vitaly-kamluk / bitscout Goto Github PK
View Code? Open in Web Editor NEWRemote forensics meta tool
License: GNU General Public License v2.0
Remote forensics meta tool
License: GNU General Public License v2.0
I don't know what I'm really doing wrong.
The first day all work with port 2000 when the host where started with adress 10.1.0.2.
But I'm using duplicate-cn setting in my openvpn and the host get 10.1.0.3.
Now I didn't get access to port 2000 again from my WS on the same net.
I can SSH to the host and when I start the NBD-Server using systemctl restart nbd-server.service it starts and I can telnet port 2000 from inside the container using telnet 10.1.0.3 2000 it works.
But from my WS 10.1.0.5 I can't telnet port 2000 it got stucked.
What du you thing I'm doing wrong?
I could mount a block device just after we talked the other day.
:( I'm feel so bad and I can't solve it.
Dennis
Hi I can't reach port 2000 from my WS into bitscout.
I using this command sudo nbd-client -N dvd 10.1.0.2 2000 /dev/nbd0
And telnet 10.1.0.2 don't answer either.
I can ssh into the container without any problem.
Have you changed the port 2000 to 2009 ?
Dennis
Hi again.
I this you are tired of me but I ask a couple of more Questions.
Du you have any good link there I can find what I need to know, maybe I'm not an expert yet, but I think I can be soon if I find the right sources.
I sorry to bother you (: with so many questions but I really are impressed of Bitscout and I really want to use it for remote forensics.
Dennis Karlsson
Hi.
When I build the image and try to set up server all works good.
But I have a question about the IP when I start up from the ISO image.
My Question is, when I start from the iso file the client get an ip=10.0.3.1 when I go to shell and use ifconfig.
I can also ping 10.0.3.2 but no more.
I mean when I boot up the Bitscout ISO file.
I thought will get 10.1.0.2 as in the IP-Pools.lst.
Or have I misunderstood anything?
Dennis
Here is the server config.
ifconfig 10.1.0.1 255.255.255.0
ifconfig-pool 10.1.0.2 10.1.0.250
ifconfig-pool-persist /etc/openvpn/scout/ip_pool.lst 0
tls-server
tls-auth /etc/openvpn/scout/ta.key 0
ca /etc/openvpn/scout/ca.crt
cert /etc/openvpn/scout/scoutserver.crt
key /etc/openvpn/scout/scoutserver.key
dh /etc/openvpn/scout/dh2048.pem
And here is the IP_pools.lst
scout,10.1.0.2
expert,10.1.0.3
I am attempting to input the OpenVPN settings and am running into an issue. [REDACTED] is a valid IP of my OpenVPN server. Any thoughts on what's going on or how to correct it?
`Please choose option number:
Hi,
I don't seem to have network connectivity inside the Container Shell with the latest Bitscout build. I am testing on a laptop at home over a WiFi connection which is successfully activated and I can use the Root Shell to successfully ping, apt update, install packages etc. When I go into the Container Shell, I can't ping anything. I can ping the 10.3.0.1 IP address but I can't ping external hosts, can't reach archive.ubuntu.com (sudo apt update) etc.
When I try Ethernet connection to my home router, everything works from within the Container Shell.. Anyone have any ideas ?
Thanks,
Akira
What is the most compatible mode for all machines when I build a new one?
32 or 64 bit?
Dennis
Hi again its me disturbing you again. :)
If I want to have more scout client on the same open vpn lan say 10.1.0.4 side and say 10.0.4.1 and 10.0.4.2 (container).
Do I need different ip ( other than 10.0.3.1 and 10.0.3.2)in the lxc containers if I built more than one scout iso that are different form the first one.
The ceritikates I have full control over and know how to do.
But what do I need to change in the scripts to build a second and third etc... scout image.
I want to use the on the same open vpn server.
Il tried to change ip range in the scrips but I must missed something bee the lxc container didn't start up on the new iso.
Dennis
Hello Vitaly!
As we discussed during the BotConf 2022 workshop, when running the makebuild.sh
script from a Ubuntu machine that has had its keyboard layout customised, the customisation are not pushed to the image that is built. When booting the BitScout image, both the "guest container" and the "local owner" shells will use the default Ubuntu keyboard layout settings.
I guess one way to handle this issue could be simply to ask a question to the user during the building phase.
The script could check the content of the /etc/default/keyboard
file and, if it's not the default file, then it notifies the user that is has detected that the build script is being run on a machine with non-default keyboard and may suggest a choice between "using the custom keyboard settings that were found" and "using default keyboard layout".
Then, if the user decides to use the custom keyboard layout, actually doing this is as simple as changing the values found in the /etc/default/keyboard
files on the BitScout systems. I'm not sure however where in the scripts this should be implemented. Could the chroot_configure.sh
script work? Would that affect both systems or only the "guest container system"?
Cheers!
Hi,
While working on the "scout-manage" script, I ended with dialog menus that are displayed in reserver order!? I did not change anything related to this part of the code. Any idea of what might happen?
Ex: instead of having:
INTRODUCTION
NETWORK
DISK
...
The Live CD, once booted, displays:
SHUTDOWN
SHELL
CONTAINER
...
DISK
NETWORK
INTRODUCTION
The following issue has been discovered: when an unclean (dirty) Ext4 file system is present on a fixed drive, it is recovered by Bitscout during the boot; see the attached screenshot and a sample file system image.
ext4-dirty.raw.gz
The issue can be also reproduced when running Bitscout on real hardware, and when a sample file system is inside a partition.
Sorry
after installed the program i see this error
automake.sh: 21: automake.sh: scripts/initrd_configure.sh: not found
can you help me ?
I'm attempting to create any installation size for trying out Bitscout using Ubuntu 18.04.4 LTS. Looks like OpenVPN configuration creation fails due to some hassle with Easy-RSA.
Steps:
Tried with all installation sizes. The automake creates an iso with compact and normal, but the output ends with error (below) and autotest also reports OpenVPN not starting up, probably due to configuration referencing missing files as easyrsa setup fails.
Generating export files packages..
Copying files for the server..
'./config/openvpn/scout.conf.server' -> 'exports/server/etc/openvpn/server.conf'
'./config/openvpn/ip_pool.lst' -> 'exports/server/etc/openvpn/scout/ip_pool.lst'
cp: cannot stat './config/openvpn/easy-rsa/pki/ta.key': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/dh.pem': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/private/server.key': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/issued/server.crt': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/ca.crt': No such file or directory
'./config/ngircd/ngircd.conf' -> 'exports/server/etc/ngircd/ngircd.conf'
Copying files for the expert host..
'./config/openvpn/scout.conf.expert' -> 'exports/expert/etc/openvpn/expert.conf'
cp: cannot stat './config/openvpn/easy-rsa/pki/ta.key': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/private/expert.key': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/issued/expert.crt': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/ca.crt': No such file or directory
'./config/ssh/scout' -> 'exports/expert/etc/ssh/scout'
'./config/ssh/scout.pub' -> 'exports/expert/etc/ssh/scout.pub'
Notes:
Hi thanks for a fantastic product.
I have a question about using wifi.
I have problem to connect using SSL.
When I use cable on the same net it works good when booting from an ISO.
I connect to 10.1.0.2 with cable inserted, thats work real good. the net is 192.168.8.X.
But when I connect to the same net without cable I can't connect to the same machine.
I go in to the wifi connect thing and connect.
I can ping 10.1.0.2 but ssl won't connect to the container.
do you thing something with ssl server needs to be restarted?
Strange.
Another question if its ok.
How to you know what machine to connect to open vpn. I mean Expert and Scout. I want to usr more clients on the same oentvpn Server. Is it the certificates? can you explain how to use it?
Dennis
Hi, I am excited to try out this tool, after having seen it on a SANS webinar.. However, I am having a few issues on getting the ISO built correctly, was hoping I could solicit some help :)
Generating export files packages..
Copying files for the server..
'./config/openvpn/scout.conf.server' -> 'exports/server/etc/openvpn/server.conf'
'./config/openvpn/ip_pool.lst' -> 'exports/server/etc/openvpn/scout/ip_pool.lst'
'./config/openvpn/easy-rsa/pki/ta.key' -> 'exports/server/etc/openvpn/scout/ta.key'
cp: cannot stat './config/openvpn/easy-rsa/pki/dh.pem': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/private/server.key': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/issued/server.crt': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/ca.crt': No such file or directory
'./config/ngircd/ngircd.conf' -> 'exports/server/etc/ngircd/ngircd.conf'
Copying files for the expert host..
'./config/openvpn/scout.conf.expert' -> 'exports/expert/etc/openvpn/expert.conf'
'./config/openvpn/easy-rsa/pki/ta.key' -> 'exports/expert/etc/openvpn/scout/ta.key'
cp: cannot stat './config/openvpn/easy-rsa/pki/private/expert.key': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/issued/expert.crt': No such file or directory
cp: cannot stat './config/openvpn/easy-rsa/pki/ca.crt': No such file or directory
'./config/ssh/scout' -> 'exports/expert/etc/ssh/scout'
'./config/ssh/scout.pub' -> 'exports/expert/etc/ssh/scout.pub'
autotest: Timeout expired while waiting for login prompt. System boot: ERROR
here are the (2) automake/autotest log files:
autotest.log
automake.log
Hi,
First of all, great tool!
I'm trying to make it connect to another existing VPN solution that uses other interface types (tunX) and other IP address ranges. The VPN connection is established when I boot bitscout but I can't get any connection to it. I see incoming packets at tun0 interface but they seem to be dropped... Any tip?
Hello!
Please, add support of RPM-based distros (Fedora, CentOS, openSUSE, etc) to make users of RPM-based distros also have possibility to build Bitscount
successfully:
k_mikhail@linux-mk500:~/bitscout> ./automake.sh
Welcome to bitscout 2.0 builder!
It seems that you are at fresh build environment.
We need to populate the config with some essential data.
Please answer the following questions or put your existing build config to config/bitscout-build.conf.
Proceed with interactive settings? [Y/n]: Y
bitscout may be built to be compact or normal.
Please choose option number:
1. compact - minimal size, less tools and drivers. <260Mb
2. normal - includes most common forensic tools,drivers,etc. <350Mb
3. maximal - includes maximum of forensic tools and frameworks. <750Mb
Your choice (1|2|3): 2
To use bitscout remotely you will need a VPN server.
Please enter your designated VPN server hostname/IP: 127.0.0.1
Please enter your designated VPN server protocol (udp/tcp): tcp
Please enter your designated VPN server port: 1194
Saving configuration..
Checking requirements..
which: no dpkg-query in (/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games)
dpkg is required to continue. Please install manually.
k_mikhail@linux-mk500:~/bitscout> cat /etc/os-release
NAME="openSUSE Leap"
VERSION="42.2"
ID=opensuse
ID_LIKE="suse"
VERSION_ID="42.2"
PRETTY_NAME="openSUSE Leap 42.2"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:leap:42.2"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"
Thanks!
The project's domain bitscout-forensics.info is parked, the website does not work.
Registry Expiry Date: 2023-01-05T03:31:03Z
Hi :)
Do you think its possible to get UEFI work?
Or do you have any good idea how I can try to figure it out for my self.
I love your produkt and use it almost every day.
For forensic work but also for remote recovery of data there the machine didn't start.
Du you know if it any change to mount a NBD device in windows.
I find just a NBD server for windows but not a NBD client.
Thanks again.
Dennis Karlsson
I've been trying to boot a raw persistent image of Bitscout from USB but it isn't working.
Attached a screenshot from Gparted.. the dd process seemed to complete successfully but I'm not having any luck.. if anyone has made a persistent image of Bitscout on USB, I'd be interested in knowing what was involved to get it to work. Thanks!
Hi all,
I've managed to spin up a Bitscout instance and connect to my OpenVPN server but when I try to SSH with the scout key to the Bitscout instance, I'm getting asked for a password. Using "ssh -i /path/to/scout [email protected] (I also noticed that the current build of Bitscout moved from the Tap0 (10.1.0.2) interface to Scout interface 10.5.0.2)
I have "Enable SSH with Password" disabled and also when I enable access via LAN, the SSH with expert scout key works and I get in without having to enter password.
Anyone have any ideas what I'm doing wrong here?
Thanks!
akira
I installed today the NBD server and client into the cointanier 10.0.3.2
Im able to list the block devicea from the expert machine With the command nbd-client -l 10.1.0.2 2000.
And i tried to export evidence0 but i didnt understand how to map it from expert machine.
Do you have any idea how the server conf should be and the syntax from the expert machine to map evidence0 as a local media? Dennis
Hello,
How to perform a remote disk acquisition from the container to the expert ?
It is possible to do that by using a "dd" command via ssh ?
Thanks.
Hi, While running the ./automake.sh , I encountered an error stating "Failed to locate kbd package to patch"
I tried running it on vmware and from usb live.Can someone help me on this?
Hi the new builds don't finds any wifi when I boot up and seach for wifi.
no wireless found is the answer and I tried it on several desktops and laptops.
Why is what do you think?
Dennis
I've been trying the export logs feature in my Bitscout instance but I'm not having any success exporting to a USB.
From the below images, I've inserted a USB drive "sdd" and try to mount "sdd2"
Select the Export logs:
Then try to unmount the drive to have a look at the contents but get this error:
Try to confirm the files on the drive but see nothing:
Am I doing something wrong?
I was looking for a small bootable Linux distro for remote support/assistance, and the closest I found is bitscout.
VPN requires your own server, which is a burden for occasional non-professional use-case. I propose using Tor with static (or auto generated) Hidden Service pointing to SSH port. This way you don't need to maintain your own VPN infrastructure yet still can connect over NAT.
In case of automatic Hidden Service generation, the image may also send email with Hidden Service address using embedded SMTP credentials to the expert.
Hi dear
How to install this program ? pleas get me movie file how to install or put in text file
thank you..
Hi,
After executing ./automake,sh command I receive the following message :
Problem executing scripts APT::Update::Post-Invoke-Success 'if /usr/bin/test -w /var/cache/app-info -a -e /usr/bin/appstreamcli; then appstreamcli refresh > /dev/null; fi'
I´m using Ubuntu 16.0.4 LTS desktop installed on a VMware Workstation 12 pro.
Regards,
Adolfo Cáceres
Everything works fine with the vpn server now.
But I have some questions if its ok.
I want to image the scouts machine (the one I sent the usb iso to) home to my expert machine.
So the scenario for me is.
Dennis Karlsson
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.