The News

Read some news and pretend that you are working. Bosses love that!

Squid transparent proxy on Mikrotik with single ETH interface

posted Aug 23, 2019, 5:52 AM by Leigh Williams

Always wanted to set up a squid and squidguard transparent proxy on your Mikrotik router, and a raspberry pi? Then look no further!


To get squid up and running on your PI, check out this guy on YouTube (3 parts). He explains it like a beast. Nobody can beat him:

To get a proper squidguard list of IPs and domains, look around the internet. I am not going to share mine as it has too many false positives.

Now for the other half:

Mikrotik Rules:
/ip firewall mangle chain=prerouting action=mark-routing new-routing-mark=to_proxy passthrough=yes protocol=tcp src-address=YOUR_IP_HERE dst-port=80
--Replace YOUR_IP_HERE with an actual IP or subnet
--Add port 443, 8080, etc


--Now lets route this marked packet to our raspberry pi running Squid:
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=YOUR_SQUID_IP routing-mark=to_proxy scope=30 target-scope=10
--Replace YOUR_SQUID_IP with your squid server's actual IP address


Linux Rules (on your IP):
On your raspberry pi that is running squid, add this IP tables rule:
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to YOUR_IP:YOUR_PORT
--Replace YOUR_IP and YOUR_PORT with the raspberry pi's IP and the port your squid is running on (should be 3128)


Now on the device with YOUR_IP_HERE, open a website (if you specified port 80, open a non-SSL page). 
But oh no! You're getting a 400 bad request! WHAT EVER SHOULD I DO NOW??!! Easy! Make sure in your squid.conf file you have this:
http_port 3128 transparent

Without the word "transparent" squid will throw away the domain portion and just work on everything after the domain and that's why it freaks out.


Prevent devices from bypassing pihole (mikrotik)

posted Jul 20, 2019, 2:07 AM by Leigh Williams

Thanks to this guy for this awesome post: https://www.reddit.com/r/pihole/comments/5g249i/tip_redirect_all_dns_to_pihole_with_mikrotik/

Basically, you need to do this:
  • Change 192.168.88.110 to your pi hole IP
  • Change 192.168.88.0/24 to your subnet


#Make sure all DNS goes to pihole IP address
chain=dstnat action=dst-nat to-addresses=192.168.88.110 protocol=udp src-address=!192.168.88.110 dst-address=!192.168.88.110 dst-port=53
chain=dstnat action=dst-nat to-addresses=192.168.88.110 protocol=tcp src-address=!192.168.88.110 dst-address=!192.168.1.2 dst-port=53

#Hairpin NAT
#Masquerade router IP 
#These not really needed. I kept mine so its one IP (router IP) source
chain=srcnat action=masquerade protocol=udp src-address=192.168.88.0/24 dst-address=192.168.88.110 dst-port=53 
chain=srcnat action=masquerade protocol=tcp src-address=192.168.88.0/24dst-address=192.168.88.110 dst-port=53
chain=srcnat action=masquerade protocol=udp src-address=192.168.6.0/24 dst-address=192.168.88.110 dst-port=53 
chain=srcnat action=masquerade protocol=tcp src-address=192.168.6.0/24dst-address=192.168.88.110 dst-port=53

Kali on Hyper V

posted Jun 10, 2019, 8:52 AM by Leigh Williams

I recently had to get Kali up and running on Hyper V. Here are some tips and tricks:

After installation, use these sources (they might change after some time so always check the Kali website for the latest):
nano /etc/apt/sources.list (and add the below)
deb http://http.kali.org/kali kali-rolling main non-free contrib
deb-src http://http.kali.org/kali kali-rolling main non-free contrib

Install XRDP if you want a proper shared clipboard, fullscreen, etc the easy way
Apt-get install xrdp
update-rc.d xrdp enable
service xrdp start

Add sudo users if you want 
sudo useradd -m XXX
sudo passwd XXX
sudo usermod -a -G sudo XXX
chsh -s /bin/bash XXX

In Hyper V, create a new External switch. This might mess up your host's network speed. Run the below command in an elevated powershell prompt:
Set-VMNetworkAdapter –ManagementOS -Name <VirtualNetworkAdapterName> -VmqWeight 0



Correct Kali repos and VirtualBox bidirectional clipboard

posted Apr 25, 2019, 9:42 PM by Leigh Williams

nano /etc/apt/sources.list
deb http://http.kali.org/kali kali-rolling main contrib non-free
# For source package access, uncomment the following line
deb-src http://http.kali.org/kali kali-rolling main contrib non-free


Then do:
sudo apt-get update && sudo apt-get upgrade -y
sudo apt-get install -y virtualbox-guest-x11


Then do:
Original post:
https://unix.stackexchange.com/questions/310548/bidirectional-drag-and-drop-shared-clipboard-is-not-working-with-virtualbox-kali
In virtualbox make sure your clipboard is set up bidirectional. Reboot everything. Reboot the world to be safe.

Add this to bashrc:
In your bashrc file (~/.bashrc) add this:
# Enable VirtualBox Clipboard 
VBoxClient --clipboard

Restart clipboard when it gets wonky
If the clpboard stops working, do this:
ps -ef | grep VBoxClient | grep clip kill -9 [the PIDs] VBoxClient --clipboard

So what should you do?

posted Dec 14, 2018, 12:31 PM by Leigh Williams   [ updated Dec 14, 2018, 12:46 PM ]

1.) If you're technical, plug in a bootable flash drive with a clean Linux install that you have stashed away in your "just in case I need this" drawer (Linux because its quick and easy) and change that password, ASAP. Why a clean bootable USB? Because you don't know where they got your password from. Is it a keylogger, spyware, trojan, other site that got hacked, did you perhaps reuse that password, etc. You can't take risks. If you're not technical, use a device with anitivirus, run a scan, and make sure its clean (yes, your AV might be compromised, yes you might have a rootkit, but this might be your best option).

Go to accounts.google.com to change your password.


2.) Do you have any accounts, apps, etc linked to that Gmail account? Do you have any devices that are "trusted" that the hacker might have gotten remote access to? Go to accounts.google.com and review any trusted applications and devices, and revoke access. where needed. Best is, revoke all access because its probably from like 5 years ago in any case. 

Also, review the currently signed in devices and revoke access if those devices are unfamiliar.


3.) Do you use that Gmail password anywhere else? If you do, shame on you; you should never ever reuse a password.


4.) Any banking or investment accounts with no 2FA or variations of your Google password? Change them and enable 2FA. If they dont offer 2FA, shame on them.


5.) Go to all your social media accounts (twitter, facebook, linkedin, instagram, etc), paypal, eBay, Azure, Outlook.com etc, and enable 2FA. They all support 2FA. And change your password on all these sites (yes, it is tedious, but it must be done). Why should you change passwords here? Well, you dont know what else the bad guys managed to get access to. Also, you might have forgotten to enable 2FA on some of these sites, or the option might not have been available when you signed up 10 years ago.


6.) If these sites present you with 2FA over SMS or an Authentication App, don't choose SMS. 2FA over SMS is dead and should be considered insecure. Choose the App option. If they only have the SMS option, well, its better than nothing.


7.) Make sure you have proper password recovery options set up on all these accounts. Why? Well, you just changed 10+ passwords. If you dont use a password manager (like Google Chrome's built-in one or Keeper or Lastpass) you will probably forget those passwords. Dont write them down. For all you know, your cat might be able to read and she's the one doing all this because of world domination and all that.


8.) Be vigilant. Keep an eye on your credit cards, keep an eye on any account alter emails or sudden 2FA SMS or popups.


9.) Go to https://haveibeenpwned.com/ and check if your email address appeared in any breaches. If it did, follow the steps above for those websites.


10.) Relax. This can be stressful especially this time of year and if you followed these steps you did whatever you could. You did your best. But stay vigilant.

Schedule airodump via Cron to run every X minutes

posted Jan 4, 2018, 11:23 PM by Leigh Williams   [ updated Jan 4, 2018, 11:24 PM ]

service cron status -- check if it is running
ps -ef |grep cron --another way to check if cron is running

You can use the below to generate output files every XX minutes with a list of APs and stations nearby. Airodump will automatically create a new file every time you run it. You can then import these files into a DB to track channels, connected stations, track MAC addresses, etc

crontab -e
Add the below line:
*/2 * * * * /usr/sbin/timout -s 9 -k 5 1m /root/airosh.sh -- -s 9 is the signal type, -k 5 says after 5 seconds KILL the process if it is still running. You kinda want this so you dont end up with multiple running airodumps. And then 1m is for how long to run the application.

In airosh.sh you must have this line:
/usr/sbin/airodump-ng --write /path/to/where --write-interval XX --output-format csv wlan0mon

Type "whereis timeout" to see where your timeout command is locateda
Type "whereis airodump-ng" to see where your airodump-ng is located

VirtualBox Guest Additions and shared clipboard and Folders for Ubuntu Guest

posted Jul 2, 2017, 1:43 AM by Leigh Williams

1.) Install guest additions from the VBox menu as per normal then run "sudo apt-get install virtualbox-guest-dkms"
2.) sudo usermod -a -G vboxsf YOUR_USER
3.) set up your shared folder 
4.) restart your guest

To install MySQL
sudo apt-get install mysql-server
sudo mysql_secure_installation
sudo apt-get install mysql-client
sudo apt-get install mysql-workbench

Plex not seeing NTFS external hard drive

posted May 7, 2017, 12:49 AM by Leigh Williams

type sudo blkid. You will get output like this:
/dev/sda1: UUID="9081b56d-8715-49f3-a35d-529a39d5780e" TYPE="ext4" PARTUUID="c8168d71-01"
/dev/sda5: UUID="fbd90bd5-6b1a-4088-8569-0afbf0faebab" TYPE="swap" PARTUUID="c8168d71-05"
/dev/sdb1: UUID="79a6887b-0168-464e-9507-84cc1233fcb6" TYPE="ext4" PARTUUID="c3072dd0-01"
/dev/sdc1: UUID="4E65750852A3B04A" TYPE="ntfs" PARTUUID="000dfe15-01"

Way at the end is the NTFS drive. Now create an /etc/fstab entry like this:
UUID=4E65750852A3B04A /media/theexternal ntfs-3g permissions,nofail,auto 0 0
nofail means your pc won't fail to boot if your external drive is not plugged in. 
If your drive wasn't plugged in during boot, and you plug it in later and it doesn't boot, enter the comman "mount -a" to mount all again (mount-a reads fstab and check where the drive is and where to mount it)


Plex not seeing external flash drive (ext4 formatted)

posted May 7, 2017, 12:39 AM by Leigh Williams   [ updated May 7, 2017, 12:40 AM ]

Because /media is owned by root, plex will have issues.
Add the plex user to your group: sudo addgroup plex YOURGROUP

Then, open the "disks" app in ubuntu, choose your flash drive, click on the gear icon, click on Edit Mount Options, switch off auto mount, and then change the mount directory to something like "/mnt/myflashdrive"
You will see an entry like this in /etc/fstab:
/dev/disk/by-id/usb-JetFlash_Transcend_16GB_20LEYYIBYO01FB61-0:0-part1 /mnt/transcendflash auto nosuid,nodev,nofail,noauto,x-gvfs-show 0 0

If needed, restart plex. 

All is good now

PS3MediaServer on Ubuntu

posted Mar 4, 2017, 9:09 AM by Leigh Williams

Plex is cool, but if your internet goes down, then your clients can't always connect. So, back the the basics for me with ps3MediaServer as a backup:

sudo apt-get install mencoder tsmuxer avisynth ffmpeg mplayer
sudo apt-get install default-jre
Download generic-linux-unix from: https://sourceforge.net/projects/ps3mediaserver/files/
Change PMS.sh and tsmuxer to be executable if it is not
./PMS.sh (if you have more than one IP interface on your PC, bind it to your preferred one)

1-10 of 73