Installing Dropbox in Kali

Please go to Dropbox page and download version for Ubuntu (file extension .deb) -- https://www.dropbox.com/install-linux.

This is going to download a file in this format:
dropbox_2015.10.28_amd64.deb

Then run:
wget https://www.dropbox.com/download?dl=packages/ubuntu/dropbox_2015.10.28_amd64.deb

After that:
sudo dpkg -i <package name>

Example package name:
download?dl=packages%2Fubuntu%2Fdropbox_2015.10.28_amd64.deb

Therefore:
sudo dpkg -i download?dl=packages%2Fubuntu%2Fdropbox_2015.10.28_amd64.deb

This will install the package.

For checking the GUI version of Dropbox just installed, please go to Usual Applications > Internet > and see the Dropbox appearing in there.

Further Carving

Not satisfied with Autopsy results, I have executed the application called foremost, and have got more files.

I run then Autopsy again, and found out that probably parameters chosen for the evidence09 were restrictive, as the second time, Autopsy capture the same amount of files with foremost.

The only issue is, foremost recover all the data not showing from which path the unallocated block was, therefore when using Autopsy, you can filter of what was under Internet Explorer for example, and ignored those files (most likely images downloaded temporarly whilst the user was browsing).

I've also had the curiosity of trying another tool, and this time I'm using PhotoRec. This one requires you mouting though the image. Therefore I did the following:

1) Create a mouting directory called /mnt/evi09mnt
2) Run the command to mount image:
mount -o ro,loop,offset=32256 evidence09_sdb.dd /mnt/evi09mnt

3) Download the PhotoRec latest version (this doesn't require installation, and you just have to download and unzip the files in a folder).

4) Run the file called ./photorec_static.

This will go and open the partition you want to test. You need to select a different folder for the results too.

In my test, 22420 files were recovered. I haven't filtered the files I wanted, so I went back and configured the following types of files to be recovered:

accdb (Access Data Base, as part of Office)
bk (MS Backup File)
bmp (BMP bitmap image)
doc (Microsoft Office Document: doc/xl/ppt/vsd/... for 3ds Max, MetaStock, Wilcom ES)
evt (Windows Event Log)
gif (Graphic Interchange Format)
http (HTTP Cache)
jpg (JPG picture)
key (Synology AES key)
mov/mdat Recover mdat atom as a separate file)
mov (mov/mp4/3gp/3g2/jp2)
mp3 (MP3 audio: MPEG ADTS, layer III, v1)
mpg (Moving Picture Experts Group video)
nsf (Lotus Notes)
one (Microsoft OneNote)
pcx (PCX bitmap image)
pdf (Portable Document Format, Adobe Illustrator)
png (Portable/JPEG/Multiple-Image network Graphics)
psb (Adobe Photoshop Image)
psd (Adobe Photoshop Image)
psf (Print Shop)
psp (Paint Shop Pro Image File)
pst (Outlook: pst/wab/dbx)
ra (Real Audio)
*rar (Rar archive)
reg (Windows Registry)
res (Microsoft Visual Studio Resource file)
riff (RIFF audito/video: wav, cdr, avi)
rm (Real Audio)
sqm (Windows Live messenger Log File)
tar (tar archive)
tif (Tag Image file Format and some raw file formats: pef/nef/dcr/sr2/cr2)
*tx? (Text files with header: rtf/xml/xhtml/mbox/imm/pm/ram/reg/sh/slk/stp/jad/url)
*txt (Other text files: txt/html/asp/bat/C/jsp/perl/php,py/emlx... scripts)

wks (Lotus 1-2-3)

xar (xar archive)

xml (Symantec encrypted xml files)

*zip (zip archive including OpenOffice and MSOffice 2007)

Confirming Serial Number of Hard Disk Image

Mount the image, then run the command lshw.

If this is not install, please run:

sudo apt-get install lshw

Further information here.

Mounting Images

For mounting images, first check the image structure, using the following command:

sfdisk -l evidence09_sdb.dd

You will obtain something similar to this:

The partition starts at the sector 63. This multiplied by it size (512) gets that the block we have to use is: 32256.

Therefore, the command to run is:

mount -o ro,loop,offset=32256 evidence09_sdb.dd /mnt/evi09mnt

Note: create the folder evi09mnt before.

Further information here. 

Check hard disk activity

I all of sudden noticed that my hard disk is having a lot of activity, and I closed all my applications.

My VMWare box stopped working too. I'm concerned that someone accessed through my pc.

Therefore I'm going to monitor activity through iostat. Please install it first by doing the following:

sudo apt-get install iotop
sudo iotop --only

I can see that only myself is connected and root doing activities in background. Coincidently, s more responsive, but I can see that there are still activities running on behalf of vmware, where I already kill this window. 

Doing a:

sudo ps -ef | grep vwmare

I can see several tasks running on behalf this application, but they are just ports opened. 

I restarted everything again, and it seems to be working now. I'll keep monitoring.
 

Install and Uninstall in Linux: That is the Question (part 2)

As mentioned earlier in a previous post, installing packages can be complicated.

I just faced a new challenge, when trying to install WPS Office. First of all, when you access to the WPS download page, you can see a generic WPS Office for Linux link in there.

After clicking in Download, you have different options for Alpha21 for this year and last year. The options are .deb version and .rpm:

Just a bit of background on this RPM packages are precompiled and built for Red Hat Based Linux Distribution, and can be installed only using yum, Zypper and RPM based package managers,

Since Kali Linux is based on Debian, you cannot install an RPM package directly using apt or dpkg package managers.

As you can see in th elist above, the version for Debian is amd64. Doing an uname -a or uname -m, I can see my operating system is configured in x86_64 mode. For further information, please check this page here, that is quite handy...

Therefore, here are the steps to download and install WPS for x86_64:

1) download the version for amd64.deb listed above 2) rename it to something shorter, like wps-office.deb 3) sudo dpkg -i wps-office.deb 4) sudo apt-get -f install

This worked for me well.

Keyring Issue

I've just published another post where I mentioned that when trying to access to Google Chrome, I was being asked to put my keyring password.

I don't remember changing, and I was trying to use, what is my password to access to my box itself. Unfortunately this didn't work.

So if the password you remember doesn't work, you don't have too much alternative apart from deleting the password and keys there, and re-create this again.

For doing that, run:

sudo su
cd /home/aviola/.local
cp -r keyrings keyrings.backup
cd keyrings
rm login.keyring


You can perceive I did a backup. This is just in case one day you remember the password you use, or if you have any issues with other applications.

Then I access to Google Chrome again, and I setup with my password that I use to access to the box (which is quite complex). Once setting that up, I was able to login to Google Chrome afterwards without any issues.

Now, I'll start my other applications that I have to use for my disseration. I'm hoping everything else will work find, but if not, I'll definitely be writing back here!

Install and Uninstall in Linux: That is the Question (part 1)

I am still struggling, after all this time using Linux, to understand upgrades and ways to install and uninstall applications in my Kali Linux.

The issue probably is because I am using 3 operating systems at the same time: 1) Windows for Work; 2) Mac as base machine to connect to VDI at work or to use daily for research/entertainment; 3) Linux for University.

And let's face it: I haven't sat that much on my Linux box to do too much in these last few months on this computer, at all... This now changes, and this will be my friend for a month.

In Windows, to install you have to download the executable file or either go to Add/Remove Programs. For uninstalling, you can either choose the Uninstall executable to do all the job for you, or again go back to Add/Remove Programs for a complete cleanup. And for any upgrades, you can select the automatic upgrade that recommends you a new version when this is available.

To be honest, I even don't remember anymore if all these steps are correct, as my virtual machine at work don't allow me to install/uninstall applications freely, as the same for updating them accordingly. I'm relying on the IT guy/tools to do that remotely for me, and this is seemless.

In the Mac instead, you can install the app by just copying the file to your Apps 'icon', which basically copy the file you'll execute to an Applications folder, so you don't have all the files distributed everywhere. For uninstalling it, you just delete the file you execute, and voilà: the app is gone. Any upgrades are made through iTunes.

But in Linux... arghhh! For installing and uninstalling, it might be simpler as you just need to have in your had that the 'installer' is called apt-get, and then you just need to use functions to install and uninstall, if you obviously are 'installing' or 'uninstalling' the application from your box.

Example:
  
To install app:

apt-get install <app_name>

To uninstall app
apt-get uninstall <app_name>

However, if you want to upgrade your system, things get more complicated. Especially because not always is a very straight forward process, especially if the application you need to use requires different libraries, or you have public key issues to connect to the catalogs to download these libraries for example.

For checking the library, you need to do an apt-get update. This allows you to refresh your library against the global catalog for anything new. When I run this command to write this blog, I managed in fact to get the following error:

This is because under /etc/apt/sources.lists.d folder, I had the following files there:
- google-chrome.list
- playonlinux.list

These are extra libraries that were attached to my original library, and that every time I run apt-get update, these two are attempted to be updated as well, but it seems that the public keys used before are now unexistent for, for some reason.

I could try to sort the issue out, but first I don't want to lose too much time, and secondly, one is for Google Chrome, which if I break it, it's easy to fix. The other one I don't even remember when I did install that in the first place. So I simply decided to deleted these files from there, and after running the command apt-get update again, I didn't get the errors any longer.

However though, when I tried to check if Chrome was still working, I started to get a message asking for my keyring password to be able to use this application properly. I put the password I'm using for accessing to my box, which was the one I remembering setting up (bear in mind that it has been a while that I didn't connect to this box, as mentioned above), and this didn't work.

Therefore, I created another blog for explaining how to fix this issue here.

Once updating the library, then the other step is actually run the apt-get install, to install any new update found. This time I had nothing to upgrade, but once I have and if any issues come up, I'll update this post again.

You can also use the Package Manager for Linux called Synaptic. For installing that, you can run the following:
sudo apt-get install synaptic
sudo synaptic 

You can check for any updates by clicking in Reload, and then for downloading and installing, you can use the icon that says Mark All Upgrades.