HOWTO TP Link TL MR3020 Pocket Router as Wifi Pineapple

PLEASE DO NOT FOLLOW THIS TUTORIAL TO SETUP YOUR DIY WIFI PINEAPPLE AS IT IS OUT-DATED AND NOT COMPLETED. A 100% WORKABLE AND SIMPLE TUTORIAL IS HERE.





Hardware



(1) TP-Link TL-MR3020

(2) SanDisk Cruzer Fit USB Flash Drive (8GB)



Software



(1) OpenWrt

(2) Wifi Pineapple Web Interface

(3) Wifi Pineapple (some of the configure, library and program files only)



Wifi Pineapple is created by Hak5. It is quite expensive device. It is also named as Jasager (in German). The meaning in English is "Yes Man".



Wifi Pineapple is the Wifi Access Point (AP) to answer “Yes” to all Wifi connection.



If a Wifi client is looking for the SSID of Macdonld the Pineapple (or Jasager) will reply “That’s Me!”. If another Wifi client is looking for an SSID of Starbucks, again the Pineapple will reply “Thats Me!”



From this stage you can attack WiFi clients and perfrom Man-in-The-Middle (MiTM) attacks on victims internet traffic!.



Now, we are going to make a custom Wifi Pineapple in a much cheaper price, e.g about $30-USD or less.



Step 1 :



To download the OpenWRT (Attitude Adjustment 12.09, r36088 - at this time of writing) :



If you are fresh install from the stock version of the TP-Link TL-MR3020 -

wget http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-factory.bin



If you are upgrade from the previous installed OpenWRT -

wget http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin



Configure your computer to static IP address :



IP address : 192.168.0.10

Gateway : 192.168.0.1



The default IP address of stock TP-Link TL-MR3020 is 192.168.0.254.



The username and password of the stock TP-Link TL-MR3020 are both "admin".



Go to the "System Tools" -- "Firmware Upgrade" to upgrade from the just downloaded .bin file.



Step 2 :



Once upgraded to OpenWRT, your devices IP address will changed to 192.168.1.1.



Then set the very STRONG root password at "System" -- "Administration".



To enable wireless at "Network" -- "Wifi".



To enable DHCP at "Network" - "Interfaces" - "Edit" - select "DHCP Client" and "OpenWrt".



Now, connect your ethernet cable to the TL-MR3020. Connect your computer to the TL-MR3020 via wifi and the SSID is "OpenWrt".



Once you get the IP address, such as 192.168.1.100, you can connect to the TL-MR3020 via ssh.



ssh 192.168.1.100 -lroot



Enter your just created very STRONG root password.



Install the following packages :



opkg update

opkg install kmod-usb-storage

opkg install kmod-fs-ext4

opkg install block-mount



Step 3 :



Format your USB pendrive (8GB) as ext4 and swap, e.g. 2GB for swap (sda1) and 6GB for ext4 (sda2).



Then insert the USB pendrive to the TL-MR3020. Execute the following command line by line.



mkdir -p /mnt/sda2

mount /dev/sda2 /mnt/sda2

mkdir -p /tmp/cproot

mount --bind / /tmp/cproot

tar -C /tmp/cproot -cvf - . | tar -C /mnt/sda2 -xf -

umount /tmp/cproot

umount /mnt/sda2



Step 4 :



/etc/init.d/fstab enable

/etc/init.d/fstab start



vi /etc/config/fstab



Change the content as the following :



config mount

        option target /

        option device /dev/sda2

        option fstype ext4

        option options rw,sync

        option enabled 1

        option enabled_fsck 0



config swap

        option device /dev/sda1

        option enabled 1



The following is the command for the vi if you do not familiar with vi :



i - go to the insert mode and ready for edit

Esc - exit from insert mode

:w - write the changes to the file

:q - quit the vi



Then type the following command to reboot the device :



reboot



Once it boot up again, you login to it via ssh.



To check if the USB pendrive is mounted as "/" or not :



mount

df



Then install any package that you like, such as :



opkg update

opkg install nano

opkg install htop

opkg install bash

opkg install netcat

opkg install tar

opkg install openssh-sftp-client

opkg install nmap

opkg install tcpdump

opkg install aircrack-ng

opkg install kismet-client

opkg install kismet-server

opkg install nbtscan

opkg install snort

# karma should be installed

opkg install karma

opkg install samba36-client

opkg install elinks

opkg install yafc

opkg install python

opkg install uhttpd

# at should be installed

opkg install at

opkg install ethtool

opkg install ettercap

opkg install macchanger

opkg install netstat-nat

opkg install reaver

opkg install sslsniff

opkg install sslstrip

opkg install wget

opkg install wput

opkg install curl

# libnids should be installed

opkg install libnids

# php5 and php5-cgi should be installed

opkg install php5

opkg install php5-cgi



/etc/init.d/atd enable

/etc/init.d/atd start

touch /var/spool/cron/atjobs/.SEQ



Step 5 :



Download the upgrade package of Pineapple to your computer, such as Ubuntu :



wget http://wifipineapple.com/index.php?downloads&downloadUpgrade=2.8.1



Install unsquashfs on your Ubuntu if you do not have it :



sudo apt-get install squashfs-tools



Extract the files from the upgrade-2.8.1.bin :



unsquashfs upgrade-2.8.1.bin



cd squashfs-root



Copy the following files to the TL-MR3020 via ssh :



Should disabled the "Wireless" at the Pineapple webpage before doing the following commands :



scp /home/samiux/test/squashfs-root/usr/sbin/wpad root@192.168.1.100:/usr/sbin



Make sure you restart the "Wireless" after done.



scp /home/samiux/test/squashfs-root/usr/sbin/hostapd_cli root@192.168.1.100:/usr/sbin

scp /home/samiux/test/squashfs-root/lib/wifi/hostapd.sh root@192.168.1.100:/lib/wifi



Step 6 :



Download the Pineapple Web Interface source code to /home/samiux/test/pineapple :



sudo apt-get install git

git clone https://github.com/WiFiPineapple/web-interface.git /home/samiux/test/pineapple



Replace the uncompatiable commands :



grep -lr -e ps auxww /home/samiux/test/pineapple/* | xargs sed -i s/ps auxww/ps/g

grep -lr -e ps aux /home/samiux/test/pineapple/* | xargs sed -i s/ps aux/ps/g

grep -lr -e ps -all /home/samiux/test/pineapple/* | xargs sed -i s/ps -all/ps/g



Then copy the directories to the TL-MT3020 via ssh :



scp -r /home/samiux/test/pineapple/ root@192.168.1.100:/



Download or copy the following files to "/home/samiux/test" :



/etc/config/dhcp :





/etc/config/firewall :





/etc/config/network :





/etc/config/uhttpd :





/etc/php.ini :





Then copy the following files to the TL-MR3020 via ssh :



scp /home/samiux/test/dhcp root@192.168.1.100:/etc/config

scp /home/samiux/test/firewall root@192.168.1.100:/etc/config

scp /home/samiux/test/network root@192.168.1.100:/etc/config

scp /home/samiux/test/uhttpd root@192.168.1.100:/etc/config

scp /home/samiux/test/php.ini root@192.168.1.100:/etc



Step 6a :



scp /home/samiux/test/squashfs-root/usr/sbin/autossh root@192.168.1.100:/usr/sbin/

scp /home/samiux/test/squashfs-root/usr/sbin/chat root@192.168.1.100:/usr/sbin/

scp /home/samiux/test/squashfs-root/usr/sbin/dnsspoof root@192.168.1.100:/usr/sbin/

scp /home/samiux/test/squashfs-root/usr/sbin/dsniff root@192.168.1.100:/usr/sbin/

scp /home/samiux/test/squashfs-root/usr/sbin/empty root@192.168.1.100:/usr/sbin/

scp /home/samiux/test/squashfs-root/usr/sbin/filesnarf root@192.168.1.100:/usr/sbin/

scp /home/samiux/test/squashfs-root/usr/sbin/macof root@192.168.1.100:/usr/sbin/

scp /home/samiux/test/squashfs-root/usr/sbin/mailsnarf root@192.168.1.100:/usr/sbin/

scp /home/samiux/test/squashfs-root/usr/sbin/msgsnarf root@192.168.1.100:/usr/sbin/

scp /home/samiux/test/squashfs-root/usr/sbin/sshmitm root@192.168.1.100:/usr/sbin/

scp /home/samiux/test/squashfs-root/usr/sbin/sshow root@192.168.1.100:/usr/sbin/

scp /home/samiux/test/squashfs-root/usr/sbin/tcpkill root@192.168.1.100:/usr/sbin/

scp /home/samiux/test/squashfs-root/usr/sbin/tcpnice root@192.168.1.100:/usr/sbin/

scp /home/samiux/test/squashfs-root/usr/sbin/urlsnarf root@192.168.1.100:/usr/sbin/

scp /home/samiux/test/squashfs-root/usr/sbin/update-usbids.sh root@192.168.1.100:/usr/sbin/

scp /home/samiux/test/squashfs-root/usr/sbin/webmitm root@192.168.1.100:/usr/sbin/



scp /home/samiux/test/squashfs-root/lib/librpc.so root@192.168.1.100:/lib/

scp /home/samiux/test/squashfs-root/lib/libuClibc-0.9.33.2.so root@192.168.1.100:/lib/



scp -r /home/samiux/test/squashfs-root/etc/chatscripts root@192.168.1.100:/etc/

scp -r /home/samiux/test/squashfs-root/etc/gcom root@192.168.1.100:/etc/

scp -r /home/samiux/test/squashfs-root/etc/usb_modeswitch.d root@192.168.1.100:/etc/



scp /home/samiux/test/squashfs-root/www/* root@192.168.1.100:/www/



Remarks :



The more simply way is to insert the USB pendrive to your computer and copy the said files to the USB pendrive from /home/samiux/squashfs-root or /home/samiux/test by using sudo command. However, you should make sure that you have completed up to Step 4.



Step 7 :



ssh 192.168.1.100 -lroot



Any upgrade/update from the Pineapple will brick your TL-MR3020, so you need to disable it.



touch index.php /www/

mv /pineapple/pages/upgrade.php /pineapple/pages/not-upgrade.php

touch /pineapple/pages/upgrade.php



Step 8 :



nano /etc/rc.local



hostapd_cli -p /var/run/hostapd-phy0 karma_enable



vi /etc/config/httpd.conf



Append the following :



/:root:$p$root



Reboot the TL-MR3020 :



reboot



After boot up, point your browser to the following url :



http://172.16.42.1:1471



Enter username as "root" and password as your very STRONG root password.



The SSID is "OpenWrt".



Step 9 (Connectivity) :



The following is one of the ways to use the Pineapple (TL-MR3020) by the way of tethering :



Connect your laptop to internet via wireless or 3G.



Set Wired Connection at the Network Manager of the Ubuntu to :



Uncheck Connect Automatically at the wired connection of Network Manager of Ubuntu.



Then connect the CAT5/5e/6 cable to the Pineapple and your laptop.



At the laptop, download the script.



wget http://wifipineapple.com/wp4.sh

chmod +x wp4.sh

sudo ./wp4.sh







The source code of wp4.sh :







Now, your computer (laptop) can access internet and also can access the TL-MR3020. Victims can also access the internet when they connected to your Pineapple.



Once you want to reset what wp4.sh set, you need to run the following script that is created by me.



sudo ./killwp4.sh







Step 10 (Optional) :



The following is one of the ways to use the Pineapple (TL-MR3020) with router or alike :



Change the content of the file "/etc/config/network" to the following :



If your router (such as mobile phone with tethering function) IP address range is 192.168.1.x, you can change the IP address of TL-MR3020 to 192.168.1.10 and the gateway as the gateway of your router (such as mobile phone) :



option ipaddr 192.168.1.10

option netmask 255.255.255.0

option gateway 192.168.1.1

option dns 8.8.8.8



Important



There are TWO important things you should NOT do, otherwise, you will brick the TL-MR3020. They are :



First - Do NOT upgrade the OpenWrt;

Second - Do NOT upgrade the Pineapple in the normal way.





Known Issue



After several days struggle in setting up TP-Link TL-MR3020 Pineapple, I try to test the Karma function. However, I have some problems on it.



For the Karma, I expected that the rouge access point that making by Karma will accept all connections from the nearby victim devices when they are turning on their wifi and looking for their desired networks. However, my TP-Link MR3020 does not working as I expected.



How it does not work?



I have a WPA2 CCMP encrypted access point and her SSID is HelloWorld. My DIY Pineapples Karma SSID is OpenWrt without any encryption (open).



When I create a new network "OpenWrt" on my Android phone, my phone does not connect to the OpenWrt but connected to HellowWorld instead as I connected to it before.



Secondary, I need to connect to OpenWrt manually. I disabled the wifi function on my phone and then enabled it again. My phone will connect to the OpenWrt automatically even I have connected to Helloworld before.



Thirdly, even the HelloWorld is turned off, my phone cannot connect to OpenWrt automatically if it is not connected to it before.



My questions are :



(1) How can the Karma on my DIY Pineapple to pick up all the connections from the nearby victim devices even they do not connect to my Pineapple SSID manually?



(2) Do I misunderstand the function or feature of Karma? Or, my DIY Pineapple is not working properly only?





Reference



Blue for the Pineapple

The beginners guide to breaking website security with nothing more than a Pineapple

Getting Started with the Wi-Fi Pineapple IV (Video)

Security4Plus Youtube Channel (Video)

How To: Configure a WiFi Pineapple For Use With Mac OS X (Video)

The Wifi Pineapple Book - Free Download



Thats all! See you.

Read More..

HOWTO High Performance IDS IPS with SmoothSec 3 2

Since the previous setup (HOWTO) of SmoothSec are not perfect, I am going to use AF_PACKET as packet acquisition engine. In this setting, you are required to have at least 3 network interfaces, one for the management purpose.



As AF_PACKET has high performance, even the very low-end hardware is benefited. The following setup is ideal for home/SOHO environment.



(A) Hardware



Motherboard - Intel Desktop Board D510MO

CPU - Intel Atom D510 (2-core with HT)

RAM - 4GB (2 x 2GB)

Hard Drive - 320GB

Network Card 0 (eth0) - Onboard Gigabit

Network Card 1 (eth1) - TP-Link TG-3269 Gigabit PCI Network Adapter (with low profile)

Network Card 2 (eth2) - D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter (up to 200MB)



(B) Software



Operating System - Debian 7.0 (Wheezy)

IDS/IPS pre-configure system - SmoothSec 3.2 (64-bit)

IDS/IPS Engine - Suricata

Spooler - Pigsty

Web Interface - Snorby

Rules Management - PulledPork



(C) Setup



Internet -- Router -- SmoothSec -- Switch -- Personal Computers



The SmoothSec will monitor all the incoming and outgoing traffic between router and the switch.



Step a - Cable connection :



First of all, SmoothSec (Network Card 2) is connected to the Switch while Network Card 0 and 1 do not connect to the router at the moment. It is because you need to access the internet for the SmoothSec installation.



Step -1 - Installation of SmoothSec :



Install SmoothSec as usual or refer to SmoothSec Wiki. When you are prompted to install non-free network interface firmware, you just ignore it. It is because Debian missed some firmware for Realtek 8169. After the installation, reboot the box as advice. The username is "root" while the password is "toor".



Step 0 - Install the missing packages :



apt-get install ethtool postfix fail2ban openjdk-7-jre



If you want to use Postfix as mail server for the Snorby report, you should install it and configure it after the install. For the configuration of Postfix, you may ask Google if you do not know how to.



Make sure you select "Internet Site" when installing Postfix.



You may consider to install fail2ban to protect your ssh connection inside the network.



To improve the SmoothSec :



apt-get --purge remove arpwatch

apt-get install arpalert

cd /etc/arpalert/

mv oui.txt oui.txt.old

wget http://standards.ieee.org/regauth/oui/oui.txt



Step 1 - Get new Linux Kernel :



In order to install a high performance IDS/IPS, you need a newer kernel that the version should be 3.7 or greater.



apt-cache search linux-image



To look for Linux Kernel version that is greater than 3.7. If not, just add the following repos :



nano /etc/apt/sources.list



Append the following line (the address of the source may be different from yours, but it must be "unstable" :


deb http://ftp.us.debian.org/debian/ unstable main

deb-src http://ftp.us.debian.org/debian/ unstable main



Then look for Linux Kernel version that is greater than 3.7 :



apt-get update



I select the version 3.10 :



apt-get install linux-image-3.10-2-amd64 linux-headers-3.10-2-amd64



When you are asked to restart some services when install, just reply "yes".



You will be warned for some firmware missing, just ignore it. It is because Debian do not has some firmware for Realtek 8169. Anyway, it is harmless.



After the new kernel install, comment out what you added in "/etc/apt/sources.list". This step is VERY IMPORTANT as the newer version of Apache (2.4.x) and Perl will break the Snorby and PulledPork, the web interface of the SmoothSec and rules management tool.



Then reboot the SmoothSec and select the new kernel when it is available.



Step 2 - Configure Suricata :



nano /etc/suricata/suricata.yaml



Locate "#- delayed-detect: yes" and replace with "- delayed-detect: yes".



Locate "- fast:" and replace "enabled: no" with "enabled: yes".



Locate "- drop:" and replace "enabled: no" with "enabled: yes".



Locate "af-packet:" and replace "threads: 1" with "threads: 4". Or, the number of core of CPU you have.



Locate "#checksum-checks: kernel" and replace it with "checksum-checks: kernel".



Locate "#copy-mode: ips" and replace it with "copy-mode: ips".



Locate "#copy-iface: eth1" and replace it with "copy-iface: eth1".



Add "buffer-size: 64535" just below "copy-iface: eth1".



Locate "- interface: eth1" and replace "threads: 1" with "threads: 4". Or, the number of core of CPU you have.



Add the following lines just below "# disable-promisc: no" :



buffer-size: 64535

copy-mode: ips

copy-iface: eth0

use-mmap: yes

checksum-checks: kernel



Locate "rule-files:" and add "- local.rules" just below "- emerging.rules".



touch /etc/suricata/rules/local.rules



nano /etc/init.d/suricata



Locate "/usr/local/bin/suricata --user suricata -c /etc/suricata/suricata.yaml -i $INTERFACES -D" with "/usr/local/bin/suricata --user suricata -c /etc/suricata/suricata.yaml --af-packet -D"



There are 2 entries, you should replace them all.



Step 3 - Time Zone :



Make sure your SmoothSec is UTC no matter your time zone is. It is because, Snorby is only working on UTC. Otherwise, the timestamp of Snorby will be wrong.



To check time zone of SmoothSec :



date



If the time is not UTC, you need to change back to it :



dpkg-reconfigure tzdata



Set the time zone to "UTC" at "None of the above".



Step 4 - Configure email feature of Snorby :



If you installed Postfix, configure it properly according to your network at "/etc/postfix/main.cf".



nano /var/www/snorby/config/initializers/mail_config.rb



Then uncomment the lines just below "#Sendmail Example:". Or, refer to the SmoothSec Wiki for the installation.



Step 5 - Configure network interfaces :



Make it looks like the following. Make sure your eth2 has your IP "address" and "gateway" instead of "192.168.2.180" as it is an example only :



nano /etc/network/interfaces



# The loopback network interface

auto lo

iface lo inet loopback



auto eth0

iface eth0 inet manual

   up ifconfig eth0 0.0.0.0 up

   down ifconfig eth0 down

   post-up ethtool -K eth0 gro off



auto eth1

iface eth1 inet manual

   up ifconfig eth1 0.0.0.0 up

   down ifconfig eth1 down

   post-up ethtool -K eth1 gro off



# The primary network interface

#allow-hotplug eth2

#iface eth2 inet dhcp

auto eth2

iface eth2 inet static

   address 192.168.2.180

   netmask 255.255.255.0

   gateway 192.168.2.1



* Please note that ethtool is used as the Realtek network interfaces will produce error when working as AF_PACKET method.



Error messages when doing debugging with "suricata -c /etc/suricata/suricata.yaml --af-packet" :



[ERRCODE: SC_ERR_SOCKET(200)] - Sending packet failed on socket 10: Message too long

[ERRCODE: SC_ERR_INVALID_ACTION(142)] - Unable to release packet data



Step 6 - Configure SmoothSec :



Run the following script to setup SmoothSec :



smoothsec.first.setup



Type "eth0" when asks for the monitor interface. Enter "192.168.2.0/24" when asked for the network. Please note that the address here is an example only. When asked for Intrusion Detection Engine, you type "2" for Suricata. The email address and password asked are for the login purpose of Snorby (web interface).



Step b - Cable connection :



Connect Network Card 0 to the router and Network Card 1 to the switch. Network Card 2 connect to the switch.



When done, reboot the SmoothSec.



Step 7 - Browse Snorby :



You need to wait for several minutes before you can connect to the internet as Suricata need some time to do with the rules.



Open your browser and enter the following url :



https://192.168.2.180



Accept the certificate and wait for about a minute the Snorby will show up.



Step 8 - IPS Setup :



Now your SmoothSec is running as IDS (Intrusion Detection System) and it will not block or drop any malicious traffic.



To configure the SmoothSec to running as IPS (Intrusion Prevention System), you need to :



nano /etc/pulledpork/suricata/dropsid.conf



Append the following :



pcre:MS(0[0-9]|1[0-9])-d+,bugtraq:d+,cve:20[0-9][0-9]-d+



So, you will drop/block any malicious traffic that match the vulnerabilities in the vulnerability reports, such as cve and bugtraq as well as Microsofts. Meanwhile, you can add your own rules in "/etc/suricata/rules/local.rules". Make sure to run "smoothsec.suricata.rules.update" after your add them.



You may want to disable some rules :



nano /etc/pulledpork/suricata/disablesid.conf



Append the following :



1:2210000-1:2210049



It will disable the rules serial 2210000 to 2210049. A total of 50 rules to be disabled.



After done, run the following script :



smoothsec.suricata.rules.update



* Please also note that you are required to wait for several minutes before you can connect to the internet as Suricata requires some time to do with the rules.



(D) Troubleshooting



(1) In case you find there is no GeoIP information on the events, you should check if the file "snorby-geoip.dat" in /var/www/snorby/config/ or not. If not, just download it, please follow the below commands. If the file does not exist, that mean you cannot connect to the internet when installing Snorby.



cd /tmp/

wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz

gzip -d GeoIP.dat.gz

mv GeoIP.dat snorby-geoip.dat

chown www-data:www-data snorby-geoip.dat

cp snorby-geoip.dat /var/www/snorby/config/



(2) In case you do not capture the events, you should make sure the correct interface name (such as eth0, eth1 and eth2) are connected properly. You should examine the MAC address of the Network Card to determine the correct interface name.



(E) Performance



The SmoothSec is installed on a low-end hardware (Intel Atom D510 CPU with Realtek Gigabit NICs). It is also behind a router, which is running Untangle (Intel Atom D510 CPU with Realtek Gigabit NICs). Untangle is an UTM (Unified Threat Management System) which can block some malicious traffic (but a few only). The switch is D-Link DGS-1008D (Home) Gigabit switch.



To test the performance, I am watching a youtube at 1080p on PC-1 (via wifi), watching a youtube at 720p on PC-2 (via wifi) and watching a youtube at HD on Android smartphone with wifi. The result is very smooth without any lagging for all the devices.



The CPU loading for the test is below 4.x and memory used is below 3GB.



AF_PACKET is ideal for IDS/IPS implementation when you have a very low-end hardware.



(F) Limitation



Since SmoothSec 3.2 is build on Debian 7.0 (Wheezy), the system will be broken when you upgrade to Sid (Unstable). The newer version of Apache (2.4.x) and Perl will refuse to run due to error. Therefore, when you installed the newer kernel (for AF_PACKET purpose), make sure you comment out the repos that you added in order to prevent the system upgrade to the Sid (Unstable) by accident.



Another limitation is that you are requested to have at least 3 NICs for IDS or IPS.



One more limitation is the Snorby cannot show the dropped traffic at the moment.



Known Issue



Pigsty will crash randomly. As a result, no capture in Snorby. The problem has been reported, see here. --> The workaround is to run a testing bash script on every 5 minutes to start Pigsty again.



nano /root/chkpigstylog



#!/bin/bash

# Check if "Error: " in pigsty.log or not. If yes, start Pigsty again.

STRING="Error: "

if grep -R "$STRING" /var/log/pigsty.log

then

   /root/runpigsty

fi



nano /root/runpigsty



#!/bin/bash

/usr/local/bin/pigsty -c /etc/pigsty/suricata.pigsty.config.js -i eth0 -n "Suricata" -d /var/log/suricata/ -m unified2.alert.* -D



crontab -e

*/5 * * * * /root/chkpigstylog



Update



Developers just fixed the problem. You just upgrade the Pigsty with the following command :



npm update pigsty-mysql -g

npm update pigsty -g



Thats all! See you.

Read More..

HOWTO Hashcat on Ubuntu Desktop 12 04 LTS

hashcat is an advanced password recovery.



Step 1 :



sudo apt-get install p7zip



sudo -sH

cd /opt



wget http://hashcat.net/files/oclHashcat-plus-0.14.7z



p7zip -d oclHashcat-plus-0.14.7z



mv /opt/oclHashcat-plus-0.14 /opt/oclHashcat-plus

cd /opt/oclHashcat-plus



Step 2 :



To run it. If you have nVidia display card and CUDA drivers installed, you can run the example script.



sudo -sH

cd /opt/oclHashcat-plus

./cudaExample0.sh



Thats all! See you.

Read More..