XFX 7850 Radeon 1G DDR5 pyrit + oclhashcat + john (jtr) on Kali

 Hå¢kïñg, Kali, Lïñµx, §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ  No Responses »
Jun 092013
 
P450-7855_chiclet01x_ea_3242917

I just bought this card to replace an older radeon 4500 series gpu.  Here are the benchmarks (this is a quad-core amd with 16GB memory, sata drives):

Pyrit

$ sudo pyrit benchmark
Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+
 
Running benchmark (59139.3 PMKs/s)... - 
 
Computed 59139.26 PMKs/s total.
#1: 'CAL++ Device #1 'AMD GPU DEVICE'': 59710.6 PMKs/s (RTT 1.1)
#2: 'CPU-Core (SSE2)': 568.9 PMKs/s (RTT 3.0)
#3: 'CPU-Core (SSE2)': 572.3 PMKs/s (RTT 2.9)
#4: 'CPU-Core (SSE2)': 548.1 PMKs/s (RTT 3.0)

Continue reading »

How to monitor a linux users shell in real time

 Hå¢kïñg, Lïñµx, Monitoring, §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ, Ðïgï†ål £ðrêñ§ï¢§  No Responses »
Jun 062013
 

This is a trick I learned a long time ago.  I used to teach it in my linux administration, digital forensics, and ethical hacking courses I taught at college.  It has been one of the most useful commands I ever learned.  So the scenario goes like this:  lets assume you have a user you suspect is doing something nefarious…maybe even a hacker has a shell on your server.  You would like to be able to see exactly what they are doing.  Wouldn’t it be nice to be able to connect to their shell without them knowing so you can watch what they are doing?

Here is how it is done…..

Continue reading »

Creating Password Hashes From Wordlists And Storing Them In a Database

 Debian, Hå¢kïñg, Kali, Lïñµx, Rê§êår¢h, Uncategorized, §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ, †êå¢hïñg, †µ†ðrïål§  No Responses »
May 182013
 

A long time ago, I created a database to hold passwords and their respective hashes for some 16 various hash types.  It has approximately 310,261,848 passwords for each type and is growing nearly every day as more password lists become available.  I found a pretty quick way to generate the hashes for these wordlists and wanted to share how it is done.  These hashes only work with unsalted/unpeppered passwords.

First, lets look at my table schema, which is very simple and very effective.  It uses an index on the hash + password column so there can not be any two hashes+passwords that are the same.  The types table is a  simple lookup table that references data.type 1 to a name like DES.  The primary key is on the name column.  I don’t claim to be a db administrator so if you spot any errors, let me know.

Continue reading »

The wordpress botnet attack

 Apache, Hå¢kïñg, Lïñµx, ñgïñx, wordpress, §¥§†êm ÄÐmïñ阮rå†ïðñ  No Responses »
Apr 182013
 

Some of the posts I am seeing on the internet regarding the wordpress password crack via botnet is pretty funny as various people offer suggestions to fix the problem.  The quickest fix is simple and although it protects the wp-admin page, it wont protect you from the inbound traffic or sql injection.

Continue reading »

Kali: Add kernel 3.8.5 to fix bbswitch issue

 Hå¢kïñg, Kali, Lïñµx  No Responses »
Apr 052013
 

bbswitch is not compatible with the kernel included with kali linux.  The easiest fix is simply to upgrade to kernel 3.8.5 from debian experimental to fix this issue:

Basically I downloaded these packages manually:

initramfs-tools_0.110_all.deb
linux-headers-3.8-trunk-all-amd64_3.8.5-1~experimental.1_amd64.deb
linux-headers-3.8-trunk-amd64_3.8.5-1~experimental.1_amd64.deb
linux-headers-3.8-trunk-common_3.8.5-1~experimental.1_amd64.deb
linux-headers-3.8-trunk-common-rt_3.8.5-1~experimental.1_amd64.deb
linux-headers-3.8-trunk-rt-amd64_3.8.5-1~experimental.1_amd64.deb
linux-image-3.8-trunk-amd64_3.8.5-1~experimental.1_amd64.deb
linux-kbuild-3.8_3.8.2-1~experimental.1_amd64.deb

Then installed them:

sudo dpkg -i *.deb

Rebooted and all was well.

 

Pyrit: Testing New Laptop vs Desktop

 Backbox, Hå¢kïñg, Lïñµx, Rê§êår¢h, ßå¢k†rå¢k, §¥§†êm ÄÐmïñ阮rå†ïðñ  No Responses »
Feb 102013
 

My desktop computer is a couple of years old.  It serves me well for what I do.  I just got a new laptop.  In terms of hardware, the laptop is much different.  The desktop is a quad-core AMD 900 series with an ATI 4500 series gpu running backtrack 5r3.  It has 8GB of memory and standard SATA drives.  The laptop is an Intel i7 cpu, with SSD drive, NVIDIA 660M gpu, and 8GB memory running backbox 3.  The internal SATA drive is slow as fuck (just putting that out there).  I have the OS on the SSD drive and my home folder on the SATA drive.

Here are the specs as seen by pyrit list_cores from each along with the benchmark tests:

Continue reading »

Bash: script to run tcpdump on remote host and pipe it back to local wireshark

 Arch, Backbox, Debian, Diagnostics, Gêñ†ðð, Hå¢kïñg, Lïñµx, Monitoring, Netbook, Redhat, Rê§êår¢h, ßå¢k†rå¢k, Ubuntu, §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ  No Responses »
Feb 052013
 

So I wrote this script because I often need to run tcpdump on a remote host and then view it in wireshark.  The old method was to run tcpdump on remote host, scp/rsync the file back to my local machine, open it in wireshark, view it.  This script saves a lot of time.  It assumes you are logging in as root and will need modified if you are running as a normal user (change root to your username and make sure you have sudo privileges for tcpdump)

#!/bin/bash
 
# By Ed Wiget
# This runs tcpdump on a remote hosts and pipes it back locally to wireshark to view in realtime
 
# 20130205 - original script
 
if [ $1 == "" ]; then
	echo "What is the remote host by fqdn, i.e. server1.domain.com"
	read RHOST
else
	RHOST=$1
fi
 
wireshark -k -i <( ssh -l root ${RHOST} /usr/sbin/tcpdump -i eth0 -w - )
 
# after you kill wireshark, the tcpdump still runs on remove host...we need to kill it
PIDOF=`ssh root@${RHOST} "ps aux | grep [t]cpdump" | awk -F" " '{print$2}'`
 
echo "killing pid ${PIDOF} on ${RHOST}...please wait...."
ssh root@${RHOST} "pkill tcpdump"
 
# now we make sure it is killed
PIDOF2=`ssh root@${RHOST} "ps aux | grep [t]cpdump" | awk -F" " '{print$2}'`
if [ ${PIDOF2} == "" ]; then
	echo "pid check returns ${PIDOF2}"
else
	echo "pid check returns ${PIDOF2}"
fi

Glastopf Web Application Honeypot

 Debian, Hå¢kïñg, Lïñµx, Rê§êår¢h, Web Application Honeypot, §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ, Ðïgï†ål £ðrêñ§ï¢§, †êå¢hïñg, †µ†ðrïål§  No Responses »
Jul 272012
 
glastopf-box

Glastopf is a web application honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications.  The principle behind it is very simple:  Reply the correct response to the attacker exploiting the web application.

This article is mostly to cover the installation, setup, usage, etc

Installation

Continue reading »

Auditing mysql passwords with dbpwaudit

 Hå¢kïñg, Lïñµx, Rê§êår¢h, ßå¢k†rå¢k, §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ, †µ†ðrïål§  No Responses »
Jul 092012
 

Backtrack has dbpwaudit in /pentest/database/dbpwaudit, however, it does not come with the java jar files required.  So, first you have to go download them.  The easiest way I found out to do that is by simply searching for the aliases and then googling them.  You can get the aliases with the -L option:

user@HOST:/pentest/database/dbpwaudit$ ./dbpwaudit.sh -L
DBPwAudit v0.8 by Patrik Karlsson <patrik@cqure.net>
----------------------------------------------------
Oracle - oracle.jdbc.driver.OracleDriver
MySQL - com.mysql.jdbc.Driver
MSSql - com.microsoft.sqlserver.jdbc.SQLServerDriver
DB2 - com.ibm.db2.jcc.DB2Driver

Continue reading »

Script: Auditing over anonymous networks

 Hå¢kïñg, Lïñµx, ßå¢k†rå¢k, §¢rïþ†§, §¥§†êm ÄÐmïñ阮rå†ïðñ  No Responses »
May 152012
  
#!/bin/bash
 
# By Ed Wiget
# This script sets up a proxy so that you can audit web servers anonymously over tor
# 20111113 - initial script (better method)
# enable next line for debugging
#set -x
 
echo "Please enter the ip address of the target host or a domain name"
read dom
 
# this checks to see if we set a domain name or ip address
# it sets the variable IP to the ip address of domain or ip entered
# if you are auditing more than .com, .net, .org, .edu addresses, you need to add them below
if [ "`echo ${dom} | egrep 'com|net|org|edu' | wc -l`" = "1" ]; then
		IP=`tor-resolve ${dom}`
	else
		IP=${dom}
fi
 
# for debugging to make sure we are setting IP correctly
#echo ${IP}
 
# here we set up a socat proxy listening on localhost port 8080
# it forwards any tcp requests to ${IP} port 80
# via the socks tor listening on localhost 9050
sudo socat TCP4-LISTEN:8080,fork SOCKS4:127.0.0.1:${IP}:80,socksport=9050 &
 
# the sleep is required or the check for listening fails below
sleep 2
 
if [ "`sudo netstat -ptane | grep 8080 | wc -l`" = "1" ]; then
	echo "proxy started successfully"
else
	echo "proxy not running"
	exit
fi
 
# here we are going to check port 80 for a web server which will likely tell us the
# operating system too via the results
sudo proxychains nmap -sT -PN -n -sV ${IP} -p80
 
# here we need to set up w3af_gui running as root in order to connect to our proxy
echo "when w3af opens, click on advanced target settings"
sleep 1
echo "set the target ip in w3af to http://127.0.0.1:8080"
sleep 1
echo "set the targetos and targetframework in w3af as returned by the nmap check above"
sleep 1
sudo /pentest/web/w3af/w3af_gui &

 

So now you can audit a web app using w3af.  If you wanted to use nessus or metasploit, just plug in the address as 127.0.0.1:8080

 Older Entries