backtrack 4 r2 exploitdb svn update failing

 backtrack  7 Responses »
Jan 242011
 

i have an older copy of backtrack 4 that i have upgraded since the initial release. while working through the PWB course from offensive security, i wanted to upgrade the local version of exploitdb. here is what i got:

1
2

root@bt:/pentest/exploits/exploitdb# svn update
svn: Repository UUID 'c54f1b57-f3df-4c37-b561-881cde1baa19' doesn't match expected UUID '8072406e-18fd-45b5-acae-fc56dbc62dfa'

apparently in the time i installed backtrack 4 and the current version, they have blown away/moved the svn database. after googling, i found two options.

  1. download the newest version of backtrack and start from scratch
  2. fix the problem ;)

i have too much time invested in the box, so i found out how to fix the issue. here is what you do (assuming you are in the /pentest/exploits directory):

1
2

rm -rf exploitdb/
svn co svn://www.exploit-db.com/exploitdb

just a quick and dirty way to drop the old svn repository and add it from scratch.

setting up armitage on ubuntu with a postgres db

 metasploit  13 Responses »
Dec 242010
 

update: as someone commented below, armitage is now distributed with metasploit. there is no need to follow these directions any more, they are depreciated.

i wanted a pretty gui to show off some metasploit functionality recently which led me to armitage.

i use (and love) backtrack 4, as does most of the world, but i also have a ubuntu based distro (mint 10, which is based on ubuntu 10.10) that i like to use. i found a lot of tutorials on how to install armitage on backtrack, but hardly anything on installing armitage on a non-backtrack machine, and practically nothing for installing armitage on ubuntu with a postgres backend. i decided i wanted to install armitage on the mint machine using postgres (per the armitage recommendation here) and not finding any good instructions, i thought i would give it a go and document. here we go:

first, you need to have some of the basics installed. i will leave it to others to describe how to install these if you need help (others == google).

  1. java 1.6 (has to be the official oracle java version)
  2. metasploit 3.5+

next, lets install postgres:

sudo apt-get install postgresql-8.4

now that postgres is installed, we need to create a db and a user for armitage to use. i su’ed to the postgres user to do this:

 

Continue reading »

stuxnet: a technical, political, and business analysis

 security  No Responses »
Oct 122010
 

updated: i just finished another presentation on stuxnet and moved the presentation over to a prezi. there is still a link to a pdf from my first presentation, along with a link to the stuxnet prezi

today i did a presentation for our local infragard chapter on stuxnet.

as you can tell from the title, “stuxnet: a technical, political, and business analysis”, it was designed to show how complex and thorough stuxnet is, but then to also look at the political implications, followed up by the most important piece: what this means to the business community.

to clarify, its more of a recap of the articles i have read on stuxnet, and in simple enough terms that someone that is not terribly technical can grasp, while giving the coders something to chew on.

click the following link to download the pdf if you are interested. feel free to comment or drop me line if you have any questions!

stuxnet v01

20110530_stuxnet_01 on Prezi

stuxnet presentation

intranet’s and ssl

 certificates, network administration, security  No Responses »
Aug 252010
 

recently, i was helping set up a sharepoint intranet site that would house several sites, things like a help desk ticket system, a knowledge base, and some org based group pages for collaboration.

for my part, i didn’t have to do much of the setup, but i did enable and force SSL for any connections made to the site. this brought up an interesting discussion question.

is there any point to force SSL on an intranet site that, by definition, is only used by people internal to the company?

before i get to the reasons for running or not running SSL on an intranet site, let me give a little more background of this specific install. Continue reading »

locking down a windows environment

 gpo's, network administration, security  2 Responses »
Mar 302010
 

since we did a network overhaul (defined in detail shortly) 2 years ago, we have had zero incidents of malware/virus’/badware on any machines that we know of (i know i will probably walk into bedlam tomorrow morning after saying that ;). after a recent mailing list conversation, i thought i would share some stuff we have done in detail to help anyone else going about the same process. here we go.

the 30 thousand foot view is this:

  • we reformatted every workstation and every server in one weekend (yes, you read that correctly)
  • users given user only rights, no power users or administrators.
  • we leveraged ms gpo’s to hide the c drive, limit what type of files could be saved, and prevent applications from running unless specifically allowed (application whitelist), etc.
  • we utilized ms’s wsus to apply patches across the board, workstations and servers
  • we started using a gateway device that did web filtering and also implemented a squid proxy server with whitelists
  • a copy of advanced installer was purchased so we could create msi’s to push all software out via gpo’s (this is great for new versions of software, pulling back software, etc)
  • we used gpo’s to config the workstation so that it automatically logged into our terminal server farm via single sign on (sso), more or less creating a pseudo thin client out of cheap desktop machines

working motto’s:

  • if you want a user to do/not do something, don’t ask them. force them.
  • prevention is the best medicine

Continue reading »

voip & wireshark

 security, voip, wireshark  No Responses »
Feb 222010
 

so i really like wireshark. every time i open it up i find something else very cool and practical to make my job easier.

for example: we are testing a phone system out that is based on asterisk called digium switchvox.

overall, i have been pretty impressed with the setup, options, and tools digium gives us and from a functionality point of view, its great.

looking at it from a security point of view, though, yields a different impression.

the first thing i noticed right off the bat was user passwords. they stink. they have to be numeric, and can only be a maximum of 10 digits, which makes bruteforcing user accounts pretty trivial.

the other thing that got my attention was how open the sip/sdp/rtp protocols are. i fired up wireshark and sniffed a few calls (off a spanned port on a switch) and found very quickly that you can easily record, playback, and dissect any voip calls. here is what i did:

  1. opened the pcap in wireshark 1.2.6, went to Telephony -> VoIP Calls

  2. selected the call i wanted to look at, clicked Player then Decode

  3. now click Play, and you are listening to both sides of a phone conversation, just like you were on the call

one other feature in wireshark i just found was the graph of the conversation. for troubleshooting and just understanding the traffic for future endevors, i found the Graph option to be very useful. instead of clicking on the Player option, just select the Graph option from the VoIP Calls list, and you have the details of what happened on a call (from the packets point of view). since a picture is worth a thousand words:

i did end up calling digium and  tried to see if they could run sip over ssl, but no such luck.

here is a link for wireshark: http://www.wireshark.org. their documentation is pretty good, and they have some videos that can be of some help as well.

 Newer Entries