Injecting Cymothoa to Ubuntu

Cymothoa is a backdoor that can inject itself into the running process.

Here's a way to Inject a cymothoa backdoor to ubuntu in virtualbox.

1. I will use a webserver in /var/www to transfer the cymothoa to ubuntu.

# cd /var/www

# mkdir cymo

# cp /pentest/backdoors/cymothoa/cymothoa /var/www/

Privilege Escalation (Part 2) : Cracking Password Encryption Using John The Ripper

Okay, on the previous post we've already get to see the content on /etc/shadow file. Now, lets try to dechiper the password encryption using John the Ripper.

1. Go to the john folder.

# cd pentest/passwords/john

2. Lets copy content of the shadow file to the gedit and then save with the same directory as john for easier access, or if you want to tidy it up, make a new folder to save a temporary file that will be cracked by john. Delete all text other than the username and the encrypten password.

3. Lets crack it. Basically when you're not specify the attacking method, John wil use "Single Crack Mode" then "Wordlist Mode" and the last is "Incremental Mode".

Privilege Escalation (Part 1) : Reading "/etc/shadow" File

Hello again,

Lets talk a little about Linux password management.

At first all username and password in Linux is stored in the file /etc/passwd. It is encrypted. But as time goes on and the information security gets serious, this method is changed. 

There is a new file at /etc/shadow that used to encrypt the /etc/passwd. So, the file can only be accessed by the root.

Today, my sensei ordered me to do privilege escalation on 192.168.0.21

Here is what I did.

Privilege Escalation at Glance

Before discussing more about privilege escalation, first we must know what is 'privilege'. Privilege is the level of authority given to user on a specific system or file. Or we can say that privilege is 'what the user are permitted to do". For example, a general user doesn't have the privilege to change the sytem settings on a machine while the administrator have it.

So, what if the general user what to change the system settings but doesn't know the administrator password? A general person will do nothing about it, but a hacker will do something to get the access that they are actually not entitled to. And that is something called Privilege Escalation.

Use Metasploit Backdoor

Ok, here is the method to use the backdoor that we've created before (refer to this post : http://scx010c075.blogspot.com/2012/01/exploit-windows-xp-sp3-using-metasploit.html  )

1. Load up your metaspoloit console

# msfconsole 

2. type these..

Exploit Windows XP SP3 Using Metasploit (msfconsole)

Holla Guys,

Lets do some exploitation.  :D

1. Startup your XP in Virtualbox
(for those who haven't installed xp in virtualbox can see the tutorial here

2. Make sure that the host(BT 5r1) and the XP are connected each other.

Hacking Framework

Here's the phases of hacking/hacking framework.

1. Information Gathering

2. Service Enumeration

3. Vulnerability Assessment

4. Exploitation

5. Backdooring

6. Housekeeping

7. Rootkit/Maintain Access

Lets study these phase one by one.

Vulnerability Assessment using Nessus

Lets try to do a Vulnerability Assessment using Nessus.

For those who haven't installed Nessus on the system, you can follow this tutorial.

Get started.

1. Start nessus service

# /etc/init.d/nessusd service

2. Open your browser and type in "https://localhost:8834" (remember that to connect to nessus you must use ssl and port 8834). 

3. Login with your account.

4. To start a new Scanning Task click "Scan" then "Add"

Vulnerability Assessment at Glance

Hello Guys,
Lets talk about Vulnerability Assessment.

First, we must know what is Vulnerability. (you can go to this post) 
Vulnerability is a weak point/spot of a system that can be attacked/exploited by someone through a series of method and technique to take over the control over the system. There are three types of vulnerability, Hardware Software and Human/Brainware.

Creating Spoiler

To prevent long post and minimize scrolling, Use this code in your blog to create spoiler

---------------------------------------------------------------------------------------------

<div style="margin: 5px 20px 20px;">

<div class="smallfont" style="margin-bottom: 2px;"><b>Spoiler</b>: <input value="Open" style="margin: 0px; padding: 0px; width: 55px; font-size: 11px;" onclick="if (this.parentNode.parentNode.getElementsByTagName('div')[1].getElementsByTagName('div')[0].style.display != '') { this.parentNode.parentNode.getElementsByTagName('div')[1].getElementsByTagName('div')[0].style.display = ''; this.innerText = ''; this.value = 'Close'; } else { this.parentNode.parentNode.getElementsByTagName('div')[1].getElementsByTagName('div')[0].style.display = 'none'; this.innerText = ''; this.value = 'Open'; }" type="button">

</div>

<div class="alt2" style="border: 1px inset ; margin: 0px; padding: 6px;">

<div style="display: none;">

Post Goes Here!!

<br>

</div>

</div>

</div>

----------------------------------------------------------------------------------------------

That code will make this spoiler.

Spoiler:

Post Goes Here!!

Have fun :)

Installing Nessus

Nessus is a powerfull Vulnerability Scanner. Unfortunatelly, since version 3, Nessus is no longer an Open Source software. Now the stable version available is 4.4.1

Ok, Lets get started. 

Download the installation packet from the official page at www.nessus.org

Download the package for the Ubuntu 10.04 (32 bit)

After that, just install the package like usual .deb file.

Site Information Gathering

Ok, next assignment from my sensei.

Perform information gathering on these sites..

is2c-dojo.net

is2c-dojo.com

www.spentera.com

Hmm..
after some time scanning, here's my result :

My First Information Gathering

Information Gathering is the first step of hacking/pentesting, 

Its purpose is to get as much information on the target system by any means.

Information gathering divided into two : 

A. Technical

   Technical Information gathering use the tools available actively. Technical information gathering also divided into two more :

     1. Active Information Gathering

        This technique interact with the target system directly (ex. scanning).

     2. Passive Information Gathering

       This technique doesn't interact with the target system directly(ex.googling)

B. Non Technical

    This kind of information gathering doesn't involve the tools available actively (ex. social engineering)

Today, my sensei gave an assignment to perform a network and web information gathering at the network 192.168.0.xxx.

With a few knowledge of the tools used in information gathering I perform some test on the network.

So, here's my result of the information gathering.

Installing & Connecting Ubuntu and Windows in Virtualbox ~ Part 3 [end]

Ok, we have got ubuntu and windows installed on the backtrack's virtualbox.

Lets do some more configuration to connect these three system.

1. Start Virtualbox.

2. Select the OS that you want to be configured first. I choose the Windows XP. Click "Settings".

Installing & Connecting Ubuntu and Windows in Virtualbox ~ Part 2

After installing Windows XP, now we continue to install Ubuntu in the Virtualbox.

Ok, lets get start.

1. Click "New" from the virtualbox main window.

2. Name your OS and Choose its Type.

Installing & Connecting Ubuntu and Windows in Virtualbox ~ Part 1

Okay, lets make some preparation to setup our Penetration Testing Lab.

In this tutorial I use Virtualbox 4.1, Ubuntu-10.04-desktop-i386, Windows XP Professional SP3 and Backtrack 5r1 of course..  :)

Lets get started.

1. Open your Virtualbox

2. Click New

Install Flash Player in Backtrack

Greetings..

I'm sure that the reason why you arrive here is because you want to watch some video in Backtrack's Firefox, But unfortunatelly your flash player didn't work properly because it need to be updated.  :P

Here's a way to make your Firefox can play flash :

1. First, we need to remove the current installed version. Perform these commands in Terminal.

# apt-get purge flashplugin-nonfree flashplugin-installer gnash gnash-common mozilla-plugin-gnash swfdec-mozilla
# rm -f /usr/lib/firefox/plugins/*flash*
# rm -f /usr/lib/firefox-addons/plugins/*flash*
# rm -f /usr/lib/mozilla/plugins/*flash*
# rm -f ~/.mozilla/plugins/*flash*so
# rm -rfd /usr/lib/nspluginwrapper

Multimedia in Backtrack

As you noticed that Backtrack didn't come with standard music and video player like general Linux. 
But if you want to install it, just follow these steps 


First, we need to install restricted extras

# apt-get install ubuntu-restricted-extras kubuntu-restricted-extras

Then, install mplayer and some codecs

# apt-get install gstreamer0.10-ffmpeg gstreamer0.10-fluendo-mp3 gstreamer0.10-plugins-bad gstreamer0.10-plugins-ugly mplayer

After that you choose yourself what software that would handle your music and video. There are a lot of good music and video player for linux out there.
Here are some of them :

Install Backtrack 5 R1 (Text Mode)

For you who want to install Backtrack 5 R1 via text mode..

Here's what you must do :

# wget http://bt.gxrg.org/other/tools/script/shell/bt4-5-manual-install/install-bt5-r1.sh
# sh install-bt5-r1.sh

PenTest at Glance

What is Pentest ??

PenTest is the acronym for Penetration Test, 

Penetration Test itself is a method to evaluate the security of a computer or a network by simulating possible real attack performed by Black hackers or cracker.

So generally, Pentest is not a bad activity and have a good ethics. By simulating the attack performed by the black hackers, Pentester also try to attack the system using the ways that also will possibly used by the real black hackers or crackers. PenTest is more to the defensive purpose (because after attack the system and find the weak point of the system, pentester will inform the admin of the system to fix it).

Linux Header

Anyone got problem make or make install a software package on Backtrack?

If that happened, maybe you not yet installed Linux Header or Kernel Header.

Linux headers are the header files used by Linux system to compile the kernel and othe applications which depend on the symbol or structures defined in these header files, or we can say in other word linux header is like kernel modules.

An example can be wlan card drivers. If the driver does not have a binary matching with the running kernel, the driver needs to be compiled with the header file.

To configure Linux-header in order to enable us make and make install a package in Backtrack just follow these simple step.

Backtrack USB Live/Persistent

All Linux Distros can be booted through a USB Flashdisk.
There's some software to make it like unetbootin or Linuxlive usb creator.
but I myself prefer to use Linuxlive usb creator because it more user friendly than unetbootin.
Unetbootin SS :

Linuxlive USB Creator SS :

So, here's a way to make you USB Flashdisk become a Backtrack nest's.

Installing Synaptic and Software Center on Backtrack

For those who new in Backtrack or even in Linux. Installing a software must be confusing cause we have to do it in the terminal with it's black and white interface.

But, since Backtrack is based on Ubuntu, lets install Synaptic and Ubuntu Software Center to make us easier to install software.

First, lets install the Synaptic Package Manager

# apt-get install synaptic

Wicd D-bus Error Fix

Wicd is the default GUI Network Manager for Backtrack 5. 

The problem appear when we open Wicd. Before the main wicd window open there always appear an error window showing that wicd can't connect to D-bus interface. 

Actually it don't have any effect in the connection, but still. It is very disturbing.

So, anyone got the same problem?

Here's a way to fix it.