Monday, December 31, 2007

Alternate Window Managers : Installing Xfce 4.4.2 on Ubuntu



Gnome and KDE are running too slow on my system, even with a 1 gig RAM. With days of troubleshooting I have finally decided to move on.
I am currently searching for an alternative X Windows manager. In this first part of tutorial, I cover installing Xfce. In later weeks I'll try using fluxbox, IceWM, E17 and Openbox. And finally, I'll compare their speeds and usability.


First download the xfce4-4.4.2-installer.run installation file from Xfce website. Then follow these steps

apt-get install libice-dev libsm-dev libxpm-dev


apt-get install libxml2-dev libvte-dev libstartup-notification0-dev


apt-get install libhal-storage-dev libdbus-glib-1-dev libjpeg62-dev


chmod u+x xfce4-4.4.2-installer.run


./xfce4-4.4.2-installer.run


Note: I did get an "Failed to build xfce-mcs-manager" error, the first time I tried. Try the following too and rerun the installer.run file.
apt-get install build-essential gettext


#Alsa not found error
apt-get install libsound2-dev*



Phew! Finally, it is installed. For the faint-hearted just type
apt-get install xubuntu-desktop

This will setup everything. Only catch, 4.4.2 is still not available in Repo, so be content with the older release.

Hacking/Recovering windows XP passwords


Please note, this article is for educational purpose only.

Goal: To recover windows xp account passwords when you obviously don't have an admin privilege.

Prereq: 1. You either have access to booting via CD (in many places CD boots are disabled in bios)
2. Any other OS - XP or Linux is also installed to which you have access to.

Tools needed: OphCrak Live CD, rainbow tables

Lets start.


How does it work?

Generally XP account passwords are stored as hashes in the encrypted SAM file, located in c:\windows\system32\config\SAM
The process requires you to get a hashdump of this SAM file and pass it to OphCrack, which will then use this beautiful method involving rainbow tables to recover the password for you. Rainbow tables are way faster than the usual dictionary and brute force method.



1. If bios allows you to boot via a CD, you are in luck. Burn the OphCrak Live CD and it will take care of the rest. Simply specify which XP instance you want to recover the password.
It will automatically get a hash dump and start the recovery password.

2. Alternate way, the one I describe here in detail is using your other OS. Say, you already have Linux as the second OS. Get an access to it either using your legitimate account or using the "Hacking Linux root accounts via grub" article.

a) Download OphCrack from the website.

b) Download a rainbow table depending on your ram.

c) Copy SAM and SYSTEM file from the following location (assuming you know how to mount ntfs partitions)

cp /mnt/win_C/WINDOWS/SYSTEM32/Config/SAM ./


cp /mnt/win_C/WINDOWS/SYSTEM32/Config/SYSTEM ./

where /mnt/win_c is where your windows NTFS partition is mounted and the current folder is OphCrack/linux tools/ folder

d) Run the Bkhive and samdump2 tools

bkhive SYSTEM temp.txt

samdump2 SAM temp.txt > hashes.txt

both these are available in your OphCrack/linux tools folder

e) Run OphCrack. Load the rainbow table and the hashes.txt file and wait.
The process timing depends on the strength of the stored password.

Great! You have recovered your account password.
Note: You can selectively extract only "your" account password, if you do have any ;)
Now login using the username/password recovered and check.

Places to experiment: SOC 1 lvl 8 PC labs (NUS)

Caution: It is a criminal offense if you don't have the right to access the system. Also, accounts authenticated using LDAP cannot be recovered this way. There is generally a debugger account which will give you some admin rights to add remove users for the pc.

Sunday, December 30, 2007

Windows XP Tip : Resolving "NTLDR is missing" error

















I recently had a virus attack which corrupted my NTLDR and NTDETECT.COM.
XP refused to boot. Many folks think that the only way is to reinstall XP but here I'll show you how to recover these files and get back your XP booting up in 5 mins.


1. Pop in your Windows XP Installation CD and reboot.
Windows XP Setup starts.





2. Press R to enter Recovery console mode.
Select the installation instance and enter your admin password.


3. You now have access to the command prompt where you can enter commands to recover your installation. Some useful commands are - help, cd, map, chkdist etc. Help will display all commands available to you.

4. Type map to view all the disks. Keep note of the drive letter of you windows installation and the cd rom drive
map





5. Type the following commands to copy the ntldr and ntldetect.com files

copy d:\i386\ntldr c:


copy d:\i386\ntldetect.com c:


Where, c:\ is where your windows xp installation resides and d:\ is the cd drive letter. You can verify it from the result of the map command

6. Counter check if your boot.ini file is intact.
type c:\boot.ini


7. Voila! Your nltdr is recovered. Type exit to reboot.
exit


8. Results.












Monday, December 24, 2007

Hacking Linux root accounts via grub


This is a very common and popular way to reset root password if grub is not password protected by the system administrator.

Places you can try: SOC level 8 PC labs. They recently installed fc6 but forgot to protect grub ;)

Note: With great power comes great responsibilities. Use the root account with caution.


1. Switch on the pc and press a key to bypass the default OS boot.
2. Grub menu will show up.
3. Highlight the entry that displays the selected linux distro and type e
4. This takes you to the edit mode. Highlight the second entry (leave the rescue entry) and add single at the end to the boot entry

5. Once you have done that. Enter b
6. Your installed linux distro will reboot and take you to the init 1 or single or admin mode.

7. To add a new user, type
adduser guest


where guest is the name of new user you want to add.

8. To reset your or anyother users passwd
passwd <user>


The above mentioned way is a great way to reset your password in case you forgot it, or get access to a linux pc if grub is not protected.

Friday, December 21, 2007

Installing Flash and Java plugins in Flock


If you haven't guessed yet, Flock is based on firefox and supports most of its plugins.
Though firefox addons are not yet supported in Flock, Java and Flash plugins work right out of the firefox plugins folder
All you need are symbolic links to those plugins to your Flock plugin folder.

For instance,


~/temp/flock/plugins$ ln -s /usr/lib/firefox/plugins/* ./

Blogged with Flock

Monday, December 10, 2007

Remote Desktop to WinXP from Ubuntu..world of possiblities

This may sound vague. Why would you want to remote access your winXP box from Linux. Hmmm, think again.

Scenario 1: You have linux at work and winXP at home and you want to access some of the files.
Scenario 2: You have XP at work and linux at home and you wish to work from home
Scenario 3: Just for fun ;)

First glance and you would just reject the possibility of ever being able to do so. C'mon different OS's. WinxP's closed APIs. etc. Think again. Let me show you the wonders of technology and ofcourse linux.



1. Make sure you have activated remote desktop in your WinXP box.
2. Install grDesktop
#apt-get install grdesktop

3.Run Gnome Remote Desktop


4. The interface is very similar to windows remote desktop client. Enter the system ip, login username etc.


5. Congrats! You are in. You are in full control now ;)


6. A follow up on the wireless ad-hoc tutorial I posted few months back.
You can connect and disconnect your internet connection on the gateway win XP pc from wherever you are in your home. Another cool thing is shutting down the gateway pc after you are done surfing. Though the remote desktop doesn't give you explicit shutdown shortcut, we can still shutdown from the cmd. Simply go to Start > Programs > accessories > command prompt and type
shutdown -s


This opens to a world of possibilities. Though the speed of your experience depends on the underlying network and the rfc WinXP API, you can still browse the net, read docs, run presentations easily. I tried playing Counter Strike but the results weren't encouraging. Anyways, it opens you to a world of new possibilities to explore and play around.

Hope you enjoyed the article..and Kudos to open source ;)

Thursday, December 06, 2007

Updates, updates and more updates: Gmail


Just when you thought that Gmail was so awesome that it could never get better, think again. Google has been silently rolling out new features. Some are just eye candy but others are huge productivity boosts. In the post let me give you a glimpse of these new improvements...




1. Gtalk integration with AIM

Now you can talk to your AIM® friends using an integrated chat list right inside Gmail. Learn more ».



2. Colored labels

Better organize your email with new colored labels. Just click the color swatch next to each label to assign a color. Learn more »


3. Group chat and new emoticons

Group chat
Chat with multiple people without multiple windows. Invite your friends to a group discussion. To start a group chat, click 'Group chat' from the 'Options' menu when chatting.
Learn more »




New emoticons
Go from :) to and start sending richer expressions to your friends.
Learn more »










4 . Free IMAP


Sync your inbox across devices instantly and automatically. Whether you read or write your email on your phone or on your desktop, changes you make to Gmail will be seen from anywhere you access your inbox.

How it works on the iPhone

Set up device for IMAP (watch video)

Read and sort mail on your device

See changes instantly reflected in Gmail


Another way to use Gmail on your iPhone is through the browser. By going to m.gmail.com you get the full Gmail experience including conversation view, search, and more.

Learn how to set up IMAP on other devices


5. View as slideshow

With google launch of their new presentation tool, you can preview your ppts right from your gmail. Just click "View as slideshow" next to the .ppt attachment you want to preview. Since you can open .doc and .xls attachments with Google Docs and Spreadsheets too, there's no need to leave your web browser to check out your Gmail attachments. Learn More.


6. Increased attachment size - 20 MB

Now you can start sharing more of those home videos, large presentations and files you just can't seem to get smaller. We have doubled the allowable attachment size to 20 MB to make your Gmail space even more useful. Learn More


Did I miss any? Do leave your comments behind.