Month: June 2017

Home / Month: June 2017

I Passed eMAPT Certification

June 20, 2017 | Publication | No Comments

Two days ago, I had completed my journey in eMAPT (eLearnSecurity Mobile Application Penetration Tester) certification. The certificate ID is eMAPT-117 which can be verified here. This is my second certification process and I am glad that I pass this.

So what’s the fun in eMAPT?

As eLS said, eMAPT certification is really practical. It uses no multiple-choice style of exam. In the certification process, I was tasked to create a program to exploiting the vulnerabilities in certain application. Worry not. In the MASPT (Mobile Application Security and Penetration Testing) course, the course provided for eMAPT certification, we can learn many things from the basic and fundamental concept. I can say that eLS had done a good job elaborate the course materials with lots of labs experience.

Oh, the course itself has two sections. One for Android and another one for iOS.

That’s for it. I won’t spoil the fun more than it is.

It’s been a while after my latest post about “building something”.

Lately I want to download some files from vulnhub site. Since some months ago I accidentally delete my collection (which are not touched often), I have to redownload most of them (16 pages). Manual download is not an option as I rarely stay at home with rather stable home connection. It is also not possible for me to use torrent when I am doing onsite pentesting. Therefore I decide to build a dedicated box for torrent activity.

The next section is about the requirements I need and the solution I have. If, for whatever reason, you want to know the steps of building then you can skip the next section.

Requirements

What I want is a small box with sufficient resource, supplied by stable connection. It would sits in my room, connected to internet and can be remotely controlled wherever I am. PC is overkill for this task, besides I don’t have working PC right now. The alternative is single board computer. From many options I have (Raspberry Pi, Beagleboard, ODROID, etc) I pick ODROID. It might be subjective but my ODROID XU4 has 2 slots of USB3, which some SBCs don’t have.

Storing downloaded files on a single SD card is not wise. I use one of my external HDD as storage, connected via USB3, should be fast enough.

There exists some implementation of bittorent client for linux. But I use Transmission. It works fine.

When I said “the box should be able to remotely controlled wherever I am”, I didn’t mean to give it a dedicated IP address. It’s obviously mandatory for us to keep our box behind the firewall. So for this goal, I need a rendezvous point, a tunnel, a middleman which will redirect all traffic between my box and me. It’s not port forwarding on router. I don’t have access to that. To solve this, I can use socat or ssh tunnel for creating two open end tunnel. However, I need simple and reliable solution so I use service for that. Either ngrok, PageKite, and Forward are suitable but I choose ngrok.

Setup

0. Minimal Setup

I use ODROID XU4 as BSC. You can read the user manual here.

The operating system I choose is Ubuntu minimal, which can be downloaded here. I only need linux as base system and no need fancy GUI so ubuntu minimal is perfectly fine.

Consult the user manual to burn the image to uSD card. Though some aspect is different you can use this article as guide.

1. Component Installation

Don’t forget to update the package list and confirm that we have working connection

apt-get update

Install transmission.

apt-get install transmission-cli transmission-common transmission-daemon

Like other service, transmission is composed of a daemon (transmission-daemon) that manage all bittorrent activities and clients. The transmission-cli is a client program, use CLI.

Check whether the service is working fine.

service transmission-daemon start
service transmission-daemon stop
service transmission-daemon reload

Don’t forget to enable it.

systemctl enable transmission-daemon

Next we need to install ntfs-3g package to mount NTFS partition. We also need unzip to unzip files and screen to create a background job elegantly.

apt-get install ntfs-3g unzip screen

2. Disk Configuration

In this article, I mount my disk on /mnt/disk0. I also create a directory on /mnt/disk0/transmission with following subdirectories for torrent operation.

mkdir /mnt/disk0
ntfs-3g /dev/sda1 /mnt/disk0
mkdir /mnt/disk0/transmission
cd /mnt/disk0/transmission
mkdir completed incomplete torrents

3. Configuration Script

Transmission daemon need a configuration script in /etc/transmission-daemon/settings.json to run properly. If the service is restarted or stopped then started, a new configuration file is created (overwriting the old one) so if we have customed the script then we need to reload the script. However accident might happen, thus we move the original file to safe location and link it.

mv /etc/transmission-daemon/settings.json /opt/transmission-settings.json
ln -s /opt/transmission-settings.json /etc/transmission-daemon/settings.json

Next we configure it. There are some settings I change so you should adjust it to your case (trunked)

"download-dir": "/mnt/disk0/transmission/completed",
...
"incomplete-dir": "/mnt/disk0/transmission/incomplete",
"incomplete-dir-enabled": true,
...
"rpc-authentication-required": true,
"rpc-bind-address": "0.0.0.0",
"rpc-enabled": true,
"rpc-password": "[email protected]",
"rpc-port": 9091,
"rpc-username": "ursa",
"rpc-whitelist": "127.0.0.1,*.*.*.*",
"rpc-whitelist-enabled": true,
...
"umask": 2,
...
"watch-dir": "/mnt/disk0/transmission/",
"watch-dir-enabled": true

To enable remote connection, we need RPC. It will listen on port 9091, ready for taking command. I don’t want the box is left without authentication so we need to supply one. On my In this example I need to supply “ursa” as username and “[email protected]” as the password.

4. Setting up Rendezvous Point

To use ngrok service we are obligated to have valid identity there. Sign up here to begin. You need to get an API key which will be used by ngrok.

Download the “agent” into our box. As the ODROID is an ARM board, we need the ARM version of ngrok. Extract and authenticate.

wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-arm.zip
unzip ngrok-stable-linux-arm.zip
mv ngrok /usr/local/bin/ngrok
ngrok authtoken <your auth token here>

Ngrok need tio remain running for functioning tunnel.In some case it is not possible therefore we need to run ngrok on detachable session. Screen is used for that.

screen

There we are on a screen session. Run the ngrok, create a tunnel for tcp port of 9091.

ngrok tcp 9091

Read the endpoint described there. It should be a domain of ngrok with some port.

To exit, first CTRL+A and then press D. We are out of screen session but the ngrok is still running on that session.

Testing

Download Transmission Remote GUI. Click on Torrent – Connect to Transmission – New connection. Fill the URL offered by ngrok earlier and don’t forget to enable authentication.

Social media & sharing icons powered by UltimatelySocial