vlan abuse

 backtrack, security  No Responses »
Feb 132012
 

this is a quick post about vlan hacking abuse.

specifically, this post will cover how to abuse cisco switches and the DTP (dynamic trunking protocol).

why is this important? typically, most environments segment out servers, workstations, management, etc, into different vlans. if they (mis)configure the switch, you could potentially jump onto the management subnet (where things are usually much less protected) from a user subnet.

in a nutshell, we are taking advantage of a misconfigured switch, not really doing any “hacking”.

Continue reading »

networkminer on backtrack 5 r1

 backtrack, security  No Responses »
Sep 112011
 

i have recently been working through some network forensic challenges from a few locations (http://forensicscontest.com and http://ismellpackets.com/category/pcap/) and wanted to do some network carving (parsing a pcap and getting the files like .exe’s, .jpg’s, etc). to answer some of the questions i wanted to load networkminer on my backtrack 5 r1 box.

fortunately there was a tutorial on how to get networkminer up on linux, but it didn’t fix everything for the newest version of backtrack (specifically, the fonts were off and the menu didn’t show up correctly).

to get networkminer 1.0 up and running on my backtrack 5 r1 VM here is what i did (summary of commands at bottom):

  1. downloaded winetricks and installed the .NET framework, some core fonts, and the GDI+ package 
    cd /bin
wget http://kegel.com/wine/winetricks
chmod +x winetricks
./winetricks corefonts dotnet20 gdiplus

    Continue reading »

changing the backtrack 5 menu icon

 backtrack, security  8 Responses »
May 122011
 

first off, the backtrack team rocks. they produce an amazing product for an equally amazing cost. the aesthetics are even top notch, which i can appreciate.

that being said, i don’t usually like to advertise to people that i am running backtrack (people get nervous when they think “hacker”), and a flaming red dragon is no way to keep things on the down low.

so, for anyone else out there i thought i would post where to change the default backtrack 5 menu icon.

the icon file is a svg, and is located at: /usr/share/icons/Humanity-Dark/places/24/start-here.svg

to clean my desktop up to something more benign (and useful), i replaced the backtrack menu logo with a blank svg and changed the wallpaper to corelanc0d3r’s exploit dev cheatsheet.

steps taken:

  1. renamed original svg file (mv /usr/share/icons/Humanity-Dark/places/24/start-here.svg /usr/share/icons/Humanity-Dark/places/24/start-here.svg.original)
  2. created a blank 24×24 svg to replace original svg (you can download here, created with inkscape on mint).
  3. move new, blank svg to /usr/share/icons/Humanity-Dark/places/24/start-here.svg
  4. restart the taskbar (pkill gnome-panel)
  5. if you are interested in the wallpaper, you can find them here

kismet oldcore on backtrack 4 r2

 backtrack, security, wireless  No Responses »
Mar 112011
 

i am working on some wireless testing for my SANS wireless certification (joshua wright’s stuff, who is really good at what he does).

i haven’t been playing with wireless too much lately, so i hadn’t noticed that in backtrack 4 r2 kismet had been upgraded to the newcore version, with no trace of oldcore installed or available via repo’s. i wanted both oldcore and newcore, since newcore doesn’t support things like a strings dump, eap authentication type identification, etc.

here is what i did to install kismet oldcore side-by-side with newcore on backtrack 4 r2 (line-by-line command at bottom):

  1. download oldcore into /pentest/wireless
    Continue reading »

backtrack 4 r2 exploitdb svn update failing

 backtrack  7 Responses »
Jan 242011
 

i have an older copy of backtrack 4 that i have upgraded since the initial release. while working through the PWB course from offensive security, i wanted to upgrade the local version of exploitdb. here is what i got:

1
2

root@bt:/pentest/exploits/exploitdb# svn update
svn: Repository UUID 'c54f1b57-f3df-4c37-b561-881cde1baa19' doesn't match expected UUID '8072406e-18fd-45b5-acae-fc56dbc62dfa'

apparently in the time i installed backtrack 4 and the current version, they have blown away/moved the svn database. after googling, i found two options.

  1. download the newest version of backtrack and start from scratch
  2. fix the problem ;)

i have too much time invested in the box, so i found out how to fix the issue. here is what you do (assuming you are in the /pentest/exploits directory):

1
2

rm -rf exploitdb/
svn co svn://www.exploit-db.com/exploitdb

just a quick and dirty way to drop the old svn repository and add it from scratch.