After you have created users accounts, and let those users loose on your somputer, there are different commands you can use to keep track of how they are using your computer. There are commands for checking such things as who is logged into your system and getting general information about the users with accounts on your system. Here are some of these commands.
last #list the most recent successful logins

root@ubuntu-box:~# last -a
smbuser  pts/2        Fri Sep 25 06:37   still logged in    windows-box
jorge    pts/1        Fri Sep 25 06:35   still logged in    windows-box
jorge    pts/1        Fri Sep 25 06:34 - 06:35  (00:00)     windows-box
 
wtmp begins Fri Sep 25 06:34:52 2009

lastb #List the most recent unsuccessful logins

root@ubuntu-vbox:~# lastb
smbuser  ssh:notty    windows-box      Fri Sep 25 05:36 - 05:36  (00:00)
jorge    :0                            Fri Sep 18 17:28 - 17:28  (00:00)
jorge    :0                            Fri Sep 18 17:28 - 17:28  (00:00)
jorge    :0                            Fri Sep 18 17:27 - 17:27  (00:00)
jorge    :0                            Fri Sep 18 17:27 - 17:27  (00:00)
jorge    :0                            Fri Sep 18 17:27 - 17:27  (00:00)

who -u #List who is currently logged in (long form) Read the rest of this entry »

Some times you need to keep a close watch on a machine that has been compromise; therefore, you might want to see the logs in real time. Well, ”tail” allows you to watch the logs in real time. Most systems related messages are logged to the “messages” log file, and security related messages are send to the “secure” log file. In the later you can find successful and unsucesful login attemps. So the “secure” log file is a good place to start when you are trying to identify whether someone has tried to break in to that box.

tail -f /var/log/secure

or

tail -f /var/log/messages

Now you can try login from a remote box or locally and watch the logs scroll down in real time. These are some logs file that might be of interest.

tail -f /var/log/secure  #security related messages
tail -f /var/log/messages  #system messages
tail -f /var/log/maillog  #mail server messages
tail -f /var/log/httpd/access_log  #web server messages

Moreover, the “grep” command can be quite useful for parsing through logs files. In this case, the grep command is use to search the “secure” log file for the string “jorge.” The -R switch is to specify the string, and the -n switch for displaying the line number.

[root@Fedora11-vbox ~]# grep -Rn smbuser /var/log/secure
81:Sep 26 11:55:04 Fedora11-vbox useradd[2233]: new group: name=smbuser, GID=501
82:Sep 26 11:55:04 Fedora11-vbox useradd[2233]: new user: name=smbuser, UID=501, GID=501, home=/home/smbuser, shell=/bin/bash
83:Sep 26 11:55:26 Fedora11-vbox passwd: pam_unix(passwd:chauthtok): password changed for smbuser
85:Sep 26 12:00:37 Fedora11-vbox passwd: pam_unix(passwd:chauthtok): password changed for smbuser

The “grep” command can also be used to search multiple files recursively. This command searches in the “/etc/httpd/conf” and “/etc/httpd/conf.d” directories for the string “VirtualHost.” Read the rest of this entry »

VNC is considered to be an insecure protocol. The password is sent using fairly weak encryption, and the rest of the session is not encrypted at all. For that reason, when using VNC over an untrusted network or internet, I recommend you tunnel it over SSH.

To forward VNC port 5900 on localhost to remote host port 5900

ssh -L 5900:localhost:5900 vncserver

If your ssh server is listening on other port like: 222

ssh -L 5900:localhost:5900 vncserver -p 222

The same procedure can be done on a window$ machine using putty Read the rest of this entry »

tar is a compression utility that allows you to compress files and backup up your system.
Here are some useful tar commands to backup and restore files.
if you want to backup the content of /home and /etc:

tar cvpf /mnt/backup/tarball_bakup /home /etc

Once you have a full backup of your system you could do incremental backups using the –newer option, which backs up everything that has changed since the specified date

tar cvpf /mnt/backup/tarball_backup --newer 19Aug09 /home /etc

when things go wrong and you want to restore the content of backup

tar xvpf /mnt/backup/tarball_backup home/user

Sometimes you accidentally deleted a file; therefore, you only need to restore a single file. Remember when restoring from a tar archive, there’s no absolute path, in other words, tar removes all the leading slash “/” so /home/user/file1 becomes home/user/file1. And you should be in the / “root” directory.

tar xvpf /mnt/backup/tarball_backup home/user/shell1.sh

What about if you don’t know the exact name of the file but only part of the file name

tar tvpf /mnt/backup/tarball_backup | grep shell*

or

tar tvpf /mnt/backup/tarball_backup | more

to page trhough the backup file.

Here’s a good shell script  that performs monthly, weekly, and daily backus to a tgz file. Read the rest of this entry »

Ok, the previous video was kind of out dated, so I posted a new one. Credits to g0tmi1k. This video goes beyond just cracking wpa, it also shows how the different tools perform. This video explains the methodology really simple. Let me say that cracking WPA is not like cracking WEP, in WEP you’re exploiting a vulnerability in the way the encryption algorithm is implemented, but in WPA the only vulnerability will be in the strength of the user passphrase. Yes you’ve guessed it, when cracking WPA basically what you’re doing is brute-forcing the user password, in other words the success of your attack will depend on your dictionary or password list. If the user’s passphrase is not in your dictionary, you will never crack the WPA key. There are several types of WPA dictionary list out there, but I highly recommend using rainbow-tables which can be several Gigs in size. How to find them?… Google is your friend! Read the rest of this entry »

Recently I had to install ubuntu on a machine with a bad cdrom drive, which made me look for alternative ways of installing ubuntu. This article describes two ways of how to install Ubuntu by copying the content of the installation CD to an USB drive such as a memory stick (or flash drive) and making the USB stick bootable. This is handy for machines like ultra portable notebooks that do not have a CD drive but can boot from USB media. On a side note, I have to point out that booting from USB stick can be very handy, but there is no guarantee that it will work with your particular combination of computer and USB stick. Even if you are able to boot from your USB stick on one computer, this does not mean that it is going to work with the next one. You can try experimenting with different settings in your PC’s BIOS to make it work.
Read the rest of this entry »

Not too long ago, I decided to install my bartpe onto a usb flash drive, as most modern pc today are capable of booting from usb devices, and in the process I thought of making it a dual boot with one of my favorite distros (Backtrack3) so for this tutorial we will go over the process of installing UBCD4win and Backtrack3 onto a usb flash drive in this case I use a 2Gb Sandisk. What is UBCD4win? well, is an application that is used for installing bartpe(bart preinstalled environment) on to a cd or usb flash drive from a windows xp install cd, very useful for repair and maintenance task. It will give you a complete Win32 environment with network support, a graphical user interface (800×600) and FAT/NTFS/CDFS filesystem support. Very handy for burn-in testing systems with no OS, rescuing files to a network share, virus scan and so on. Here you can find a complete list of tools that will be already built in your bartpe install . You can think of bartpe as a cut down version of windows xp. Read the rest of this entry »