Updating Backtrack-4 Beta ke "pwnsauce"

Sebenarnya sudah lama image vmware backtrack 4-beta nongkrong di hardisk gw, cuma baru kemaren sempat me-running-nya, karena di rasa out-of-date maka secepatnya harus di update :), berikut adalah langkah2 "kasar" dalam melakukan update Backtrack-4 Beta menjado Backtrack-4 PreFinal (pwnsauce):

Sebelumnya, tambahkan terlebih dahulu Repo backtrack terlebih dahulu:

• Menambahkan GPG Key,
  

root@bt:~#wget -q http://archive.offensive-security.com/backtrack.gpg -O- | apt-key add -

• Menambahkan repo BackTrack 4,

root@bt:~#echo "deb http://archive.offensive-security.com pwnsauce main microverse\
macroverse restricted universe multiverse" >> etc/apt/sources.list

dan hapus repo backtrack (repo.offensive-security.com) yang sudah tidak berfungsi, kemudian lakukan upgrade OS yang notabene dibangun dengan Ubuntu Intrepid Ibex (8.10), terlebih dahulu tambahkan gpg key untuk ppa.launchpad.net

root@bt:~#apt-get update && apt-get dist-upgrade -y 

Proses upgrade dari BT4 Beta akan merusak KDE anda alias "startx" tidak bekerja, dan untuk memperbaikinya, lakukan sbb:

root@bt:~# cd /etc/alternatives/
root@bt:/etc/alternatives# mv x-session-manager x-session-manager-broken
root@bt:/etc/alternatives# ln -s /opt/kde3/bin/startkde x-session-manager
root@bt:/etc/alternatives# startx

Upgrade pentest paket, pilih no 1, kemudian 9 untuk upgrade keseluruhan

root@bt:/pentest/exploits#./fast-track.py -i 

Selamat menikmati :)

Ipod touch; thxs God its BSD based

FYI, this posting should be informing about my new pentest application at my ex1a (ipod touch), but the problem is occurs when i run the screenshot application along with summerboard (which is already happen before), I tried to capture my nmap, ngrep and also aircrack-ng running on the ipod. My ipod suddently (crazy) blinking all the time with two button in the top-left , showing snap button and view button (screenshot application running).

The real problem is, i cant go to the main screen, because it`s locked out and blinking, ive restart it several time, until i can see my main screen (with all menu). But when i choose one application running, then the screen just freezing and i cant do anything, Thx God the wireless already set up, and I finally able to connect using ssh from my linux box, then i figure out whether uninstalling the apps from console (which i never try and knowing before) or kill the process. I choose option number two and figure out how to list the process, ps -axf (linux typical command) not working (im not so familliar with OSx or Bsd), then i list the command and finally found "ps -A" to list all the process and kill it immediately :)



Sorry folk there is no screenshot avaliable from the ipod for this pentest applications, just give u a remote screenshot below (until i found another (stable) screenshot applications for ipod)


The nmap and ngrep applications


list of my pentest apss and aircrack-ng applications


aircrack-ng in actions, cracking the WEP ivs file


And thx God, its not windows (the first things i do if its running windows in it, is reinstall the box):), and thx God im not following google to restore my ipod :)
Now, i have Metasploit, Nikto, Nmap, ngrep, and aircrack-ng (still unable to do injection)

enjoy(tm)

eX1a (iTouch) Parade

Nih, sebagian skrinsyut dari eX1a, biar gak BasBang, meskipun pasti norak bgt :P



yu ah mari(tm)

Bsd Gadget atau lebih dikenal iTouch

Sudah hampir 3 hari sejak teman gw mengabulkan titipan ipod touch (selanjutnya akan sering gw sebut iTouch) gw yang di beliin di US via adeknya (thx win), maka secape apapun gw (abis futsal) masih gw sempetin buat ngoprek iTouch, yup .. gadget satu ini adalah bener-bener fenomenal, bahkan Aple sendiri tidak akan pernah membayangkan jika ipod yang mereka buat dan khusus untuk pemutar lagu (dilengkapi video, kalender, kontak, dsb) malah menjadi gadget yang sangat ampuh di tangan para hacker. Banyak sekali kreatifitas yang muncul akibat di "jebolnya" akses ke system (salah satunya dengan celah pada mobile browser safari dalam "meng-handle" file TIFF).

Balik lagi ke ipod touch, dikarenakan kemampuan akses langsung ke system menggunakan super user (root) sudah bisa dilakukan, maka para hacker-pun membuatkan aplikasi yang dapat digunakan untuk melakukan installasi (Installer/Apptap), sampai kepada menginstallasi BSD Subsystem dilengkapi dengan Terminal untuk mengaksesnya (disamping berbagai aplikasi cantik dan bermanfaat lainnya seperti Mobi Quran). Gadget linux adalah salah satu idamanku yang belum terwujud, sudah lama ingin melinux-kan O2 milikku (baik xda atomku, atau bekas XDAku), yang sampai saat ini masih belum terwujud (dipaksa cukup puas dengan hanya menggunakan putty untuk melakukan remote connection pada mesin *nic). Sampai akhirnya Aple memutuskan untuk merilis iphone/ipod touch yang sudah mendukung Wifi (dengan celahnya), browser Safari (Dengan Celahnya) dan berbagai aplikasi manis lainnya, dan ternyata sampai akhirnya membuat iTouch menjadi salah satu gadget yang sangat pantas di perhitungkan (menurutku dan sebagian orang kurasa :p) dan oleh karena itu aku memutuskan untuk memiliki salah satunya dan jangan tanyakan kenapa aku memilih iTouch bukan iPhone padahal harganya beda tipis di US (lebih kurang 100 USD; bukan di sini :P).

Cara termudah untuk mengambil alih system pada versi 1.1.1 (kebetulan versi milikku 1.1.1, jika firmware yang dimiliki terbaru (1.1.2) maka untuk melakukan jailbreak kamu perlu mendongradenya terlebih dahulu ke 1.1.1) adalah dengan cukup mengakses situs jailbreakme.com menggunakan browser safari dari iphone/ipod . Pada situs ini terdapat sebuah file berjenis TIFF yang akan mengambil alih sistem ipod/iphone kemudian mendownload installer secara otomatis dan menginstallnya, lalu dengan baiknya melakukan patching terhadap iphone/itouch milikmu, hati-hati dengan koneksi wireless dan koneksi internet kamu, soalnya pada percobaan pertama gw tidak berhasil melakukan installasi "Apptap" yang nantinya akan menjembatani gw dalam menginstall aplikasi, dan sayangnya lagi itouch gw terlanjur di patch, sehingga apabila gw mencoba mengakses situs tersebut, maka tidak akan berjalan sebagaimana mestinya (mengeksploitasi, menginstall dan mempatch) dan alhasil gw perlu merestore ulang iPod gw*.

Setelah kemudian melakukan installasi BSD subsystem, OpenSSH, terminal, mobile finder (sejenis explorer, mobile text, DNS tools, stumbler, mobi Quran, services (untuk mengatur services seperti ssh), python dan perl, dan banyak lagi :). Sekarang gw sedang mengkopikan metasploit framework 2.7 dan nikto yang berbasis perl ( ruby belum stabil ) via SFTP.Updated; gw telah berhasil menjalankan Metasploit dan nikto (sedikit tricky dengan space dan library :) ).

berikut sedikit tips n trik :

* untuk memperbesar space dalam menginstall aplikasi maka pindahkan /Applications ketempat lain (yang terbesar /private), begitu juga /opt

mv Applications /private/var/
ln -s /private/varApplications /Applications

* set PATH untuk installasi perl, dan beberapa paket development<

PATH=$PATH:/opt/iPhone/bin/
export PATH

Sedikit dulu info dari gw, mudah-mudahan bisa memberi manfaat :), kalo ada waktu disambung lagi :P, btw gadget iTouch gw ini mendapat jatah nama "eX1a", hehhehe tau kan darimana nama itu ? (mobile suit milik siapa :P)

*cara merestore ipod touch adalah, menshutdown itouch terlebih dahulu dengan menekan tombol on/off dan home secara bersamaan, kemudian muncul tanda slide off warna merah untuk mematikan, kemudian menyalakannya kembali dengan melakukan hal yang sama sampai itunes di pc/laptop kamu muncul dan menampilkan warning tentang ipod recovery, lalu kamu letakkan kursor di atas pilihan restore sambil menekan Shift dan kemudian mengklik tombol restore tersebut.

sumber situs bagus:
JailBreakme
modmyifone
Turning your iPhone/iPod Touch into a handheld hacking device

ArpWall: Still need time to develop

Its hard to finish all my "fun" project, even this "little" project (arpWall). Tonight; after an office hours (started from 8PM till 09.30PM; urgh im so tired..) ive give some "Shoot" to it, and this is "ArpWall" ver.0.01 (a buggy version; works on arp attack (tested with Cain&Abel)) that ive able to develop now... urgh. Yeah, bad coded! .. just hope that i have more time to work on it :(.. Wish me luck. K

Arpwatch in action

Apr 17 14:11:32 tarantula kernel: [17203350.856000] eth0: Promiscuous mode enabled.
Apr 17 14:11:32 tarantula kernel: [17203350.856000] device eth0 entered promiscuous mode
Apr 17 14:11:32 tarantula kernel: [17203350.856000] audit(1176793892.194:2): dev=eth0 prom=256 old_prom=0 auid=4294967295
Apr 17 14:11:32 tarantula arpwatch: listening on eth0
Apr 17 14:13:52 tarantula arpwatch: changed ethernet address 192.168.4.80 0:40:b9:7a:63:0 (0:1:3:40:8e:8c) eth0
Apr 17 14:14:26 tarantula arpwatch: changed ethernet address 192.168.4.11 0:1:29:3f:58:ea (0:16:36:aa:aa:6a) eth0
Apr 17 14:15:10 tarantula arpwatch: new station 192.168.4.12 0:1:29:3f:58:ea eth0

always watch your back brotha ...

make your metasploit 3.0 run

Some people ask me about how to run a new version of metasploit (The Metasploit Framework is a development platform for creating security tools and exploits) on their ubuntu, they failed to run it, not like in previous version . As we know, a new version (framework 3.0) is written in the Ruby programming language and includes components written in C and assembler. So, here are some direction, hope it helps.

Ok, i run the framework from Edgy Eft (Ubuntu 6.10, in a fresh install state)



yes, its failed because i need ruby programming language installed on my machine



end then, just install it. Ruby are installed n try to run it again,



still failed, because i need to install libopenssl extensions for ruby




just do some search, n install the package for ruby, then try to run your "metasploit" again



now, its run perfectly on your machine.., hope it helps

FireCAT

Yesterday, i implemented FireCAT a.k.a Firefox Catalog of Auditing Toolbox at my browser (firefox 2.0 running on ubuntu), FireCAT is a Firefox Framework Map collection of the most useful security oriented extensions.

The basic idea is using "popular" web browser (in this case "firefox") and its extensions (developed by ethical hackers and coders) to perform pentests and audit assessments.

Here is an updated list of useful security auditing extensions

u can download the OPML here then import it to bookmark, or u can download it manually.





hackbar, "This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT learn you how to hack a site. Its main purpose is to help a developer do security audits on his code." running on my browser



Advanced dork : Gives quick access to Google’s Advanced Operators directly from the context menu, helping u for doin google hacking :)





and else.. , so "No more Top 100 security tools, no more LiveCDs and no more exploitation frameworks. A security auditor without toolbox is like a cop without gun."

Security tools

If you`re looking for or wondering what is the best security tools ever, then u should check this tremendous sites, Fyodor (as a creator of nmap) start this security tools surveys in 2000, update it in 2003 and release it again in 2006 survey, there is a list of an open source or commercial tools on any platform ( notes: No votes for the Nmap Security Scanner were counted because the survey was taken on a Nmap mailing list).

Go check your tools at http://sectools.org, n here are short list of the best 5

nessus

wireshark, formerly known as Ethereal

snort

netcat

metasploit

if u ask me what a best tools for me and always in my "war machine", i choose nmap, dsniff, metasploit (thats the best three for now :) ) , How about you?