Configure apache to log the real client IP instead of cloudflare IP in http access logs (Wordpress)

If you are running a WordPress site and you have cloudflare setup, you may have noticed that the http access logs log the IP of cloudflare instead of the actual client IP. This is a guide to enable logging of the real client IP instead of the cloudflare IP in the apache2 logs. This was tested on a Ubuntu 20.04 machine + apache2 and traffic is proxied from cloudflare. – Install…

How to search for IOCs on a Linux machine using Loki IOC and APT scanner

This is a quick guide to running Loki APT Scanner to check for IOCs on a Linux machine. Debian/Ubuntu: – Run the below to setup install loki, get rules and update Loki. sudo su - apt-get install libssl-dev git clone https://github.com/Neo23x0/Loki.git cd Loki source bin/activate pip install colorama yara-python psutil rfc5424-logging-handler netaddr python3 loki-upgrader.py – To run Loki Scanner…

DFIR - Analyze Windows Event Logs (evtx) from a Linux machine using sigma rules, chainsaw and evtx dump

At work, I had a task to perform a quick compromise assessment for a hacked Windows server and I got a bunch of etvx files from the suspected host for analysis. I run Linux Mint + i3-gaps and its much easier and productive performing forensics from a Linux machine than Windows in my honest opinion. This post is meant for Linux users who want to perform Digital Forensics to find IOCs from Windows…

#HappyNewYear2024

Happy new Year to all my readers! God Bless! Hope you have a great one! Cheers! 🙂

View On WordPress

Increase OS Disk Size of an Azure Linux VM

If you try to expand the disk without stopping/de-allocating the VM, depending on disk config it may not allow your to change the size and a banner with message “Changes to the disk size can be made only when the disk is unattached or the managing virtual machine(s) are deallocated.” would be displayed. To increase the disk size of a Linux VM, you can perform the following: In my environment, the…

View On WordPress

Password protect file using 7z in Linux from the terminal

This is a short post on how to password protect a file using 7z in Linux from the terminal. Below is the sample command that encrypts file “file.txt” with password (Replace PASSWORD with your pass) and saves to encrypted zip file Protected.zip 7z a Protected.zip -pPASSWORD file.txt Credits/References: Stackoverflow

View On WordPress

Install MacOS Ventura on Proxmox 8.x

This is a guide on how to configure and install MacOS Ventura on Promox 8.x.x. (This was tested in my lab which runs Proxmox 8.0.3 and 8.0.4. It should work for other versions as well) Requirements: Proxmox 8.x.x Opencore ISO [ Link: https://github.com/thenickdude/KVM-Opencore/releases . https://github.com/thenickdude/KVM-Opencore/releases/tag/v20%5D MacOS Ventura ISO (You can get this from…

View On WordPress

Enable promiscuous mode in VMware Workstation

Enable promiscuous mode in VMware Workstation

Below are the steps to enable promiscuous mode for a VM in Vmware Workstation. Shutdown the VM and edit the .vmx file. This is in the directory where your VM’s hard disks were configured to be sure. vim /home/extr3me/vmware/pfsense/pfsense.vmx Tip: You can right click on the VM and select option “Open VM Directory” that will take you to the directory where the .vmx file is located. Add the below…

View On WordPress

Setup Wireguard VPN Server and Client in Linux (Ubuntu / Linux Mint)

Setup Wireguard VPN Server and Client in Linux (Ubuntu / Linux Mint)

This a guide on setting up Wireguard Server on Ubuntu and setting up a Wireguard client. Requirements: 1. Ubuntu Server 20.04 used in my lab. (20.04 or higher is required for Policy routing) 2. Ubuntu Client (Ubuntu 20.04) 3. Root access to the server. 4. Network Access Note: This should also work on Linux Mint 20.04 Setting up the Wireguard Server Login to the In my lab, I have set up a EC2…

View On WordPress

#HappyNewYear2022

Happy new Year to all! Stay Safe. God Bless!

View On WordPress

Install Signal Desktop and setup the tray for i3-gaps [Linux Mint / Ubuntu]

Install Signal Desktop and setup the tray for i3-gaps [Linux Mint / Ubuntu]

This is post on installing + setting up Signal Desktop application on an i3 / i3-gaps setup and enabling signal’s tray icon on your status bar. Requirements: 1. Linux Mint/Ubuntu [This was tested on Linux Mint 20.2 ] 2. Window Manager – i3 or i3-gaps [ I am using i3-gaps ] 3. i3-bar / py3status 4. Signal Desktop Linux [ Ref: https://signal.org/download ] Section 1: Install Signal Desktop 1.…

View On WordPress

Hexadecimal basics using basic Linux utilities

Hexadecimal basics using basic Linux utilities

This is short guide on converting between strings / decimal values to hexadecimal using simple Linux utilities such as xxd and printf. To convert a string to hexadecimal, you can use xxd in Linux. For example: To convert a string “kali” to hexadecimal, you can use the below format. extr3me@op3n:~$ echo -n kali | xxd 00000000: 6b61 6c69 kali To group and display the output a single character…

View On WordPress

How to fix "Error opening terminal: xterm-termite" when trying to SSH to a remote host

How to fix “Error opening terminal: xterm-termite” when trying to SSH to a remote host

I am using “termite” on my ArchLinux machine but when I try to SSH to a remote linux machine(Ubuntu) to run some commands, it throws me an error “Error opening terminal: xterm-termite“. This a post on how to fix it. Quick Fix: If you are already SSH’ed into the remote machine and you see this issue, you couldupdate the TERM variable on the remote system: (Run on remote system) export…

View On WordPress

GDB basics with C

GDB basics with C

This is a beginner level tutorial on learning basics of reverse engineering using GDB and C programming language. No prior C programming experience is needed. This is blog post highly adapted from recurse’s original gdb turtorial. (Credits added at the end of the article for reference)

Requirements:

Any Linux x64 OS. (Linux Mint 20 used in this tutorial)

C compiler – gcc

gdb – for debugging /…

View On WordPress

Filter top using process name in Linux

Filter top using process name in Linux

To display statistics only for a process name that match a string using top, you could use the following:

top -c -p $(pgrep -d',' -f firefox)

Here is a screenshot which only shows stats for firefox:

Hope this helps!

View On WordPress

Decoding IR Signals of a Blue Star Air Conditioner using an Arduino

Decoding IR Signals of a Blue Star Air Conditioner using an Arduino

This is part of my project to understand the IR protocol and try to decode IR signals that being send from my AC’s remote to the AC itself. So that the idea is: If I can figure out the different IR signals that being that transmitted, then I should be able to replay the traffic and control the Aircon from my PC or use my own custom IR hub instead of sending data to some third party – Alexa or…

View On WordPress

Mount TrueNAS Core Samba share on Linux

Mount TrueNAS Core Samba share on Linux

This is a guide that describes on how to mount a Samba share configured TrueNAS to a Linux machine.

  Login in your Linux machine. (I am using a Linux Mint 19.3 in this demo. This should technically works for Debian/Ubuntu based systems as well)

Use the following commands to get your user ID (UID) and group ID (GID) respectively.

id -u $USER id -G $USER

Create a file /etc/.truenas_creds. This…

View On WordPress