Enable HTTPS on your Web Serve


HTTP secured, that is what we commonly hear about https. What does it brings in … A secure communication for the client as well as an assurance that the server is actually what it claims to be.  HTTPs is not generally a protocol by itself, it is actually layering http upon SSL, simplly encrypting the http traffic.

In this post, I will be explaining how to enable https on an apache web server running on a linux host. I am expecting that you already have apache and SSL configured in your system. So lets begin….

1.Activate SSL module

Apache is shipped with SSL module disabled. Hence we have to manually enable it. The following command can be used to enable SSL in apache.

sudo a2enmod ssl

2.Create a self signed SSL Certificate

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

The x509 command is a multi purpose certificate utility. It can be used to display certificate information, convert certificates to various forms, sign certificate requests like a “mini CA” or edit certificate trust settings.

-nodes is used to specifie no passphrase should be used. If you use a passphrase, you will have to enter it whenever you restart your server.

3.Update SSL config file

 

sudo vim /etc/apache2/sites-available/default

Make the following modifications in the file

  • Change the port on the virtual host to 443
    <VirtualHost *:443>
  • Add  your server name  below the Server Admin email
    ServerName localhost:443
  • Replace localhost with the domain name, if a domain name was given in “Common Name” above
  • Add SSL configurations to the file
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/apache.crt
    SSLCertificateKeyFile /etc/apache2/ssl/apache.key

4. Activate the new Virtual Host

sudo a2ensite default

Restart apache for the changes to take effect

sudo  /etc/init.d/apache2 restart

That is it…. HTTPS is configured in your web server with a self signed certificate.

NB:- It is always preferable to get the certificate signed by an authorized CA. Some browsers deny access for untrusted certificates.

Advertisements

Nmap Security Scanner


nmap5

Network Mapped (Nmap) is a network scanning and host detection tool that is very useful during several steps of penetration testing. Nmap is not limited to merely gathering information and enumeration, but it is also powerful utility that can be used as a vulnerability detector or a security scanner. So Nmap is a multipurpose tool, and it can be run on many different operating systems including Windows, Linux, BSD, and Mac. Nmap is a very powerful utility that can be used to:

  • Detect the live host on the network (host discovery)
  • Detect the open ports on the host (port discovery or enumeration)
  • Detect the software and the version to the respective port (service discovery)
  • Detect the operating system, hardware address, and the software version
  • Detect the vulnerability and security holes (Nmap scripts)

Nmap is a very common tool, and it is available for both the command line interface and the graphical user interface.

I this post, I will show you how to use Nmap for port scanning and OS fingerprinting purposes.

Nmap Port Scannig

$ nmap target

Here target can be host URL/IP or network address(for scanning the entire subnet).
You can also add multiple targets to Namp (target1 target2 target3 …). There are a bundle of options for port scanning which are not discussed in this post. You can refer man pages for more details.

Nmap OS Fingerprinting

OS fingerprinting is one of the best known features of Nmap. It sends a series of TCP and UDP packets to the host and examines the reply to from the host. It compares the responses on it nmap-os-db database of more than 2500 OS fingerprints and displays the fingerprint of the OS that matches. This is possible only if at least one open port and one closed port is found.

You can use the following command to scan the fingerprint of the target OS.

$ namp -O target

You should have administrative rights to perform the above tasks.

My sample OS Fingerprint is shown

OS Fingerprint

Chat using Netcat


This post is regarding Netcat. Netcat is a networking service for managing network connections using TCP or UDP. It is often reffered to as the Swiss Knife TCP/IP. Another modern implementation of Netcat is Nmap’s Ncat. Although it comes with added features with nmap’s mature network libraries, it lacks some reverse compatibility issues with netcat.

Netcat is a tool that may enables us to gain control over the network with its arsenal of features. Here I am going to demonstrate how to establish a simple chat session using netcat.
As usual i am using Ubuntu 12.04. I comes enabled with the openBSD version of netcat. This may not support all the commands you may find on the net. You can change it to traditional version using the following command

$ update-alternatives --config nc

Step 1: Start Listening

This chat session works as a client-server model. We need to start listening to a port from the server. The command for start listening is

$ nc -l -p  <port_number>

Step 2:  Start Chatting

Any client can connect to this server and start chatting. For connecting the have to use nc command with the IP and port number to which the server is listening.

$ nc <server_ip> <server_port>

All done…. Now you can start chatting.

Secure Communication using SSH


This time I was checking out OpenSSH. It is a network protocol which uses asymmetric key cryptography to provide secure data communication over an unsecured network. There is also a network protocol for “file transfer” SCP(Secure Copy) based on SSH. It uses SSH for data transfer and authentication ensuring authenticity and confidentiality of data.
In this post, I would like to explain how to connect to a remote system using SSH, transfer files securely and how to get password less access to a remote server.

Installing and Connecting to a remote server

I most Linux distros are shipped with only SSH-Client installed. If you would like to copy files  from your system from a remote system, you will have to install SSH-Server. If not, SSH-Client will be just fine.
To install SSH-Server, you can use the following command.

sudo apt-get install openssh-server

To connect to a remote server, the following command should work fine.

ssh <user>@<server IP/URL>

The above command will prompt for a password for the specific user at the server. Once you enter the correct password, you will get access to the shell of that user in the remote server. Now you can do whatever operations you like on the remote server, under the privilege of the user.

Copy using SCP

As you have seen, you can get access to a remote system using SSH. But SSH does not support file transfer. For that purpose, we use SCP. The command for transffering file from/to a remote server is as follows.

  • To copy a file to a remote host.
    scp <local file path> <usre>@<remote host IP/URL>:<remote location>
  • To copy a file from a remote host
    scp <user>@<remote host IP/URL>:<remote location> <local location>

Password less entry to an SSH Server

For enabling our system at achieve password less entry to a remote server using SSH, we use a public-private key pair. So first we have to generate a key pair. The following command helps you in creating a key pair

ssh-keygen 

Here I am using RSA algorithm to generate my key pair. ssh-keygen command supports DSA & ECDSA. It will ask you for the passphrase(private key) and then generate the public key file.

Now we have to copy this public key to the remote host. For that we use the following command.

ssh-copy-id -i <public key filename> <user>@<remote host IP>

This will copy your key file to ~/.ssh/authorized_keys on the remote server.Now when you try to connect to the remote host using SSH, it will ask for the password only for the first time. njoy….

Key-pair Generation, Secure Messaging & Message Signing


This time i am going to blog about public key generation, sending encrypted messages over the internet and using key-pairs for signing documents.

I used GNU Privacy Guard (GPG)  for this purpose. Normally GPG come pre installed with most Linux distros. So lets generate a strong public-private key-pair and see what all can be done with these keys.

Public Private Key-pair Generation

1. Generating Key-Pair

gpg --gen-key

Once you give the above command, the system will ask you for the following details.

  • What kind of key-pair do you want.
  • Length of key
  • Life span of key
  • Name
  • Mail id
  • Comment
  • Passphrase(private key)

Once you have entered all the above details, the system will be generating your public key in asc format.

2. You can add image to your public key to make it

gpg --edit-key <key-id>
gpg> addphoto

This will ask for a jpeg image.

3. Exporting Public key
You can export your public key to a file using the following command.

gpg --armor --export <mail-id> <filename>.gpg

4. Publish your public key

gpg --send-keys <key-id>  --keyserver <keyserver-name>

5. Sign your key
You can make others to sign your public key to authenticate the credibility of your key. Others can use the following commands to download your key from keyserver and sign it. You may publish your signed public key on key-servers or on the internet for others to send encrypted messages to you

gpg --recv-keys <key-id>
gpg --sign-key <key-id>

The above steps can be used to generate a strong key pair for yourself.

Secure Messaging

Now lets see how we can establish a secure communication between using the key-pairs.

1. Encrypt the message
If someone wants to send you a secure message, they can get your public key from the keyserver using –recv-key command. Then create a message and save it in a file. Use the following command to encrypt your message.

gpg --recipient <recipient-mail-id> --armor --encrypt <message-file>

This will generate a file .asc. This is the encrypted message. They can mail it to you.

2. Decrypt your message
You can use the following command to decrypt the message using your private key.

gpg --output <messagefile> --decrypt <encrypted-message-file>.asc

Message Signing

Finally, lets check out how we can sign a message file using our key-pairs. The following command can be used to sign your file.

gpg --clearsign <filename>

“Hello World” Boot Loader


Ever wondered what a boot loader is….??

A boot loader is a computer program (assembly language) that loads the Operating System  to the main memory. Boot loaders generally reside on the first sector of the memory. When we switch on a computer, the first program that runs is the BIOS which performs certain tests and them passes the CPU control to the Master Boot Record(MBR) which contains the boot loader program. Some of the most common linux boot loaders are LInux LOader(LILO), GRand Unified Boot loader(GRUB), LOAD LInux(LOADLIN), etc.

Again i was given the task of creating a custom boot loader program. First thing that came up when i researched, was that the boot loader programs are written in low level assembly language. Then we have to compile it using the NASM assembler. Then create an image of the boot loader to load in the memory. Lets take a step by step approh.

Step 1 :
Create the boot loader program

BITS 16                     
jmp main                    
nop                         
main:
    mov ax, 07C0h           
    add ax, 288             
    mov ss, ax
    mov sp, 4096
    mov ax, 07C0h           
    mov ds, ax              
    call PrintHelloWorld    
    jmp .InfiniteLoop
    .InfiniteLoop:          
        jmp .InfiniteLoop   

HelloWorld      db  "Hello World. This is from the bootloader", 0x0d, 0x0a, 0x00
PrintHelloWorld:            
    mov si, HelloWorld      
    call PrintStr           
    ret
PrintStr:                   
    push ax                 
    mov ah, 0Eh             
    .loop:
        lodsb               
        cmp al, 0x00        
        je .done
        int 10h             
        jmp .loop
    .done:
        pop ax              
        ret
times 510-($-$$) db 0       
dw 0xAA55

Step 2
Compile the Code

You can compile the boot loader program using ‘nasm’ command.

nasm -f bin -o hello_world_bootloader.bin hello_world_bootloader.asm

Step 3
Create Boot loader image

You need to create an empty file that will serve as the final image holding the bootloader. The command to create the file is given below.

dd if=/dev/zero of=hello_world_bootloader.img bs=512 count=2880

Now copy the bin file content to the image file

dd status=noxfer conv=notrunc if=hello_world_bootloader.bin of=hello_world_bootloader.img

Step 4
Testing your boot loader program

You can test your program using ‘qemu’ emulator

Command for 32-bit systems :

qemu-system-i386 hellow_world_bootloader.bin

Command for 64-bit systems :

qemu-system-x86_64 hello_world_bootloader.bin

Or

You can load the image file(.img) created in step 3 to a virtual machine and see your boot loader in action.

Hello World System Call


This was given to me as an assignment in my Operating Systems Lab. It took me a lot of time to finally crack it. So i thought of putting it up in my blog.  I implemented it on Ubuntu 12.04 LTS running on a virtual machine.

We will take a step by step approach in getting it done.

Step 1
Get a linux source

Ubuntu doesn’t come with the full linux source. So you may have to download it either from websites like kernel.org or you can download it using the following command.

sudo apt-get install linux-source

This downloads a tar.bz2 file to the /usr/src folder. Extract it to any folder you like and that will be your linux source root folder from now on.

Step 2
Add your custom system call to System Call Table

Open the file arch/x86/kernel/syscall_table_32.S and append the following line to the file

.long sys_hello_world

Step 3
Define the macros associated with your system call

Open the file arch/x86/include/asm/unistd_32.h. The file contains macro definitions for all the system calls. We have to add a macro for our system call in this file. Each system call is assigned an index number. My file had 348 such macro definitions. Hence i added my call indexed as 349 by adding the following line in the file.

#define __NR_hello_world 349

Do the same with the uistd_64.h file @ arch/x86/include/asm/unistd_64.h

#define __NR_hello_world 312
__SYSCALL(__NR_hello_world, sys_hello_world)

Now open the file include/linux/syscalls.h and add a prototype to your system call function

asmlinkage long sys_hello_world(void);

Now in the root directory in the kernel, create a folder named hello_world and create a file named hello_world.c with the following code

#include<linux/kernel.h>

asmlinkage long sys_hello_world(void){
printk("Hello World\n");
return 0;
}

Step 5
Pre-Compilation Settings

Create a file named Makefile within the hello_world directory and the following line to the file

obj-y := hello_world.o

This is done to ensure that the hello_world.c file is compiled and included in the new system kernel.
Now open the Makefile in the root directory(Source-linux), and change the following line

core-y          += kernel/ mm/ fs/ ipc/ security/ crypto/ block/

to

core-y          += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ hello/

This is to tell the compiler that the source for the new system calls are available at the /hello_world directory

Step 6
Compile the kernel

You can compile the kernel using the following commands

sudo make

Now you have enough time to watch a football match until the compilation completes. Once compilation is done, reboot your system.

Step 7
Install the new kernel

sudo make modules_install install

Step 8 Check if your system call actually works

Create the following program and run it to check whether the system call works

#include <stdio.h>
#include <linux/kernel.h>
#include <sys/syscall.h>
#include <unistd.h>

#define __NR_hello_world 312

long hello_syscall(void) {
    return syscall(__NR_hello_world);
}

int main(intargc, char*argv[]) {
    long int a = hello_world_syscall();
    printf("System call returned %ld\n", a);
    return 0;
}

The program should output the following

System call returned 0

The printk() in the system call program will be updated in the system log which can be viewed using the following command.

dmesg

If everything works well, you can find your system call listed in the system log.