is up to you to figure out why and that’s the most important part of the learning process in my opinion.

Hopefully this might be helpful to some of you:)

Cutting off the slack

I’ve been an avid Linux user and a fan of opensource for many years; I’m fascinated by how the Linux community always manages to find solutions to problems that are limited by our own imagination.

For far too long I’ve been guilty of slacking, wasting time with plenty of distractions (social media, news, gaming, etc.) and doing non trivial tasks; also I have not contributed much to Opensource and the community. I’ve decided to completely go offline on my life with social media such as facebook, reddit, twitter, youtube and things that have no purpose in life other than to waste your time and make you a consumer of news and entertainment. They say time is the most valuable resource in the universe, I wish I could have realised that earlier.

Also from now and on words I’ve decided I just don’t want to be someone who just watches from the distance and benefits from opensource, but I will actively contribute and give back to the community that has always stood beside me in my time of need.

In my lifetime, I’ve used various Linux distributions from Ubuntu to Mint, Sabayon, Crunchbang and now in Manjaro, hoping to finally switch to Arch. Even though I no longer use some of the mentioned distros but the experience that I’ve had on forums / irc with the moderators and the more advanced users as they stood by and taught me the ways of being resilient and finding solutions to problems no matter how impossible it might seem is something that will always stay with me.

Using the distribution as a normal user is one thing, but in my point of view the real fun part is contributing in the forums and learning new stuff that might seem too daunting at first. Found a fix to a bug that has been bothering you for a long time? Good, now you can share on the forum where it’ll help thousands of people who have been dealing with the same issue but had no clue on how to fix.

The forum is not only a place where one can gain a more mature understanding of various kernel / hardware issues, but they can meet with people with similar interests. Perhaps they use the same window manager, have some cool scripts / configs that can make things more efficient and useful for you. The best part is that if you’re a coder, you’ll be able to work on your coding skills by forking existing code from github and see where you can take it from there.

I hope to post regularly on my blog from now on and hopefully I will get back with more useful posts that will make a difference.

Thanks for reading:)

Using YouTube playlists as your offline music collection [Linux]

youtube

Hi guys! Been so long since I’ve made a post…well over a year now. Work, studies and commitment to life keeps me busy but it’s good to be back every once in a while.

I’m a big music fan and at times I use various YouTube  music playlist to listen to a good collection of cherry picked music that interests me. Also there are times when I don’t have internet connectivity so a thought came to my mind on why not just get the entire playlist backed up locally so that I can listen to good music whenever I want.

So first of all since I’m a coder, I thought to myself on why not just go ahead and create a script to automate the entire process; from parsing and downloading content to batch processing and conversion of the videos to be audio only. But then again one of the things I’ve learned in the long run as a coder is to make good use of code reuse; in other words, why reinvent the wheel when there are already existing solutions out there that addresses the problem. This led me to the excellent feature friendly youtube downloading and conversion software for Linux known as youtube-dl.

You can download youtube-dl from your local linux repo or you can go to their hosting site over here.

TLDR; This is the command format to make youtube-dl download all the tracks along with cover photos from a given playlist and convert it to audio only without going through a hiccup.

youtube-dl –yes-playlist -c –write-thumbnail -x -i [ url ]

The command line flags are pretty much self explanatory; youtube-dl works smooth and with in minutes you will have your favorite genre of music all backed up for your convenience.

Disclaimer: The author is not responsible for violation of youtube’s copyright policy in anyway, what you do with this information is your own responsibility. This post has been made for Educational purposes only.

New features coming to Gen2k!

Gen2k is kind of whats driving half the traffic on my blog right now, so I’ve decided to add some interesting features to it.

Alright these changes are being implemented (work in progress) and with in the next few days will be available hopefully.

 

1) Option to add a packet capture file (.pcap) to crack a WPA handshake with save option.

First of all, I felt the real need for a save option in aircrack-ng toolkit when cracking a handshake. Whenever you crack with a big wordlist, aircrack-ng doesn’t save the progress so you’re forced to start from the beginning all over again if the cracking is somehow interrupted. So what Gen2k will do is act as a frontend on top of aircrack-ng. It’ll give you the ability to quit at anytime while also creating an automatic save file so that you can autoresume your particular cracking session at any time. This is really convenient because you’ll be able to persistently crack a handshake with a wordlist of let’s say a few Gigabytes in size without losing track of progress. Also there’ll be a progress indicator that actually shows your cracking progress based on the wordlist you’ve used. I’m also planning to add the feature of just dumping a folder full of wordlist and Gen2k will take it from there, but let’s see if I have enough time for that too:)

 

2) Efficient memory usage

I’m currently busy perfecting Gen2k to be memory efficient. Previously Gen2k used to load all the tasks in memory at the same time therefore if you had a really big wordlist and not sufficient free memory, you’d end up crashing the program. But now things will be different as Gen2k will set aside only a significant portion of freely available memory to do the processing and will load things depending on the amount of memory available.

 

3) Advanced wordlist processing algorithm

For the handshake cracking part, Gen2k will use more space on the hard disk but it’ll be efficient on how it does things. More details will be provided later.

 

4) Depth search

Some people requested to have depth as a feature to make Gen2k more flexible, I hope to introduce that too!

Well that’s pretty much it, perhaps if I do get enough time I’ll also introduce a GUI for Gen2k to make things easier, not sure if I’d have the time for that.

Also if you have any further suggestions or criticisms for improving my tool do let me know, I do listen to my users. Keep your eyes on my blog for the next few days, or you might miss out on the new Gen2k release!

 

UPDATE:

It seems to me like it is better to keep Gen2k dedicated to being a wordlist generator, and I think I’d be better off creating a separate application to act as a frontend to aircrack-ng & also to be a solid, automated wireless cracker.

 

Router Intrusion

Recently, a friend of mine asked me to take a look at his home network & see if it’s secure or not. So the first thing that came into my mind was obviously the security state of his router. He’s not a technical user, so I expected that the router might be left in an insecure state (default passwords on) etc.

When I tried logging in through the web interface with default passwords, it failed. That was kind of suspicious because he told me he didn’t know how to change his router’s password. Upon further inspection I realised that it was running the telnet service. Then I thought why not just bruteforce the router’s telnet service using my custom coded tool Autobrute.

I used a small wordlist of commonly used passwords and after like 2-3 mins got root access. Next I decided to investigate further via telnet and the things that I found totally caught me by surprise.

It was a Busybox router. Busybox is a minimal linux based system having only a limited subset of commandline tools, but sometimes those tools are more than enough to do what you want from the point of view of an intruder. I used the ps command to list all the running processes and I noted something quite interesting at the end.

 

ps_censored

What were those tools and why were they connected to those ip addresses? Those tools were not in the /bin directory so obviously it meant that it didn’t come prepackaged with the busybox operating system. I navigated to the /home directory and discovered all those tools in their unpacked state.

.mtgox in the /home didn’t reveal anything when I tried running it with –-help argument.

Where as when I ran the other tool hIAJKp it gave me this:

miner

Obviously from what I can see this tool is a bitcoin miner, upon googling further it revealed to be coded specifically for the ARM architecture so it can be run on anything from your smart phone to your router, etc.

What is a bitcoin? Unless you’ve been living under a rock for the past few 4-5 years, you should know that it’s an online crypto currency.

In other words, the intruder was using this tool on my friends router with one goal:  mine bitcoins & benefit himself using the bandwidth as well as the limited processing power of the router.

I wanted to do further investigating into a lot of other things but due to lack of time wasn’t able to.

One of the things that’s good about routers in general is that they use the Squashfs filesystem and it is readonly. That means whatever you decide to keep on the router stays there temporarily and is only good till next reboot. So after resetting the router manually the bitcoin miner & all other tools planted by the intruder disappeared which is good.

Next I secured the router with a strong password, made some changes to make sure the web interface isn’t available remotely & called it a day:)