Saturday, 23 March 2019

IETF104 - Day [ 0 - 2 ] TLS1.3


Day - 0:

This is my second hackathon with cyberstorm.mu and we were already at the location where the team had gather, have intense code session and food feast. It is a tradition for us now to welcome new people in the group to participate.

Once we reached the villa at Pointe aux Piments, we started unpacked and as every geek guy we need to have out internet connection setup first. Unlike last time we had to take internet packages every 2hrs, we now have a good stable connection.


I got my workstation ready and getting ready to start the challenges.


Half of the day is already gone, we are now waiting for the food to come to have lunch and pizza is everyone`s favorite.

Then after lunch, we discussed what task we have and in which project we need to work.

I was assigned to add Pha (Post handshake authentication in wget) and I was working together with Rahul, he was adding the Pha in nagios-plugins.

Reference to wget and nagios
More info on Pha.

Time went by very fast and it was already night while researching, debugging and compiling of wget.

Day - 1:

We woke up early, had a short breakfast and got to work again trying to compile a tool to do our testing (wireshark).

To ensure that our patch is really working we tested before and after modifying the code.

It was already lunchtime and we had nice fried noodles to eat. The day went by trying to compile the Wireshark.

After hours and hours of working, we finally got the test results we were looking for. so we both send our PR and wait for the code maintainers to reply.

Day - 2:

When we woke up we had a good breakfast again. When I checked my mail I got a reply by the maintainer and I was asked to refine the patch a bit more.

We were assigned to another project, Eclipse - Paho for TLS1.3 and Hitch for 0RTT.  Another day, another compilation to do.

See you in the next blog.

Tuesday, 4 December 2018

Linux tutorial | How to reset root password in centos


In this tutorial, I am going to show you how you can easily change the root password and add new users in centos 7.

Part 1:  Change root password


1.1 Once you are in the grub menu, you will have to enter into the edit option by pressing 'e'.


1.2 You will have to find the 'ro' near the line 'Linux 16' and change it to 'rw init=/sysroot/bin/sh'





1.3 Press 'control + x' to enter into single user mode.




1.4 Now you can access the system using this command :
chroot /sysroot

1.5 Reset the root password:
$  passwd root

Choose any password.

1.6 Exit chroot
$  exit

1.7 Reboot your system
$  reboot

Now you are good to go with the new password.


Part 2:  Add a new user in the single user mode without root access.


You need the follow the above steps until step 5.

2.1 Create a new user account using 'useradd', replace <username> with the name you want.
$  useradd <username>

2.2 Use the 'passwd' to set a password for the new user
$  passwd <username>

2.3  Now you can add the new user to the wheel group to get root privileges using 'usermod'
$  usermod -aG wheel <username>

2.4 Then reboot the system
$  reboot

Conclusion

That`s all. You have successfully reset root password and create a new sudo user on a CentOS system.

Feel free to leave a comment if you have any questions.

Sunday, 11 November 2018

Post IETF103 Hackathon project work.


I finally completed my second open-source project on a sunday afternoon healing from the long hike I had the day before with my team at Linkbynet. A hike of 7km across the south coast of Mauritius.


One week has already passed by and I was still working on the putty project for the IETF103 which was deprecating RC4 from the source code.

At first we had difficulty to compile the source code but later on we found another tarball for the source code with which we successfully compiled the code.

I setup a vm with centos 7 on it with on old version of openssh-server (6.2) which had support for the rc4 encryption. Then i used the compiled version of putty and try to connect to the server, analyzing the communication with wireshark in the background. With some trials I found the rc4 encryption in the encryption exchange list.

After that success, I spent another night removing all traces of rc4 in the source code. It was with a lot of investigations and debugging that I removed rc4 from the source code.

Now the next step was to re-compile the code and see if the application still works and if rc4 has disappeared. But as always compiling code is not an easy job. I ran through some bugs which led to several failed attempts. However with some observation and debugging I solved the issue and it finally compiled without any errors.

To finally say "eureka" some testing has to be done to see if rc4 does not appear while trying to connect to the server.





As we can see from the pictures, the result was satisfying. No more rc4 in the source code of putty and it is now safer to use. Here is the link to my github.

See you on my next project.

Sunday, 4 November 2018

IETF 103 hackathon remotely by cyberstorm.mu – Day 1,2,3


Day 1:

We received a lot of goodies from wolfssl for the work Loky has done previously.

We continued our work on the Jsch deprecation of RC4, we have to compile the JSch.jar with example file to test if the SSH works while connecting to a remote server.

The best way to start working is to make a brainstorming to see where we are and what we have to do.


Together, several test were performed connecting to two type of server, one supporting RC4 and the other not.

We found proof of the existence of RC4 in the old ssh server while using Wireshark and analyzing the traffic.

Once we know everything is working fine and understand the library and the protocols.

Now our task is to remove RC4 support from the library. With a lot of debugging we found all the traces of RC4 and removed.

Day2:

The next step is to re-compile the code with all the modification we made. As all developers knows while recompilation always leads to errors. But with some help of other team members we finally re-compiled the java library with ANT Apache.

The next step is to perform all the test we had done previously before we patched it.

The results was satisfactory as our newly Jsch library still working fine and while observing the traffic in wireshark we can no more see RC4 response from the host server.


The last step is to create a pull request and commit our changes to the main repository.

To sums up, it was an intensive and fruitful hackathon.

Great thanks to Logan and Nitin for having me in the team.


 

See you in my next blog.

Saturday, 3 November 2018

IETF103

Hackathon with cyberstorm.mu

IETF - Internet Engineering Task Force
 The Internet Engineering Task Force is an open standards organization, which develops and promotes voluntary Internet standards, in particular, the standards that comprise the Internet protocol suite. It has no formal membership or membership requirements.

Day 0 :

The Day started early in the morning preparing myself to go to the meetup point at Q.Bornes with my friend Rahul. After that, we headed toward the north to wait for another pickup at Grand Baie La Croisette by Nitin. Unfortunately, we spent 5hr at the mall, playing PlayStation and eating pizza. Finally, we reached the flat at 4 pm.

Being a first-timer for this event, I was not fully prepared and still did not know if I will be able to work on a level they are expecting.  So I braced myself and took the challenge I was given. I had to work the project ( depreciating RC4/ARCFOUR encryption algorithm in JSch library which is a pure Java SSH2 implementation (more detail on Jscraft).

Why we have to removing the ARCFOUR cipher in the Java SSH2 implementation:
  The usage of RC4 suites ( also designated as arcfour ) for SSH are specifies the allocation of the "arcfour" cipher for SSH. RC4 encryption is steadily weakening in cryptographic strength and the deprecation process should be begun for their use in Secure Shell (SSH).

Loky and I  start working together, we have to perform several tests to see the encryption algorithms available with the Jsch Java library. A lot of time spent debugging until late at night.

We had awesome food to fill our bellies. The night passed by.

Some had a blast in the pool:


Project and members:

TLS 1.3 protocol
Loganaden Velvindron
Rahul Golam
Codarren Velvindron
Nathan Sunil Mangar
Jeremie Daniel

HTTP 451 protocol
Kheshav Sewnundun
Kifah Meeran
Veegish Ramdanee

SSH protocol
Nitin J Mutkawoa
Diresh Soomirtee
Jagveer Loky


IETF104 - Day [ 0 - 2 ] TLS1.3

Day - 0: This is my second hackathon with cyberstorm.mu  and we were already at the location where the team had gather, have intens...