Month: January 2020

• System and network security
• Security analysis
• Ethical hacking
• Penetration testing
• Digital forensic
• Security audits

This article will discuss some of the popular Linux distros which can help you get started. You can try all of these and choose the one that works best for you:

Kali Linux

Kali was first introduced in 2012 as a Debian-based distribution, released with over 300 specialized tools for penetration testing and digital forensics. It uses the rolling release model that makes sure that any tool you use for security testing will always be up to date. It is a rewrite of BackTrackand maintained and funded by Offensive Security Ltd.

Kali is free to use and can run natively as a virtual machine or even as a live boot. The live boot is an exceptional advantage when using Kali for penetration testing and digital forensics. Kali supports a plethora of devices and hardware platforms, including VMware and ARM. It is rightly considered as one of the best and sophisticated penetration testing platforms available today, with a large and active community helping to make it better and more advanced.

Backbox

BackBox Linux is one of the most popular distros for security and penetration testing. It is an Ubuntu-based operating system with a plethora of security analysis tools that can be used for network and system analysis, exploitations and vulnerability analysis, forensics, and much more. Its main advantage is that it is light-weight, swift, simplified, and comes with a complete XFCE desktop environment.

Backbox is also compatible with older hardware, highly customizable, and has its own software repository with applications updated regularly with the most stable versions. Lastly, Backboxenjoys the support of a vast community, which has also made it one of the most effective distros to work on. 

Parrot Security

Parrot Security is a Debian-based distro developed by the frozen box team, which uses Kali repositories for updating the tool. Designed for cryptography, penetration testing, vulnerability testing, and digital forensics, Parrot Security is a lightweight system that is cloud-friendly, effective, highly customizable, and enjoys robust community support.

Parrot Security can be used from a rookie developer to the most pro developer for security testing. It uses MATE as its desktop environment; works on a minimum of 256MB RAM, and is available with both 32 and 64bitprocessors.

BlackArch

BlackArchis one of the most sophisticated Linux distribution for security testing and ethical hacking. Derived from Arch Linux, BlackArch has a huge tool repository with 2000+ tools. It is lightweight and compatible with Arch install existing currently. However, this distro is suitable only for a pro developer and not for a newbie. 

Samurai Web Testing Framework

Samurai Web Testing framework is an Ubuntu-based framework created with keeping web penetration testing in mind. It is a live Linux environment which comes with pre-installed to work as a platform for penetration testing and free open source tools. It can be used as a virtual machine along with the support of Virtualbox and VMWare.

Pentoo Linux

Pentoo Linux, which can be based an overlay on Gentoo Linux, is developed with a focus on penetration testing. It offers support to 32 and 64-bit processors and is available for alive boot session via a CD or a USB player. Pentoo comes with a lot of tools for security testing ranging from scanners, web application testing, analyzing, exploitation, and much more. It is an XFCE-based distribution with lots of of kernel features and is continuously updated by various developers.

DEFT

DEFT, which stands for Digital Evidence and Forensic Toolkit, is a specialized Linux distro for digital forensics. This open source distribution is Ubuntu based and paired with DART. DEFT is based on GNU Linux and its tools are focused around forensics. It uses anLXDE desktop environment and WINEfor executing Windows. DEFT can be run live or via a virtual machine and is made for running a live system without damaging the devices connected to the PC where the booting takes place via any tampering or corrupting.

You now have a fair idea about some of the most popular Linux distros for security testing. While this is by no means a comprehensive list, there are various other distros that you can work with and are equally good to work with. Some of them include:

• Caine
• Fedora Security Spin
• Bugtraq
• Network Security Toolkit
• ArchStrike
• Cyborg Linux
• Matriux
• Weakerth4n
• NodeZero Linux
• Santoku

These are also some of the favorites among developers. In the end, the choice depends on the requirement of the developer or the security professional.

This article was written to give you a brief idea about some of the best distros available today. If you choose to work with Kali Linux among them, we have just the right book to help you get started. Kali Linux – An Ethical Hacker’s Cookbook – Second Edition will help you discover end-to-end penetration testing solutions for enhancing your ethical hacking skills. It is packed with practical recipes that will quickly get you started with Kali Linux (version 2018.4 / 2019), in addition to covering the core functionalities.

About the Author :

Himanshu Sharma has already achieved fame for finding security loopholes and vulnerabilities in Apple, Google, Microsoft, Facebook, Adobe, Uber, ATT, Avira, and many more with hall of fame listings. He has helped celebrities such as Harbhajan Singh in recovering their hacked accounts, and also assisted an international singer in recovering his hacked accounts. He was a speaker at the international conference Botconf ’13, CONFidence 2018 and RSA Singapore 2018. He also spoke at the IEEE Conference as well as for TedX. Currently, he is the co-founder of BugsBounty, a crowd-sourced security platform.

In this tutorial, I will show you how to install and configure a PowerDNS Authoritative server with MariaDB database server as a Backend and using Poweradmin for easy DNS management.

Prerequisites

• CentOS 7 server
• Root privileges

What we will do:

1. Install EPEL and Remi Repositories
2. Install and Configure MariaDB
3. Install PowerDNS
4. Install Poweradmin
5. Poweradmin Post-Installation
6. Create Sample Zone

Step 1 – Install EPEL and Remi Repositories

First of all, we need to install dependencies for the PowerDNS installation. We’re going to install the EPEL repository and the REMI for PHP 7.2 installation.

Install EPEL and PHP Remi repository using the following commands.

yum -y install epel-release
 yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm

Once these repositories are added to the system, install the ‘yum-utils’ package.

yum -y install yum-utils

And enable the PHP 7.2 Remi repository using the following command.

yum-config-manager --enable remi-php72

Step 2 – Install and Configure MariaDB

The PowerDNS Authoritative server has support for a different backend, including the MySQL/MariaDB database server. The terms of ‘backend’ is a datastore that the server will consult that contains DNS records (and some meta-data). And for this guide, we will be using the MariaDB as a backend.

Install MariaDB using the following yum command.

yum -y install mariadb mariadb-server

Once the installation is complete, start the MariaDB service and add it to the startup boot time.

systemctl start mariadb
 systemctl enable mariadb

Next, we’re going to configure the root password for the MariaDB using the interactive tool called ‘mysql_secure_installation’.

Run the command below.

mysql_secure_installation

And you will be prompted for configuring the root password of the database server. Type ‘Y’ to set up the root password and type a strong password.

Set root password? [Y/n] Y
New password: 
Re-enter new password: 

For the others, just type ‘Y’ to yes.

Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

As a result, you’ve been installed the MariaDB database server and set up the root password for authentication.

Next, we will create a new database and user for the PowerDNS installation. Login to the MySQL shell with the user root and your password.

Run MySQL command below.

mysql -u root -p
 PASSWORD

Now create a new database called ‘powerdns’ and grant all the database privileges to a new user named ‘pdns’ with password ‘pdnspassword2018’.

create database powerdns;
 grant all privileges on powerdns.* to [email protected] identified by 'pdnspassword2018';
 flush privileges;

After that, create the tables structures for the PowerDNS database by running following MySQL queries below.

use powerdns;

CREATE TABLE domains (
id                    INT AUTO_INCREMENT,
name                  VARCHAR(255) NOT NULL,
master                VARCHAR(128) DEFAULT NULL,
last_check            INT DEFAULT NULL,
type                  VARCHAR(6) NOT NULL,
notified_serial       INT DEFAULT NULL,
account               VARCHAR(40) DEFAULT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;

CREATE UNIQUE INDEX name_index ON domains(name);

CREATE TABLE records (
id                    BIGINT AUTO_INCREMENT,
domain_id             INT DEFAULT NULL,
name                  VARCHAR(255) DEFAULT NULL,
type                  VARCHAR(10) DEFAULT NULL,
content               VARCHAR(64000) DEFAULT NULL,
ttl                   INT DEFAULT NULL,
prio                  INT DEFAULT NULL,
change_date           INT DEFAULT NULL,
disabled              TINYINT(1) DEFAULT 0,
ordername             VARCHAR(255) BINARY DEFAULT NULL,
auth                  TINYINT(1) DEFAULT 1,
PRIMARY KEY (id)
) Engine=InnoDB;

CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX recordorder ON records (domain_id, ordername);

CREATE TABLE supermasters (
ip                    VARCHAR(64) NOT NULL,
nameserver            VARCHAR(255) NOT NULL,
account               VARCHAR(40) NOT NULL,
PRIMARY KEY (ip, nameserver)
) Engine=InnoDB;

CREATE TABLE comments (
id                    INT AUTO_INCREMENT,
domain_id             INT NOT NULL,
name                  VARCHAR(255) NOT NULL,
type                  VARCHAR(10) NOT NULL,
modified_at           INT NOT NULL,
account               VARCHAR(40) NOT NULL,
comment               VARCHAR(64000) NOT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;

CREATE INDEX comments_domain_id_idx ON comments (domain_id);
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);

CREATE TABLE domainmetadata (
id                    INT AUTO_INCREMENT,
domain_id             INT NOT NULL,
kind                  VARCHAR(32),
content               TEXT,
PRIMARY KEY (id)
) Engine=InnoDB;

CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);

CREATE TABLE cryptokeys (
id                    INT AUTO_INCREMENT,
domain_id             INT NOT NULL,
flags                 INT NOT NULL,
active                BOOL,
content               TEXT,
PRIMARY KEY(id)
) Engine=InnoDB;

CREATE INDEX domainidindex ON cryptokeys(domain_id);

CREATE TABLE tsigkeys (
id                    INT AUTO_INCREMENT,
name                  VARCHAR(255),
algorithm             VARCHAR(50),
secret                VARCHAR(255),
PRIMARY KEY (id)
) Engine=InnoDB;

CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

quit;

As a result, the MySQL/MariaDB database and a user for PowerDNS installation has been created.

Step 3 – Install PowerDNS

Install PowerDNS and all packages needed using the following command.

yum -y install pdns pdns-backend-mysql bind-utils

After installing PowerDNS packages, go to the ‘/etc/pdns/’ directory and edit the configuration file ‘pdns.conf’ using vim editor.

cd /etc/pdns/
 vim pdns.conf

By default, PowerDNS is using ‘bind’ as the backend. So, type comment ‘#’ in the front of ‘launch=bind’ configuration and paste the MySQL backend configuration as below.

#launch=bind

launch=gmysql
gmysql-host=localhost
gmysql-user=pdns
gmysql-password=pdnspassword2018
gmysql-dbname=powerdns

Save and close.

Now start the pdns service and add it to the startup boot time.

systemctl start pdns
 systemctl enable pdns

After that, add the DNS service to the firewall.

firewall-cmd --add-service=dns --permanent
 firewall-cmd --reload

And the PowerDNS service is up and running, check using the following command.

netstat -tap | grep pdns
 netstat -tulpn | grep 53
 dig @10.9.9.10

As a result, you will get the pdns service is up and running on port 53 and get the response from the PowerDNS server.

Step 4 – Install Poweradmin

In this step, we’re going to install the DNS management for PowerDNS called ‘Poweradmin’. It’s a web application based on PHP, so we need to install PHP and web server in order to run the application.

Install an httpd web server and PHP packages using the following command.

yum -y install httpd php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-mhash gettext

After the installation, we need to install additional PHP Pear packages. Run the following command.

yum -y install php-pear-DB php-pear-MDB2-Driver-mysqli

Once the httpd and PHP installation is complete, start the httpd service and add it to the startup boot time.

systemctl start httpd
 systemctl enable httpd

Next, go to the ‘/var/www/html’ directory and download the poweradmin source code.

cd /var/www/html/
 wget http://downloads.sourceforge.net/project/poweradmin/poweradmin-2.1.7.tgz

Extract the poweradmin compressed file and rename it.

tar xvf poweradmin-2.1.7.tgz
 mv poweradmin-2.1.7/ poweradmin/

After that, add the HTTP and HTTPS protocols to the firewall.

firewall-cmd --add-service={http,https} --permanent
 firewall-cmd --reload

And we’re ready for the poweradmin post-installation.

Step 5 – Poweradmin Post-Installation

Open your web browser and type the server IP address plus the /poweradmin/install/ path URL for the installation. Mine is:

http://10.9.9.10/poweradmin/install/

Choose your preferred language and click the ‘Go to Step 2’ button.

Now just click the ‘Go to Step 3’ button.

And you will be displayed for the database configuration. Type the PowerDNS database details that we’ve created and the admin password for PowerDNS.

Click the ‘Go to Step 4’ button.

After that, you will need to create a new user will limited right privileges. Type the details as the following and change the user, password, etc with your own.

Now click ‘Go to Step 5’ button.

And you will be shown the page as below.

Open again your terminal server, log in with the root user and password. Then run the MySQL queries as on the page.

mysql -u root -p
 PASSWORD

GRANT SELECT, INSERT, UPDATE, DELETE
ON powerdns.*
TO ‘hakase’@’localhost’
IDENTIFIED BY ‘hakase-labs123’;

Now back to the web browser and click the ‘Go to Step 6’ button.

And you will be shown the page as below.

The installer was unable to create a new configuration ‘../inc/config.inc.php’. So, we need to create it manually.

Back to the terminal server, go to the ‘/var/www/html/poweradmin’ directory and create a new configuration file ‘inc/config.inc.php’.

cd /var/www/html/poweradmin
 vim inc/config.inc.php

Now paste the PHP script on the page into it.

?php

$db_host                = 'localhost';
$db_user                = 'hakase';
$db_pass                = 'hakase-labs123';
$db_name                = 'powerdns';
$db_type                = 'mysql';
$db_layer               = 'PDO';

$session_key            = '[email protected]=uetwJeD2#uApgO)2Ekj+S#oN1Khhoj';

$iface_lang             = 'en_EN';

$dns_hostmaster         = 'server.hakase-labs.io';
$dns_ns1                = 'ns1.hakase-labs.io';
$dns_ns2                = 'ns2.hakase-labs.io';

Save and close, then back to the browser and click the button.

And the installation is complete.

Optionally:

If you want to support for the URLs used by other Dynamic providers, copy the htaccess file.

cd /var/www/html/poweradmin
 cp install/htaccess.dist .htaccess

After that, you MUST remove the ‘install’ directory.

rm -rf /var/www/html/poweradmin/install

Back again to your web browser and log in to the Poweradmin dashboard using the URL as below.

http://10.9.9.10/poweradmin/

Log in with the default user ‘admin’ and the password, click the ‘Go’ button.

And as a result, you will be shown the Poweradmin dashboard and the installation is finished.

Step 6 – Create Sample Zone and DNS Records

At this stage, we’re going test the PowerDNS and Poweradmin installation by creating a new DNS zone for a domain called ’emma.io’.

On the Poweradmin dashboard, click the ‘Add master zone’ menu.

Set the zone name with the domain name ’emaa.io’ and click ‘Add zone’ button.

Click the ‘List zones’ menu to get all available zone. And click the ‘edit’ button for the zone ’emma.io’.

Click the ‘List zones’ menu to get all available zone. And click the ‘edit’ button for the zone ’emma.io’.

Now click the ‘Add record’ button and we successfully add the DNS zone and DNS record for the domain named ’emma.io’.

Next, we’re going to test the domain ’emma.io’ using a ‘dig’ DNS utility command.

Check the name server or ns record of the domain ’emma.io’.

dig NS emma.io @10.9.9.10

Check the A DNS record of the domain ’emma.io’.

dig A emma.io @10.9.9.10

And you will be displayed the domain ’emma.io’ has a nameserver from our DNS server ‘ns1.hakase-labs.io’, and the ‘A’ of that domain name is match with our configuration on the top with server IP address ‘10.9.9.11’.

Finally, the installation and configuration of PowerDNS and Poweradmin on CentOS 7 have been completed successfully.

Reference

• https://www.powerdns.com/documentation.html
• https://github.com/poweradmin/poweradmin

Requirements

Make sure your system meets the following requirements:

• PHP version 5.3 or greater with the following extensions: mbstring, gd, dom and JSON.
• A web server with PHP support like Nginx, Apache, Lighttpd, H2O. This tutorial will use NGINX.

Prerequisites

• A system running CentOS 7.
• A non-root user with sudo privileges.

Initial steps

Check your CentOS version:

cat /etc/centos-release
# CentOS Linux release 7.6.1810 (Core)

Set up the timezone:

timedatectl list-timezones
sudo timedatectl set-timezone 'Region/City'

Update your operating system packages (software). This is an important first step because it ensures you have the latest updates and security fixes for your operating system’s default software packages:

sudo yum update -y

Install some essential packages that are necessary for basic administration of the CentOS operating system:

sudo yum install -y curl wget vim git unzip socat bash-completion epel-release

Step 1 – Install PHP

Setup the Webtatic YUM repo:

sudo rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

Install PHP, as well as the necessary PHP extensions:

sudo yum install -y php72w php72w-cli php72w-fpm php72w-common php72w-mbstring php72w-zip php72w-pgsql php72w-sqlite3 php72w-curl php72w-gd php72w-mysql php72w-intl php72w-json php72w-opcache php72w-xml

To show PHP compiled in modules, you can run:

php -m

ctype
curl
exif
fileinfo
. . .
. . .

Check the PHP version:

php --version
# PHP 7.2.14 (cli) (built: Jan 12 2019 12:47:33) ( NTS )
# Copyright (c) 1997-2018 The PHP Group
# Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
#     with Zend OPcache v7.2.14, Copyright (c) 1999-2018, by Zend Technologies

Start and enable PHP-FPM service:

sudo systemctl start php-fpm.service
sudo systemctl enable php-fpm.service

Step 2 – Install acme.sh client and obtain Let’s Encrypt certificate (optional)

Securing your website with HTTPS is not necessary, but it is a good practice to secure your site traffic. In order to obtain a TLS certificate from Let’s Encrypt we will use Acme.sh client. Acme.sh is a pure Unix shell software for obtaining TLS certificates from Let’s Encrypt with zero dependencies.

Download and install Acme.sh:

sudo mkdir /etc/letsencrypt
git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh 
sudo ./acme.sh --install --home /etc/letsencrypt --accountemail [email protected]
cd ~

Check Acme.sh version:

/etc/letsencrypt/acme.sh --version
# v2.8.0

Obtain RSA and ECC/ECDSA certificates for your domain/hostname:

# RSA 2048
sudo /etc/letsencrypt/acme.sh --issue --standalone --home /etc/letsencrypt -d example.com --keylength 2048
# ECDSA
sudo /etc/letsencrypt/acme.sh --issue --standalone --home /etc/letsencrypt -d example.com --keylength ec-256

After running the above commands, your certificates and keys will be in:

• For RSA: /etc/letsencrypt/example.com directory.
• For ECC/ECDSA: /etc/letsencrypt/example.com_ecc directory.

Step 3 – Install and configure NGINX

Download and install Nginx from the CentOS repository:

sudo yum install -y nginx

Check the Nginx version:

nginx -v
# nginx version: nginx/1.12.2

Start and enable Nginx service:

sudo systemctl start nginx.service
sudo systemctl enable nginx.service

Configure NGINX for Bludit by running:

sudo vim /etc/nginx/conf.d/bludit.conf

And populate the file with the following configuration:

server {
  listen 80;
  listen 443 ssl;

ssl_certificate /etc/letsencrypt/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/example.com/private.key;
ssl_certificate /etc/letsencrypt/example.com_ecc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/example.com_ecc/private.key;
server_name example.com; root /var/www/bludit; index index.php; location ~ .php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } location / { try_files $uri $uri/ /index.php?$args; } location ^~ /bl-content/tmp/ { deny all; } location ^~ /bl-content/pages/ { deny all; } location ^~ /bl-content/databases/ { deny all; } }

Check NGINX configuration for syntax errors:

sudo nginx -t

Reload NGINX service:

sudo systemctl reload nginx.service

Step 4 – Install Bludit

Create a document root directory where Bludit should reside in:

sudo mkdir -p /var/www/bludit

Change ownership of the /var/www/bludit directory to [your_user]:

sudo chown -R [your_user]:[your_user] /var/www/bludit

Navigate to document root:

cd /var/www/bludit

Download the latest version from the official page and extract the zip file:

wget https://www.bludit.com/releases/bludit-3-8-1.zip
unzip bludit-3-8-1.zip
rm bludit-3-8-1.zip
mv bludit-3-8-1/* .  mv bludit-3-8-1/.* .
rmdir bludit-3-8-1

NOTE: Update download URL if there is a newer release.

Provide the appropriate ownership:

sudo chown -R nginx:nginx /var/www/bludit

Run sudo vim /etc/php-fpm.d/www.conf and set the user and group to nginx. Initially, they will be set to apache:

sudo vim /etc/php-fpm.d/www.conf
# user = nginx
# group = nginx

Restart PHP-FPM service:

sudo systemctl restart php-fpm.service

Step 5 – Complete the Bludit installation wizard

Open your site in a web browser. After opening your site in a web browser, you should be redirected to the following page, to choose your language:

Next, create a password for the user admin, and click “Install”:

After creating an admin password, you will be redirected to the Bludit frontend:

To access Bludit admin area, append /admin to your site IP or URL. This is how Bludit admin looks like:

Installation is complete. Happy blogging with Bludit CMS.

Links

• https://www.bludit.com/
• https://plugins.bludit.com/
• https://themes.bludit.com/
• https://github.com/bludit/bludit