BlackBuntu – Ubuntu-flavored Linux Penetration Distro

Blackbuntu is a Ubuntu-based distro used for penetration testing and security auditing. Blackbuntu is designed to be used by students and practitioners who are interested in the field of information security.

Blackbuntu tools are divided into several categories:

  • Information Gathering
  • Network Mapping
  • Vulnerability Identification
  • Penetration
  • Privilege Escalation
  • Radio Network Analysis
  • VoIP Analysis
  • Digital Forensic
  • Reverse Engineering
  • Miscellaneous

Which includes these tools among others: Lanmap2, nmbscan, dnsmap, fierce, hostmap, ltrace, tctrace, sqlbrute, sqlmap,sqlninja, mysqloit, sqlcheck, wfuzz,xsser,xssploit,jmeter, nikto2,skipfish,wbox, autopsy,scalpel,mboxgrep,galetta,afstats, wepcrack,giskismet,fakeap,aircrack-ng,cowpatty,bluebugger,bluescan, bluesnarfer, iwar,protos-sip,sipcrack,brutessh,hydra,sshater

…and many more.

Blackbuntu can be downloaded from its official website – http://www.blackbuntu.com/

How to limit cpu usage for a process with cpulimit (Ubuntu / Debian server)

cpulimit is a tool that can be used to limit cpu usage (throttle cpu usage) for a single process (by its PID). cpulimit is useful to ensure that a single process would not hogs the cpu cycles, which can be use by other processes. cpulimit is different from ‘nice’ as it limits the real cpu usage for a process, while ‘nice’ controls scheduling priorities for a particular process.

How to use cpulimit?
Basic usage:
[bash]
cpulimit -p [pid] -l [ cpu percentage]
cpulimit -p 12345 -l 25
[/bash]

Running cpulimit on background:

[bash]
cpulimit -p 12345 -l 25 -z -b
[/bash]

Note: The cpu percentage is the same one as reported by the ‘top’ command.

cpulimit can be installed from Ubuntu and Debian 6.0 (Squeeze) repository through apt-get. The official website of cpulimit is http://limitcpu.sf.net

How to change hostname in Ubuntu server

Here’s how you can change hostname in Ubuntu server

1. Edit /etc/hostname, and change the hostname
2. Edit /etc/hosts file, and add the hostname to 127.0.0.1, or to any local machine ip
3. run, “sudo server hostname stop”, and “sudo server hostname start”

3 Reasons Behind why I Hate CPanel Web Hosting

Adding Subdomain / Domain creates a subdirectory
Adding Subdomain, and add-on Domain is a pain-in-the-ass as it creates a subdirectory in the root web directory, meaning that any web-users can abuse this by adding trailing subdirectory ‘subdomain’ http://yourdomain.com/subdomain/ to access http://subdomain.yourdomain.com/

Outdated Pre-package Software
Cpanel came with outdated pre-packaged software, PHP, MySQL and PostgreSQL and other libraries that is outdated compared to the one available on the host operating system. The problem is not about how outdated the software packages are, but the how often these package are being patched. CPanel vendor very notorious for not providing timely patches which would compromise the security of the web application.

Can’t change DNS setting easily from the panel
Unlike DirectAdmin, CPanel does not offer an easy way to change DNS record of domain easily as the option is not offered by default to the control panel. Although this can be mitigated by having your domain points to a 3rd party NS, it’s still one of the thing that gets me down with CPanel.

My Thoughts
CPanel is an excellent control panel for beginner as it offers a lot of options and functionality with a simple user-interface. However, personally, I prefer to use other control panel such as DirectAdmin or Plesk for my web hosting use.

p/s: Currently I’m on VPS without standard control panel.

How to Secure SSH server from Brute-Force and DDOS with Fail2ban ( Ubuntu )

Fail2ban is a security tool used for preventing brute-force attack and Distributed Denial of Service (DDoS) attack to your GNU/Linux box.

Fail2ban monitors failed login attempts and subsequently blocks the ip address from further logins. Although Fail2ban can also be used to secure other services in Ubuntu server, in this post, I will only focus on securing SSH server.

Step 1: Install Fail2ban and (optionally) sendmail

sudo apt-get install fail2ban
sudo apt-get install sendmail-bin

Step 2: Setting up Fail2ban

Next, you need to configure fail2ban by creating a copy of ‘jail.conf’ to ‘jail.local’

cd /etc/fail2ban
sudo cp jail.conf jail.local

Step 3: General fail2ban configuration

Edit fail2ban configuration file using your favorite text-edito (I personally use ‘nano’)

sudo nano /etc/jail.local

You can set IP address for fail2ban to ignore, IP addresses can be separated by space.

Bantime is the duration of time that you want fail2ban to block suspicious attempt, the value is in seconds
Maxretry is the number of failed attempts before fail2ban block the IP-address, in this case 3600 means 1-hour ban

# "ignoreip" can be an IP address, a CIDR mask or a DNS host
ignoreip = 127.0.0.1 192.168.1.1
bantime  = 3600
maxretry = 3 

Step 4: Enabling ssh and ssh-ddos protection
Find ssh configuration under [ssh] heading, and enable it.

[ssh]
enabled = true
port    = ssh
filter  = sshd
logpath  = /var/log/auth.log
maxretry = 3 

Similarly, you can also enable [ssh-dos] protection by changing the enabled value to “enabled = true

[ssh-ddos]
enabled = true
port    = ssh
filter  = sshd-ddos
logpath  = /var/log/auth.log
maxretry = 2

Step 5: Enable Sending Notification Email (optional)
Optionally you can have fail2ban sends you notification email in case of suspicious login detected. To do that, you need to locate destemail settings and changed it to your email

destemail = security@mypapit.net

Fail2ban can use ‘sendmail’ and ‘mail’ application to send notification email

Step 6: (Re-)start Fail2ban
After all is done, you may save the file, and (re)start the fail2ban service

sudo /etc/init.d/fail2ban restart

You can test the configuration by trying to login into your box. You may also check fail2ban log in /var/logs/auth.log (or in other directory specified in jail.local)

For more information about fail2ban, you can read : the official fail2ban manual

Recommended Reading

How to login into OpenID sites Anonymously

OpenID is a standard that allows users to be authenticated in a decentralized manner. OpenID enables user to be identified across the internet using a single unified OpenID identifier (or account).

However some websites (particularly blog and forums) insist users to login in order to leave a short comment or remarks which sometimes is not convenient for some users that value anonymity.

OpenID Tango

The OpenID Anonymity service is an OpenID provider that helps you get around website or application that requires OpenID login. To use OpenID Anonymity service, the user only need to key in its URL Identifier – http://openid.anonymity.com/some_random_id and the user will be automatically authenticated, without the need to log-in or to enter password, which is very convenient if one needs to be anonymous.

Try it!

p/s: Additionally here’s a collection of Public Domain OpenID (tangofied) icons, created by Jakub Szypulka