Monday, March 24, 2008

Here are a few VOIP Info tutorials I have picked up in the last few days
they are hosted on mediafire.com There are 3 .PDF files in one folder


I am currently finishing up a thread that I will post with lots of info about VOIP on the Back|Track Forums.

Saturday, March 22, 2008

Sipvicious

There is mention of my tutorial over on the Sipvicious website.
Nothing special just mentions the tutorial and the fix for the tool in Back|Track 3 beta on the
Back|Track Wiki

Special thanks to Sandro Gauci for making this tool and sharing it with the community.

Thursday, March 20, 2008

Small SipVicious Guide

Small SipVicious Guide

This is a small guide on getting the SipVicious tool pack

SIPVicious suite is a set of tools that can be used to audit SIP based systems. It currently consists of four tools:

* svmap - this is a sip scanner. Lists SIP devices found on an IP range
* svwar - identifies active extensions on a PBX
* svcrack - an online password cracker for SIP PBX
* svreport - manages sessions and exports reports to various formats


The home page is located here: Blog

The code is here: Code

SipVicious requires python 2.4 or greater. For BT2 and 3 beta you have this so no need to worry.

There is a video tutorial that will help you out on setting it up and a small walk through using the tools located here:
Video
This video uses the tools found on the Getting Started page below.

There is also a page with info on setting up a VMware player and Trixbox image to use SipVicious against located here:
GettingStarted

The whole thing is pretty straightforward and easy to use.

Have fun with your SIP auditing!

Special thanks to Sandro Gauci for making the tools and video!

Saturday, March 15, 2008

How to for List-Urls

How to for List-Urls

Disclaimer this is for education purposes only and not to commit a crime, you are on your own!!
All address have been changed!!


This is a quick guide to using the python script for List-Urls
This is a tool that I believe was written by Muts however I am not 100% sure of this.
To access this tool use the K menu Backtrack|Vulnerabilty Identification|Web Analysis|List-Urls

This opens a shell that looks like the following

Code:
+++++++++++++++++++++++++++++++++++++++++++++++++++++
Extract links form webpage - v.0.1
+++++++++++++++++++++++++++++++++++++++++++++++++++++

Usage : ./list-urls.py
Eg: ./list-urls.py http://www.whoppix.net

+++++++++++++++++++++++++++++++++++++++++++++++++++++
bt list-urls #
Now in order for us to use this we need a target website I will be using http://www.victimluser.com
Now lets execute this script against our target
at the prompt type ./list-urls.py http://www.victimluser.com
It should look like the following.
Code:
bt list-urls # ./list-urls.py http://www.victimluser.com
##########################################################
# #
# Extract URLS from a web page #
# email removed for spam control #
# #
##########################################################

index.html
news.html
lusers.html
victims.html
disclaimer.html
http://www.victimluser.com
bt list-urls #
Ok now we have seen what success looks like.
The next one shows what our target actually looks like since this is not a real target but a fake one.
Code:
bt list-urls # ./list-urls.py http://www.victimluser.com

##########################################################
# #
# Extract URLS from a web page #
# email removed for spam control #
# #
##########################################################

Could not reach http://www.victimluser.com !
Did you remember to put an http:// before the domain name?
bt list-urls #

DNSMap Tutorial

DNSMap Tutorial

This tutorial will show you how to use DNSMap


Disclaimer
: This is for educational purposes only not for committing a crime you are on your own!
All IP's have been changed.

Background: Dnsmap is a small C based tool that perform brute-forcing of domains. The tool can use an internal wordlist, or work with an external dictionary file.
Info: http://ikwt.dyndns.org/ This site seems to be down.
(Source http://backtrack.offensive-security....p/Tools#dnsmap )

Ok now to acccess the tool go to K Menu | Backtrack | Information Gathering | DNS| DNSMap


Ok it will open a shell and show you
Code:
dnsmap - DNS Network Mapper by pagvac
(http://ikwt.com, http://foro.elhacker.net)
Usage: dnsmap [dictionary-file]
Examples:
dnsmap yourtarget.com
dnsmap yourtarget.com yourwordlist.txt

bt dnsmap #
Once you have it open you can check the readme by doing a nano README This will provide lots more info.
Be sure to read it there are some limitations when using this tool.

Next we need to give dnsmap a target to search again we will use http://www.victimluser.com
so
Code:
bt dnsmap # victimluser.com
This will return us with:
Code:
dnsmap - DNS Network Mapper by pagvac
(http://ikwt.com, http://foro.elhacker.net)
Searching subhosts on domain victimluser.com

forum.victimluser.com
IP Address #1:192.168.1.1

mail.victimluser.com
IP Address #1:192.168.1.2

ftp.victimluser.com
IP Address #1:192.168.1.3

pop.victimluser.org
IP Address #1:192.168.1.4
Also you can create a wordlist.txt that you can supply at the command line like this
Code:
 bt dnsmap # dnsmap targetdomain.com wordlist.txt
This will force dnsmap to use a supplied wordlist to bruteforce subdomains if you do not supply a wordlist then dnsmap
will use the built in one by default.

The readme also give links to a few wordlist you can download.