Weekend Lab Project: Personal ESXi Server

I finally got it up, and am now loading os' onto it. In the coming Days I'll post what I have done, and document the pitfalls I hit.

Hide-a-PwnPi

There are times you want to go to the library, or community college, and want to to see whats going on the network, or use their pipes. Below are a few Pictures of a quick case I made to hide such things from plan site.

Pwn Pi Pics

This is my set up

On my computer

it just says settings

like below

And it has a purple terminal background.

Using my nexus 7, ssh into it and start vnc view at 1024x600

And you can see the menu!

Katana 3 Beta Torrent

Katana 3 Beta 

You need both parts for it to work!

Seed link for File 1: 

magnet:?xt=urn:btih:D129B8DC7AAF6B9194DEE931FCAD37B444E07C83&dn=katana-v3.0-beta-1.zip&tr=udp%3a//tracker.openbittorrent.com%3a80/announce

Seed link for File 2: 

 magnet:?xt=urn:btih:C18BA91C9095ED3649790A8109807DB8DD4987C1&dn=katana-v3.0-beta-2.zip&tr=udp%3a//tracker.openbittorrent.com%3a80/announce

or downlaod the .torrent files form my dropbox at https://www.dropbox.com/sh/mgby6fza1rkoqxo/V-R2Gp0ifA

The link below has the hashes for the files.

Visit http://www.hackfromacave.com/articles_and_adventures/katana_v3_beta_release.html

or

If you can read the md5 hashes off of the Pic you can make sure no one has changed the files.

The Read Me File Posted Down Below

                        Katana v3.0 Beta (Unsheathed) 

 Installation:

Requires USB flash drive (or other disk) of size 8GB or larger formatted FAT32. 

NOTE: Some tools included in Katana get flagged as "hacker tools" by many 

Anti-Virus programs. Make sure to turn off all virus scanner before install. 

1. Download the Katana ZIP files to the local disk.

2. Extract the content of the Katana ZIP files onto the USB flash drive; 

example "E:\" for Windows OR "/mount/sdb1" for Linux. Make sure NOT to create a 

subdirectory when extracting the ZIPs content.  Extract all files into the root 

of the flash drive. If prompted, use the "write into" option to copy 

files into already existing directories. Katana is broken into 2 files because 

of its size. Extract both files to the directory in the same manner. There are 

many files, so this may take some time.  When done, you should see about a dozen 

files in the root of the flash drive.  

3. Change directory to the freshly copied "boot" directory on the USB device. 

(Make sure you're in the "boot" directory on the USB device and NOT your local 

disk! )

4. Run the following with Administrative privileges. For Linux/OSX run 

./boostinst.sh, for Windows run ./boostinst.bat

5. Make sure the computer BIOS allows USB boot. Boot from flash drive. All Done! 

 License:

   Katana is comprised of software licensed under the GNU General Public 

   License, Freeware, and similar licenses. Consult supplied license files 

   and/or original providers of each software package carefully for 

   license information. 

 Warranty:

   This software and any accompanying files are distributed "AS IS" 

   with ABSOLUTELY NO WARRANTY, use it at your own risk. You assume all 

   risks associated with use of this software. The author and distributors

   are in no event liable for any damages caused by use of this software.

 Author:

   This software is developed by

   JP Dunning (.ronin) <www.hackfromacave.com>

   (C) 2009 - 2012, Shadow Cave LLC.

Raspberry Pi Running Apache and FTP

I started with this site, http://tinkernut.com/wiki/page/Episode_320 very easy to understand and started walking threw the steps.  About the 3rd time, locking my self out of the pi, or not being able to use the web page, I started to learn more of what I was typing. And the link above was a few months ago, I want to post How I got mine working, as of today, 8-14-2012.

I'm using Raspbin "wheezy" build  of debian, available here http://www.raspberrypi.org/downloads

After Installing the OS on an SD card, during the first set up, I select to 224Mb to ram, and enable SSH on boot.

I set the time by typing sudo dpkg-reconfigure tzdata

I check for any new updates for this Debian build, By typing sudo apt-get update 

Then install them by typing sudo apt-get upgrade

I skip the part where he upgrades the firmware, because as I read up on it, with the new build of "Wheezy" it breaks any updates and in some cases, freezes the OS so you would have to re-install it on your sd card.

Next I change the default password of the 'pi' user by issuing this command, and then type your new password twice to save sudo passwd pi

Now in the next part of his blog, he gives you a couple of options of what type of server to install. In my case, I went with Apache.

To install Apache with php, tyoe sudo apt-get install apache2 php5 libapache2-mod-php5

At this point, I haven't had any errors, so i skip the next steps telling how to fix, said problem.

Now  restart the Apache service with sudo service apache2 restart

Just type in your ip address, of your Raspberry Pi, into your web browser, and if everything went right, you should se a "IT WORKS!" page.

To install the FTP server you need haver permission to edit a file, so enter sudo chown -R pi /var/www

Now install FTP by typing sudo apt-get install vsftpd

Then you will be modifying a file in nano, to bring it up, type sudo nano /etc/vsftpd.conf

To take a direct quote from tinkernut.com "Hit ctrl+W and search for anonymous_enable=YES, and change it to anonymous_enable=NO Remove the # from in front of local_enable=YES Remove the # from in front of write_enable=YES Skip to the bottom of the file and addforce_dot_files=YES Hit ctrl+X to exit, y to save and enter to confirm"

Follow those closely and you'll be fine,

Time to restart the FTP service by typing sudo service vsftpd restart

Try logging into your pi's FTP by logging in with your username of : pi and what ever your password it.

The last thing I do is change the password for the 'root' user, type sudo passwd root  enter your password twice and your good to go!

When I tried to give permissions to root and pi in the section that follows his FTP instructions, that's when I got locked out, 3 different times and re-installs. When i skipped it, everything seams to work fine. 

Hope this helps, have a great night!

A whole page dedicated to my Defcon 20 notes

Hope you enjoy! Some have audio, but the skytalk are my written notes only.

http://securityiskey.blogspot.com/p/my-defcon-20-notes.html

Big projects....

I am on the brink of releasing documentation of a project I have been working on, but it's not done yet. So between that and uploading the talks and notes from Defcon 20, I have plenty to do. Will try to post it all by the end of the weekend.

Oculus Rift: Step Into the Game

This looks amazing!
I would LOVE to get a hold of this and then intigrade the Leap for hand motion activation.

http://www.kickstarter.com/projects/1523379957/oculus-rift-step-into-the-game?ref=category