Category Archives: hack

any activity that aims to understand the system from inside or outside but the goal is for reveal the vulnerabilities on system and to solve it.

Metasploit Connect_db

hack

root@bt:~# ruby1.8 /pentest/exploits/framework3/msfconsole

888 888 d8b888
888 888 Y8P888
888 888 888
88888b.d88b. .d88b. 888888 8888b. .d8888b 88888b. 888 .d88b. 888888888
888 “888 “88bd8P Y8b888 “88b88K 888 “88b888d88″”88b888888
888 888 88888888888888 .d888888″Y8888b.888 888888888 888888888
888 888 888Y8b. Y88b. 888 888 X88888 d88P888Y88..88P888Y88b.
888 888 888 “Y8888 “Y888″Y888888 88888P’88888P” 888 “Y88P” 888 “Y888
888
888
888

=[ metasploit v3.7.0-release [core:3.7 api:1.0]
+ — –=[ 684 exploits – 355 auxiliary
+ — –=[ 217 payloads – 27 encoders – 8 nops

msf > db_driver mysql
[*] Using database driver mysql
msf > db_connect root:okeydokey@127.0.0.1:3306/metasploit
msf > db_status
[*] mysql connected to metasploit
msf > db_nmap -sS -n okeydokey.com
[*] Nmap: Starting Nmap 5.51 ( http://nmap.org ) at 2011-08-18 03:39 WIT
[*] Nmap: Nmap scan report for okeydokey.com
[*] Nmap: Host is up (0.14s latency).
[*] Nmap: Not shown: 995 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 21/tcp open ftp
[*] Nmap: 22/tcp open ssh
[*] Nmap: 80/tcp open http
[*] Nmap: 111/tcp open rpcbind
[*] Nmap: 3306/tcp open mysql
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 32.27 seconds
msf > exit

thx to :
http://www.backtrack-linux.org/forums/ fnord0
http://forums.techarena.in/ !cons

Squid + Squidguard Words Restriction

hack, networking, ,

Squid, an Open Source proxy server is really good proxy server i think, since its free, yet it can serve us enough basic and middle needs of proxy server. Mostly, proxy server is used to limit amount of bandwidth that users can reach, by using proxy server we can distribute bandwidth fairly between user. it can also serve caching service. any request and response through that proxy will be saved as in certain amount of cache size. it then, help us to give faster access, because we don’t need to download all the element of web pages directly from the source, instead we can access the cached pages on our proxy server.

squid
squid logo

Combination from Squid and Squidguard can works even better. Some instances and educational institutions use it to help blocking unwanted internet access completely and in a good way. In my college for example, it use squid as transparent proxy. All web access will be diverted to this proxy, while squidguard is there to block unwanted web address. At first some methods can be done to bypass this Squid + Squidguard resctriction, for example we can use proxy that available in many websites. But last time i tried it can be used again and any website address i entered through the proxy directed to warning page from squid proxy.

Then i find out that it is the use of Squidguard. by visiting documentation section in its website i find regular expression configuration. using this regular expression configuration, we can detect any words and restrict it. the admin must have found common characteristic of web proxy provider that will convert any address entered into “some.php” string passed into our browser. all the admin needs is just to set this regular expression matched with the string.

Well, since the method i use to bypass proxy is really easy method, i can hope for hard way to block it too. gonna find other way to bypass it though. hope this information can help you to understand how squid and squidguard work. 🙂

Nessus installation on Backtrack 5

hack, Operating System,

Nessus is vulnerability scanner that has web-based interface. You can use it to improve your backtrack funcionalities.

1. Install from apt-get
# apt-get install nessus

2. Follow the instruction displayed (add user). this user will be the administrator user, you can add other type of user later
# /opt/nessus/sbin/nessus-adduser

3. Register to nessus.org to get your activation code. if you have received it, run this command
# /opt/nessus/bin/nessus-fetch –register

4. if this procces doesnt run well, it may be caused by wrong proxy configuration. setting proxy configuration on nessus-fetch.rc will solve it

5. Upgrade your nessus
# apt-get upgrade nessus

6. Run nessus daemon
# /etc/init.d/nessusd start

7. Open your browser and enter https://localhost:8834/
you may login to nessus now.

Nmap Basic in Backtrack 5

hack,

backtrack has its nmap installed inside, the use of nmap it to scan other computer ports. it is the part of penetration testing. after we know what ports opened and what application possibly installed on computer, we can go further by trying to attack the application.

nmap logo

nmap basic, taken from http://nmap.org/bennieston-tutorial/

nmap has some basic options :
1. -sT : TCP Connect, using method connect(), we can determine wheter the port opened or not, but it is easily to detect by firewall/intrusion detection software.
2. -sS : SYN stealth scan, using syn to begin connection then sending rst to stop initiation connection, so that no connection will be made. it results in harder detection.
3. -sF, -sN, -sX : FIN, NULL, Xmass Tree Scan. FIN will send Fin Flag, Null will set no flag and Xmass Tree sets the FIN, URG and PUSH flags. It is used to avoid system detection.
4. -sP : Ping Scan , scan with ping command to determine whether the target online or not
5. -sU : UDP Scan , scan port with UDP packet.
6. -sO : IP Protocol Scan, scan port using ip raw packet.
7. -sI : Idle Scanning, more advanced scanning mode
8. -sV : Version Detection,
9. -sA : ACK Scan,
10. -sW, -sR, -sL : Window Scan, RPC Scan, List Scan,

using those basic options we can determine the ports opened in target.
example command

1 open terminal
2 enter the command
nmap -sS 127.0.01

so it will look like this

#rootbt: nmap -sS 127.0.0.1
Host is up (0.0021s latency).
Not shown: 991 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
139/tcp open netbios-ssn
143/tcp open imap
445/tcp open microsoft-ds
3306/tcp open mysql
10000/tcp open snet-sensor-mgmt

Nmap done: 1 IP address (1 host up) scanned in 7.06 seconds