Fork me on GitHub

четвъртък, 27 октомври 2016 г.

Understand IPTables

Setup Cluster

Now is time to understand, for those who want to know :D

MX record

MX Records Overview

An MX (mail exchange) record is an entry in your DNS zone file which specifies a mail server to handle a domain's email. You must configure an MX record to receive email to your domain.

 If you are using Kerio Connect as an internal email system, with no communication outside of your domain, it's not necessary to configure an MX record for your domain. You may configure any domain in Kerio Connect, as it does not perform any DNS validation of its local domain names.  

Setting Up an MX Record

1. To relay email outside of your locally configured domains, ensure that the underlying operating system properly resolves domain names. This means that a valid domain name server must be configured in the TCP/IP settings of the host operating system.
2. Configure the MX record on the authoritative name server for your domain:
In most cases, the authoritative name server is the DNS servers managed by your domain registrar – for example, Godaddy or Network Solutions.
These domain registrars usually provide additional services, including DNS hosting. In this case, you will use a web-based DNS configuration utility to configure your MX record.
Here are some additional resources for configuring an MX record for Godaddy and Network Solutions.

- link
- link

 Since most DNS servers store its information in a cache for a certain period of time, it might take up to 24 hours for the change to get propagated over the internet to DNS servers where the record is stored. Email delivery can be pointed to the secondary email server in the MX record list until the primary server DNS name is changed.  

3. Check if a DNS server applied the MX record changes by using nslookup command-line tool:

 mac-mini: username$ nslookup  
 > server server:  
 > set q=MX  

Checking an MX Record

You can check a DNS MX record using an online test tool (e.g. or by using nslookup command-line tool.
In the following example, three servers can receive emails for the email domain. The lowest number means the highest server preference. In this example the primary MX server (the server with highest preference) is

Additional Resources

. - A mail exchanger record (MX record) is a type of resource record in the Domain Name System that specifies a mail server responsible for accepting email messages on behalf of a recipient's domain, and a preference value used to prioritize mail delivery if multiple mail servers are available. The set of MX records of a domain name specifies how email should be routed with the Simple Mail Transfer Protocol.
. - The following companies have been accredited by ICANN to act as registrars in one or more top level domains.
. - The following companies have been accredited by ICANN to act as registrars in one or more top level domains.


If you have your domain name pointed elsewhere, but you wish to have your mail handled by your web hosting provider (e.g., you can easily achieve this by pointing your domain's MX (Mail eXchange) record to your host.

To point your mail service to us, you should change your MX record of your domain to point to your server's hostname. For example, if your account is hosted on, then you should change your MX record to:

Select the domain name for which you want to alter the MX record from the drop down menu.

Now, the default MX records configuration will be loaded.
Important! The SpamExperts service is available only on our Shared hosting solutions. If you're hosted on our Cloud VPS or Dedicated servers, that option is not available for you by default.

Currently the domain clients benefit from the SpamExperts spam protection solution and the default MX records resolve to the corresponding servers cluster.

If changed, the default configuration can be restored by clicking on the Revert Default button. Clicking on the Set Google MX button automatically configures the required MX records for Google.

Mind that after the MX record is set, you need to wait up to 48 hours for the DNS change to propagate.

понеделник, 24 октомври 2016 г.


O'Reilly - Managing Ip Networks With Cisco Routers


IP Routing

Network Warrior, 2nd Edition

Install and Upgrading MySQL with the MySQL Yum Repository

събота, 22 октомври 2016 г.

Install and Configure OpenLDAP on CentOS / RHEL Linux

LDAP stands for Lightweight Directory Access Protocol.

LDAP is a solution to access centrally stored information over network. This centrally stored information is organized in a directory that follows X.500 standard.

The information is stored and organized in a hierarchical manner and the advantage of this approach is that the information can be grouped into containers and clients can access these containers whenever needed.

The OpenLDAP hierarchy is almost similar to the DNS hierarchy.

The following are the two most commonly used objects in OpenLDAP:

1. cn (common name) – This refers to the leaf entries, which are end objects (for example: users and groups)

2. dc (domain component) – This refers to one of the container entries in the LDAP hierarchy. If in a setup the LDAP hierarchy is mapped to a DNS hierarchy, typically all DNS domains are referred to as DC objects.

For example, if there is user in the hierarchy, the fully distinguished name of this user is referred as cn=sam, dc=thegeekstuff, dc=com. If you noticed in the FDN (fully distinguished name), a comma is used a separator and not a dot, which is common in DNS.

By using the different LDAP entry types, you can setup a hierarchical directory structure. This is the reason why openLDAP is so widely used. You can easily build an openLDAP hierarchy where objects in the other locations are easily referred to without storing them on local servers. This makes OpenLDAP a lightweight directory, especially when compared to other directory servers such as Microsoft’s Active directory.

Now lets see how to setup a single instance of an LDAP server that can be used by multiple clients in your network for authentication.

Install OpenLDAP Packages

On CentOS and RedHat, use yum install as shown below, to install the openldap related packages.

 yum install -y openldap openldap-clients openldap-servers  

You should install the following three packages:

1 openldap-servers – This is the main LDAP server
2 openldap-clients – This contains all required LDAP client utilities
3 openldap – This packages contains the LDAP support libraries

LDAP Config Files

. config.ldif – The LDAP default configuration is stored under a file in /etc/openldap/slapd.d/cn=config.ldif that is created in the LDIF format. This is the LDAP Input Format (LDIF), a specific format that allows you to enter information in to the LDAP directory.

. olcDatabase{2}bdb.ldif – You can also modify the settings like number of connections the server can support, timeouts and other database settings under the file /etc/openldap/slapd.d/cn=config/olcDatabase{2}bdb.ldif. This is the file that also contains the parameters like LDAP root user and the base DN.

Create olcRootDN Account as Admin

It is always recommended to create a dedicated user account first with the full permissions to change information on the LDAP database.

Modify the olcDatabase={2}bdb.ldif file, and change the olcRootDN entry. The following is the default entry.

 # grep olcRootDN /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif  
 olcRootDN: cn=Manager,dc=my-domain,dc=com  

Change the above line to an admin user. In this example, user “ramesh” will be the olcRootDN.

 olcRootDN: cn=ramesh,dc=thegeekstuff,dc=com  

Create olcRootPW Root Password

Now use slappasswd command to create a hash for the root password you want to use. Once the password is generated, open the cn=config.ldif file, include the olcRootPW parameter, and copy the hashed password as shown below.

Execute the following command and specify a password. This will generate the hash for the given password.

 # slappasswd  
 New password: SecretLDAPRootPass2015  
 Re-enter new password: SecretLDAPRootPass2015  

Take the hash output of the above command and add it to the oclRootPW parameter in the config.ldif file as shown below.

 # vim /etc/openldap/slapd.d/cn=config.ldif  
 olcRootPW: {SSHA}1pgok6qWn24lpBkVreTDboTr81rg4QC6  

Create olcSuffix Domain Name

Now setup the olcSuffix and to set the domain that you want. Simply modify the line that starts with olcSuffix in the file olcDatabase={2}bdb.ldif as shown below.

 # vim /etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif  
 olcSuffix: dc=thegeekstuff,dc=com  

Verify The Configuration Files

Use slaptest command to verify the configuration file as shown below. This should display “testing succeeded” message as shown below.

 # slaptest -u  
 config file testing succeeded  

You might get the following messages during the above command, which you can ignore for now.

 54a39508 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif"  
 54a39508 ldif_read_file: checksum error on "/etc/openldap/slapd.d/cn=config/olcDatabase={2}bdb.ldif"  

Start the LDAP Server

Start the ldap server as shown below.

 # service slapd start  
 Checking configuration files for slapd: [WARNING]  
 config file testing succeeded  
 Starting slapd:             [ OK ]  

Verify the LDAP Search

To verify the ldap server is configured successfully, you can use the below command and verify that the domain entry is present.

 # ldapsearch -x -b "dc=thegeekstuff,dc=com"  
 # extended LDIF  
 # LDAPv3  
 # base <dc=thegeekstuff,dc=com> with scope subtree  
 # filter: (objectclass=*)  
 # requesting: ALL  
 # search result  
 search: 2  
 result: 32 No such object  
 # numResponses: 1  

Base LDAP Structure in base.ldif

The use of OU (organizational unit) objects can help you in providing additional structure to the LDAP database. If you are planning on adding in different types of entries, such as users, groups, computers, printers and more to the LDAP directory, it makes it easier to put every entry type into its own container.

To create these OU’s, you can create an initial LDIF file as shown in the below example. In this example, this file allows you to create the base container which is dc=thegeekstuff,dc=com and it creates two organizational units with the names users and groups in that container.

 # cat base.ldif  
 dn: dc=thegeekstuff,dc=com  
 objectClass: dcObject  
 objectClass: organization  
 dc: thegeekstuff  
 dn: ou=users,dc=thegeekstuff,dc=com  
 objectClass: organizationalUnit  
 objectClass: top  
 ou: users  
 dn: ou=groups,dc=thegeekstuff,dc=com  
 objectClass: organizationalUnit  
 objectClass: top  
 ou: groups  

Import Base Structure Using ldapadd

Now we can import the base structure in to the LDAP directory using the ldapadd command as shown below.

 # ldapadd -x -W -D "cn=ramesh,dc=thegeekstuff,dc=com" -f base.ldif  
 Enter LDAP Password:  
 adding new entry "dc=thegeekstuff,dc=com"  
 adding new entry "ou=users,dc=thegeekstuff,dc=com"  
 adding new entry "ou=groups,dc=thegeekstuff,dc=com"  

Verify the Base Structure using ldapsearch

To verify the OUs are successfully created, use the following ldapsearch command.

 # ldapsearch -x -W -D "cn=ramesh,dc=thegeekstuff,dc=com" -b "dc=thegeekstuff,dc=com" "(objectclass=*)"  
 Enter LDAP Password:  

The output of the above command will display all the objects in the LDAP directory structure.

 # extended LDIF  
 # LDAPv3  
 # base <dc=thegeekstuff,dc=com> with scope subtree  
 # filter: (objectclass=*)  
 # requesting: ALL  
 dn: dc=thegeekstuff,dc=com  
 objectClass: dcObject  
 objectClass: organization  
 dc: thegeekstuff  
 # users,  
 dn: ou=users,dc=thegeekstuff,dc=com  
 objectClass: organizationalUnit  
 objectClass: top  
 ou: users  
 # groups,  
 dn: ou=groups,dc=thegeekstuff,dc=com  
 objectClass: organizationalUnit  
 objectClass: top  
 ou: groups  
 # search result  
 search: 2  
 result: 0 Success  
 # numResponses: 4  
 # numEntries: 3  

In the next OpenLDAP article, we’ll explain how to add new users and groups to the LDAP Directory.

Add LDAP Users and Groups in OpenLDAP on Linux

To add something to the LDAP directory, you need to first create a LDIF file.

The ldif file should contain definitions for all attributes that are required for the entries that you want to create.

With this ldif file, you can use ldapadd command to import the entries into the directory as explained in this tutorial.

If you are new to OpenLDAP, you should first install OpenLDAP on your system.

Create a LDIF file for New User

The following is a sample LDIF file that will be used to create a new user.

 # cat adam.ldif  
 dn: uid=adam,ou=users,dc=tgs,dc=com  
 objectClass: top  
 objectClass: account  
 objectClass: posixAccount  
 objectClass: shadowAccount  
 cn: adam  
 uid: adam  
 uidNumber: 16859  
 gidNumber: 100  
 homeDirectory: /home/adam  
 loginShell: /bin/bash  
 gecos: adam  
 userPassword: {crypt}x  
 shadowLastChange: 0  
 shadowMax: 0  
 shadowWarning: 0  

Add a LDAP User using ldapadd

Now, use ldapadd command and the above ldif file to create a new user called adam in our OpenLDAP directory as shown below:

 # ldapadd -x -W -D "cn=ramesh,dc=tgs,dc=com" -f adam.ldif  
 Enter LDAP Password:  
 adding new entry "uid=adam,ou=users,dc=tgs,dc=com"  

Assign Password to LDAP User

To set the password for the LDAP user we just created above, use ldappasswd command as shown in the below example:

 # ldappasswd -s welcome123 -W -D "cn=ramesh,dc=tgs,dc=com" -x "uid=adam,ou=users,dc=tgs,dc=com"  
 Enter LDAP Password:  

In the above command:

. -s specify the password for the username entry
. -x The username entry for which the password is changed
. -D specify your DN here. i.e Distinguished name to authenticate in the server

Create LDIF file for New Group

Similar to adding user, you’ll also need a ldif file to add a group.

To add a new group to the LDAP groups OU, you need to create a LDIF with the group information as shown in the example ldif file below.

 # cat group1.ldif  
 dn: cn=dbagrp,ou=groups,dc=tgs,dc=com  
 objectClass: top  
 objectClass: posixGroup  
 gidNumber: 678  

Add a LDAP Group using ldapadd

Just like adding user, use ldapadd command to add the group from the group1.ldif file that we created above.

 # ldapadd -x -W -D "cn=ramesh,dc=tgs,dc=com" -f group1.ldif  
 Enter LDAP Password:  
 adding new entry "cn=dbagrp,ou=groups,dc=tgs,dc=com"  

Create LDIF file for an existing Group

To add an existing user to a group, we should still create an ldif file.

First, create an ldif file. In this example, I am adding the user adam to the dbagrp (group id: 678)

 # cat file1.ldif  
 dn: cn=dbagrp,ou=groups,dc=tgs,dc=com  
 changetype: modify  
 add: memberuid  
 memberuid: adam  

Add an User to an existing Group using ldapmodify

To add an user to an existing group, we’ll be using ldapmodify. This example will use the above LDIF file to add user adam to dbagrp.

 # ldapmodify -x -W -D "cn=ramesh,dc=tgs,dc=com" -f file1.ldif  
 Enter LDAP Password:  
 modifying entry "cn=dbagrp,ou=groups,dc=tgs,dc=com"  

Verify LDAP Entries

Once you’ve added an user or group, you can use ldapsearch to verify it.

Here is a simple example to verify if the users exists in the LDAP database:

 # ldapsearch -x -W -D "cn=ramesh,dc=tgs,dc=com" -b "uid=adam,ou=users,dc=tgs,dc=com" "(objectclass=*)"  
 Enter LDAP Password:  
 # extended LDIF  
 # LDAPv3  
 # base <uid=adam,ou=users,dc=tgs,dc=com> with scope subtree  
 # filter: (objectclass=*)  
 # requesting: ALL  
 # adam, users,  
 dn: uid=adam,ou=users,dc=tgs,dc=com  
 objectClass: top  
 objectClass: account  
 objectClass: posixAccount  
 objectClass: shadowAccount  
 cn: adam  
 uid: adam  
 uidNumber: 16859  
 gidNumber: 100  
 homeDirectory: /home/adam  
 loginShell: /bin/bash  
 gecos: adam  
 shadowLastChange: 0  
 shadowMax: 0  
 shadowWarning: 0  
 userPassword:: e1NTSEF9b0lPd3AzYTBmT2xQcHBPNDcrK0VHRndEUjdMV2hSZ2U=  
 # search result  
 search: 2  
 result: 0 Success  
 # numResponses: 2  
 # numEntries: 1  

Delete an Entry from LDAP using ldapdelete

If you’ve made a mistake while adding an user or group, you can remove the entry using ldapdelete.

To delete an entry, you don’t need to create an ldif file. The following will delete user “adam” that we created earlier.

 # ldapdelete -W -D "cn=ramesh,dc=tgs,dc=com" "uid=adam,ou=users,dc=tgs,dc=com"  
 Enter LDAP Password:  

петък, 21 октомври 2016 г.



Java Swing

Install and Configure DNS Server in Linux

Domain Name Service (DNS) is an internet service that maps IP addresses to fully qualified domain names (FQDN) and vice versa. BIND stands for Berkley Internet Naming Daemon. BIND is the most common program used for maintaining a name server on Linux. In this tutorial, we will explain how to install and configure a DNS server. If you are new to DNS, you should first understand the fundamentals of DNS and how it works.

1. Network Information

In this tutorial, we are going to setup a local DNS server for the network shown in the below diagram. We’ll use “” domain as an example for this DNS installation. “mail”, “web”, “ns” are the hosts that resides within this domain. It is possible to configure a single system to act as a caching name server, primary/master and secondary/slave. We will configure this DNS as a Primay/Master as well as Caching DNS server.

We’ll be installing DNS server on “”.

2. Install Bind

Install the bind9 package using the appropriate package management utilities for your Linux distributions. On Debian/Ubuntu flavors, do the following:

 $ sudo apt-get install bind9  

On Redhat/CentOS/Fedora flavors, do the following:

 # yum install bind9  

All the DNS configurations are stored under /etc/bind directory. The primary configuration is /etc/bind/named.conf which will include other needed files. The file named /etc/bind/db.root describes the root nameservers in the world.

3. Configure Cache NameServer

The job of a DNS caching server is to query other DNS servers and cache the response. Next time when the same query is given, it will provide the response from the cache. The cache will be updated periodically. Please note that even though you can configure bind to work as a Primary and as a Caching server, it is not advised to do so for security reasons. Having a separate caching server is advisable. All we have to do to configure a Cache NameServer is to add your ISP (Internet Service Provider)’s DNS server or any OpenDNS server to the file /etc/bind/named.conf.options. For Example, we will use google’s public DNS servers, and Uncomment and edit the following line as shown below in /etc/bind/named.conf.options file.

 forwarders {;;  

After the above change, restart the DNS server.

 $ sudo service bind9 restart  

4. Test the Cache NameServer

You can use the dig command to test DNS services. DIG command examples explains more about how to perform DNS lookups.

 $ dig  
 ;; Query time: 1323 msec  

DIG Command Examples for DNS Lookup

 $ dig  
 ; <<>> DiG 9.7.3-RedHat-9.7.3-2.el6 <<>>  
 ;; global options: +cmd  
 ;; Got answer:  
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62863  
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3  
 ;          IN   A  
 ;; ANSWER SECTION:       37   IN   A  
 ;; AUTHORITY SECTION:       73   IN   NS       73   IN   NS       73   IN   NS       73   IN   NS  
 ;; ADDITIONAL SECTION:     73   IN   A     73   IN   A     73   IN   A  
 ;; Query time: 13 msec  
 ;; SERVER:  
 ;; WHEN: Thu Jan 12 10:09:49 2012  
 ;; MSG SIZE rcvd: 164  

Now when the second time you execute the dig, there should be an improvement in the Query time. As you see below, it took only 3 msec the second time, as it is getting the info from our caching DNS server.

 $ dig  
 ;; Query time: 3 msec  

5. Configure Primary/Master Nameserver

Next, we will configure bind9 to be the Primary/Master for the domain/zone “”. As a first step in configuring our Primary/Master Nameserver, we should add Forward and Reverse resolution to bind9. To add a DNS Forward and Reverse resolution to bind9, edit /etc/bind9/named.conf.local.

 zone "" {  
   type master;  
   file "/etc/bind/";  
 zone "" {  
     type master;  
     notify no;  
     file "/etc/bind/db.10";  

Now the file /etc/bind/ will have the details for resolving hostname to IP address for this domain/zone, and the file /etc/bind/db.10 will have the details for resolving IP address to hostname.

6. Build the Forward Resolution for Primary/Master NameServer

Now we will add the details which is necessary for forward resolution into /etc/bind/ First, copy /etc/bind/db.local to /etc/bind/

 $ sudo cp /etc/bind/db.local /etc/bind/  

Next, edit the /etc/bind/ and replace the following.

1. In the line which has SOA: localhost. – This is the FQDN of the server in charge for this domain. I’ve installed bind9 in, whose hostname is “ns”. So replace the “localhost.” with “”. Make sure it end’s with a dot(.).

2. In the line which has SOA: root.localhost. – This is the E-Mail address of the person who is responsible for this server. Use dot(.) instead of @. I’ve replaced with lak.localhost.

3. In the line which has NS: localhost. – This is defining the Name server for the domain (NS). We have to change this to the fully qualified domain name of the name server. Change it to “”. Make sure you have a “.” at the end.

Next, define the A record and MX record for the domain. A record is the one which maps hostname to IP address, and MX record will tell the mailserver to use for this domain. Once the changes are done, the /etc/bind/ file will look like the following:

 $TTL  604800  
 @  IN SOA lak.localhost. (  
        1024    ; Serial  
        604800   ; Refresh  
        86400   ; Retry  
       2419200   ; Expire  
        604800 )  ; Negative Cache TTL  
 @  IN NS  IN   MX   10  
 ns IN A  
 web IN A  
 mail IN A  

6. a) Build the Reverse Resolution for Primary/Master NameServer

We will add the details which are necessary for reverse resolution to the file /etc/bind/db.10. Copy the file /etc/bind/db.127 to /etc/bind/db.10

 $ sudo cp /etc/bind/db.127 /etc/bind/db.10  

Next, edit the /etc/bind/db.10 file, and basically changing the same options as /etc/bind/

 $TTL  604800  
 @  IN SOA root.localhost. (  
        20     ; Serial  
        604800   ; Refresh  
        86400   ; Retry  
       2419200   ; Expire  
        604800 )  ; Negative Cache TTL  
 @  IN NS ns.  

Next, for each A record in /etc/bind/, add a PTR record.

 $TTL  604800  
 @  IN SOA (  
        20   ; Serial  
        604800   ; Refresh  
        86400   ; Retry  
       2419200   ; Expire  
        604800 )  ; Negative Cache TTL  
 @  IN NS ns.  
 83  IN PTR  
 70  IN PTR  
 80  IN PTR  

Whenever you are modifying the file and db.10, you need to increment the “Serial” number as well. Typically admin uses DDMMYYSS for serial numbers and when they modify, the change the serial number appropriately. Finally, restart the bind9 service:

 $ sudo service bind9 restart  

7. Test the DNS server

Now we have configured the DNS server for our domain. We will test our DNS server by pinging from If the ping is success, then we have configured the DNS successfully. You can also use nslookup and dig to test DNS servers. On server, add the following to /etc/resolv.conf


Now ping,, which should resolve the address appropriately from the DNS server that we just configured.

 $ ping  
 PING ( 56(84) bytes of data.  
 64 bytes from ( icmp_req=1 ttl=64 time=0.482 ms  
 64 bytes from ( icmp_req=2 ttl=64 time=0.532 ms  

четвъртък, 20 октомври 2016 г.

Източват парите ви, докато се движите.

Източват парите ви, докато пътувате с метрото from nu11secur1ty on Vimeo.

И други методи!

Копират данните ви от банкоматът from nu11secur1ty on Vimeo.


card from nu11secur1ty on Vimeo.


За повече информация, за това как да се защитите, и какво трябва да предприемете като мерки, пишете в формата за контакти посочена в десният ъгъл под архивът на страницата! Относно договори за консултации, и защита на фирмени данни - лични, софтуерни и архитектурни решения, моля пишете в посочената форма за контакти! Благодаря и поздрави.

сряда, 19 октомври 2016 г.

Media - USB/CD/DVD drop attack

Dropping a malicious USB key in parking is an effective attack vector, as demonstrated by my recent large-scale.

After researching and discussing with colleagues the pros and cons of the three types of malicious USB keys, this post will walk you through how to create exploit Powershell and take a full access to the victim computer, like this one who I show you "USB drop attack".

You must be in the IP range of the victim, to accomplish this attack!
Or you have to use your real IP address for a report from the victim when "he" or "she" are connected to their own computer. But this is dangerous and trackable if you use integrated network device!

The goal of the payload is to create a reverse TCP shell that connects back to a server chosen by the attacker.

For 100% successful attack you have to use a CD or DVD for this, because the antivirus of the victim can delete your payload from your USB stick in the background process! Your lure must be a very seductive, this is very nasty trick! :)

NOTE: On some systems, "Autoplay" for media - CD/DVD or USB options , are not enabled!!! For that reason you need to lure the victim to click on your exploit program!

Media - USB/CD/DVD drop attack by nu11secur1ty

IMPORTANT: Never use USB, CD OR DVD which you found on the street, parking, or front of your door. If this is happened immediately connect with computer specialist or your System Administrator before you decide to use this media, or contact me! ;)

About the Metasploit Meterpreter
Meterpreter is an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime. It communicates over the stager socket and provides a comprehensive client-side Ruby API. It features command history, tab completion, channels, and more. Metepreter was originally written by skape for Metasploit 2.x, common extensions were merged for 3.x and is currently undergoing an overhaul for Metasploit 3.3. The server portion is implemented in plain C and is now compiled with MSVC, making it somewhat portable. The client can be written in any language but Metasploit has a full-featured Ruby client API.
- How Meterpreter Works
The target executes the initial stager. This is usually one of bind, reverse, findtag, passivex, etc. The stager loads the DLL prefixed with Reflective. The Reflective stub handles the loading/injection of the DLL. The Metepreter core initializes, establishes a TLS/1.0 link over the socket and sends a GET. Metasploit receives this GET and configures the client. Lastly, Meterpreter loads extensions. It will always load stdapi and will load priv if the module gives administrative rights. All of these extensions are loaded over TLS/1.0 using a TLV protocol.
- Meterpreter Design Goals

Meterpreter resides entirely in memory and writes nothing to disk. No new processes are created as Meterpreter injects itself into the compromised process and can migrate to other running processes easily. By default, Meterpreter uses encrypted communications. All of these provide limited forensic evidence and impact on the victim machine.
- Powerful
Meterpreter utilizes a channelized communication system. The TLV protocol has few limitations.
- Extensible
Features can be augmented at runtime and are loaded over the network. New features can be added to Meterpreter without having to rebuild it.
- Adding Runtime Features
New features are added to Meterpreter by loading extensions.
The client uploads the DLL over the socket. The server running on the victim loads the DLL in-memory and initializes it. The new extension registers itself with the server. The client on the attackers machine loads the local extension API and can now call the extensions functions. This entire process is seamless and takes approximately 1 second to complete.
building a your own CODE

понеделник, 17 октомври 2016 г.

How to Setup Linux VPN Server and Client using OpenVPN for "RHEL" & "Debian"

VPN stands for Virtual Private Network.
A Virtual Private Network enables a computer to send and receive data from one private network to another private network which are connected via public network (Internet).
This is helpful for those who are outside the company’s intranet, and like to connect to office network securely to access the internal servers. VPN is also helpful when you are connecting multiple branch offices together.
Even when you are not connecting multiple branch offices together, you can still use VPN setup to allow your employees to connect remotely from their laptop to the datacenter and access the systems.

Sometimes company will buy leased lines to form WAN ( Wide Area Network ), and communicates with its branches. Though Leased line is secure and reliable, it is expensive.
VPN fills the gap by providing a point-to-point virtual connection via public network. A VPN can grow to accommodate more users across different geographical locations easily.

Types of VPN
On a high-level, the following are two types of VPN:

Remote Access

Remote Access is connecting a individual computer to a network via VPN. “Site to Site” is connecting two networks together via VPN.

What is OpenVPN
From OpenVPN man:
 OpenVPN is an open source VPN daemon by James Yonan. OpenVPN is a robust and highly  
 flexible VPN daemon. OpenVPN supports SSL/TLS security, ethernet bridging, TCP or UDP   
 tunnel transport through proxies or NAT, support for dynamic IP addresses and DHCP,   
 scalability to hundreds or thousands of users, and portability to most major OS platforms.  

This tutorial explains process to setup and configure OpenVPN server and client for Remote Access.
I. Configuring OpenVPN – Server Side

1. Install OpenVPN
Install the openvpn package on both the server and the client machine.
 $ sudo apt-get install openvpn  

Use the respective package manager of the distribution that you are working.
If you are using yum, do the following
 $ yum install openvpn  

2. Create Directories and set Env Variables

Create a directory inside /etc/openvpn and copy the easy-rsa contents to it. This is done to make sure that changes done to the scripts will not be lost when the package is upgraded. Change the owner as current user so that current user has permission to create files.
 $ sudo mkdir /etc/openvpn/easy-rsa  
 $ sudo cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa  
 $ sudo chown -R $USER /etc/openvpn/easy-rsa/  

Next, Edit the /etc/openvpn/easy-rsa/vars to adjust to your environment.
 export KEY_COUNTRY="IN"  
 export KEY_PROVINCE="TN"  
 export KEY_CITY="CHN"  
 export KEY_ORG="tgs"  
 export KEY_EMAIL=""  

3. Creating the CA – Certificate Authority (Root Certificate)
The next step in building openvpn server is to establish a Public Key Infrastructure so that the server and clients can authenticate one another.

 $ cd /etc/openvpn/easy-rsa/  
 $ source vars  
 $ ./clean-all  
 $ ln -s openssl-1.0.0.cnf openssl.cnf  
 $ ./build-ca  
 Generating a 1024 bit RSA private key  
 unable to write 'random state'  
 writing new private key to 'ca.key'  
 You are about to be asked to enter information that will be incorporated  
 into your certificate request.  
 What you are about to enter is what is called a Distinguished Name or a DN.  
 There are quite a few fields but you can leave some blank  
 For some fields there will be a default value,  
 If you enter '.', the field will be left blank.  
 Country Name (2 letter code) [IN]:  
 State or Province Name (full name) [TN]:  
 Locality Name (eg, city) [CHN]:  
 Organization Name (eg, company) [tgs]:  
 Organizational Unit Name (eg, section) [changeme]:  
 Common Name (eg, your name or your server's hostname) [changeme]:  
 Name [changeme]:lakshmanan  
 Email Address [mail@host.domain]  

Once ./build-ca is completed, you will see a file named “ca.key” and “ca.crt” inside /etc/openvpn/easy-rsa/keys/
Remember that the “.key” files has to be kept confidential.

4. Creating certificate for Server

The next step is to create a certificate for our Openvpn server.

 $ /etc/openvpn/easy-rsa/build-key-server vpnserver  
 Sign the certificate? [y/n]:y  
 1 out of 1 certificate requests certified, commit? [y/n]y  

Note that vpnserver is the HOSTNAME of the server. This command will take input from the user similar to the previous one.
This command will create the certificate and key files for the server.

5. Creating certificate for client

The VPN client will also need certificate to authenticate with server. If you want to configure multiple clients, you need to create certificate for each client separately.

 $ ./build-key vpnclient1  
 Sign the certificate? [y/n]:y  
 1 out of 1 certificate requests certified, commit? [y/n]y  

vpnclient1 is the hostname of the client. This command will create the certificate and key files for the client.

6. Create Diffie Hellman parameters

 $ ./build-dh  

Once all the above steps are successfully completed, you will have many key and certificate files inside

7. Copy the certificates to respective locations

We have created Root Certificate, Server Certificate and Client Certificate. We need to copy those to appropriate locations.
 $ cd /etc/openvpn/easy-rsa/keys/  
 $ sudo cp ca.crt vpnserver.crt vpnserver.key dh1024.pem /etc/openvpn/  
 $ scp ca.crt vpnclient1.key vpnclient1.crt root@vpnclient1:/etc/openvpn  

Now we have copied the client certificate and key to the client machine. Remember to use a secure medium like scp,
while copying the key files.

8. Configuring the Server

OpenVPN provide a default server.conf. You can modify it to suit the needs.
 $ sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/  
 $ sudo gzip -d /etc/openvpn/server.conf.gz  

Edit the “/etc/openvpn/server.conf“.

 ca ca.crt  
 cert vpnserver.crt  
 key vpnserver.key  
 dh dh1024.pem  

Now start the OpenVPN server:

 $ sudo /etc/init.d/openvpn start  
  * Starting virtual private network daemon(s)...   
  * Autostarting VPN 'server'  
 $ ifconfig tun0  
 tun0   Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00   
      inet addr: P-t-P: Mask:  

By default openVPN will log errors in syslog file.
II. Configuring OpenVPN – Client Side

9. Setup Client Config Files

Now we will configure the openVPN to work as client. Remember that we have already installed the openvpn package in
client, and we have “ca.crt”, “vpnclient1.key”, vpnclient1.crt” in /etc/openvpn/

Copy the sample client.conf to /etc/openvpn.
 $ sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/  

Edit the /etc/openvpn/client.conf.

 # Specify that this is openvpn client  
 remote vpnserver 1194  
 ca ca.crt  
 cert vpnclient1.crt  
 key vpnclient1.key  

Now start the OpenVPN in client

 $ /etc/init.d/openvpn start  
  * Starting virtual private network daemon(s)...   
  * Autostarting VPN 'client'  
 $ ifconfig tun0  
 tun0   Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00   
      inet addr: P-t-P: Mask:  

10. Test the VPN Setup
Ping the vpnserver from the client machine to see whether VPN is working or not.
 $ ping  
 PING ( 56(84) bytes of data.  
 64 bytes from icmp_req=1 ttl=64 time=2.14 ms  

If you are able to ping, then you have made the right setup.
Please keep the following in mind:

1. Make sure that the client and server use same protocol and port number.
2. Client and server must use same config regarding some parameters like keysize, compression etc…
3. In case of any problem, increase the log verbosity in the configuration and check the syslog file for troubleshooting.