Posts Tagged ‘Backtrack’

March 26th, 2012  Posted at   Backtrack, Linux

By default sshd is not enabled in Backtrack 5 but of course is installed.

Just run this command:

sshd-generate

And now we can start the service, choose one of the following ways:

 service ssh start

/etc/init.d/ssh start

start ssh

Done. Service is listening on port 22. You can access using root/toor.

You can change the configuration by editing /etc/ssh/sshd_config.

 

Enjoy.

January 10th, 2012  Posted at   Backtrack, Linux

This was a feature that many people requested for long time. In previous versions of metasploit, msfupdate didn’t allow us to use proxies. Now that is based on subversion, we can do it. I’ll show you how using Backtrack 5.

Although we configured the proxy using the Network Proxy Preferences window in gnome:

And therefore we have the environment variables set in the shell:

$ env | grep http

http_proxy=http://myuser:mypass@proxy.mydomain.com:8080/
HTTP_PROXY=http://myuser:mypass@proxy.mydomain.com:8080/

Something seems to be missing when we use msfupdate or svn. So the following steps are the key ones.

Edit the file ~/.subversion/servers

Go to global section (normally at the end) and modify it to look like this:

[global]
http-proxy-host = proxy.mydomain.com
http-proxy-port = 8080
http-proxy-username = myuser
http-proxy-password = mypass

If your proxy doesn’t require authentication just comment out the user and password lines.

Save and close. Now go to /pentest/exploits/framework and launch the following command.

svn update

Done.

Enjoy.

December 30th, 2011  Posted at   Backtrack, Linux

Let’s face it, we all use tty1 to login as root/toor and launch startx… so why not boot automatically into our favorite desktop environment? In the following lines I’ll explain how to achieve this in three simple steps.

  • Step 1: Install mingetty.

We need a small application that allows us to auto login as the user that we want. There are severals apps in the repositories to do this task. In fact, you can write your own app to do this in C like many tutorials suggest on the Internet. I’ll use mingetty.

apt-get install mingetty

  • Step 2: Configuration of tty1

Now we need to change the behaviour of tty1 to use mingetty instead of the standard getty. To achieve this we need to edit the file /etc/init/tty1.conf, so use your favourite editor. I’ll use nano.

nano /etc/init/tty1.conf

Let’s comment out the getty line so it looks like this:

#exec /sbin/getty -8 38400 tty1

Just below this commented line, add the following one:

exec /sbin/mingetty –autologin root –noclear tty1

Save and close the file.

  • Step 3: startx right after login

The last thing we need to do is launch the startx command just after the login. To do this we need to edit the file /root/.bash_profile. Everything we write in this file is going to be executed just after the root logs in. By default there is no such file in BT5 installation but maybe you added some useful command for you and you want to keep it, so we are going to run the following command:

echo “startx” >> ~/.bash_profile

Done. Restart to see it working.

Enjoy.

November 13th, 2011  Posted at   Linux

When we want to connect to a wireless network protected using WPA/WPA2 schema using command line we cannot use iwconfig to achieve it. We need to use a “supplicant” program. The most common is wpa_supplicant. To use this program we need to provide it a config file, so let’s do it.

Create a new file with the following content:

# WPA/WPA2 PSK Config file

network={

	ssid="MyNetwork"

	scan_ssid=1

	key_mgmt=WPA-PSK

	psk="MyKey"
}

Where “MyNetwork” is the name (ESSID) of the network you want to connect to and “MyKey” is the Pre-Shared Key for the network.

Save this file wherever you want. I’ll use /root/wpa.conf (I’m using BT5 right now :)).

** If the example file configuration does not meet your requirements you can find other configurations in the following file:

http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/wpa_supplicant.conf

The interface I’ll be using for this connection is eth1.

The command we need to launch to finally connect to this network is the following:

wpa_supplicant -Dwext -c/root/wpa.conf -ieth1

Parameters meaning:

-D driver to use. (wext -> Linux wireless extensions (generic))

-c config file to use. (/root/wpa.conf -> our new config file)

-i interface to use. (eth1 -> my wireless interface)

As the wpa_supplicant command that we use needs to be active permanently while we are connected to the network it’s better to launch it in the background so we’ll use the following command:

wpa_supplicant -Dwext -c/root/wpa.conf -ieth1 &

If you’re using a graphical interface like Gnome or KDE you can also press ALT+F2 to run the program in background mode:

And that’s it, you’re connected.

Remember that once you’ve done this you need to configure the IP parameters for the network. If there is a DHCP server running you can use:

dhclient eth1

Enjoy.

October 22nd, 2011  Posted at   Backtrack, Linux

I like to use an old laptop in which I’ve installed BT5. From being an useless thing inside a closet it has become a wonderful tool for me nowadays. Although I’ve a neat Alpha AWUS036H card,  it was reasonable that I wanted that its internal ipw2200bg card worked too. That is something that doesn’t happen when you run BT5 with its default configuration.

If we run dmesg we’ll see that our internal card is detected but something is happening with its firmware.

ipw2200: Detected Intel PRO/Wireless 2200BG Network Connection
ipw2200: ipw2200-bss.fw request_firmware failed: Reason -2
ipw2200: Unable to load firmware: -2
ipw2200: failed to register network device

To solve this issue we have to download the latest firmware for the card. You can get it from the official site http://ipw2200.sourceforge.net/firmware.php. I’ve uploaded the latest version at present, 3.1, so you can get it directly from here: ipw2200-fw-3.1.tgz

Once you get it extract the firmware files:

tar xvfz ipw2200-fw-3.1.tgz

Copy the .fw files to /lib/firmware:

cp ipw2200-fw-3.1/*.fw /lib/firmware/

Reset the driver:

modprobe -r ipw2200

modprobe ipw2200

Done.

Enjoy.

October 16th, 2011  Posted at   Backtrack, Linux

Post edited on Apr 28, 2013:

I’ve found a much better solution for use Chromium in BT5 but I think it’s fair to keep the original one for the record at the end of the post. So the following lines explain the new and much simpler solution:

Install the package as usual:

apt-get install chromium-browser

And now the only thing we have to do is to change the way this program is launched from the menu. So go to System >> Preferences >> Main Menu , find the “Chromium Web Browser” inside the “Internet” menu and click on “Properties”. You should see the following:

Chromium1

Change the original command “/usr/bin/chromium-browser %U” for this one:

/usr/bin/chromium-browser %U –user-data-dir

chromium2

 

Close  and we’re done.

Enjoy :)

—————————-

Original post:

For those like me that love this lightweight browser :)

When you install chromium-browser using apt from current backtrack repositories and you try to launch it, that’s what happens:

Chromium root error
 Pretty clear, isn’t it? It can’t be run as root, and that’s our Backtrack’s user!

One solution I found to be able to use chromium is to download some older version that allows us to run it as root. You can get it from the link below.

chrome32.tar.gz

Once downloaded you should do the following:

Uninstall your current chromium version (if you haven’t already done this):

apt-get remove chromium-browser

Decompress and extract the packages:

tar xvfz chrome32.tar.gz

Run installation script (it just launch apt in a proper way to resolve dependencies):

./chrome_install.sh

And that’s it, now you can enjoy this browser!

One last thing which is very important is to tell the system not to update this packages whenever we update or upgrade our Backtrack because, if we don’t do this, we’ll lose our chromium if we accept the update.

The way I like to do this:

echo “package_name hold” | dpkg –set-selections

The way to undo this:

echo “package_name install” | dpkg –set-selections

In our chromium case we have four packages that we want hold, so we have four lines to execute:

echo “chromium-browser hold” | dpkg –set-selections

echo “chromium-browser-inspector hold” | dpkg –set-selections

echo “chromium-browser-l10n hold” | dpkg –set-selections

echo “chromium-codecs-ffmpeg hold” | dpkg –set-selections

And now we’re done.

Enjoy.