Posted on:
February 8, 2013
Feb 06 2013
How to graphically control a remote machine
Having a number of machines at different locations makes control, sync, or special process creation a difficult task depending on the circumstances. Many times you just want to take control of the remote machine and administer it using a GUI like you would do if seating in front of it. This was my case the last couple of days. After trying some VNC related solutions I got a bit frustrated configuring or setting them up. Fortunately I found the easiest solution in NoMachine‘s NX. In its simple form the application is based on the client-server model, with the server being installed on the remote end and client on the local workstation.
Let’s see it in action. The following guide assumes that the remote machine is running a Linux GUI distro with a firewall that allows inbound and outbound connections and the local machine is running Microsoft Windows.
1. First of all you need to login to the remote machine via SSH, meaning that you have already installed an SSH server (like OpenSSH) on it, and you have an SSH client on your local machine like PuTTY. Otherwise, if your remote machine is virtualized and hosted by a provider that allows some kind of web-console access you can use that as well.
2. While logged in there you proceed to the installation of NX Server using the packages/archives for the NX Free version. In this example I’m using the x86 tar.gz archives. You will need all the files (client, node, server) for the NX Server to work.
$ cd /usr $ wget nxclient-3.5.0-7.i386.tar.gz $ wget nxnode-3.5.0-9.i386.tar.gz $ wget nxserver-3.5.0-11.i386.tar.gz $ sudo tar zxvf nxclient-3.5.0-7.i386.tar.gz $ sudo tar zxvf nxnode-3.5.0-9.i386.tar.gz $ sudo tar zxvf nxserver-3.5.0-11.i386.tar.gz $ sudo NX/scripts/setup/nxnode --install $ sudo NX/scripts/setup/nxserver --install
3. (Optional) If you want to be able to login to the remote machine as root, you will have to edit the configuration file located at: “/usr/NX/etc/server.cfg”. There you must uncomment line 87 and change the EnableAdministratorLogin value to 1. Don’t forget to restart the “nxserver” service (sudo service nxserver restart) for the changes to take effect.
4. Return to the local machine and install the NX Client application. Start the “NX Connection Wizard” and input all the required values.
That’s it, you are ready 
Feb 01 2013
Kippo-Graph: version 0.7.5 released!
This is the release of a new version of Kippo-Graph, adding French language support.
Thanks to Jean-Phelippe for his translation effort!
Download it from here: kippo-graph-0.7.5
MD5 Checksum: 83C51FA126F6B035FF1BD00C38E031DA
SHA-1 Checksum: 20543AD11D340A4951CF403FAC04C4C9E185F872
CHANGES:
Version 0.7.5:
+ Added French language support.
For comments, suggestions, fixes, please use the Kippo-Graph page: http://bruteforce.gr/kippo-graph
Posted on:
January 31, 2013
Jan 26 2013
Setup HoneyDrive on VMware (Workstation, ESXi, etc)
UPDATE: While this post and the methods described are still relevant, I have written a new guide here: HoneyDrive 3 VMware guide
Many honeypot enthusiasts who wanted to try out HoneyDrive had difficulties importing the OVA file into VMware software like ESXi, Workstation, etc. I use VirtualBox to develop HoneyDrive and there seems to be an incompatibility between the two virtualization product series. You can always install VirtualBox and easily import HoneyDrive there but I realise this might not be suitable for everyone. So, here are some tips to set up HoneyDrive on VMware (you can try any one of them):
The first one comes from UABgrid Collaboration Environment and you can find it here: https://dev.uabgrid.uab.edu/wiki/VirtualboxToEsxi.
The second comes from commenter “Rob” who utilized VMware’s OVF tool: http://bruteforce.gr/honeydrive-desktop-released.html#comment-779920644
The third is the failsafe/straightforward one which Richard Bejtlich used to try HoneyDrive 0.2, and commented about it here: http://bruteforce.gr/honeydrive-desktop-released.html#comment-779920647. Basically, OVA is like a compressed tar archive. You can uncompress it using a common utility (e.g. 7zip) and you get HoneyDrive’s virtual disk file in a VMDK format. Then, you can simply manually create a new virtual machine in VMware and attach this file as hard disk. Bear in mind that Ubuntu keeps a record of the MAC addresses for each NIC, and since you create a new VM from scratch I think that the virtual NIC inside HoneyDrive might change its name to eth1 from eth0 (on the contrary, importing the OVA retains the generated MAC). This shouldn’t be a problem (defining a specific interface to use was not required in any of the honeypot software as far as I recall), although it can be fixed very easily by editing udev rules (see: http://www.kkoncepts.net/node/107) for “normalization” reasons.
Last but not least, another guide comes from commenter “Setareh” who wrote about his experience here: http://bruteforce.gr/setup-honeydrive-on-vmware-workstation-esxi-etc.html#comment-979839942. He used the VBoxManage utility to convert between virtual disk formats and successfully imported HoneyDrive into VMWare Workstation 8.
EDIT: user “Hawkie” has commented here to announce the creation of VMWare-converted version of HoneyDrive. You can download it as a torrent from TPB: http://thepiratebay.se/torrent/9402030/Honeydrive_0.2_nectar_edition_vmware_image. Bear in mind that I take no responsibility for the validity or security of this particular project! Use at your own risk.
Jan 25 2013
How to install Thug Python client honeypot
UPDATE JULY 2014: This guide is considered “old” now. You probably want to try the new Thug-Vagrant project: http://bruteforce.gr/vagrant-configuration-thug-honeyclient.html
So, after a brief discussion with Twitter fellows @KDPryor and @Tazdrumm3r about Thug, the Python low-interaction honeyclient, I decided to write a proper installation guide for it since the official one is not quite complete.
I have already forked the project on GitHub and promise to update the official guide as well, submitting a pull request for buffer (the developer of Thug).
By the way, if you don’t want to bother installing Thug by yourself, you can find it inside HoneyDrive (0.2 Nectar edition), ready and waiting!
In the mean time, let me guide you step by step while I successfully (fortunately) install Thug on a new VPS running Ubuntu Server 12.04 LTS. Following the procedure below, Thug will be installed at “/opt/thug/”.
- Install Python 2.7 packages:
aptitude install python2.7 python2.7-dev
- Get Thug itself:
aptitude install git cd /opt/ git clone git://github.com/buffer/thug.git
- Get Google’s V8 JavaScript engine and PyV8 Python wrapper:
aptitude install subversion svn checkout http://v8.googlecode.com/svn/trunk/ v8
Patch it:
cp thug/patches/V8-patch* . patch -p0 < V8-patch1.diff
Get PyV8:
svn checkout http://pyv8.googlecode.com/svn/trunk/ pyv8
Install PyV8:
aptitude install build-essential libboost-python-dev export V8_HOME=/opt/v8 cd pyv8 python setup.py build sudo python setup.py install
- Install Beautiful Soup 4:
aptitude install python-setuptools easy_install beautifulsoup4
- Install html5lib:
easy_install html5lib
- Install Libemu:
aptitude install autoconf libtool cd /tmp/ git clone git://git.carnivore.it/libemu.git cd libemu autoreconf -v -i ./configure --prefix=/opt/libemu sudo make install
- Install Pylibemu:
cd /opt/ git clone git://github.com/buffer/pylibemu.git cd pylibemu python setup.py build sudo python setup.py install
- Install Pefile:
easy_install pefile
- Install chardet:
easy_install chardet
- Install httplib2:
easy_install httplib2
- Install cssutils:
easy_install cssutils
- Install Zope Interface:
easy_install zope.interface
- Install MongoDB:
aptitude install mongodb
14: Install PyMongo:
easy_install pymongo
15: Execute Thug:
python /opt/thug/src/thug.py -h
to test if it’s working. In case you get the “ImportError: libemu.so.2: cannot open shared object file: No such file or directory” error, follow the solution as written below:
touch /etc/ld.so.conf.d/libemu.conf echo "/opt/libemu/lib/" > /etc/ld.so.conf.d/libemu.conf ldconfig
You are ready! Thug is installed and ready to hunt for client-side attacks!
Posted on:
January 23, 2013