For one of my Information Security classes called, Information Security & Risk Management, I’m supposed to put together a series of presentations on a collection of security and hacking tools. My partner and I have decided to publish these on YouTube to open them up to discussion, criticism, and feedback. I’ve created a public play-list for them. Feel free to watch them and let me know what you think! There may be some rough edges to them!
So I’ve been noticing recently that sometimes when I get home, there is a guy in a silver SUV outside my house in his car always looking down at his phone. He never gets out of his vehicle, none of my neighbors talk to him, and he leaves as soon as I get home or I unplug my wireless access point. I think has either cracked or is brute forcing someone’s wi-fi in the area, perhaps my own.
I haven’t confronted him yet, as I’ve just confirmed this a frequent oddity and it is reoccurring. Anyways, other members of my family have noticed him as well and he seems to be out there for several hours. My worst-case suspicion is that he has either cracked our wifi or is attacking the wifi of someone around us. I’ve had a elevated look at him where I was peering down into his vehicle and I noticed him fiddling with two cell phones. Odd. I also fear perhaps he is doing something illegal with whatever connection he is jumping on or probing someone’s network.
Anyways, I suspect our wireless access point may have been cracked since its been using the same credentials for some time now. I’ve decided to change our credentials for it and set it to something extremely taxing to brute force. I’ve also reduced the signal power to reduce the area from which our wi-fi is accessible outside of our property. I’ve also changed credentials on several systems just in case. I have other security implementations that will be implemented as well. I hope that concludes this guy from sitting around here, but this saga may be continued…
So I am in a class which uses a virtual machine “cloud lab”, aka a server that is a hypervisor with remote access. We use VMware Horizons to access our systems and performs tasks on them. I run Debian and I ran into an issue where when I uninstalled VMware Horizons, it created a situation where it would not re-install. I scoured the Internet for some documnetation on this problem but could not find any. What I found was that the uninstall instructions provided by VMware were either inadequate or I previously removed the program in such a way that was confusing the installer script. The key to resolving the error “Installation was Unsuccessful” I kept getting when running the installer was to manually remove the folder in /usr/lib/ called “VMware-Horizons*” or something along those lines.
sudo rm -r /usr/lib/VMware-Horizons*
After that folder was removed, the installer script provided by VMware worked fine.
The Google Hacking Database (GHDB) is a very interesting and fun tool available on the Internet. It’s a collection of Google queries that are available to use and produce a list of sites that have mis-configured their web servers and made private resources public.
The Google Hacking Database is hosted by the Exploit Database team, which hosts a repository of known exploits and vulnerabilities across the web. Their roots go back to the early 1990’s and their site has some very cool security and hacking tools.
The process of “Google Hacking” was popularized in the 2000’s by Johnny Long, a professional hacker who started storing search queries in a database called the “Google Hacking Database”. He also coined the term “Googledork”, which refers to a foolish person who has mis-configured their program for Google to index. Over time, the term “dork” began to refer to a search query that revealed sensitive information.
How it works
The Google Hacking Database is focused on using search engines (Google, Bing, Yahoo, etc.) to find servers that have misconfigured their resources and allowed a crawling bot to index their site resources.
A crawling bot is a service program that runs and crawls the web to index content so that a search engine query can pull up relevant content when a user uses the service. Its the way indexing is done for search engines.
Crawling bots typically will follow a sitemap or access a textfile (usually “robots.txt”) to honor instructions from webmasters when they are indexing their sites. However, sometimes web servers have unconfigured or misconfigured security settings that allow web crawling services to index resources that are meant to be private! Knowing this, the process of “Google hacking” can be used to use queries to find these resources.
Many databases certainly exist for these types of queries. I’m sure there are many public and private ones. We’ll just look at the one already discussed to keep things simple.
You can access this database yourself from the web. Dorks are listed by date by default. However, you can sort and search the database for specific keywords that you are interested in. Its a tool that is worth messing around with. You can even tailor the queries yourself to test on sites and domains.
Submitting a Dork
Each dork has some descriptive information, a published date, a convenient URL to run the dork in Google, and an author listed that submitted the query. You can submit dorks yourself to the Exploit Database by following their syntax and submitting your own Google Dork to their email address.
There are some fun and very cool dorks that exist in this database. Its worth trying for yourself! When I tried it, I was able to use a dork that revealed Piwik installations that had their main page open to anonymous visitors. I was able to see client info and locations on a variety of sites that had their analytics engines wide open to the public. Pretty shocking!
Synopsis and Purpose
I got a great deal on a used SuperMicro server motherboard. Unfortunately there was some work to be done on it. I contacted the seller and they were unresponsive to my query. The motherboard had settings that were locked behind the IPMI login screen and I didn’t have the credentials. This presents a security risk as well as a big inconvenience. There could be VPN settings or other odd settings in the IPMI. So we’ll need to find a way to reset it to factory defaults and gain access to our system. Restting the BIOS on the system doesn’t reset any IPMI settings, which are probably stored on the NVRAM in the system, which is persistent, even after power deprivation.
Documentation on this was sparse from what I could see but I did find a guide that talked about doing this process and some more stuff on the board with a DOS CD. However, I’ll have to compile my own to do this and I’m not really familiar with the process of building a FreeDOS project. The guide I found had a reference to a FTP server hosted by SuperMicro that had a utility called IPMIconfig. That sounds exactly like what we need. There is a user guide for the utility in the directory and in the zip archive as well.
Here is a link to the FTP resource ftp://ftp.supermicro.com/utility/IPMICFG/
So we’ll use a Live CD to use the utility and run the Linux version of IPMICFG to fix this problem. I have an abundance of Ubuntu Live CD’s lying around from all my distrohopping. In this case, I’m going to be using a Ubuntu 16.04 LTS x64 Live CD.
Setting up the peripherals and media
So get your monitor, keyboard, and maybe a mouse setup to your server. In my case I also had to add an external USB cd/dvd reader as well. Make sure its hooked up to the Internet so we can grab the IPMIConfig utility. If you don’t have net access, you can always just download it on a separate device and mount the media.
Reboot your server and select your boot option that has the Linux LiveCD media inserted.
Booting to the right device with a locked BIOS.
If you need to select your boot devices, but forgot or never had the BIOS password, you can reset the BIOS by removing the CMOS battery and uplugging the system and waiting it out, or you can use a jumper / switch on the BIOS.
I couldn’t select a boot option without a password (I had forgotten the one I setup, but then remembered). So we’ll have to either deprive the system of other preferred boot options or replace its preferred option with our LiveCD / USB / Hard Disk installation so we can get into a Linux environment.
Once I removed the typical USB that the system normally boots to, system booted to the LiveCD and external USB reader I had hooked up and started loading Ubuntu 16.04 x64.
Just in case someone is using a terminal only environment, I’ll use terminal instructions just for universality. You can do all these in Linux desktop environment as well. If you’re not familiar with the terminal, I’ll include a description of the commands we are executing as well.
Open terminal and type the following to download the IPMICFG utility.
Once its finished downloading, we’ll unzip the archive.
Now, lets change our working directory to the folder we just unzipped.
We’re using Linux so we’ll change into utility folder for Linux.
I’m using a 64-bit system so we’ll change into the 64bit folder.
Now we’ll execute the command that will restore our IPMI to factory default settings. It needs superuser permissions so we’ll include sudo.
sudo ./IPMICFG-Linux.x86_64 -fd
In my case, this worked. I restarted the machine and the IPMI interface was accessible from the IP address that it was previously configured for. The interface credentials had been reset to their factory default of ADMIN/ADMIN.
A Note on other IPMICONFIG functions
IPMICFG-Linux.x86_64 (the utility we used) also has a lot of other options and functions it can do. You can use these to reset users credentials without resetting the whole IPMI to factory defaults. In my case, I didn’t need anything preserved. You can view other functions and reference their use in the terminal output or in the user manual for the utility. To print the functions, just execute the following in the working directory of the utility.
A note on the CMOS / BIOS
This does not reset the CMOS BIOS in away. So any credentials stored on there will still be in place. If you need to reset that, you can simply remove the CMOS battery and unplug the device or use a jumper / switch on the motherboard. The BIOS will reflash and go back to factory defaults. This could affect your boot devices and other settings so be prepared before doing this.
I hope this guide helped you reclaim control of your system! It was a smooth experience for me and I’m glad I don’t have to worry about my IPMI system anymore. I put this off for too long. Its so simple to do. Let me know if this helped of if you have any feedback. I always look forward to getting comments from people who used these guides. Take care!
Most tutorials for installing recovery and Lineage OS (formerly known as Cyanogenmod) onto the OnePlus One are for Windows. This is how to do it on Ubuntu Linux. The version I’m using for this tutorial is Ubuntu Linux x86-64 17.04.
Installing the required tools on Ubuntu Linux (17.04)
Open a terminal window if using a desktop environment.
First, lets update our repositories to make sure we have the latest software versions available.
sudo apt-get update
Now we’ll install some tools from the Android SDK Platform that we’ll need to access the partitions on our phone.
sudo apt-get install android-tools-adb android-tools-fastboot
Lets check to see if abd is installed and running by executing its version printing function.
The output should read something such as:
Android Debug Bridge version 1.0.32
Next we’ll need to enable developer options and USB debugging on the OnePlus One. To do this, unplug your phone from USB and go to your Android settings. Scroll to the bottom and find the menu option “About phone” or “About devices”. Tap the build number 7 times. This should unlock the Developer options.
Go to to the main settings list and locate the entry “Developer options”. Tap that entry to enter. Then, locate the “Update Cyanogen recovery” entry and disable it. Next, locate the “USB debugging” entry and enable it.
Now, connect yout phone to USB and check to see if adb can see the device by running
adb devices -l
On the phone, you should be prompted to accept the connection from the computer. Allow this connection on your phone.
The command in adb should now show your device and its unique ID. If you can see this, you are ready for the next section.
Flashing the Bootloader / Recovery
Reboot your device into the bootloader mode with the command
adb reboot bootloader
Now, we will unlock the bootloader and erase the stock firmware.
sudo fastboot oem unlock
The phone will reboot, erase the stock bootloader, and start back up into android. Let it load through the boot process and startup, this may take awhile. In the mean time, you can download more required files.
Download the latest TWRP image from https://dl.twrp.me/bacon/
Download Lineage OS
Download the lastest version of Lineage OS for bacon: https://download.lineageos.org/bacon
Lineage OS Extras
Download any extras you may need from Lineage OS:
superuser binary (use wisely and with discretion) (for OnePlus One get the arm version): https://download.lineageos.org/extras
OpenGapps (for Google services – YUCK!!): http://opengapps.org/?api=7.1&variant=nano
Note: Personally, I’d recommend against using Gapps if you can avoid it. Once it is flashed onto the device it is extremely hard to remove without completely re-wiping your device. If you need a app/software repository, I’d recommend trying F-Droid (I will show you how to install it at the end of the tutorial) which has a much safer set of applications that typically are more respectful of your personal data and privacy. Google Apps are known to collect and sell massive amount of personal data and telemetry such as location / usage data, and contains many apps that will do the same. Many of the free apps will contain malicious advertisements as well.
In most cases, these files will now be saved in the Downloads folder of your user.
Once your device is done setting up Android again, you can skip through the introduction menus. Then go back into the settings menu and reenable the developer options in the menu, go into the developer options, disable “Update Cyanogen recovery” and enable “Android debugging”. Make sure the phone is still connected and when prompted by your phone, reallow access from your computer via the onscreen prompt.
To avoid confusion with other downloaded files, rename the twrp image file to “recovery.img”.
In terminal change directory into your Downloads folder or where you saved the other files to. We will now upload the new recovery software onto the phone after putting it back into recovery mode.
adb reboot bootloader
sudo fastboot flash recovery recovery.img
fastboot will upload the TWRP image to the recovery partition. Allow it to finish. You know it has finished when it displays “finished. total time: ….”
Now, reboot the device.
sudo fastboot reboot
The phone will boot into android. Once it reaches Android, you can reboot into recovery by holding the power button + volume down buttons. Once the phone starts up, you can releasse the power button and only continue to hold down the volume down button on the device. This should bring you into TWRP.
Welcome to TWRP
Swipe to enable modifications. Do not keep your system partition in read-only. We will be writing to this partition.
Backup Cyanogen OS
First, lets make a backup of the stock Lineage OS that comes with the OnePlus One. I recommend you archive this somewhere on the device or on a hard drive just in case you ever need to restore the phone to stock.
Select the “Backup” menu entry. Select a name I prefer “$date – LineageOS Stock”. Select all the partitions to backup then swipe to start the backup process. It should take a minute then vibrate when its completed. Go back to the main menu.
Wipe the device
I’m not sure if this is necessary as flashing Lineage OS may overwrite the partitions but its safer to be sure and just wipe the partitions. The partitions we will wipe are: Dalvik, System, Data, and Cache. DO NOT wipe Internal Storage as that is what we have just used to store our backup. If you need to wipe the internal storage, make sure you copy the backup and other files over first. In my guide, I have my internal storage already cleaned up of any personal files.
Slide the slider to being the wipe process. It should complete quickly. Go back to the main menu.
Install Lineage OS
Once at the TWRP main menu, copy the main Lineage OS zip file to your internal storage on the device. Also, move any of the Lineage add-ons that you downloaded into this folder too. I have put my linage zip in my Downloads folder for now.
You can keep these in a folder on the device to have as a backup. You may come in handy in the future if you ever need to re-flash the system. so I’d recommend archiving them somewhere.
We will now install LineageOS and our add-ons. Select the “Install” entry in the main menu. Go to the “Downloads” folder. The main “lineage” .zip file that you downloaded and moved. Verify that you have selected the right file. Then swipe to confirm the flash. The phone will begin to unpack and flash the system partition with Lineage OS.
If you did not wipe the Dalivk / ART cache before in the wiping section of this guide, you should do this now.
If you want to apply the superuser / root function to your phone (only do this if you know what this does), you can do so now by going back to the main menu, selecting “Install” and doing the same process we just did except this time select the “addonsu” .zip file. You can follow this process to install “opengapps” as well.
You can now reboot the device from the menus. TWRP will offer to install a TWRP App. You do not need this. It is optional. I’ve unchecked both options and then pressed the “Do Not Install” button. TWRP will offer this almost every time you use the TWRP menu.
Your device will not reboot into Lineage OS. Congratulations you have completed the process! 🙂
If you encountered an error, its likely that the files that you downloaded were corrupt or did not download properly. Try downloading them again and retrying.
If you get stuck in a boot loop, try going back to TWRP and flashing an older version of Lineage OS.
NOTE: You will need to have mobile data or a wifi connection to do this. Otherwise you will need to download the F-droid APK from your computer and transfer it via USB to your phone’s internal storage first.
To install the app repository, F-Droid, simply go through the intro Lineage OS menus on first boot. Once you reach the home-screen / desktop. You can open up your phone’s web browser and go to https://f-droid.org/
Then select the Download F-Droid button on their site. Allow the browser to access storage, then select the download option. Your phone will download the APK file.
Once it is downloaded, select it from the phone’s drop down menu / notification slide down menu. You will be prompted that you need to enable unknown sources before you can install this. Click the settings option and you will be taken to your settings menu. Find the “Unknown sources” option and enable it. You will be prompted about the risk in doing this, press OK. Unknown sources should be enabled now.
Press the home key, open your app drawer, and select “Files”. Then select “Downloads”, then Select the FDriod.apk. Press “Install”. Your phone will install F-droid. When its done, press “done”.
Press the home button and open the app drawer again. Open the “settings” app and go to the “Security” section. Locate “Unknown source” and disable this option.
Now, go back to your app drawer and locate F-Droid. It will open. You need to press the refresh button in the top right (looks like a circle arrow) and F-Droid will update its repositories and show the apps you can install.
Thank you for reading! Hope this helped.
If you are tired of giving your personal data like contacts, calendar events, and files to Google or Dropbox, you can easily connect your Android phone to your own hosted server to utilize syncing with free and open-source software.
NextCloud and OwnCloud are two software options that are available to self host on a web server and utilize for file synching and DAV syncing options.
This guide will focus on the Android client side of this project. I hope to eventually do a guide on the server / host side of this.
A note on telemetry and data collecting
To truly remove Google services and manufacturer telemetry from your Android device you will need a device that allows you to flash the recovery partition. On many devices, you can install an alternative Android distribution such as LineageOS to replace the stock operating system on your phone. This is usually the only option available to take control of your phone and remove apps like Google Play Store and other Google services from your phone. There are a few manufacturers and phones that all you to do this. This guide assumes you have such a phone and are running an Android distribution like this.
The Server Side of things
My server is running a web-server with a NextCloud installation. The NextCloud installation is setup with the following add-ons:
Files, Contacts, Calendar, Tasks, and News.
The Android Side of things
Operating System: LineageOS
I’m using LineageOS 14.1 on my Android phone.
Software Repository: F-Droid
The software repository I’ll be using is F-Droid which is a free and open-source repository available for download and installation to most Android devices.
Open F-Droid on your Android device and install the following applications: NextCloud, OpenTasks, DavDroid, and OCReader.
Open the NextCloud App. Then enter your server address for your domain and nextcloud installation. Then enter your credentials. Allow NextCloud access to your storage. The file syncing is now portion of your device is now setup. You can customize it further to your liking.
Contacts + Calendar + Tasks
Open the DavDroid application from your app drawer. Then select “Login with URL and user name”. Enter your server URL as follows:
Replace “$domain” with your cloud server’s domain name and path.
Replace “$username” with your NextCloud username.
Then enter your username, and password then press “Login”. DavDroid should detect your Dav services and give you the option to choose what you want to call the Account and then choose “Groups are per-contact categories”. Then continue.
Next, choose the section you just named and select your CardDAV contact groups, and CalDAV calendar groups that you want to add. Once you’ve selected them all press the refresh button at the top right of the screen (two arrows in a circle).
You may need to accept permissions to grant to the DavDroid application in the notification tray in Android.
Go to your Android Settings –> Accounts –> Then your DavDroid entry. In the top right, tell it to sync now. Your contacts, calendars, and tasks will begin to populate with the data from your server.
Open the installed OCReader application on your phone. Enter your server address, user-name, and password, then press the “Sign In” button. You RSS feeds will populate into your device.
There are many other applications and NextCloud apps you can sync to each other.
I was struggling to find a way to import my Windows software RAID0 partition into Ubuntu. I tried several different methods and I’m surprised this wasn’t easier to discover. However, there is a simple solution for this.
All you need to do is download a tool called
ldmtool and have it import your partition!
First, Download the tool.
sudo apt-get install ldmtool
Then, have ldmtool import your software RAID partition.
sudo ldmtool create all
Your RAID0 partition should automatically be imported and available to use in your filesystem! It will be mounted in your /media/$username folder!
I got up to a interesting project this Tuesday. I recieved the new video card I ordered. I recieved it sooner than I expected too! I only ordered Sunday night. Anyways, the card, which is SAPPHIRE NITRO Radeon R9 Fury 100379NTOC+SR 4GB, was too big for my Antec Three Hundred case! I was shocked. Nothing I’ve thrown at this full sized tower has been too big for it. I was faced with a couple options in light of this discovery. I could buy a new case, buy a smaller graphics card, or mod my current case. The only guide I saw online for doing this was from a guy who decided to remove his entire hard drive bay from the Antec Three Hundred by drilling through the rivets and prying the hard drive bay from the 5.25 optical drive bay. It was not a very elegant solution and I kind of liked having the hard drive bay available for some drives I’m using. Another suggestion was to pull the entire hard drive and optical bay out of the case by drilling all the rivets out. Still not a great solution…
Well, what I decided to do was to use a edge grider to cut out a couple inches from the hard drive bay. This was just enough room for the video card to fit very comfortably.
It fit great! I had to remove all the components first to make sure nothing would get cut or shorted by metal filings or pieces. There were plenty of them flying around with this method! However, I still have my hard drive bays and I now have plenty of space for my new graphics card! This is a pretty old case. I think I got it in 2010 but its been fantastic and has had everything I’ve needed up to now. It retails for cheap these days so I wasn’t really losing out too much by modding it. Thanks for looking!
UPDATE: I later become dissatisifed with the approach of this project and wanted something slightly more elegant. I didn’t like the random cut and the mess inside the case so I decided to remove the drive bay completely by simply drilling into the rivets with a small drill bit. It wasn’t too bad. For the rivets underneath the 5.25 drive bay, I cut them with a tin snip and just worked them until they gave way. Be gentle with the metal as the 5.25 could bend or get ruined if you are too aggressive with it.
This result let me comfortably fit two Zotac GTX 980 Ti Extreme editions in the case at once.
This video demonstrates the process of replacing the USB cable for the Logitech G500 Mouse. Some YouTube users have also reported to me that this is also relevant to the G5 and G500S models as well. It displays the process of disassembling and re-assembling the mouse. I hope this helps you! Unfortunately, The video went much longer than I intended it to. However, I explained everything in depth.
1 year later, I haven’t had any problems with the mouse since the repair process in this video. The glue has also worked well for the bottom pads.
- Replacement G500 USB Cable (available from most online retailers)
- A micro-screwdriver set (also used as a pry tool: spudgers/pry kit preferred)
- cotton swab (applicator)
- all purpose glue (adhesive)
- rubbing alcohol (for cleaning off human gunk)