Archive for the ‘Backtrack’ Category

August 26th, 2013  Posted at   Backtrack, Blackbuntu, Kali, Linux, Windows

Few weeks ago, during cleaning up, I found an old access point/router. I wanted to attach it to my network and do some tests, but I did not remember the password for configuring it through its web access page. I knew it had to be some default user/password but I did not succeed in my tries. I thought it was the right time to prepare a small dictionary attack. There are many powerful tools for this task but I used “Burp Suite” because I love it and I try to use it whenever I can. Furthermore is a perfect tool for understanding what happen behind the scenes during these kind of attacks.

I made the following video trying to explain this process. I hope you find it helpful.

If you want you can download the ‘combinator’ script used in the video -> combinator.rb.

Enjoy.

 

March 26th, 2012  Posted at   Backtrack, Linux

By default sshd is not enabled in Backtrack 5 but of course is installed.

Just run this command:

sshd-generate

And now we can start the service, choose one of the following ways:

 service ssh start

/etc/init.d/ssh start

start ssh

Done. Service is listening on port 22. You can access using root/toor.

You can change the configuration by editing /etc/ssh/sshd_config.

 

Enjoy.

January 10th, 2012  Posted at   Backtrack, Linux

This was a feature that many people requested for long time. In previous versions of metasploit, msfupdate didn’t allow us to use proxies. Now that is based on subversion, we can do it. I’ll show you how using Backtrack 5.

Although we configured the proxy using the Network Proxy Preferences window in gnome:

And therefore we have the environment variables set in the shell:

$ env | grep http

http_proxy=http://myuser:mypass@proxy.mydomain.com:8080/
HTTP_PROXY=http://myuser:mypass@proxy.mydomain.com:8080/

Something seems to be missing when we use msfupdate or svn. So the following steps are the key ones.

Edit the file ~/.subversion/servers

Go to global section (normally at the end) and modify it to look like this:

[global]
http-proxy-host = proxy.mydomain.com
http-proxy-port = 8080
http-proxy-username = myuser
http-proxy-password = mypass

If your proxy doesn’t require authentication just comment out the user and password lines.

Save and close. Now go to /pentest/exploits/framework and launch the following command.

svn update

Done.

Enjoy.

December 30th, 2011  Posted at   Backtrack, Linux

Let’s face it, we all use tty1 to login as root/toor and launch startx… so why not boot automatically into our favorite desktop environment? In the following lines I’ll explain how to achieve this in three simple steps.

  • Step 1: Install mingetty.

We need a small application that allows us to auto login as the user that we want. There are severals apps in the repositories to do this task. In fact, you can write your own app to do this in C like many tutorials suggest on the Internet. I’ll use mingetty.

apt-get install mingetty

  • Step 2: Configuration of tty1

Now we need to change the behaviour of tty1 to use mingetty instead of the standard getty. To achieve this we need to edit the file /etc/init/tty1.conf, so use your favourite editor. I’ll use nano.

nano /etc/init/tty1.conf

Let’s comment out the getty line so it looks like this:

#exec /sbin/getty -8 38400 tty1

Just below this commented line, add the following one:

exec /sbin/mingetty –autologin root –noclear tty1

Save and close the file.

  • Step 3: startx right after login

The last thing we need to do is launch the startx command just after the login. To do this we need to edit the file /root/.bash_profile. Everything we write in this file is going to be executed just after the root logs in. By default there is no such file in BT5 installation but maybe you added some useful command for you and you want to keep it, so we are going to run the following command:

echo “startx” >> ~/.bash_profile

Done. Restart to see it working.

Enjoy.

December 28th, 2011  Posted at   Backtrack, Debian, Java, Languages, Linux
   |   No Comments

I think this is very useful. I know there are powerful script languages like python or ruby which, by the way, I strongly recommend you to learn. But maybe you feel comfortable (like me) using Java for simple and not so simple programs or scripts. I’m writing this post because the other day I wanted to create a word list file to use in Backtrack with specific restrictions that I had in mind. It had been long time without using Ruby and I had to refresh my knowledge about it to make it. But then I thought that I could have made the word list faster just with a few lines of Java. But of course we don’t want to use an IDE like Eclipse o NetBeans for this kind of programs, we just want our lovely console :).

Enough chatter let’s go to practice. We’re going to create a HelloWorld.java and run it all from the console.

First of all we need to install the Java Development Kit (JDK) in order to run the Java compiler (javac). We can use the one from Sun, but I’ll be using openjdk which is installed in my Backtrack.

If you don’t have it installed yet, just type:

apt-get install openjdk-6-jdk

or

apt-get install default-jdk

We are going to use the Java Compiler (javac) to create the binary file HelloWorld.class, the one that can be executed by the Java Virtual Machine (JVM).

Let’s write the source code. Use your favorite editor, I’ll use nano:

nano HelloWorld.java

And now the code:

/* Java Hello World from mendrugox */
 
public class HelloWorld
{
	public static void main(String[] args)
	{
		System.out.println("Hello World!");
	}
}

Save and close (Ctrl +x in nano).

Now we have our code in the HelloWorld.java file, let’s compile it:

javac HelloWorld.java

The file HelloWorld.class is created and now we can execute our program:

java HelloWorld

*Notice that I put HelloWorld and not HelloWorld.class.

 

We’re done.

Enjoy.

October 22nd, 2011  Posted at   Backtrack, Linux

I like to use an old laptop in which I’ve installed BT5. From being an useless thing inside a closet it has become a wonderful tool for me nowadays. Although I’ve a neat Alpha AWUS036H card,  it was reasonable that I wanted that its internal ipw2200bg card worked too. That is something that doesn’t happen when you run BT5 with its default configuration.

If we run dmesg we’ll see that our internal card is detected but something is happening with its firmware.

ipw2200: Detected Intel PRO/Wireless 2200BG Network Connection
ipw2200: ipw2200-bss.fw request_firmware failed: Reason -2
ipw2200: Unable to load firmware: -2
ipw2200: failed to register network device

To solve this issue we have to download the latest firmware for the card. You can get it from the official site http://ipw2200.sourceforge.net/firmware.php. I’ve uploaded the latest version at present, 3.1, so you can get it directly from here: ipw2200-fw-3.1.tgz

Once you get it extract the firmware files:

tar xvfz ipw2200-fw-3.1.tgz

Copy the .fw files to /lib/firmware:

cp ipw2200-fw-3.1/*.fw /lib/firmware/

Reset the driver:

modprobe -r ipw2200

modprobe ipw2200

Done.

Enjoy.

October 16th, 2011  Posted at   Backtrack, Linux

Post edited on Apr 28, 2013:

I’ve found a much better solution for use Chromium in BT5 but I think it’s fair to keep the original one for the record at the end of the post. So the following lines explain the new and much simpler solution:

Install the package as usual:

apt-get install chromium-browser

And now the only thing we have to do is to change the way this program is launched from the menu. So go to System >> Preferences >> Main Menu , find the “Chromium Web Browser” inside the “Internet” menu and click on “Properties”. You should see the following:

Chromium1

Change the original command “/usr/bin/chromium-browser %U” for this one:

/usr/bin/chromium-browser %U –user-data-dir

chromium2

 

Close  and we’re done.

Enjoy :)

—————————-

Original post:

For those like me that love this lightweight browser :)

When you install chromium-browser using apt from current backtrack repositories and you try to launch it, that’s what happens:

Chromium root error
 Pretty clear, isn’t it? It can’t be run as root, and that’s our Backtrack’s user!

One solution I found to be able to use chromium is to download some older version that allows us to run it as root. You can get it from the link below.

chrome32.tar.gz

Once downloaded you should do the following:

Uninstall your current chromium version (if you haven’t already done this):

apt-get remove chromium-browser

Decompress and extract the packages:

tar xvfz chrome32.tar.gz

Run installation script (it just launch apt in a proper way to resolve dependencies):

./chrome_install.sh

And that’s it, now you can enjoy this browser!

One last thing which is very important is to tell the system not to update this packages whenever we update or upgrade our Backtrack because, if we don’t do this, we’ll lose our chromium if we accept the update.

The way I like to do this:

echo “package_name hold” | dpkg –set-selections

The way to undo this:

echo “package_name install” | dpkg –set-selections

In our chromium case we have four packages that we want hold, so we have four lines to execute:

echo “chromium-browser hold” | dpkg –set-selections

echo “chromium-browser-inspector hold” | dpkg –set-selections

echo “chromium-browser-l10n hold” | dpkg –set-selections

echo “chromium-codecs-ffmpeg hold” | dpkg –set-selections

And now we’re done.

Enjoy.