Dec 042013
 

I often review various vulnerability scanners.  When I review them, I look at several different things:

  • were they able to find a vulnerability I previously missed?
  • are they accurate in their findings?
  • how quickly do they complete an audit compared to “insert some other vulnerability scanner here”?
  • sometimes I will also grab the tcpdumps of the audits for even further analysis
  • how accessible and easy are they to use by “skiddies”?
  • based on the tcpdumps + noise generated on the server logs, are the audit signatures of wapiti easy to detect?

Continue reading »

Apr 052013
 

bbswitch is not compatible with the kernel included with kali linux.  The easiest fix is simply to upgrade to kernel 3.8.5 from debian experimental to fix this issue:

Basically I downloaded these packages manually:

initramfs-tools_0.110_all.deb
linux-headers-3.8-trunk-all-amd64_3.8.5-1~experimental.1_amd64.deb
linux-headers-3.8-trunk-amd64_3.8.5-1~experimental.1_amd64.deb
linux-headers-3.8-trunk-common_3.8.5-1~experimental.1_amd64.deb
linux-headers-3.8-trunk-common-rt_3.8.5-1~experimental.1_amd64.deb
linux-headers-3.8-trunk-rt-amd64_3.8.5-1~experimental.1_amd64.deb
linux-image-3.8-trunk-amd64_3.8.5-1~experimental.1_amd64.deb
linux-kbuild-3.8_3.8.2-1~experimental.1_amd64.deb

Then installed them:

sudo dpkg -i *.deb

Rebooted and all was well.

 

Feb 102013
 

My desktop computer is a couple of years old.  It serves me well for what I do.  I just got a new laptop.  In terms of hardware, the laptop is much different.  The desktop is a quad-core AMD 900 series with an ATI 4500 series gpu running backtrack 5r3.  It has 8GB of memory and standard SATA drives.  The laptop is an Intel i7 cpu, with SSD drive, NVIDIA 660M gpu, and 8GB memory running backbox 3.  The internal SATA drive is slow as fuck (just putting that out there).  I have the OS on the SSD drive and my home folder on the SATA drive.

Here are the specs as seen by pyrit list_cores from each along with the benchmark tests:

Continue reading »

Oct 312012
 
#!/bin/bash
 
# By Ed Wiget
# This script grabs the latest nmap, zenmap, ncat, nping in rpm format and converts them to deb
 
# 20121031 - original script
 
# the version we are grabbing
VER=6.01-1
 
# the architecture we are using
ARCH=x86_64
 
# our working dir
TEMP_DIR=~/nmap-files
 
# check if it exists and if not, create it
if [ ! -d ${TEMP_DIR} ]; then
	mkdir -p ${TEMP_DIR}
fi
 
# check to make sure alien is installed and if not, install it
if [ ! -f /usr/bin/alien ]; then
	sudo apt-get install alien
fi
 
# cd to the working dir
cd ${TEMP_DIR}
 
# 386 files
# http://nmap.org/dist/nmap-6.01-1.i386.rpm
# http://nmap.org/dist/zenmap-6.01-1.noarch.rpm
# http://nmap.org/dist/ncat-6.01-1.i386.rpm
# http://nmap.org/dist/nping-0.6.01-1.i386.rpm
 
# x86_64 files
# http://nmap.org/dist/nmap-6.01-1.x86_64.rpm
# http://nmap.org/dist/ncat-6.01-1.x86_64.rpm
# http://nmap.org/dist/nping-0.6.01-1.x86_64.rpm
 
# no arch
# http://nmap.org/dist/zenmap-6.01-1.noarch.rpm
 
# grab the files
wget -O ${TEMP_DIR}/nmap-${VER}.${ARCH}.rpm http://nmap.org/dist/nmap-${VER}.${ARCH}.rpm
wget -O ${TEMP_DIR}/ncat-${VER}.${ARCH}.rpm http://nmap.org/dist/ncat-${VER}.${ARCH}.rpm
wget -O ${TEMP_DIR}/nping-0.${VER}.${ARCH}.rpm http://nmap.org/dist/nping-0.${VER}.${ARCH}.rpm
wget -O ${TEMP_DIR}/zenmap-${VER}.noarch.rpm http://nmap.org/dist/zenmap-${VER}.noarch.rpm
 
# remove any deb files currently in this dir
rm -f *.deb
 
# convert the downloaded files to deb
sudo alien nmap-${VER}.${ARCH}.rpm
sudo alien ncat-${VER}.${ARCH}.rpm
sudo alien nping-0.${VER}.${ARCH}.rpm
sudo alien zenmap-${VER}.noarch.rpm
 
# install the packages
sudo dpkg --install *.deb

Jul 132012
 

Credit where credit is due….The bulk of this article was obtained from the excellent article located here: http://www.xors.me/?p=4458

I found the original article and then modified it to fit my operating system and environment.  It has been modified to work with Backtrack Linux installation using native virtualbox-4.1 installation

Background

To provide some background, Cuckoo Sandbox performs automated malware analysis using system virtualization technologies.  At a high level, Cuckoo executes Python scripts, which then spawn a VirtualBox Virtual Machines (VM) environment running a Guest OS (ie. Windows XP), to execute and analyze malware code in a controlled environment. Once the Guest OS launches, VirtualBox uses local shares to access Python scripts located on the Host OS (ie. Ubuntu/Backtrack).  Python therefore needs to be installed on both the Guest and Host OS environments for this product to work.  Within the Guest OS, youwill also need vulnerable applications to help analyze code, by forcing malware binary or malicious URLs execution.  As the installation documentation provided with Cuckoo Sandbox is missing a few requirements, this post will show a user how to perform a functional install of Cuckoo Sandbox.

A link to the original video is below in avi format.

cuckoo sandbox working under a normal user account

Continue reading »

May 212012
 

The error:
svn: /opt/metasploit/common/lib/libssl.so.0.9.8: no version information available (required by /opt/metasploit/common/lib/libserf-0.so.0)
svn: /opt/metasploit/common/lib/libcrypto.so.0.9.8: no version information available (required by /opt/metasploit/common/lib/libserf-0.so.0)

The Fix:
Open terminal and enter these lines:

Continue reading »

May 152012
 
#!/bin/bash
 
# By Ed Wiget
# This script sets up a proxy so that you can audit web servers anonymously over tor
# 20111113 - initial script (better method)
# enable next line for debugging
#set -x
 
echo "Please enter the ip address of the target host or a domain name"
read dom
 
# this checks to see if we set a domain name or ip address
# it sets the variable IP to the ip address of domain or ip entered
# if you are auditing more than .com, .net, .org, .edu addresses, you need to add them below
if [ "`echo ${dom} | egrep 'com|net|org|edu' | wc -l`" = "1" ]; then
		IP=`tor-resolve ${dom}`
	else
		IP=${dom}
fi
 
# for debugging to make sure we are setting IP correctly
#echo ${IP}
 
# here we set up a socat proxy listening on localhost port 8080
# it forwards any tcp requests to ${IP} port 80
# via the socks tor listening on localhost 9050
sudo socat TCP4-LISTEN:8080,fork SOCKS4:127.0.0.1:${IP}:80,socksport=9050 &
 
# the sleep is required or the check for listening fails below
sleep 2
 
if [ "`sudo netstat -ptane | grep 8080 | wc -l`" = "1" ]; then
	echo "proxy started successfully"
else
	echo "proxy not running"
	exit
fi
 
# here we are going to check port 80 for a web server which will likely tell us the
# operating system too via the results
sudo proxychains nmap -sT -PN -n -sV ${IP} -p80
 
# here we need to set up w3af_gui running as root in order to connect to our proxy
echo "when w3af opens, click on advanced target settings"
sleep 1
echo "set the target ip in w3af to http://127.0.0.1:8080"
sleep 1
echo "set the targetos and targetframework in w3af as returned by the nmap check above"
sleep 1
sudo /pentest/web/w3af/w3af_gui &

 

So now you can audit a web app using w3af.  If you wanted to use nessus or metasploit, just plug in the address as 127.0.0.1:8080

Mar 022012
 
echo "deb http://updates.repository.backtrack-linux.org revolution main microverse non-free testing" >> /etc/apt/sources.list 
apt-get update 
apt-get dist-upgrade

And it includes these new tools:

arduino	bluelog	bt-audit	dirb	dnschef	dpscan	easy-creds	extundelete
findmyhash	golismero	goofile	hashcat-gui	hash-identifier	hexorbase	horst	hotpatch
joomscan	killerbee	libhijack	magictree	nipper-ng	patator	pipal	pyrit
reaver	rebind	rec-studio	redfang	se-toolkit	sqlsus	sslyze	sucrack
thc-ssl-dos	tlssled	uniscan	vega	watobo	wcex	wol-e	xspy

Mar 022012
 

After upgrading to Linux kernel 3.2.6, rebooting, reconfiguring initramfs for encrypted drives, rebooting again, and reinstalling ati graphics, my normal xrandr command no longer worked.  That command is:

xrandr --output LVDS --mode 1920x1200 --pos 1680x0 --rotate normal --output CRT1 --mode 1680x1050 --pos 0x0 --rotate normal --output DFP2 --off --output DFP1 --off

And the error was “xrandr screen only supports 1920 x 1200”

The fix is really simple….

Continue reading »