HHT: Network Security Part 1

[gamahiro]

Requested by a few people.
Part 1 will be required software/materials. Part 2 will be a "hands-on" networking primer. If there's interest after Part 2, I will make more.

I can't do a generic tutorial for all OS's, and I realize noone wants to install and learn a new OS. So, I'll teach you how to use a linux livedvd. A livedvd is an operating system on a dvd. There's no installing involved. You don't write anything to disk, so you're Windows installation isn't affected. Backtrack linux has a livedvd, and it contains everything you will need to get started.

Required:
1) Computer (duh) with a bios that can boot from a dvd drive.
2) DVD drive.
3) A copy of Backtrack linux (see below).
4) A usb hard drive or pendrive (optional but recommended).

Get the livedvd here: http://www.backtrack-linux.org/downloads/
You want BackTrack 4 R1 Release ISO
Verify the md5sum to insure you have an uncorrupted copy. Software for Windows - http://www.etree.org/md5com.html
Write the .iso to a dvd. See the manual for your dvd writing software on how to write an image file.
If you only have one computer you might want to print the following or write it down.

Load the livedvd and restart your computer. You will probably have to enter the bios and set the boot sequence to use the dvd/cdrom drive first. After a few seconds or so you will see a list of options to boot. Pick the first option - Start in framebuffer 1024x768
Booting is slow because you are booting from removable media and not a hard disk. After all of the modules are loaded you will end up at a login: root@bt:~#
We can do everything we need to do right here in this one terminal, but I think you would prefer an xwindows session so type:

Code:

startx

The xserver will start, then KDE (KDE is a desktop environment). For this tutorial we will stick with the default, but just for future reference, there are a lot of different desktop environments and window managers for linux. You can make it look however you want.
First things first. We'll change the default password. On the bottom of the screen you will see the taskbar. 5th icon from the left is Konsole (put your mouse over the icons to see the descriptions). Click that. Type the following:

Code:

passwd root

It will prompt you to type a new password and then confirm it. If you typed it correctly you will see:

Code:

passwd: password updated successfully

Next we will get our networking started. There's a handy little bash script to try first. In your Konsole (terminal) type the following:

Code:

/etc/init.d/networking start

This will run through the interfaces listed in /etc/network/interfaces
This may or may not work. If you're not sure whether this worked or not, (after the script has stopped running) type the following into your terminal:

Code:

ping www.google.com -c 3

If you see:

Code:

ping: unknown host www.google.com

then it didn't work. If you see something other than what I typed above, double check it. Open Firefox and try to open a website.

To setup your wireless connection, click on KMenu (the equivelent of the Start menu in Windows). Go to Internet --> Wicd Network Manager. wicd will start. It's self-explanatory.

If you need to set up a static IP you will have to modify a shell script (it's not as intimidating as it sounds). First we will open the script in our terminal:

Code:

nano /etc/network/interfaces

Network devices in linux are called eth (for ethernet), wlan (wireless), lo (loopback), followed by a number. The first ethernet device is called eth0. The second is eth1, etc. If you only have one nic and a static ip address you can delete everything in the interfaces script except:

Code:

auto eth0
iface eth0 inet

Now we plugin our configuration:

Code:

auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1

Obviously change it to your addresses. Also notice that I changed the second line to read "static" rather than "dhcp."
Press the Control key with the "X" key to save the file. It will ask you if you want to save the file. Type "Y" for yes or "N" for no (if you made a mistake). It will ask you for the name of the file to save. Just hit enter for the default. There. You just modified your first shell script. Easy huh? One more thing to do for a static IP address though. You need to set a nameserver:

Code:

nano /etc/resolv.conf

All you really need to specify here is your nameserver(s). You can also add domain and search as well. Here I will specify primary, secondary and tertiary nameservers, domain and search:

Code:

domain ri.cox.net
search ri.cox.net
nameserver 68.105.28.12
nameserver 68.105.29.12
nameserver 68.105.28.11

Again, you only need your nameserver(s) here. Ctrl-x, Y, enter, enter to save the file.
Now you can run:

Code:

/etc/init.d/networking start

Those are the 3 most common network configurations. If you need help for another configuration just ask and I'll get you up and running.

At some point you may want to access your hard drive to get a file or save a file. Remember, we are running a livedvd. When you reboot, everything is lost. You can't save files to the dvd, and unless you mount another device you won't be able to save anything. Mounting and unmounting is a security feature of unix type operating systems. By default most unix systems don't know about floppy drives, cdroms, usb devices, etc. until you tell the operating system it's there. In the next example I'll show you how to make a directory for your Windows partition, set a mount point on your file system and then mount the Windows hard drive.
First type the following in your terminal:

Code:

cat /proc/partitions

Most likely you will only see the following:

Code:

7       0       1927080    loop
3       0        78150744 hda
3       1        78140128 hda1

The numbers will be different, but you should see either hda or sda. In linux we don't call hard drives C: or D:. We call them hda or hdb (IDE drives are hda and scsi or sata drives are sda). We also list the partition after the hard drive. So hda1, hda2, etc. Right now we are only concerned with your Windows installation, so we see 2 parttions on hda. Notice hda1 is a little bit smaller than hda. That's the partition that has Windows on it. Remember that (hda1). If you have a scsi or sata drive, remember to change the code below from hda to sda.
First we will create a directory for Windows:

Code:

mkdir /mnt/hda1

Now we can mount that device to our new directory:

Code:

mount /dev/hda1 /mnt/hda1

Now you can see all of your Windows files by typing:

Code:

ls -al /mnt/hda1

Try:

Code:

df -h

If the above did not work for you, let me know and I'll help you fix it.

If you have a usb device you want to mount then read on. If not, skip to the next part. Plug in your usb device then in your terminal type:

Code:

dmesg | less

The "less" will prevent everything from scrolling by. You can read dmesg one page at a time. Press spacebar to go to the next page, or you can use the page-up/page-down keys. Control-Z stops less and brings you back to a command prompt. Another little bash trick is to send the output to a file rather than to the screen:

Code:

dmesg > NameOfYourFile

Now you can open it up as a text file:

Code:

nano NameOfYourFile

Anyway...what we are looking for here is anything that says "usb." If your hard drive is IDE and you mounted your Windows partition as hda1 then you don't need to do this step. Your usb device will be sda1. If you have a scsi or sata drive, you need to do this step. Look for "usb" and "sda." When you find it you can plug that into the following example:

Code:

mount /dev/sda1 /mnt/usb

To see it mounted do:

Code:

df -h

To see the contents of the usb media do:

Code:

ls /mnt/usb

Like I said before, if you reboot, everything will be lost and you'll have to do this over again. It might be a good idea though so you can practice.

One last thing for this lesson....Right now you are running as root (superuser). For most of the network security software I'll be showing you root is required. If you plan on surfing the internet or doing other stuff online (especially irc) you will need to create a regular user. Let's say your username is gamahiro. You would do this:

Code:

useradd -m -G users,audio,cdrom,plugdev,video -s /bin/bash gamahiro

When that is finished type:

Code:

passwd gamahiro

Now to switch to my user account I type:

Code:

su gamahiro

To switch back to root I type:

Code:

su

I hope you remember your root password that we set way back at the beginning If you ever get confused, and can't remember who you are for some reason, just type:

Code:

whoami

If you have any questions feel free to ask. Here's some links for you to brush up on your unix skills:
http://www.linux.org/docs/
http://www.howtoforge.com/
http://tldp.org/
http://www.ibiblirg/pub/Linux/
http://www.linuocs.org/
http://www.linux-tutorial.info/index.php
http://linuxbasics.org/
http://ss64.com/bash/
http://www.computerhope.com/unix.htm
http://www.linuxcommand.org/
http://blog.commandlinekungfu.com/

PS: I typed most of this off of the top of my head. If there are any errors, let me know and I'll edit the post. Thanks.

[gamahiro]

Is anyone following this? Should I bother making a part 2?

[Kushan]

I'm following it....obviously I even thanked you Hiro kun!!!!

[gamahiro]

I know you are, but if it's just you I can email you rather than post it here.

[~Anubis~]

i would follow you gama san but this things are too much for my head.

and it's like ???????????????????????????? to me

[FiveManRasengan]

I wonder why you picked backtrack, being the hacker OS of choice

[Leaf]

nice. very interesting

[gamahiro]

I wonder why you picked backtrack, being the hacker OS of choice

I picked Backtrack because I needed to use a livecd/dvd for this. Noone here is going to install unix. You can't install software on a livedvd, so it had to have the software that I would be using, preinstalled.

[gamahiro]

i would follow you gama san but this things are too much for my head.

and it's like ???????????????????????????? to me

* pets KNJ on the head* ...There there. The world needs ditch diggers and trash collecters too you know. :D

[UzumakiClash]

This is interesting. I will follow you so I can learn more. Linux is pretty cool even though I only have Mac.

[Kagutsuchi]

Nice.

[Wildstorm83]

Nice Thread Hiro.
I'll keep an eye out for part 2.