Linux

Install Secure Lab Tools in Fedora 26

/ jankka / 1 Comment

I am working my way to dive in to the world of security testing. We have been going through the tasks on 30 days of security testing from Ministry Of Testing Dojo. The themed tasks is actually a really good way to keep up in learning new topics and deepening your knowledge on different issues at hand. Ministry Of Testing has a nice series of themed months on the catalogue and I warmly recommend to check them out.

We have been doing the themed months a bit differently. First of all, we accept the fact that there is weekends and people do not have to live, breathe and urinate testing. Even though it does help from time to time. So, our approach has been mainly to do 30 days of testing during the weekdays. Which means that instead of 4 weeks, we’ll accomplish it in approximately 6 weeks.

Anyhow, one of the things beside the security testing challenge has been us having a course on Ethical Hacking. The course is available in Udemy and it is reasonably priced, so I recommend that, at least if you’re not familiar with penetration testing and hacking techniques in general.

So, we go through tools and techniques and use Kali Linux for that. Which seems to be powerful to use. As I am running Fedora 26 on my workstation, I am running the penetration test stuff on Fedora Boxes (more stable than VirtualBox), but I noticed that it would actually be nice to have the tools on my actual workstation, too.

So I went and googled a bit and as I knew, someone had already solved my issue.  As I am using Finnish language on the laptop, my installation command was like this:

# sudo dnf groupinstall Turvallisuuslaboratorio

For most of the people who do not have the capability to understand Finnish, it would make sense to use something more, how to put it, understandable language, like English.

So, in that case I suppose the command should work like this:

# sudo dnf groupinstall security-lab

By the way, while writing this, I did write the Kali Linux on a USB disk. It actually feels better to have it there than fooling around with virtual machines (in this case). Even though I’ll have to reboot the computer if I want to run it.

Advertisement

Install jMeter in Fedora

/ jankka / Leave a comment

I was a bit surprised for Fedora not having jmeter in the repository, but then I thought I could as well do the thingy in the old way 😀

First of all, we need to get the release:

wget http://apache.mirrors.spacedump.net//jmeter/binaries/apache-jmeter-3.1.tgz

Then we need to extract it:

sudo tar -xzf apache-jmeter-3.1.tgz -C /opt/

After that, we create the symlink to the jmeter -binary:

sudo ln -s /opt/apache-jmeter-3.1/bin/jmeter /usr/local/bin/jmeter

And as last, we create a desktop shortcut:

vi ~/.local/share/applications/jmeter.desktop

[Desktop Entry]
Type=Application
Encoding=UTF-8
Name=JMeter
Comment=JMeter
Exec=/usr/local/bin/jmeter
Icon=/opt/apache-jmeter-3.1/docs/images/jmeter_square.png
Terminal=false

 

That’s it. We’re done 😀

 

Run docker without sudo in Fedora 25

/ jankka / 1 Comment

Sometimes things get weird. One could imagine that the documentation on docker (https://docs.docker.com/engine/installation/linux/fedora/) could be up to date. And when it comes to installation itself, it actually is.

The problem is/was that I was forced to run the docker with sudo (reasons are explained on both pages linked here, I’m not going to repeat them), and while both sites gave a solution, the docs.docker.com -instructions did not actually work. So I googled a bit more:
https://developer.fedoraproject.org/tools/docker/docker-installation.html

According to developer.fedoraproject.org, you’ll have to run the following two commands in order to get docker executed without sudoing.
Basically you’ll add a docker -group and add yourself to it.

$ sudo groupadd docker && sudo gpasswd -a ${USER} docker && sudo systemctl restart docker
 $ newgrp docker

Excuses get in the way

/ jankka / Leave a comment

I know, every excuse is just an excuse on failing to prioritise, but sometimes the prioritising actually gets you nailed down to something where you just have to concentrate and work on.  This week has been one of those.

So to say, releases flowing in from doors and windows and I find myself testing (or wanting to test) them all.

Which of course has meant that I haven’t been able to fulfil the 30 Days of Testing assignments. Currently I am lagging behind 1½ – 2 days. My plan is to get back on the track during this week, anyhow, meaning that I’ll do something during the weekend.

This is just to inform that I am aware of the situation.

Besides that, I ended up going through this tutorial yesterday and realised that this mochaJs-thing seems to be a neat way to learn JavaScript and some test development 😀 I might even give it a more thorough run later on. I also discussed with the author (Viktor Johansson) on collaborating and creating some neat tutorial with BDD & Robot Framework. Oh, and managed to install Skype on the Fedora, which is always an accomplishment 😉

We’ll see what tomorrow brings.

Installing Ubuntu 15.04 on Dell Latitude D810

/ jankka / 1 Comment

I do have this old laptop. Dell Latitude D810. It is otherwise quite ok, display resolution is excellent, CPU power is enough for browsing etc. The only thing that bothers me is the lack of memory, or so to say the limits of memory you can use. 2 GB of memory is nowadays below the minimum.

However, it manages to keep my writing going on and web browsing is actually easier and more efficient than with the Asus Eee PC 1101HA, which seems to lack the rest of everything you need to work around.

Ok, enough babbling. Back to the actual topic:

Installation procedure was pretty simple (this time).

  • Download Ubuntu 15.04 (32-bit version)
  • Write the downloaded image to USB disk:
    1. Plug in the USB
    2. umount /dev/sdb (in case needed, I didn’t have to, my Arch linux did not automount the disk)
    3. ]$ dd bs=4M if=Downloads/ubuntu-15.04-desktop-i386.iso /dev/sdb
    4. Eject the USB -stick (eject /dev/sdb )
  • Plug in the USB stick to Dell Latitude D810
  • During the Start Up, press F12 and select USB device as the boot device
  • During the installation process, do not select the 3rd party software to be installed, it halts the computer.
  • If you have network cable, plug it in during the installation procedure and download the updates during the installation
  • After installation, restart the computer
  • When computer has been restarted, do the following:
    1. Open terminal (Ctrl+Alt+T)
    2. Run the following commands:
  ]$ sudo apt-get update
  ]$ sudo apt-get install firmware-b43-installer
  ]$ sudo modprobe -r b43 bcma
  ]$ sudo modprobe -r brcmsmac bcma
  ]$ sudo modprobe b43
  • Restart the computer

The information gathered above can be also found from Ubuntu WifiDocs -site. All I did was gathered it in a simplified list to be applied. Most likely the same approach should work to Debian, too.

Vagrant recommendation

/ jankka / Leave a comment

For testing server -side solutions with VirtualBox, I highly recommend to use Vagrant (http://www.vagrantup.com/). Works perfectly on testing purposes, the environment is set up by entering following at the terminal prompt:

$ vagrant box add base http://files.vagrantup.com/lucid32.box

$ vagrant init

$ vagrant up

That initialises, fetches and starts up one Ubuntu Lucid Lynx -server. To connect to connect to the server after this:

$ vagrant ssh

After working for awhile you can either halt, suspend or just plain exit from the server and then get back to it by writing ‘vagrant ssh’ again. The most genius part is that you can re-set the server back to defaults after everything is done. That’s just plain perfect for testing 😀

To re-set the Vagrant -server:

$ vagrant destroy

Of course there is drawbacks, as always, but to be honest, it’s a neat tool.

In order to get to see even more usable Vagrant Boxes, browse to: http://www.vagrantbox.es/

What is a test tool?

/ jankka / Leave a comment

KuvaIn order to really discuss something worthwhile at this blog, I’d need to know what actually is a test tool? To gather information and thoughts about the test tools will be way easier if I know what to investigate.

As I mentioned before there is bunch of text editors, as well as internal/external blogs (such as this?) that could be used as test journals, test data editors and for interpreting test data. As an addition to that post I’d really like to see a tool that combines the journaling possibility seamlessly and easily to the test tools used.

Which brings us to the variety of the tools. There is scripting tools for running and automating test cases. Formost you can use the OS -native tools to automate some part of the test process.

For example there’s shell -scripting possibilities in Windows -machines. You can easily edit the scripts that can be used in command prompt by using the notepad or whatever editor there is. The problem that I see nowadays is more or less the fact that there’s not much you can do from Windows -shell. The command variety is limited and as stated, most of the stuff you want to get done requires the actual GUI. You can, however, automate some tool -usage, e.g. java-, ant-, cvs/svn/git -commands in order to proceed with the normal, and boring, repetitious steps on testing process. You could also use Perl and Python from the prompt. 

That is much less than what linux -shell can do. Bash -scripting (ok, there’s other command line interpreters than just the bash, I know ;)) with whatever linux/unix -distribution is more simple to get done and is way much effective due to the fact that the interpreters can execute a huge variety of their own functions plus call system applications, perl– & python -interpreters etc.

I will return to both of these interfaces later on as separate blog entries (one or more per interface). They certainly deserve it. The question still remains: Can the command prompts and their interpreters be referred as test tools?

I myself think so. The thing that remains to figure out is how much we can rely on the software and tool provided by the vendor of the OS (or a GNU -cult for that matter) and how much we need to take in consideration that they have their limits and defects, too. And last, but not least, when should we start using some other test tool as the ones provided by the OS we are using when testing. And yes, there’s a slight difference if you’re testing  the software and using it’s OS provided client interface on the test target than on your workstation. Depending on how heavy processes you use on test scripting you need to consider the effect to the test target and taken measurements (CPU & memory usage, thread usage on linux etc.)

 

Tools for reading, writing and editing

/ jankka / 1 Comment
Kuva

Cow Tools. (c) Gary Larson

What can be considered as a tool? Whatever that is filling the needs while used, ain’t it so? A stone is a tool of hammering (Ok, I admit I should myself drop the hammer now) and for keeping door not to be shut. But I wouldn’t go so far that even think of trying to use it as a screwdriver. Well, I actually did think about it. Gary Larson had a brilliant frame about stone age tools, btw.

According to Wikipedia “A tool is any physical item that can be used to achieve a goal, especially if the item is not consumed in the process. Informally the word is also used to describe a procedure or process with a specific purpose. Tool use by humans dates back millions of years, and other animals are also known to employ simple tools.”

So it seems a tool can be whatever we find to be fit.

So what is a test tool, then? For me it sounds to be a tool that is used for testing something, to prove that the object to be tested behaves according the expectations. And now, remember here, as a software tester, the expectations are that the tested object behaves somewhat faulty and weird. Developers live in a beautiful world where their programs work flawlessy day after day no matter the circumstances. And here comes the tester in and ruines it all with the help of his tools. Neat, ain’t it 😀

I’d start with pen and paper. Or a marker and a whiteboard. They are both brilliant tools for thought processing in order to get a grip what needs to be tested. At this point the review of the documentation plays a big role and can also lead to that some possible flaws in design process can be spotted, too. Yes I know, it’s a long shot that there is any, dear developers, we all know you don’t make mistakes. It’s the tester that plants the bug inside the program, ain’t it so?
Besides examining and writing down the test processes and needed test cases the pen and paper can afterwards be used for test journaling, too. So no surprise there; some of the simpliest tools are actually multitools.

Then there’s the native tools that are provided by every operating system. Notepad, TextEdit, Vi, Emacs, Wordpad and Gedit. Completely and highly usable tools for taking notes and reading test results.
I try to avoid Notepad as much as I can. It’s hard to read and edit text files that have no linebreaks. Plus that it lacks a descent way to search and replace. Same can be applied to Wordpad, too. In windows I’ve been using Notepad++ in all kind of editing, reading and writing. It is free, easy to use and comes with bunch of neat features.
To be honest TextEdit in OSX is not that good either. It is obvious for me to use TextWrangler on editing and watching the results of text files. Or to create HTML/XML -inputs, SQL -sentences etc. For writing in OSX, Writeroom is by far the best tool I can use when it comes to pure writing. I’m actually using it at the moment. It is a distraction free text editor. Unfortunately it is not free, but the price of 9,99 $ is not that big in order to get it working. By the way, should all the software we use be free? To be honest, I don’t think so, but that’s a different topic and a subject for a different blog entry as itself 😀
Since I’ve been working with linux quite a lot, vi or vim has been my main editor for years. Ever since I learned how to write changes to the file and quit (:wq or :x) I’ve been every now and then trying to do so when quitting a terminal connection. Besides the odd commands it does have a powerful way of manipulating big textfiles with several great options on replacing all or finding a certain string(s) inside the file. I know I’ve been just scratching the surface on this one, too, but it really has helped me a lot more than nano or pico ever did. yes, I’ve used them, too, but that was even more long ago 😀
Emacs I tried maybe two times, but it has been more or less too much for me. Now here’s the place for a flame -comments, then. Vim or Emacs?
Now just one question: do I really have to tell you the reason why I don’t use gedit at all? Or at least I try to avoid using it as much as I can. It is too heavy and clumsy when compared to vi/vim. Now I know there’s a GUI fo emacs, too, but as said I’ve never had a reason to use that one either. Vim has done the job I’ve needed to get done. And that’s the main reason (at least for me) to choose the tool in hand.

It seems also that this article is just a scratch on the surface: I really need to write a bit more on these tools.

BTW, this article was written with WriteRoom Big Grin :D

Soundtrack: Dire Straits – Brothers In Arms – 20th Anniversary Edition