Wednesday, May 11, 2011

Hacking Web-Based#1: XSS

Decided I would do a really quick post before I go out for the night...
Odds are I will edit it late to contain more information.

============== Cross Site Scripting (XSS) ===================

    Cross Site Scripting (henceforth know as XSS) is a way to manipulate a web page such that the page itself, or simply the link, contain the payload to be dropped on connecting clients typically using javascript and unbeknownst to the client connecting to the web server.                        

XSS exists because programmers forget to parse (analyze and scrutinize input before letting it get passed to a function) certain fields in a web form or search box which utilizes a javascript function on the input given to perform some task.
For Example, here is a typical form to sign up for a website

##User Name:  |________________|
##Password:   |________________|
##Confirm Password: |______________|
##email:   |_______________|
##Home Phone: |______________|
##Address:  |______________|

In this form, certain things are checked for (or should be checked for) such as: User Name can't contain any special characters (only A-Z, 0-9), the email field HAS to contain an '@' symbol, so that should be checked for to ensure a proper, or at least semi proper email address has been given...

But what if the programmer didn't do any input validation at all?...
A line of code in a function, whatever language you're writing in, looks something of the sort:

char* username = get_user_name("INPUT");

Where INPUT is a file descriptor pointing to standard-IN or a buffer already containing your input value. If the input has not been validated or checked at all, the following situation can arise:

INPUT = BoB_Faggit"); execl(cmd, "code to telnet back to attackers comp");

And when this input gets passed into get_user_name(), the following lines of code look like:

char* username = get_user_name("Bob_Faggit");
execl(cmd, "code to telner back to attackers comp");
continue with program...

This would cause browser to run malicious code on whomever was on this site... unfortunately, right now, that is only us. And we can't make someone else type in the malicious code manually and hit enter... so wat do?
Look at the URL of the page you are viewing that is vulnerable to XSS, odds are it is using PHP GET/POST functions to relay the data back and forth... this method causes the values entered to be passed along in URL parameters...
For Example: (PHP URL off top of my head... not very PHP familiar)

www.some_XSS_vulnerable_site.com/index.php?username=Bob&?phone=23489023&?etc,etc,etc...

Now, simply replace whichever value was vulnerable with your specially crafted payload:

www.some_XSS_vulnerable_site.com/index.php?username=Bob&?phone=234BoB_Faggit"); execl(cmd, "code to telnet back to attackers comp");&?phone=23489023

Now you have a link that, when sent to someone, will cause the malicious code to run. Of course, the code I provided does not work and is just a representation of what could be done.

A typical XSS attack is very simple and hard to avoid. The first and best way to avoid getting caught with your pants down is to always analyze links before you click them... the one in the previous example looks mighty suspicious... hopefully you wouldn't click it (though links can be obfuscated with URL encrypters and Base64 encrypters... but we won't worry about that now).
Also, most importantly... turn Javascript OFF by default... if it is ON by default, if you run across any XSS vulnerable links you could get infected without even knowing it.

To do this, in Firefox 4, go to Edit->Preferences->Content
and then uncheck/disable the "Enable Javascript" option...

Or do what I recommend and download the Firefox add-on "NoScript", it allows you to customize which sites you trust and will allows allow to run javascript, and blocks all other sites from utilizing javascript through XSS or ClickJacking methods.

Thursday, May 5, 2011

Hacking Forensics#1: Recovering Deleted Files

####  THIS IS A MUST READ. TRUST ME...  ####
 ===================================================
======== RECOVERING DELETED FILES OFF USED MEDIA =========
============ USING COMMAND LINE IN UBUNTU =============
===================================================

***DISCLAIMER: The information and techniques used in this tutorial are for education purposes only. They are to help you understand a forensic analysis on a hard drive using Linux. I am not responsible for what You may or may not do with any images or files you recover using the techniques provided in this tutorial. More importantly, I am not responsible for any damages you may cause on your hard drive due to improper use of the Linux "dd" command. Try this at your own risk... and read everything before you begin. Thank you, and ENJOY! ****************

-------------------------------------------------- INTRO ----------------------------------------------------------------
   
     I Know this is a LONG read, and maybe you don't have time to read it all right now... but this is the first Legit HACKING tutorial I have made and with it comes endless opportunity... I guarantee you will have fun with this tutorial and you will be quite surprised as to what you find...

     Perhaps you had some important files on a flash drive and accidentally deleted the folder the files were in because you thought it was empty. Perhaps you just formatted your computer like you regularly do every other month, but this time you realized you forgot to back up your files. Or perhaps you bought a phone off of Craigslist or eBay and the seller gave you their old SD card (and they deleted all the files off of SD card and formatted the phone before giving it to you). Whatever the case may be, unless the file was deleted with tools designed to do a Full and Proper delete... odds are nearly ALL the files that were on the phone can be recovered... here is how! ==

--------------------- DETERMINE YOUR DRIVE'S PATH WITH FDISK ----------------------

     Ok, so you want to do some forensic analysis on an image file of a hard
drive (.img), maybe a virtual hard drive (.vdk, in virtual box at least), a physical
disc or CD/DVD(.iso,.bin, etc etc), or any other file that represents the contents of a device or storage container. Well the first step, is to actually Create that container... Your hard drive is NOT already just one file ready to be poked and prodded. Linux has a useful tool for cloning drives and saving them as a single .img file, and this command is called "dd"... dd is a common Unix program whose primary purpose is the low-level copying and conversion of raw data.

First, determine where the drive is located in Ubuntu...
     In Ubuntu, every storage container is located at /dev/sd[LETTER][NUMBER]
where /dev/sda and /dev/sdb (when the Letters are different) are completely different drives (maybe two different drives on two different SATA connections in your computer, or maybe one drive IN your computer and one small 2GB flash drive plugged into the back of your computer)... and where /dev/sdc1 and /dev/sdc2 (same letter, different Numbers) are two different Partitions on the SAME physical storage container, such as Ubuntu on sdc1, and Windows XP on sdc2. Or maybe just Linux on sdc1 and the Swap partition that Linux uses for storing page tables outside of RAM in sdc2.
Either way... to see all the devices and any of their sub-partitions, type:

$>sudo fdisk -l

Which produces output like...
[SPOILER]
Disk /dev/sda: 1500.3 GB, 1500301910016 bytes
255 heads, 63 sectors/track, 182401 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000c5b3a

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1      180170  1447213056   83  Linux
/dev/sda2          180170      182402    17923073    5  Extended
/dev/sda5          180170      182402    17923072   82  Linux swap / Solaris

Disk /dev/sdb: 80.0 GB, 80026361856 bytes
255 heads, 63 sectors/track, 9729 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x182f182e

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1   *           1        9728    78140128+   7  HPFS/NTFS

Disk /dev/sdc: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x0009ca9a

   Device Boot      Start         End      Blocks   Id  System
/dev/sdc1   *           1      119370   958836736   83  Linux
/dev/sdc2          119370      121602    17923073    5  Extended
/dev/sdc5          119370      121602    17923072   82  Linux swap / Solaris

Disk /dev/sdd: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x4509da2d

   Device Boot      Start         End      Blocks   Id  System
/dev/sdd1               1      121602   976760536    7  HPFS/NTFS

Disk /dev/sde: 1967 MB, 1967128576 bytes
57 heads, 56 sectors/track, 1203 cylinders
Units = cylinders of 3192 * 512 = 1634304 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System
/dev/sde1               1        1204     1920955+   6  FAT16

[/SPOILER]

     By looking at the size where it says "Disk /dev/sd[ABCD][1234]: ##### MB/GB", you can determine which path relates to your device, mine is /dev/sde1 for this example.


---------------------------------- CREATING A .img FILE USING dd --------------------------------------

Now clone the device to a file with "dd"... type:

$>sudo dd if=/dev/sde1 of=./My_SD_Card_Image.img

     Where "if"/"of" stand for Input File and Output File respectively... and where you put the path to YOUR drive you want to recover in place of where I put "/dev/sde1"... This will take a while and will be extremely large... I am pretty sure it will be as large as the drive you are cloning... so Do Not attempt to clone your primary drive ON your primary drive... you might end up in the twilight zone with balls growing off your face or something... idk...
This will create a file named, in my case, "My_SD_Card_Image.img" in whatever directory you were in when you executed the previous "dd" command.

****Note: Remember where you created that file so you can type the path out in the next command. Or you can simply run all commands in the terminal from the directory you started in, this way everything will always just be refered to by the file name with no path before it since it is in your current working directory. ****


****MORE IMPORTANT NOTE: Do NOT... I repeat Do NOT get the "if=" and "of=" mixed up and switched... this can Potentially cause you to make a copy of some small flash drive or SD card or whatnot and have it OVERWRITE YOUR ENTIRE HARD DRIVE, or whatever was in the path you put in the "of=" part of the "dd" command. Double check yourself on those parameters before executing the "dd" command. (As long as you don't have some sort of /dev/sd[ABCD] as the parameter for "of", which you Never should anyways, you will be fine.)*********

----------------------------- INSTALLING AND USING FOREMOST ---------------------------------

     Now you have your image file. Hooray! Almost there! Now download a nifty little light weight program called "foremost". If you want to read about it or want to download it from the author's website, go to: http://foremost.sourceforge.net/.
Otherwise, it is in the Ubuntu repository and you can get it by typing:

$>sudo apt-get install foremost

     Ok, now Foremost is installed... go ahead and "man"(manual) foremost to see all of its commands and how it is supposed to be used etc etc... (man foremost)...
After typing "man foremost", certain flags should have caught your eye as to how to run this program to get the best results... Some of the Flags are:

-T = Timestamp the directory they are saved in so you can run it again in the future and it won't just rewrite over your old directory (will save in new one based off new time)
-v = verbose mode. Causes more information of the current state of the program to be displayed on the screen.
-t = type. Specify the type of files you're going to attempt to recover. If no -t parameter is give, the program looks for ALL types of files by Default.
-i = file (i = image). This is the flag you would give before specifying your image name, or the path to your image if it isn't in your current working directory.
-o = output directory. If "-T" isn't given, you must use "-o /directory/" to specify an output folder to save all of these recovered files into.

So, assuming you want to ONLY look for JPEG files to recover, your final command should look something like this:

$>sudo foremost -v -T -t jpg -i 2GB_SD.img

     A folder named something like "output_DAY_MONTH_#DAY-TIME-YEAR" should be created in whatever directory you were in when you ran the foremost command. Then, the terminal should spew out data looking like:

File: 2GB_SD.img
Start: Thu May  5 13:52:39 2011
Length: 1 GB (1967128576 bytes)

Num      Name (bs=512)         Size      File Offset     Comment

0:      00002433.jpg          71 KB         1245696      
1:      00002689.jpg          86 KB         1376768      
2:      00002881.jpg          50 KB         1475072
    .
    .
    .
    .
    .
8144:    01860033.jpg           30 KB       952336896     
8145:    01860097.jpg           20 KB       952369664     
8146:    01860161.jpg           35 KB       952402432     
8147:    01860289.jpg           42 KB       952467968     
8148:    01860417.jpg           35 KB       952533504     
8149:    01860545.jpg           44 KB       952599040     
**********|
Finish: Thu May  5 13:44:49 2011

8150 FILES EXTRACTED
    
jpg:= 8150
------------------------------------------------------------------

Foremost finished at Thu May  5 13:44:49 2011

     Now you should have a folder, with another folder inside it named "jpg" full of JPEG files that were recovered from the 2GB SD card (or whatever you took an image of)... in my case I recovered 8,150 JPEG files. While this may seem like a lot of pictures, keep in mind that MANY of them are duplicates... the same picture often times comes up like 9 or 10 times. Also, ANY picture you EVER viewed for whatever reason, even small thumbnails that you see but don't click on, is stored to memory at some point in time. Therefore all images from surfing the web countless numbers of time over and over have all built up and lots of them are still intact just sitting in an area of memory that isn't frequently accessed for whatever reason. That is the main reason that you can recover sooooo many pictures

     I find that the best way to sift through all the pictures is to have your "view" tab set to "Icons", instead of "List" or "Compact". This way you can just scroll through all the thumbnails and look for anything of interest... Hope you all enjoyed this post... the first "real" hacking tutorial... Happy Hunting!

------------------------------- MEMORY MANAGEMENT EXPLAINED ----------------------------

Wondering why some pictures come up repeatedly? Read on...

     Ok, so you download a picture from a website. That picture first gets stored somewhere in the browsers memory or cache (possibly a temporary files folder such as /temp/), before you even decide you want to keep it on your phone. THEN you decide you want to save it to your phone. The picture is then copied to which ever folder, and subsequent memory location, your pictures are stored in/at. Now, whenever you VIEW that picture it MAY be moved to a different address on the SD card which is the address for files currently being used (This is usually NOT the case... usually it would be loaded into your phones RAM for quicker access, however just like certain apps, such as Apps2SD, save Apps to your SD card, others may keep files in a specific area of the SD card as they run in order to not hog all of the phones RAM.) Then, if you go to send that picture to someone with an emailing App or your SMS app, the picture may get moved to another location as well... perhaps it gets moved to wherever your SMS app stores all the messages. You could argure that it just POINTS to the memory location of the picture and doesnt actually copy it... and maybe in some phones this is true (certainly makes sense). However, on Android phones and the iPhone if I send my friend a picture, and then delete that picture from my Gallery/My Photos and go back to my SMS messages and click the picture I just sent, it will open back up full screen just fine... Proving it is, yet again, somewhere else in memory. And you get the idea... this is why a particular picture may show up 10,20, sometimes like 50 times...

     You will be surprised what you are able to recover... memory management works in mysterious ways... you may find that the picture you deleted just a week ago is no where to be found (or maybe like 1/5 of it was recovered 2 or 3 times), but some picture that you took on your OLD Phone like 4 years ago is still perfectly in tact and is all over the phones memory in Several places... I could explain why this happens in depth... but it is beyond the scope of this tutorial and plus I have already written a novel lol...

------------------------------- DELETING FILES THE REAL WAY --------------------------------------

     So, you might be asking "But 123loaded, I deleted my files, why are they still there?!?"... good question. Your hard drive, or any media storage device that relies on zeros and ones to store data, is broken down into blocks of memory. These blocks vary in size, but the typical block size is roughly 512KB. When you tell your computer to "delete" a file that takes up 16 blocks (an 8MB file in this case), rather than go through and set ALL the bits to '0' or '1', the computer simply sets a flag in each block of memory to say "This block consist of garbage data, it Can be over written". Put more simply, there is one Bit (a 0 or 1), that is designated the "Write" bit. If it is set to '1', writing on that block of data is allowed, if it is set to '0', writing is Not allowed.

     To save time, modern operating systems do not actually delete what you ask it to delete. Instead, the delete operation just switches All "Write" bits to '1' throughout all blocks of memory associated with the specific file or files to be deleted. Therefore the computer does not recognize those blocks of data as having any information, and it ignore those blocks of data as if they're empty... however, ALL the data is still in tact and on the hard drive... someone just needs the right tools to search the drive while ignoring the bit that controls whether the data is relevant or not (as seen in above tutorial).

     A REAL deletion will go through EACH AND EVERY BIT of data and set it to all 0/1s... this can be accomplished in Windows with a program called CCleaner, or a few other good ones that guarantee your files cannot be recovered once you have chosen to wipe them. I think the next tutorial I do will be how to use CCleaner in Windows, and how to also permenantly delete files in Ubuntu so you are protected from someone on craigslist purchasing your old phone and SD card and turning you and your girlfriend into Original Content... Until next time, be careful who you sell used SD cards/flash drives/hard drives to, or even who you lend them to...


Enjoy... You are welcome =)
123loaded, making sure you are Also... Reloaded.

Sunday, May 1, 2011

Linux#3: Extracting RAR files and Tarballs

 ========== EXTRACTING .RAR FILES IN UBUNTU  =============

By default, Ubuntu's compressed files are tar balls (file.tar)
and often times are packaged further to be file.tar.gz or .tar.bz2
(this is conceptually equivalent to having a .zip in a .rar in Windows)

Anyways, .rar is a proprietary compression/archiving method and
Ubuntu cannot handle these types of file by default.
You must DL "unrar" and then unrar the file via the terminal.

$>sudo apt-get install unrar

Unrar is easy to use... just type "e" as a command to tell it
to extract the contents of the RAR file to the current directory...

$>sudo unrar e NAME_OF_FILE

And BAM, you're done...
========== EXTRACTING TARBALLS IN UBUNTU =============

IF you have an tarball, you should just be able to right click it and choose "extract here"
or "extract to..." and select a location and it will do it for you.
However, if it IS packaged twice, and you have SEVERAL .tar files after you open
and extract it the first time from tar.gz/tar.bz2, you can use the command line method
of using an asterix and the command tar to untar ALL files with a given extention.

****NOTE:**** This is because in linux, an asterix refers to ALL files... so *.jpg would refer to Anything with a ".jpg" extension... an example that you should already understand is the command to delete files, "rm"... you can use it with the "*" to delete all files of a certain type by doing "rm *.gif". This would delete ALL GIFS in your current directory. ****/NOTE****

Anyways, if you have a tar.bz2 that WILL give you many TAR files you need to extract at once, do the following from the original single file:

$>sudo tar -xjf whatever.tar.bz2 -C /path/to/destination_folder

// goto /path/to/destination-folder

$>sudo tar -xjf *.tar

So much WinRAR!

Wednesday, April 27, 2011

Linux #2: More Basics - Removing Directories

======================================================
-------- How to Remove Directories and the Files/Folders within Them  --------
======================================================

++++++++++++++ The Reason It Can Be Tricky +++++++++++++++++

Last time I taught you how to do some simple commands via the terminal in Ubuntu, including the ability to create directories. This time I will teach you how to remove directories. Removing directories is a fairly simple task... most of the time it can be done graphically via the GUI by simply right clicking a folder and choosing "Move To Trash". However, on occasion you will find yourself unable to do this because the folder has an icon of a lock next to it, signifying that You do not have permission to delete the folder or its contents. This is because as you go about normal activities in Ubuntu, you do Not have administrative/root privileges by default. The only way to gain root privileges is to type "sudo" into the terminal before any command you may want to execute. This is true for any and just about every command you will run... if it is of any importance, it will require you to type "sudo" before hand, and then prompt you for your account password.

+++++++++++  Removal Solely Via the Terminal  ++++++++++++++++

$>sudo rmdir /path/to/dir/to/be/removed
***NOTE: ONLY WORKS IF DIRECTORY IS EMPTY***

If there are other subdomains, AND they are empty, find
furthest subdomain, NAVIGATE TO IT (cd /path/ as explained earlier), and type:

$>sudo rmdir -p /removed/deepest/sub/dir/

This removes each parent directory, starting from the deepest directory. Which is subsequently equivalent to typing: [again, assuming All directories are Empty]
$>rmdir /removed/deepest/sub/dir/
$>rmdir /removed/deepest/sub/
$>rmdir /removed/deepest/
$>rmdir /removed/

However, the Easiest way to do this is to
use the "Recursively Remove Files" flag, -rf
This will recursively remove all folders and files within the domain...
ultimately doing what we wanted to do all along, minus all the bullshit...

sudo rmdir -rf /path/to/dir/to/be/removed/

This ^^^^^^^^^^^^^^^ is what you should take home from this post.

+++++++++++++  Getting All GOOEY To Do It  +++++++++++++++++

This still must start via the terminal, because typically everything does.
ProTip! Cool People use the terminal!
You are going to launch the program (nautilus in Ubuntu) which
manages file navigation graphically, as root, by typing:

$>sudo nautilus

but....
ProTip! (for realzies this time)... toss an ampersand after your command in order to break it free of still having to run inside the terminal and being virtually connected to the terminal as such:
$>sudo nautilus &


If no Ampersand[&] is placed at the end of your command, the GUI will open for you to navigate through files and folders with root access, but you cannot use that terminal because it will be tied up spitting out text output from the Nautilus program, and more importantly, if you decide to close the terminal, your window showing you whatever folder with whatever files will be closed immediately without warning (though the terminal will remind you it is running a program before it lets you close it completely. Though usually it does not specify what.)

Sorry I haven't posted in a while. Been busy doing this and that. Will post about this and that later in the future. Also, I think I am going to start posting MUCH more Advanced stuff really really soon, skipping the basics and just going back to them every now and then... Ultimately I want this blog to be something I can go back and reference when I need help with something soooo, there will be some good stuff in the soon to near future I promise!

Tuesday, April 12, 2011

Linux #1: Getting Started

Ok, so I determined that there is WAY too much shit in Ubuntu to put into one tutorial... it would be too long and time consuming. Therefore, I decided to break down the Linux tutorial into several different posts. This is good for me, however I feel it isn't the best route to go in terms of showing off the badassness of Linux right away... people may get caught up on a less-amazing, more-technical tutorial that really holds no interest, just necessary info... with this said, please wait until I have 5-6 Linux posts up, read them all, and then determine if you like Linux and give it a shot. Ok, so here we go!...
  --------------------  Setting up Keyboard Shortcuts   --------------------
Ok, so you have Ubuntu installed and your just staring at a blank desktop wondering what to do next and where to go. The first thing I do upon a fresh install of Linux is to create a quick-and-easy button combination to bring up a terminal (command prompt). As many of you know or may have guessed, Linux is very command-line driven. Really though, do Not let this scare you... you can get by using Linux without ever using command line tasks... but using the terminal to complete tasks is really what makes Linux extremely powerful and versatile as an Operating System. Anyways, to make a shortcut, do the following:
// Look at the top left corner of the screen
// There should be three things you can click... "Applications", "Places", and "System"
// Go to System->Preferences->Keyboard-Shortcuts
// Less than halfway down the list you'll see "Run a terminal"
// Double click the box/empty space to the right of where it says that
// Press a key combination that you would like to fire up a terminal
// Personally, I use SHIFT+CNTRL+A... close, quick, and easy.
// Click Close to close that window
// Press your unique keyboard shortcut and launch a terminal

   --------------------  Downloading New Programs   --------------------
Ubuntu is a very security conscious operating system... most of the programs you install onto Ubuntu you will not be going to a website, downloading, and then installing. Instead, the Ubuntu community has a repository of programs ready to be downloaded and installed. This repository is for convenience and security purposes. Think of it as the equivalent of Apple's App-Store, but less monopolistic. And similarly, like an iPhone, you can add third-party repositories so that you have many many more programs to choose from to download and install. However, this is not recommended since third-party repositories have not been thoroughly reviewed and inspected to insure no files are malicious or have been infected... I recommend not adding any third-party repositories in Ubuntu.
You can install programs through a GUI (Graphical User Interface) by going to:
// Applications->Ubuntu Software Center
and then searching for new programs and seeing which are rated best and most used. This is nice for finding new, popular programs, but the real beauty of Ubuntu shines through for users like myself, and many others, who already know Exactly what they want installed on their machine, and want to do it as fast as possible. To install programs the badass AND fast way, do the following:
// Fire up a terminal
// type "sudo apt-get install [program_name]" without quotes and with the name of the program you want to install inside the brackets
// you will be prompted to type in your password
// As you type your password, no letters appear on the screen, this is normal. Just type in your password and hit enter
// If the program is found in the repository, it will come back and tell you how much space it will take to install said program, and as you if you want to continue (Y/n?). Type "y", hit enter, and let it complete the install.
// Nothing else needs to be done, the program installed and should be able to be found by searching through the "Applications" tab.

****Keep in mind you must know the INSTALL name, not just the name... for example, when installing Virtual Box, one must type "sudo apt-get install virutalbox-ose" rather than just "virtualbox"****

Here are some programs I recommend you install, copy past if you want to install them:
~$>sudo apt-get install deluge                // GUI torrent client
~$>sudo apt-get install virtualbox-ose   // Virtual Machine client
~$>sudo apt-get install vlc                     // best media player ever
~$>sudo apt-get install pidgin               // IM client (AIM/Yahoo/MSN)
~$>sudo apt-get install xchat                // IRC client (like mIRC for Windows)
Also, I believe you can install things all at once just by putting a space in between them... ex.) "sudo apt-get install xchat vlc" will install xchat And VLC, prompting you to respond Y/N for one after the other has finished
================================================
 =============== Simple Terminal Commands =============
================================================
  --------------------------------- List Contents of a Directory  ---------------------------------- 

~$>ls                  // lists all files and folders in the current directory
~$>ls -la             // lists all files and folders (including hidden) and more info

 ---------------- Changing Directories and Navigating through folders ---------------

I am going to list the different ways to use the cd (change directory) command, and the information before the ~$> is the current directory you are currently in... blank means root, as far back as you can go (like My Computer in Windows), and ~ means "home" folder which will contain one folder with Your user name you logged in with (defined as user_name throughout this tutorial). Pay attention to the current directory after each operation to understand what it is doing.

~$>cd /home/user_name/Desktop             //changes directory to one specified
~/Desktop$>cd                                          //JUST "cd" goes to /home/user_name/
~$>cd /                            // "cd /" will go to ROOT folder, can't go back further
$>ls                                 // "ls" lists files/folders... just for figuring out where
etc                                   // we  might want to go for the sake of this example
bin
boot
home
cdrom
usr
var
lib
sys
media
mnt  ....... etc, etc, etc... few more folders... lets go to /etc/apt/...
$>cd /ept/apt/
/etc/apt$>cd ..                   // "cd .." navigates to parent directory (back one folder)
/etc$>cd                             // navigate to /home/user_name/ folder
~$>cd ..                             // navigate to parent directory (which will be home)
/home$>cd ..                      // navigate to parent directory again (root)
$> cd home                        // join /home/ folder
/home$> cd user_name       // go to /home/user_name/
~$>exit           // exits... and remember... ~$> is same as /home/user_name$>

  -----------------------------------  Making Directories  -------------------------------------------

~$>mkdir pR0n    // will make folder pR0n in current directory
~$>mkdir /home/user_name/Desktop    // will make folder pR0n on Desktop

--------------------------------  Practice, Practice, Practice!   -----------------------------------
Practice navigating your way in and out of folders and paths to get an understanding of where things are stored in Ubuntu... Use the "ls" command often so you can see what folders are available for you to navigate into. You can look into folders other than the one you are currently in as well... Lets say I am AT root, / , and want to see what is IN my Downloads folder, I can type "ls /home/user_name/Downloads" and it will print out a list of files and folders in my Downloads folder... and if you want to then navigate straight there, type "cd /home/user_name/Downloads", and now you are there! Now a simple "ls" without any path with print out the same thing as the first time because you are now telling it to print out a list from your current directory which is now your Downloads folder.
There is much much more on the way... and Eventually this will evolve into hacking tutorials, I promise... I just want everyone to have a chance to get on the same page. Thank you all! Please comment with any questions or criticism!

Friday, April 8, 2011

The Basics #4: Installing Linux (Ubuntu)

  -------------------- What is Linux? --------------------
Don't quote me on anything I say... I do have a Bachelor's Degree in Computer Science... but I'm still no expert. But Linux is an operating system, just like Windows XP, or Windows Vista (not in design but in the idea of what an Operating System is...). Linux is an off shoot of Unix, an old operating system that came about back in the day to compete with MS-DOS. Arguably, Linux can been seen as the GUI (Graphical User Interface) version of Unix, as Windows can be seen as a GUI of MS-DOS. Much like Windows has different versions (i.e. 95,95,2000,NT,XP,Vista, 7, etc), Linux has several different flavors such as Red Hat, Gentoo, Free BSD, Solaris, Cent OS, Ubuntu, and many many more; some which are free, and some which require a license. We are going to learn how to install Ubuntu, the flavor of Linux which, in my opinion, offers the easiest transition from Windows to Linux.
  -------------------- Where do I get Ubuntu?  --------------------
Ubuntu is free software and can be downloaded from www.ubuntu.com
Once on the site, determine whether you need Ubuntu for a desktop or a laptop, and whether you need a 32-bit version or a 64-bit version (If you are uncertain as to what your processor can handle, simply grab the 32-bit version since 64-bit processors are backwards compatible and can run 32-bit OSes just fine.)
Once this is determined, download Ubuntu in the form of an ISO image.
  -------------------- How do I install Ubuntu?  --------------------
Once the download of the ISO is complete, burn the image to a disc (CD or DVD, which ever your computer has a reader/writer for). If you are unsure how to do this, check out my last tutorial, The Basics #3, and install the appropriate software and the follow the instructions accordingly. After this is complete, stick the disc in your computer and reboot.
At this point you should be prompted with some options from the Ubuntu CD. The cool thing about the Ubuntu image you just burned is that you can choose to run a live CD of Ubuntu which allows you to play with and use Ubuntu without altering your computer At All... once you shut your computer down and remove the disc, your normal OS will boot up as if nothing happened.
If you are Not prompted with Ubuntu options (aka the CD did not run), this is because your CD/DVD drive is Not set as your #1 boot device. If this is the case, you can either permanently change the boot order in the Bios (see How To Access and Alter Bios) or catch the option to change the boot order just that once as your system boots up (see Changing Boot Order).
  -------------------- The Installation  --------------------
The installation is actually insanely straight forward and involves like 8 steps... I will edit this tutorial with exactly what to do at each step in a few days once I download the Ubuntu ISO myself and run it in a VM to see what exactly is asked etc etc... Don't worry though, this really is an easy step.

***** This happened to me a few times and my friend... Your following the install options and going along, and upon choosing your user name and password it just hangs, not allowing you to choose "Next"... even though everything is filled in and it isn't telling you anything is wrong. This is something that needs to be fixed by the Ubuntu community... luckily it isn't any big bug that will have you stuck for ever, it is just Ubuntu failing to tell you something: Your user name Cannot have capital letters in it. If you go back and make everything lowercase and with no spaces or any strange characters, the "Next" button will become available and you can continue on to complete the installation. *****

Good Luck All! If you go to try this and run into any problems, post a comment with your problem and I will help troubleshoot your issue.

PS. - The "How to Access and Alter Bios" and "Changing Boot Order" Tutorials are coming soon... in the meantime I am sorry if you were offended by the temporary link. ; )

Wednesday, April 6, 2011

The Basics #3: Disc Images and Virtual Drives

       ===============================================
         =================== Disc Images ===================
       ===============================================
                -------------------------  What is a Disc Image?  -------------------------
An image of a disc (henceforth known simply as an image), is essentially a snapshot of the raw data that is meant to be placed on a DVD or CD. An image simply refers to an archived file of an optical disc. Arguably, the most common type of image is an ISO image(International Standards Organization) which is a file-type ending with the extension *.iso. Any CD or DVD can be archived by .ISO format. It is a perfect digital copy of the original. The ISO image file is not stored in a container file, it is the raw data... a true copy. Simply put, an ISO image is an uncompressed collection of various files merged into one single resulting file(final_file.iso), which then must be burned onto some form of optical disc(CD/DVD/Blu-ray) to work properly.
            -------------------------  How do I manage/run Images?  -------------------------
In order for images to run properly, they must be burned on to optical disc and then inserted into a CD/DVD reader which will execute the files on the disc autonomously(most of the time the content of an ISO is some sort of installation disc that will prompt for install upon running the CD/DVD just like you would expect from any media on a disc that isn't just an audio CD or a data CD. So anyways, we must burn the ISO onto an optical disc in order to utilize the data stored within the image.
    -------------------------  What Tools are needed to burn ISOs?  -------------------------
If you are already running Linux , burning images is a native option and requires nothing more than inserting a blank disc and choosing "Burn contents as an Image". Windows on the other hand, as usually, needs a little help. There are quite a few options when choosing which image-burning software you want to use which include, but are not limited to:
-- Alcohol 120%
-- PowerISO / UltraISO / MagicISO
-- Daemon Tools (Pro / Advanced / Lite)
I recommend you download either Daemon Tools or Alcohol120% because these two programs allow you to create several virtual drives at once, where the PowerISO etc, etc. programs, as far as I remember, do not offer this functionality. I will explain virtual drives in-depth shortly, but for now download an image-burner of your choosing. Daemon Tools Lites is free and provides all the functionality we need and can be found at Daemon Tools Lite (Free). However, I prefer Alcohol120 because I am sometimes a bit of an alcoholic and really it's just what I've familiarized myself with the most (4 years ago when I still used Windows lol). So use your torrenting prowess learned in Basic-1 of my tutorials and obtain a 100% legal 30-day free trial of Alcohol 120% and you'll be good to go. *trollface.jpg*
      -------------------------  How to burn an ISO with Alcohol 120%   -------------------------
===> Launch Alcohol 120%
===> Choose "Image Burning Wizard"
===> When asked for an image to burn, selected "Browse..."
===> Find the image you would like to burn to a disc (.iso)
===> Make sure to uncheck "delete image when burn complete"
===> Choose the DVD/CD recorder that you want to burn the image with
===> Make sure that drive has the appropriate media in it (a CD or DVD)
===>Click "Next", "Next", etc, etc, "Burn Image"
===>Wait 5-10 minutes for image to burn (time depends on size)
===> ???????????
===> Profit.
        ------------------------- Using the burned ISO Image  -------------------------
Simply insert the disc into a drive that can read that form of media and let your OS do the rest. Usually there is an autorun.inif file on the ISO that tells Windows what to do upon initially reading the CD; if this is the case, you will be prompted with something telling you what the disc is about and telling you how to proceed. If someone failed at making an ISO (you can make custom images with whatever files you want on them... Alcohol120 has this option), after inserting the disc, navigate to the appropriate drive in My Computer, right click the drive and choose "Explore". This should list all the files and folders on the disc. Odds are there is a file called setup.exe if you are looking to install a program, otherwise you can find a file called video.avi if your looking for a movie, or whatever_I_want.extension if you are looking for something else on the ISO.

*****That was the old way to do it. The Windows Millennium way (super successful =p). The hard way. Unless you enjoy wasting time and resources (CDs/DVDs), the above mentioned method should be avoided. However, with that said, it is good to understand everything that is happening and it is good to know how to burn a physical copy of an ISO if one is ever needed.******

         ===========================================
         ================== Virtual Drives ================
         ============================================
                  -------------------- What is a Virtual Drive? -------------------
Ok, so now we know what an image is and that we must burn it onto an optical disc which has to be read by an optical drive before finally giving us our desired results. If we map that out we start with virtual media (software) in the form of a file (in this case an ISO image), and then we burn it onto a physical device (an optical disc), only to stick it Back into the computer so that it can be read by a particular piece of hardware, an optical drive. So if some sort of software application could simply mimic the behavior of an optical drive, the need to burn the image to a physical disc and re-insert the disc into our machine would be eliminated... enter virtual drives. A virtual drive is exactly what it sounds like, it is an optical disc reader that lives 100% in software and simply mimics the hardware actions a regular drive would perform.
             ------------------------- How do I get a Virutal Drive? -------------------------
Both Alcohol120 and Daemon Tools allow you to create virtual drives on your computer. I believe Daemon Tools limits you to 4 virtual drives because it is the free Lite version, and Alcohol120 allows you to have up to 31 virtual drives at once. Either program is fine since 4 virtual drives is plenty, 2 is more than enough... really you only need 1. Virtual drives appear an act like all of your other regular physical drives except for the simple fact that they don't exist... physically anyways. Alcohol120 by default activates 1 virtual drive on its own, but lets go ahead and give ourselves 7 more, for a total of 8 virtual drives...
->Go ahead and launch Alcohol120
->Under the Options box on the middle left-hand side choose "Virtual Drives"
->Where it says "Number of Virtual Drives: 1", change it to 8.
->Click "Ok" and close out of Alcohol120%
Now go to My Computer and look at your drives. You have your regular hard drive C, your first (and most likely only) optical drive is drive D, and then as you'll notice, you now have 8 additional empty DVD drives labeled E-L.
Congratulations!! You now have virtual drives on your computer!!
     ------------------------- How do I use the virtual drives? ------------------------
There are a few ways you can go about using the virtual drives that have been bestowed upon you... first you must know that the process of placing any external media devices (CDs/DVDs/flash drives/external hard drives/phones/cameras/etc/etc...) is known as Mounting those particular devices. So we want to mount our ISO onto one of our virtual drives. To my knowledge you can go about this one of three ways:
1) Launch Alcohol120, click Virutal Drives, and then on the left hand side select "Shell Extensions" to modify which files Alcohol120 should be responsible for taking care of by default. Select which ever ones you want (I selected them all since many I had not heard of, but if A120 can run them, good for it), but make sure to select ISOs(.iso),BINS(.bin), and CUES(.cue). Bin/Cue is another type of image just like an ISO except that one file gets mounted and the other doesn't... but they need each other to run. Anyways, bin/cue is beyond the scope of this TuT... make sure Alcohol120 is set to handle ISOs by default and select "Ok".
Now, find any ISO file you have and right-click the file. You'll notice that two new options appear in your right-click menu: "Burn image to disc" and "Mount Image". When you mouse-over "Mount Image" a list of your virtual drives that currently have nothing mounted to them appears; select a virtual drive and your good to go! If you selected drive H, go to My Computer and double click on drive H and it will launch the media mounted to the virtual drive as if it were a real physical CD/DVD/Blu-ray.
2) Start off by going to My Computer, find an un-mounted virtual drive, and then right-click it. One of the options is "Mount.." and upon mousing over it a new extended window pops out and says "Open...". This allows you to browse your computer for your ISO and select it to be Mounted. Then go ahead and double click the mounted virtual drive and viola, +10 intranetz.
3) You can go into the Virtual Drive settings as we have described earlier, and underneath  the number of virtual drives you want is the option to check a box that says "Mount Image to Device0 on Double-Click of Image File", which essentially will have Alcohol120% do everything for you and allow you to just double click an ISO image to run it.

*****Keep in mind that the virtual drives to Not un-mount themselves. Whenever you are done using an image, find the virtual drive that was/is hosting that particular image, right-click it and select "UnMount". This is the equivalent of "ejecting" a CD/DVD drive*****

Hope this Tutorial helped some people further understand images and how to use them. If you have any questions feel free to PM me and I'll do my best to help you out. The next Basic Tutorial will be a tutorial on installing Linux... so if you want to get a jump start, go grab the Ubuntu ISO for your desktop or laptop.