How To Setup PPTP VPN on Ubuntu 14.04 LTS

No comments
What is PPTP?
A Point-To-Point Tunneling Protocol (PPTP) allows you to implement your own VPN very quickly, and is compatible with most mobile devices. Even though PPTP is less secure than OpenVPN, it is also faster and uses less CPU resources.

1. Update and Upgrade Repo
sudo apt-get update && sudo apt-get upgrade -y

2. Install PPTPd
sudo apt-get install pptpd -y

3. Setting up PPTP Internal/Private IP Network.
edit /etc/pptpd.conf and add the following lines
localip 10.0.0.1
remoteip 10.0.0.100-200

4. Add DNS servers to /etc/ppp/pptpd-options
ms-dns 8.8.8.8
ms-dns 8.8.4.4

5. Now restart PPTP Daemon 
sudo service pptpd restart

5.1. Check if pptpd is running by run following command.
netstat -lntp | grep -i :1723

6. Setup Forwarding
It is important to enable IP forwarding on your PPTP server. This will allow you to forward packets between public IP and private IPs that you setup with PPTP
edit /etc/sysctl.conf and add the following line if it doesn't exist
net.ipv4.ip_forward = 1

6.1. And run following command to take effect
sudo sysctl -p /etc/sysctl.conf

7. Create a NAT rule for iptables
iptables -t nat -A POSTROUTING -o ##INTERNET INTERFACE## -j MASQUERADE && iptables-save

8. Setup authentication for PPTP by adding users and passwords. Simply add them to /etc/ppp/chap-secrets

9. Allow Only One Connection per User
Refer this article

P/S: bersawang dah blog ni.

No comments :

Post a Comment

Wargames.MY 2015 - Challenge 7 (jengkrengkrongkreng) Write-Up

3 comments
This article is about Wargames.MY 2015 - Challenge 7

Initial Hint: blackhole exploit main password

the challenge provide us 7z archive with password protected. So by using initial hint to find out the archive password. As malware analyst at MyCERT, knowing every malicious binary will zipped-up with 'infected' as archive password.

List of files in archive:








There's nothing inside logo.jpg except Miranda Kerr picture(NSFW).

Nothing much you can see if you open index.html on web browser, except it will show you 'youporn.com' site.

But 265KB for index.html is too much lets look into it.

Nothing much, but the interesting part is the base64 data.

Here's full base64 strings.
Here's decoded base64 string.

Those are just jQuery file, but on bottom of the code there's interesting code

document.write("<script type='text/javascript' src= '---.. ..--- ---.. --... ----- --... .- ----. ---.. ...-- ...-- --... . -... -.... -... -.. ----. ..... --... -.. ----- . -.. ...-- ..-. --... ....- ----- ---.. ..--- ...-- ..-. -.. ..--- ..-. ..--- -.... --... . ....- ....- -... ----. -.. .---- ..-. ----- ....- ..--- ..-. .---- --... .- ----- ..... ---.. --... .---- ---.. ...-- ...--'></script>")

after decode the morse code, here the result.
828707A98337EB6BD957D0ED3F740823FD2F267E44B9D1F042F17A05871833

Look back at index.html and you will notice this portion of code
<!-- Kunci ada kat sini lah bro..
function encrypt(s,pw)
{
	var a=0;
	var myString='';
	var textLen=s.length;
	var pwLen=pw.length;

	for (i=0;i<textLen;i++) 
	{
		a=parseInt(s.charCodeAt(i));
		a=a^(pw.charCodeAt(i%pwLen));
		a=a+"";
		while (a.length<3)
			a='0'+a;

		myString+=a;
	}

	form1.tdecrypt.value=myString;
}

function decrypt(s,pw)
{
	var myString='';
	var a=0;	
	var pwLen=pw.length;	
	var textLen=s.length;
	var i=0;
	var myHolder="";
	
	while(i<s.length-2) 
	{
		myHolder=s.charAt(i) ^ 0xFF;
		if (s.charAt(i)=='0') 
		{
			myHolder=s.charAt(i+1) ^ 0xFF;
		}
		
		if ((s.charAt(i)=='0') ^ 0xFF) 
		{
			myHolder=s.charAt(i+2);
		}
		
		a=parseInt(myHolder);
		a=a ^ 0xFF;
		myString+=String.fromCharCode(a);
		i+=3;
	}//end of while i
	
	form1.tencrypt.value=myString;
}
//-->

The hint: there's a 'key' inside the code, the code shown xor encrypt/decrypt routine in javascript, but there's a twist. Decrypt function never work, and always return same string regardless of input.
But we know decryption process using '0xFF' as key instead of parameter.
Using 3rd party xor decryption, pass the string from the morse code and 0xFF as key, here the result:
THOU SHALL LEARN MORSE CODE

There's our flag for this challenge.
For who might need the challenge file, you can download it here

Kudos to Wargames.MY Crewz for 1337 aw3s0m3 challenge. hope to see more challenge again next year!

3 comments :

Post a Comment

Fix for homebrew permission denied issues

1 comment
I came across several homebrew issues where symlinks couldnt be created due to permission denied errors.
TL;DR:
reset permissions to the /usr/local stack.

The command will fix the permission error
sudo chown -R `whoami` /usr/local

1 comment :

Post a Comment

PostgreSQL + JSON Data

No comments
PostgreSQL 9.2 added a native JSON data type, but didn’t add much else. You’ve got three options if you actually want to do something with it:
  • Wait for PostgreSQL 9.3 (or use the beta) Released
  • Use the plv8 extension. Valid option, but more DIY (you'll have to define your own functions)
  • Use the json_enhancements extension, which backports the new JSON functionality in 9.3 to 9.2

Table Schema 
CREATE TABLE buku (
    id integer NOT NULL,
    data json
);

Insert Data
INSERT INTO buku VALUES (1, '{
    "tajuk": "Ayam Goreng",
    "penulis": {
        "nama_pena": "Bob Ayam",
        "nama_sebenar": "Bob Suka Ayam"
    },
    "info": {
        "diterbitkan": "20-03-2015",
        "sinopsis": "bob suka makan ayam, hari-hari dia makan ayam"
    }
}');

INSERT INTO buku VALUES (2, '{
    "tajuk": "Kambing Golek",
    "penulis": {
        "nama_pena": "Abu Al-Kambing",
        "nama_sebenar": "Abu"
    },
    "info": {
        "diterbitkan": "25-01-2015",
        "sinopsis": "abu suka tengok kambing, hari-hari beliau terbayang kambing golek"
    }
}');

INSERT INTO buku VALUES (3, '{
    "tajuk": "Cicak Terbang",
    "penulis": {
        "nama_pena": "Cicakman",
        "nama_sebenar": "Cicakak"
    },
    "info": {
        "diterbitkan": "29-01-2015",
        "sinopsis": "Cicak yang boleh terbang"
    }
}');


Selecting
SELECT id, data->>'tajuk' as tajuk FROM buku;
id |      name
----+-----------------
  1 | Ayam Goreng
  2 | Kambing Goreng
  3 | Cicak Terbang

The -> operator returns the original JSON type (which might be an object), whereas ->> returns text.
You can use the -> to return a nested object and thus chain the operators:

SELECT id, data->'penulis'->>'nama_pena' as nama_pena FROM buku;

 id | nama_pena
----+-------------------
  1 | Bob Ayam
  2 | Abu Al-Kambing
  3 | Cicakman


Searching/Filtering
You can select rows based on a value inside your JSON:

SELECT * FROM buku WHERE data->>'tajuk' = 'Cicak Terbang';

 id |                                         data
----+---------------------------------------------------------------------------------------
  1 | '{"tajuk": "Cicak Terbang","penulis": {"nama_pena": "Cicakman","nama_sebenar": "Cicakak"},"info": {"diterbitkan": "29-01-2015","sinopsis": "Cicak yang boleh terbang"}}'

Also with nasted JSON object


SELECT * FROM buku WHERE data->'penulis'->>'nama_pena' = 'Cicakman';

 id |                                         data
----+---------------------------------------------------------------------------------------
  1 | '{"tajuk": "Cicak Terbang","penulis": {"nama_pena": "Cicakman","nama_sebenar": "Cicakak"},"info": {"diterbitkan": "29-01-2015","sinopsis": "Cicak yang boleh terbang"}}' 

Indexing
You can add indexes on any of these using PostgreSQL’s expression indexes, which means you can even add unique constraints based on your nested JSON data:
CREATE UNIQUE INDEX buku_penulis_nama_pena ON buku ((data->'penulis'->>'nama_pena'));

Cheers.

No comments :

Post a Comment