Enabling Virtio drivers in kernel for running androidx86 on Openstack

Guest operating systems running on virtualised systems needs to cooperate with the underlying hypervisors when using virtualised resources.  Virtio is a set of standard for disk and network virtualisation that is required to be installed on instances that runs on Openstack. The default Androidx86 kernel does not come with these modules installed. Also, you have to edit the source code of Androidx86 OS to detect the virtualised block devices. Otherwise you will see a screen with "Detecting Android-x86... (continuous dots :s)".

This is what you will see in androidx86 debug mode:

If you do not want to compile the source and set it up yourself. I have already created the image for you. Download it from here.

1. First,  to compile the OS you have to initialise the build environment.  Follow instructions here.

2. Download and install the repo client using instructions here.

3. Download Androidx86 source from here.

4. Alter the kernel defconfig files in "kernel/arch/x86/configs/android-x86_defconfig"

and "kernel/arch/x86/configs/android-x86_64_defconfig" by adding following lines.

CONFIG_VIRT_DRIVERS=Y
CONFIG_VIRTIO=y
CONFIG_VIRTIO_PCI=y
CONFIG_VIRTIO_MMIO=m
CONFIG_VIRTIO_BALLOON=m
CONFIG_VIRTIO_BLK=y
CONFIG_VIRTIO_NET=m
CONFIG_VIRTIO_RING=m
CONFIG_VIRTIO_CONSOLE=m
CONFIG_HW_RANDOM_VIRTIO=m

5. To be able to detect virtual block devices, alter the "bootable/newinstaller/initrd/init" file. 

In line 124, Change

for device in ${ROOT:-/dev/sr* /dev/[hs]d[a-z]* /dev/mmcblk*}; do

to

for device in ${ROOT:-/dev/sr* /dev/[hsv]d[a-z]* /dev/mmcblk*}; do

6. Insert following lines to device/generic/x86/init.sh

#Force dhcp on eth0 interface.
netcfg eth0 dhcp
#Start SSH daemon at startup.
start-ssh 

7. Add follwing packages to PRODUCT_PACKAGES in device/generic/x86/packages.mk.

ssh-keygen
sshd_config
start-ssh

8. Then compile.

9. Install androidx86 OS onto a disk storage (dvi, vmdk, qcow2) .

10. To fetch the nova keypair, create fetchsshkeys script with following lines in /data/local/.

#!/system/bin/sh

# Fetch public key using HTTP
cd /data
wget http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key 
cat /data/openssh-key > /data/ssh/authorized_keys

chmod 0600 /data/ssh/authorized_keys
restorecon /data/ssh/authorized_keys

rm /data/openssh-key 

11. Make the script executable.

chmod 755 /data/local/fetchsshkeys

12. Call the script in /etc/init.sh file.

#Fetch ssh keys from openstack metadata service.
/data/local/fetchsshkeys

13. Upload the disk to Glance.

It should now detect /dev/vda1.

14. Create a virtual machine using the uploaded image. Your VM should get a private ip. (Make sure to specify a keypair)

15. You should be able to ssh into the androidx86 VM now.

16. To get get GUI, add "nomodeset" to grub.

Thanks to everyone helped me on this issue from Androidx86 mailing list.

Lunux/Ubuntu not booting up after the kernel update?

After I have upgraded to 2.6.38-9-generic kernel I got the following message and I have tried many thing but this is how I have solved the problem.

Gave up waiting for root device. Common problems:
-Boot args (cat /proc/cmdline)
-Check rootdelay= (did the system wait long enough?)
-Check root= (did the system wait for the right device?)
-Missing modules (cat /proc/modules; ls /dev)
ALERT! /dev/disk/by-uuid/310147a9-f21c-4e7c-aeb0-18f31073da58 does not exist. Dropping to a shell!

BusyBox v1.10.2 (Ubuntu 1:1.10.2-2ubuntu7) built-in shell (ash)
Enter 'help' for a list of built-in commands.

(initramfs)

Boot your computer and when the grub loader appears, select the linux version you use (to the rescue mode) and press 'e' to edit it.

Then remove the the UUID= part of the line from root=UUID=

Replace it with your current partition, so in my case it looks like

root=/dev/sda5

press +x to boot up with the changed settings

Then after you have logged in install fglrx module.

sudo apt-get install fglrx

Then restart.

Now this time select your linux version but this time not the rescue mode.

Then replace the UUID how you did earlier.

Done.

To permanently apply the settings to grub, you will have to edit the grub.cfg file

sudo vi /boot/grub/grub.cfg

Install and configure trac on Linux/Ubuntu 11.10

In this blog post I am going to explain about how to install 'trac' on linux. 'trac' is a nice project management tool which is written in python, that can be used to track your projects. And it is open-source :D (Win)

I am using 'trac' with 'git' revision control system, for my project. In my next blog post I will be explain how to use 'trac' along with 'git', using the 'GitPlugin'

 Ok, now if you follow the following instructions hopefully you will have a working 'trac' site.

Install 'trac'
   
Make sure you have the latest version of python installed, otherwise apt will install an older version of 'trac'

      sudo apt-get install python python-babel trac

Yes, apt may ask you to install few dependencies including apache2. So please install all of them.

'trac' uses SQLite as its default data store. So if you have not already got it installed. Then do the following

     sudo apt-get install sqlite3

It is possible to get 'trac' working with other database systems. If you are interested, click on the following URL.
http://trac.edgewall.org/

Upgrade python packages
   
There are two ways you can do this

With easy_install
 

 easy_install Babel

 easy_install Trac

or

With 'pip'
 

 pip install --upgrade Babel

 pip install --upgrade Trac

If you have not got pip installed, install pip as follows. Please skip this step if you were successfully able to do the previous step.

 sudo apt-get install python-pip

   

Now you have successfully installed all the software that you need to run 'trac'.
   
Configuration

  Change the directory locations as desired.

 Create a directory for 'trac'
 Then change it's access permissions.

sudo mkdir -p /var/local/trac && chown www-data: /var/local/trac

   
Initialise the 'trac' environment
 

 sudo trac-admin /var/local/trac initenv

   

Now create the configuration file using your favourite text editor. I use emacs.
 

 sudo emacs /etc/apache2/sites-available/trac

   

Paste the following code in to it.

       
<VirtualHost *:80>

 ServerName trac.local

        <Location />

           SetHandler mod_python

           PythonInterpreter main_interpreter

           PythonHandler trac.web.modpython_frontend

           PythonOption TracEnv /var/local/trac

           PythonOption TracEnvParentDir /var/local/trac

           PythonOption TracUriRoot /

           PythonOption TracEnv /var/local/trac

            # PythonOption TracEnvIndexTemplate /var/local/trac/templates/index-template.html

           PythonOption TracLocale en_US.UTF8

           PythonOption PYTHON_EGG_CACHE /tmp

           Order allow,deny

           Allow from all

        </Location>

        <Location /login>

          AuthType Basic

          AuthName "myproject"

          AuthUserFile /var/local/trac/.htpasswd

          Require valid-user

        </Location>

      </VirtualHost>

 Now you should have a working 'trac' instance. So check if it works.

      sudo tracd -p 8080 /var/local/trac

[-p] flag specifies the port that this particular 'trac' instance belongs to.
   
Note: the flag [-p] is same as [-port]

And then go to:

      http://localhost:8080/

Now you should see the 'trac' instance running.

Adding Authentication
   
Basic Authorisation

In this case we are going to authorise the 'trac' site with a .htpasswd file.

You have to have 'fcrypt' package installed to decode '.htpasswd'

Creating the '.htpasswd'

 sudo htpasswd -c /var/local/trac/.htpasswd admin

To add more users:

 sudo htpasswd -c /var/local/trac/.htpasswd admin

   
'htpasswd' creates the flat-file with the username and password that you are given.
[-c]  =  create the password file in the given path.

Start tracd:

 sudo -p 8080 --basic-auth="projectdirectory,path/to/the/.htpasswd,mname" /path/to/the/environment/directory

 In my case, it is

 sudo -p 8080 --basic-auth="trac,/var/local/trac/.htpasswd, admin" path/to/the/environment/directory

   

 Digest Authentication
   
 'htdigest' will be used to create the digest file.

 sudo htdigest -c /var/local/trac/.htdigest admin admin

  Now start 'trac' with 'tracd':

 sudo -p 8080 --auth="projectdirectory,path/to/the/.htpasswd, admin" /path/to/the/environment/directory

  So it will be,

 sudo -p 8080 --auth="trac,/var/local/trac/.htpasswd, admin" /var/local/trac

  If you have just one project in 'trac', then use the [-s] flag with the 'tracd', so it will skip the environment list when it starts.
      eg: sudo tracd -s ...........

There we go, we are done :D

Trouble Shooting Errors


If you get following error. It is most likely because of permission issues. So make sure you have given root access when you start your 'trac' instance.

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/trac/web/api.py", line 440, in send_error
    data, 'text/html')
  File "/usr/lib/python2.7/dist-packages/trac/web/chrome.py", line 827, in render_template
    message = req.session.pop('chrome.%s.%d' % (type_, i))
  File "/usr/lib/python2.7/dist-packages/trac/web/api.py", line 216, in __getattr__
    value = self.callbacks[name](self)
  File "/usr/lib/python2.7/dist-packages/trac/web/main.py", line 300, in _get_session
    return Session(self.env, req)
  File "/usr/lib/python2.7/dist-packages/trac/web/session.py", line 198, in __init__
    self.get_session(sid)
  File "/usr/lib/python2.7/dist-packages/trac/web/session.py", line 219, in get_session
    super(Session, self).get_session(sid, authenticated)
  File "/usr/lib/python2.7/dist-packages/trac/web/session.py", line 61, in get_session
    db = self.env.get_db_cnx()
  File "/usr/lib/python2.7/dist-packages/trac/env.py", line 328, in get_db_cnx
    return get_read_db(self)
  File "/usr/lib/python2.7/dist-packages/trac/db/api.py", line 90, in get_read_db
    return _transaction_local.db or DatabaseManager(env).get_connection()
  File "/usr/lib/python2.7/dist-packages/trac/db/api.py", line 152, in get_connection
    return self._cnx_pool.get_cnx(self.timeout or None)
  File "/usr/lib/python2.7/dist-packages/trac/db/pool.py", line 226, in get_cnx
    return _backend.get_cnx(self._connector, self._kwargs, timeout)
  File "/usr/lib/python2.7/dist-packages/trac/db/pool.py", line 146, in get_cnx
    raise TimeoutError(errmsg)
TimeoutError: Unable to get database connection within 0 seconds. (TracError(<babel.support.LazyProxy object at 0x22e47d0>,))

If you need more information, please go to http://trac.edgewall.org.

Set up Alpine to work with Gmail

To set up Alpine with Gmail, You have you to have Alpine installed on your computer. To set up Gmail, click here to go to my previous blog post which explains how to install it.

If you have got Alpine installed then, next

To receive emails from your gmail account:

Go to the Main Menu >> Setup >> collectionLists >> Add.


Nickname  : [Your Nickname]
Server        : imap.gmail.com/ssl/user=username@gmail.com
Path           :
View         :

Save your settings

You can add as many accounts you want if you press E and exit, then do the same.

Then you need to change few settings on it.

On Main menu > Set up > Config, find the "Advanced user preferences", Then mark "Save will not delete"

Then scroll down and find Pruning Rule and select "don't rename, don't delete"

To send emails using your gmail account :

Go to Main menu >> Rules and then Add a new rule.

    Add a Nickname
    In the Current Folder Type section, Select "Specific"
    Then select "Folder List" and press "T" and select the specific account folder(Inbox)
    Scroll down and find the section where it says "Action Begin here"
    Insert (Add) your email address to "Set Form" field
    Then to the "use SMTP" server section Add "smtp.gmail.com/tls/user="   (Without the quotes)
    Next Scroll down and find the "Compose Use" value and then select "With Confirmation"
    Then Exit
    You need to Add  a new rule per each account

Now you are ready to go!

Read/Receive and Send emails on the linux command line - Alpine/pine

I like to use my command line to do most of the work rather than using GUIs. So I wanted to be able read and send emails using the linux command line. After done much research I have found this free application called "Alpine" developed at the University Of Washington, which the earlier versions of it was called "Pine".

To download you can go to the official website by clicking the the URL below
http://www.washington.edu/alpine/

or if you are a Debian/Ubuntu user you can simply type in the command below

sudo apt-get install alpine

Currently I am using Alpine with my gmail account. I may be do a post about how to configure gmail on Alpine

Enjoy

Secure your Gmail/Google Account

      Are you confidant that your email account is secure anymore? You can never make anything 100% secure but, there are things you can do to make it more secure than it is.

     Gmail has introduced 2-step verification which protects your gmail account little bit more. I recommend that everyone who read this blog, should enable the feature.

To enable: Go to your Google account page and then click on the
                  "Using 2-step verification" And then follow the instructions

Make sure you read the instructions carefully and print out or keep the verification codes safely, which you will need to log in to your account when you haven't got your phone to get a verification code. Never loose them.

The other thing you could do to protect your Gmail account is that to always use HTTPS. To enable this feature.

Log in to your gmail account
Click on the Options symbol
Click on the General tab
Then click on the radio button which says "always use https", under "Browser Connection"
Save Changes

Surf Save!

Start Dradis in BackTrack 5

Back Track 5 comes with Dradis pre loaded already
But you might not be familiar with the way you start Dradis in BackTrack 5

To start Dradis:

Go to the dradis/server directory 

root@bt:~# cd /pentest/misc/dradis/server

Then run start.sh script in the dradis directory 

root@bt:/pentest/misc/dradis/server# /pentest/misc/dradis/start.sh

No Active Driver when you type in db_driver or db_connect?

Do you get the following error message when you type in db_driver on Metasploit console on BlackTrack5?

[*] No Active Driver
[*]        Available:

[*]     DB Support: Enable the mysql driver with the following command:
[*]                 $ gem install mysql
[*]     This gem requires mysqlclient headers, which can be installed on Ubuntu with:
[*]                 $ sudo apt-get install libmysqlclient-dev

[*]     DB Support: Enable the postgresql driver with the following command:
[*]                   * This requires libpq-dev and a build environment
[*]                 $ gem install postgres
[*]                 $ gem install pg # is an alternative that may work

msf >

And you have tried installing mysql driver but didn't solve the problem ?

This happens because when you start msfconsole by /pentest/exploits/framework3/msfconsole, it does not set the environment variables properly

So all you have to do is, start msfconsole using BT5 menu or by using /usr/local/bin/msfconsole

Problem With psexec (Solution)

I do my pentests on a Windows XP sp3 box and I had this problem, that I could not get psexec to work as I kept getting this error message.

[*] Started reverse handler on :4444
[*] Connecting to the server...
[*] Authenticating to :445|WORKGRO[*] Started reverse handler on 192.168.56.3:4444
[*] Connecting to the server...
[*] Authenticating to :445|WORKGROUP as user ''...

[-] FAILED! The remote host has only provided us with Guest privileges. Please make sure that the correct username and password have been provided. Windows XP systems that are not part of a domain will only provide Guest privileges to network logins by default.

[*] Exploit completed, but no session was created.UP as user ''...

[-] FAILED! The remote host has only provided us with Guest privileges. Please make sure that the correct username and password have been provided. Windows XP systems that are not part of a domain will only provide Guest privileges to network logins by default.

[*] Exploit completed, but no session was created.

That was because if your Windows XP Professional based computer is not in a domain, by default all users trying to log in to it over the network, are forced to use the Gust Account. To find out more information go to http://www.windowsnetworking.com/articles_tutorials/wxpsimsh.html

So the solution is to

Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
And change the ForceGuest value to 0

Done!