Sunday, April 5, 2020

Using Flameshot (Linux) or Greenshot (Windows/Mac)

Learned about some pretty cool screenshot tools from Heath Adams Udemy course Practical Ethical Hacking - the Complete Course today.

Documentation provided in a deliverable report to a client is arguably the most important part of any penetration testing/red team/etc engagement.

Screenshots are always needed as part of the report, and Heath mentioned using two tools. Greenshot for Windows/Mac and Flameshot for Linux.

Ubuntu is my primary operating system so I wanted to give it a test drive.

Installing on Ubuntu is very simple

sudo apt install flameshot

Searching for flameshot in Ubuntu's application finder, will show three items.

I added "Take graphical screenshot" to Favorites in order to be able to quickly/manually launch the tool.

You can remap the print screen (PrtSc) key on the keyboard to automatically launch the tool. Click here to view my tutorial on remapping the keyboard binding.

Flameshot - Remapping Print Screen Key in Ubuntu

If you would like to be able to quickly launch Flameshot using the print screen (PrtSc) key on the keyboard in Ubuntu Linux, do the following.

Launch Settings

Go to Devices -> Keyboard

Using search, look for screen, click on the highlighted Save a screenshot to Pictures (currently set to Printscreen (PrtSc keyboard key.)

Press the backspace key on the keyboard and it will disable the mapping.

Click on Set.

We now need to create a new mapping. Scroll all the way to the bottom of the keyboard shortcuts (remove your search query) and click the plus (+) button.

Name it something you will remember, and for the command path type in the path to Flameshot.

You will most likely want the graphical user interface to launch so add

/usr/bin/flameshot gui. Click on the X to close the window out.

Pressing the print screen (PrtSc) key on your keyboard should now launch Flameshot.

Saturday, January 25, 2020

Python3 Version of simpleHTTPserver or Where Did SimpleHTTPserver Go in Python3

For those familiar with using python 2's simpleHTTPserver, it is a fast and easy way to start up a web server that can show contents of a directory.

In Python 2.X running python -m simpleHTTPserver starts a web server on port 8000 from the current directory.

In Python 3.X the new way to start up a simple http server is python3 -m http.server

By default the webserver spawned will use port 8000. You can specify a port after http.server
python3 -m http.server 9000

Starting http server:

Browsing the web server, locally with http://localhost:8000, notice you can now view/download/etc files from the directory the script was run from. 

Saturday, January 11, 2020

Quickly Update Kali Linux Date/Time with NTP

A quick way to update the system date/time on Kali when not accurate is to restart the ntp service.

service ntp restart

As long as your Kali machine has Internet access, the system date/time should automatically update.

Another handy command to use on Kali is the service --status-all command to show all running services.

If you are curious what a service is doing, check the logs with journalctl -u servicename (ntp.)

Saturday, July 29, 2017

Palo Alto PA-220 - Web Interface Initial Management Access

If you followed my previous post Palo Alto PA-220 Initial Configuration - Micro USB if you issue the following command from the operational prompt show interface management you can see how the RJ-45 MGT port on the front of the PA-220 is configured.

show interface management command.
By default the management port is configured with a IP address. The quick start guide also references this.

You will need to configure the network interface card on your management workstation to be on this network for connectivity to the MGT port on the front of the firewall. are valid IP addresses to use on your workstation. Below are screenshots from a Windows 10 workstation showing the setting of an IPv4 address.
For the network card to be configured, click on the above to set an IPv4 address. 
Assign an IP address on the same network as the MGT (management port of the firewall.) Click ok and close. 

The firewall comes pre-packaged with an RJ-45 cable, connect this to your management workstation and the MGT port on the firewall.

In your web browser, type in the address of the MGT port, you will most likely get a certificate error.

Certificate error browsing to web interface of PA-220.

If you accept the certificate warning you should see a similar login form as pictured below.

Administrative login page for the firewall.

Login with admin/admin the default credentials for the firewall.

You will be warned each time you login that the device is setup with default credentials, and you need to change them. Go ahead and say ok. You may also see a message showing you all of the new features within PanOS.

Initial dashboard screen. 
From within the web interface, you can assign IP addresses to interfaces, change the default credentials, set firewall policy, etc.

Palo Alto PA-220 Initial Configuration - Micro USB

There are multiple ways to configure a PA-220 out of the box, via Web interface and the console ports. 
I have always used standard RJ-45 console ports before but never micro-USB. I thought I would connect the cable provided in the box to my Windows 10 laptop and give it a try. From the quick start guide, a link is provided for setting up the micro USB console port here: Palo Alto Networks Micro USB Console Port

The Microchip USB/driver is installed in Windows 10 by default. After connecting the USB cable to my laptop and the other end to the micro USB port on the front of the PA-220, I checked out device manager in Windows to see that it shows up as a USB Serial Device (COM4.) It may very well show up as a different COM port for you, so your mileage may vary. 

Device manager screenshot, showing USB Serial Device (COM4) under Ports (COM & LPT)

I always tend to use Putty for terminal emulation in Windows. You can find Putty here: Putty Download

In Putty you will want to select Serial and type in the COM port found in device manager. Leave the speed at 9600 as pictured below. 

Putty settings for the micro USB console port.
When you click Open in Putty you should see a PA-220 login: prompt. 

PA-220 login prompt

Of note here, the PA-220 login prompt will only show up when the firewall has completely finished booting. Pay attention to the STAT LED on the front of the firewall, it will be ready to authenticate you when it turns GREEN (from my previous post, this process may take around 9 minutes.) Interpret the LEDs on a PA-220 Firewall

admin/admin is the default password for Palo Alto firewalls out of the box. 

After authenticating you should see the following prompt:

PA-220 - Command prompt.
If you type a question mark ? you will see a list of commands available at this prompt. 

The > prompt indicates operational mode (i.e. non configuration mode.) 

You can execute various show commands, ping a device, reboot/restart the firewall or services from this mode of operation. 

If you type in a command, followed by a space with another question mark you can step through the commands to find the one you are looking for. 

request ? command. 

Palo Alto PA-220 Initial Hardware Setup

I recently had the opportunity to check out a Palo Alto Networks PA-220. Here is a breakdown of what shipped. I will have future blog posts to cover initial setup of the device.

PA-220 and accessories.

Cables and mounting hardware.
After un-boxing the firewall, you will notice on the back of the firewall an option to connect two power adapters. By default, the firewall only ships with a single power adapter. The documentation references connecting a second power adapter to a separate circuit in order to provide power redundancy. Connect Power to a PA-220 FirewallElectrical Specs

PA-220 back view of power inputs and grounding post. 

On the front side of the firewall from left to right you will notice Ethernet ports 1-8 (10/100/1000,) a copper MGT (management) port (RJ-45,) a copper CONSOLE port (RJ-45) a micro USB console port and USB port.

PA-220 front view.

You will also notice the ever important indicator lights, HA, STAT, ALM, TEMP, and PWR. Here is a link to the Palo Alto website for interpreting the indicator LEDs: Interpret the LEDs on a PA-220 Firewall

When connecting power for the first time the PWR light should turn green, after a few minutes the TEMP and STAT lights should turn on. Once the firewall is fully booted the STAT light will turn from amber to green. ** VERY IMPORTANT NOTE ** The entire boot process on a PA-220 is around 9 minutes from power on to the STAT LED turning green for initial configuration. 

In my next posts I will cover initial setup of the PA-220.