Wednesday, July 30, 2008
Ultimate Penetration Testing platform?
You can't have a pentest platform without BOTH Windows and Linux in the mix. There are too many tools that are either exclusive to one platform or the other, OR there are serious performance issues on a particular platform - nmap on Windows come to mind.
I have tried various setups including VMWare, unixutils, native ports of *nix tools, Co-Linux & cygwin on Windows and VMWare & Wine on Linux and dual boot setups.
I think I have found the best of both worlds, Windows base (2003 server) with andLinux. andLinux is built on Co-Linux with KDE (or xfce). Co-Linux is a port of the Linux kernel to Windows.
AndLinux is built on Co-Linux and Ubuntu. It behaves exactly like a normal Ubuntu box and can use any Ubuntu repository. It allows KDE application windows to co-mingle with Windows, giving you the best of both worlds.
It is working so well that I am going to delete my Linux partition on my pentest platform. Linux will always be primary OS for everything else though.
I have tried various setups including VMWare, unixutils, native ports of *nix tools, Co-Linux & cygwin on Windows and VMWare & Wine on Linux and dual boot setups.
I think I have found the best of both worlds, Windows base (2003 server) with andLinux. andLinux is built on Co-Linux with KDE (or xfce). Co-Linux is a port of the Linux kernel to Windows.
AndLinux is built on Co-Linux and Ubuntu. It behaves exactly like a normal Ubuntu box and can use any Ubuntu repository. It allows KDE application windows to co-mingle with Windows, giving you the best of both worlds.
It is working so well that I am going to delete my Linux partition on my pentest platform. Linux will always be primary OS for everything else though.
Labels: Linux, Penetration Testing, Windows
Tuesday, April 01, 2008
nvu on (k)ubuntu
I couldn't find the old nvu web page editor on Gutsy, it is now available as KompoZer, which is a bug fix to the aging nvu 1.0 code. Just apt-get install kompozer
Sunday, January 27, 2008
Truly Portable Apps
I am a big fan of PortableApps, most of which are Open Source such as Firefox, Gimp & OpenOffice. PortableApps allows you to run these applications from your USB thumb drive without leaving a trace (registry) on the client machine.
PortableApps is Windows focused, however I have found that almost all of the applications run quite happily under Wine. So I now have a truly portable virtual environment of my favourite applications where ever I go.
PortableApps is Windows focused, however I have found that almost all of the applications run quite happily under Wine. So I now have a truly portable virtual environment of my favourite applications where ever I go.
Labels: Linux, Open Source
Linux recovery and backups
I was happily working on my Kubuntu box when the hard disk light went solid. I shut down all the running apps and the disk light stayed on, so I dutifully rebooted only to be greeted with a Hard Disk Not Found message from the BIOS.
I have a great backup scheme where I backup to the RAID array on my server which gets backed up weekly to tape. My automated backups stopped working 4 months ago after a system rebuild (yes I know). So I really need to get my data back.
I purchased an external USB enclosure for the dead disk, having had success with these before where a system BIOS couldn't see a drive but the limited electronics in an external USB could. Under Linux the USB came up as a device, so I duplicated it using ddrescue onto a brand new disk and then used gpart (not gparted) to rebuild the partition table. The whole process took about 6 hours and I got every single file back. I love Linux.
Having learnt my lesson I did some research into various backup options and chose to use rsync to backup all my laptops and desktops to my servers RAID array and then rsync that data to an external 500GB drive. I use native rsync on my Linux boxes and DeltaCopy on my Windows machines. Not a perfect solution but a fast and automated system - a backup of 200GB of data runs in under a minute by only copying the file differences via rsync.
I have a great backup scheme where I backup to the RAID array on my server which gets backed up weekly to tape. My automated backups stopped working 4 months ago after a system rebuild (yes I know). So I really need to get my data back.
I purchased an external USB enclosure for the dead disk, having had success with these before where a system BIOS couldn't see a drive but the limited electronics in an external USB could. Under Linux the USB came up as a device, so I duplicated it using ddrescue onto a brand new disk and then used gpart (not gparted) to rebuild the partition table. The whole process took about 6 hours and I got every single file back. I love Linux.
Having learnt my lesson I did some research into various backup options and chose to use rsync to backup all my laptops and desktops to my servers RAID array and then rsync that data to an external 500GB drive. I use native rsync on my Linux boxes and DeltaCopy on my Windows machines. Not a perfect solution but a fast and automated system - a backup of 200GB of data runs in under a minute by only copying the file differences via rsync.
Labels: Linux
IE under Linux
Unfortuneately some web sites require the use of IE exclusively to work. I try to avoid such poorly written sites however sometimes it's a neccessary evil.
Now that I run Linux exclusively this was a real pain until I found IEs4Linux, which is project that automates the installation of Internet Explorer under Wine.
Now that I run Linux exclusively this was a real pain until I found IEs4Linux, which is project that automates the installation of Internet Explorer under Wine.
Thursday, October 25, 2007
Desktop switchover
I am still running Linux for my primary home desktop but have dropped Sabayon and switched to Kubuntu.
Why the swap?
I tested the most popular KDE based distros (inc PCLinuxOS & OpenSUSE) and chose Kubuntu for it's simplicity and large package repository.
It was a no brainer to install but not that great with my hardware detection. I had a lot of probs getting TwinView and my nVidia card working properly.
I would never use Kubuntu for pentesting, I will always stick with Gentoo/Sabayon there, as all the tools I need and use are in the source tree (which is not the case for Kubuntu).
Similarly for my headless servers I would only ever run Gentoo.
So the lesson is "horses for courses", use the right Linux distro for the task at hand.
Why the swap?
- The pain of updating packages and breaking the system (did it twice)
- Time wasted compiling packages with lots of dependencies (sometimes 24 hours)
- Conflicting packages preventing installs
- Constantly having to messing around with /etc/portage/package.*
I tested the most popular KDE based distros (inc PCLinuxOS & OpenSUSE) and chose Kubuntu for it's simplicity and large package repository.
It was a no brainer to install but not that great with my hardware detection. I had a lot of probs getting TwinView and my nVidia card working properly.
I would never use Kubuntu for pentesting, I will always stick with Gentoo/Sabayon there, as all the tools I need and use are in the source tree (which is not the case for Kubuntu).
Similarly for my headless servers I would only ever run Gentoo.
So the lesson is "horses for courses", use the right Linux distro for the task at hand.
