Mattia Campagnano

Mattia Campagnano

Saturday, December 31, 2016

Goodbye, 2016!

I don't know why people feel the need to write something for the end of the year.

This has been a crazy year for myself and for the state of cyber security in this country and worldwide.

New attack techniques have been discovered and for the first time hackers interfered with democratic elections.

I normally hate celebrations and all the connected rhetoric but I'm graduating in cyber security next week and that seems me a perfect timing for what's going on.

Hopefully, I'm going to go back working in the field soon.

I don't know what I'm going to do or what specific role I'm going to play in this context.

I only know this is but the starting point for the career I want.

We'll see what happens.




Friday, December 23, 2016

How to automate post exploitation with a Meterpreter script

Metasploit is a powerful attacking tool, but you can get the most out of it by automating the post exploitation stage.

After getting a shell on the victim system, if you run some commands recurrently, you can use a script to run them automatically for you.

To demonstrate this, I created a script, named netapi_post.rc, where I listed the commands I wanted to be automatically run.

After that, I exploited my victim XP machine by using the multi/handler exploit, setting up windows/meterpreter /reverse_TCP as a payload (check the embedded video for more details).


Monday, December 5, 2016

How to create basic Snort IDS rules


I am going to create some basic rules to use Snort as an IDS.

The first thing to do is defining what Snort has to protect as the Home network.

You need to edit its configuration file (/etc/snort/snort.conf) as follows:
  1. Change the value of the line ipvar HOME_NET from any to your home network range (in my case, 192.168.2.0/24)
  2. Change the value of the line ipvar EXTERNAL_NET from any to !$HOME_NET (in other words, uncomment the last line shown in the first below screenshot). The value of the EXTERNAL_NET variable will have to be defined as any network other than the Home network.
  3. Apply customized rules by editing the file /etc/snort/rules/local.rules, as shown below.
  4. Edit /etc/snort/snort.conf by adding a line that includes your customized rule file.

Monday, November 21, 2016

macOS or OS X? Time will tell. I won't walk through the Sierra right now

I've experienced El Capitan for a while and I've been very satisfied.

My new Mac has worked flawlessly, because El Capitan is a very stable and reliable system, a rock solid warhorse.

The hacker/pioneer in me, though, was tempted by the new features of macOS Sierra.

I'm very busy with my college, so I postponed this dilemma for a while. 

One weekend, though, I created a clone of my configuration with Super Duper! and decided to give Sierra a go.

I almost immediately regretted my decision.

Tuesday, November 8, 2016

Install Snort in Kali Linux, the easy way

When trying to install Snort in Kali Linux, you may find yourself with a not very encouraging E:Unable to locate package message, alike this one above.

If this occurs, you're left with the only option of compiling it from source, which, in this case, is pretty painful.

Luckily, there's an easier alternative. Aptitude can't find the program we're looking for because it doesn't have the necessary repositories in its database.

So, in order to solve the problem, all we need to do is adding them manually.

Go the repositories list in Kali official website, then right-click and copy each repositories listed there (in other words, right-click and copy all the entries starting by deb, shown in the screenshot below).
That done, open the file etc/apt/sources.list with any text editor of your choice.

Paste the repositories you previously copied from the official website to said file and save it.

Now, you'll only have to run apt-get update -y in order to update your sources list.

With that being done, run apt-get install snort -y and this time around it will work.

Tuesday, October 11, 2016

Kali Linux -Hacking Holy Grail? Not really!

Quora users have always flooded me with answer requests related to questions on Kali Linux. 

Recently, though, such requests have become unprecedentedly clueless, annoying (that one below is one of the brightest examples. I chose it randomly, so I mean no offense to its author) and insistent.

Looks like more and more people (mostly kiddos) got fascinated by a bunch of idiotic TV shows displaying alleged hacking stuff and started thinking: "heck, this is cool! I wanna be a hacker and stack a big loot, too!"

They got no clue what the real hacker culture is, what real hackers are and how frustrating, nerve-racking, time-consuming, swear-driven, slow and boring real hacking is.

There's a bunch of lazy people around doing dumb stuff, sure. If you use a weak password, that's no biggie to one like myself, though I don't know if I'm a hacker.

Sunday, October 9, 2016

Installing Guest Additions in a Kali Linux virtual machine

Problem 

I needed to access a file located in my physical system from inside a Kali Linux VM, so I tried to enable Shared Folders.

However, I found out, much to my dismay, it wasn't possible.



OS X - Schedule tasks with the “at" command

Like my UNIX/Linux professor used to say, we should have our computer work for you, so I decided to find new ways to automate tedious tasks by using my Mac.

Sounds cool, right?

Problem 

Sadly, the default solution provided by OS X for creating scheduled tasks (LaunchD) isn't very user-friendly (here for more details).

There are third-party tools around, mostly paid, providing an easier GUI approach to this functionality (e.g. LaunchD Task Scheduler).

However, a task can be also created by leveraging OS X system resources.


Solution

Monday, October 3, 2016

Security breaches keep happening and they will continue on. That's why

Over the last years, security breaches have become the new normal.

Yahoo! officially admitted a massive security breach, occurred over the previous years, only some days ago.

Rumors about that had been around for a while, but I got an official email from Yahoo! about this only on 9/27 (I had already changed my password at least 4 times in the meantime.)

People all over the world got shocked by this and no one, including presidential candidates, seems to have any clue on what should be really done.

NOT ME.

I'm not surprised at all.

On the contrary, I expect such incidents to exponentially grow over the next months, or years.

Why? Why is this keeping happening and will keep happening?

Friday, August 26, 2016

How to install Bash in Windows 10 Anniversary Update

Introduction 

Anniversary Update for Windows 10 has been finally released.

You can wait for it to come with Windows Updates, or (like I did) grab it from here as a standalone executable and install it manually. 

Like I anticipated in my previous post Windows 10 to include Bash. Should you care? I don't, Windows 10 will include a Linux subsystem that allows to run Bash commands directly in Windows.

I already voiced my personal opinion on how irrelevant this is to myself personally, as well as to most UNIX/Linux users. However, it's a very exciting feature to test and it can result to be useful in some specific occasions.

Prep steps & installation

After installing the Anniversary Update, you'll need to enable Windows Linux Subsystem.

Thursday, July 14, 2016

Installing a printer in OS X

I use a wireless printer configured with a dynamic IP address, so I often have to re-install it when its IP address changes. 

Installing a wireless printer in OS X is straightforward.


Wednesday, June 22, 2016

Inverted Caps Lock on virtual machines? No problem!

Problem 

I'm using a VMware Fusion virtual machine for an Oracle online college class.
Sometimes, a weird issue occurs, while using SQL.

When entering my commands, my CAPS LOCK key gets suddenly inverted.

In other terms, while keeping CAPS LOCK pressed, commands are typed in lowercase, and vice versa.

I like my keywords and my commands to be all caps and the values in lowercase.

That makes it easier for me to understand what I wanted to achieve with those commands when looking at them at a later time.

I think consistency helps, in this case.
I got forced to use my keyboard by reversing its functionalities.

Monday, June 20, 2016

OS X - Slow Wi-Fi? Hit it with your best shot

Problem 

Poor Wi-Fi performance?

Does you connection drop or look sluggish?

No fear, there's an easy quick for this.

Your problem could be caused by channel congestion.

If your Wi-Fi is setup on a channel already used by numerous wireless devices in your area, you may experience a poor performance and, at times, your connection might drop.

In layman's terms, a channel congestion is like having to go through a backed up highway over the rush hour. Too many cars (in our case, devices) out there.

OS X offers a quick and dirty fix for this problem, without needing to install any third-party tools.

Solution

Friday, June 10, 2016

Mattia’s Dummie’s Corner - Understanding UNIX/Linux file permissions

In a UNIX/Linux operating system, file permissions represent a critical topic, but this concept can be very hard for beginners to understand, especially if they're used to Windows.

Thankfully, my Linux instructor did a great job with me, so now I can share this knowledge with you guys.

For this post, we're going to analyze the output of the ls command, which lists the contents of a directory.

For you to display file permissions, you need to use the ls -l command (the so-called long form of the ls command).

This is, IMHO, maybe the most important Linux command .

After a while, you'll get so used to it that you're never gonna use the simple ls anymore (that's my case, at least).

How to read a file listing

Thursday, June 9, 2016

What to do when OS X Recovery Partition won’t boot

Problem 

Today, while I was working on my Mac, I dropped a couple of books from my desk on the power chord (I use a surge suppressor), which caused it to die.

As usual, I unplugged the power chord for a while and then pressed down the power button for about 30 seconds to discharge any remainder statics.

Then re-plugged the power chord and restarted my Mac.

I wanted to repair any errors caused by this unexpected event, so I booted from Recovery Partition for accessing Disk Utility.

But, this time, a surprise was waiting for me.

OS X got stuck and a stop signal was suddenly shown.


Saturday, May 21, 2016

How to secure a network from physical invasions

Scenarios

When you think of a breach, you'd normally think of hacking, but there are other ways a business can be breached.

One way is to physically attack its premises.

Possible threats range from individuals trying to access reserved areas to drones flying over your facilities.

An organization must be very careful about it.

Careless security guards, network outlets in the waiting area, intruders tailgating through the gates….

It takes a second for a potential intruder to sneak in.


Countermeasures

Saturday, April 30, 2016

Privilege escalation with Windows 7 SP1 64 bit

This post follows up from where we had left off with the Social Engineer Toolkit. I'm going to perform a privilege escalation on Windows 7 SP1 64 bit.

With SET, I could successfully exploit the system, but I couldn't become system administrator, which limited my chances of a successful exploitation.

I couldn't get a privilege escalation through getsystem.

Solution (for a clearer understanding of these steps, please refer to the embedded video tutorial)



Thursday, April 28, 2016

How to hack Windows 7 SP1 64-bit with Social Engineer Toolkit (SET)

This post is a follow up to my previous one Don't click that file! How to hack Windows XP SP3 with an msfvenom payload, where I successfully hacked Windows XP SP 3 by using a custom exploit.

This time, we're going to hack Windows 7 64 bit SP1. For this purpose, I used a Kali Linux v.2 64 bit virtual machine (attacker machine) and a Windows 7 SP 1 64-bit virtual machine (victim machine).

We're gonna build an exploit by using the Social Engineer Toolkit, developed by my boss, Dave Kennedy, who founded the company I'm currently working with (cheers, man, hope to see you soon).
Steps

Wednesday, April 20, 2016

Create an OS X El Capitan USB installer without third-party tools


Like I've previously explained, Macs don't come with a bundled Install DVD anymore.
This can cause problems if you have to re-install OS X, as Internet Recovery is very slow, or, at times, doesn't work over Wi-Fi for older Macs.

However, you can create an USB installer through Terminal, without installing any third-party software.

Steps:
  1. Format a USB drive, at least 8 GB large, choosing the OS X Journaled file system.
  2. Call it MyVolume (you can also name it differently, but if so you'll have to change the following command accordingly):
  3. That done, launch the following command from Terminal:   
sudo /Applications/Install\ OS\ X\ El\ Capitan.app/Contents/Resources/createinstallmedia --volume /Volumes/MyVolume --nointeraction --applicationpath /Applications/Install\ OS\ X\ El\ Capitan.app

All the system files will be copied to the drive and this will require a while.

The command will hang until the operation is completed, so grab a tall coffee mug, or go for a walk until it's done.

That's what it looks like when the installer is ready to go.

At this point, you can boot from your installer and re-install OS X.

Be advised your USB installer might occasionally not show up in Startup Disk.

However, it'll surely be shown when pressing ALT at boot-up.

Wednesday, April 6, 2016

A checklist to prevent data scraping from your server

Scenario

If your server isn't properly secured, an attacker can target it with automated scrips in order to scrape data from it.

Your business could face loss of confidential information and potential lawsuits.

Luckily, you can implement technical solutions for you to eliminate, or at least mitigate, this problem.


Solutions

Tuesday, April 5, 2016

How to keep ransomware out of your network

Scenario 

In my previous post Bye-bye Ransomware! ACYA later! , I had analyzed the ransomware problem by mostly focusing on home users.

However, ransomware has started becoming a severe threat in corporate environments, too.

A hospital has been recently attacked by ransomware, but its administration refused to pay the ransom, because they had an efficient backup policy in place and were able to shut down the infected system and keep their primary systems going.

Possible scenarios start being scary and the latest incident made it clear (should there be any doubts) these scumbags would do anything to achieve their goals.


Monday, April 4, 2016

How to rename a (local) user account in Windows 10

Before Windows 10, it was possible to rename a user account by right-clicking its folder under C:\Users.

Windows 10 has made this process much more elaborate.

Sunday, April 3, 2016

Windows 10 to include Bash. Should you care? I don’t.

Microsoft has announced on March 30, 2016 at its annual Build Developer Conference that Windows 10, with the coming updates, will support bash  commands.

For all it seems, Microsoft will support a Linux subsystem – not a virtual machine – based on Ubuntu 14:04 LTS.

Many people started wondering what the impact of this news will be.


Thursday, March 31, 2016

Don't click that file! How to hack Windows XP SP3 with an msfvenom payload

LEGAL DISCLAIMER: This "hack" has been performed by using virtual machines running on my own computer. Don't use it against other people's systems, unless you've been given explicit written permission by their owners. I'm not responsible for any unintended use of these instructions.

A bunch of people on Quora keep asking me why it's so important to keep your system up-to-date.

They think if they keep using Windows XP, they're fine.

This post answers their questions better than any words.

Kali Linux includes a tool, called msfvenom, allowing to realize a custom payload for you to hack into a victim machine.



Sunday, March 27, 2016

How to opt in and out from OS X Beta versions

How to opt in

If you enrolled your Mac for Apple Beta program, you can download betas and early releases straight from App Store.

For you to do this, you need to download and install a component called OSXElCapitanPublicBetaAccessUtility.dmg


The only downside to it is you're required to install it on your physical OS X, which can not be the most recommendable course of action on production Macs.

If you don't want this, you can opt out from these updates.

How to opt out

Go to System Preferences/App Store.

Click Change next to "Your computer is setup to receive pre-release software update seeds".

Then select "Do Not Show Pre-release Updates". These updates won't show up again in App Store.

Should you change your mind later on, you need to reinstall the .dmg package.

In fact, after performing that change, App Store options will get modified as shown below:


If you want to test pre-release versions without compromising your production Mac, the best option is, IMHO, to activate this setting in an OS X virtual machine.
This will allow to test betas and early releases and play safe, without exposing to any risk whatsoever.

Friday, March 11, 2016

OS X KE Ranger ransomware - if you play with dirt, you’ll get dirty

An OS X ransomware variant, called KE Ranger, has been recently detected.
According to its description, it uses two main vectors:
  1. Torrents (a software called Transmission 2.90)
  2. Phishing emails.
In my opinion, like I already mentioned in my previous post Bye-bye, ransomware! ACYA later!, this happens because people keep doing dumb stuff and click whatever they see, regardless of all the breaches that keep occurring.
Any malware requires a positive action on your end. It can't infect your system, if you don't click a link, install a program, or open something you shouldn't.

Friday, February 26, 2016

How to create an OS X virtual machine with VMware Fusion

Having an OS X virtual machine can come in handy for you to experiment and test early betas and pre-releases without fear of compromising your production Mac.

I tried to do that with VirtualBox but, though in the past I had succeeded by extracting a dmg file from the installer, this time I couldn't get OS X to boot.

Therefore, I decided to use VMware Fusion (its current version is 8).

This product offers a wide collection of choices for you to create a virtual machine.


The first option is maybe the most interesting, as it allows to virtualize your physical configuration.

In my case, I already had a Yosemite VM created with Parallels.

VMware Fusion reads virtual machines created by other programs, such as Parallels, so I only had to wait for the conversion process to end for me to run it.

VMware Fusion has one only issue with an OS X virtual machine.

In fact, after creating the VM, no sound device was detected and the sound icon was muted.

I could solve this issue by installing the Ensoniq Audio PCI driver.

After a couple of reboots, sound on my virtual machine was finally enabled.


Wrap up

Creating an OS X virtual machine with VMware Fusion is simple and fast.

Performance is very good and the only issue is related to sound, but it can be easily solved by installing the aforementioned driver.

Monday, February 22, 2016

May the Shell Be With You - task automation unleashed in UNIX/Linux

In my previous post 9 Windows Command Prompt Hacks: the power of black and white, I've talked about Windows command line and how helpful it is for troubleshooting purposes.

In the meantime I went through two Linux classes (operating system and network administration), so I've become much more comfortable with UNIX/Linux Bash Shell, and I've started writing pentesting scripts in Bash and Python for me to automate tedious tasks. I've ultimately finalized my detachment from Windows, which now I use only when strictly needed.

In this post I want to show you how to unleash the full power of a UNIX/Linux shell. It is a very powerful tool, often overlooked.


Tuesday, January 26, 2016

Mattia’s Dummie’s Corner- Variable initialization

I'm trying to learn numerous programming languages, after studying Visual Basic last semester, and this concept suddenly hit my mind yesterday, while I was watching a Python tutorial.

What's a variable?

It's something that may vary, i.e. can get different values.

It's nothing but a placeholder for something you want to store, a sorta box where you want to store something for you to use later.

If you grab a programming textbook, you'll find several data types, i.e. numerous types of variables you can use (strings, floats, integers, booleans, date/time, etc.).
    We don't need them now, so let's forget about them for a second. I love Python programming language for many reasons.

    One of the most important is its ease of use, as there's no need to state what data type your variable is, when coding in Python.

    We create a variable by simply giving it a value (assignment).

    For example, if we want to define a grade variable in Python, we'd have something like:

    grade="A"

    The use of quotes informs Python that's a string variable (text).

    In case of numbers (e.g. In Italy we use numbers 18 through 30 for grades, where 30 is A), you'd have, for example:

    grade=26

    Loops and variable initialization

    Thursday, January 21, 2016

    Windows 10 - Remove the evil clone

    After the last Windows 10 update (and after not using it for a while), I've gone through a weird issue.

    I plugged in my external hard drive to work with some files and I got a pop-up saying that drive had problems, asking me whether I wanted to fix them.

    I chose Fix & scan; OK- I think - it'll fix some errors and then I can use this darn disk, right?

    Dead wrong.

    Two identical hard drives, both having the same letter, were suddenly showing up in Windows Explorer.



    Then, you might think, no big deal. Due to the error, one disk remained in the RAM.
    You eject one of them and you're good.

    Not so fast. The second disk can't be removed, Windows sees the two drives as  fixed hard drives.

    If I eject my hard disk, they both disappear, but they come back, when I plug it back.

    I tried a couple of times to reboot the system, but no avail.

    After several web searches, I found out the update had introduced a new Registry key, causing Windows to detect external hard drives as removable ones, so that they're displayed twice in the Navigation pane.


    For you to solve the issue, you need to navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explorer\Desktop\NameSpace\DelegateFolders and remove the sub-key you'll find there.

    That done, the clone immediately disappeared.

    Friday, January 15, 2016

    Force App Store to re-download OS X.

    When Apple releases a massive update, I always re-download the latest OS X installer from App Store, which I use to create an up-to-date USB recovery installer.

    For you to re-download El Capitan (and, in general, any OS X version you have already installed), you need to open up App Store and go to Purchased.

    Afterward, you click Download and, after answering Yes to a confirmation pop-up, the download will start.

    That's how I've always done so far.

    However, you might at times experience some issues while doing that.

    This time around, in fact, El Capitan installer was grayed out and displayed as Downloaded

    On a forum thread I found out the problem was caused by the older installer, which still was in the Applications folder.

    After removing it, quitting and re-opening App Store, I was able to successfully start the download.


    Hope it helps you solve similar issues.

    Tuesday, January 12, 2016

    Location services? I don't think so. Big Brother’s out there for you.

    Location, location, location.
    No, I'm not talking about a hotel, I'm talking about location services.
    Nowadays, an overwhelming number of auto-starting location services are installed in computers and a bunch of other devices (mobile phones, "smart" devices connected to the Internet, etc.).


    Unless you disable these services, they can track every minute of your day.

    Thursday, January 7, 2016

    How to create a Kali Linux Virtual Machine with VirtualBox - Walkthrough

    Today we're gonna create a Kali Linux virtual machine with VirtualBox.

    As I'm in information security and I'm studying pentesting, I've been asked this question so many times that I decided to create a tutorial for it, hoping it will help.


    Why Kali Linux?

    Kali Linux is a very popular Linux distro, used for hacking, pentesting and forensics.

    Its current version, as of today, is the rolling version 2 2016, based on Debian.

    Kali is not the only pentesting distro around, but it's become popular because it gathers thousands of tools ready to go in the same place.

    Related Posts Plugin for WordPress, Blogger...

    Contact Form

    Name

    Email *

    Message *