Rabu, 29 Disember 2010

Setting up TrueCrypt on Backtrack 4

In my previous post, we setup an encrypted private directory to address being able to keep the data from a pen test safe. I also found that TrueCrypt works great on Backtrack 4. It also addresses the issue of file and directory names not being encrypted. Of course the downside is that the volume must be manually mounted each time or at least I haven't worked out how to automatically mount it yet.

Assumptions

  1. You have already created a bootable Backtrack 4 thumb drive with persistent changes.
  2. You are using Backtrack 4 as root.
  3. The following is performed with a windows manager active, e.g. KDE.
  4. You are familiar with TrueCrypt

Installing TrueCrypt

Installing TrueCrypt is almost as easy as setting up encrypted private directories. The following steps will get TrueCrypt installed and ready to be configured.

First we need to download the install package. I picked the 'Ubuntu - x86 .deb' option on the TrueCrypt download page. I used Firefox and saved the file to root's home directory.

Next execute the following commands from a terminal session in root's home directory:

tar zxvf truecrypt-6.1a-ubuntu-x86.tar.gz

chmod +x truecrypt-6.1a-setup-ubuntu-x86

./truecrypt-6.1a-setup-ubuntu-x86

At this point, you will have a gui install window with a couple options on it. Click on 'Install TrueCrypt' and follow the prompts.

Now it's time to setup up our TrueCrypt volume. To do so, either from the 'run' command option on the menu or from a terminal session execute truecrypt. You should end up with a window like the following.

truecrypt_1

The next step is to create our encrypted volume. We do that by clicking on the 'Create Volume'' option above and using the following screen.

truecrypt_2

Follow the prompts and create a volume. Once that is done you can mount the volume and begin using it.

http://www.infosecramblings.com

BackTrack Linux – Penetration Testing Distribution

Blog : BackTrack Linux – Penetration Testing Distribution

BackTrack Site Compromised

(Mostly taken from http://www.exploit-db.com/owned-and-exposed/ )

There’s nothing like having your butt kicked Christmas morning, which is exactly what happened to us today. We were owned and exposed, in true fashion. The zine also mentioned other sites, as well as the ettercap project being backdoored.

We are currently cleaning out our systems and analyzing the attacks – thankfully, the compromise was limited to non root access, and other than our egos, the damage is not severe. The compromise was limited to non root access to the web, blog and forums. Although there is no evidence as of yet that forum user passwords were compromised, we urge our users to change passwords at their earliest convenience. None of our development machines have been affected by this attack. We will keep you updated as we have more information through the exploit-database blog.


The Art of Human Hacking

The Art of Human Hacking Over a year ago the BackTrack team joined forces with social-engineer.org to support the creation of the world’s first framework based around social engineering.

With the framework came the addition of some great tools to BackTrack, such as SET (The Social Engineers Toolkit), created by Dave “Rel1k” Kennedy.

Today, the BackTrack team would like to congratulate Chris “loganWHD” for the release of his book, “Social Engineering: The Art of Human Hacking”.

This book has been widely anticipated and will help many new to the field of social engineering answer that (Read more…)

BackTrack 4 R2 Download!

Yes, the time has come again – for a new kernel, and a new release of BackTrack. Codenamed “Nemesis”. This release is our finest release as of yet with faster Desktop responsiveness, better hardware support, broader wireless card support, streamlined work environment.

We could go on for pages on saying how great the new version is, but we’ll cut to the chase, and give you the run down:

  • Kernel 2.6.35.8 – *Much* improved mac80211 stack.
  • USB 3.0 support.
  • New wireless cards supported.
  • All wireless Injection patches applied, maximum support for wireless attacks.
  • Even *faster* desktop environment.
  • Revamped Fluxbox environment for the KDE challenged.
  • Metasploit rebuilt from scratch, MySQL db_drivers working out of the box.
  • Updated old packages, added new ones, and removed obsolete ones.
  • New BackTrack Wiki with better documentation and support.
  • Our most professional, tested and streamlined release ever.

For those wanting to upgrade an older release of BT4, an apt-get update && apt-get dist-upgrade should do the job.

We are also pleased to announce the beginning of a new BackTrack Wiki which covers many important features of BackTrack. Get your brand new copy of BackTrack 4 R2 from our download page. If you enjoy BackTrack and would like to donate to our project – please check our community page! And as usual, if you are looking for high quality real world penetration testing training, check out our Offensive-Security courses.


BackTrack4 R2 Imminent Release and 2nd German BackTrack Day

It’s been a while since our last blog post, so we thought we’d give a quick status update with our progress. We are a week behind schedule with the release of BT4 R2, which is undergoing heavy testing at this moment. We will of course announce the download once it is available.

Another interesting event taking place is the 2nd German BackTrack Day (0x7da). The event will take place in Fulda on the 6-7.11.2010. The whole event is organized by the German BackTrack Team and will include great talks, workshops and CTFs. Tickets are pretty much sold out, except for 5 VIP tickets reserved for speakers.


BackTrack 4 R1 – Public Release

The BackTrack Team is proud to announce the public release of BackTrack 4 R1. At the risk of sounding like a broken record, we believe this version is by far the best version released to date. With a shiny new 2.6.34 kernel, there are many significant improvements, such as expanded hardware support, and improved desktop responsiveness. Check out some screenshots.

BackTrack Linux R1 Release

Tools have been updated systemwide, and a full Fluxbox desktop environment has been added. A walk-around for the rt28xx driver has been implemented (for all you AWUS050NH owners).

The VMWare version has complete integration with VMWare Tools, which provides a seamless interaction with BackTrack in a virtual environment.

We wish you all a great time with this fine release – Feel free to download it – burn it and make out with it. We await to hear feedback in our forums and Twitter. Lastly, if you are looking for high quality, hands on penetration testing training – check out our Offensive Security Training page.

http://www.backtrack-linux.org/blog/

Wireless Drivers


Wireless Driver compatibility breakdown:

BackTrack contains the default mac802.11 wireless drivers present in the kernel, with several patches that enhance wireless injection attacks.In addition to the stock (and patched) drivers, we have added some additional drivers to the distribution. In several occasions, we included older ieee802.11 drivers, for increased stability during wireless audits. The following list is a breakdown of the “external” drivers.

  • r8187 – IEEE802.11 drivers
  • madwifi-ng – IEEE802.11 atheros drivers
  • rt73 k2wrlz - IEEE802.11 rt73 drivers
  • broadcom hybrid – STA drivers (no injection)
  • rt2860 – STA Drivers (no injection)
  • rt2870 – STA Drivers (no injection)
  • rt3070 – STA Drivers (no injection)

Stuff that’s known NOT to work:

  • Broadcom wireless drivers – (some work, some dont – check out the b43 hardware compatibility page)
  • rt3070 wont play nice with monitor mode – check walk-around.
http://www.backtrack-linux.org/bt/wireless-drivers/

wifite

mass wep/wpa cracker for backtrack4

introduction

designed for Backtrack4 RC1 distribution of Ubuntu. Linux only; no windows or osx support.

purpose

to attack multiple WEP and WPA encrypted networks at the same time. this tool is customizable to be automated with only a few arguments. wifite can be trusted to run without supervision.

features

  • this project is available in French: all thanks goto Matt² for his excellent translation!
  • sorts targets by power (in dB); cracks closest access points first
  • automatically deauths clients of hidden networks to decloak SSIDs
  • numerous filters to specify exactly what to attack (wep/wpa/both, above certain signal strengths, channels, etc)
  • customizable settings (timeouts, packets/sec, channel, change mac address, ignore fake-auth, etc)
  • "anonymous" feature; changes MAC to a random address before attacking, then changes back when attacks are complete
  • all WPA handshakes are backed up to wifite.py's current directory
  • smart WPA deauthentication -- cycles between all clients and broadcast deauths
  • stop any attack with Ctrl+C -- options: continue, move onto next target, skip to cracking, or exit
  • switching WEP attack methods does not reset IVs
  • intel 4965 chipset fake-authentication support; uses wpa_supplicant workaround
  • SKA support (untested)
  • displays session summary at exit; shows any cracked keys
  • all passwords saved to log.txt
  • built-in updater: ./wifite.py -upgrade

requirements

  • linux operating system (confirmed working on Ubuntu 8.10 (BT4R1), Ubuntu 10.04.1)
  • tested working with python 2.4.5 and python 2.5.2; might be compatible with other versions,
  • wireless drivers patched for monitor mode and injection: backtrack4 has many pre-patched drivers,
  • aircrack-ng (v1.1) suite: available via apt: apt-get install aircrack-ng or by clicking here,
  • xterm, python-tk module: required for GUI, available via apt: apt-get install python-tk
  • macchanger: also available via apt: apt-get install macchanger
  • pyrit: not required, optionally strips wpa handshake from .cap files

execution

download the latest version:

wget -O wifite.py http://wifite.googlecode.com/svn/trunk/wifite.py

change permissions to executable:

chmod +x wifite.py

execute:

python wifite.py

or, to see a list of commands with info:

./wifite.py -help

snapshot

console mode:

gui mode (default):

examples

the program contains lots of interactivity (waits for user input). these command-line options are meant to make the program 100% automated -- no supervision required.

to crack all WEP access points:

./wifite.py -all -nowpa

to crack all WEP access points with signal strength greater than (or equal to) 50dB:

./wifite.py -p 50 -nowpa

to attack all access points, use 'darkc0de.lst' for cracking WPA handshakes:

./wifite.py -all --dict /pentest/passwords/wordlists/darkc0de.lst

to attack all WPA access points, but do not try to crack -- any captured handshakes are saved automatically:

./wifite.py -all -nowpa --dict none

to crack all WEP access points greater than 50dB in strength, giving 15 minutes for each WEP attack method, and send packets at 600 packets/sec:

./wifite.py --power 50 -wepw 15 -pps 600

to attempt to crack WEP-encrypted access point "2WIRE752" endlessly -- program will not stop until key is cracked or user interrrupts with ^C):

http://code.google.com/p/wifite/

Isnin, 27 Disember 2010

Linux Root Password Recovery

"root" is the super user of Linux Operating System and he has full privilege to do anything on it. and if you forgot the root users password then it is very helpless situation for you. in this situation you will not able to do any changes in Linux Operating system, and as a standard user you do not have such privilege who has root user. but do not vary about this problem, Linux operating system has solution for this problem.

Before do this you need some basic concept about "init" process. init is father of all Linux processes and it is first process which is executed at the time of booting after the loading Linux kernel in to the RAM. By default init has 7 run levels and every run level has specific use.

Default runlevel. The runlevels used by Linux are:
# 0 - halt (Do NOT set initdefault to this)
# 1 - Single user mode
# 2 - Multiuser, without NFS (The same as 3, if you do not have networking)
# 3 - Full multiuser mode
# 4 - unused
# 5 - X11
# 6 - reboot (Do NOT set initdefault to this)

This run levels you can change by 3 different ways in Linux Operating System

  1. In first method you can change run level from init configuration (/etc/inittab) file it will be permanent,
  2. In Second method run levels can change from Linux command prompt,
  3. You can also change run level temporary at the booting time.

For recover root password you will use third method change run level while booting. Step by step procedure describe below

Step - 1. Boot you which root Linux and grub boot loader screen will appear press "Enter" key and you will be in following screen, and hear type "e" to go in to edit mode.

image

Step - 2. In the edit windows select line which start from "kernel" and again press "e" to edit this line.

image

Step - 3. Now you are in Line editing mode and curser will be at end of the kernel line, at the end of line first press "space bar" and then type "1" and press "Enter" and then press "b" to boot the Linux with the new setting. and boot will start.

image

Step - 4. Wow see what happed you are in shall prompt without username and password, this is magic of Single user mode in Single user mode Linux never ask for username password to enter in to Linux system.

image

Step -5. Now at shall prompt type "passwd" command to change root password and for change password system will not ask for previous password, hear type new password and retype same password and you root password is changed reboot you Linux and login as a root with the new password and enjoy it.

image

Warning - In our world every thing has good side as well as bad side also. Linux Signal user mode also has bad side if anybody has physical accesses on you system so he can use single user mode to change root password, so you need to secure you systems single user mode for this two sequence of methods

  1. Protect your system with Bios Password.
  2. And use grub password to protect the grub editing mode while booting
http://blog.laksha.net

Uninstall Linux From Dual boot System With Windows

This is very obvious question about dual booting computer, means if you have install Windows and Linux both in deferent partitions, and any reason you want to uninstall Linux from your computer, to do this some users delete the Linux partition but groub is still in MBR and after deleting Linux partition they will face new problem when computer will reboot the system load groub from MBR but groub configuration file also deleted with Linux partitions and now groub prompt will appear and your system will not boot Linux as well as Windows also, to solve this problem you have to remove groub from MBR

With the following step by step procedure you can uninstall or delete Linux completely and safely.

Requirements:

You need a windows xp startup disk or windows installation bootable CD.

Step by step procedure:

1. First Reboot your computer with windows 98 start up disc or Windows CD (with Recovery Console option) and type the following command.

“fixmbr”

2. "fixmbr" command will replace grub loader of Linux and repair yours bootloader and rewrite ntldr on MBR of Hard Disk, now you will see only Windows in the boot menu.

3. Now Boot up with your windows operation system

4. And with use of Disk Manager delete the Linux partition

To run Disk Manager

Go to Start > Control Panel > Administrative Tools > Computer Management

5. Go to Disk Management under “Storage”

6. Select your Hard Disk and then select the Linux partition and delete the Linux partition this will delete Linux and grub from boot partition of Linux.

http://blog.laksha.net

Ubuntu Static IP

setup static IP address under Ubuntu

Ubuntu Linux stores all network configuration option in /etc/network/interfaces configuration file. You need to open this file using a text editor such as vi or gedit.

Open terminal (command line)

Type the following command:
#sudo vi /etc/network/interfaces
OR
sudo gedit /etc/network/interfaces
Make the changes as follows:

auto eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.254

Save and close the file. Restart networking:
$ sudo /etc/init.d/networking restart

Configure Manual IP Address In BackTrack

BackTrack is the very famous Live CD Linux Distribution, and it is use for Penetration testing and it has wide range of security tools, to connect BackTrack computer with the network you have to configure IP address on the LAN Interface

To configure IP Address on the eth0 interface

#ifconfig eth0 10.0.12.13

If you want to configure IP Address with Subnetmask use following COmmand

#ifconfig eth0 10.0.12.50 netmask 255.255.248.0

To manually configure default gateway:

#route add default gw 10.0.8.1 eth0

To Configure DNS servers IP Address:

#echo nameserver 4.2.2.1 > /etc/resolv.conf

#echo nameserver 4.2.2.2 >> /etc/resolv.conf

Turn on the LAN Card

#ifconfig eth0 up

To see Full Information about LAN Card

#ifconfig -a

http://blog.laksha.net

Selasa, 7 Disember 2010

BackTrack 4 R2

BackTrack 4 R2 Released

Welcome to backtrack-linux.org, home of the highest rated and acclaimed Linux security distribution to date. BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking. Regardless if you’re making BackTrack your primary operating system, booting from a LiveDVD, or using your favorite thumbdrive, BackTrack has been customized down to every package, kernel configuration, script and patch solely for the purpose of the penetration tester.

BackTrack 4 R2 Released!

back|track R2

BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tools collection to-date. Our community of users range from skilled penetration testers in the information security field, government entities, information technology, security enthusiasts, and individuals new to the security community.

Feedback from all industries and skill levels allows us to truly develop a solution that is tailored towards everyone and far exceeds anything ever developed both commercially and freely available. The BackTrack Project is funded by Offensive Security.


http://www.backtrack-linux.org

Ahad, 5 Disember 2010

Lindungi Diri Anda Dari Session Hijack

Saya senaraikan beberapa kemudahan yang boleh menggunakan SSL (HTTPS) secara terus, dan akan sentiasa dikemas kini. Hanya sambungan laman dapat saya sediakan.

(1) Anda perlu tahu sama ada anda dalam Secure Site atau SSL (HTTPS) rujuk disini.


Bahagian Browser integration

Mozilla Firefox


Untuk Internet Explorer rujuk


(2) Gunakan extension Firefox ini untuk sentiasa menggunakan HTTPS bila melayari Internet (bagi laman web yang menyokongnya). Ini berguna untuk capaian ke laman web Facebook dan Twitter.

Muat turun di sini




Anda perlukan pelayar Internet Mozilla Firefox


(3) Capaian Selamat Dengan Google Gmail


Secara umum Gmail menggunakan HTTPS. Anda boleh memastikan ia dengan perkara 1.

(4) Capaian Wikipedia Cara Selamat (Secure Server)


Petua paling mudah adalah, apabila keluar notis yang pelik-pelik dari broswer anda, seperti https certificate invalid. Maka hentikan pelayaran anda. Anda mungkin kena Session Hijack.

sumber : http://cikgucyber.blogspot.com