Category: unix-administration

Setting up LUKS Crypts with Filesystem & LUKS UUIDs on Debian

Posted on by Brody Rethy


# Note: This depends on a key file and directory. Optimally, this would be placed
# on a separate, removable device.

# Install
sudo apt update
sudo apt install cryptsetup

# Generate a random key
sudo dd if=/dev/urandom of=/home/user/.KeyPath/Key bs=1 count=4096
sudo chown user:user/home/user/.KeyPath/Key
sudo chmod 600 /home/user/.KeyPath/Key

# NOTE: Unmount if your disks are mounted

# Create LUKS containers
sudo cryptsetup luksFormat /dev/sda1 --key-file /home/user/.KeyPath/Key

# Open the encrypted containers
sudo cryptsetup open /dev/sda1 500GBCrypt --key-file /home/user/.KeyPath/Key

# Create filesystems
sudo mkfs.ext4 /dev/mapper/500GBCrypt

# Get the LUKS UUIDs (for crypttab):
sudo cryptsetup luksUUID /dev/sda1

# Get the filesystem UUIDs (for fstab):
sudo blkid /dev/mapper/500GBCrypt

# Create mount points and mount
sudo mkdir -p /mnt/500GB

# Configure automatic mounting at boot using UUIDs

sudo vim /etc/crypttab

# NOTE: Add these lines (replace with actual LUKS UUIDs):
#
# 500GBCrypt UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /home/user/.KeyPath/Key luks

# Edit /etc/fstab using filesystem UUIDs:

sudo vim /etc/fstab

# NOTE: Add these lines (replace with actual filesystem UUIDs):
#
UUID=bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb /mnt/500GB ext4 defaults 0 2

Step 8: Test the configuration
bash
# Close all encrypted volumes
sudo cryptsetup close 500GBCrypt

# Test crypttab (should open all volumes using UUIDs)
sudo cryptdisks_start 500GBCrypt

# Test fstab
sudo mount -a

# Verify everything is mounted
lsblk

Setup br0 (DHCP) interface with network-manager (nmcli)

Posted on by Brody Rethy


#!/bin/bash
# NOTES:
# - The script assumes your usual ethernet device is eno2. Feel free to change this.
# - The br0 IPv4 addr is assigned using DHCP.
#
# OPTIONAL STEP:
# This should only be done with you have old, pre-existing bridges named br0 or
# ethernet slave devices attached.
sudo nmcli con down br0
sudo nmcli con delete br0
sudo nmcli con delete eno2-bridge-slave
sudo nmcli con delete br0-slave
sudo nmcli con delete bridge-slave-eno2

# Check status
ip link show eno2
nmcli device status

# Create bridge with eno2 as slave in a single command
sudo nmcli con add type bridge con-name br0 ifname br0 \
ipv4.method auto \
bridge.stp no \
connection.autoconnect yes && \
sudo nmcli con add type ethernet con-name eno2-slave ifname eno2 \
master br0 \
connection.autoconnect yes

# Bring up the slave interface
sudo nmcli con up eno2-slave

# Bring up the bridge
sudo nmcli con up br0

# Wait 10 seconds for DHCP
sleep 10

# Check bridge status
ip addr show br0
ip link show br0

# Check if eno2 is properly enslaved
brctl show br0

qBittorrent Setup Guide 2024

Posted on by Brody Rethy
  • Click the Settings icon.
    • Click the Advanced option.
      • Go to the Network interface section, and choose your VPN interface. If you’re using Mullvad, there should be an entry for Mullvad.
        • This will make sure to bind your qBittorrent connection directly to your VPN. There will be no possibility of mistakenly opening qBittorrent without your VPN on, leaking your gateway IP to the world. If you don’t have a VPN and are living in Germany, Western European nations, or North America, you need one… Unless you’re only downloading ISOs or legal, non-copywritten material, that is.
    • Click the BitTorrent option.
      • Go to the Encryption mode: section. Make sure it’s set to Require encryption.
      • Check the checkbox for Enable anonymous mode.
      • Make sure that the value 30 is set for all of the following options:
        • Maximum active checking torrents:
        • Maximum active downloads:
        • Maximum active uploads:
        • Maximum active torrents:
      • Modify the values for the following areas:
        • Download rate threshold: 35 KiB/s
        • Torrent inactivity timer: 15 sec
      • Under Seeding Limits, ensure When ratio reaches is checked, and the value is set to 0.00.
      • Under the then area, make sure the value is set to Pause torrent.
    • Click the Downloads option.
      • Navigate to the Saving Management subsection. Set the following options: Default Torrent Management Mode: Automatic, When Torrent Category changed: Relocate torrent, When Default Save/Incomplete Path changed: Relocate affected torrents, and When Category Save Path changed: Relocate affected torrents.
      • Nativate to the Saving Management subsection. Ensure that the Use Subcategories checkbox is checked.
      • Nativate to the Saving Management subsection. Ensure that the Copy .torrent files to: checkbox is checked. Be sure to set a default value via the file picker option on the right.

Basic Penetration Testing Tips

Posted on by Brody Rethy

Disclaimer

As is with any Cybersecurity related information, it can be used to strengthen your systems, or potentially to harm them. Do not use this information to break any laws applicable in your country. If you misuse this information, I will not be held responsible.

Notes

Note: When I refer to Tor, I am referring to the command-line version/service. When I refer to Tor Browser, I am referring to the actual browser package by The Tor Project. These are two separate entities, but both use the Tor network. I recommend reading up on the specifics yourself.

  • Do not use the default password.
    • Some pen testing VMs have a non-random default password. This should always be changed. If you’re using Kali Linux, simply run passwd as your kali user, then change the password.
  • Disable the root account, opting for a standard user with sudoers/wheel access instead.
  • Encrypt your Virtual Machines.
  • Force commands/programs to run over tor.
    • Research torsocks, and check to see if your commands already support running over tor by default. Some do already, like sqlmap.
    • Note: torsocks doesn’t work on programs that use UDP. Only TCP.
  • Use a VPN.
    • Self explanatory. Use a VPN in conjunction with Tor to induce extra obfuscation hops. In addition, don’t use just any VPN. Use a good one like Mullvad. There are clear reasons for this.
  • Use a residential VPN.
    • Useful if you’re looking to subvert IP bans on things like Protonmail, or others. Most mainstream VPNs are blocked on Protonmail (and other popular websites), but by being in a residential IP range you’re able to get around that. Frankly, these are hard to come by, and I won’t be talking in depth how to get them. One tip would be to look into Virtual Private Servers that have residential IPs…
  • Use the Tor Browser.
    • Besides its uses for accessing secured .onion websites, the Tor Browser is useful for simply obfuscating your traffic to a website. Learn when and when not to incorporate it into your life.
  • Understand your target.
    • Understand your target beyond just a reconnaissance perspective. Think about it like this: Would you expect a target to find high traffic at 2:00 AM, or at 3:00 PM in an afternoon?
    • Think about peak network times, as well as timezones of people potentially accessing a system.
  • Learn to script your VPN.
    • This is used for the purpose of automatically switching every few hours or minutes. You can do this with Mullvad because it has a command line front end.

stable-diffusion-webui And Dealing With Multiple GPUs

Posted on by Brody Rethy

This article deals with AUTOMATIC1111/stable-diffusion-webui on Windows 11. Linux would have slightly different steps – more specifically around webui-user.bat/webui-user.sh – but they’re still both pretty similar and use the same environment variable names, just different scripting languages.

If you have multiple GPUs, you can use the following line to choose between each of them:

set CUDA_VISIBLE_DEVICES=0

Note that 0 is for GPU number 1, and 1 and for GPU number 2. If you have more, then the number would continue…

You can find out which GPU is assigned to which number by opening Task Manager -> Performance, where GPU 0 would have the value 0, and GPU 1 would have the value 1.

How To Do IRC Idling Properly

Posted on by Brody Rethy

Requirements

  1. An Internet connected server.
    • This can be a VPS or a on-prem. server you control that’s accessable from the Internet. You could do something on your LAN as well, but that’s up to you.
  2. Knowledge of IRC.
  3. Knowledge of tmux session attaching/detaching. You can read my quick article about it here: Persistent SSH Sessions Using tmux.

Steps

  1. Open or attach to a tmux session.
  2. Install weechat or irssi (recommended), depending on your preference.
  3. Open irssi.
  4. Connect to the server you want to join. Example: /connect irc.libera.chat.
  5. Join the channel. Example: /join #blastwave.
  6. Detach from the tmux session and go about your day. Then, come back whenever and reattach.

Bonus article

  1. https://zenhack.net/2017/01/08/public-service-announcement-irc-is-not-a-syncronous-medium.html