Tag Archive for ubuntu

HACKED- Windows 10, macOS, Adobe, VMware, Apple and Oracle at The Pwn2Own 2020!


Pwn2Own is a well-known computer hacking contest which is held once every year at the CanSecWest security conference. In this contest, the contestants are tested on how well they could exploit commonly used software and mobile devices with formerly unheard of vulnerabilities.

An issue as grave as the Coronavirus pandemic has clearly not affected the spirits of the Pwn2Own 2020 hacking competition which got done with its first two days.

On Day 1, security researchers and participants bagged a handsome amount of over $180,000 for exploiting the Windows 10, Ubuntu Desktop and macOS, mention sources.

Reportedly, a “team from the Georgia Tech Systems Software and Security Lab succeeded in exploiting a kernel privilege escalation to execute code on macOS” by way of Safari. The attack mechanism that ended up winning for the team $70,000 was comprised of 6 vulnerabilities.

Per the event page (thezdi.com), Georgia Tech employed a “6 bug chain to pop calc and escalate to root”.

The team that has won several preceding editions of the hacking contest, Team Fluoroacetate, won themselves a victorious $40,000 after they employed a “local privilege escalation exploit” meant for the Windows 10.

Reports mention that one of the two members of the aforementioned team also won himself a smashing amount of $40,000 for yet another privilege escalation exploit pursuing Windows 10.

As per sources, the RedRocket CTF team got themselves a win, owing to it to one of their members, Mafred Paul, who bagged an attractive amount of $30,000 for a local privilege escalation exploit focused on Ubuntu Desktop. The hack was about the manipulation of the ‘Input validation bug’.

On Day 2, The Fluoroacetate successfully targeted the Adobe Reader with a local privilege escalation by employing a pair of UAFs, mentioned sources and grabbed an amount of $50,000.

Per reports, the Synacktiv team targeted the VMware Workstation but unfortunately to no avail in the given duration of time. There also were special demonstrations of the Zero Day Initiative against the Oracle VirtualBox.

This was the very first time the organizers allowed “conditional remote participation” in the Pwn2Own hacking contest, understandably because of the increased concerns of people about traveling due to the Coronavirus outbreak.



HOW TO RECOVER DELETED FILES IN UBUNTU

recover files- ubuntu

It is always recommended that you unmount a device immediately after you realise you’ve deleted important files, to prevent the data blocks of those files from being overwritten with other data. Thus, you should ideally shut down the system, and do the recovery process by booting from a Live CD/USB, and then searching the partition that contained the files (e.g., /dev/sda1). I am using the Ubuntu 10.04 32-bit desktop edition, and the information here is specific to that distro.

Foremost and Scalpel are not interested in the underlying filesystem. They simply expect the data blocks of the files to reside sequentially in the image under investigation. The tools will find images in dd dumps, RAM dumps, or swap files. Carving will help to identify and reconstruct files on corrupt filesystems, in slack space, or even after installation of a new operating system, as long as the required data blocks still exist.

Method 1 to recover deleted files in Ubuntu: Scapel

 

Scalpel is a fast file carver that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. Scalpel is filesystem-independent and will carve files from FATx, NTFS, ext2/3, or raw partitions. It is useful for both digital forensics investigation and file recovery. This short article shows how you can use Scalpel to recover deleted files.In Ubuntu, Scalpel can be installed as follows:

apt-get install scalpel

Before we can use Scalpel, we must define some file types that Scalpel should search for in /etc/scalpel/scalpel.conf. By default, all file types are commented out. Uncomment the lines you want, for instance if you want to recover PDF files:

Press Alt + F2 and type: gedit /etc/scalpel/scalpel.conf

and uncomment these lines:

       pdf     y       5000000 %PDF  %EOF\x0d  REVERSE
     pdf     y       5000000 %PDF  %EOF\x0a  REVERSE

Scalpel can be used as follows to try to recover the files:

scalpel /dev/sda1 -o output 

-o defines the directory where Scalpel will place the recovered files – in this case the directory is named output and is a subdirectory of the directory where we are running the scalpel command from; the directory must not exist because otherwise scalpel will refuse to start.

After Scalpel has finished, you will find a folder called output in the directory from where you called Scalpel. The audit.txt contains a summary of what Scalpel has done and the pdf-0-0/ subdirectory contains the pdf files that Scalpel has recovered.

Before you run Scalpel the next time from the same directory, you must either delete/rename the current output/ directory (because Scalpel will not start if the output directory is already existing) or use specify another output directory.

 

Method 2 for recovering deleted files in Ubuntu: Foremost

 

Foremost is a console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types. These built-in types look at the data structures of a given file format allowing for a more reliable and faster recovery.

Install foremost in Ubuntu

sudo aptitude install foremost

This will complete the installation.

Using Foremost

Foremost Syntax

foremost  [-h][-V][-d][-vqwQT][-b<blocksize>][-o<dir>] [-t<type>][-s<num>][-i<file>]

Available Options

-h Show a help screen and exit.
-V Show copyright information and exit.
-d Turn on indirect block detection, this works well for Unix file systems.
-T Time stamp the output directory so you don’t have to delete the output dir when running multiple times.
-v Enables verbose mode. This causes more information regarding the current state of the program to be dis-played on the screen, and is highly recommended.
-q Enables quick mode. In quick mode, only the start of each sector is searched for matching headers. That is,the header is searched only up to the length of the longest header. The rest of the sector, usually about 500 bytes, is ignored. This mode makes foremost run con- siderably faster, but it may cause you to miss files that are embedded in other files. For example, using quick mode you will not be able to find JPEG images embedded in Microsoft Word documents.

Quick mode should not be used when examining NTFS file systems. Because NTFS will store small files inside the Master File Table, these files will be missed during quick mode.

-Q Enables Quiet mode. Most error messages will be sup-pressed.
-w Enables write audit only mode. No files will be extracted.
-a Enables write all headers, perform no error detection in terms of corrupted files.
-b number Allows you to specify the block size used in foremost. This is relevant for file naming and quick searches. The default is 512. ie. foremost -b 1024 image.dd

-k number Allows you to specify the chunk size used in foremost.This can improve speed if you have enough RAM to fit the image in. It reduces the checking that occurs between chunks of the buffer. For example if you had > 500MB of RAM. ie. foremost -k 500 image.dd

-i file The file is used as the input file. If no input file is specified or the input file cannot be read then stdin is used.

-o directory Recovered files are written to the directory directory.

-c file Sets the configuration file to use. If none is speci-fied, the file “foremost.conf” from the current direc-tory is used, if that doesn’t exist then “/etc/fore-most.conf” is used. The format for the configuration file is described in the default configuration file included with this program. See the CONFIGURATION FILE section below for more information.

-s number Skips number blocks in the input file before beginning the search for headers. ie.

foremost -s 512 -t  jpeg -i /dev/hda1

Foremost examples

Search for jpeg format skipping the first 100 blocks

sudo foremost -s 100 -t jpg -i image.dd

Only generate an audit file, and print to the screen (verbose mode)

sudo foremost -av image.dd

Search all defined types

sudo foremost -t all -i image.dd

Search for gif and pdf

sudo foremost -t gif,pdf -i image.dd

Search for office documents and jpeg files in a Unix file sys-tem in verbose mode.

sudo foremost -v -t ole,jpeg -i image.dd

Run the default case

sudo foremost image.dd

image.dd means you need to enter your hardisk mount point i.e /dev/sda1 or /dev/sda2

reset root password- ubuntu boot in single user mode

For that press down the “shift” key while booting and you will get the GRUB boot menu.

Normally the top GRUB entry will be pointing to your normal boot entries. It will look similar to:

grub-screen-1

Press the ‘e’ key to edit the kernel parameters.

Now what you see are the boot entries. Now find the kernel line and append “init=/bin/bash” to it.
Look near the bottom of the list of commands for lines similar to
linux /boot/vmlinuz-3.2.0-24-generic root=UUID=bc6f8146-1523-46a6-8b\
6a-64b819ccf2b7 ro quiet splash
replace ro quiet spash with   rw init=/bin/bash
linux /boot/vmlinuz-3.2.0-24-generic root=UUID=bc6f8146-1523-46a6-8b\
6a-64b819ccf2b7 rw init=/bin/bash
Press either Ctrl+X or F10 to boot using these kernel options.

mount -n -o remount,rw /

Now changing the root password is a piece of cake!!! just type in:

passwd root

Ubuntu Forums Hacked, 1.8 Million Passwords, E-Mails & Usernames Stolen

ubuntu-hacked-thumb

While data from the Forums has been compromised they stress that other services, such as Ubuntu One and Launchpad, ‘are not affected by the breach’.

current home screen of http://ubuntuforums.org/

Ubuntu Forums is down for maintenance

There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly with progress reports.

What we know

  • Unfortunately the attackers have gotten every user’s local username, password, and email address from the Ubuntu Forums database.
  • The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one on another service (such as email), you are strongly encouraged to change the password on the other service ASAP.
  • Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach.

Progress report

  • 2013-07-20 2011UTC: Reports of defacement
  • 2013-07-20 2015UTC: Site taken down, this splash page put in place while investigation continues.

If you’re using Ubuntu and need technical support please see the following page for support:

 

If you’re looking for a place to discuss Ubuntu, in the meantime we encourage you to check out these sites:

 

Download of the day: Half-Life 2 For Steam on Linux

The first-person shooter Half-Life 2 released for Steam on Linux. I truly enjoyed Counter Strike, and I am going to install Half-Life 2 this weekend.

Read more: "Download of the day: Half-Life 2 For Steam on Linux"

Tweet this    Share on Facebook