Sunday, October 21, 2018

Updating Evan's Debugger in WeakNet LINUX


If you are doing any lab training in Hack The Box, Top Hat Sec's Reverse Engineering 101, Point3's Escalate, or some other class, training, etc - you might need to use Evan's Debugger at some point. This debugger tool came as an update in WNL8 (in Update 5), but lately has been giving some grief about updating g++ and cmake.

First, you will need to add this line to the /etc/apt/sources.list file,

# G++ 5+
deb http://ftp.de.debian.org/debian sid main


Then, simply do an,

[email protected]:~# apt-get update && apt-get install g++ cmake
[email protected]:~# apt remove libcapstone2
[email protected]:~# apt install libcapstone3 libcapstone-dev


Next, we will recompile and install edb with the following command (the installation files should still be on your file system).
[email protected]:~# cd /pwnt/reverse-engineering/edb-debugger/
[email protected]:~# rm -rf build
[email protected]:~# mkdir build
[email protected]:~# cd build
[email protected]:~# cmake ..
[email protected]:~# make
[email protected]:~# make install
Any errors that you may receive will most likely output exactly what needs added, updated, etc, but you can post them as comments here if you get stuck. I tried this with a fresh installation of WNL8 (including all the updates to (7)) and it worked well.As you can see form the screenshot above, you can dive right in and start reverse engineering those apps for flags/etc once done.

~Douglas

Saturday, October 20, 2018

Updates, Updates, Updates...

WeakNet LINUX

Hello everybody! A couple days ago I announced on Twitter and Facebook the latest WeakNet LINUX update was released and I am already working on update 9. This update includes the following software for your VMs:
 1. Seth, RDP tool (GitHUB)
 2. KeepNote (Debian APM)
 3. Dradis CE (GitHUB)
 4. ACLPwn (GitHUB)
 5. VEGA (WNL)
 6. Johnny (GitHUB)
 7. Nemesis
 8. NMAP compiled / installed and Debian APM version removed
 9. Cool Retro Terminal (GitHUB)
 10. MassScan
 11. Nikto2 (CIRT.net)
 12. ByteForce (WeakNet Labs/GitHUB)

 X. UI Updates
  a. New Icons
  b. Wallpapers
  c. Desktop menu update

New Tutorials Mini Series

I want to first apologize up front for not having a good setup to record my voice and screen at the same time. I just can't justify the cost of the hardware and software at the moment, so please bear with the poor audio. I did order a new microphone, but the software I am using ONLY allows me to record 5 minutes at a time as a license restriction. If anyone has any suggestions for great screen capture software, I really could use some. I use an AverMedia LGP2 for gaming that I might try to apply to these tutorials in hopes that the quality is much better. It just seems like a pain the rear to get it up and running for such a simple task :)

Anyways, these videos cover how to make a mini SIEM for web application and web service monitoring. If you enjoy them, please





Conferences

I just returned from some pretty awesome conferences, the Three Rivers Information Security Symposium, and Splunk> .conf18 in sunny Orlando Florida.

Let's start with the Bad and the Ugly

At the incredibly disorganized and poorly planned Splunk> conference, I attended the Splunk> Fundamentals 2 course- which wasn't good. I don't recommend it if you are up in the air due to it's ridiculous cost. It covered subjects and areas that you would have already discovered and adventured to if you were seriously using Splunk> after passing the Fundamentals 1 exam. It was also very cramped in the room. We had to share long tables with many people, so I literally had just enough space on the table for my laptop and was sitting on the end side of the table. This means, I had to stand up and pull in each time someone wanted to leave the room. The teacher made a massive amount of stupid mistakes during her lessons. In fact, some of them were repeated all the way to the end of the training and the students in the classroom were constantly telling her to do it correctly before she even noticed the issue. Then, on the last day of training, another teacher stepped in to show us a lesson and he was foreign, which is okay, but, I didn't understand a word he was saying and other students sitting by me were asking me what he was saying. I don't get it.

This is the awesome right here: after the exam, the teacher announced that anyone who took the Fundamentals 2 course in the past failed or struggled in the third course- ? It's like a disclaimer stating that the Fundamentals 2 course is pointless. Also, they surprised us by saying that the exams are no longer open book and require us to pay and go to specialized testing facilities to take them. That's a bit disheartening considering that the Fundamentals 1 exam had a lot of questions that were not in the training materials. She also, that our current certificates are now dated because of this new change. I don't have any good opinions about that company, but that is not what this blog is for.

As far as the conference itself, it was very disorganized.It seems like they were greedy and allowed too many people to attend. This made the experience rather annoying as it was forced to span several resorts- good luck running from the Swan resort to the Boardwalk resort between sessions when it's 90 degrees and super humid. Most of the sessions that I wanted to attend, I couldn't because they were full, and the hoodie size that both me and my coworker reserved, were not really reserved and all out. These are just few examples of why too many people make a conference a bad idea. I won't be attending the next Splunk .conf in Vegas even if it is free.

The Good

The Three Rivers Information Security Symposium, TRISS, is an incredible event. This years was the 3rd inaugural event. The first TRISS started in a classroom in Robert Morris University. The second year, TRISS grew and was held at the large conference room at the Double Tree Hotel, and the third - this year - TRISS was massive. It was held at the Monroeville Convention Center and had 3 rooms of sessions all day. This event blows my mind, to be honest. It's very well organized, contains talks by infosec professionals from all around the Western PA area, has TONS of sponsors (who give the swag and buy the food), and gives us a chance to network with individuals in our profession that are local. I, honestly, enjoyed this conference every time it was held. I wouldn't miss it for another.

If you are an InfoSec individual in the surrounding area, I would highly recommend asking your employer to send you to this conference.


Thanks for stopping by.
~Douglas

Wednesday, April 25, 2018

WeakNet LINUX Update #6 - HUGE

Updating Your VMs



This update could not have come at a sooner time! :) If you have an installed VM, I highly recommend deleting it from disk and start anew. I mean, that's the beauty of virtualization, amirite? But, some won't like that, and if you are one of those folks, just a warning - you may have to run the updater tool from the command line as so,

wnl8:~# wnl-update.sh

Thank you @Yas3r for the report on this issue. What I did was, retroactively went back through the previous updates, 1-5, and fixed some of the bugs there too. That's why I recommend doing this update from version 1. I have tested this update process, starting from 1 and going to 6, 4 times now and I have not hit any snags. If the OS updater tool that I made fails, it will not write the current version to your FS in /etc/wnl/version and thus can be executed again. This was done purposefully for those with unstable internet connections, etc.

Theme and UI Changes

The Theme was completely revamped for the UI. I structured it better and made things slightly smaller for screens with higher DPI. Alos, the bigger menu padding and window buttons accommodate touch screens a lot nicer. After running this update, you will also have to run, Desktop Menu->UI Config->Restart UI for the new UI to take effect. I am unsure how to do this programmatically using Fluxbox without killing it and couldn't find good documentation on it. Here is a close up image of the new Menu Theme,








You can click on any image above to view it in full size.

Change/Update Log

The updates include the following,
  • GetMalIPData (WeakNetLabs / GitHUB)
  • GoPhish Phishing Framework (GitHUB)
    • Startup script (WeakNetLabs)
  • Flasm
  • Random BUG fixes for dependencies
  • Binwalk
  • Radare2
  • Crunch
  • OWASP-ZSC
  • Vulners-Agent (GitHUB)
    • WeakNet Labs start-vulners script
  • VNC Viewer
  • IRSSI Startup Script
  • MITMF (GitHUB)
  • Removed menu referenece to "Bulk Extractor" as it is broken.
  • Credgrap_IE_EDGE PS1/Post exploitation script (GitHUB).
  • Frida (Reverse Engineering / Info Sec Tools) (PIP).
  • Credking (GitHUB)
  • tInfoLeak (GitHUB)
  • Bandit Python Secure Code Analysis Tool (PIP)
  • Slack Communication Tool (slack.com)
  • UI updates
    • Icons
    • Theme
    • Pixmaps
    • Menu
    • Updated Power Management Application
  • HUGE amount of BUG fixes!!


Thank you for your Support

The amount and utility of resources that I pack into these updates is crucial to WeakNet LINUX's success. Now, with that being said, I need to hear from more of you all about new tools, tools that you use every day for Information Security related tasks, and UI/UX suggestions to keep this project on top and of the highest quality. I am currently working on a few other small projects in my GitHUB as well that I want to integrate into the distribution's updates, including tools that I use / require on a daily basis as an information security engineer.

I am only one single dude on this entire project and I have little free time lately. So, please, if you enjoy the project - be patient with me and consider writing reviews online or telling your colleagues and hacker friends where this distribution lies among the rest for penetration testing! The only thing I ask in return is simply spreading the word of this OS so we can gather even more feedback and build it even better in updates, ISO, or future releases!

I really want to make a new splash page for WeakNet LINUX and remove the downloads and pages from this web blog site as soon as I can. I will be hosting the pages myself and it will have a stronger, more professional presence with goals, missions, etc outlined in a much clearer manner. So, stay tuned to my FaceBook and Twitter feeds (can be found on the right nav bar here) if not already for those upcoming updates!

~Douglas