Install Secure Lab Tools in Fedora 26

I am working my way to dive in to the world of security testing. We have been going through the tasks on 30 days of security testing from Ministry Of Testing Dojo. The themed tasks is actually a really good way to keep up in learning new topics and deepening your knowledge on different issues at hand. Ministry Of Testing has a nice series of themed months on the catalogue and I warmly recommend to check them out.

We have been doing the themed months a bit differently. First of all, we accept the fact that there is weekends and people do not have to live, breathe and urinate testing. Even though it does help from time to time. So, our approach has been mainly to do 30 days of testing during the weekdays. Which means that instead of 4 weeks, we’ll accomplish it in approximately 6 weeks.

Anyhow, one of the things beside the security testing challenge has been us having a course on Ethical Hacking. The course is available in Udemy and it is reasonably priced, so I recommend that, at least if you’re not familiar with penetration testing and hacking techniques in general.

So, we go through tools and techniques and use Kali Linux for that. Which seems to be powerful to use. As I am running Fedora 26 on my workstation, I am running the penetration test stuff on Fedora Boxes (more stable than VirtualBox), but I noticed that it would actually be nice to have the tools on my actual workstation, too.

So I went and googled a bit and as I knew, someone had already solved my issue.  As I am using Finnish language on the laptop, my installation command was like this:

# sudo dnf groupinstall Turvallisuuslaboratorio

For most of the people who do not have the capability to understand Finnish, it would make sense to use something more, how to put it, understandable language, like English.

So, in that case I suppose the command should work like this:

# sudo dnf groupinstall security-lab


By the way, while writing this, I did write the Kali Linux on a USB disk. It actually feels better to have it there than fooling around with virtual machines (in this case). Even though I’ll have to reboot the computer if I want to run it.

Install jMeter in Fedora

I was a bit surprised for Fedora not having jmeter in the repository, but then I thought I could as well do the thingy in the old way 😀

First of all, we need to get the release:

wget http://apache.mirrors.spacedump.net//jmeter/binaries/apache-jmeter-3.1.tgz

Then we need to extract it:

sudo tar -xzf apache-jmeter-3.1.tgz -C /opt/

After that, we create the symlink to the jmeter -binary:

sudo ln -s /opt/apache-jmeter-3.1/bin/jmeter /usr/local/bin/jmeter

And as last, we create a desktop shortcut:

vi ~/.local/share/applications/jmeter.desktop

[Desktop Entry]
Type=Application
Encoding=UTF-8
Name=JMeter
Comment=JMeter
Exec=/usr/local/bin/jmeter
Icon=/opt/apache-jmeter-3.1/docs/images/jmeter_square.png
Terminal=false

 

That’s it. We’re done 😀

 

Run docker without sudo in Fedora 25

Sometimes things get weird. One could imagine that the documentation on docker (https://docs.docker.com/engine/installation/linux/fedora/) could be up to date. And when it comes to installation itself, it actually is.

The problem is/was that I was forced to run the docker with sudo (reasons are explained on both pages linked here, I’m not going to repeat them), and while both sites gave a solution, the docs.docker.com -instructions did not actually work. So I googled a bit more:
https://developer.fedoraproject.org/tools/docker/docker-installation.html

According to developer.fedoraproject.org, you’ll have to run the following two commands in order to get docker executed without sudoing.
Basically you’ll add a docker -group and add yourself to it.

$ sudo groupadd docker && sudo gpasswd -a ${USER} docker && sudo systemctl restart docker
 $ newgrp docker

Excuses get in the way

I know, every excuse is just an excuse on failing to prioritise, but sometimes the prioritising actually gets you nailed down to something where you just have to concentrate and work on.  This week has been one of those.

So to say, releases flowing in from doors and windows and I find myself testing (or wanting to test) them all.

Which of course has meant that I haven’t been able to fulfil the 30 Days of Testing assignments. Currently I am lagging behind 1½ – 2 days. My plan is to get back on the track during this week, anyhow, meaning that I’ll do something during the weekend.

This is just to inform that I am aware of the situation.

Besides that, I ended up going through this tutorial yesterday and realised that this mochaJs-thing seems to be a neat way to learn JavaScript and some test development 😀 I might even give it a more thorough run later on. I also discussed with the author (Viktor Johansson) on collaborating and creating some neat tutorial with BDD & Robot Framework. Oh, and managed to install Skype on the Fedora, which is always an accomplishment 😉

We’ll see what tomorrow brings.

Installing Ubuntu 15.04 on Dell Latitude D810

I do have this old laptop. Dell Latitude D810. It is otherwise quite ok, display resolution is excellent, CPU power is enough for browsing etc. The only thing that bothers me is the lack of memory, or so to say the limits of memory you can use. 2 GB of memory is nowadays below the minimum.

However, it manages to keep my writing going on and web browsing is actually easier and more efficient than with the Asus Eee PC 1101HA, which seems to lack the rest of everything you need to work around.

Ok, enough babbling. Back to the actual topic:

Installation procedure was pretty simple (this time).

  • Download Ubuntu 15.04 (32-bit version)
  • Write the downloaded image to USB disk:
    1. Plug in the USB
    2. umount /dev/sdb (in case needed, I didn’t have to, my Arch linux did not automount the disk)
    3. ]$ dd bs=4M if=Downloads/ubuntu-15.04-desktop-i386.iso /dev/sdb
    4. Eject the USB -stick (eject /dev/sdb )
  • Plug in the USB stick to Dell Latitude D810
  • During the Start Up, press F12 and select USB device as the boot device
  • During the installation process, do not select the 3rd party software to be installed, it halts the computer.
  • If you have network cable, plug it in during the installation procedure and download the updates during the installation
  • After installation, restart the computer
  • When computer has been restarted, do the following:
    1. Open terminal (Ctrl+Alt+T)
    2. Run the following commands:
  ]$ sudo apt-get update
  ]$ sudo apt-get install firmware-b43-installer
  ]$ sudo modprobe -r b43 bcma
  ]$ sudo modprobe -r brcmsmac bcma
  ]$ sudo modprobe b43
  • Restart the computer

The information gathered above can be also found from Ubuntu WifiDocs -site. All I did was gathered it in a simplified list to be applied. Most likely the same approach should work to Debian, too.

Vagrant recommendation

For testing server -side solutions with VirtualBox, I highly recommend to use Vagrant (http://www.vagrantup.com/). Works perfectly on testing purposes, the environment is set up by entering following at the terminal prompt:

$ vagrant box add base http://files.vagrantup.com/lucid32.box

$ vagrant init

$ vagrant up

That initialises, fetches and starts up one Ubuntu Lucid Lynx -server. To connect to connect to the server after this:

$ vagrant ssh

After working for awhile you can either halt, suspend or just plain exit from the server and then get back to it by writing ‘vagrant ssh’ again. The most genius part is that you can re-set the server back to defaults after everything is done. That’s just plain perfect for testing 😀

To re-set the Vagrant -server:

$ vagrant destroy

Of course there is drawbacks, as always, but to be honest, it’s a neat tool.

In order to get to see even more usable Vagrant Boxes, browse to: http://www.vagrantbox.es/

What is a test tool?

KuvaIn order to really discuss something worthwhile at this blog, I’d need to know what actually is a test tool? To gather information and thoughts about the test tools will be way easier if I know what to investigate.

As I mentioned before there is bunch of text editors, as well as internal/external blogs (such as this?) that could be used as test journals, test data editors and for interpreting test data. As an addition to that post I’d really like to see a tool that combines the journaling possibility seamlessly and easily to the test tools used.

Which brings us to the variety of the tools. There is scripting tools for running and automating test cases. Formost you can use the OS -native tools to automate some part of the test process.

For example there’s shell -scripting possibilities in Windows -machines. You can easily edit the scripts that can be used in command prompt by using the notepad or whatever editor there is. The problem that I see nowadays is more or less the fact that there’s not much you can do from Windows -shell. The command variety is limited and as stated, most of the stuff you want to get done requires the actual GUI. You can, however, automate some tool -usage, e.g. java-, ant-, cvs/svn/git -commands in order to proceed with the normal, and boring, repetitious steps on testing process. You could also use Perl and Python from the prompt. 

That is much less than what linux -shell can do. Bash -scripting (ok, there’s other command line interpreters than just the bash, I know ;)) with whatever linux/unix -distribution is more simple to get done and is way much effective due to the fact that the interpreters can execute a huge variety of their own functions plus call system applications, perl– & python -interpreters etc.

I will return to both of these interfaces later on as separate blog entries (one or more per interface). They certainly deserve it. The question still remains: Can the command prompts and their interpreters be referred as test tools?

I myself think so. The thing that remains to figure out is how much we can rely on the software and tool provided by the vendor of the OS (or a GNU -cult for that matter) and how much we need to take in consideration that they have their limits and defects, too. And last, but not least, when should we start using some other test tool as the ones provided by the OS we are using when testing. And yes, there’s a slight difference if you’re testing  the software and using it’s OS provided client interface on the test target than on your workstation. Depending on how heavy processes you use on test scripting you need to consider the effect to the test target and taken measurements (CPU & memory usage, thread usage on linux etc.)