Writeup about my submission to the latest Honeynet Challenge!

Edit: I won the challange! ūüôā

End of edit.

A few weeks ago I’ve learned that Honeynet Project had created a new challenge. Link here.

Challenge 5 – Log Mysteries – (provided by Raffael Marty from the Bay Area Chapter, Anton Chuvakin from the Hawaiian Chapter, Sebastien Tricaud from the French Chapter) takes you into the world of virtual systems and confusing log data. In this challenge, figure out what happened to a virtual server using all the logs from a possibly compromised server.

I totally felt like this would be a very good way to learn something and so I jumped at the opportunity. The deadline has passed and so I’ve done a writeup of how I analyzed the log files and came to certain conclusions. I figured it was a good way to spread knowledge and also get some criticism. I would really love if someone at least¬†skimmed¬†through my writeup (links below) and told me whether I did a decent job or not.

I’m releasing this now because the deadline for the challenge has passed. Though the submissions doesn’t seem to be closed yet, I don’t care. I did this to learn and not to win some prize.

I created this document while I worked on the challenge and I’ve edited it afterwards. So the grammar might be a bit odd. Sometimes it might be in present tense and sometimes not so present tense. I hope I’ve edited it enough so you won’t find it a pain to read.

Installing Ubuntu Alternate 10.04 from a USB-drive

If you want an encrypted system drive drive with Ubuntu, then you need to use the alternate install image provided by Canonical. However, a month ago when I tried to do a USB install, I ran into an error. The installer complained that it couldn’t find the CD-rom. Hilarious.

I reported it as a bug and now someone called brabax @ has provided me with a workaround. Kudos.

After several tries I just found the following solution for Kubuntu Alternate installation, which should work for Ubuntu as well:

– Mount your USB drive
– Install and start UNetbootin
– Select Distribution “Kubuntu”
– Select a “HdMedia” subcategory entry, I used “10.04_HdMedia_x86”
– Select your USB drive
– OK
– Copy “kubuntu-10.04-alternate-amd64.iso” to root folder of the usb drive
– USB drive is ready for installation (without problems during installation of a missing CD-ROM drive)

Replace Kubuntu with Ubuntu if you so need.

quick review – linux on asus ul30vt

Here’s what you need to be aware of if you’re ¬†looking to run Linux (tested on Ubuntu 10.04/Backtrack 4 Final) on this laptop:

Fake auth attack doesn’t work with the aircrack-ng suite, there’s a workaround available though. Using wpa_supplicant to do association works well, if not a bit tedious, but it works. I do not know whether the fault lies in the driver or the aircrack-ng suite. I’d bet on aircrack-ng though.
If you’re looking for battery life you’re better off with UL30A and buying a USB wireless adapter, like Alfa AWUS036H. The reason for the USB WIC: The UL30A suffers from bad connectivity, some users report, because the WIC only got one antenna; whereas two are the normal case for a normal laptop. The UL30A doesn’t come with a dedicated graphic card but it has a better battery. ¬†If you’re a pen-tester then UL30A is the laptop to choose between the two. I chose UL30VT because I wanted to be able to play hi-def movies¬†smoothly. It was questionable¬†whether¬†an integrated card would handle this well enough.
The trackpad works well enough. Most¬†multi-touch¬†stuff work OTB, horizontal scroll doesn’t but I can live it it.
Some function keys works. Screen brightness adjustments doesn’t work, there’s workarounds for this though.
The CPU is scaling between 800MHz and 1,3GHz. In Windows, Asus provides an application that clocks the cpu to 1,9GHz. Called Turbo something. The CPU running quite hot, ~72-76 degrees,¬†when under maximum load.¬†I’ve been unable to find a Linux application that is capable of overclocking Intel processors. Please let me know if you know of one.
Additional note on the wireless: It took some tinkering to get the WIC to work in Backtrack 4. I had to download compat-wireless and add support for the driver. Then I went to Intel’s website and downloaded the driver and put it into my firmware dir. Those steps worked for me.¬†However, I recommend that you run a dist-upgrade in BT the first thing you do instead. You’ll get a newer kernel and hopefully, support has been added.
I ended up running BT 4 as guest OS with Ubuntu 10.04 being the host OS. I’ve bought myself an ALFA AWUS036H. It works well with Backtrack running in a virtual environment.All in all, I really enjoy this laptop. It’s light, the battery is good and it looks good as well. Feel free to contact me for further¬†enquirers.