Backup Home Directory with rsnapshot

Backing up data is important. rsnapshot is a simple tool you can use to take snapshots of your home directory (or other data) automatically on a schedule.

Prerequisites

Before starting it is assumed you have an external hard drive or secondary hard drive that snapshots will be copied to. This should automatically mount upon startup and you should know the mounting point of the device.

Installing rsnapshot

Open up a terminal window and ensure that your packages list is up to date by running the following command:

sudo apt-get update

After this has completed, install rsnapshot and rsync with the following command:

sudo apt-get install rsnapshot rsync

Configuring rsnapshot

Once the install has completed edit the configuration file in the text editor of your choice. The config file is located at /etc/rsnapshot.conf

Note: Use tabs rather than spaces when editing the rsnapshot.conf file.

To edit this in Vim run the following command:

sudo vi /etc/rsnapshot.conf

First of all modify the location where the snapshots will be stored. Scroll through the config file to find the line beginning with snapshot_root

Note: In Vim you can use search mode after pressing a forward slash (/). Type in the text string you’re looking for i.e. snapshot_root and press enter. You will be taken directly to that line. If a string appears multiple times you can cycle through them by pressing the letter N.

Modify this to read where the snapshots will be stored. This should match the location of the drive listed in prerequisites. i.e.

snapshot_root /mnt/snapshots

Note: If you are using Vim you can navigate the text file using the arrow keys or the letters H (left), L (right), J (down), K (up). To enter insert mode (so you can type text) Press I. To delete a character (when not in insert mode) Press X.

Now scroll down (or search) until you reach the backup levels section. The lines will start with retain alpha, retain beta, etc. Modify this so that it a little more user friendly.

retain hourly 24
retain daily 7
retain weekly 4
retain monthly 12

Scroll down further to the lines starting with backup. This is where you chose the folders that you wish to create snapshots of. In this case only the home folder is being backed up, comment out all the lines except the following:

backup /home/ localhost/

Note: To comment out a line simply put a # at the beginning of a line.

Save your configuration files and close the text editor.

Note: If you are using Vim save the file by pressing the ESC key, and then the letter W (write file), the letter Q (quit), and then press Enter.

Testing the Configuration

After the configuration file has been modified, the syntax of the file can be checked by running the following command:

/usr/bin/rsnapshot configtest

If all goes well the output will say Syntax OK. If there are any issues you will need to investigate further.

rsnapshot also allows for a test run of the backup. It outputs to the screen what would happening during a backup, but doesn’t actually touch any files. This can be run with the following command:

/usr/bin/rsnapshot -t hourly

If you are noticing anything in the output that shouldn’t happen, double check your configuration file.

If everything looks good, the initial backup can be run using the following command:

/usr/bin/rsnapshot hourly

Automating the backup

Now that rsnapshot is configured we want to configure a cronjob to automate the backup. To do this open crontab using the following command:

sudo crontab -e

Note: If this is the first time you are using crontab you will be asked to choose an editor. Pick whichever editor you are most comfortable with.

Add the following lines to the bottom of the file.

0 * * * * /usr/bin/rsnapshot hourly
30 3 * * * /usr/bin/rsnapshot daily
0 0 * * 1 /usr/bin/rsnapshot weekly
30 2 1 * * /usr/bin/rsnapshot monthly

Save the file and exit.

In the configuration section we’ve set how long backups are going to be kept. To break this down:

  • A snapshot is taken every hour over a 24 hour period
  • A snapshot is taken daily at 3:30 am
  • A snapshot is taken every Monday at 12:00 am
  • A snapshot is taken on the first day of the month at 2:30 am

The older versions will be removed as per the retention policy in the configuration policy.

And that’s it – you have an automated system that takes snapshots of your home directory and stores those files on a local drive.

Now that you’ve automated your backups with rsnapshot, you’ll have plenty of time to browse my other blog posts!

Automating backups with RoboCopy and PowerShell

Backups are important and you should live by the 3-2-1 rule.

That is: 3 copies of a file; 2 copies on site, 1 copy off site

Backups should be automatic where possible. If you are manually backing up data, there is a good chance data wont get backed up as often as you hoped.

You should also test your backups regularly!

RoboCopy, short for “Robust File Copy”, is a command line utility included within Windows. It can be used to create backups of files and directories. There are many tools and programs for backing up data, but sometimes the free tools that come with the operating system are all you need.

We are going to backup files from an internal hard drive onto an external hard drive that is always plugged in. This will work well for hard drive failure, but wont be a great backup against ransomware.

Automating tasks is great for productivity. Especially if you can reuse scripts from other tasks.

To get started, first open PowerShell as an administrator. We need to create a folder to store our basic script. In your PowerShell window enter the following command:

New-Item -Path "c:\" -Name "scripts" -ItemType "directory"

And now change into the new directory:

cd c:\scripts\

Now we are going to create the batch file to run RoboCopy. Do that with the following commands:

New-Item -Name "backup.bat" -ItemType "file"
Add-Content -Path .\backup.bat -Value "robocopy D:\ E:\ /B /MIR"

We have now created a script to backup drive D to drive E – of course you may need to adjust drive letters to suit your system.

RoboCopy with copy drive D to drive E using backup mode. This allows RoboCopy to override the file and folder permissions that may prevent a file being copied. MIR copies the complete directory tree. This keeps the second drive as an exact mirror of the first.

Now we want to make sure this script runs daily. We can do that using PowerShell to configure a scheduled task. Enter the following commands:

$action = New-ScheduledTaskAction -Execute 'cmd.exe' -Argument '/c start "" "C:\scripts\backup.bat'
$trigger = New-ScheduledTaskTrigger -Daily -At 1pm
$principal = New-ScheduledTaskPrincipal -LogonType S4U

You will be asked to enter the username for the Administrator account, then follow on with the next command:

Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName "Backup D Drive" -Description "Daily Backup of Drive D"

You now have a scheduled task that copies the content of drive D to drive E every day at 1pm – leaving you more time to browse my blog!

Resizing MBR Partition FreeBSD

Recently, the FreeBSD virtual machine that hosts my internal wiki got low on space. I had not provisioned a large enough virtual hard drive when creating the VM. When you want to store all the things in the wiki, you will need all the space. So, I will guide you through the steps for increasing the MBR partition size in FreeBSD.

First things first: Backup the important data

Second: Backup the important data

Now that you’ve got your data backed up, lets have a look at our current drive usage. This can be done using the following command:

df -Ph
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/da0s1a 120G 27G 84G 24% /
devfs 1.0K 1.0K 0B 100% /dev

Because I didn’t know I was going to blog this, my drive already has enough space. But because I’m greedy, and want to educate others, I will resize the drive to 256GB.

Let have a look at our current hard drive partitions. You can do this using gpart:

gpart show
=>       63  268435393  da0  MBR  (128G)
63 1985 - free - (993K)
2048 268433408 1 freebsd [active] (128G)

=> 0 268433408 da0s1 BSD (128G)
0 260046848 1 freebsd-ufs (124G)
260046848 8386560 2 freebsd-swap (4.0G)

I powered off my VM and provisioned more drive storage. Powered it up again and ran the above command a second time. You can see the newly acquired free space.

=>       63  536870849  da0  MBR  (256G)
63 1985 - free - (993K)
2048 268433408 1 freebsd [active] (128G)
268435456 268435456 - free - (128G)

=> 0 268433408 da0s1 BSD (128G)
0 260046848 1 freebsd-ufs (124G)
260046848 8386560 2 freebsd-swap (4.0G)

Before resizing a partition we are required to get rid of the swap partition. First of all disable swap with the following command:

sudo swapoff -all
swapoff: removing
/dev/da0s1b as swap device

We can now delete the swap partition. Ensure the index matches the index of the swap-partiton and the drive identifier corresponds with the correct drive in the BSD section.

sudo gpart delete -i 2 da0s1

Before we can use the free space we need resize the MBR section.

sudo gpart resize -i 1 da0

Confirm the freespace has moved to BSD using gpart.

gpart show
=>       63  536870849  da0  MBR  (256G)
63 1985 - free - (993K)
2048 536868864 1 freebsd [active] (256G)

=> 0 536868864 da0s1 BSD (256G)
0 260046848 1 freebsd-ufs (124G)
260046848 276822016 - free - (132G)

You will also see the swap partition is gone.

Now we want to resize the hard drive – be sure to leave enough create a new swap partition.

sudo gpart resize -i 1 -s 252G -a 4k da0s1

That will leave me with 4GB to create a swap drive which can be done with the following command:

sudo gpart add -t freebsd-swap -a 4k da0s1

Check that the partitions have been resized and created using gpart:

gpart show da0s1
=>        0  536868864  da0s1  BSD  (256G)
0 528482304 1 freebsd-ufs (252G)
528482304 8386560 2 freebsd-swap (4.0G)

Now we need to enable the swap drive and grow the file system to fit the new partition. This can be done with the following commands:

sudo swapon -a
sudo growfs /

You will need to confirm that you wish the resize the partition. Did you remember to make a backup?

Device is mounted read-write; resizing will result in temporary write suspension for /. It's strongly recommended to make a backup before growing the file system. OK to grow filesystem on /dev/da0s1a, mounted on /, from 124GB to 252GB? [yes/no]

We can check our partitions again with gpart:

gparts show
=>       63  536870849  da0  MBR  (256G)
63 1985 - free - (993K)
2048 536868864 1 freebsd [active] (256G)

=> 0 536868864 da0s1 BSD (256G)
0 528482304 1 freebsd-ufs (252G)
528482304 8386560 2 freebsd-swap (4.0G)

If everything looks good, we can then check our hard drive usage with the following command.

df -Ph
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/da0s1a 244G 27G 198G 12% /
devfs 1.0K 1.0K 0B 100% /dev

And there is it – You have now resized your partitions and can store all the files the way data hoarders intended.

Python 3 KeePass Dictionary Attack

Github: https://github.com/0x6A6F7368/KeePassDictionaryAttack

A few years back I created a python script for a class I was teaching on password security. It is a basic script to run a dictionary attack against a KeePass database. Being that Python 2.7 EOL date is quickly approaching, I thought I might change my script to suit Python 3 – and do a quick blog post on how to run the new script.

First of all you will need to download and install the libkeepass module. This can be done using pip. If you haven’t installed pip3 you will need to do this first.

sudo apt-get install python3-pip
pip3 install libkeepass

Create a directory to store the script, and then change into the newly created directory.

cd ~ && mkdir keepassdictionaryattack
cd keepassdictionaryattack

You can supply your own password list as password.txt or download one of the many available online. I am using the 500 worst passwords list I found on Daniel Miessler’s GitHub.

Download the passwords and rename the file to passwords.txt

curl -O https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Common-Credentials/500-worst-passwords.txt

mv 500-worst-passwords.txt passwords.txt

Now, download the KeePass Dictionary Attack script.

curl -O
https://raw.githubusercontent.com/0x6A6F7368/KeePassDictionaryAttack/master/KeePassAttack.py

Copy a KeePass database into ~/keepassdictionaryattack and then run the script.

python3 KeePassAttack.py

If the KeePass database is using a weak password, you may gain access to the database and all the goodies inside.

Installing and Using Git and GitHub on Ubuntu

GitHub is a web-based hosting of the version control system, Git. It allows for teams to easily work on projects, share code, and monitor versions. GitHub has both free and paid services depending on your needs.

This is just a simple tutorial to show you how to install and Use Git and GitHub on Ubuntu.

Notes: Before we get started if you are using GitHub with 2FA, you will need to setup a Personal Assess Token. This can be generated at https://github.com/settings/tokens

Also, if you do not wish to share your email address publicly, you can use your GitHub noreply email address. It will be in the form of [email protected] and can be found at https://github.com/settings/emails

You email address will also need to be verified. Information on this can be found at: https://help.github.com/articles/verifying-your-email-address/

Installing and Using Git and GitHub on Ubuntu

To get started we will need to install Git on Ubuntu. To do this enter the following command into terminal.

sudo apt install git

Once completed, you will now need to set your username and email address. These are your GitHub username and your GitHub noreply email address.

git config --global user.name "username"
git config --global user.email "[email protected]"

Now change to the Home Directory and create your first Git Repository.

cd ~ && git init MyFirstGit

If successful you should see the message: Initialized empty Git repository in /home/owner/MyFirstGit/.git/

Change into the newly created directory

cd MyFirstGit

Create a simple README file and add some text. This can be done with an editor of your choice. A quick sample is shown below.

echo "This is MyFirstGit" > README

Now you can add the file to the index and record changes to the repository

git add README
git commit -m "First commit to GitHub"

Now you need to create a repository on GitHub. This can be done via: https://github.com/new

The repository will need to share the same name as the folder you created earlier, i.e. MyFirstGit. You can leave Initialize this repository with a README unchecked as we have already created this file.

This is a fairly simple procedure but if you get stuck detailed steps can be found here: https://help.github.com/articles/creating-a-new-repository/

Upon creating a new repository you will be given the links to the repository, which should be similar to: https://github.com/username/MyFirstGit.git

We can now add the files to GitHub

git remote add origin https://github.com/username/MyFirstGit.git
git push -u origin master

You will be prompted to enter your username and password (or Personal Access Token if you are using 2FA).

You will now be able to share code and monitor versions the way Linus Torvalds intended.

Holiday Season maintenance for Family and Friends

The holiday season is quickly approaching – during which, many of us will visit (or be visited by) family and friends. If you’re employed in any role that involves using a computer you will no doubt be bombarded with technical questions over the silly season.

This is just a few simple tasks I’ve put together to help family and friends have a better computing experience and be more secure – and possibly save you from having to remove the same junkware from their machine again next holidays.

Windows

  • Remove the junk: AdwCleaner seams to clean up most of the rubbish that users manage to install. It is offered for free by Malwarebytes.
  • Run Disk-Cleanup: If it hasn’t been done for a while, it will free up quite a bit of disk space.
  • Ensure operating system is up to date: No doubt there will be many friends or family members saying their computer “isn’t going to work” after January. Time to upgrade to Windows 10. If Windows 10 is out of their price range check out Ubuntu (Or Lubuntu for older hardware).
  • Install Google Chrome (If you are Privacy conscious maybe look at Mozilla Firefox).
  • Install uBlock Origin & HTTPS Everywhere
  • Modify the HOSTS file using the HOST file from someonewhocares: It might break the advertising links at the top of a Google search if this is going to be a problem.
  • Ensure AV is up to date: Use a paid AV if possible (I recommend ESET) If paid is not possible ensure Windows Defender is enabled on Windows 10.
  • Create a new Administrator account: and set the main user as a Standard user. Don’t keep the password to yourself, otherwise you will get many phone calls from your family and friends every time they need to change a setting. Running as a standard users prevents malware or other nasties from running as administrator as they stealthily try to execute in the background.

MacOS

  • Install latest patches for macOS: If device is too old and slow (or running an unsupported OS) consider installing Lubuntu.
  • Install Google Chrome (If you are Privacy conscious maybe look at Mozilla Firefox).
  • Install uBlock Origin & HTTPS Everywhere
  • Create a new Administrator account: and set the main user as a Standard user. Don’t keep the password to yourself, otherwise you will get many phone calls from your family and friends every time they need to change a setting. Running as a standard users prevents malware or other nasties from running as administrator as they stealthily try to execute in the background.
  • If using a Mac ensure the inbuilt firewall is enabled.

iOS

Turn on Passcode or Face ID: Settings > Touch ID & Passcode (Face ID & Passcode) > Turn Passcode On.

Turn on Automatic Updates for iOS: Settings > General > Software Update > Automatic Updates = On.

Android

Passwords

Talk about Passwords: Yes Passwords suck, but sucky passwords suck more. Teach them about diceware. Need a gift idea? Buy a family member a diceware password. Help to setup a password manager. KeePassXC works well, and I have had many clients find 1Password nice and easy to use.

Help configure 2FA – You probably don’t want to setup up all their accounts with 2FA but perhaps start with important things like email and banking. If you have a tech savvy friend or family member perhaps a YubiKey would be a good gift.

If I have missed anything feel free to let me know and I’ll add it!

Use NotePad ++ like Vim with ViSimulator

If you come from a *nix environment, you would at some stage used Vi or Vim. Some people love it, some people hate it. While I am not a Vim power user, I do find the keyboard shortcuts come in very handy.

On Windows my editor of choice is Notepad ++. As the name suggests it is a “plus” version of Windows Notepad. I won’t go into details of Notepad ++ here, but you can visit their website to find out more.

To make Notepad ++ feel more like Vim we can install the plugin, ViSimulator. This can be enabled via the Plugins menu.

From the Plugins menu navigate to Plugin Manager & click Show Plugin Manager.

Scroll down the list until you see ViSimulator for Notepad ++. Tick the box and then click install.

Notepad ++ will require and restart, follow the prompts to restart now.

Once Notepad ++ restarts you can now enable ViSimulator.

To do this Click the Plugins Menu, navigate to ViSimulator, and then click on Enable ViSimulator.

You can now use Vim commands in Notepad ++

Don’t worry you can still quit the program by clicking the X!

Dumping NTLM Hashes

Since discovering Hashcat, password cracking has become somewhat of a hobby of mine – even enough to buy the first video card in about 15 years (not much of a modern gamer)

Although the card is nothing flash – GT750 – it does the job. We all start small.

Having physical access to a machine most likely means you will not need to crack a password to gain access to data on the device (bootable Linux USB) but sometimes its all about knowing the password itself. The password could be the keys to the kingdom.

And I am curious about what people pick for passwords. I am kind of pasionate about password security.

I do get clients on a daily basis who have forgotten passwords for their home Windows machines, and while I can easily backup their data, I like to also tell them that their password was Petsname1 (or some other “creative” conconcton) and that its time to start using more secure passwords. Because reasons.

Grabbing a NTLM hash is as easy as Backbox, Bkhive, Samdump2…

The reason I use Backbox is I find it boots on everything I need it to boot on. And the reason I used bkhive to dump the system key rather than just using samdump2 to dump key and hash is that is was not dumping properly and I was getting incorrect keys, and incorrect/uncrackable hashes. Im just showing the way that works for me.

Getting the Hash

  1. Boot up from Bootable BackBox USB
  2. Open Terminal
  3. Mount victim hard drive
  4. Change directory to directorywheredrivewasmounted/Windows/System32/config
  5. type in bkhive SYSTEM key.txt – now from a forensic point of view this is going to make a file right there in the config folder that someone could possibly find later on – even if you delete
  6. type in samdump2 SAM key.txt > hashes.txt – again from a forensics point of view this file is being written to the local drive and could be discovered later on

You now have a file, hashes.txt, that contains the hashed password of each user from that machine.