Saturday, November 23, 2013

Starting Metasploit Framework

In keeping with the Kali Linux Network Services Policy, there are no network services, including database services, running on boot so there are a couple of steps that need to be taken in order to get Metasploit up and running with database support.

Start the Kali PostgreSQL Service

Metasploit uses PostgreSQL as its database so it needs to be launched first.

service postgresql start

You can verify that PostgreSQL is running by checking the output of ss -ant and making sure that port 5432 is listening.

State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :::22 :::*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:5432 *:*
LISTEN 0 128 ::1:5432 :::*

 

Start the Kali Metasploit Service

With PostgreSQL up and running, we next need to launch the metasploit service. The first time the service is launched, it will create a msf3 database user and a database called msf3. The service will also launch the Metasploit RPC and Web servers it requires.

service metasploit start

 

Launch msfconsole in Kali

Now that the PostgreSQL an Metasploit services are running, you can launch msfconsole and verify database connectivity with the db_status command as shown below.

msfconsole
msf > db_status
[*] postgresql connected to msf3
msf >

 

Configure Metasploit to Launch on Startup

If you would prefer to have PostgreSQL and Metasploit launch at startup, you can use update-rc.d to enable the services as follows.

update-rc.d postgresql enable
update-rc.d metasploit enable

tutorial from kali.org 

happy hunting...!!!

Install NVIDIA Drivers on Kali

This document explains how to make use of NVIDIA video hardware and install the drivers on a Kali Linux system. The first step is to fully update your Kali Linux system and make sure you have the kernel headers installed.
 
apt-get update
apt-get install -y linux-headers-$(uname -r)
Next, download the latest NVIDIA driver for your architecture and video card here. To locate your NVIDIA card model, execute the following command.


root@kali:~# lspci | grep -i vga
02:00.0 VGA compatible controller: NVIDIA Corporation GT218 [GeForce G210M] (rev a2)
03:00.0 VGA compatible controller: NVIDIA Corporation C79 [GeForce 9400M G] (rev b1)

The next step is to disable the nouveau driver. Nouveau is a open source NVIDIA driver project, however it lacks the 3D graphics acceleration needed to run Cuda pentest tools.

 sed 's/quiet/quiet nouveau.modeset=0/g' -i /etc/default/grub
update-grub
reboot


Once the system has rebooted and you are looking at the GDM login screen, press CRTL+ALT+F1 in order to get to a TTY, which will be a black screen with a login prompt. We need to login as root and stop the gdm3 service as follows.

 service gdm3 stop

If you are on a 64-bit Kali system, you may want to install the ia32-libs package in order to allow the NVIDIA installer to install the 32-bit libraries, although this is optional. If you choose not to do it, simply select no when the installer asks if you want to install the 32-bit libraries.

dpkg --add-architecture i386
apt-get update
apt-get install ia32-libs 


Assuming you downloaded the NVIDIA driver to your /root/ directory, we need to give it executable permissions and run it.

chmod 755 NVIDIA-Linux-x86_64-310.44.run
./NVIDIA-Linux-x86_64-310.44.run 


Once the installer finishes, you should reboot your machine. Once the system boots back up, you may see a NVIDIA splash screen, which will indicate that the drivers installed correctly, however, this is not always the case. In order to check if the drivers are working properly, execute the following command.

root@kali:~# glxinfo | grep -i "direct rendering"
direct rendering: Yes


Although utilizing the Cuda tools included in Kali is beyond the scope of this article, checking to make sure that they are working properly is always a good idea. The following command uses Oclhashcat-plus with some of the example files included in the package.

cd /usr/share/oclhashcat-plus/
./cudaHashcat-plus.bin -t 32 -a 7 example0.hash ?a?a?a?a example.dict
cudaHashcat-plus v0.14 by atom starting...

Hashes: 6494 total, 1 unique salts, 6494 unique digests
Bitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes
Workload: 256 loops, 80 accel
Watchdog: Temperature abort trigger set to 90c
Watchdog: Temperature retain trigger set to 80c
Device #1: GeForce G210M, 511MB, 1468Mhz, 2MCU
Device #2: GeForce 9400M G, 253MB, 1100Mhz, 2MCU
Device #1: Kernel ./kernels/4318/m0000_a1.sm_12.64.ptx
Device #2: Kernel ./kernels/4318/m0000_a1.sm_11.64.ptx

Generated dictionary stats for example.dict: 1210228 bytes, 129988 words, 129988 keyspace

27b797965af03466041487f2a455fe52:mo0000
a48dd0f09abaf64324be83ce86414b5f:ap2300000
7becb9424f38abff581f6f2a82ff436a:sail00
1459ccf0940e63051d5a875a88acfaaf:pigi00
3baa3048651a65d1260eb521ab7c3bc0:ek110
7a7a8220266f71f54f85685969ce999f:davi0123456789
98c627ca129e64dfff3bf08fbaab6c86:fire01man


As you can see in the output above, the cards are recognized and the passwords are being recovered successfully.

thank to the kali.org for this tutorial. try to help my friend.

happy hunting!! 

Thursday, September 12, 2013

Improved SDR Support for Kali Linux

The blog at needsec.com brings us news that Kali Linux is soon to be updated to version 1.0.5 which will come with several software defined radio tools preinstalled. Kali is a Debian Linux based operating system that is popular with the security and penetration testing community as it comes with several relevant tools preinstalled. This new version adds several useful SDR software programs including
  • Kalibrate for RTLSDR
  • gr-air-modes
  • RTLSDR Scanner
  • pyrtlsdr
  • GNU Radio Signal Scanner
  • libosmocore 0.6.3
  • grextras
  • gr-baz
  • gr-osmosdr
  • gr-iqbal
  • rtl-sdr 0.5.0
  • HackRF for SDR
  • gr-fcdproplus for SDR
  • UHD Images
via needsec.com 

RTL-SDR Monitoring Radio Wave

RTL-SDR Dongle

What is RTL-SDR?
RTL-SDR is a very cheap software defined radio that uses a DVB-T TV tuner dongle based on the RTL2832U chipset. With the combined efforts of Antti Palosaari, Eric Fry and Osmocom it was found that the signal I/Q data could be accessed directly, which allowed the DVB-T TV tuner to be converted into a wideband software defined radio via a new software driver.
Essentially, this means that a cheap $20 TV tuner with the RTL2832U chip can be used as a computer based radio scanner. This sort of scanner capability would have cost hundreds or even thousands just a few years ago.
There are many other software defined radios similar to the RTL-SDR, but they all come at a much higher price. The FunCube PRO+ is a good receiver similar to the RTL-SDR, priced at around $190 USD. There is also the soon to be released HackRF (~$300USD) and BladeRF SDRs ($420 and $650), which can both transmit and receive.

What is Software Defined Radio?

Radio components such as modulators, demodulators and amplifiers are traditionally implemented in hardware components. The advent of modern computing allows these traditionally hardware based components to be implemented into software instead. Hence, the software defined radio. This enables easy signal processing and thus cheap wide band scanner radios to be produced.

What are some RTL-SDR Radio Scanner Applications?

The RTL-SDR can be used as a wide band radio scanner. Applications include
Furthermore, with an upconverter or direct sampling mod to receive HF signals the applications are expanded to
  • Listening to amateur radio hams on SSB with LSB/USB modulation.
  • Decoding digital amateur radio ham communications such as CW/PSK/RTTY/SSTV.
  • Receiving HF weatherfax.
  • Receiving digital radio monodial shortwave radio (DRM).
  • Listening to international shortwave radio.
  • Looking for RADAR signals like over the horizon (OTH) radar, and HAARP signals.
Note that not all the applications listed may be legal in your country. Please be responsible.

What is the RTL-SDR frequency range?

This is dependant on the particular tuner variant used in the dongle.
TunerFrequency range
Elonics E400052 – 2200 MHz with a gap from 1100 MHz to 1250 MHz (varies)
Rafael Micro R820T24 – 1766 MHz
Fitipower FC001322 – 1100 MHz
Fitipower FC001222 – 948.6 MHz
FCI FC2580146 – 308 MHz and 438 – 924 MHz (gap in between)
Table Source: Osmocom
As you can see from the table, the Elonics E4000 and Rafael Micro R820T dongles have the greatest frequency range.

What is the RTL-SDRs sample rate?

The maximum sample rate is 3.2 MS/s (mega samples per second). However, the rtl-sdr is unstable at this rate and may drop samples. The maximum sample rate that does not drop samples is 2.8 MS/s.

What is the RTL-SDR’s ADC resolution?

The resolution is 8 bits.

What is the RTL-SDR input impedance?

Input impedance is dependent on the tuner used in the dongle. Input impedance will always be either 50 or 75 ohms.
The R820T has an input impedance of 75 ohms according to the datasheet which can be downloaded here.

What dongle should I buy?

The cheapest and most common dongle at the moment is the Rafael Micro R820T. It can be bought for about $20 USD.
The Elonics E4000 used to be the most common, but Elonics has closed and ceased chip production, making the E4000 rarer and much more expensive these days.
The R820T also is generally regarded as having better performance and sensitivity. For ADSB, the R820T is much more sensitive at 1090MHz. For these reasons, the R820T is currently the recommended dongle, unless you need the greater frequencies the E4000 provides.
Be careful when buying a dongle as certain sellers tend to misrepresent their devices (knowingly or unknowingly) as having compatible tuners, when in fact they may send out a device with an incompatible tuner.
See the BUY RTL-SDR page for more information about where to obtain dongles from reputable sources.

I already have a USB TV Tuner, is it Compatible?

An up to date list on compatible and incompatible tuners can be found on this reddit wiki page.

Comparisons with other Wideband Commercial Software Defined Radios

SDRTune Low (MHz)Tune Max (MHz)RX Sample Rate (MHz)ADC Resolution (Bits)Transmit?(Yes/No)Price ($USD)
RTL-SDR (R820T)24 17663.28No~20
Funcube Pro6417000.09616No150
Funcube Pro+0.15
410
260
2050
0.19216No200
HackRF306000208Yes~300
BladeRF30038004012Yes400 & 650
USRP 1DC60006412Yes700
MatchStiq30038002812Yes4500


Useful Links

http://sdr.osmocom.org/trac/wiki/rtl-sdr - Official rtl-sdr osmocom website
http://www.reddit.com/r/RTLSDR – Reddit rtl-sdr forum

https://groups.google.com/forum/#!forum/ultra-cheap-sdr - Google groups forum
www.sdrsharp.com - SDRSharp official website
www.rtlsdr.org - RTL-SDR community Wiki
http://www.dxzone.com/ - A good ham related database useful for research
http://www.dangerousprototypes.com - A blog about open source hardware projects that often has SDR related posts.
http://www.hackaday.com – A blog about DIY hardware that also often has SDR related posts.
http://sdrformariners.blogspot.com/ - SDR for mariners. A new blog about marine related RTL-SDR applications.

Wednesday, July 31, 2013

Wifislax 4.6 - Security and Forensic Tools


Wifislax 4.6, an updated build of the Slackware-based live CD with a collection of security and forensics tools, has been released. This is mostly a maintenance release to fix a serious bug in Reaver, a WiFi passphrase brute-force attack utility, the use of which resulted in segmentation fault in the previous release of Wifislax. The Linux kernel has been updated to version 3.6.11 with a number of new drivers to support tablets, touchscreen devices, multi-function printers, etc. The KDE desktop has been upgraded to version 4.10.5 and an option to boot into a lighter Xfce desktop remains available. Other package upgrades include Firefox 22.0, OpenJDK 7u25 and Wireshark 1.10.0, as well as the latest version of the Flash browser plugin. A number of new programs, such as nano and texinfo, have been added. The release announcement which contains a full changelog is in Spanish only, but the distribution itself can boot into either Spanish or English localisation of the KDE or Xfce desktops.

download from here:

wifislax 


happy hunting !!!

Sunday, June 23, 2013

PentesterLab.com – Excercises To Learn Penetration Testing

PentesterLab is an easy and straight forwards way to learn the basics of penetration testing. It provides vulnerable systems in a virtual image, and accompanying exercises that can be used to test and understand vulnerabilities.
Just decide what course you want to follow, download the course and start learning. You can easily run the course using VMware, no Internet access is required.


 What will you learn?
  • Basics of Web
  • Basics of HTTP
  • Detection of common web vulnerabilities:
    • Cross-Site Scripting
    • SQL injections
    • Directory traversal
    • Command injection
    • Code injection
    • XML attacks
    • LDAP attacks
    • File upload
  • Basics of fingerprinting
Requirements
  • A computer with a virtualisation software
  • A basic understanding of HTTP
  • A basic understanding of PHP
  • Yes, that’s it!
You can download the materials and ISO images here:

web_for_pentester.pdf (2.4M)
web_for_pentester.iso (64-bit, 175M, MD5: f6e0df10de6d410293ba7a838d31f917)
web_for_pentester_i386.iso (32-bit, 172M, MD5: 5e6cdf5fa3356a4c08b34ccd076a63ae)

 
Or read more here.

 From Darknet

happy hunting!!

Thursday, May 30, 2013

BackTrack 5 R3 now transform to Kali Linux

Maybe not to late that i post this news to all BackTrack fan out there that the production of BT 5 will end then will be replace by Kali Linux here the news and try it you will be feel the BT inside Kali.

Offensive Security has announced the release of Kali Linux 1.0, a Debian-based distribution with a collection of security tools for forensic analysis and penetration testing. This is a major new update of the project's flagship distribution formerly known as BackTrack (based on Ubuntu). From the release announcement: "After a year of silent development, Offensive Security is proud to announce the release and public availability of 'Kali Linux', the most advanced, robust, and stable penetration-testing distribution to date. Kali is a more mature, secure, and enterprise-ready version of BackTrack. Trying to list all the new features and possibilities that are now available in Kali would be an impossible task on this single page. We therefore invite you to visit our new Kali Linux website and Kali Linux documentation site to experience the goodness of Kali for yourself."

Quick download link:

 kali-linux-1.0-amd64.iso (2,088MB, SHA1, torrent).

happy hunting!!!!

Sunday, April 14, 2013

Evil Foca (Alpha Version) is a tool for Pentesters and Security Auditors to perform security testing in IPv4/ IPv6 data networks.


Evil Foca (Alpha Version) is a tool for Pentesters and Security Auditors to perform security testing in IPv4/ IPv6 data networks. The tool is capable to do different attacks such as:
  • MITM on IPv4 networks using ARP Spoofing and DHCP ACK injection.
  • MITM on IPv6 networks using Neighbor Advertisement Spoofing, SLAAC Attack, fake DHCPv6.
  • DoS (Denial of Service) on IPv4 networks using ARP Spoofing.
  • DoS (Denial of Service) on IPv6 networks using SLAAC Attack.
  • DNS Hijacking.
Automatically takes care of network scan and identify all the devices and their respective network interfaces, specifying their IPv4 and IPv6 addresses and physical addresses.



Evil Foca is divided into 4 panels, the left panel shows the devices found on the network, where you can add them, and filter the result The second panel, arranged in the center with all the possible attacks to perform with the tool, and on the right a short description of each one.Under the previous panel, shows the attacks being made, its configuration and status, allowing on or off. Finally, the bottom panel where shows the event log of Evil Foca.

Download and test here: - Evil Foca

Happy Hunting!!!

Wednesday, April 10, 2013

Tools and Exploits

Here is a collection of coding samples, tools, and misc. other things that we have written over the past. All source code published on this website is considered copyrighted material and licensed under the FreeBSD licensing agreement found here: http://www.freebsd.org/copyright/freebsd-license.html. At the tail of of this page you can find the full copyright disclosure.
BypassUAC – Attack that allows you to bypass Windows UAC in Windows Vista and Windows 7 both on x86 and x64 operating systems. This issue has still not been patched to-date and can still be exploited on the most recent operating systems.
Download BypassUAC here.

EgressBuster – Simple port knocking tool that uses a client/server model for identifying open ports within a network. This is useful for finding egress points within the network.
Download EgressBuster here.
PowerShell_PoC – zip file containing a number of powershell samples including SAM database dumping, reverse shells, bind shells, all natively written in PowerShell
Download PowerShell_PoC here.

Metasploit_Modules – These are a mixture of Metasploit modules we have written in the past. Most of these have already been incorporated into the framework.
Download Metasploit_Modules here.
Encrypted_http_shell.zip – Contained source code and complied binaries of a server client reverse shell that communicates natively on HTTP channels. This shell also leverages a static AES encryption key for encrypted transport of the data.
Download Encrypted_http_shell here.
Simple_py_shell – This is a simple reverse shell written in Python.
Download Simple_py_shell here.
F5 BIG-IP Remote Root Authentication Bypass Vulnerability
F5 BIG-IP Remote Root Authentication Bypass Vulnerability Download
MySQL Remote Root Authentication Bypass
MySQL Remote Root Authentication Bypass Download
Egress Buster Reverse Shell – Brute force egress ports until one if found and execute a reverse shell
Download Egress Buster Reverse Shell
PyBuild is a tool for automating the pyinstaller method for compiling python code into an executable. This works on Windows, Linux, and OSX (pe and elf formats)
Download PyBuild
Another simple reverse shell written in Python (BSIDESLV and Defcon 20 Demo)
Download Simple Reverse Shell
SQL Brute force tool that brute forces MSSQL with wordlist. Second file adds local administrator on machine and re-enabled xp_cmdshell stored procedure
Download SQLBrute
PyInjector is a quick python script to inject shellcode straight into memory. This is often used as an AV evasion technique to circumvent security controls. Initial post found here and credit here: http://www.debasish.in/2012_04_01_archive.html
Download PyInjector
The Dell Drac and Chassis Scanner for Default Credentials v0.1a is a script that will scan CIDR notations looking for default installations of Dell DRAC and Chassis implementations. By default, dell DRAC and Chassis management servers ship with default credentials of root/calvin. By using this, you can interface with the console which has an operating system loaded on it. Mount a virtual media device remotely (an iso), reboot the server and compromise the underlying operating system. Step by step tutorial here:
Owning Dell DRAC for ONE AWESOME HACK! – Blog Post
Download Dell Drac and Chassis Scanner for Default Credentials v0.1a\

 for more news check this https://www.trustedsec.com

happy hunting!!!

Sunday, January 13, 2013

CERT Failure Observation Engine (FOE) – Mutational Fuzzing Tool

The CERT Failure Observation Engine (FOE) is a software testing tool that finds defects in applications that run on the Windows platform. FOE performs mutational fuzzing on software that consumes file input. (Mutational fuzzing is the act of taking well-formed input data and corrupting it in various ways, looking for cases that cause crashes.) The FOE automatically collects test cases that cause software to crash in unique ways, as well as debugging information associated with the crashes. The goal of FOE is to minimize the effort required for software vendors and security researchers to efficiently discover and analyze security vulnerabilities found via fuzzing.

Note: this software package contains both the source code for the distribution and a binary installer package for Windows. The installer package will attempt to install FOE and all of its dependent software packages on the system. If you wish to evaluate the binary installer, it is highly advisable to do so on a non-enterprise system devoted solely to testing. An ISO image is also available for convenient use within a Windows virtual machine instance.

At the CERT/CC, we have already used the FOE infrastructure to find a number of critical vulnerabilities in products such as Adobe Reader, Flash Player, and Shockwave player; Microsoft Office and Windows; Google Chrome; Oracle Outside In; Autonomy Keyview IDOL; Apple QuickTime; and many others.
Note: Because fuzzing can fill temporary directories, put the target application in an unusable state, or trigger other operating-system-level bugs, we recommend that FOE be used in a virtual machine.


You can download FOE here:
http://www.cert.org/vuls/discovery/foe.html

 Happy Hunting!!!!