Life of Derp Lord: April 2020

Sunday 26 April 2020

Linux Command Line Hackery Series - Part 6

Welcome back to Linux Command Line Hackery series, I hope you've enjoyed this series so far and would have learned something (at least a bit). Today we're going to get into user management, that is we are going to learn commands that will help us add and remove users and groups. So bring it on...

Before we get into adding new users to our system lets first talk about a command that will be useful if you are a non-root user.

Command: sudo
Syntax: sudo [options] command
Description: sudo allows a permitted user to execute a command as a superuser or another user.

Since the commands to follow need root privileges, if you are not root then don't forget to prefix these commands with sudo command. And yes you'll need to enter the root password in order to execute any command with sudo as root.

Command: useradd
Syntax: useradd [options] username
Description: this command is used for creating new user but is kinda old school.
Lets try to add a new user to our box.
[Note: I'm performing these commands as root user, you'll need root privileges to add a new user to your box. If you aren't root then you can try these commands by prefixing the sudo command at the very beginning of these command like this sudo useradd joe. You'll be prompted for your root password, enter it and you're good to go]

useradd joe

To verify that this command has really added a user to our box we can look at three files that store a users data on a Linux box, which are:

/etc/passwd -> this file stores information about a user separated by colons in this manner, first is login name, then in past there used to be an encrypted password hash at the second place however since the password hashes were moved to shadow file now it has a cross (x) there, then there is user id, after it is the user's group id, following it is a comment field, then the next field contains users home directory, and at last is the login shell of the user.

/etc/group -> this file stores information about groups, that is id of the group and to which group an user belongs.

/etc/shadow -> this file stores the encrypted password of users.

Using our command line techniques we learned so far lets check out these files and verify if our user has been created:

cat /etc/passwd /etc/group /etc/shadow | grep joe

In the above screenshot you can notice an ! in the /etc/shadow, this means the password of this user has not been set yet. That means we have to set the password of user joe manually, lets do just that.

Command: passwd
Syntax: passwd [options] [username]
Description: this command is used to change the password of user accounts.
Note that this command needs root privileges. So if you are not root then prefix this command with sudo.

passwd joe

After typing this command, you'll be prompted password and then for verifying your password. The password won't show up on the terminal.
Now joe's account is up and running with a password.

The useradd command is a old school command, lets create a new user with a different command which is kinda interactive.

Command: adduser
Syntax: adduser [options] user
Description: adduser command adds a user to the system. It is more friendly front-end to the useradd command.

So lets create a new user with adduser.

adduser jane

as seen in the image it prompts for password, full name and many other things and thus is easy to use.

OK now we know how to create a user its time to create a group which is very easy.

Command: addgroup
Syntax: addgroup [options] groupname
Description: This command is used to create a new group or add an existing user to an existing group.

We create a new group like this

addgroup grownups

So now we have a group called grownups, you can verify it by looking at /etc/group file.
Since joe is not a grownup user yet but jane is we'll add jane to grownups group like this:

addgroup jane grownups

Now jane is the member of grownups.

Its time to learn how to remove a user from our system and how to remove a group from the system, lets get straight to that.

Command: deluser
Syntax: deluser [options] username
Description: remove a user from system.

Lets remove joe from our system

deluser joe

Yes its as easy as that. But remember by default deluser will remove the user without removing the home directory or any other files owned by the user. Removing the home directory can be achieved by using the --remove-home option.

deluser jane --remove-home

Also the --remove-all-files option removes all the files from the system owned by the user (better watch-out). And to create a backup of all the files before deleting use the --backup option.

We don't need grownups group so lets remove it.

Command: delgroup
Syntax: delgroup [options] groupname
Description: remove a group from the system.

To remove grownups group just type:

delgroup grownups

That's it for today hope you got something in your head.

More information

Ettercap: Man In The Middle (MITM)

"Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis." read more...

Website: http://ettercap.sourceforge.net

Saturday 25 April 2020

Hacking All The Cars - Part 2

Connecting Hardware to Your Real Car:

I realized the other day I posted Part 2 of this series to my youtube awhile ago but not blogger so this one will be quick and mostly via video walkthrough. I often post random followup videos which may never arrive on this blog. So if you're waiting on something specific I mentioned or the next part to a series its always a good idea to subscribe to the YouTube. This is almost always true if there is video associated with the post.

In the last blog we went over using virtual CAN devices to interact with a virtual car simulators of a CAN network This was awesome because it allowed us to learn how to interact with he underlying CAN network without fear of hacking around on an expensive automobile. But now it's time to put on your big boy pants and create a real CAN interface with hardware and plug your hardware device into your ODB2 port.

The video I created below will show you where to plug your device in, how to configure it and how to take the information you learned while hacking around on the virtual car from part1 and apply it directly to a real car.

Video Walk Through Using Hardware on a Real Car

As a reference here are the two device options I used in the video and the needed cable:

Hardware Used:

Get OBD2 Cable:
https://amzn.to/2QSmtyL

Get CANtact:
https://amzn.to/2xCqhMt

Get USB2CAN:
https://shop.8devices.com/usb2can

Creating Network Interfaces:

As a reference here are the commands from the video for creating a CAN network interface:

USB2Can Setup:

The following command will bring up your can interface and you should see the device light color change:

sudo ip link set can0 up type can bitrate 125000

Contact Setup:

Set your jumpers on 3,5 and 7 as seen in the picture in the video

Sudo slcand -o -s6 /dev/ttyACM can0 <— whatever device you see in your DMESG output

Ifconfig can0 up

Summary:

That should get you started connecting to physical cars and hacking around. I was also doing a bit of python coding over these interfaces to perform actions and sniff traffic. I might post that if anyone is interested. Mostly I have been hacking around on blockchain stuff and creating full course content recently so keep a look out for that in the future.

Related articles

How Do I Get Started With Bug Bounty ?

How do I get started with bug bounty hunting? How do I improve my skills?

These are some simple steps that every bug bounty hunter can use to get started and improve their skills:

Learn to make it; then break it!
A major chunk of the hacker's mindset consists of wanting to learn more. In order to really exploit issues and discover further potential vulnerabilities, hackers are encouraged to learn to build what they are targeting. By doing this, there is a greater likelihood that hacker will understand the component being targeted and where most issues appear. For example, when people ask me how to take over a sub-domain, I make sure they understand the Domain Name System (DNS) first and let them set up their own website to play around attempting to "claim" that domain.

Read books. Lots of books.
One way to get better is by reading fellow hunters' and hackers' write-ups. Follow /r/netsec and Twitter for fantastic write-ups ranging from a variety of security-related topics that will not only motivate you but help you improve. For a list of good books to read, please refer to "What books should I read?".

Join discussions and ask questions.
As you may be aware, the information security community is full of interesting discussions ranging from breaches to surveillance, and further. The bug bounty community consists of hunters, security analysts, and platform staff helping one and another get better at what they do. There are two very popular bug bounty forums: Bug Bounty Forum and Bug Bounty World.

Participate in open source projects; learn to code.
Go to https://github.com/explore or https://gitlab.com/explore/projects and pick a project to contribute to. By doing so you will improve your general coding and communication skills. On top of that, read https://learnpythonthehardway.org/ and https://linuxjourney.com/.

Help others. If you can teach it, you have mastered it.
Once you discover something new and believe others would benefit from learning about your discovery, publish a write-up about it. Not only will you help others, you will learn to really master the topic because you can actually explain it properly.

Smile when you get feedback and use it to your advantage.
The bug bounty community is full of people wanting to help others so do not be surprised if someone gives you some constructive feedback about your work. Learn from your mistakes and in doing so use it to your advantage. I have a little physical notebook where I keep track of the little things that I learnt during the day and the feedback that people gave me.

Learn to approach a target.
The first step when approaching a target is always going to be reconnaissance — preliminary gathering of information about the target. If the target is a web application, start by browsing around like a normal user and get to know the website's purpose. Then you can start enumerating endpoints such as sub-domains, ports and web paths.

A woodsman was once asked, "What would you do if you had just five minutes to chop down a tree?" He answered, "I would spend the first two and a half minutes sharpening my axe."
As you progress, you will start to notice patterns and find yourself refining your hunting methodology. You will probably also start automating a lot of the repetitive tasks.

October 2019 Connector

OWASP
Connector

October 2019

Communications | Projects | Events | Community | Membership

COMMUNICATIONS

Letter from the Vice Chairman of the Board

Dear OWASP Community,

Two of the primary initiatives the foundation staff has been working on over the past few months were the two back to back Global AppSec Events in DC and Amsterdam. This was a huge undertaking by everyone involved. We are pleased to announce that the survey feed back is positive and both events were well attended. I was in attendance of Global AppSec Amsterdam and it was great meeting and speaking with old friends and meeting new ones. I would also like to take this opportunity, on behalf of the board to thank OWASP staff for their efforts in making the two conferences so successful.

To continuing on with the events theme; I'm really happy to announce the locations of our 2020 OWASP Global AppSec Conferences. The first one will be June 15 - 19, 2020 in Dublin and the second will be October 19 - 23, 2020 in San Francisco. Dublin is not an exotic trip for me, more of a 10 minute tram ride. Hopefully you will join us, while also making the most of the culture and scenery that Ireland has to offer.

Last but not least, the OWASP Global Board of Directors election results where released Thursday October 17, 2019. I'd like to first thank everyone who has put their trust in me by voting me back onto the board for the next two years. I hope I do you justice.

I would also like to thank the large number of candidates that were willing to give of their personal time and run to be part of the Global OWASP Board. This is a testament of the dedication and commitment of our members to continue to grow and evolve to the next level as an organization. I encourage those that were not elected will still be involved in making a positive change by volunteering to be part of a committee. The board and staff need all the help they can get to push through change. I hope you will join us in this journey. We can not be successful without the help of the community.

Until next time,
Owen Pendlebury
Vice Chairman, OWASP Global Board of Directors

OWASP Global Board Election Results

The newly elected 2020 OWASP Board Members:
Grant Ongers
Owen Pendlebury
Sherif Mansour
Vandana Verma Sengal

Congratulations, and thank you to all the candidates that participated and the OWASP members that voted.

OWASP Foundation Global AppSec Event Dates for 2020

Global AppSec Dublin, June 15 - 19, 2020

Global AppSec San Francisco, October 19 - 23, 2020

Visit our website for future announcements.

EVENTS

You may also be interested in one of our other affiliated events:

REGIONAL EVENTS

Event	Date	Location
BASC 2019 (Boston Application Security Conference)	October 19,2019	Burlington, MA
LASCON X	October 24 - 25, 2019	Austin, TX
OWASP AppSec Day 2019	Oct 30 - Nov 1, 2019	Melbourne, Australia
German OWASP Day 2019	December 9 - 10, 2019	Karlsruhe, Germany
AppSec California 2020	January 21 - 24, 2020	Santa Monica, CA
OWASP New Zealand Day 2020	February 20 - 21, 2020	Auckland, New Zealand
Seasides 2020	March 3 - 5, 2020	Panjim Goa, India
SnowFROC 2020	March 5, 2020	Denver, CO

GLOBAL PARTNERSHIP EVENTS

Event	Date	Location
BlackHat Europe 2019	December 2 - 5, 2019	London

BlackHat Europe 2019 London at EXCEL London
2019 December 2-5
Visit the OWASP Booth 1015
Business Hall December 4 & 5
December 4, 10:30 AM - 7:00 PM
December 5: 10:00 AM - 4:00 PM

OWASP Members are eligible for € 200.00 discount , email marketing@owasp.org for code to use when registering.

PROJECTS

Projects were well-represented at the previous two Global AppSec conferences in DC and Amsterdam this past month. Both events featured the popular Project Showcase and I heartily thank the leaders of the projects who participated:

Secure Medical Device Deployment Standard
Secure Coding Dojo
API Security Project
Dependency Check
SAMM
SEDATED
DefectDojo
Juice Shop
ModSecuity Core Rule Set
SecurityRAT
WebGoat

These leaders put on a great set of presentations and, in many cases, the room was standing room only. Thank you!

The project reviews that were done in DC and Amsterdam are still being evaluated and worked on; if you are waiting on answers, please have patience. I hope to have them finalized by November.

The website migration continues moving forward. The process of adding users to the proper repositories is an on-going effort. If you have not given your GitHub username, please drop by the Request for Leader Github Usernames form. A nice-to-accomplish goal would be to have the projects and chapters in their new website homes within the next 30 days.

Harold L. Blankenship
Director of Technology and Projects