tag:blogger.com,1999:blog-7038445000657801622024-02-19T02:25:34.881-08:00infoSecStudent Bloginfosecstudenthttp://www.blogger.com/profile/08290389896648378144noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-703844500065780162.post-31186427677829269992020-04-05T10:56:00.001-07:002020-04-05T11:05:34.451-07:00Using Flameshot (Linux) or Greenshot (Windows/Mac)Learned about some pretty cool screenshot tools from Heath Adams Udemy course Practical Ethical Hacking - the Complete Course today.<br />
<br />
Documentation provided in a deliverable report to a client is arguably the most important part of any penetration testing/red team/etc engagement.<br />
<br />
Screenshots are always needed as part of the report, and Heath mentioned using two tools. <a href="https://getgreenshot.org/" target="_blank">Greenshot</a> for Windows/Mac and <a href="https://flameshot.js.org/" target="_blank">Flameshot</a> for Linux.<br />
<br />
Ubuntu is my primary operating system so I wanted to give it a test drive.<br />
<br />
Installing on Ubuntu is very simple<br />
<br />
<b><i>sudo apt install flameshot</i></b><br />
<br />
Searching for flameshot in Ubuntu's application finder, will show three items. <br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGCKGUWcVOcy7OycKfda8XolS7totY_8jTlBBKxAw9o0qtXwYVhGHMt7guexA19UvMW3PBXmI1eKifU6sArD1Gpz-AS2SrpW3GkTMsFqcOAMxyYfqdv0-kivXjnU9d-2uWB9LqIL_u8ok/s1600/flameshot.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="278" data-original-width="905" height="98" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGCKGUWcVOcy7OycKfda8XolS7totY_8jTlBBKxAw9o0qtXwYVhGHMt7guexA19UvMW3PBXmI1eKifU6sArD1Gpz-AS2SrpW3GkTMsFqcOAMxyYfqdv0-kivXjnU9d-2uWB9LqIL_u8ok/s320/flameshot.png" width="320" /></a></div>
I added "Take graphical screenshot" to Favorites in order to be able to quickly/manually launch the tool.<br />
<br />
You can remap the print screen (PrtSc) key on the keyboard to automatically launch the tool. Click <a href="https://www.infosecstudent.com/2020/04/flameshot-remapping-print-screen-key-in.html" target="_blank">here</a> to view my tutorial on remapping the keyboard binding.<br />
<br />infosecstudenthttp://www.blogger.com/profile/08290389896648378144noreply@blogger.com0tag:blogger.com,1999:blog-703844500065780162.post-12637662529035827442020-04-05T10:54:00.004-07:002020-04-05T11:01:09.305-07:00Flameshot - Remapping Print Screen Key in UbuntuIf you would like to be able to quickly launch <a href="https://flameshot.js.org/" target="_blank">Flameshot</a> using the print screen (PrtSc) key on the keyboard in Ubuntu Linux, do the following.<br />
<br />
Launch Settings<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9P62ALeAcU1GSWhzUUJPYYNML74VfkAeBygXVuO59Jv_fVSbee4oUqnbzU3_8V0kY2xxwRuwZsvBBe2Qdp80XVp4qee9USAp35Y7kVirIeXUv-1or4eOR8n4jy3MFHF86xUVX-EuuLOY/s1600/settings.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="33" data-original-width="39" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9P62ALeAcU1GSWhzUUJPYYNML74VfkAeBygXVuO59Jv_fVSbee4oUqnbzU3_8V0kY2xxwRuwZsvBBe2Qdp80XVp4qee9USAp35Y7kVirIeXUv-1or4eOR8n4jy3MFHF86xUVX-EuuLOY/s1600/settings.png" /></a></div>
Go to Devices -> Keyboard<br />
<br />
Using search, look for screen, click on the highlighted Save a screenshot to Pictures (currently set to Printscreen (PrtSc keyboard key.)<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjs-966SgolK6N1YUe-P12aFKD9bPXhMXOgxpE_kn6WqFXSQA0Ttr_RkVUlROoN8jsRVMwfon0KuVXz4uJR9XfJJRh4TXrme1w47gvLVb1pQqU3RhmlQm0OSs5BRD5BGj8vI1aBgGgfGnc/s1600/keyboard-devices.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="692" data-original-width="984" height="225" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjs-966SgolK6N1YUe-P12aFKD9bPXhMXOgxpE_kn6WqFXSQA0Ttr_RkVUlROoN8jsRVMwfon0KuVXz4uJR9XfJJRh4TXrme1w47gvLVb1pQqU3RhmlQm0OSs5BRD5BGj8vI1aBgGgfGnc/s320/keyboard-devices.png" width="320" /></a></div>
<br />
<br />
<br />
<br />
Press the backspace key on the keyboard and it will disable the mapping.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMYjWGoA9VOz_vTVAESF7yROyEd_-uQFMRmwpUfgPYFN5YyvxBV1w2IYEQt06iJh5T7t9pZJ4bSGvZHCXkK7jEQOmwE7Quz14NXUgolwYjQf1EWBbr6wmprHXCze0Bzws-SeglptrjL1A/s1600/shortcut1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="219" data-original-width="464" height="151" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMYjWGoA9VOz_vTVAESF7yROyEd_-uQFMRmwpUfgPYFN5YyvxBV1w2IYEQt06iJh5T7t9pZJ4bSGvZHCXkK7jEQOmwE7Quz14NXUgolwYjQf1EWBbr6wmprHXCze0Bzws-SeglptrjL1A/s320/shortcut1.png" width="320" /></a></div>
Click on Set.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUP9ieHythR7GKzx77jvMNckZuvxbQJLDDbTcRK7cPZSKoHhlElYXDKR_cSL3TAhmZCHcrIGgRG6PNEUJQLWURAs8Gz5gMT8jRGTWPSr3RCPdG8_WIiakufYgKAKZMQWDz8tEC80l4W30/s1600/shortcut2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="226" data-original-width="467" height="154" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUP9ieHythR7GKzx77jvMNckZuvxbQJLDDbTcRK7cPZSKoHhlElYXDKR_cSL3TAhmZCHcrIGgRG6PNEUJQLWURAs8Gz5gMT8jRGTWPSr3RCPdG8_WIiakufYgKAKZMQWDz8tEC80l4W30/s320/shortcut2.png" width="320" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
We now need to create a new mapping. Scroll all the way to the bottom of the keyboard shortcuts (remove your search query) and click the plus (+) button.<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvE34wUGaxFAScfcYOpkJgzRleSxvjzQO-AWQDL6WYIakhBI9p9CVUjIr8r-6DzaAytOUkFcoq0f78WqXEbaOyX7xjRysyqdahxyou7m789HaqLNwU9B7YT68zfWXsm3ibhO2u2T_SAAU/s1600/plus.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="53" data-original-width="631" height="26" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvE34wUGaxFAScfcYOpkJgzRleSxvjzQO-AWQDL6WYIakhBI9p9CVUjIr8r-6DzaAytOUkFcoq0f78WqXEbaOyX7xjRysyqdahxyou7m789HaqLNwU9B7YT68zfWXsm3ibhO2u2T_SAAU/s320/plus.png" width="320" /></a></div>
<br />
Name it something you will remember, and for the command path type in the path to Flameshot. <br />
<br />
You will most likely want the graphical user interface to launch so add<br />
<br />
/usr/bin/flameshot gui. Click on the X to close the window out.<br />
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5pDayLnD12is1GuQ5JwXv6UIDr2M-1FEPVBmCXqEZQfCkbpMM8y-WhJ7iamzqmRS6Y5t2s2lfyUBNrBzkzvxrxQDnMhnhgXh9AE1QEWFl1R32vdYXMUqbUxzTsxZPmHq7S0aEzGbfVpA/s1600/custom-shortcut.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="226" data-original-width="460" height="157" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5pDayLnD12is1GuQ5JwXv6UIDr2M-1FEPVBmCXqEZQfCkbpMM8y-WhJ7iamzqmRS6Y5t2s2lfyUBNrBzkzvxrxQDnMhnhgXh9AE1QEWFl1R32vdYXMUqbUxzTsxZPmHq7S0aEzGbfVpA/s320/custom-shortcut.png" width="320" /></a></div>
<br />
<br />
Pressing the print screen (PrtSc) key on your keyboard should now launch Flameshot.<br />
<br />
<br />infosecstudenthttp://www.blogger.com/profile/08290389896648378144noreply@blogger.com0tag:blogger.com,1999:blog-703844500065780162.post-51707863677696304292020-01-25T09:27:00.001-08:002020-01-25T09:28:14.390-08:00Python3 Version of simpleHTTPserver or Where Did SimpleHTTPserver Go in Python3For those familiar with using python 2's simpleHTTPserver, it is a fast and easy way to start up a web server that can show contents of a directory.<br />
<br />
<br />
In Python 2.X running <i><b>python -m simpleHTTPserver</b> </i>starts a web server on port 8000 from the current directory.<br />
<br />
In Python 3.X the new way to start up a simple http server is <i><b>python3 -m http.server</b></i><br />
<i><b><br /></b></i>
By default the webserver spawned will use port 8000. You can specify a port after http.server<br />
<i><b>python3 -m http.server 9000</b></i><br />
<br />
<br />
Starting http server:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRhymxGn7Y6J_ffdqbWzPVoTnNs1IzEu9UXqvOUOgit6oeyG8z1pu_F96xD3lkwE2mrW6alhvGTfyP25IlL4px8R8wR3NSxntkptmHkZZsvOOJIEyEWEz-ZhCLGBqnOVHJcbYiMhiWEGE/s1600/Screenshot-python.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="693" data-original-width="802" height="276" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRhymxGn7Y6J_ffdqbWzPVoTnNs1IzEu9UXqvOUOgit6oeyG8z1pu_F96xD3lkwE2mrW6alhvGTfyP25IlL4px8R8wR3NSxntkptmHkZZsvOOJIEyEWEz-ZhCLGBqnOVHJcbYiMhiWEGE/s320/Screenshot-python.png" width="320" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Browsing the web server, locally with http://localhost:8000, notice you can now view/download/etc files from the directory the script was run from. </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhoMPE0og8uWld7wGW4d9-cTuXZxUeIH_rC_RuGBpSbO7Dlx6pC_qQrLwAqE3N85zuUQDonyJ9LKNKr8mWDObidIN8HgZw1SWT5e0u0cDf2klTRqSMLnOu8v6f7uPZXN7GyeRXWzhV42U/s1600/Screenshot-firefox.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="693" data-original-width="802" height="276" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhoMPE0og8uWld7wGW4d9-cTuXZxUeIH_rC_RuGBpSbO7Dlx6pC_qQrLwAqE3N85zuUQDonyJ9LKNKr8mWDObidIN8HgZw1SWT5e0u0cDf2klTRqSMLnOu8v6f7uPZXN7GyeRXWzhV42U/s320/Screenshot-firefox.png" width="320" /></a></div>
<br />infosecstudenthttp://www.blogger.com/profile/08290389896648378144noreply@blogger.com0tag:blogger.com,1999:blog-703844500065780162.post-24680265872727453302020-01-11T09:35:00.001-08:002020-01-11T09:36:24.320-08:00Quickly Update Kali Linux Date/Time with NTPA quick way to update the system date/time on Kali when not accurate is to restart the ntp service.<br />
<div>
<b><br /></b></div>
<div>
<i><b>service ntp restart</b></i><br />
<br />
As long as your Kali machine has Internet access, the system date/time should automatically update.<br />
<br />
Another handy command to use on Kali is the <i><b>service --status-all</b></i> command to show all running services.<br />
<br />
If you are curious what a service is doing, check the logs with <i><b>journalctl -u servicename</b></i> (ntp.)</div>
infosecstudenthttp://www.blogger.com/profile/08290389896648378144noreply@blogger.com0tag:blogger.com,1999:blog-703844500065780162.post-61011295351073304292017-07-29T20:25:00.001-07:002017-07-29T20:25:27.053-07:00Palo Alto PA-220 - Web Interface Initial Management AccessIf you followed my previous post <a href="http://www.infosecstudent.com/2017/07/palo-alto-pa-220-initial-configuration.html" target="_blank">Palo Alto PA-220 Initial Configuration - Micro USB</a> if you issue the following command from the operational prompt <i>show interface management </i>you can see how the RJ-45 MGT port on the front of the PA-220 is configured.<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCII2BIHIc35bKCiQ9EQ5v21SkCk5OZvdOIhnN_wmTBuG1ESzZ7mpPRGXmLgTyI8zfaQgqtmnzxL6IujXobOeiHw7MEuVzL8wxSFA2uxBjiwZX7YMTEE7C0iRcXrBG3N2piZm3j8AOqIE/s1600/show-interface+-+Copy.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="526" data-original-width="987" height="170" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCII2BIHIc35bKCiQ9EQ5v21SkCk5OZvdOIhnN_wmTBuG1ESzZ7mpPRGXmLgTyI8zfaQgqtmnzxL6IujXobOeiHw7MEuVzL8wxSFA2uxBjiwZX7YMTEE7C0iRcXrBG3N2piZm3j8AOqIE/s320/show-interface+-+Copy.PNG" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><i>show interface management </i>command.</td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
</div>
By default the management port is configured with a 192.168.1.1/24 IP address. The quick start guide also references this.<br />
<br />
You will need to configure the network interface card on your management workstation to be on this network for connectivity to the MGT port on the front of the firewall. 192.168.1.2-192.168.1.254 are valid IP addresses to use on your workstation. Below are screenshots from a Windows 10 workstation showing the setting of an IPv4 address.<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEJGjSPDAS4TljbtQ0jk2QA0rJ1E-QZ53Y9rzQrUCZEwv9KJJjMAQwqFIduYqE9VOkKOgvnKH1PInr85alLEr7mcKslhzEUF60bkEFpKHLCfws50mLdPYsAQwqMxUxYGNGTDdkNsVUnJk/s1600/network-properties+-+Copy.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="749" data-original-width="559" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEJGjSPDAS4TljbtQ0jk2QA0rJ1E-QZ53Y9rzQrUCZEwv9KJJjMAQwqFIduYqE9VOkKOgvnKH1PInr85alLEr7mcKslhzEUF60bkEFpKHLCfws50mLdPYsAQwqMxUxYGNGTDdkNsVUnJk/s320/network-properties+-+Copy.png" width="238" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">For the network card to be configured, click on the above to set an IPv4 address. </td></tr>
</tbody></table>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeGZ5bZqUWRyKJFjIJ1M9A4ypGSiImMY02Fpw9neDdncyqnCGfuvKEXizbHexRjD7Z7kmS3REWqJSaDSRXgiUWJExgr7OBV4ybL3nf12SL_eWkO8uvsjeBipRS8u0drtAnhsr_BbQkZdA/s1600/network-properties2+-+Copy.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="685" data-original-width="597" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeGZ5bZqUWRyKJFjIJ1M9A4ypGSiImMY02Fpw9neDdncyqnCGfuvKEXizbHexRjD7Z7kmS3REWqJSaDSRXgiUWJExgr7OBV4ybL3nf12SL_eWkO8uvsjeBipRS8u0drtAnhsr_BbQkZdA/s320/network-properties2+-+Copy.png" width="278" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Assign an IP address on the same network as the MGT (management port of the firewall.) Click ok and close. </td></tr>
</tbody></table>
<br />
The firewall comes pre-packaged with an RJ-45 cable, connect this to your management workstation and the MGT port on the firewall.<br />
<br />
In your web browser, type in the address of the MGT port https://192.168.1.1, you will most likely get a certificate error.<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtuGkcBhpZd8ax3ax8hiLdw5PoGvJVUxSHIkIT1XZDRMCuF8FNQonSxBbkIickvrTqcgO-2BClJFP84FE2JzZu6FM-phJdhjt1-ZazAhliVOtAos-wzuWmo4KUK0Ql-wVfYs6K8kV9Wh0/s1600/web-interface-1+-+Copy.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="760" data-original-width="1600" height="152" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtuGkcBhpZd8ax3ax8hiLdw5PoGvJVUxSHIkIT1XZDRMCuF8FNQonSxBbkIickvrTqcgO-2BClJFP84FE2JzZu6FM-phJdhjt1-ZazAhliVOtAos-wzuWmo4KUK0Ql-wVfYs6K8kV9Wh0/s320/web-interface-1+-+Copy.PNG" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Certificate error browsing to web interface of PA-220.</td></tr>
</tbody></table>
<br />
If you accept the certificate warning you should see a similar login form as pictured below.<br />
<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJ50CX0JGAabHuGADMAolJpOiNCVl0DW3mgPy6HqYB4GT11umvaeQz_nwuu2JBP0NSNRW5FPLAsji9S_Gx7tmOrqpQC011HGOVk4tly8XD7X_M-xJHy7q6KGI2Kf22Y3FsERjVba3Fva8/s1600/pa-auth-form+-+Copy.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="749" data-original-width="1600" height="149" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJ50CX0JGAabHuGADMAolJpOiNCVl0DW3mgPy6HqYB4GT11umvaeQz_nwuu2JBP0NSNRW5FPLAsji9S_Gx7tmOrqpQC011HGOVk4tly8XD7X_M-xJHy7q6KGI2Kf22Y3FsERjVba3Fva8/s320/pa-auth-form+-+Copy.PNG" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Administrative login page for the firewall.</td></tr>
</tbody></table>
<br />
Login with admin/admin the default credentials for the firewall.<br />
<br />
You will be warned each time you login that the device is setup with default credentials, and you need to change them. Go ahead and say ok. You may also see a message showing you all of the new features within PanOS.<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYf2cKO6V5SuO_eHN6k2l9LC45Pyv8xvaFapemnD3Zl0WwRxFspGNVbV_NrEQeBpMdTC0Tz7dnHF2gcRkI-8wNKojTcmXNF_HPB9cVkN9MHvaBwPHArYlEvP8XycryP_ApNfP28mpwiEo/s1600/dashboard-initial+-+Copy.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="840" data-original-width="1600" height="167" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYf2cKO6V5SuO_eHN6k2l9LC45Pyv8xvaFapemnD3Zl0WwRxFspGNVbV_NrEQeBpMdTC0Tz7dnHF2gcRkI-8wNKojTcmXNF_HPB9cVkN9MHvaBwPHArYlEvP8XycryP_ApNfP28mpwiEo/s320/dashboard-initial+-+Copy.PNG" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Initial dashboard screen. </td></tr>
</tbody></table>
From within the web interface, you can assign IP addresses to interfaces, change the default credentials, set firewall policy, etc.<br />
<br />
<br />infosecstudenthttp://www.blogger.com/profile/08290389896648378144noreply@blogger.com3tag:blogger.com,1999:blog-703844500065780162.post-15665035914941160022017-07-29T19:10:00.000-07:002017-07-29T19:10:14.603-07:00Palo Alto PA-220 Initial Configuration - Micro USB<div>
There are multiple ways to configure a PA-220 out of the box, via Web interface and the console ports. </div>
<div>
</div>
<div>
I have always used standard RJ-45 console ports before but never micro-USB. I thought I would connect the cable provided in the box to my Windows 10 laptop and give it a try. From the quick start guide, a link is provided for setting up the micro USB console port here: <a href="https://www.paloaltonetworks.com/documentation/misc/micro-usb-console.html" target="_blank">Palo Alto Networks Micro USB Console Port</a></div>
<div>
<br /></div>
<div>
The Microchip USB/driver is installed in Windows 10 by default. After connecting the USB cable to my laptop and the other end to the micro USB port on the front of the PA-220, I checked out device manager in Windows to see that it shows up as a USB Serial Device (COM4.) It may very well show up as a different COM port for you, so your mileage may vary. </div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-Nr6dheLYe0BD0PBo07qKBw6vi72FkRxu2mYSdoFpOUcXn0s0h7EeTBLypZRshjRJoXzvxxV-hVZH_0FJ2xEXnQEJaFICt5Ok7b0GTlQjToFNVMRPunazUmnqBAjZ81JGrUH8bL0bQUk/s1600/usb-com+-+Copy.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><span style="color: black;"><img border="0" data-original-height="58" data-original-width="326" height="56" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-Nr6dheLYe0BD0PBo07qKBw6vi72FkRxu2mYSdoFpOUcXn0s0h7EeTBLypZRshjRJoXzvxxV-hVZH_0FJ2xEXnQEJaFICt5Ok7b0GTlQjToFNVMRPunazUmnqBAjZ81JGrUH8bL0bQUk/s320/usb-com+-+Copy.PNG" width="320" /></span></a></td></tr>
<tr><td class="tr-caption" style="font-size: 12.8px;">Device manager screenshot, showing USB Serial Device (COM4) under Ports (COM & LPT)</td></tr>
</tbody></table>
<div>
<br /></div>
<div>
I always tend to use Putty for terminal emulation in Windows. You can find Putty here: <a href="https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html" target="_blank">Putty Download</a></div>
<div>
<br /></div>
<div>
In Putty you will want to select Serial and type in the COM port found in device manager. Leave the speed at 9600 as pictured below. </div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbwysurtxYhN260GsgvbyvEzfNWyog9XOMw8wA0A9rvFYcyp6TAGpYnopvHpCkysDioVoRindp1pm2SryPhcBDzdWc_WXeLIxgm47RE-ZEbBbw4Lkd-9_ErVRudkjprKikPA9EruLef3I/s1600/putty.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><span style="color: black;"><img border="0" data-original-height="351" data-original-width="675" height="166" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbwysurtxYhN260GsgvbyvEzfNWyog9XOMw8wA0A9rvFYcyp6TAGpYnopvHpCkysDioVoRindp1pm2SryPhcBDzdWc_WXeLIxgm47RE-ZEbBbw4Lkd-9_ErVRudkjprKikPA9EruLef3I/s320/putty.PNG" width="320" /></span></a></td></tr>
<tr><td class="tr-caption" style="font-size: 12.8px;">Putty settings for the micro USB console port.</td></tr>
</tbody></table>
<div>
When you click Open in Putty you should see a <i>PA-220 login:</i> prompt. </div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBR11c1YKboUaSW-4i2POvN4MRc5cW0jHAHMK6CzkRCrG9yT0Bjq3qY3DyzrbXfBQw_-Ut0n8gMDclRGCpdCrto8V99HoUZ7HGmHJDDDnY0KK9nEkmLMQwiGAQre8Yz66OyVSW6pwTRIw/s1600/PA-220-login+-+Copy.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><span style="color: black;"><img border="0" data-original-height="305" data-original-width="990" height="98" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBR11c1YKboUaSW-4i2POvN4MRc5cW0jHAHMK6CzkRCrG9yT0Bjq3qY3DyzrbXfBQw_-Ut0n8gMDclRGCpdCrto8V99HoUZ7HGmHJDDDnY0KK9nEkmLMQwiGAQre8Yz66OyVSW6pwTRIw/s320/PA-220-login+-+Copy.PNG" width="320" /></span></a></td></tr>
<tr><td class="tr-caption" style="font-size: 12.8px;">PA-220 login prompt</td></tr>
</tbody></table>
<div>
<br /></div>
<div>
Of note here, the PA-220 login prompt will only show up when the firewall has completely finished booting. Pay attention to the STAT LED on the front of the firewall, it will be ready to authenticate you when it turns GREEN <a href="http://www.infosecstudent.com/2017/07/palo-alto-pa-220-initial-hardware-setup.html" target="_blank">(from my previous post, this process may take around 9 minutes.)</a> <a href="https://www.paloaltonetworks.com/documentation/platforms/pa-220/pa-220-hw-ref/service-the-pa-220-firewall-hardware/interpret-the-leds-on-a-pa-220-firewall" target="_blank">Interpret the LEDs on a PA-220 Firewall</a></div>
<div>
<br /></div>
<div>
admin/admin is the default password for Palo Alto firewalls out of the box. </div>
<div>
<br />
After authenticating you should see the following prompt:</div>
<div>
<br /></div>
<br />
<div>
</div>
<br />
<div style="-webkit-text-stroke-width: 0px; font-family: "Times New Roman"; font-size: medium; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-decoration-color: initial; text-decoration-style: initial; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px;">
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="font-style: normal; margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcBez1J9XkL1FNhZ7AiHT-_3tJcRYDlgwYkCdjxxknbOh3AkatA2gnGSHUePDs3Ho6uOM2TrX6yF9-QgIqCxGJ6LVaymAHXbIinmEUb9aQEEsTyjOtqSC_YQ5YKwQLrJ8yDqMINygDYF4/s1600/PA-220-prompt+-+Copy.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><span style="color: black;"><img border="0" data-original-height="553" data-original-width="987" height="179" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcBez1J9XkL1FNhZ7AiHT-_3tJcRYDlgwYkCdjxxknbOh3AkatA2gnGSHUePDs3Ho6uOM2TrX6yF9-QgIqCxGJ6LVaymAHXbIinmEUb9aQEEsTyjOtqSC_YQ5YKwQLrJ8yDqMINygDYF4/s320/PA-220-prompt+-+Copy.PNG" width="320" /></span></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">PA-220 - Command prompt.</td></tr>
</tbody></table>
<div style="margin: 0px;">
If you type a question mark <i>? </i>you will see a list of commands available at this prompt. </div>
<div style="margin: 0px;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9t_cpYJdEET4fCPLS566HqxiUzZNPNmxFkRZ8tgWj4qZkgP3aqJC99-QoUvLDvfGXS0wPdSrSVI6saYcyikJB-vyv5qepMBQgTvYEM60C8ff7aHlnwnR7Kcrkm4yqBAfet1Jbef6aovo/s1600/question-mark+-+Copy.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="color: black;"><img border="0" data-original-height="557" data-original-width="991" height="179" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9t_cpYJdEET4fCPLS566HqxiUzZNPNmxFkRZ8tgWj4qZkgP3aqJC99-QoUvLDvfGXS0wPdSrSVI6saYcyikJB-vyv5qepMBQgTvYEM60C8ff7aHlnwnR7Kcrkm4yqBAfet1Jbef6aovo/s320/question-mark+-+Copy.PNG" width="320" /></span></a></div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
The > prompt indicates operational mode (i.e. non configuration mode.) </div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
You can execute various show commands, ping a device, reboot/restart the firewall or services from this mode of operation. </div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
If you type in a command, followed by a space with another question mark you can step through the commands to find the one you are looking for. </div>
<div style="margin: 0px;">
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx19MjyHKRhfNj8l2fyVdaNOr9RFmE5eWKpR4ZJkr-PZIGqIVeMEuIbjHPtxP-V1hQJRUQ6SUQf6X8rlBFA4Rx3Qqd0qgAmO8qrSqdcD3DxdlmWQRAL-NDXRwTc0Tr9cx0gA6YgXxrkK4/s1600/request-command+-+Copy.PNG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><span style="color: black;"><img border="0" data-original-height="571" data-original-width="986" height="185" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjx19MjyHKRhfNj8l2fyVdaNOr9RFmE5eWKpR4ZJkr-PZIGqIVeMEuIbjHPtxP-V1hQJRUQ6SUQf6X8rlBFA4Rx3Qqd0qgAmO8qrSqdcD3DxdlmWQRAL-NDXRwTc0Tr9cx0gA6YgXxrkK4/s320/request-command+-+Copy.PNG" width="320" /></span></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"><i>request ? command.</i> </td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br /></div>
<div style="margin: 0px;">
<br /></div>
</div>
infosecstudenthttp://www.blogger.com/profile/08290389896648378144noreply@blogger.com0tag:blogger.com,1999:blog-703844500065780162.post-91010409569590960062017-07-29T17:36:00.000-07:002017-07-29T17:36:14.876-07:00Palo Alto PA-220 Initial Hardware Setup<div class="separator" style="clear: both; text-align: center;">
<br /></div>
I recently had the opportunity to check out a Palo Alto Networks PA-220. Here is a breakdown of what shipped. I will have future blog posts to cover initial setup of the device.<br />
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNJ8PPgTAKHX43KxzYFVmcptpnb3xbi6EB3n8jlEF2U6MisuoFjuL8ablcr8JHr3noz0ZbtXJx1tkIjgrppRXb__ZXwHqdcJcMr52r31is8ziolc7VEU8NSp82myzPVPth5iy0EuC478U/s1600/pa220-inbox+-+Copy.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="377" data-original-width="638" height="189" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNJ8PPgTAKHX43KxzYFVmcptpnb3xbi6EB3n8jlEF2U6MisuoFjuL8ablcr8JHr3noz0ZbtXJx1tkIjgrppRXb__ZXwHqdcJcMr52r31is8ziolc7VEU8NSp82myzPVPth5iy0EuC478U/s320/pa220-inbox+-+Copy.png" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">PA-220 and accessories.</td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX3fxQHvWc6Gk-xs2j_K82S4YUQUMwN9kITuCDY5mz5hEFDXv-fyXqNa9JbBwS7DqwJE6dM64DdLtTQHgRdNegxhcRH22PXZRI7AZiAXTEqFWcdHAADgn-b2_Trs6A77exE8HZUL5Hn4k/s1600/pa220-accessories+-+Copy.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="480" data-original-width="640" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX3fxQHvWc6Gk-xs2j_K82S4YUQUMwN9kITuCDY5mz5hEFDXv-fyXqNa9JbBwS7DqwJE6dM64DdLtTQHgRdNegxhcRH22PXZRI7AZiAXTEqFWcdHAADgn-b2_Trs6A77exE8HZUL5Hn4k/s320/pa220-accessories+-+Copy.png" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Cables and mounting hardware.</td></tr>
</tbody></table>
After un-boxing the firewall, you will notice on the back of the firewall an option to connect two power adapters. By default, the firewall only ships with a single power adapter. The documentation references connecting a second power adapter to a separate circuit in order to provide power redundancy. <a href="https://www.paloaltonetworks.com/documentation/platforms/pa-220/pa-220-hw-ref/connect-power-to-a-pa-220-firewall" target="_blank">Connect Power to a PA-220 Firewall</a>, <a href="https://www.paloaltonetworks.com/documentation/platforms/pa-220/pa-220-hw-ref/pa-220-firewall-specifications/electrical-specifications" target="_blank">Electrical Specs</a><br />
<div>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU1tZ2BirMWKLCyDL-dCar4DLv7ryCCJoSPgt6w5quV4xmtrSCwXKNwb9IxsLC81kyXI8Ljjk_clPwG-e1wGsSWAUfI92965qeB1yO2uG9cuMjL04Y6XloPDExlJlGwZCD1oDxdyLAUD4/s1600/pa-rearview+-+Copy.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="163" data-original-width="639" height="81" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU1tZ2BirMWKLCyDL-dCar4DLv7ryCCJoSPgt6w5quV4xmtrSCwXKNwb9IxsLC81kyXI8Ljjk_clPwG-e1wGsSWAUfI92965qeB1yO2uG9cuMjL04Y6XloPDExlJlGwZCD1oDxdyLAUD4/s320/pa-rearview+-+Copy.png" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">PA-220 back view of power inputs and grounding post. </td></tr>
</tbody></table>
<br /></div>
<div>
On the front side of the firewall from left to right you will notice Ethernet ports 1-8 (10/100/1000,) a copper MGT (management) port (RJ-45,) a copper CONSOLE port (RJ-45) a micro USB console port and USB port.<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9f15srApxtqM5bUaorfrcLxwrDw3pSf_FQt7b2aXWtHw9RF-dxZfMvZfcerB68hphh9x_e72FoRtxyxCtnQE3M2xe16gfygAgNOxsTkPfqXEU5CcO5uTLmCw8QigPaHEXPzn9gd5NrLE/s1600/pafront+-+Copy.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="148" data-original-width="639" height="74" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9f15srApxtqM5bUaorfrcLxwrDw3pSf_FQt7b2aXWtHw9RF-dxZfMvZfcerB68hphh9x_e72FoRtxyxCtnQE3M2xe16gfygAgNOxsTkPfqXEU5CcO5uTLmCw8QigPaHEXPzn9gd5NrLE/s320/pafront+-+Copy.png" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">PA-220 front view.</td></tr>
</tbody></table>
<br /></div>
<div>
<br />
You will also notice the ever important indicator lights, HA, STAT, ALM, TEMP, and PWR. Here is a link to the Palo Alto website for interpreting the indicator LEDs: <a href="https://www.paloaltonetworks.com/documentation/platforms/pa-220/pa-220-hw-ref/service-the-pa-220-firewall-hardware/interpret-the-leds-on-a-pa-220-firewall" target="_blank">Interpret the LEDs on a PA-220 Firewall</a></div>
<div>
<span id="goog_1843243348"></span></div>
<div>
<br /></div>
<div>
When connecting power for the first time the PWR light should turn green, after a few minutes the TEMP and STAT lights should turn on. Once the firewall is fully booted the STAT light will turn from amber to green. ** VERY IMPORTANT NOTE ** The entire boot process on a PA-220 is around 9 minutes from power on to the STAT LED turning green for initial configuration. </div>
<div>
<br />
In my next posts I will cover initial setup of the PA-220.<br />
<br /></div>
<div>
<div>
<br /></div>
</div>
infosecstudenthttp://www.blogger.com/profile/08290389896648378144noreply@blogger.com3tag:blogger.com,1999:blog-703844500065780162.post-35282630085451963562017-07-16T13:20:00.002-07:002017-07-16T13:20:38.345-07:00Top Information Security PodcastsPodcasts are a great way of maximizing time spent exercising, driving places, etc and maybe even learn a few things along the way. This is a list of information security podcasts I am currently listening to and would highly recommend. <div>
<br /></div>
<div>
<a href="https://defensivesecurity.org/">Defensive Security</a></div>
<div>
<a href="https://risky.biz/">Risky Business</a></div>
<div>
<a href="http://podcast.wh1t3rabbit.net/">Down the Security Rabbithole</a></div>
<div>
<a href="https://7ms.us/">7 Minute Security</a></div>
<div>
<a href="https://danielmiessler.com/podcast/">Unsupervised Learning</a></div>
<div>
<a href="http://www.brakeingsecurity.com/">Brakeing Down Security</a></div>
<div>
<a href="http://www.timothydeblock.com/eis/">Exploring Information Security</a></div>
<div>
<a href="https://www.social-engineer.org/category/podcast/">Social Engineer Podcast</a></div>
<div>
<br /><div>
<br /></div>
<div>
</div>
</div>
infosecstudenthttp://www.blogger.com/profile/08290389896648378144noreply@blogger.com18