Twitter
Home Blog Page 272

BackBox Linux for Penetration Testing

By
Linux.com Editorial Staff
-

Any given task can succeed or fail depending upon the tools at hand. For security engineers in particular, building just the right toolkit can make life exponentially easier. Luckily, with open source, you have a wide range of applications and environments at your disposal, ranging from simple commands to complicated and integrated tools.

The problem with the piecemeal approach, however, is that you might wind up missing out on something that can make or break a job… or you waste a lot of time hunting down the right tools for the job. To that end, it’s always good to consider an operating system geared specifically for penetration testing (aka pentesting).

Within the world of open source, the most popular pentesting distribution is Kali Linux. It is, however, not the only tool in the shop. In fact, there’s another flavor of Linux, aimed specifically at pentesting, called BackBox. BackBox is based on Ubuntu Linux, which also means you have easy access to a host of other outstanding applications besides those that are included, out of the box.

What Makes BackBox Special?

BackBox includes a suite of ethical hacking tools, geared specifically toward pentesting. These testing tools include the likes of:

  • Web application analysis

  • Exploitation testing

  • Network analysis

  • Stress testing

  • Privilege escalation

  • Vulnerability assessment

  • Computer forensic analysis and exploitation

  • And much more

Out of the box, one of the most significant differences between Kali Linux and BackBox is the number of installed tools. Whereas Kali Linux ships with hundreds of tools pre-installed, BackBox significantly limits that number to around 70.  Nonetheless, BackBox includes many of the tools necessary to get the job done, such as:

  • Ettercap

  • Msfconsole

  • Wireshark

  • ZAP

  • Zenmap

  • BeEF Browser Exploitation

  • Sqlmap

  • Driftnet

  • Tcpdump

  • Cryptcat

  • Weevely

  • Siege

  • Autopsy

BackBox is in active development, the latest version (5.3) was released February 18, 2019. But how is BackBox as a usable tool? Let’s install and find out.

Installation

If you’ve installed one Linux distribution, you’ve installed them all … with only slight variation. BackBox is pretty much the same as any other installation. Download the ISO, burn the ISO onto a USB drive, boot from the USB drive, and click the Install icon.

The installer (Figure 1) will be instantly familiar to anyone who has installed a Ubuntu or Debian derivative. Just because BackBox is a distribution geared specifically toward security administrators, doesn’t mean the operating system is a challenge to get up and running. In fact, BackBox is a point-and-click affair that anyone, regardless of skills, can install.

Figure 1: The installation of BackBox will be immediately familiar to anyone.

The trickiest section of the installation is the Installation Type. As you can see (Figure 2), even this step is quite simple.

Figure 2: Selecting the type of installation for BackBox.

Once you’ve installed BackBox, reboot the system, remove the USB drive, and wait for it to land on the login screen. Log into the desktop and you’re ready to go (Figure 3).

Figure 3: The BackBox Linux desktop, running as a VirtualBox virtual machine.

Using BackBox

Thanks to the Xfce desktop environment, BackBox is easy enough for a Linux newbie to navigate. Click on the menu button in the top left corner to reveal the menu (Figure 4).

Figure 4: The BackBox desktop menu in action.

From the desktop menu, click on any one of the favorites (in the left pane) or click on a category to reveal the related tools (Figure 5).

Figure 5: The Auditing category in the BackBox menu.

The menu entries you’ll most likely be interested in are:

  • Anonymous – allows you to start an anonymous networking session.

  • Auditing – the majority of the pentesting tools are found in here.

  • Services – allows you to start/stop services such as Apache, Bluetooth, Logkeys, Networking, Polipo, SSH, and Tor.

Before you run any of the testing tools, I would recommend you first making sure to update and upgrade BackBox. This can be done via a GUI or the command line. If you opt to go the GUI route, click on the desktop menu, click System, and click Software Updater. When the updater completes its check for updates, it will prompt you if any are available, or if (after an upgrade) a reboot is necessary (Figure 6).

Figure 6: Time to reboot after an upgrade.

Should you opt to go the manual route, open a terminal window and issue the following two commands:

sudo apt-get update

sudo apt-get upgrade -y

 

Many of the BackBox pentesting tools do require a solid understanding of how each tool works, so before you attempt to use any given tool, make sure you know how to use said tool. Some tools (such as Metasploit) are made a bit easier to work with, thanks to BackBox. To run Metasploit, click on the desktop menu button and click msfconsole from the favorites (left pane). When the tool opens for the first time, you’ll be asked to configure a few options. Simply select each default given by clicking your keyboard Enter key when prompted. Once you see the Metasploit prompt, you can run commands like:

db_nmap 192.168.0/24

The above command will list out all discovered ports on a 192.168.1.x network scheme (Figure 7).

Figure 7: Open port discovery made simple with Metasploit on BackBox.

Even often-challenging tools like Metasploit are made far easier than they are with other distributions (partially because you don’t have to bother with installing the tools). That alone is worth the price of entry for BackBox (which is, of course, free).

The Conclusion

Although BackBox usage may not be as widespread as Kali Linux, it still deserves your attention. For anyone looking to do pentesting on their various environments, BackBox makes the task far easier than so many other operating systems. Give this Linux distribution a go and see if it doesn’t aid you in your journey to security nirvana.

A Brief History of Wi-Fi Security Protocols from “Oh My, That’s Bad” to WPA3

By
ArsTechnica
-

Thanks to upcoming developments in Wi-Fi, all of us connectivity-heads out there can look forward to getting familiar with new 802.11 protocols in the near future. Ars took a deep look at what’s on the horizon last fall, but readers seemed to have a clear request in response—the time had come to specifically discuss the new Wi-Fi security protocol, WPA3.

Before anyone can understand WPA3, it’s helpful to take a look at what came before it during The Dark Ages (of Internet)—a time with no Wi-Fi and unswitched networks. Swaths of the Internet today may be built upon “back in my day” ranting, but those of you in your 20s or early 30s may genuinely not remember or realize how bad things used to be. In the mid-to-late 1990s, any given machine could “sniff” (read “traffic not destined for it”) any other given machine’s traffic at will even on wired networks. Ethernet back then was largely connected with a hub rather than a switch, and anybody with a technical bent could (and frequently did) watch everything from passwords to Web traffic to emails wing across the network without a care.

Closer to the turn of the century, wired Ethernet had largely moved on from hubs (and worse, the old coax thinnet) to switches. A network hub forwards every packet it receives to every machine connected to it, which is what made widespread sniffing so easy and dangerous. A switch, by contrast, only forwards packets to the MAC address for which they’re destined—so when computer B wants to send a packet to router A, the switch doesn’t give a copy to that sketchy user at computer C. This subtle change made wired networks far more trustworthy than they had been before. And when the original 802.11 Wi-Fi standard released in 1997, it included WEP—Wired Equivalent Privacy—which supposedly offered the same expectations of confidentiality that users today now expect from wired networks.

In retrospect, WPA3’s early predecessor missed the mark. Badly.

Read more at Ars Technica

Considering Fresh C Extensions

By
Linux Journal
-

Matthew Wilcox recently realized there might be a value in depending on C extensions provided by the Plan 9 variant of the C programming language. All it would require is using the -fplan9-extensionscommand-line argument when compiling the kernel. As Matthew pointed out, Plan 9 extensions have been supported in GCC as of version 4.6, which is the minimum version supported by the kernel. So theoretically, there would be no conflict.

Nick Desaulniers felt that any addition of -f compiler flags to any project always would need careful consideration. Depending on what the extensions are needed for, they could be either helpful or downright dangerous.

Read more at Linux Journal

Best Linux Gaming Distros That Might Be Helpful

By
It's Ubuntu
-

There are plenty of Linux operating systems available for the various purposes. Some of them are also available for the gaming purposes. There are plenty of beautiful Linux operating systems available for the gaming purpose.

1. SteamOS

Let’s start with SteamOS for your gaming desire. It is specially designed for the gaming purpose. It has steam per-installed and is based on Debian. SteamOS is maintained and developed by Valve.

This is the most recommended Gaming operating system among Linux users. Some of the requirements for the SteamOS are:

  • Intel or AMD 64-bit capable processor
  • 4GB or more RAM
  • 200GB + HDD
  • NVIDIA graphics card / AMD graphics card

Download SteamOS

2. Linux Console

Linux Console is another Linux operating system which can be used for the gaming purpose too. There are around 15+ games which you can play live on this Linux operating system.

Read more at It’s Ubuntu

New Linux Kernel: The Big 5.0

By
Paul Brown
-

Linus Torvalds at last made the jump with the recent release of kernel 5.0. Although Linus likes to say that his only reason to move on to the next integer is when he runs out of fingers and toes with which to count the fractional part of the version number, the truth is this kernel is pretty loaded with new features.

On the network front, apart from improvements to drivers like that of the Realtek R8169, 5.0 will come with better network performance. Network performance has been down for the last year or so because of Spectre V2. The bug forced kernel developers to introduce something called a Retpoline (short for “RETurn tramPOLINE“) to mitigate its effect. The changes introduced in kernel 5.0 “[…] Overall [give a greater than] 10% performance improvement for UDP GRO benchmark and smaller but measurable [improvements] for TCP syn flood” according to developer Paolo Abeni.

What hasn’t made the cut yet is the much anticipated integration of WireGuard. Wireguard is a VPN protocol that is allegedly faster, more versatile and safer than the ones currently supported by the kernel. Wireguard is easy to implement, uses state of the art encryption, and is capable of maintaining the network link to the VPN up even if the user switches to a different WiFi network or changes from WiFi to a wired connection.

An ongoing task is the work going into preparing for the Y2038 problem. In case you have never heard of this, UNIX and UNIX-like systems (including Linux) have clocks that count from January the 1st, 1970. The amount of seconds from that date onwards is stored in a signed 32-bit variable called time_t. The variable is signed because, you know, there are some programs that need to show dates before the 70s.

At the moment of writing we are already somewhere in the 01011100 01110010 10010000 10111010 region and the clock is literally ticking. On January 19th 2038, at 3:14:07 in the morning, the clock will reach 01111111 11111111 11111111 11111111. One second later, time_t will overflow, changing the sign of your clock and making your system believe, along with millions of devices and servers worldwide, that we are back in 1901.

Then… well, the usual: planes will fall from the sky, nuclear power stations will melt down, and toasters will explode, rendering the world breakfastless. That is, of course, unless the brave kernel developers don’t come up with a solution in the meantime. Then again, they made the Wii controller work in Linux, what could they not achieve?

More stuff to look forward to in Linux kernel 5.0

  • Native support for FreeSync/VRR of AMD GPUs means that now your smart monitor and your video card can sync up their frame rates and you won’t see any more tearing artifacts when playing a busy game or watching an action movie.
  • Linux now has native support for and boosted the performance of the Adiantum filesystem encryption. This encryption system is used in low-powered devices built around ARM Cortex-A7 or lower — think mid- to low-end phones and many SBCs.
  • Talking of SBCs, the touch screen for the Raspberry Pi has at last been mainlined, and Btrfs now supports swap files.

As always, you can find more information about Linux 5.0 by reading Linus’s announcement on the Linux Kernel mailing list, checking out the in-depth articles at Phoronix and by reading the Kernel Newbies report.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Source{d} Can Help Solve Your Own Tabs-Versus-Spaces Debate

By
The New Stack
-

The debate over tabs versus spaces has been going on for decades and, despite all attempts to end it, it is ongoing. StackOverflow co-founder Jeff Atwood once wrote of the debate, “It doesn’t actually matter which coding styles you pick. What does matter is that you, and everyone else on your team, sticks with those conventions and uses them consistently.”

And to that end, among others, source{d} offers machine learning and analysis to ensure a consistent coding style adapting to various codebases. In other words, source{d} can solve this debate for you, not by asking those in charge and enforcing the style from the top down, but rather by analyzing your existing code base, extrapolating in-practice norms, and enforcing them across your entire code base. If you’ve ever attempted to enforce a uniform style using a style guide, you may be familiar with the feeling of futility that comes along with it, but it’s easier, says source{d} Vice President of Product Francesc Campoy, when a machine can do it for you.

Read more at The New Stack

The Lost Worlds of Telnet

By
Linux.com Editorial Staff
-

Most people think of Telnet as “that thing I used to use to remotely access servers.” But a few hearty souls are still keeping their Telnet services online — and it’s a great way to experience some good old-fashioned time-wasting fun!

Although, as a work tool, Telnet has long been deprecated in favor of the Secure Shell (SSH), a few minutes of exploration quickly reveals that there’s still a whole forgotten subculture around the places Telnet can take you to. “Connect to other servers through Telnet to view their animated ASCII art, games, etc,” explained a directory at Mewbies, a site offering tutorials on “the installation and usage of (mainly unconventional) softwares.” Last updated in 2014, the web site includes a list titled “FUN ON THE TERMINAL” — along with some simple instructions. If you’re not already accessing Telnet from the command line of your shell account, just paste the site’s Telnet address into any terminal client.

The Origins of Telnet

At IETF.org, you can still find the original 1972 “request for comments” about the Telnet protocol. It was written by Jon Postel, an important figure in the early days of internet standard development, who was involved in the ARPANET project while still working on his Ph.D.

Read more at The New Stack

PureOS: One Linux for both PCs and Smartphones

By
ZDNet
-

There are quite a few people out there who want the same Linux on both their smartphone and their PC. Perhaps the best known of them is Canonical‘s Mark Shuttleworth. He tried for years to ignite a market for Ubuntu Linux running on tablets, smartphones, and PCs. It didn’t work. After years of effort, Canonical gave up on its one operating system for all platforms plans. Dreams don’t die. Now, Purism, the open-source laptop and smartphone vendor, is bringing the idea back to life with future releases of its PureOS Linux distribution.

Jeremiah Foster, the PureOS director, announced: “Purism’s PureOS is convergent, and has laid the foundation for all future applications to run on both the Librem 5 phone and Librem laptops, from the same PureOS release.”

Read more at ZDNet

MiyoLinux: A Lightweight Distro with an Old-School Approach

By
Linux.com Editorial Staff
-

I must confess, although I often wax poetic about the old ways of the Linux desktop, I much prefer my distributions to help make my daily workflow as efficient as possible. Because of that, my taste in Linux desktop distributions veers very far toward the modern side of things. I want a distribution that integrates apps seamlessly, gives me notifications, looks great, and makes it easy to work with certain services that I use.

However, every so often it’s nice to dip my toes back into those old-school waters and remind myself why I fell in love with Linux in the first place. That’s precisely what MiyoLinux did for me recently. This lightweight distribution is based on Devuan and makes use of the i3 Tiling Window Manager.

Why is it important that MiyoLinux is based on Devuan? Because that means it doesn’t use systemd. There are many within the Linux community who’d be happy to make the switch to an old-school Linux distribution that opts out of systemd. If that’s you, MiyoLinux might just charm you into submission.

But don’t think MiyoLinux is going to be as easy to get up and running as, say, Ubuntu Linux, Elementary OS, or Linux Mint. Although it’s not nearly as challenging as Arch or Gentoo, MiyoLinux does approach installation and basic usage a bit differently. Let’s take a look at how this particular distro handles things.

Installation

The installation GUI of MiyoLinux is pretty basic. The first thing you’ll notice is that you are presented with a good amount of notes, regarding the usage of the MiyoLinux desktop. If you happen to be testing MiyoLinux via VirtualBox, you’ll wind up having to deal with the frustration of not being able to resize the window (Figure 1), as the Guest Additions cannot be installed. This also means mouse integration cannot be enabled during the installation, so you’ll have to tab through the windows and use your keyboard cursor keys and Enter key to make selections.

Figure 1: The first step in the MiyoLinux installation.

Once you click the Install MiyoLinux button, you’ll be prompted to continue using either ‘su” or sudo. Click the use sudo button to continue with the installation.

The next screen of importance is the Installation Options window (Figure 2), where you can select various options for MiyoLinux (such as encryption, file system labels, disable automatic login, etc.).

Figure 2: Configuration Installation options for MiyoLinux.

The MiyoLinux installation does not include an automatic partition tool. Instead, you’ll be prompted to run either cfdisk or GParted (Figure 3). If you don’t know your way around cfdisk, select GParted and make use of the GUI tool.

Figure 3: Select your partitioning tool for MiyoLinux.

Figure 4: Partitioning in progress.

With your disk partitioned (Figure 4), you’ll be required to take care of the following steps:

  • Configure the GRUB bootloader.

  • Select the filesystem for the bootloader.

  • Configure time zone and locales.

  • Configure keyboard, keyboard language, and keyboard layout.

  • Okay the installation.

Once, you’ve okay’d the installation, all packages will be installed and you will then be prompted to install the bootloader. Following that, you’ll be prompted to configure the following:

  • Hostname.

  • User (Figure 5).

  • Root password.

With the above completed, reboot and log into your new MiyoLinux installation.

Figure 5: Configuring hostname and username.

Usage

Once you’ve logged into the MiyoLinux desktop, you’ll find things get a bit less-than-user-friendly. This is by design. You won’t find any sort of mouse menu available anywhere on the desktop. Instead you use keyboard shortcuts to open the different types of menus. The Alt+m key combination will open the PMenu, which is what one would consider a fairly standard desktop mouse menu (Figure 6).

Figure 6: The i3 PMenu.

The Alt+d key combination will open the dmenu, a search tool at the top of the desktop, where you can scroll through (using the cursor keys) or search for an app you want to launch (Figure 7).

Figure 7: The dmenu in action.

Installing Apps

If you open the PMenu, click System > Synaptic Package Manager. From within that tool you can search for any app you want to install. However, if you find Synaptic doesn’t want to start from the PMenu, open the dmenu, search for terminal, and (once the terminal opens), issue the command sudo synaptic. That will get the package manager open, where you can start installing any applications you want (Figure 8).

Figure 8: The Synaptic Package Manager on MiyoLinux.

Of course, you can always install applications from the command line. MiyoLinux depends upon the Apt package manager, so installing applications is as easy as:

sudo apt-get install libreoffice -y

Once installed, you can start the new package from either the PMenu or dmenu tools.

MiyoLinux Accessories

If you find you need a bit more from the MiyoLinux desktop, type the keyboard combination Alt+Ctrl+a to open the MiyoLinux Accessories tool (Figure 9). From this tool you can configure a number of options for the desktop.

Figure 9: Configure i3, Conky, Compton, your touchpad, and more with the Accessories tool.

All other necessary keyboard shortcuts are listed on the default desktop wallpaper. Make sure to put those shortcuts to memory, as you won’t get very far in the i3 desktop without them.

A Nice Nod to Old-School Linux

If you’re itching to throw it back to a time when Linux offered you a bit of challenge to your daily grind, MiyoLinux might be just the operating system for you. It’s a lightweight operating system that makes good use of a minimal set of tools. Anyone who likes their distributions to be less modern and more streamlined will love this take on the Linux desktop. However, if you prefer your desktop with the standard bells and whistles, found on modern distributions, you’ll probably find MiyoLinux nothing more than a fun distraction from the standard fare.

 

Leveraging BI and Big Data in Modern Business

By
The Linux Foundation
-

Companies today are collecting data at an unprecedented rate, but how much of the collected data actually makes an impact on their business? According to ODPi, by 2020, the accumulated volume of Big Data will increase from 4.4 zettabytes to roughly 44 zettabytes or 44 trillion GB.

It’s a tall order for companies to translate this data into ROI, and many businesses still don’t know how to combine Business Intelligence (BI) with Big Data to get insightful business value.

Cupid Chan, CTO of Index Analytics and ODPi lead for the BI & AI Special Interest Group (SIG), tells his clients, “It doesn’t matter how much data you have; unless you can get the insight from it, it is just bits and bytes occupying the storage.”

To help such businesses gain insight into how BI can be addressed by Big Data through multi-structured data and advanced data analytics, ODPi has released a new whitepaper called “BI”g Data – How Business Intelligence and Big Data Work Together.

The latest whitepaper shares best practices for combining BI and Big Data. It also shares real end-user perspectives on how businesses are using Big Data tools, the challenges they face, and where they are looking to enhance their investments.

Read more at The Linux Foundation

1...271272273...10,742Page 272 of 10,742