Wednesday, December 16, 2009

Using NeXpose in Back Track 4

So here is Using NeXpose in Back Track 4. In this video, I will setup a simple scan of a Windows server. After the scan I briefly show the results that are produced.
If you haven't seen the install video, then it is here on the blog so take a look at it too.
I hope you enjoy it.

The Links.
Blip.tv
Vimeo
Youtube


And of course embedded here:

Sunday, December 13, 2009

Installing NeXpose in Back Track 4

Small video on installing NeXpose from Rapid7 into Back Track 4.
I thought about making a text with picture tutorial but after taking the needed screen shots, I thought it would be just as easy to record the screen.

Blip.tv Link
Vimeo Link
Youtube Link

Of course you can also watch it here.


Sunday, November 15, 2009

Up and Running with OpenVAS in Back Track 4 part 2

As promised here is part two of Up and Running with OpenVAS in Back Track 4. This time we will update the NVT (network vulnerability tests) database.
Then we will setup a scan against a generic vanilla install of windows server 2008.
I hope you enjoy and find it useful.
The video can be found on blip.tv here
You can also get it at Vimeo here.
You can also find it at the Remote-Exploits (Back Track) Forums here.

Tuesday, November 3, 2009

Up and running with OpenVAS in BT4

Just as the title says this is a small video on getting OpenVAS setup and running.
A brief walk through on adding a user to the system, creating a certificate for the user, starting the server and client, setting up a task with scope and running the task, within Back | Track 4.
The video is available here on blip.tv
And here on vimeo
Enjoy!
You can also watch it below.

Up and Running with OpenVAS in Back Track 4 from archangel.amael on Vimeo.


In the next video I will walk through updating the OpenVas Server and running a task in the dork-lab network.

Wednesday, July 29, 2009

Since I don't want to violate someone's copyright policy or whatever, here is a link to a nice blog post with a manifesto on becoming a ninja.
It was written by the folks over at the VRT (Vulnerability Research Team).
Or How to work with , and use exploits and vulnerabilities.

VRT: How do I become a Ninja?

There is a link to a page with some insecure programming resources that start at the basic level and advance onwards.
gera's InsecureProgramming page
There is also a nice pdf file on basic exploit development.
My generic observations on this, if you have successfully setup ( install of your choice, networking, some sort of customization) your BT box (at the command line), then you could probably work with these resources. If you frequent the newbie section looking for How-To's and are struggling with the concepts presented there, then you are not ready for this. Keep trudging, diligence and a bit of sweat will pay off.

There are times when someone comes along and will find this info useful, so I wanted to share. If you are one of those people then make a post here, and/or add some more resources.

Thursday, June 18, 2009

Freedom For Iran

Because I am a freedom loving American I wanted to make a small post about the Protests in Iran on their recent election.
I hope that they continue their fight, and they can become a truly free nation.
Dear Protesters I am with you! Don't stop fighting for your freedom and human rights.
If it is not now then when ?
The pictures tell the story better than I can.

Monday, June 1, 2009

Using APT-GET Quick Reference

Using apt-get
This is a small quick reference post on using apt-get in BT
There is a ton of info about it throughout the internet. I merely wanted to post the basics for those that may be to lazy, or unwilling to look elsewhere.
So first and foremost:
There are 3 basic installers in BT4 apt-get the basic command line package
management system. aptitude is a curses based front end for apt-get.
And synaptic which is a gui version. Other than that there really are no major
differences.
Now lets look at some of the commands that are available for us.
First
Code:

# man apt-get

The manual page read it.
Code:

# apt-cache pkgnames

Gives us the names of all the installed packages we have on the system.
The list is not really to organized so add a | pipe and sort to the end and then it will alphabetized.
Code:

# apt-cache search programname

add the name of a program that you want to search for. The command will show software packages with the expression you entered. One problem with apt is that it really needs the exact name of a package for better results.
Code:

# apt-get install packagename

Pretty simple since all the work is now done for you.
There is a caveat to this method of package installation. You can't pass any
configuration options to the program. To remove a package just the opposite
should be done.
Code:

# apt-get remove packagname

This will remove the package but may not remove all configuration files. In order for that do instead
Code:

# apt-get remove --purge packagename

Next updating software.
First:
Code:

# apt-get update

This updates the list of currently installed software, this is the same list that we saw earlier. Next actually updating said list.
Code:

# apt-get upgrade

Now the thing about this command is that it will upgrade to the most recent
version of all packages on the system. This may or may not always be the best way of doing business. Some packages may not work as well as the older ones. Use with care. use a -s before upgrade to simulate, or see which software will be updated. A better way is to use dist-upgrade
Code:

# apt-get dist-upgrade

This will upgrade all packages with conflict resolution and discarding less important packages for more important ones. There are many other commands but the above should help get you started working with apt. Hope it helps.
Credits: This tutorial was created with help from the Debian APT How-To which can be found here: Debian -- Debian Documentation Project
And the man page

Tuesday, May 26, 2009

BackTrack 4 Pre Final

There is a new blog for Back-Track 4 located at Offensive-Security
The pre-final will be available for those who are subscribed to informer.
If you don't know what it is check it out. Basically Johnny Long uses the platform to help needy children in Africa. Even if you don't care about BT the work he does is worth the donation.

Tuesday, May 5, 2009

Update to latest Frefox

There have been some problems getting the default firefox to update on bt4
the reason this seems to not work is that the normal install routine for firefox is to save the firefox script to /opt
When using the firefox updater it looks for the script in /opt and as such it can not find it.
One needs to remember that normal *nix boxes are setup for several users to be able to access and have their own settings for applications saved into a "home" directory. Since BT is designed for one user "root" things are a bit different.
Firefox in bt is saved under /usr/bin/firefox as a symbolic link to /usr/lib/firefox
So if you want to make your firefox install a bit more like a "normal" distro you can follow along.
First download the latest firefox from here


Next grab a shell and back up your bookmarks and settings:
Code:

root@dorkbox:~# cp -R ~/.mozilla ~/.mozilla.backup

Now move to the directory containing your new FF
Code:

root@dorkbox:~#cd opt

Then
Code:

root@dorkbox:/opt/#tar -jxvf firefox-3.0.10tar.bz2

Next
Code:

root@dorkbox:/opt/#rm firefox-3.0.10.tar.bz2

Then
Code:

root@dorkbox:/opt/#nano /usr/bin/firefox

Find the part that has the following:
LIBDIR=/usr/lib/firefox-3.0.5
and change it to
LIBDIR=/usr/lib/firefox-3.0.10
save and exit.
Then move to /usr/bin/ and change firefox-3.0 to firefox-3.0.old Then rm the old firefox script in the same directory.
(FYI NOTE: The script is called "firefox")
Copy the new firefox script from firefox-3.0.10 to /usr/bin
Then nano /usr/bin/firefox find the line that looks like the following;
moz_libdir=/usr/local/lib/firefox-3.0.5 (it might have been a little different.
Change it to
moz_libdir=/usr/lib/firefox-3.0.10
save and exit.

Now you should be able to enjoy your pr0n from within BT as always.
It should start from a shell, and the panel icon as well as the menu icon.

NOTE: There may be an easier way or better way to do this but it works for me.

Monday, April 20, 2009

FBI brand spyware

Just found this article.
It's basically saying that the F.B.I is using spyware against people to capture terrorists and hackers.

Seems as though the old saying is still true.
Our government does things we would think only other governments do.

Sunday, April 19, 2009

Using the watch command in linux

A small tutorial for using watch to monitor things in Linux.
First and foremost get a shell
root@dorkbox:~#watch --help
gives us some basic help on using watch of course there is also the man page
root@dorkbox:~#man watch
OK so for now lets not worry about any usage flags but instead focus on the using the command. We can use the command for many things but let's look at using it with monitoring or memory usage. To find out about memory usage you can use the following command.
root@dorkbox:~# cat /proc/meminfo

This will return something like the following.
MemTotal: 623008 kB
MemFree: 35336 kB
Buffers: 85560 kB
Cached: 137220 kB
SwapCached: 24480 kB

Notice that this is the truncated output.

So now lets command the two commands and combine them to continuously show our memory usage.

root@dorkbox:~# watch cat /proc/meminfo

Which will give us the following:
Every 2.0s: cat /proc/meminfo Sun Apr 19 01:20:01 2009

MemTotal: 623008 kB
MemFree: 46396 kB
Buffers: 82636 kB
Cached: 131044 kB
SwapCached: 24480 kB

Again the output is truncated.


As you see the output will be updated every 2.0 seconds.

We will look at more later on.
Enjoy

SMART disk monitoring How-To

A small tutorial for getting S.M.A.R.T. disk monitoring.
You can monitor the health and temperature of your hard disks
Note this will only work if your disks support the S.M.A.R.T. feature.
Code:

root@dorkbox:~#apt-get install smartmontools
root@dorkbox:~#apt-get install hddtemp

When hddtemp runs it will pop up a window about running the deamon at startup it recommends not to do so, you can choose either way.
If you want to reconfigure this just run dpkg-reconfigure hddtemp to do so.

Code:

root@dorkbox:~#apt-get install sensors-applet

You can add a panel applet with this.

There is a front end of for smartmontools, to install GSmartControl using the package available here:

Then use
Code:

root@dorkbox:~#dpkg -i gsmartcontrol_0.8.4+nmu1_i386.deb

to install it.
There is also an AMD64 package if needed.
once it finishes running dpkg will complain about needing some missing libraries, just
Code:

root@dorkbox:~#run apt-get -f install

and the gsmartcontrol will install them as well.

To run the app
go to: K menu> System> GSMartControl

There may an easier way to do this, it was just the easiest that I found at the moment. Hit back if you need some help or have problems.
Thank you

Monday, April 6, 2009

UFW Howto in BT4

This is a small howto for UFW the uncomplicated firewall for BT4
The majority of this info comes from the man page.
There are other tutorials on the net for using this.
There is also a gui we will talk about it a bit latter.

First and foremost if you have something to add please do so.
ufw is a front end for iptables.
So in order for us to start ufw go to the command line
Code:
root@bt:~# ufw

Usage: ufw COMMAND
Commands:
enable enables the firewall
disable disables the firewall
default ARG set default policy to ALLOW or DENY
logging ARG set logging to ON or OFF
allow|deny RULE allow or deny RULE
delete allow|deny RULE delete the allow/deny RULE
status show firewall status
version display version information
Application profile commands:
app list list application profiles
app info PROFILE show information on PROFILE
app update PROFILE update PROFILE
app default ARG set profile policy to ALLOW, DENY or SKIP

root@bt:~#

So lets look at some of the usage flags.
enable/disable are self explanatory.
Code:
# ufw enable

we get back
Code:
root@bt:~# ufw enable
Firewall started and enabled on system startup
root@bt:~#

Of course we would then have to reboot. When you do it will show up as enabled in the boot sequence. If it checks out you get the [OK].
Now lets look at default and ALLOW DENY
allow will as it states allow all defaults to take place which right now means that our
firewall really does nothing. deny will stop all incoming and forwarded packets but
it will not stop outgoing packets. So at the minimum this is better than nothing.
Here is what it looks like
Code:
root@bt:~# ufw default deny
Default policy changed to ‘deny’
(be sure to update your rules accordingly)
root@bt:~#

The same reminder is given every time. We will look at rules in a bit, first lets look at logging you can either turn it on or off.
Code:
#ufw logging on
logging enabled

The logs are stored at /var/log/messages or/kern.log and /syslog there is not a seperate log for ufw as of yet.
You can gather information from them by using grep
Code:
#grep ufw /var/log/syslog

Now let’s look at the rules. There are again two options allow/deny rule.
So here is where it can get a bit more complicated, complex. This is how we add certain ports and protocols.
Code:
# ufw allow 80
rule updated

So now port 80 http is open. Close it again with
Code:
# ufw deny 80

Now with just the port it will allow or deny traffic from both tcp and udp.

Now we can specify with the protocol like the following 80/tcp
We can also delete a rule and it will revert to whatever the default policy had at the beginning.
More complicated rules can be made as well. For instance we want to blacklist certain IP address we can by supplying the
address to the rule set.
Code:
# ufw allow from 192.168.1.100

You can also specify certain protocols with certain IP’s like so:
Code:
#ufw allow from 192.168.1.1 to any port 22

This will allow 192.168.1.1 to access port 22 on both tcp and udp.
If you want to allow only tcp append it to the end of the port 22/tcp
You can also use a netmask. Next let’s look at services. You can set services that can be found in
Code:
#cat /etc/services

For instance we want to allow telnet then we simply give
Code:
# ufw allow telnet

That simple.
Probably the best usage flag in ufw is the –dry-run which will not make any real changes but only show what would occur with the new rule in place.

We can also delete a rule and it will revert to whatever the default policy had at the beginning. More complicated rules can be made as well. For instance we want to blacklist certain IP address we can by supplying the
address to the rule set.
Code:
# ufw allow from 192.168.1.100

You can also specify certain protocols with certain IP’s like so:
Code:
#ufw allow from 192.168.1.1 to any port 22

This will allow 192.168.1.1 to access port 22 on both tcp and udp.
If you want to allow only tcp append it to the end of the port 22/tcp
You can also use a netmask. Next let’s look at services. You can set services that can be found in
Code:
#cat /etc/services

For instance we want to allow telnet then we simply give
Code:
# ufw allow telnet

That simple.
One caveat though is that the service must be installed on the host.
Probably the best usage flag in ufw is the –dry-run which will not make any real changes but only show what would occur with the new rule in place.
So for example
Code:
#ufw --dry-run deny ssh

If the rule will not work or the syntax is wrong it will spit back an error.
Also when adding rules the first match wins according to the man page.
So make your specific rules first then the general ones.

There are more to the rules as well as support for applications themselves.

Next thing we can look at is adding the gui interface, if needed.
The link is here, this download is a ".deb" package, you can install it using
Code:
#dpkg -i gufw_0.0.7c-all.deb

There are more things that can be done and if anyone needs help with it make a post here about it.

Tuesday, March 31, 2009

Conficker Worm and Nmap

It has been a while since I made any posts here. Really kind of forgot about this thing. But there is a lot of talk about Conficker.
Well the guys at the Honeynet Project have figured a way to detect it.
Nmap has release a beta that has the ability to check for it. You can get it here.

The command looks like the following:
nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks]

Big thanks goes out to Dan Kaminsky @ DoxPara Research Tillmann Werner and Felix Leder of the Honeynet Project.
And of course to Fyodor for making Nmap

I have also posted some info over on the Back Track Forums will continue to update there as need be.