Quantcast
Channel: WeakNet Labs
Viewing all 38 articles
Browse latest View live

WEAKERTHAN LINUX 7 BETA 2 Release

May 14, 2016, 11:47 am
$
0
0

Huge UI improvements

Launcher

The launcher is a simple search and find application that should handle all found files appropriately. I coded it in a way that should either open files or open their location. Keep testing and let me know if you find any bugs or think of any way I can improve it!


To start the launcher, simply hit the Windows key on your keyboard (SuperKey LEFT, or RIGHT), or hit the new Launcher icon in the dock with the orange dots!

Installation / ISO Tools

The installation / ISO Utilities that I made were from the old code-base of Tony's Remastersys. I had to make a bunch of heavy changes due to the changes that were made in the newer kernel/Debian LINUX system, so after a while of editing his code, I just decided to code my own. The ISO creation process using XORRISO, and the installer simply sets up the system disks, copies the files with RSYNC, installs GRUB2 and then installs the latest Linux kernel from the repository.

USB Vs. VMWare

Again, if you look at the way I make the ISO, using my own custom tools, I make it as a "hybrid" ISO which should be bootable and work fine from a USB drive. Try using Disk Damager to put the ISO onto the USB drive. I do, however have the VMWare tools daemon and drivers installed into the ISO for anyone looking to use use it along side of their current OS. VMWare player is FREE to use from VMWare.

Download

These links bypass CloudFlare and go directly to my host, so there should not be any issues across the sea or via proxy. Download ISO (2.0GB)
Download MD5 (33k)

~Douglas
Search

Digital Credential Analysis Update

June 7, 2016, 11:51 am
$
0
0


I was inspired by the LinkedIn news lately to update the paper with math, terms, and references. If anything is incorrect, please let me know and I'll change it.

~Douglas

Updating Weakerthan Linux 7

July 1, 2016, 5:07 am
$
0
0

WT7-Updater

From this point on, you can update your base version of WT using my new tool found here: GitHUB - WeakNetLabs WT7-Updater. When I initially develop a new ISO, I intend to have it tested and simply ran along-side of your current OS either in VMWare or on a USB flash drive, at least until the development is finished, but I got a huge amount of requests via FB/Twitter/Google+/Email/etc for an updater script so I decided it was time to start writing one.


Install

cd /tmp/ && git clone https://github.com/weaknetlabs/wt7-updater
cd wt7-updater
./update-wt7.sh

This tool will:
  • install the updater tool into /usr/local/sbin/
  • check the file /etc/wt-version, if not there create one with "7.0"
  • check the latest version on my server
  • then download any necessary updates after prompting the user


Screenshot: WT7-Updater tool updating WT7 from 7.1 to 7.5



Screenshot: After updating to 7.5, the installer will be available in the desktop menu.

What gets updated in 7.5?

The features list will be shown or each update attempt after update 7.5. in 7.5 you will get:
  • OS and all General Applications updated to latest version in Debain repositories
  • All penetration testing tools in /pwnt updated using their respective git repositories
  • Metasploit/All Ruby gems updated, including bundler
  • Grub2 gets updated and new splash screen, if this is not working, run vbeinfo from Grub2 to see your available resolutions.
  • New UI design updates/Thank You also updated
  • New tools added to the Penetration Testing and Reverse Engineering menus
  • OS tweaks for init scripts
  • Development cruft removal from FS
  • WBAR updated and stored on remote server for future updates


Screenshot: 7.5 Update to Grub2; image, theme, and 1024x768 resolution!

To see the full script that get's downloaded you can just download it here: https://weaknetlabs.com/linux/update-wt/7.5.txt. Well, I hope you enjoy the update process and if you hit any snags PLEASE comment here, email me, or even make a ticket in GitHUB for the project (preferred) :)

~Douglas

WT7 Updater Stable

July 11, 2016, 7:09 am
$
0
0

WT7 Updater Tool

The WeakerThan Linux 7 updater tool is now stable. I have even written a script that will download the latest version of the installer tool, install it into the desktop menu, and even run the first update after getting the user's consent. To run the script simply do the following from the command line:

root@wt7-Linux:~ # wget https://weaknetlabs.com/linux/update-wt/wt7-update-init.sh
root@wt7-Linux:~ # chmod +x wt7-update-init.sh
root@wt7-Linux:~ # ./wt7-update-init.sh

WT Update 7.6



This is is the largest tools update I have done thus far (including during ISO development!). Here is a list of some of the tools that get installed:
  • DynamoRIO - https://github.com/DynamoRIO/dynamorio
  • DynStruct - https://github.com/ampotos/dynStruct
  • BURP Suite - https://portswigger.net/burp/
  • ExploitPack - http://exploitpack.com/
  • MimiKittenz - https://github.com/putterpanda/mimikittenz
  • Faraday - https://github.com/lostisland/faraday
  • EvilGrade - https://github.com/infobyte/evilgrade
  • Arachni - https://github.com/Arachni/arachni
  • PWNat - https://github.com/samyk/pwnat
  • Mallory - https://github.com/intrepidusgroup/mallory
  • SSLyze - https://github.com/iSECPartners/sslyze
  • Go lang - https://golang.org/
  • TLS Prober - https://github.com/WestpointLtd/tls_prober
  • MetaGooFil - https://github.com/laramies/metagoofil
  • PWN Tools - https://github.com/Gallopsled/pwntools
  • Pyew - https://github.com/joxeankoret/pyew
  • Mass Scan - https://github.com/robertdavidgraham/masscan

The update also includes an OS (Debian) update, UI tweaks, and all tools in /pwnt/ are updated. The update tool will randomly change your desktop wallpaper, but this is just to show that the update has been applied and is not permanent. If you do anything to X, such as change resolution or restart it, your original wallpaper is returned. One part I really enjoy about development for WT is the art. The screenshot above and the wallpaper that comes with the WT-7.6 update was a (huge) poster image that I made. I have also updated the Thank you app and if you get a chance, check out the theme song I made in the app! It's the self-titled track from my CD "Unsolved Mysteries" :)

If you want anything added to future updates, please send me an email WeakNetLabs~[@]~Gmail and I will do my best to get it added. I want to finish writing Entify-PM the package manager that works with apt for InfoSec tools, and this is a big step in that direction.

~Douglas

Weakerthan Linux 7 Update 7

August 16, 2016, 6:16 am
$
0
0

Verion 7.7! This is a big update! In this new Update the following tools are added:

SMBCrunch, HashTag, Miranda-UPNP, DMitry, WOL-E, American Fuzzy Lop, WMI Ops, AD Enumerator, Faraday (Update), EyeWitness, and Egress-Assess


The UI and Debian OS will also be updated as well. Again, to use the WT7-Updater, please check out this post and full tutorial: http://www.weaknetlabs.com/2016/07/wt7-updater-stable.html I have made the process as simple as possible, and after the first run, you can simply run it from the desktop menu!



~Douglas

Welcome 2017 - WeakerThan LINUX 8 (x86_64)

February 22, 2017, 7:44 am
$
0
0
Hello, and Happy Birthday to me. WeakNet Labs turned 10 years old today. I started up this idea at the end of January of 2007. My goal was to produce software and security theory results, practice, and testing for communications. Back then, my "lab" was a bit "dated", but none-the-less, a happy place. The name "WeakNet" came from how weak my hardware and network was at the time - now it's non-existent to myself and primarily colo or VM. I only added "Labs" after I started getting hardware in the mail from followers of my YouTube and friends at PhoneLosers.org. As the years moved on, so did my hardware, resources and free time. These days, I focus primarily on WeakNet Academy course materials and WeakerThan LINUX releases and updates.

In the last ten years, I consider WNL's best work and accomplishments to be whatever I am currently working on. So, it's a good morale to feel as though it's always moving forward. Also, over the years, by biggest request seems to be for a 64 bit version of WeakerThan LINUX. So I decided to work through and out all of the impediments and kinks in my scripts for constructing the ISOs to support 64 bit Debian LINUX. Here is a working (ALPHA) result teaser with a completely updated UI that I plan on releasing as ALPHA in the near future.
WeakerThan LINUX 8 will be the standard and supported version of the OS and it's UI upon release - which I don't have a date yet for, so stay tuned to my Twitter! Since it's 64bit, I can include cool open source software into the ISO, like Google Chrome and GitHub's Atom editor. (Also, I am ALWAYS taking suggestions and input for included tools via email!) The theme is based off of a new theme that I had made for another side project that I am currently Working on; a security information and event monitor (SIEM) for Apache2 web-based attacks and exploit attempts and analysis called LAAVA Analytics:
This is a mobile-friendly, MVC/JS/WS written web-based application which takes Apache2 log data directly from MySQL and using several JS libraries creates charts, maps, and has a lot of cool functionality built right into it for record keeping, reporting, and monitoring purposes. I even coded and built-in my own resource gathering tool for the Tor check service exhoneraTor.
LAAVA - Log Access And Vulnerability Analysis Tool. There is no release date for this tool. It started out as a proof of concept and then got so involved that it became a project that I wanted to use for a paid service from WeakNet Labs. The details involved in such an endeavor, as one could imagine, are not without requiring a bucket the volume of an ocean. And, it seems, things that are large, cost lots of money. So, taking on this project alone - along with WeakerThan LINUX and WeakNet Academy has made my production a lot slower than usual over the last year or so.

I am also currently writing the sequel to RAIDING the Wireless Empire when I find the time and inspiration. Also, I have a book on Assembly Programming with NASM (X86) from my WeakNet Academy course material that is edited and ready but was stalled from a wicked illness that I endured - probably the worst of my lifetime thus far. In fact, my wife calls 2016 "the year of the sinus infection." So, yeah, welcome 2017. Please be nicer to me that 2016 was!? I just completed the Certified ScrumMaster training and exam, so I plan on breaking all of these projects down by priority and into smaller pieces to work more efficiently on them. Apparently one of the reasons of my slow progress for releases is my inability to multitask! ;)

Anyways, thank you for all the feedback, support and donations over the years.

It's a long and winding road.

~Douglas

Notes from the Cyber War Front - Alper Başaran

March 3, 2017, 6:58 am
$
0
0
I received a book in the mail at my office by someone whom I had inspired!

It had a friendly note tucked neatly inside and an acknowledgment was printed in the book itself, along with one of my own, all-time, inspirations - John Draper (WikiPedia),

"Notes from the Cyber War Front" (Amazon) by Alper Başaran (LinkedIn).
It's in Turkish and, unfortunately, I can't read it. I will have to eagerly await for the English translated/electronic version. Honestly, though, I was taken aback by this unbelievable surprise. Thank YOU Alper Başaran! I certainly wish your book a far greater success than my own! :D
  • Title: Siber Savas Cephesinden Notlar (Turkish) Paperback – 2016
  • Paperback
  • Publisher: Arion Basim Yayin (2016)
  • Language: Turkish
  • ISBN-10: 6059366023
  • ISBN-13: 978-6059366021


~Douglas

Digital Credential Analysis (Mathematical Analysis)

July 26, 2017, 5:17 pm
$
0
0

Digital Credential Analysis (Mathematical Analysis)

Here is a new document for the analysis of Digital Credential Analysis (passwords mainly) strength for both penetration testers and system's analysts/devOps/sysOps. This idea can be applied to cracking passwords or even deciding on a solid password policy for your organization.

If I have any errors, please let me know and I'll correct them and give credit in the updated document.

Free Music Track as a "Thank You"

Here is a song titled "1985" that I made a while back for my album "Unsolved Mysteries" that you all can check out on Amazon.com.


Thank you for support WeakNet Labs! 
~Douglas
Search

WeakNet LINUX 8 CAFFEINE (x64)

February 19, 2018, 10:56 am
$
0
0
Today I can finally release the latest WeakNet LINUX Debian release, Caffeine x64, confidently after spending a lot of time testing and retesting the ISO, my updater tools, and even my own installer and app launcher. Please make sure to run the ISO in a virtual environment (Download VMWare Player from my site) or from a USB drive (install using Rufus). I do have VMWare tools installed for changing the resolution, sharing clipboards, and mounting shared drives. I cannot stress this enough as I cannot commit time to hardware/UEFI/BIOS Debian/hardware issues for every kind of machine. The ISO is made using my own custom Debian ISO creation process which I use the hybrid ISO options for booting for UEFI and for USB using the ISO itself.

Also, there is already a new update for the ISO in place and ready. My update scripts are now located and versioned at GitHUB. The updater script will pull down the latest source before running each time and run from /usr/share/wnl. You will need to keep the terminal window open during the duration of the updates as some questions/ input will be asked by services such as postgresql for the Armitage installer.



To download a copy to give it a test-run, hit up my new WeakNet LINUX page here.

If you come across any impassable / functional issues, or if you require any special hardware's firmware added into the live ISO, please send me an email!

Thank you! ~Douglas

WeakNet LINUX 8 Update and Setup Tutorial

March 1, 2018, 11:54 am
$
0
0
Today, I found a BUG in the installer - which I have updated in GitHUB - that was destroyinig the amd64 Debian kernel. All updates are not versioned in GitHUB - with exception to the update scripts themselves per-rev which live here on my server. The updater tool simply checks the version and updates the OS using my server scripts. Please download the new ISO in the LINUX page before following along with the video tutorial. If you'd like to see new tools in the WIP rev2 update, please comment here, or on FaceBook.



Thanks! ~Douglas

WeakNet LINUX 8 - Update #4

April 2, 2018, 6:42 am
$
0
0
Pentest with the Deep Ones after the newest update to WeakNet LINUX!


This update is ALL about digital forensics! The tool updates are:

1. GDB installation
2. NASM installation
3. Payloads All the Things (GitHUB)
4. PWNGitManager (GitHUB)
5. Th3inspector (GitHUB)
6. Grip (PIP)
  a. Custom Grip script (WeakNetLabs)
7. S3 Bucket Scanner (GitHUB)
  -- 8. -- REMOVED ezXSS (Broken as of 3.26.2018)
8. The SleuthKit (GitHUB)
  a. libewf_64bit
  b. afflib0, afflib-dev (Debian APM)
  c. MagicRescue (Debian APM)
9. Volatility (http://www.volatilityfoundation.org)
10. Bulk Extractor
11. ExifTool (https://sno.phy.queensu.ca/~phil/exiftool/)
12. Xplico (http://www.xplico.org)
  a. libmysqlclient20
13. wFuzz
14. Commix (GitHUB)
15. dirsearch (GitHUB)
16. Hashcat (Hashcat.net)
17. DNSRecon (GitHUB)
18. SecList (GitHUB)
19. Dislocker (GitHUB)
20. NetData (my-netdata.io)
21. VMWare Tools reconfigure and BUG fixes
22. XProbe2
If you want to see something really cool, check out Administration->NetData in the Desktop menu! A special thanks to @Yas3r for pentesting tool suggestions! The Deep Ones wallpaper is art I have made for my upcoming board game, "Madness & Beyond."

~Douglas

WeakNet LINUX Update #6 - HUGE

April 25, 2018, 10:03 am
$
0
0

Updating Your VMs



This update could not have come at a sooner time! :) If you have an installed VM, I highly recommend deleting it from disk and start anew. I mean, that's the beauty of virtualization, amirite? But, some won't like that, and if you are one of those folks, just a warning - you may have to run the updater tool from the command line as so,

wnl8:~# wnl-update.sh

Thank you @Yas3r for the report on this issue. What I did was, retroactively went back through the previous updates, 1-5, and fixed some of the bugs there too. That's why I recommend doing this update from version 1. I have tested this update process, starting from 1 and going to 6, 4 times now and I have not hit any snags. If the OS updater tool that I made fails, it will not write the current version to your FS in /etc/wnl/version and thus can be executed again. This was done purposefully for those with unstable internet connections, etc.

Theme and UI Changes

The Theme was completely revamped for the UI. I structured it better and made things slightly smaller for screens with higher DPI. Alos, the bigger menu padding and window buttons accommodate touch screens a lot nicer. After running this update, you will also have to run, Desktop Menu->UI Config->Restart UI for the new UI to take effect. I am unsure how to do this programmatically using Fluxbox without killing it and couldn't find good documentation on it. Here is a close up image of the new Menu Theme,








You can click on any image above to view it in full size.

Change/Update Log

The updates include the following,
  • GetMalIPData (WeakNetLabs / GitHUB)
  • GoPhish Phishing Framework (GitHUB)
    • Startup script (WeakNetLabs)
  • Flasm
  • Random BUG fixes for dependencies
  • Binwalk
  • Radare2
  • Crunch
  • OWASP-ZSC
  • Vulners-Agent (GitHUB)
    • WeakNet Labs start-vulners script
  • VNC Viewer
  • IRSSI Startup Script
  • MITMF (GitHUB)
  • Removed menu referenece to "Bulk Extractor" as it is broken.
  • Credgrap_IE_EDGE PS1/Post exploitation script (GitHUB).
  • Frida (Reverse Engineering / Info Sec Tools) (PIP).
  • Credking (GitHUB)
  • tInfoLeak (GitHUB)
  • Bandit Python Secure Code Analysis Tool (PIP)
  • Slack Communication Tool (slack.com)
  • UI updates
    • Icons
    • Theme
    • Pixmaps
    • Menu
    • Updated Power Management Application
  • HUGE amount of BUG fixes!!


Thank you for your Support

The amount and utility of resources that I pack into these updates is crucial to WeakNet LINUX's success. Now, with that being said, I need to hear from more of you all about new tools, tools that you use every day for Information Security related tasks, and UI/UX suggestions to keep this project on top and of the highest quality. I am currently working on a few other small projects in my GitHUB as well that I want to integrate into the distribution's updates, including tools that I use / require on a daily basis as an information security engineer.

I am only one single dude on this entire project and I have little free time lately. So, please, if you enjoy the project - be patient with me and consider writing reviews online or telling your colleagues and hacker friends where this distribution lies among the rest for penetration testing! The only thing I ask in return is simply spreading the word of this OS so we can gather even more feedback and build it even better in updates, ISO, or future releases!

I really want to make a new splash page for WeakNet LINUX and remove the downloads and pages from this web blog site as soon as I can. I will be hosting the pages myself and it will have a stronger, more professional presence with goals, missions, etc outlined in a much clearer manner. So, stay tuned to my FaceBook and Twitter feeds (can be found on the right nav bar here) if not already for those upcoming updates!

~Douglas

Updates, Updates, Updates...

October 20, 2018, 10:19 am
$
0
0

WeakNet LINUX

Hello everybody! A couple days ago I announced on Twitter and Facebook the latest WeakNet LINUX update was released and I am already working on update 9. This update includes the following software for your VMs: 

 1. Seth, RDP tool (GitHUB)
 2. KeepNote (Debian APM)
 3. Dradis CE (GitHUB)
 4. ACLPwn (GitHUB)
 5. VEGA (WNL)
 6. Johnny (GitHUB)
 7. Nemesis
 8. NMAP compiled / installed and Debian APM version removed
 9. Cool Retro Terminal (GitHUB)
 10. MassScan
 11. Nikto2 (CIRT.net)
 12. ByteForce (WeakNet Labs/GitHUB)

 X. UI Updates
  a. New Icons
  b. Wallpapers
  c. Desktop menu update

New Tutorials Mini Series

I want to first apologize up front for not having a good setup to record my voice and screen at the same time. I just can't justify the cost of the hardware and software at the moment, so please bear with the poor audio. I did order a new microphone, but the software I am using ONLY allows me to record 5 minutes at a time as a license restriction. If anyone has any suggestions for great screen capture software, I really could use some. I use an AverMedia LGP2 for gaming that I might try to apply to these tutorials in hopes that the quality is much better. It just seems like a pain the rear to get it up and running for such a simple task :)

Anyways, these videos cover how to make a mini SIEM for web application and web service monitoring. If you enjoy them, please





Conferences

I just returned from some pretty awesome conferences, the Three Rivers Information Security Symposium, and Splunk> .conf18 in sunny Orlando Florida.

Let's start with the Bad and the Ugly

At the incredibly disorganized and poorly planned Splunk> conference, I attended the Splunk> Fundamentals 2 course- which wasn't good. I don't recommend it if you are up in the air due to it's ridiculous cost. It covered subjects and areas that you would have already discovered and adventured to if you were seriously using Splunk> after passing the Fundamentals 1 exam. It was also very cramped in the room. We had to share long tables with many people, so I literally had just enough space on the table for my laptop and was sitting on the end side of the table. This means, I had to stand up and pull in each time someone wanted to leave the room. The teacher made a massive amount of stupid mistakes during her lessons. In fact, some of them were repeated all the way to the end of the training and the students in the classroom were constantly telling her to do it correctly before she even noticed the issue. Then, on the last day of training, another teacher stepped in to show us a lesson and he was foreign, which is okay, but, I didn't understand a word he was saying and other students sitting by me were asking me what he was saying. I don't get it.

This is the awesome right here: after the exam, the teacher announced that anyone who took the Fundamentals 2 course in the past failed or struggled in the third course- ? It's like a disclaimer stating that the Fundamentals 2 course is pointless. Also, they surprised us by saying that the exams are no longer open book and require us to pay and go to specialized testing facilities to take them. That's a bit disheartening considering that the Fundamentals 1 exam had a lot of questions that were not in the training materials. She also, that our current certificates are now dated because of this new change. I don't have any good opinions about that company, but that is not what this blog is for.

As far as the conference itself, it was very disorganized.It seems like they were greedy and allowed too many people to attend. This made the experience rather annoying as it was forced to span several resorts- good luck running from the Swan resort to the Boardwalk resort between sessions when it's 90 degrees and super humid. Most of the sessions that I wanted to attend, I couldn't because they were full, and the hoodie size that both me and my coworker reserved, were not really reserved and all out. These are just few examples of why too many people make a conference a bad idea. I won't be attending the next Splunk .conf in Vegas even if it is free.

The Good

The Three Rivers Information Security Symposium, TRISS, is an incredible event. This years was the 3rd inaugural event. The first TRISS started in a classroom in Robert Morris University. The second year, TRISS grew and was held at the large conference room at the Double Tree Hotel, and the third - this year - TRISS was massive. It was held at the Monroeville Convention Center and had 3 rooms of sessions all day. This event blows my mind, to be honest. It's very well organized, contains talks by infosec professionals from all around the Western PA area, has TONS of sponsors (who give the swag and buy the food), and gives us a chance to network with individuals in our profession that are local. I, honestly, enjoyed this conference every time it was held. I wouldn't miss it for another.

If you are an InfoSec individual in the surrounding area, I would highly recommend asking your employer to send you to this conference.


Thanks for stopping by.
~Douglas

Updating Evan's Debugger in WeakNet LINUX

October 21, 2018, 5:03 pm
$
0
0

If you are doing any lab training in Hack The Box, Top Hat Sec's Reverse Engineering 101, Point3's Escalate, or some other class, training, etc - you might need to use Evan's Debugger at some point. This debugger tool came as an update in WNL8 (in Update 5), but lately has been giving some grief about updating g++ and cmake.

First, you will need to add this line to the /etc/apt/sources.list file,

# G++ 5+ deb http://ftp.de.debian.org/debian sid main

Then, simply do an,

root@wnl8:~# apt-get update && apt-get install g++ cmake

Next, we will recompile and install edb with the following command (the installation files should still be on your file system).

root@wnl8:~# cd /pwnt/reverse-engineering/edb-debugger/
root@wnl8:~# rm -rf build
root@wnl8:~# mkdir build
root@wnl8:~# cd build
root@wnl8:~# cmake ..
root@wnl8:~# make
root@wnl8:~# make install
Any errors that you may receive will most likely output exactly what needs added, updated, etc, but you can post them as comments here if you get stuck. I tried this with a fresh installation of WNL8 (including all the updates to (7)) and it worked well.As you can see form the screenshot above, you can dive right in and start reverse engineering those apps for flags/etc once done.

~Douglas

WEAKERTHAN Linux 6 RC7.22 ISO

July 23, 2015, 7:42 am
$
0
0

DARK 

Dark, darkness, deep, cave-like hacker dark, dark, and more darken darkness in WEAKERTHAN Linux 6 than you have ever seen! I mean, Laurel Caverns can't even come close. This Linux is so dark and flat that it will keep your eyes glued to the beautiful screen while hacking the planet.

I got some feedback about how the darker themes in WT6 where preferred. I want Weakerthan Linux 6 to be your preferred penetration testing ISO over any other. I want WT6 to be slim, sleek, fast, and sexy. I have minimal-ized and flattened images and themes to keep them tiny. So, please, pretty please keep emailing me the comments and suggestions! Or just post them here! Thank you all for the feedback so far!


Chrome Tools

I have fully tested and added/removed more tools for web application penetration testing into Google Chrome. In fact, I have also added some experimental hacking features and even dark themes for not only web pages (I mean ALL web pages will be dark like you see in the Wikipedia.org screenshot above), but even a dark theme to the developer tools! You can easily dsiable this if it is not working correctly by hitting this button in the browser bar:

 I also fixed the issue about downloading files to the /root/Downloads directory by simply making the /home/weaknet/Downloads file a symbolic link to it and made it writable by the user "weaknet". This allows me to run Chrome a s a non-root user in the /root directory transparently. If you'd like to see some great videos on web penetration testing using Google Chrome in WEAKERTHAN Linux 6, please check out the YouTube playlist I made for the Capture the Flag challenge (2) offered by InfosecInstitute.com


Application Optimizations

I have optimized almost all GUI applications to use the sexy Ubuntu font. I honestly have to say, that after all the years that I used Ubuntu, the only things that truly were memorable about it was Googling for error strings and the sexy font. So, in WT6 I have taken all of the Googling guesswork and troubleshooting out for you, and added the only thing that Ubuntu could make right; the font. I have darkened editors, debuggers, and even as you see above - Wireshark. So yeah, I have squashed a boat-load of (behind the scenes) bugs since the last release candidate!

I have also added all of your suggestions for tools and added a few of my own as well. So take some time to browse through the Fluxbox menu that I made to check them out! I added G0tmi1k's Metasploit Payload Creator application. Also the Penetration Tester's Framework is now installed by default, and the configuration is set to install the tools into /pwnt/ptf/tools/ so you can easily install any tools that you need using that tool!

ART

I am an artist. I have been since I was a child. In fact, I was just hired to illustrate a book! So, these updates will become less... #beastmode in nature. At least for a month or two. Which, now that I am thinking of it, also pushes the enrollment date back for WeakNet Academy. Sorry, I couldn't turn the offer down. Anyways, please check out the different Fluxbox themes that I made and the wallpaper selection as well.

DOWNLOAD

Here are the links to download the newest ISO. I will be removing the old ISOs from the local 80211.ninja repository to replace them with this.

ISO: wt6_beta_07222015.iso
MD5: wt6_beta_07222015.iso.md5

Thank you!

Thank you for trying WEAKERTHAN Linux. It's been 8 long years of WeakNet Labs to come to this project and I feel like it's the best thing that I have put together since then. Thank you all for following me on sites, sending emails, comments, tweets, etc.

How's that for a weekly update? :)
~Douglas
Search

The Grimoire of Demonology

January 25, 2019, 4:46 am
$
0
0

The Demon 😈

Well, WNL8 will be my final version of WeakNet LINUX- for a long time at least. This new project is built from XFCE and contains all of the same great tools (well, I am still building this out as you're reading this) as WeakNet LINUX.



You can skip the TL;DR and go right over to DemonLinux.com to grab a copy or read more about the distribution. As for the UI/Theme/Idea - I can't say that I wasn't inspired by the world's most beautiful car :)

The development process for Demon was staggering and trying. I almost about gave up on the project so many times while trying to move my arms fast enough to balance and maintain what I later learned was a house of cards. I honestly tried to attribute the plight to the name of the distribution; 😈. Choosing XFCE, Debian Stretch, the file manager, the theme, making customizations and altering items, all, was a painstaking process which required many hours of testing and development. I ditched window managers and started the project over at least 4 times before realizing that the Buster version of Debian itself was creating it's own problems.

In fact, a lot of issues even arose from the fact that we are in the middle of several releases of Python, all of which are required for the various InfoSec-related tools. Lots of popular frameworks and tools for InfoSec have a ton of dependencies and strange quirks for getting up and running. My job is to build them all out for you and have them ready so that you don't have to - you can just dive in and start hacking.

So, I have been thinking over moving away from WeakNet LINUX for a long while now and my brother gave me the inspiration when he mentioned that the UI/UX shouldn't be the learning curve for my users, no, it should be the information security and technical stuff. WeakNet LINUX was targeted at advanced Linux users. So, with that advice, I decided to offer the new UI/UX with a whole new look, feel, branding, and all for a new year, 2019. Something easy-on-the-eyes and easy to use. My favorite part of the UX is the WIN key to search :) It's so fast.

The Grimoire

I am currently studying for the world's hardest test and I have been using PWK, HacktheBox.eu, VulnHub.com, and Udemy.com as resources. This is very good advice for anyone interested in one day entering the field of information security/IT - as I am now constantly learning new things. I LOVE HacktheBox.eu. It's quite similar PWK labs from Offensive Security, but a lot less expensive, ~$100 annually, plus there are a lot of great things to do besides CTF/Boot to root/Penetration testing. On the right pane of this weblog you can see my badge and progress in the labs. It is updated in real time.

Anyways, with all of this said, I couldn't help but to take an actual tome of notes and my own scripts and code of my travels (notes go a long way) and I also couldn't help but to share them. So, I present my latest side-project, The Grimoire.

The Grimoire is a lot of things - a repository of specially crafted code for enumeration, digital forensics, and penetration testing. Oh, and did I mention a boat load of notes? Notes, notes, notes, and cheat sheets.


I truly feel that the only way I am going to beat this upcoming test is to stick to a strict methodology, a flow chart if you will, to which I can ensure that no step is missed during enumeration. This is my philosophy to the mantra, "try harder." Anyways, this repository can be used in any OS. I tried to list any dependency for any of the script that I made within the script itself as comments or notes. Just look at how committed I am to my notes,

Mentioned Resources

I am currently enveloped in the following mentioned resources,
  • Offensive Security - PWK
  • HacktheBox.eu
  • Udemy.com
    • Hands-On Penetration Testing Labs 2.0 (Link)
    • Kali Linux Web App Pentesting Labs (Link)
    • Certified Wireless Security Professional (CWSP from CWNP) (Link)
  • VulnHUB.com (Link)

And I highly recommend all of them.

Thanks for stopping by,
~Douglas

Demon Linux Updated

August 24, 2019, 7:44 pm
$
0
0

It's Finally Here!

Demon Linux has finally been updated. I updated the UI/UX and built this image from scratch which includes,
  • New icons and a fresh new look
  • New tools and apps installed by default
  • New UI/UX features
  • Built from Debian Buster
  • New Linux Kernel
  • New menu and keyboard commands
  • Added hardware support
  • Updates to all system features, including VMWare installation tools and options.




The Demon Linux App Store is a brand new project that I integrated directly into the ISO. I have been thinking about this for as long time now and finally decided to put forth the effort to make the UX stand out above the rest. This is still new, though and still a WIP (hence the "BETA" language everywhere ...). Because this is still in BETA form, I highly recommend running the Demon App Store from the terminal to look out for any errors that may occur. /usr/local/sbin/demon-app-store.sh

If you'd like to see any apps (that are not already available in the Debian repositories) added to The Demon Linux App Store, please let me know via email (weaknetlabs)at Gmail.

Demon Linux Installer

The installer was completely updated to use GRUB2, Debian Buster, let the user choose the kernel, and it's self maintained (will update before each run) as I have separated it into two parts.


Download Demon Linux

If you'd like to give my ISO a spin, please head over to the Demon Linux Official Site and download it for free. If you would only like to check out the included projects, you can get them from my GitHUB page,

Code repository for Demon Linux Installer
Code repository for Demon Linux App Store

Thank you, friends. I hope that you are all doing well.
~Douglas

Updates to WeakNet Labs' Software and Services

February 26, 2020, 4:51 pm
$
0
0

Demon Linux

Demon Linux has been updated to version 2.2. So head on over to https://demonlinux.com and grab yourself a shiny new copy:



Here is an installation and setup video that I created that may help you along the way,



WeakNet.Academy

WeakNet.Academy has been updated. I now own the domain WeakNet.Academy and I plan to use it for free lessons that range from beginner to expert with cybersecurity as the main theme. So, "be kind, please subscribe" if you want to see frequent content.



IDQAT

IDQAT is very close to it's first revamp reveal. This is an identity finder tool. In fact, IDQAT (pronounced "ID cat") stands for Identity Query and Alert Tool. It is a client-server architect system. The server is called the "IDQAT Central Office". I have been using versioning tools to keep it safe from corruption this time around. The Discovery QATs (pronounced "discovery cats") are made with Python so that they are OS independent, and run on the endpoints and communicate to the Central Office via an HTTP(S) REST API that I designed. I love this product so far. If you can't tell, I like building and designing things for some reason.



Hrmm, I forgot to mention that this will be open sourced, free software :)

Pin Stack Smashing

So, I started a new show, called "Pin Stack Smashing" which is an entertainment show that surrounds picking locks. I act like a total ass and poke fun of lock picking, parody cult classic films and popular YouTubers, and well, TBH: the only serious episode I made was about the American Lock Co. lol If you are interested in the subject, even a little, go check it out my channel. Again, it's for entertainment purposes instead of educational.



Hey, if you end up liking the shows, channels, or software, then feel free to subscribe for updates- or at least click the "thumbs up" I would really appreciate it.

~Douglas
Viewing all 38 articles
Browse latest View live
Search