Update metasploit through http proxy

This was a feature that many people requested for long time. In previous versions of metasploit, msfupdate didn't allow us to use proxies. Now that is based on subversion, we can do it. I'll show you how using Backtrack 5.

Although we configured the proxy using the Network Proxy Preferences window in gnome:

And therefore we have the environment variables set in the shell:

$ env | grep http

http_proxy=http://myuser:mypass@proxy.mydomain.com:8080/
HTTP_PROXY=http://myuser:mypass@proxy.mydomain.com:8080/

Something seems to be missing when we use msfupdate or svn. So the following steps are the key ones.

Edit the file ~/.subversion/servers

Go to global section (normally at the end) and modify it to look like this:

[global]
http-proxy-host = proxy.mydomain.com
http-proxy-port = 8080
http-proxy-username = myuser
http-proxy-password = mypass

If your proxy doesn't require authentication just comment out the user and password lines.

Save and close. Now go to /pentest/exploits/framework and launch the following command.

svn update

Done.

Enjoy.

Posted on January 10, 2012 at 12:11 by Samuel · Permalink · Leave a comment
In: Backtrack, Linux · Tagged with: , , ,

Auto login and startx in Backtrack 5

Let's face it, we all use tty1 to login as root/toor and launch startx... so why not boot automatically into our favorite desktop environment? In the following lines I'll explain how to achieve this in three simple steps.

We need a small application that allows us to auto login as the user that we want. There are severals apps in the repositories to do this task. In fact, you can write your own app to do this in C like many tutorials suggest on the Internet. I'll use mingetty.

apt-get install mingetty

Now we need to change the behaviour of tty1 to use mingetty instead of the standard getty. To achieve this we need to edit the file /etc/init/tty1.conf, so use your favourite editor. I'll use nano.

nano /etc/init/tty1.conf

Let's comment out the getty line so it looks like this:

#exec /sbin/getty -8 38400 tty1

Just below this commented line, add the following one:

exec /sbin/mingetty --autologin root --noclear tty1

Save and close the file.

The last thing we need to do is launch the startx command just after the login. To do this we need to edit the file /root/.bash_profile. Everything we write in this file is going to be executed just after the root logs in. By default there is no such file in BT5 installation but maybe you added some useful command for you and you want to keep it, so we are going to run the following command:

echo "startx" >> ~/.bash_profile

Done. Restart to see it working.

Enjoy.

Posted on December 30, 2011 at 17:31 by Samuel · Permalink · 5 Comments
In: Backtrack, Linux · Tagged with: ,

Working with Java in the console (terminal)

I think this is very useful. I know there are powerful script languages like python or ruby which, by the way, I strongly recommend you to learn. But maybe you feel comfortable (like me) using Java for simple and not so simple programs or scripts. I'm writing this post because the other day I wanted to create a word list file to use in Backtrack with specific restrictions that I had in mind. It had been long time without using Ruby and I had to refresh my knowledge about it to make it. But then I thought that I could have made the word list faster just with a few lines of Java. But of course we don't want to use an IDE like Eclipse o NetBeans for this kind of programs, we just want our lovely console :).

Enough chatter let's go to practice. We're going to create a HelloWorld.java and run it all from the console.

First of all we need to install the Java Development Kit (JDK) in order to run the Java compiler (javac). We can use the one from Sun, but I'll be using openjdk which is installed in my Backtrack.

If you don't have it installed yet, just type:

apt-get install openjdk-6-jdk

or

apt-get install default-jdk

We are going to use the Java Compiler (javac) to create the binary file HelloWorld.class, the one that can be executed by the Java Virtual Machine (JVM).

Let's write the source code. Use your favorite editor, I'll use nano:

nano HelloWorld.java

And now the code:

/* Java Hello World from mendrugox */
 
public class HelloWorld
{
	public static void main(String[] args)
	{
		System.out.println("Hello World!");
	}
}

Save and close (Ctrl +x in nano).

Now we have our code in the HelloWorld.java file, let's compile it:

javac HelloWorld.java

The file HelloWorld.class is created and now we can execute our program:

java HelloWorld

*Notice that I put HelloWorld and not HelloWorld.class.

 

We're done.

Enjoy.

Posted on December 28, 2011 at 12:36 by Samuel · Permalink · Leave a comment
In: Backtrack, Debian, Java, Languages, Linux · Tagged with: 

Connecting to WPA/WPA2 PSK network using command line

When we want to connect to a wireless network protected using WPA/WPA2 schema using command line we cannot use iwconfig to achieve it. We need to use a "supplicant" program. The most common is wpa_supplicant. To use this program we need to provide it a config file, so let's do it.

Create a new file with the following content:

# WPA/WPA2 PSK Config file

network={

	ssid="MyNetwork"

	scan_ssid=1

	key_mgmt=WPA-PSK

	psk="MyKey"
}

Where "MyNetwork" is the name (ESSID) of the network you want to connect to and "MyKey" is the Pre-Shared Key for the network.

Save this file wherever you want. I'll use /root/wpa.conf (I'm using BT5 right now :)).

** If the example file configuration does not meet your requirements you can find other configurations in the following file:

http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/wpa_supplicant.conf

The interface I'll be using for this connection is eth1.

The command we need to launch to finally connect to this network is the following:

wpa_supplicant -Dwext -c/root/wpa.conf -ieth1

Parameters meaning:

-D driver to use. (wext -> Linux wireless extensions (generic))

-c config file to use. (/root/wpa.conf -> our new config file)

-i interface to use. (eth1 -> my wireless interface)

As the wpa_supplicant command that we use needs to be active permanently while we are connected to the network it's better to launch it in the background so we'll use the following command:

wpa_supplicant -Dwext -c/root/wpa.conf -ieth1 &

If you're using a graphical interface like Gnome or KDE you can also press ALT+F2 to run the program in background mode:

And that's it, you're connected.

Remember that once you've done this you need to configure the IP parameters for the network. If there is a DHCP server running you can use:

dhclient eth1

Enjoy.

Posted on November 13, 2011 at 12:03 by Samuel · Permalink · Leave a comment
In: Linux · Tagged with: , , ,

Using resources from inside .jar package.

When we pack all our java classes, libraries and resources in a single .jar in order to share our application, if our code has references to resources using absolute or relative paths to the files in our working directory like for example:

ImageIcon image = new ImageIcon('/gui/images/logo.png');

We won't be able to get this resource when executing our standalone .jar file. We'll have to use the getResource() method from the class. Imagine that we are using Swing for creating a cool GUI for our application. Now we want to view our custom logo in our JFrame class instead the default one. And, of course, we want this to be working even when we distribute our app in a single .jar package. If our logo were located at /src/gui/images/logo.png,  this is the code that we'll be using for our purpose inside the JFrame class:

private void customize()
{
    try
        {
            URL res = getClass().getResource("/gui/images/logo.png");
            ImageIcon image = new ImageIcon(res);
            setIconImage(image.getImage());
        }
        catch (Exception ex)
        {
            System.err.println(ex);
        }
}

The same way for any other resources like files or music :).

Enjoy.

Posted on October 28, 2011 at 10:54 by Samuel · Permalink · Leave a comment
In: Java, Languages · Tagged with: ,

Make ipw2200 works in BT5

I like to use an old laptop in which I've installed BT5. From being an useless thing inside a closet it has become a wonderful tool for me nowadays. Although I've a neat Alpha AWUS036H card,  it was reasonable that I wanted that its internal ipw2200bg card worked too. That is something that doesn't happen when you run BT5 with its default configuration.

If we run dmesg we'll see that our internal card is detected but something is happening with its firmware.

ipw2200: Detected Intel PRO/Wireless 2200BG Network Connection
ipw2200: ipw2200-bss.fw request_firmware failed: Reason -2
ipw2200: Unable to load firmware: -2
ipw2200: failed to register network device

To solve this issue we have to download the latest firmware for the card. You can get it from the official site http://ipw2200.sourceforge.net/firmware.php. I've uploaded the latest version at present, 3.1, so you can get it directly from here: ipw2200-fw-3.1.tgz

Once you get it extract the firmware files:

tar xvfz ipw2200-fw-3.1.tgz

Copy the .fw files to /lib/firmware:

cp ipw2200-fw-3.1/*.fw /lib/firmware/

Reset the driver:

modprobe -r ipw2200

modprobe ipw2200

Done.

Enjoy.

Posted on October 22, 2011 at 17:36 by Samuel · Permalink · 12 Comments
In: Backtrack, Linux · Tagged with: , , ,

Working with Chromium in BT5

Post edited on Apr 28, 2013:

I've found a much better solution for use Chromium in BT5 but I think it's fair to keep the original one for the record at the end of the post. So the following lines explain the new and much simpler solution:

Install the package as usual:

apt-get install chromium-browser

And now the only thing we have to do is to change the way this program is launched from the menu. So go to System >> Preferences >> Main Menu , find the "Chromium Web Browser" inside the "Internet" menu and click on "Properties". You should see the following:

Chromium1

Change the original command "/usr/bin/chromium-browser %U" for this one:

/usr/bin/chromium-browser %U --user-data-dir

chromium2

 

Close  and we're done.

Enjoy :)

----------------------------

Original post:

For those like me that love this lightweight browser :)

When you install chromium-browser using apt from current backtrack repositories and you try to launch it, that's what happens:

Chromium root error
 Pretty clear, isn't it? It can't be run as root, and that's our Backtrack's user!

One solution I found to be able to use chromium is to download some older version that allows us to run it as root. You can get it from the link below.

chrome32.tar.gz

Once downloaded you should do the following:

Uninstall your current chromium version (if you haven't already done this):

apt-get remove chromium-browser

Decompress and extract the packages:

tar xvfz chrome32.tar.gz

Run installation script (it just launch apt in a proper way to resolve dependencies):

./chrome_install.sh

And that's it, now you can enjoy this browser!

One last thing which is very important is to tell the system not to update this packages whenever we update or upgrade our Backtrack because, if we don't do this, we'll lose our chromium if we accept the update.

The way I like to do this:

echo "package_name hold" | dpkg --set-selections

The way to undo this:

echo "package_name install" | dpkg --set-selections

In our chromium case we have four packages that we want hold, so we have four lines to execute:

echo "chromium-browser hold" | dpkg --set-selections

echo "chromium-browser-inspector hold" | dpkg --set-selections

echo "chromium-browser-l10n hold" | dpkg --set-selections

echo "chromium-codecs-ffmpeg hold" | dpkg --set-selections

And now we're done.

Enjoy.

Posted on October 16, 2011 at 17:49 by Samuel · Permalink · 2 Comments
In: Backtrack, Linux · Tagged with: , ,