Posts

Showing posts from August, 2009

Pass-the-Hash Attack with Backtrack 4

For the uninitiated, a pass-the-hash attack is a way to gain access to a Windows machine without having to supply user credentials. Sounds great yeah? Cool, now you can go ahead and delete Cain and john because your password cracking days are over? Well, not quite. Before you get too excited you should realize there's a catch -- you must first have in your possession a password hash of the machine that you want to compromise. So now you're probably asking yourself, "Why is that useful if I need to have access to the box in the first place?" Well, picture this: Say you were conducting a penetration test on Company X and you were unable to crack the administrator password. Now, like most organizations, Company X is using the same administrator password on all of its machines. So gaining access to this password would allow you to pwn the entire network. Now lets say that Company X believes strongly in security, and has a 20 character random password for their administrat...

Installing Kismet on Backtrack 4 Pre Release

Backtrack 4 has all the bells and whilstles we love and have come to expect from Backtrack in the past. That said however, as Bakctrack is currenly in a "Pre Realease" version, there are a couple of teething issues with various bits and pieces. One such issue is with Kismet Newcore. Kismet is our friendly little wireless stumbler that we all love. In Backtrack 4 pre release you may have noticed it is either missing functionality, or just plain doesn't work! Here is a quick guide for you to download an alternate version of Kismet Newcore and install it on Backtrack 4: 1. Make sure your network adapter is on # dhclient eth0 2. Change your director to /usr/src to download the Kismet Newcore source code # cd /usr/src 3. Download the Kismet source using the built-in subversioning software # svn co https://kismetwireless.net/code/svn/trunk kismet 4. Open the newly created kismet directory # cd kismet 5. Confrigure and make the source code # ./configure --prefix=/opt && ...

Installing Nessus on Backtrack 4

Here is an easy to follow tutorial on installing nessus on the Backtrack 4 Pre Release. This is courtesy of secure_it at the remote-exploit forums . First download these packages Nessus-3.2.1-ubuntu804_i386.deb NessusClient-3.2.1-debian4_i386.deb (I have chosen debian package because NessusClient-3.2.1.1-ubuntu804.i386.deb was missing some of dependencies and was not installing correctly.instead the debian package worked like a charm as its upto-date with dependencies and it produces no error at all. Next register your copy to get plugins update using homefeed and please provide the real mail ID as they will send you the activation key for homefeed. Regsiter Here Click accept and enter a valid working email ID. now we start installing the packages. root@ThUndErbOLt:~#dpkg -i Nessus-3.2.1-ubuntu804_i386.deb now configure the certificate & admin user for nessus root@ThUndErbOLt:~#/opt/nessus/sbin/nessus-mkcert (this is neccessary to communicate between nessus client to nessus daemo...