Tuesday, 20 August 2013

How to reset root password

1. Boot the machine and wait until GRUB Boot Loader comes up. Select recovery mode and then press e to edit.

2. Change the permission mode from ro to rw and modify boot loader file in init=/bin/bash and then F10 make the changes and reboot the system.

3. Once the system reboot, shell prompts you for the password to manage the system. Type passwd root and then type the desired password of your choice. Confirm the password and then hit enter. If new password and retype new password matches correctly, then you will get the message password updated successfully. Type shutdown -h now to press power button to shutdown the system and then boot the system again.

4. Type root and the new password. If you type the new password correctly, then you will desktop screen of Kali Linux.

Wednesday, 14 August 2013

Project Artillery

Project Artillery is an advanced active response tool for detecting attackers before they have the chance to hit the rest of your network. Project Artillery is an open-source Python-driven tool written purely in native Python. The purpose of Artillery is to provide a combination of a honeypot, file-system monitoring, system hardening, real-time threat intelligence feeds, and overall health of a server to create a comprehensive way to secure a system. Project Artillery was written to be an addition to security on a server and make it very difficult for attackers to penetrate a system. The concept is simple. Project Artillery will monitor the filesystem looking for any type of change, if one is detected, an email is sent to the server owner. If SSH brute force attacks are detected, notifications will be sent to the server owner, as well as ban the offending IP address.

Project Artillery has a built in threat intelligence feed that automatically blocks attackers known from other sensors deployed around the globe. The “Artillery Threat Intelligence Feed” (ATIF) is a number of TrustedSec owned servers strategically deployed around the globe and feeding real-time intelligence back to your Artillery installations. This allows you to be on a defensive ground for already known attackers prior to them ever hitting you. When Artillery is deployed, it contacts TrustedSec’s central intelligence feed to pull multiple Artillery sensors located around the globe into a realtime alerting system of attacker IP addresses. The Artillery systems you install will continuously pull the feeds in realtime and have coverage from attacker addresses prior to them hitting you.

One of the most effective features is the honeypot aspects of Artillery. Artillery will open a series of pre-defined ports that are commonly attacked. For example 135/445 (RPC/SMB), 1433 (MSSQL), 5900 (VNC), and many others. If an attacker attempts to port scan or connect to these ports, a random sequence of random data is sent back to the attacker to look as a strange protocol then bans the offending attacker. Using this method on the Internet yielded over 973 blocked offenders within leveraging it in a weeks timeframe

To download Project Artillery, you must utilize github and issue the following command: