vitaly-kamluk / bitscout Goto Github PK

I don't know what I'm really doing wrong.

The first day all work with port 2000 when the host where started with adress 10.1.0.2.

But I'm using duplicate-cn setting in my openvpn and the host get 10.1.0.3.

Now I didn't get access to port 2000 again from my WS on the same net.

I can SSH to the host and when I start the NBD-Server using systemctl restart nbd-server.service it starts and I can telnet port 2000 from inside the container using telnet 10.1.0.3 2000 it works.

But from my WS 10.1.0.5 I can't telnet port 2000 it got stucked.

What du you thing I'm doing wrong?

I could mount a block device just after we talked the other day.

:( I'm feel so bad and I can't solve it.

Dennis

Hi I can't reach port 2000 from my WS into bitscout.

I using this command sudo nbd-client -N dvd 10.1.0.2 2000 /dev/nbd0

And telnet 10.1.0.2 don't answer either.

I can ssh into the container without any problem.

Have you changed the port 2000 to 2009 ?

Dennis

Hi again.

I this you are tired of me but I ask a couple of more Questions.

1. What components does an expert accept to know about for using Bitscout? LXC ? LCD?
2. IS it 10.0.3.1 or 10.0.3.2 I connect to Using SSH from expert machine to host?
3. What ssh commande to use the for connect using the scout certificate from the expert machine.
4. Can I using SSHFS to mount from a for example Evidence0 disk from container to the expert machine.
5. What client configurations does I need on the expert mashine? SSH config from Bitscout cartoon machine, openvpn configuration, the scout cert, LXM configaratrion. My vpn is working perfekt and the network is running well.

Du you have any good link there I can find what I need to know, maybe I'm not an expert yet, but I think I can be soon if I find the right sources.

I sorry to bother you (: with so many questions but I really are impressed of Bitscout and I really want to use it for remote forensics.

Dennis Karlsson

Hi.
When I build the image and try to set up server all works good.
But I have a question about the IP when I start up from the ISO image.

My Question is, when I start from the iso file the client get an ip=10.0.3.1 when I go to shell and use ifconfig.

I can also ping 10.0.3.2 but no more.
I mean when I boot up the Bitscout ISO file.

I thought will get 10.1.0.2 as in the IP-Pools.lst.

Or have I misunderstood anything?

Dennis

Here is the server config.

ifconfig 10.1.0.1 255.255.255.0

ifconfig-pool 10.1.0.2 10.1.0.250
ifconfig-pool-persist /etc/openvpn/scout/ip_pool.lst 0

tls-server
tls-auth /etc/openvpn/scout/ta.key 0
ca /etc/openvpn/scout/ca.crt
cert /etc/openvpn/scout/scoutserver.crt
key /etc/openvpn/scout/scoutserver.key
dh /etc/openvpn/scout/dh2048.pem

And here is the IP_pools.lst
scout,10.1.0.2
expert,10.1.0.3

I am attempting to input the OpenVPN settings and am running into an issue. [REDACTED] is a valid IP of my OpenVPN server. Any thoughts on what's going on or how to correct it?

`Please choose option number:

1. compact - minimal size, less tools and drivers.
2. normal - includes most common forensic tools, drivers, etc.
3. maximal - includes maximum of forensic tools and frameworks.
   Your choice (1|2|3): 3
   If you are going to deal with badly unmounted filesystems, software RAID or LVM, it is recommended to apply kernel write-blocker patch for extra care of the evidence. However, please note that it may take 3-4 hours to rebuild the kernel on a single core CPU.
   Would you like to build and use kernel with write-blocker? [Y/n]: n
   scripts/welcome.sh: line 96: ${choice^}: bad substitution
   To use bitscout remotely you will need a VPN server.
   Please enter your designated VPN server protocol (udp/tcp), host and port. You can change it later.
   Examples:
   udp://127.0.0.1:2222
   tcp://myvpnserver:8080
   Your input: udp://[REDACTED]:443
   scripts/welcome.sh: line 109: mapfile: command not found
   Invalid input data format. Please try again..
   To use bitscout remotely you will need a VPN server.
   Please enter your designated VPN server protocol (udp/tcp), host and port. You can change it later.
   Examples:
   udp://127.0.0.1:2222
   tcp://myvpnserver:8080
   Your input:`

Hi again.
I don't want to complain but I always try the news.

When make a build I goes real fast end the result is this.

maybe you don't finish the upload

Dennis and thanks again

Hi,

I don't seem to have network connectivity inside the Container Shell with the latest Bitscout build. I am testing on a laptop at home over a WiFi connection which is successfully activated and I can use the Root Shell to successfully ping, apt update, install packages etc. When I go into the Container Shell, I can't ping anything. I can ping the 10.3.0.1 IP address but I can't ping external hosts, can't reach archive.ubuntu.com (sudo apt update) etc.

When I try Ethernet connection to my home router, everything works from within the Container Shell.. Anyone have any ideas ?

Thanks,
Akira

What is the most compatible mode for all machines when I build a new one?

32 or 64 bit?

Dennis

Hi again its me disturbing you again. :)

If I want to have more scout client on the same open vpn lan say 10.1.0.4 side and say 10.0.4.1 and 10.0.4.2 (container).

Do I need different ip ( other than 10.0.3.1 and 10.0.3.2)in the lxc containers if I built more than one scout iso that are different form the first one.

The ceritikates I have full control over and know how to do.

But what do I need to change in the scripts to build a second and third etc... scout image.

I want to use the on the same open vpn server.

Il tried to change ip range in the scrips but I must missed something bee the lxc container didn't start up on the new iso.

Dennis

Hello Vitaly!

As we discussed during the BotConf 2022 workshop, when running the makebuild.sh script from a Ubuntu machine that has had its keyboard layout customised, the customisation are not pushed to the image that is built. When booting the BitScout image, both the "guest container" and the "local owner" shells will use the default Ubuntu keyboard layout settings.

I guess one way to handle this issue could be simply to ask a question to the user during the building phase.
The script could check the content of the /etc/default/keyboard file and, if it's not the default file, then it notifies the user that is has detected that the build script is being run on a machine with non-default keyboard and may suggest a choice between "using the custom keyboard settings that were found" and "using default keyboard layout".

Then, if the user decides to use the custom keyboard layout, actually doing this is as simple as changing the values found in the /etc/default/keyboard files on the BitScout systems. I'm not sure however where in the scripts this should be implemented. Could the chroot_configure.sh script work? Would that affect both systems or only the "guest container system"?

Cheers!

Hi,
While working on the "scout-manage" script, I ended with dialog menus that are displayed in reserver order!? I did not change anything related to this part of the code. Any idea of what might happen?
Ex: instead of having:
INTRODUCTION
NETWORK
DISK
...

The Live CD, once booted, displays:
SHUTDOWN
SHELL
CONTAINER
...
DISK
NETWORK
INTRODUCTION

The following issue has been discovered: when an unclean (dirty) Ext4 file system is present on a fixed drive, it is recovered by Bitscout during the boot; see the attached screenshot and a sample file system image.

ext4-dirty.raw.gz

The issue can be also reproduced when running Bitscout on real hardware, and when a sample file system is inside a partition.

Hi,

Thanks for this project.
Manage to create the ISO using a Ubuntu Live.

Subsequently create a bootable USB but was unable to boot from it.

Sorry
after installed the program i see this error
automake.sh: 21: automake.sh: scripts/initrd_configure.sh: not found
can you help me ?

I'm attempting to create any installation size for trying out Bitscout using Ubuntu 18.04.4 LTS. Looks like OpenVPN configuration creation fails due to some hassle with Easy-RSA.

Steps:

1. Cloned https://github.com/vitaly-kamluk/bitscout.git
2. Run ./automake.sh

Tried with all installation sizes. The automake creates an iso with compact and normal, but the output ends with error (below) and autotest also reports OpenVPN not starting up, probably due to configuration referencing missing files as easyrsa setup fails.

Generating export files packages..
Copying files for the server..
'./config/openvpn/scout.conf.server' -> 'exports/server/etc/openvpn/server.conf'
'./config/openvpn/ip_pool.lst' -> 'exports/server/etc/openvpn/scout/ip_pool.lst'
cp: cannot stat './config/openvpn/easy-rsa/pki/ta.key': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/dh.pem': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/private/server.key': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/issued/server.crt': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/ca.crt': No such file or directory
'./config/ngircd/ngircd.conf' -> 'exports/server/etc/ngircd/ngircd.conf'
Copying files for the expert host..
'./config/openvpn/scout.conf.expert' -> 'exports/expert/etc/openvpn/expert.conf'
cp: cannot stat './config/openvpn/easy-rsa/pki/ta.key': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/private/expert.key': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/issued/expert.crt': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/ca.crt': No such file or directory
'./config/ssh/scout' -> 'exports/expert/etc/ssh/scout'
'./config/ssh/scout.pub' -> 'exports/expert/etc/ssh/scout.pub'

Notes:

1. At least easyrsa vars.example is missing, but looks like the contents would be overridden anyway on the next line: https://github.com/vitaly-kamluk/bitscout/blob/20.04/scripts/chroot_configure_openvpn.sh#L48
   • Looks like an oversight of some sort
2. Looks like this is likely related to upgrading to easy-rsa 3 89d68c9#diff-1042b0d92a6166e88bf294046e3c720dL61
   • I'm guessing the installation ends up with easy-rsa 2 but configuration is already for 3. Unsure yet how to fix

Hi thanks for a fantastic product.
I have a question about using wifi.
I have problem to connect using SSL.
When I use cable on the same net it works good when booting from an ISO.
I connect to 10.1.0.2 with cable inserted, thats work real good. the net is 192.168.8.X.
But when I connect to the same net without cable I can't connect to the same machine.
I go in to the wifi connect thing and connect.
I can ping 10.1.0.2 but ssl won't connect to the container.
do you thing something with ssl server needs to be restarted?
Strange.

Another question if its ok.
How to you know what machine to connect to open vpn. I mean Expert and Scout. I want to usr more clients on the same oentvpn Server. Is it the certificates? can you explain how to use it?

Dennis

Hi, I am excited to try out this tool, after having seen it on a SANS webinar.. However, I am having a few issues on getting the ISO built correctly, was hoping I could solicit some help :)

1. OpenVPN configuration
   Admittedly, I had also grabbed the 20.04 release, instead of 18.04, which is what my Ubuntu VM is on.
   Probably something basic, I must be missing something

Generating export files packages..
Copying files for the server..
'./config/openvpn/scout.conf.server' -> 'exports/server/etc/openvpn/server.conf'
'./config/openvpn/ip_pool.lst' -> 'exports/server/etc/openvpn/scout/ip_pool.lst'
'./config/openvpn/easy-rsa/pki/ta.key' -> 'exports/server/etc/openvpn/scout/ta.key'
cp: cannot stat './config/openvpn/easy-rsa/pki/dh.pem': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/private/server.key': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/issued/server.crt': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/ca.crt': No such file or directory
'./config/ngircd/ngircd.conf' -> 'exports/server/etc/ngircd/ngircd.conf'
Copying files for the expert host..
'./config/openvpn/scout.conf.expert' -> 'exports/expert/etc/openvpn/expert.conf'
'./config/openvpn/easy-rsa/pki/ta.key' -> 'exports/expert/etc/openvpn/scout/ta.key'
cp: cannot stat './config/openvpn/easy-rsa/pki/private/expert.key': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/issued/expert.crt': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/ca.crt': No such file or directory
'./config/ssh/scout' -> 'exports/expert/etc/ssh/scout'
'./config/ssh/scout.pub' -> 'exports/expert/etc/ssh/scout.pub'

2. when I run the autotest.sh script, I get this error message:
   autotest: Timeout expired while waiting for login prompt. System boot: ERROR
   this wouldn't have anything to do with the previous issue would it?

here are the (2) automake/autotest log files:
autotest.log
automake.log

Hi,
First of all, great tool!
I'm trying to make it connect to another existing VPN solution that uses other interface types (tunX) and other IP address ranges. The VPN connection is established when I boot bitscout but I can't get any connection to it. I see incoming packets at tun0 interface but they seem to be dropped... Any tip?

Hello!

Please, add support of RPM-based distros (Fedora, CentOS, openSUSE, etc) to make users of RPM-based distros also have possibility to build Bitscount successfully:

k_mikhail@linux-mk500:~/bitscout> ./automake.sh 
Welcome to bitscout 2.0 builder!
It seems that you are at fresh build environment.
We need to populate the config with some essential data.
Please answer the following questions or put your existing build config to config/bitscout-build.conf.
Proceed with interactive settings? [Y/n]: Y
bitscout may be built to be compact or normal.
Please choose option number:
 1. compact - minimal size, less tools and drivers. <260Mb
 2. normal - includes most common forensic tools,drivers,etc. <350Mb
 3. maximal - includes maximum of forensic tools and frameworks. <750Mb
 Your choice (1|2|3): 2
To use bitscout remotely you will need a VPN server.
Please enter your designated VPN server hostname/IP: 127.0.0.1
Please enter your designated VPN server protocol (udp/tcp): tcp
Please enter your designated VPN server port: 1194
Saving configuration..
Checking requirements..
which: no dpkg-query in (/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games)
dpkg is required to continue. Please install manually.

k_mikhail@linux-mk500:~/bitscout> cat /etc/os-release 
NAME="openSUSE Leap"
VERSION="42.2"
ID=opensuse
ID_LIKE="suse"
VERSION_ID="42.2"
PRETTY_NAME="openSUSE Leap 42.2"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:leap:42.2"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"

Thanks!

The project's domain bitscout-forensics.info is parked, the website does not work.

Registry Expiry Date: 2023-01-05T03:31:03Z

Hi :)
Do you think its possible to get UEFI work?
Or do you have any good idea how I can try to figure it out for my self.
I love your produkt and use it almost every day.
For forensic work but also for remote recovery of data there the machine didn't start.

Du you know if it any change to mount a NBD device in windows.

I find just a NBD server for windows but not a NBD client.

Thanks again.

Dennis Karlsson

Hi again.
I feel like I Pain in the ass.
But I must ask you the latest iso images I burn to USB fail in boot.

I did so many but now I'm stucked again.

I use 3 different ways to burn these usb but all fail right now.

Why is that do you think

I've been trying to boot a raw persistent image of Bitscout from USB but it isn't working.

Attached a screenshot from Gparted.. the dd process seemed to complete successfully but I'm not having any luck.. if anyone has made a persistent image of Bitscout on USB, I'd be interested in knowing what was involved to get it to work. Thanks!

Hi all,

I've managed to spin up a Bitscout instance and connect to my OpenVPN server but when I try to SSH with the scout key to the Bitscout instance, I'm getting asked for a password. Using "ssh -i /path/to/scout [email protected] (I also noticed that the current build of Bitscout moved from the Tap0 (10.1.0.2) interface to Scout interface 10.5.0.2)

I have "Enable SSH with Password" disabled and also when I enable access via LAN, the SSH with expert scout key works and I get in without having to enter password.

Anyone have any ideas what I'm doing wrong here?

Thanks!
akira

I installed today the NBD server and client into the cointanier 10.0.3.2
Im able to list the block devicea from the expert machine With the command nbd-client -l 10.1.0.2 2000.
And i tried to export evidence0 but i didnt understand how to map it from expert machine.
Do you have any idea how the server conf should be and the syntax from the expert machine to map evidence0 as a local media? Dennis

Hello,
How to perform a remote disk acquisition from the container to the expert ?
It is possible to do that by using a "dd" command via ssh ?
Thanks.

Hi, While running the ./automake.sh , I encountered an error stating "Failed to locate kbd package to patch"
I tried running it on vmware and from usb live.Can someone help me on this?

Hi the new builds don't finds any wifi when I boot up and seach for wifi.

no wireless found is the answer and I tried it on several desktops and laptops.

Why is what do you think?

Dennis

I've been trying the export logs feature in my Bitscout instance but I'm not having any success exporting to a USB.

From the below images, I've inserted a USB drive "sdd" and try to mount "sdd2"

It looks to have mounted:

Select the Export logs:

Then try to unmount the drive to have a look at the contents but get this error:

Try to confirm the files on the drive but see nothing:

Am I doing something wrong?

I was looking for a small bootable Linux distro for remote support/assistance, and the closest I found is bitscout.

VPN requires your own server, which is a burden for occasional non-professional use-case. I propose using Tor with static (or auto generated) Hidden Service pointing to SSH port. This way you don't need to maintain your own VPN infrastructure yet still can connect over NAT.
In case of automatic Hidden Service generation, the image may also send email with Hidden Service address using embedded SMTP credentials to the expert.

Trying to install packages within Bitscout gave me this and I'm wondering if there's a way to get around it?

Hi dear

How to install this program ? pleas get me movie file how to install or put in text file

thank you..

Hi,
After executing ./automake,sh command I receive the following message :

Problem executing scripts APT::Update::Post-Invoke-Success 'if /usr/bin/test -w /var/cache/app-info -a -e /usr/bin/appstreamcli; then appstreamcli refresh > /dev/null; fi'

I´m using Ubuntu 16.0.4 LTS desktop installed on a VMware Workstation 12 pro.

Regards,
Adolfo Cáceres

Everything works fine with the vpn server now.
But I have some questions if its ok.

1. If I want to create a image from the host (scout) to the experts machine to a mount point of the experts machine what do I need to do?
   I have my expert machine here with me and a big NAS mounted on it.

I want to image the scouts machine (the one I sent the usb iso to) home to my expert machine.

So the scenario for me is.

1. Scout machine on 10.1.0.2 fare away from me
2. Expert machine with me on 10.1.0.3 there I want to store the iso from scout machine
3. The vpn Server up and running.

Dennis Karlsson