Search Me!

Loading...

Wednesday, February 9, 2011

New home.

I have started another blog at http://archangelamael.shell.tor.hu/ I really like the freedom that using a wordpress blog gives me.
I have plans to migrate the guides from here over to there, time will be a big factor in that.
I also want to update/redo some of them. Also plans to do posts on different topics related to computer security that interest me.
If you have a project or want to learn to better use a shell or just want some privacy while using the internet, then sign up for the services at http://tor.hu So far I have been really impressed with the services they have to offer.
Getting a blog up and going was a bit rough but @sickness416 http://sickness.tor.hu/ helped me troubleshoot things. So thanks to him.




Posted by at 8:06 AM 1 comments Links to this post

Thursday, August 12, 2010

Extracting MetaData from photos using exiftool in BT4

This guide is about using exiftool, this tool is used to strip Meta data from photos. This can be used from both a Forensics standpoint as well as for doing reconnaissance work on a given target. Especially if this target is very generous when it comes to giving away too much information, in it's photos.
As a warning, it's not cool to stalk people so don't be doing it.
I mean really if you have to stalk someone you probably will never have a relationship with them anyway loser!

So the tools is located in the menu structure under Digital Forensics, or through the
/pentest/misc/exiftool/ directory.

This screen shot shows the default output when calling the command.
--------------------CODE-----------------------------------
root@bt:/pentest/misc/exiftool# ./exiftool
--------------------CODE-----------------------------------

From exiftool



You will need to read the README in order to learn more information.

If you want to just test the tool out, you can use the provided .jpg to do so.
The command would be
--------------------CODE-----------------------------------
root@bt:/pentest/misc/exiftool# ./exiftool t/images/ExifTool.jpg
--------------------CODE-----------------------------------

From exiftool

The above photos only shows a portion of the output. To see the rest you will need to run the tools yourself.
There is a lot of information that could be gained from this test, but in reality the tool author has already sanitized anything of value.
The only thing that is really left is camera information. Boring at best. So let's grab a few photos from the web and see what they can give us.

Ok so to help keep the innocent that way, I won't be linking or giving away too much on the actual photos, I downloaded.
But they are easy to find thanks to social media 2.0.
From the next photo we can parse quite a lot of data out of it.

--------------------CODE-----------------------------------
root@bt:/pentest/misc/exiftool# ./exiftool /tmp/1444432405-37422182c96b551a67f534ead5532.4c63f758-scaled.jpg
--------------------CODE-----------------------------------

From exiftool


So photos 3 shows some generic information on from the camera, we can determine roughly the type of phone in this case a Motorola Droid X

From exiftool


But, in photo 4 bingo, we now have the information from the GPS. So we now know exactly where our target is located, at least at the time of the photo being taken. But by looking at the same information from several photos we maybe able to determine patterns in our targets behavior.
So here is the pertinent data given up by our photograph. 28 degrees 26' 26.00" N 81 degrees 28' 26.00" West
There are many websites to include Google maps to help you put this info into something more familiar, like addresses. Depending on the phone or camera being used this information can be turned off. Which is kind of a smart thing to do.

So that's about it. There are several ways to gain this information from photos, and this is one of tools, that is included in BT to do it.
Posted by at 7:28 AM 1 comments Links to this post
Labels: , ,

Thursday, August 5, 2010

Setting up Fluxbox in BT4 R1

So this guide is for those that choose to upgrade from BackTrack 4 final to the R1.
This does not really apply if you are downloading the R1.iso. Please keep in mind that this is this a new release and there may be bugs (please report them)! This post will also assume you have backtrack-dragon installed. You can use this to setup the rest.
---------------------------CODE----------------------------------------------------
root@bt:~# apt-get install backrack-dragon
---------------------------CODE----------------------------------------------------
Once this finishes run dragon, select desktop and finally desktop fluxbox

From Fluxbox setup BT4 R1


Once this finishes then you need to run flux-for-back
---------------------------CODE---------------------------------------------------
root@bt:~# flux-for-back
---------------------------CODE---------------------------------------------------
From Fluxbox setup BT4 R1


You will see several options to choose from. We are concerned with the -s option so
---------------------------CODE---------------------------------------------------
root@bt:~# flux-for-back -s
---------------------------CODE---------------------------------------------------
From Fluxbox setup BT4 R1


This will bring us a bunch of new choices. In order to build the menu choose either 1 or 2 based on if you want the icons.
Depending on your setup this may take a bit of time. Mine took about 6 or 7 minutes.
Once it is finished it will exit the script and return you to the prompt. At this point you can consider yourself done.
So now you should have the pretty new menu setup for BT
Looking like this.
From Fluxbox setup BT4 R1


At this point you can exit the script. If you want to change the background then you can use the new menu right click by the way is how to access it. So right click and select "flux menu" at the bottom. Then "Backgrounds" "Set BackTrack default Background".

From Fluxbox setup BT4 R1


To change the style to a BT one select "flux menu" then "Styles" "Fluxbox BackTrack Styles"
From Fluxbox setup BT4 R1


Then select one of the 3 choices from the following:
"Centurion_BackTrack_blue, Centurion_BackTrack_red, and flux_bactrack_eeepc"

This last image show the red theme.
From Fluxbox setup BT4 R1




So that's pretty much it. Now you have a new light weight window manager.
Remember that there may be bugs in these new tools so please be patient and report them if you do find them.

Have fun.
Posted by at 1:33 PM 8 comments Links to this post
Labels: , , , ,

Saturday, July 24, 2010

Remove duplicate entries in a file W/O sorting.

This is mainly for my own reference, however you may find it useful as well.

Remove duplicate entries in a file without sorting.

$ awk '!x[$0]++' FILE where FILE is the name of the file to run on.

One can also use sort | uniq or sort -u however this will sort the files into an order.
With awk we are simply removing all the duplicates.


Posted by at 3:12 PM 0 comments Links to this post
Labels: , , ,

MySQL Security Assesment Script in BT4

So this is a short write up on using the MySQL security Assessment Script
by Carlos Perez

Of course you will need a mysql database to target.
If you want a pre-made setup then get the metasploitable package.

Grab some shell and navigate to the /pentest/database/mysqlaudit/ directory.
Then just run the command with no options.

-----------------------------CODE---------------------------------------

root@bt:/pentest/database/mysqlaudit#./mysqlaudit.py

MySQL Security Assesment Script Version 1.0

By: Carlos Perez, carlos_perez[at]darkoperator.com
USAGE:
python ./mysqlaudit.py Targer IP User Password Report


Target : The system you whant to do the assement on, port 3306 should be open.
User : User account with DBA privelages on the server to use for the assesment.
Password : password for the user account.
Report : Name of text file to wich to write the report.

-----------------------------CODE--------------------------------------

Simple enough the only thing you will need of course is the log-on credentials.
This time we will run the scan against our metasploitable setup and see what happens.

-----------------------------CODE--------------------------------------

root@bt:/pentest/database/mysqlaudit# ./mysqlaudit.py 192.168.2.103 root root /tmp/msqlauditreport.txt
root@bt:/pentest/database/mysqlaudit#

-----------------------------CODE--------------------------------------

So in order to see what our report shows we can either open it with a text editor or we can cat the output back to the screen.
Since the report is quite long I will only show a little of it here.
-----------------------------CODE--------------------------------------

root@bt:/pentest/database/mysqlaudit# cat /tmp/msqlauditreport2.txt | less

Severity: High

Description:

MySQL authentication is based on usernames and passwords stored in a table

called mysql.user. To create a user, a row is added to this table. MySQL
also supports wildcards and blank values in the USERNAME and HOST fields of
the table. By indicating a blank username and a blank password, you allow
anonymous access to the MySQL database.
Solution:

To remove the anonymous user, run the following commands:
shell> mysql -u root [password]
mysql> DELETE FROM mysql.user WHERE User = '';

Anonymous user was found

User Connection Location
anonymous ---->localhost
anonymous ---->ubuntu804-base

-----------------------------CODE-------------------------------------

As you can tell there is a high level flaw in our setup.
So this tool will allow the Penetration tester to target mysql databases and will determine some basics when it comes to the security of the system.

Have fun.
Posted by at 8:02 AM 1 comments Links to this post
Labels: , ,

Friday, July 23, 2010

Converting Metasploitable for Virtualbox

So this is not a typical Back Track post, but one on converting the Metasploitable VMware image to one that will work with Virtualbox. There are other ways of converting .vmdk files to .vdi ones but none of them seemed to work for me. This was all done on an Ubuntu machine. You could do the same on others though. If you don't have or know about metasploitable check the above link. So grab a copy here and then extract the zip archive.

Go to a shell and then grab qemu, this is another virtualization product but we don't care about it, once we are done you can remove it.

-----------------------------------CODE---------------------------------------
amael@ubuntudork:~$ sudo aptitude install qemu
-----------------------------------CODE---------------------------------------

Once this is done run the following commands.
NOTE: This may take some time to complete.

-----------------------------------CODE---------------------------------------
amael@ubuntudork:/tmp/Metasploitable$ qemu-img convert /tmp/Metasploitable/metasploitable.vmdk metasploitable.bin
-----------------------------------CODE-------------------------------------

This will convert the .vmdk to a binary then we will convert the .bin to a Virtualbox .vdi file.

-----------------------------------CODE-------------------------------------
amael@ubuntudork:/tmp/Metasploitable$ VBoxManage convertdd metasploitable.bin metasploitable.vdi

Sun VirtualBox Command Line Management Interface Version 3.0.14
(C) 2005-2010 Sun Microsystems, Inc.
All rights reserved.
Converting from raw image file="Metasploitable.bin" to file="Metasploitable.vdi"...
Creating dynamic image with size 8589934592 bytes (8192MB)...
-----------------------------------CODE-------------------------------------

Once this is finished you are now ready to use Metasploitable in Virtualbox.

So go ahead and set up a new machine. You can find many guides on doing this on the net.
But basically you just need to point Virtualbox to the newly created Metasploitable.vdi file.
From Virtual Box Metasploitable

You may want to edit some of the settings. For my setup I had to ensure that the Extended Features Enable PAE/NX box was checked. This is located under Settings>System>Processor. The first time I booted without this it did not work.
From Virtual Box Metasploitable

It might also be a good idea to ensure that this machine is configured for "Host Only" networking so that it is not facing the internet.

So there you have it.
From Virtual Box Metasploitable

That's pretty much it. Have fun.
Posted by at 5:25 AM 4 comments Links to this post
Labels: , , , , ,

Wednesday, July 21, 2010

Update bt4-customise.sh script

So after someone noticed on the forums that the bt4-customise.sh script needs to be edited in order to work with the new .iso, I decided to make this post with what needs to be changed.


First grab the script and open it with your favorite editor.
------------------------------CODE-------------------------------------
# nano bt4-customise.sh
------------------------------CODE------------------------------------
Then at the top around line 3 change
------------------------------CODE------------------------------------
btisoname=bt4-pre-final.iso
------------------------------CODE------------------------------------
To the new .iso name.
So for the BT4 final you will need bt4-final.iso
------------------------------CODE------------------------------------
So btisoname-bt4-final.iso
------------------------------CODE------------------------------------

Save, exit and that's it.

Have fun.
Posted by at 2:20 AM 0 comments Links to this post
Labels: , ,
Subscribe to: Posts (Atom)