Installing Ubuntu Alternate 10.04 from a USB-drive

If you want an encrypted system drive drive with Ubuntu, then you need to use the alternate install image provided by Canonical. However, a month ago when I tried to do a USB install, I ran into an error. The installer complained that it couldn’t find the CD-rom. Hilarious.

I reported it as a bug and now someone called brabax @ bugs.launchpad.net has provided me with a workaround. Kudos.

After several tries I just found the following solution for Kubuntu Alternate installation, which should work for Ubuntu as well:

– Mount your USB drive
– Install and start UNetbootin
– Select Distribution “Kubuntu”
– Select a “HdMedia” subcategory entry, I used “10.04_HdMedia_x86”
– Select your USB drive
– OK
– Copy “kubuntu-10.04-alternate-amd64.iso” to root folder of the usb drive
– USB drive is ready for installation (without problems during installation of a missing CD-ROM drive)

Replace Kubuntu with Ubuntu if you so need.

Recommended book: The Cuckoo’s Egg

After reading a review of The Cockoo’s Egg by Cliff Stoll on taosecurity.blogspot.com. I just had to check it out. I bought that book and a social engineering book by Kevin Mitnick called The Art of Deception.

The Cockoo’s Egg is based on a true story. It was technically accurate and exciting. I liked the book, never read anything like it and I’m now looking for more books in this genré. Be it fictional or not, I want more.

Here’s a summary of the book that I snatched from some savvy website:

Cliff Stoll was an astronomer turned systems manager at Lawrence Berkeley Lab when a 75-cent accounting error alerted him to the presence of an unauthorized users on his system. The hacker’s code name was “Hunter”– a mystery invader hiding inside a twisting electronic labyrinth, breaking into U.S. computer systems and stealing sensitive military and security information. Stoll began a one-man hunt of his own, spying on the spy– and plunging into an incredible international probe that finally gained the attention of top U.S. counter-intelligence agents. The Cuckoo’s Egg is his wild and suspenseful true story– a year of deception, broken codes, satellites, missile bases and the ultimate sting operation– and how one ingenious American trapped a spy ring paid in cash and cocaine, and reporting to the KGB.

Review on the Art of Deception is coming up shortly.

python-notify documentation

I found this kinda cool notification package for python called python-notify. It was a bit hard to find documentation as how to use this package. I found out that some example code can be found in /usr/share/doc/python-notify/examples/.

The notifications look quite well in Ubuntu Lucid Lynx (10.04). Don’t know why there’s a space between gnome-panel and the notification though. Canonical slacking a bit I guess.

quick review – linux on asus ul30vt

Here’s what you need to be aware of if you’re  looking to run Linux (tested on Ubuntu 10.04/Backtrack 4 Final) on this laptop:

Fake auth attack doesn’t work with the aircrack-ng suite, there’s a workaround available though. Using wpa_supplicant to do association works well, if not a bit tedious, but it works. I do not know whether the fault lies in the driver or the aircrack-ng suite. I’d bet on aircrack-ng though.
If you’re looking for battery life you’re better off with UL30A and buying a USB wireless adapter, like Alfa AWUS036H. The reason for the USB WIC: The UL30A suffers from bad connectivity, some users report, because the WIC only got one antenna; whereas two are the normal case for a normal laptop. The UL30A doesn’t come with a dedicated graphic card but it has a better battery.  If you’re a pen-tester then UL30A is the laptop to choose between the two. I chose UL30VT because I wanted to be able to play hi-def movies smoothly. It was questionable whether an integrated card would handle this well enough.
The trackpad works well enough. Most multi-touch stuff work OTB, horizontal scroll doesn’t but I can live it it.
Some function keys works. Screen brightness adjustments doesn’t work, there’s workarounds for this though.
The CPU is scaling between 800MHz and 1,3GHz. In Windows, Asus provides an application that clocks the cpu to 1,9GHz. Called Turbo something. The CPU running quite hot, ~72-76 degrees, when under maximum load. I’ve been unable to find a Linux application that is capable of overclocking Intel processors. Please let me know if you know of one.
Additional note on the wireless: It took some tinkering to get the WIC to work in Backtrack 4. I had to download compat-wireless and add support for the driver. Then I went to Intel’s website and downloaded the driver and put it into my firmware dir. Those steps worked for me. However, I recommend that you run a dist-upgrade in BT the first thing you do instead. You’ll get a newer kernel and hopefully, support has been added.
I ended up running BT 4 as guest OS with Ubuntu 10.04 being the host OS. I’ve bought myself an ALFA AWUS036H. It works well with Backtrack running in a virtual environment.All in all, I really enjoy this laptop. It’s light, the battery is good and it looks good as well. Feel free to contact me for further enquirers.

swedish wordlist/dictionary for security auditing

I scoured the net for a good Swedish wordlist and found all to be inadequate. Hence, I’ve created a script that formatted Göran Andersson’s “Den stora svenska ordlistan” so it could be used for security auditing. I’m now posting the output from that script here. The result 400 549 swedish words (974.9 KB compressed). The list is free from duplicates and has been sorted alphabetically.

Note: All name starts with a capital letter.
Note #2: Implicitly understood is that you have to modify the wordlist for your own needs.

Download the wordlist here.

Mirror #1

Said script might be released later, it’s not 100% complete (some entries was not formatted correctly and so needed manual intervention to correct).

simple password generator script

Wrote a small script in Python for generating passwords of various lengths. There’s plenty of password generators out there, it’s just that I saw it to be a good exercise to learn some Python. Will add a GUI and an option to choose from different charsets later on.

The script will let you choose the length of the password as well as how many passwords you want generated. The charset used is a mix of specialized characters/digits/upper and lower letters.

Usually I visit a website that generates the password for me. Alas, I’ve been quite paranoid (thank SSLstrip and ettercap for this) of late and so I thought I’d better generate my passwords locally instead.

Download script here.

I would like to publish the code right here on the blog, but wordpress doesn’t include a syntax highlighting feature and so code doesn’t display well. There’s plugins for this but for me to use them I need to host the server myself.

I’m going to add a GUI to this as well as adding more options for customizing the generation of passwords. Like, which charsets to use. 🙂