Decommission USB Blocking on Linux

prashanthsams Leave a comment

If you previously blocked USB storage ports on your Linux machine to secure it against unauthorized access, you may need to reverse these changes. This guide provides a step-by-step approach to remove the USB block rule, allowing USB storage devices to function normally again.

1. Locate the USB Block Rule

If you’ve followed the previous guide or a similar process to block USB storage, you should have created a rule file in the /etc/udev/rules.d/ directory. The filename for this rule is likely 99-usbblock.rules.

2. Remove the USB Block Rule File

Use the following command to delete the file, thereby removing the block on USB storage devices:

sudo rm /etc/udev/rules.d/99-usbblock.rules

This step deletes the file that contains the blocking rule. Without this file, udev will no longer apply the restriction.

3. Reload udev Rules

After removing the rule file, you need to reload udev rules so that the system updates and stops enforcing the deleted rule:

sudo udevadm control --reload-rules

4. Trigger udev to Apply Changes

Finally, trigger udev to apply the updated rules immediately:

sudo udevadm trigger

With these steps, your Linux machine will no longer block USB storage devices, allowing them to be recognized and used as normal.

5. Verifying USB Functionality

To verify that the USB storage ports are no longer blocked:

Plug in a USB storage device (e.g., a flash drive). Use a command like lsblk or fdisk -l to check if the device is detected:

lsblk

If you see the USB storage device listed, then decommissioning was successful, and the system is now allowing USB storage access.

Block USB storage ports in Linux

prashanthsams Leave a comment

Blocking USB storage on Linux is a straightforward process using udev rules. Follow these steps to configure and enforce a rule to disable USB storage access:

1. Create a USB Block Rule

The following command creates a rule in the udev directory that disables any USB storage device from being authorized for use:

echo 'SUBSYSTEM=="usb", ATTR{authorized}="0"' | sudo tee /etc/udev/rules.d/99-usbblock.rules

This rule works by setting ATTR{authorized}="0" for any device under the usb subsystem, effectively blocking it.

2. Reload udev Rules

After adding the rule, you need to reload the udev rules for it to take effect:

sudo udevadm control --reload-rules

3. Trigger udev to Apply the Rule

Finally, use the following command to trigger udev and apply the rule immediately:

sudo udevadm trigger

With this configuration, any USB storage device plugged into your Linux machine will be blocked.

Intercept and Modify HTTP(s) Request | Burp Suite

prashanthsams Leave a comment
  • Download Burp Suite Community Edition link
  • Click on the Proxy tab.

  • And click on the Open browser button.
  • Enter the username and password details and switch back to the burp suite interface.

  • Click on the intercept is off button and switch back to the browser.
  • And click on the Login button.
  • Now, observe the login POST method’s request details including header and payload in the intercept body.

  • Now, try to modify the request body and headers if needed.
  • And click on the Forward button.

  • Keep pressing the Forward button until all the downstream API calls are finished.
  • Click on the HTTP history tab, select the POST request, and observe the response.

JMeter Setup | AWS Linux AMI (AWS EC2)

prashanthsams Leave a comment
  • SSH into the Amazon EC2 machine

ssh -i yourkey.pem ec2-user@11.111.11.11

  • Download Apache JMeter

wget https://downloads.apache.org/jmeter/binaries/apache-jmeter-5.6.3.tgz

  • Extract the downloaded compressed file

tar -xzf apache-jmeter-5.6.3.tgz

  • Move folder into the /opt/ folder

sudo mv apache-jmeter-5.6.3 /opt/

  • Set JMeter environment variable and path

export JMETER_HOME=/opt/apache-jmeter-5.6.3
export PATH=$PATH:$JMETER_HOME/bin
source ~/.bashrc

  • Download and install custom JDK

yum search java | grep "17"
sudo yum install java-17-amazon-corretto.x86_64

  • Copy certificate and test plan into the AWS EC2 machine

sudo scp -i yourkey.pem certificate.pfx ec2-user@11.111.11.11:/home/ec2-user
sudo scp -i yourkey.pem yourtestplan.jmx ec2-user@11.111.11.11:/home/ec2-user

  • Download JMeter plugins manager directly into the /ext folder; else, download and copy into the EC2 machine from your local machine

cd /opt/apache-jmeter-5.6.3/lib/ext
curl -O https://repo1.maven.org/maven2/kg/apc/jmeter-plugins-manager/1.9/jmeter-plugins-manager-1.9.jar

or

sudo scp -i yourkey.pem jmeter-plugins-manager-1.9.jar ec2-user@11.111.11.11:/opt/apache-jmeter-5.6.3/lib/ext

  • Download Throughput Shaping Timer plugin from the link and copy the below mentioned jar files into the respective folders

sudo scp -i yourkey.pem jmeter-plugins-tst-2.6.jar ec2-user@11.111.11.11:/opt/apache-jmeter-5.6.3/lib/ext
sudo scp -i yourkey.pem jmeter-plugins-cmn-jmeter-0.7.jar ec2-user@11.111.11.11:/opt/apache-jmeter-5.6.3/lib/

  • JMeter Test runner with certificate and it’s password exporting results into the .jtl file

jmeter -Djavax.net.ssl.keyStore=/home/ec2-user/certificate.pfx -Djavax.net.ssl.keyStorePassword=111111 -n -t /home/ec2-user/yourtestplan.jmx -l /home/ec2-user/results.jtl

  • Copy results.jtl from AWS EC2 machine into the local machine

sudo scp -i yourkey.pem ec2-user@11.111.11.11:/home/ec2-user/results.jtl /local-machine-path/

  • Generate HTML report from the generated results.jtl file

jmeter -g /local-machine-path/results.jtl -o ./destination-folder/

Upload Certificates in JMeter

prashanthsams Leave a comment

JMeter can only work with Java Keystores (either in JKS or PKCS12 formats) so you need to convert your .pem file into a Java Keystore. To convert a PEM certificate and key to PKCS12 format, you can use the OpenSSL command-line tool.

  • Open Terminal on your computer
  • Run the following command to install OpenSSL:

brew install openssl

  • Navigate to the directory where the PEM certificate and key files are located.
  • Run the following command to convert the PEM files to PKCS12 format:

openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.pem

  • You will be prompted to enter a password for the PKCS12 file. Enter a strong password and confirm it.
  • The PKCS12 file will be created in the current directory.
  • Add the certificate to JMeter: Once you have the certificate file, you can add it to JMeter by going to Options > SSL Manager from the menu bar. Click on Add and select the certificate file you obtained in step 6. You can also provide a password if the certificate is protected.

JMeter Setup | MAC

prashanthsams Leave a comment
  • Open Terminal on your Mac.
  • Install Homebrew by running the following command

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

  • Once Homebrew is installed, run the following command to install JMeter:

brew install jmeter

  • JMeter will be installed on your Mac, and you can launch it from the command line by running the jmeter command.

jmeter

  • Open JMeter and create a new test plan.
  • Add a Thread Group to your test plan by right-clicking on the Test Plan and selecting Add > Threads > Thread Group.
  • Configure the Thread Group by setting the number of threads (users), the ramp-up period (how quickly the threads will be started), and the duration of the test. For example, you can set the number of threads to 100, the ramp-up period to 10 seconds, and the duration of the test to 1 hour.
  • Add an HTTP Request sampler to the Thread Group by right-clicking on the Thread Group and selecting Add > Sampler > HTTP Request.
  • Configure the HTTP Request sampler by setting the URL of the website or application you want to test, as well as any request parameters or headers required.
  • Add a View Results Tree listener to your test plan by right-clicking on the Test Plan and selecting Add > Listener > View Results Tree. This will allow you to view the results of the test.
  • Save your test plan and run the test by selecting Run from the menu bar.

Remember to always test your stress tests in a non-production environment to avoid any negative impact on your production systems.

BASIC TEST SETUP

MUST HAVE PLUGINS

  • jp@gc – Throughput Shaping Timer
  • Aggregate Report
  • jp@gc – Response Times Distribution
  • View Results Tree
  • View Results in Table

NICE TO HAVE PLUGINS

  • jp@gc – Transactions per Second
  • jp@gc – Hits per Second

Splunk integration with Jenkins

prashanthsams Leave a comment 
MAC
wget -O splunk-8.2.2-87344edfcdb4-macosx-10.11-intel.dmg 'https://d7wz6hmoaavd0.cloudfront.net/products/splunk/releases/8.2.2/osx/splunk-8.2.2-87344edfcdb4-macosx-10.11-intel.dmg'
  • Create an account and login
  • Click on the + Find More Apps link
  • Search Jenkins and click Install
  • If you go home, you will find this additional option
  • Now, we have to configure the Http Event Collector
  • Go to settings > Data inputs
  • Click on HTTP Event Collector > Global Settings
  • Select All Tokens Enabled, Remove SSL if it’s local, and input custom port (by default it is 8088)
  • Now, we have to generate a new token
  • Enter name for the token (say, Jenkins) and press Next button
  • Select Automatic source type and press Next & Submit button
  • And now, the token is created successfully. Copy the token generated and use it for the communication from Jenkins to the splunk server. You can also find this token from Settings > Data inputs > Http Event Collector
  • Finally press Start Searching button
  • If you have Jenkins installed already, start the Jenkins server; if not, install and start it 
MAC
brew services restart jenkins-lts
  • Now, go to the Jenkins Manage Jenkins > Manage Plugins > Available and search for splunk
  • Install Splunk Jenkins plugin
  • Go to Manage Jenkins > Configure System
  • Follow the steps mentioned below, test it, and press the save button
  • Now, restart the Jenkins server
brew services start jenkins-lts
  • And restart the Splunk Server. Go to Settings > Server controls and press Restart Splunk button
  • Now, go to Jenkins, create a Project and execute it
  • Go to Splunk home page and click on the Splunk App for Jenkins tab
  • Select the Jenkins Master and observe results in the result pane

Config Swagger2 / OAS 2 on Spring MVC

prashanthsams Leave a comment

POM.xml

  • Add the following Maven dependencies for OAS 2
<dependency>
   <groupId>io.springfox</groupId>
   <artifactId>springfox-swagger2</artifactId>
   <version>2.9.2</version>
</dependency>
<dependency>
   <groupId>io.springfox</groupId>
   <artifactId>springfox-swagger-ui</artifactId>
   <version>2.9.2</version>
</dependency>
<dependency>
   <groupId>javax.xml.bind</groupId>
   <artifactId>jaxb-api</artifactId>
   <version>2.3.1</version>
</dependency>
  • Add plugin to generate OAS definition; config package name and output location
<plugin>
   <groupId>com.github.kongchen</groupId>
   <artifactId>swagger-maven-plugin</artifactId>
   <version>3.1.7</version>
   <configuration>
      <apiSources>
         <apiSource>
            <springmvc>true</springmvc>
            <locations>
               <location>com.wmock.info</location>
            </locations>
            <outputFormats>yaml</outputFormats>
            <schemes>
               <scheme>http</scheme>
            </schemes>
            <info>
               <title>API Doc</title>
               <version>1.0</version>
               <description>OAS 2.0 documentation</description>
            </info>
            <swaggerDirectory>${basedir}/target/swagger/temp</swaggerDirectory>
            <swaggerApiReader>com.github.kongchen.swagger.docgen.reader.SpringMvcApiReader
            </swaggerApiReader>
            <swaggerFileName>internal-swagger</swaggerFileName>
         </apiSource>
      </apiSources>
   </configuration>
   <executions>
      <execution>
         <configuration>
            <apiSources>
               <apiSource>
                  <locations>
                     <location>com.wmock.info</location>
                  </locations>
                  <swaggerFileName>internal-swagger</swaggerFileName>
               </apiSource>
            </apiSources>
         </configuration>
         <id>internal-generation</id>
         <phase>compile</phase>
         <goals>
            <goal>generate</goal>
         </goals>
      </execution>
   </executions>
</plugin>

 

SWAGGER CONFIG

  • Create swagger config based on swagger2

package com.wmock.info.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger2.annotations.EnableSwagger2;
@Configuration
@EnableSwagger2
public class SwaggerConfig {
@Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(RequestHandlerSelectors.basePackage("com.wmock.info.controllers"))
.paths(PathSelectors.any())
.build();
}
}
view raw SwaggerConfig.java hosted with ❤ by GitHub

  • If you need URL redirection, it is advised to create a controller as below: 
@Controller
public class SwaggerController {

    @RequestMapping("/swagger")
    public String greeting() {
        return "redirect:/swagger-ui.html";
    }

}

 

CONTROLLER

  • There are no fundamental changes needed in the controller. Here is an example.,

package com.wmock.info.controllers;
import com.wmock.info.models.ChapterInfoModel;
import org.springframework.web.bind.annotation.*;
@RestController
@RequestMapping(value = "/api/chapter", produces = "application/json")
public class ChapterInfoController {
@RequestMapping(method = RequestMethod.GET, value = "/{chapterId}")
public ChapterInfoModel getChapterInfo(@PathVariable("chapterId") String chapterId) {
return new ChapterInfoModel(chapterId, "Chapter name");
}
}
view raw Controller.java hosted with ❤ by GitHub

 

RUNNER

  • Cmd to execute Spring MVC application; while the Swagger2 doc gets generated with the updated controller content
mvn clean spring-boot:run

  • Open either one of these URLs that redirects you to the swagger ui
http://localhost:8081/swagger
http://localhost:8081/swagger-ui.html

 

Reference:

https://github.com/prashanth-sams/wiremock-springboot-mvc-swagger2/

 

Attack HTTP traffic using Wireshark | CyberOps workstation

prashanthsams Leave a comment

HTTP

  • Download and install CyberOps workstation virtualbox image
  • Login with analyst as username and cyberops as password
  • Get the network interface name
ifconfig
  • Enter the below cmd to start collecting the traffic in the specific network, enp0s3
sudo tcpdump -i enp0s3 -s 0 -w httpdump.pcap
  • Here, we are saving the traffic data in a file with extension .pcap 
  • Open browser and enter any exploited website; say, http://altoromutual.com/login.jsp
  • Enter random username, password, and click login
  • Now, switch to the terminal and ctrl+c the process
  • Open wireshark through terminal
sudo wireshark-gtk
  • And select the pcap file from File->open; path: /home/analyst 
  • Now, filter the traffic with http 
  • Click on the POST request in the recorded list before select

  • Hacked!!

HTTPS

  • Open browser, enter any secured website, and do some actions; say, https://xyx.com
  • Make sure the wireshark process is running
  • Now, filter the traffic
tcp.port == 443

  • Can’t hack cos of the encrypted data 😦

Export Python automation results to DataDog

prashanthsams Leave a comment

  • The following Python script helps you to update the automation results right after the execution on exit
from datadog import initialize, api
import time, os, glob, json

print os.environ['API_KEY']

options = {
  'api_key': os.environ['API_KEY']
}

initialize(**options)

stats = json.load('./stats.json')

api.Metric.send(metric="qa.baseline.desktop.passed", points=stats['passed'], tags=["country:us")
api.Metric.send(metric="qa.baseline.desktop.failed", points=stats['failed'], tags=["country:us")
api.Metric.send(metric="qa.baseline.desktop.skipped", points=stats['skipped'], tags=["country:us")
  • Import the following Dashboard json with the basic settings required


{
"title":"QA Dashboard",
"description":"",
"widgets":[
{
"id":0,
"definition":{
"type":"timeseries",
"requests":[
{
"q":"avg:qa.baseline.desktop.passed{country:ae}",
"display_type":"bars",
"style":{
"palette":"cool",
"line_type":"solid",
"line_width":"normal"
}
},
{
"q":"avg:qa.baseline.desktop.failed{country:ae}",
"display_type":"bars",
"style":{
"palette":"orange",
"line_type":"solid",
"line_width":"normal"
}
},
{
"q":"avg:qa.baseline.desktop.passed{country:us}",
"display_type":"bars",
"style":{
"palette":"cool",
"line_type":"solid",
"line_width":"normal"
}
},
{
"q":"avg:qa.baseline.desktop.failed{country:us}",
"display_type":"bars",
"style":{
"palette":"orange",
"line_type":"solid",
"line_width":"normal"
}
}
],
"yaxis":{
"label":"",
"scale":"linear",
"min":"auto",
"max":"auto",
"include_zero":true
},
"title":"DESKTOP BASELINE",
"title_size":"16",
"title_align":"center",
"show_legend":false
},
"layout":{
"x":0,
"y":0,
"width":60,
"height":22
}
},
{
"id":1,
"definition":{
"type":"query_value",
"requests":[
{
"q":"avg:qa.baseline.desktop.failed{*}",
"aggregator":"sum",
"conditional_formats":[
{
"comparator":">",
"value":0,
"palette":"white_on_red"
},
{
"comparator":"<",
"value":1,
"palette":"white_on_green"
}
]
}
],
"title":"DESKTOP",
"title_size":"16",
"title_align":"center",
"autoscale":false,
"precision":0,
"text_align":"center"
},
"layout":{
"x":0,
"y":23,
"width":15,
"height":22
}
},
{
"id":2,
"definition":{
"type":"query_value",
"requests":[
{
"q":"avg:qa.baseline.mdot.failed{*}",
"aggregator":"last",
"conditional_formats":[
{
"comparator":">",
"value":0,
"palette":"white_on_red"
},
{
"comparator":"<",
"value":1,
"palette":"white_on_green"
}
]
}
],
"title":"MDOT",
"title_size":"16",
"title_align":"center",
"autoscale":false,
"precision":0,
"text_align":"center"
},
"layout":{
"x":61,
"y":23,
"width":15,
"height":22
}
},
{
"id":3,
"definition":{
"type":"timeseries",
"requests":[
{
"q":"avg:qa.baseline.mdot.passed{country:ae}",
"display_type":"bars",
"style":{
"palette":"cool",
"line_type":"solid",
"line_width":"normal"
}
},
{
"q":"avg:qa.baseline.mdot.failed{country:ae}",
"display_type":"bars",
"style":{
"palette":"orange",
"line_type":"solid",
"line_width":"normal"
}
},
{
"q":"avg:qa.baseline.mdot.passed{country:us}",
"display_type":"bars",
"style":{
"palette":"cool",
"line_type":"solid",
"line_width":"normal"
}
},
{
"q":"avg:qa.baseline.mdot.failed{country:us}",
"display_type":"bars",
"style":{
"palette":"orange",
"line_type":"solid",
"line_width":"normal"
}
}
],
"yaxis":{
"label":"",
"scale":"linear",
"min":"auto",
"max":"auto",
"include_zero":true
},
"title":"MDOT BASELINE",
"title_size":"16",
"title_align":"center",
"show_legend":false
},
"layout":{
"x":61,
"y":0,
"width":60,
"height":22
}
},
{
"id":4,
"definition":{
"type":"toplist",
"requests":[
{
"q":"max:qa.baseline.desktop.passed{*} by {country}"
}
],
"title":"Desktop Test Counts",
"title_size":"16",
"title_align":"center"
},
"layout":{
"x":16,
"y":23,
"width":44,
"height":22
}
},
{
"id":5,
"definition":{
"type":"toplist",
"requests":[
{
"q":"max:qa.baseline.mdot.passed{*} by {country}"
}
],
"title":"MDot Test Counts",
"title_size":"16",
"title_align":"center"
},
"layout":{
"x":77,
"y":23,
"width":44,
"height":22
}
}
],
"template_variables":[
{
"name":"",
"default":"*",
"prefix":null
}
],
"layout_type":"free",
"is_read_only":false,
"notify_list":[
],
"id":"hpe-h5g-wut"
}

view raw

dashboard.json

hosted with ❤ by GitHub

  • Thats it!