Kali Broken - "Cleaning up temporary files"

I broke my Kali Linux. I was going wild with Burp Suite while forgetting I was low on disk space. Once I noticed the disk was full, it was too late. The system was too crashy to even use and I had to do a hard boot. Of course, once I did a hard boot it wouldn't come back up. The booting process would get stuck at "Cleaning up temporary files" and then eventually die at a blank screen. :(

I've documented the steps I used to fix it, minus a few wrong turns I took. :) Hope this helps someone:

1. Download Kali Linux in order to boot it live for the repair
2. Create bootable media from the ISO (I like YUMI)
3. Boot the live Kali to the GUI
4. Run the command df from Terminal and leave the results up for now
5. Open Thunar, right click the HDD with the broken Kali install and choose mount
6. Type the encryption password (this gave me an error which I just ignored)
7. Right click the LVM and start the multidisk
8. Wait a moment and then right click again and mount it. Unfortunately, this mounts it read only. No worries...
9. Run df again in order to determine what was mounted and where. Compare the 2 df outputs.
10. Now unmount it with: sudo umount /media/the-place-it-is-mounted
11. Create a new directory for mounting: sudo mkdir /media/hdd
12. Mount it as read/write: sudo mount -o rw /the/path /media/hdd (Replace /the/path with the partition you are trying to mount. You can determine this by comparing the results from the 2 times you ran df.)
13. Use chroot to make the mounted filesystem be treated sorta like you booted into it directly: chroot /media/hdd
14. Delete whatever you can to free up space
15. Clean up the tmp files: rm -r /tmp/*
16. Exit chroot: exit
17. Close Terminal
18. Go back to Thunar, unmount and stop the multidisk.
19. Reboot into the repaired Kali install!

Remember, always keep good backups!!

EDIT: @blackMOREOps just reminded me of something...Don't forget to clean the Trash folder! I did this and forgot to document. Thanks @blackMOREOps!



Repaired OS: Kali Linux 1.0.6, 32 bit
Live OS: Kali Linux 1.1.0a, 32 bit

A Prophesy

I hereby prophesy that on July 8, 2015 Troy Hunt (@troyhunt) will tweet about a weird blog where a guy claims to have prophesied about the Hacking Team compromise. Troy's tweet will look something like this:

I will even predict the URL of his tweet:

https://twitter.com/troyhunt/status/618909553892003840

You're welcome!

Make a Phablet With Free Out/Inbound VoIP Calls

I think we need one last Google Voice hack before Google potentially messes it up by moving it to Hangouts, don't ya think? Okay, how about turning your tablet into a phablet using Google Voice and Talkatone and having free calls in and out? What's a phablet? A hybrid between a tablet and a phone, of course! I just made my Android tablet a phablet by doing these simple steps:

1. Install the Google Voice app on the tablet
2. Install the Talkatone app on the tablet
3. Go to a web browser and add the Talkatone phone number to the Google Voice account

So where does the hacking come in? It's like this: Talktone only let's you receive calls for free, but not dial calls for free. Once your introductory free minutes are gone, you've gotta pay up in order to dial out. Unless you're me or you, that is! You see, we are going to call out by making the Google Voice app call IN to your Talkatone app. Wait, you mean one app will call the other app, all on the same device??? Yup!!!

When you need to dial out, just go to the Google Voice app and dial your friend's number but choose your Talkatone phone number in the dropdown menu. The next thing that will happen is that your Talkatone app will ring. Once you pick it up, it will start ringing your friend's number. Just like my previous Google Voice hack, we are basically dialing out by dialing in! Enjoy free unlimited outbound/inbound VoIP on your phantabulet!!!

Test HDD using smartctl and automate status

I quite often test hard drives using various vendor specific live environments like SeaTools, etc. But what if you want to use a (live) Linux distro? This is quite doable with smartctl which is a part of smartmontools.

Below are steps to do this, complete with a cool way to automate the status of the test appearing on the screen. Without automating the status, you will not receive any stdout notification unless you run a command manually. Remember, on some distros you will need to use sudo. Also, you will need to have smartmontools installed. If you don't know how to install it, there is plenty of info on Google on that. Keep in mind, some drives don't support SMART, which is lame.

1. Start with looking at your disks to get the filename of the disk as it appears in /dev.

fdisk -l

2. Once you've determined the disk you need to check, you can do a basic health status check. This is not authoritative but gives you a basic idea. Be sure to replace [sda] with your disk.

smartctl /dev/[sda] -H


3. If you want to geek out on every last detail of the status/health of your disk which is currently available you can do that, too.

smartctl /dev/[sda] -a


4. Okay, now it's time to start a test. You can run a short test or a long test, etc. but I always like to run a long test because it's more thorough.

smartctl /dev/[sda] --test=long


5. Smartctl has one downside. It doesn't show you a status of the test running in the background unless you run smartctl -a and find the result within that information. To make things easier, I've provided a way to automate the status of the test so that it scrolls down the screen showing the percent complete. It will also display "...completed" when it is finished.

watch -n 1 smartctl /dev/[sda] -a | grep 'execution\|remaining'

(Note the backslash followed by a pipe for OR.)


6. When the test is complete, you will still need to manually check the result of the test to see if there were errors.

smartctl /dev/[sda] -a

7. Near the bottom of the output will be a section that begins with: "SMART Self-test log structure revision number..." Right below that, you will see the result of recent tests with the most recent (yours) listed first. The status will be shown, including the LBA of the first error, if there are any.

8. Here are a couple of other useful commands...

Help (useful in live Linux distros that do not contain man pages): smartctl -h

Abort a test that is currently running: smartctl /dev/[sda] -X


Enjoy!

If this helped you, consider leaving a comment and saying hello!



Tested on...
smartctl: 6.0 2012-10-10 r3643
OS: AVG 2013-08-01 from live USB drive

Hack your DSL line to get phone service

When my ISP installed my DSL only service (no phone), the technician tested the line for a dial tone with a buttset. This got me thinking. I asked the technician why there was a dial tone if it was a dry loop with DSL only. He said that there is indeed a dial tone but that you can only dial 911 or receive calls. He said you can't call out to anything besides 911. I said to myself, "Wanna bet?"

I hacked it in under 5 minutes. Now I can call in and out, including free long distance. No, I didn't violate any laws or do anything highly technical. I just setup Google Voice! This saves me $20 a month. Now I'm not saying this will work with your DSL provider, but it did for mine so I thought I'd share.

Here's what I did:

1. Retrieved the phone number for my DSL service (this was provided to me when I signed up)
2. Added the phone to my existing Google Voice account with Gear icon>Settings>Phones>Add another phone
3. When Google Voice asked to verify my phone, I chose voice verification. My old POTS line phone rang and I typed in the 2 digit verification code.

That's it!

How dialing in works: If you dial my Google Voice number, it rings my home phone.

How dialing out works: Well, it's admittedly a bit clunky but I browse to voice.google.com, click call, put in the number, choose the "Phone to call with" and wait for it to ring. Once I pick up the phone, it connects me to the number I dialed from my browser. I can also do this from my Android device using the Google Voice app.

The beauty of this hack is that it dials out by dialing in. :)

Why have a home phone in the cell phone age? Well, cell phones are awesome but they run out of battery, get lost or damaged, etc. My home phone is powered by the phone line and sits there reliably on a shelf for when it is needed. Nice to have options.

Hope this helps someone save some money. Don't forget your DSL filter! If this helped you, leave me a quick comment.

Make UBCD's Parted Magic boot from a USB drive

I love UBCD. It's a bootable CD with tools to do everything from securely shred hard drives to modify Windows registry from Linux. I also love YUMI. It allows you to create a bootable USB flash drive with multiple operating systems on it and even has support for adding or removing specific distros without killing your whole setup.

One problem. If you use YUMI to create a bootable USB drive with UBCD on it, the bundled version of Parted Magic will not boot. Parted Magic is really awesome for rescuing systems, etc. so I was disappointed about this. I checked my md5sum and it was good but when booting from my USB drive it would complain that it couldn't find the sqfs. When I burned the very same ISO to a CD, Parted Magic worked fine, though!

After not finding the information on Google and banging my head against a wall for a while, I was able to figure it out. Here's what I did:

1. Download YUMI and UBCD and use YUMI to add UBCD to the USB drive. If you need help with that part, there's lots of info on Google.

2. Extract your downloaded UBCD ISO. There is lots of info on Google on how to extract an ISO, also.

3. Once you've extracted your ISO, look for the pmagic folder and copy it to the root of your USB flash drive.

That's it! Pretty easy but was a bit of a headache to figure out! Hope this post helps you! If so, please comment and say hello. I try to respond to as many comments as possible.

By the way, if you use WINE to run YUMI from Linux as I did, beware that YUMI cannot format the drive even if you use sudo. The only way I was able to use it from Linux (Kali) was to use a USB drive that already had YUMI on it (which I installed from a Windows box a while ago). In other words, you can only modify your existing YUMI install from WINE, you can't do the initial YUMI install. If anybody finds a way around this, please comment below and let me know! Also, don't forget you'll have to use winecfg to connect WINE to your USB drive.

Happy hacking!


Tested on:
Kali Linux 1.0
SanDisk 16GB USB flash drive
VirtualBox 4.3.10 r93012 (using raw disk hack to boot to USB drive)
wine-1.4.1
YUMI-2.0.0.3
Ultimate Boot CD V5.2.9
PMAGIC_2013_08_01

Plausible deniability of a hidden OS - Part 3

This is Part 3 of a 4 part post on using TrueCrypt to create a hidden operating system.

Links to each section:
Part 1 - (Un)boring intro with all the snazzy info
Part 2 - Setup your second partition
Part 3 - Setup your first partition (sounds backwards, I know) -- you are here
Part 4 - Other cool stuff -- COMING SOON


Part 3 - Setup your first partition


~So now that you have copied your operating system from Partition 1 to the inner volume of Partition 2 we need to securely wipe the contents of Partition 1. Otherwise, even if you reinstall Windows on Partition 1, someone with forensic capabilities may be able to recover the previous Windows installation Partition 1 and thereby build a case that you have a hidden operating system, etc.

 

~Using the default Department of Defense standard of 3 passes of random ones and zeros for wiping is quite adequate in my opinion. For utter paranoia, try additional passes -- though that could put your wipe time at days or weeks!...

 

~Click Wipe:

 

~Click OK here:

 

~More mouse fun! The more you move your mouse, the more securely and randomly Partition 1 will be wiped!

 

~Wiping in some cases can take all day/night, even at 3 passes. Other factors of course include the size and speed of your drive.

 ~Here is the success dialog:

 ~Click Exit:

 

~So now it is time to go ahead and install a fresh copy of Windows on Partition 1 as a decoy operating system. Just pop a Windows disc in there and install on Partition 1. (Don't accidentally install onto or delete Partition 2!!) Once that's done, download TrueCrypt onto the fresh decoy install and choose Create Volume. Then choose Normal since this will be the decoy installation and press Next:

~Choose Encrypt the Windows system partition...

 

~Choose Single-boot

 

~Make sure you select the same encryption algorithm here that you did when you created the inner volume on Partition 2. They must be the same because both the decoy and hidden operating systems use the same bootloader and there is a different bootloader for each algorithm.

 ~More mouse fun! Great to feel like you are a part of the process, huh? :-) Move that mouse for the greater good of your encryption strength!

 

~Click Next...

 

~Somewhere in there it asks you for the password. Can't remember at which point. (Oopsie.) Anyway, when it does, you need to enter Password A for the decoy operating system. Do you need any more sermons about secure passphrases and whatnot? Didn't think so. ;)

~It will also ask you about creating a rescue disc. Creating a rescue disc is pretty important, as you can see below. It might sound scary to have it laying around, but your system will still require the password even when using the rescue disc. It's not really a vulnerability any more than the presence of the bootloader itself which is put on your hard drive. Just make sure you put it in a safe place so you don't lose it.

 

~TrueCrypt creates an ISO and then helps you burn it to optical media as a rescue disc:

 

~The rescue disc is verified to make sure it was a good burn:

 

 ~Now we are going to tell TrueCrypt how we want the data wiped from Partition 1. Wiped again, you say? Yup. The last time we wiped Partition 1 was to wipe operating system from it that was copied to the inner volume of Partition 2. This time TrueCrypt is going to encrypt the decoy operating system and wipe the unencrypted version of it. If it didn't, then someone could potentially do forensics on Partition 1 and recover the unencrypted version of the decoy operating system. This would be especially bad for those who use their decoy system for activities which are of a lower level of sensitivity but sensitive, nevertheless. As stated earlier, the default of 3 passes should be quite adequate.

~As stated, this will take a while once it actually starts which will happen later...

 

~TrueCrypt is going to test everything before doing the final encryption and wipe. Click Test:

 

 ~TrueCrypt informs you that this is not the real thing and that actual encryption will not take place. However, if the test fails, then Window may fail to start. If this does occur, you can come back here and read the various options for repair. Hopefully, you will be good though.

 

~I scrolled down and took another photo:

 

~Time to test, then. Click Yes and then when your computer reboots it will prompt you for Password A. If you have any trouble, see the 2 previous images.

 

~After you've rebooted and typed Password A, hopefully this is what you are now looking at. TrueCrypt warns here that in the event of power loss or a system crash during the encryption process, data on the decoy operating system may be gone forever. I didn't mention backups sooner because I am assuming that you followed my advice in Part 2 and used a clean system with a fresh Windows install. So hopefully, you don't even need backups. If you do, read the instructions here on how to defer, backup data and then resume. If you don't need to make backups, then click Encrypt.

 

~The next 3 photos provide instructions on how to troubleshoot any potential future booting issues with the rescue disc... Press OK.

 

~TrueCrypt is now encrypting your decoy operating system on Partition 1! Folks, this is even more amazing than it may seem. It's actually quite remarkable. Think about it. What's happening here is that while booted into Windows (not a live environment!) TrueCrypt is encrypting the currently booted Windows AND wiping the non-encrypted version of it all on the fly without even rebooting. WHAT? How is that even possible? It's more magic from the TrueCrypt people!! If this doesn't make you feel like donating, what will???!!!

 

~If you want, you can setup additional non-system encrypted volumes to be mounted at boot up, but that is outside the scope of this article. 

 

~You can click Do not show this again here:

 

~But if you had clicked Show more information you would have seen this, which was shown earlier -- so not that big of a deal.

 

~Alright, let's test this baby! If you reboot, you should get the bootloader shown below. If you type Password A, you get the decoy operating system on Partition 1. If you type Password B, you will get the hidden operating system on the inner volume of Partition 2! Don't worry, if you press Escape it doesn't really bypass authentication as long as you have encrypted the drive (which you just did.) It would only work if you had a TrueCrypt bootloader sitting on top of an unencrypted system, which is not the case here.

 

~If instead of typing the password or Escape you press F8, you will get some options which you will hopefully never need. Most of these options are only there because this same bootloader gets copied to the rescue disc and would be run from there.

 

~Awesome! So you've set up your system! In Part 4 I will boot into a live CD just to prove out whether or not I can see the encrypted data and show you some cool stuff, so stay tuned!

Links to each section:
Part 1 - (Un)boring intro with all the snazzy info
Part 2 - Setup your second partition
Part 3 - Setup your first partition (sounds backwards, I know) -- you are here
Part 4 - Other cool stuff -- COMING SOON