Dec 31, 2013

Description:
Can't execute or set execute permission for executable (Linux executable) files in NTFS partition.

Details:
OS:Ubuntu 13.04
NTFS partition mounted by clicking on the partition name that appear in the 'Devices' section in the Nautilus window (File Explorer).

Reason:
The NTFS file system don't have the permission bits like that in the Linux because NTFS is designed for windows.

Fix:
In the /etc/fstab file mount the NTFS partition using the umask=000 and exec option.
umask indicates which all permissions you want to restrict, so umask=000 mean everyone will have read,write and execute permission on the disk after the mounting.

UUID=ECE896823234E8964CA8 /media/Disk ntfs defaults,exec,fmask=000 0 0

Dec 13, 2013


In a quest to choose a Download manager for my Linux Box, i came across this question 
"Does multi threaded download managers really help". 
Had a discussion with my friends, spend quite sometime on Google and finally came to a conclusion.

Yes multi-threaded/multi-part Downloading really HELPS and SPEEDS UP the download..

In multi-threaded/multi-part downloading a single file is split into multiple segments/parts and are downloaded using several parallel HTTP connections from a single server. 

This speeds up the download because the ISP/Server/Firewall will usually put a limitation of bandwidth per connection, so multiple connections will help to circumvent this limitation. But bear in mind that you can't speed up beyond the maximum bandwidth allocated to you. Also servers will have a limit on maximum limit on the number of parallel connections per client in order to prevent this.

Nov 22, 2013

Mission:
Recover the password of user hertz

Given:
passwd file and corresponding shadow file

Background info:
The password of the user is saved in the shadow file as hash value. Hash values are generated by hash function which are one way functions. So it's not possible to find out the password from the hash value by reverse engineering.

Mode of Attack:
Brute Force, using the tool John the Ripper
After installing the rpm package from the above link run below commands in the terminal to
  • Combine user information in passwdfile and shadowfile and write it to testfile
  • Launch dictonary based brute force attack on testfile
  • Recover the passwords using --show
  And you will get your initial key as "iloveu1"

unshadow passwdfile shadowfile > testfile
john testfile
john --show testfile
Mission: 
An executable 'nullex80' was given and we have to find out the flag, tried to run in and it asked for username and password

First: applied the 'file' command, it gave the below o/p

file nullex80 
nullex80: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=0x7f73d19c16ca48817097c99cb8e0d2fb3ad50760, not stripped

So from the o/p we got it's not stripped so the variables and functions are in readable form that means we can apply 'strings' command on the file to get all readable strings from the file

Second: apply strings on 'nullex80'

strings nullex80 
/lib64/ld-linux-x86-64.so.2
libc.so.6
puts
putchar
printf
strlen
strcmp
__libc_start_main
__gmon_start__
GLIBC_2.2.5
UH-h
UH-h
[]A\A]A^A_
username password
%s %s
r00t
OshZ2sexLLLxXXnnn001
Kit Williams quotes
You see, my ambition was not to confound the engineering world but simply to create a beautiful piece of art.
Wrong username/password!
;*3$"

So from a look at the readable strings given as the o/p 'r00t' seem like a good candidate for password

Third: Run the executable with 'r00t' as username and 'OshZ2sexLLLxXXnnn001'as the password

./nullex80 r00t OshZ2sexLLLxXXnnn001
You see, my ambition was not to confound the engineering world but simply to create a beautiful piece of art.
Kit Williams quotes
flag{2afcad7815395d567001e09100c4e2fe}

voilĂ  got the flag !!