Wednesday, June 21, 2017

[REVIEW] Cyber Security Campaign 2017 (Hong Kong)

Yesterday (Jun 20, 2017), Cyber Security and Technology Crime Bureau (CSTCB) of Hong Kong Police Force announced a Cyber Security Campaign 2017 for a year in order to kill all botnets in Hong Kong. They build a website for Hong Kong citizens to download 3 famous Anti-Virus scanners (Kaspersky, Symantec and Trend Micro). The campaign commenced today. (SCMP news) However, the site could not be accessed until 1500 hours today due to too busy or something else.

I conducted a quick test on the website when the news was announced yesterday. This article is about the not professional test result.

The website is running on Windows Server 2012 and hosting at Alchemy. It is not sure that it is a dedicated server or a shared hosting server. It is possibly that it may be a dedicated server. The IP address of the server is 205.144.171.79.

Meanwhile, I find out that the server is also hosting another website Cyber Security Professional Awards which is also hosted by CSCTB.

The Server

The website is running on Microsoft IIS 8.5 with ASP.NET (Version 4.0.30319 and ASP.NET MVC version is 5.2). Ports 80, 135, 443, 445, 5666 and 49159 are opened on the Windows Server 2012. There is no Web Application Firewall (WAF) on the Microsoft IIS Web Server.

SSL Certificate

Since there is no data exchange between users and web application, the SSL certificate for the website is not required in general. However, it is equipped. It is compatible to TLS 1.0, 1.1 and 1.2. It used a weak cipher suites for the encryption (TLS_RSA_WITH_3DES_EDE_CBC_SHA) in the certificate. Meanwhile, it has a mismatched SSL certificate of www.fishingmilitia.com. In addition, there is no security headers for the website. The grading of the website is A only.

Later learnt that the mismatched SSL certificate of Fishing Militia is pointed to "Cyber Security Professional Awards" website. The SSL certificate of "Fishing Militia" is expired on Jun 16, 2017. However, the "Cyber Security Professional Awards" website is running on Port 80. It is very weird.

Web Application

It is a single page web application mainly running JavaScript. It stores all the images, including background image, on https://storage.googleapis.com. The size of the images is from 58kB to 2.7MB. That is why the website may not be accessed and displayed "Service Unavailable. HTTP Error 503. The service is unavailable." There is no database and no data exchange between users and web application.

When "Cyber Security Campaign 2017" website is loading slow or cannot be accessed, the "Cyber Security Professional Awards" website has the same response.

Conclusion

The Windows Server 2012 is hosting 2 websites, "Cyber Security professional Awards" and "Cyber Security Campaign 2017" on Pot 80 and 443 respectively. If there is a proxy server, both websites can use port 80 instead.

The response time of "Cyber Security Campaign 2017" is slow mainly because of the images are large in size and they are fetched from storage.googleapis.com. The googleapis.com is hosting JavaScript only and the upload speed may not be very high. Therefore the bottleneck is at the size of images and slow external storage.

It is very weird that the SSL certificate of "Cyber Security Professional Awards" website is pointed to another domain.

In conclusion, the website is mis-configured and it is not good in design.

That's all! See you.


Monday, June 19, 2017

HOWTO : Lower CPU Loading With ulimit on Ubuntu 16.04 LTS

ulimit can change the number of process on Linux. One of the features is to lower the CPU loading with it when you have a low end CPU. The lower the CPU loading the lower the CPU temperature.

sudo nano /etc/security/limits.conf

Append the following lines at the end of the file.

* soft nproc 10240
root soft nproc 10240


You can replace "10240" up to "65535".

That's all! See you.


Sunday, June 04, 2017

HOWTO : Update Ubuntu 16.04 LTS

sudo nano ~/update_ubuntu

Append the following lines to the file :

export DEBIAN_FRONTEND=noninteractive
sudo apt update
sudo apt -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o APT::Get::Assume-Yes="true" -y dist-upgrade
sudo apt -y autoclean
sudo apt -y --purge autoremove


Save it and make it executable.

chmod +x ~/update_ubuntu

To run it :

sudo ~/update_ubuntu

That's all! See you.


Saturday, June 03, 2017

HOWTO : Apache Guacamole Remote Desktop Gateway On Ubuntu 16.04 LTS

Apache Guacamole is a HTML5 remote desktop gateway. It supports VNC, RDP and SSH protocols. You can access your remote desktop or server by using standard browser. You are required a dedicate computer or virtual machine to setup the Guacamole server. This guide will use database authentication for the operation.

Step 1 :

Install Ubuntu Server 16.04.2 LTS as usual. It is recommended to install OpenSSH also.

sudo apt-get -y install libcairo2-dev libjpeg-turbo8-dev libpng12-dev libossp-uuid-dev libavcodec-dev libavutil-dev libswscale-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev libssh2-1-dev libvorbis-dev libwebp-dev autoconf autotools-dev libtool build-essential maven default-jdk mysql-common mysql-server mysql-client mysql-utilities tomcat8 tomcat8-admin tomcat8-common tomcat8-docs tomcat8-user ghostscript gsfonts gsfonts-other

Step 2 :

sudo mkdir -p /etc/guacamole
sudo mkdir -p /etc/guacamole/lib
sudo mkdir -p /etc/guacamole/extensions


Step 3 :

sudo nano /etc/default/tomcat8

Append the following lines at the end of the file :

# GUACAMOLE ENV VARIABLE
GUACAMOLE_HOME=/etc/guacamole


Step 4 :

cd ~
git clone git://github.com/apache/incubator-guacamole-server.git
cd incubator-guacamole-server
autoreconf -fi
./configure --with-init-dir=/etc/init.d
make
sudo make install
sudo ldconfig


sudo systemctl enable guacd

Step 5 :

cd ~
git clone git://github.com/apache/incubator-guacamole-client.git
cd incubator-guacamole-client
mvn package

sudo cp ~/incubator-guacamole-client/guacamole/target/guacamole-0.9.12-incubating.war /etc/guacamole/
sudo ln -s /etc/guacamole/guacamole-0.9.12-incubating.war /var/lib/tomcat8/webapps/
sudo cp ~/incubator-guacamole-client/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/target/guacamole-auth-jdbc-mysql-0.9.12-incubating.jar /etc/guacamole/extensions/


Step 6 :

wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.42.tar.gz
tar -xvzf mysql-connector-java-5.1.42.tar.gz
sudo cp mysql-connector-java-5.1.42/mysql-connector-java-5.1.42-bin.jar /etc/guacamole/lib/


sudo mkdir -p /usr/lib/x86_64-linux-gnu/freerdp
sudo ln -s /usr/local/lib/freerdp/* /usr/lib/x86_64-linux-gnu/freerdp/


Step 7 :

sudo mysql -u root -p
CREATE DATABASE guacamole_db;
CREATE USER 'guacamole_user'@'localhost' identified by '[GUACAMOLE_USER_PASSWORD]';
GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'localhost';
flush privileges;
quit


cd ~
cat ~/incubator-guacamole-client/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/*.sql | mysql -u root -p[MYSQL_ROOT_PASSWORD] guacamole_db


Step 8 :

sudo nano /etc/guacamole/guacamole.properties

The content of the file is :

# Hostname and port of guacamole proxy
guacd-hostname: localhost
guacd-port: 4822

# MySQL Authentication
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: [GUACAMOLE_USER_PASSWORD]


Step 9 :

sudo ln -s /var/lib/tomcat8/webapps/guacamole-0.9.12-incubating.war /var/lib/tomcat8/webapps/ROOT.war

Step 10 :

sudo systemctl restart guacd
sudo systemctl restart tomcat8


Step 11 : (The following Step 11 to 14 are for setting up VNC server on Ubuntu Desktop)

The Ubuntu Desktop will be accessed via VNC. Therefore, we need to install related packages on Ubuntu Desktop.

sudo apt-get install ubuntu-desktop gnome-panel gnome-settings-daemon metacity nautilus gnome-terminal tightvncserver

nano ~/.vnc/xstartup

The file content will be looking like :

#!/bin/sh

xrdb $HOME/.Xresources
xsetroot -solid grey
#x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
#x-window-manager &
# Fix to make GNOME work
export XKL_XMODMAP_DISABLE=1
/etc/X11/Xsession

unset SESSION_MANAGER
vncconfig -iconic &
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
x-window-manager &
gnome-panel &
gnome-settings-daemon &
nautilus &
metacity &
gnome-session-flashback &


Reconfigure the session manager :

sudo update-alternatives --config x-session-manager

Select :

/usr/lib/gnome-flashback/gnome-flashback-metacity

Step 12 :

sudo nano /lib/systemd/system/vncserver@.service

The file content will be looking like below. Making sure to replace "samiux" to your username :

[Unit]
Description=Start TightVNC server at startup
After=syslog.target network.target

[Service]
Type=forking
User=samiux
PAMName=login
PIDFile=/home/samiux/.vnc/%H:%i.pid
ExecStartPre=-/usr/bin/vncserver -kill :%i > /dev/null 2>&1
ExecStart=/usr/bin/vncserver -depth 24 -geometry 1280x800 :%i
ExecStop=/usr/bin/vncserver -kill :%i

[Install]
WantedBy=multi-user.target


Step 13 :

vncserver

Enter the password of VNC server when prompt and then answer "n" to the last question.

vncserver -kill :1

sudo systemctl daemon-reload
sudo systemctl enable vncserver@1.service


To start VNC server at port 5901 :

sudo systemctl start vncserver@1

Step 14 :

For streaming audio from Ubuntu Desktop :

sudo nano /etc/pulse/default.pa

Append the following line at the end of the file :

load-module module-native-protocol-tcp auth-anonymous=1

To restart PulseAudio :

pulseaudio -k

Port 4713 should be listening for connection. However, it is not very stable at my side.

Step 15 : (The following Step 15 is for setting up RDP on Kali Linux Xfce)

Install Kali Linux Xfce version, Gnome does not work. Lxde may works.

apt-get xrdp
systemctl enable xrdp
systemctl enable xrdp-sesman
systemctl start xrdp
systemctl start xrdp-sesman


update-alternatives --config x-session-manager

Make sure it is selected :

/usr/bin/startxfce4

Step 16 :

To access the Guacamole, you point the browser to the Guacamole box, e.g. http://192.168.20.99:8080. The username and password are both "guacadmin".

When accessing the remote desktop or server, you can launch the submenu by pressing :

ctrl+alt+shift

Reference

Apache Guacamole Manual
How to install SSH ( secure shell ) service on Kali Linux

That's all! See you.