Search Hacking Mode Trick Updates

Installasi Program di Backtrack [ Part I ]

Thursday, November 27, 2008 · 0 comments

Setelah menginstall distro Backtrack di linuxbox yang saya gunakan, rasanya kurang menarik bila tidak menambahkan beberapa tools yang membantu saya dalam kegiatan tulis-menulis :D seperti saat menulis artikel ini, saya menggunakan applikasi Bluefish versi 1.0.7. Selain applikasi untuk perkantoran, saya juga menanamkan beberapa applikasi seperti :

  • Openoffice 2.2.1
  • Abiword 2.4
  • The Gimp 2.2.17
  • Virtualbox 1.5.2
  • Cedega 5.1
  • Bluefish 1.0.7
  • Kaffeine 0.8.1
  • XMMS 1.2.10
  • Xine-ui 0.99.5

Applikasi tersebut sudah saya coba dan berjalan tanpa hambatan, untuk menambah applikasi pada Backtrack, kita hanya memerlukan konverter module yang sama dengan distro Slax, ya karena Backtrack berbasis Slax, maka Anda dapat menggunakan tools untuk merubah file berektensi *.tgz, *.mo, *.rpm ke *.lzm, disini saya menggunakan tools seperti mo2lzm, rpm2lzm, tgz2lzm dan lzm2dir yang semua’a dapat di peroleh dari situs Slax.

Apabila tools tersebut sudah tertanam di Backtrack Anda, maka command yang dapat Anda jalankan seperti berikut :

bt ~ # mkdir /root/slax_modules/applikasi/chkrootkit-0.46a-6
bt ~ # mo2lzm chkrootkit_0_46a-6.mo chkrootkit_0_46a-6.lzm
bt ~ # lzm2dir chkrootkit_0_46a-6.mo.lzm /root/slax_modules/applikasi/chkrootkit-0.46a-6

Selanjutnya Anda hanya tinggal meng-copy paste file yang sudah di ekstrak saja :D

Referensi:
http://slax.hosting4p.com
http://slax.hosting4p.com/modules.php

Read More......

Compiling and Installing The Latest Xorg 7.2

· 0 comments

If that’s not enough for you, this guide will take you through the steps of installing the latest Xorg 7.2 server. I needed to do this as well to get my new 965GM chipset working.
  1. Uninstall you’re old version of xorg (removepkg) packages are located in /var/log/packages
  2. Download the new packages. I got my packages from the pinki1 build. Don’t download the auto script it will not work for you, trust me.
  3. I downloaded them all to /var/log/packages then installed them (installpkg)
  4. Add:
  5. /usr/X11R7/lib to /etc/ld.so.conf

    Add /usr/X11R7/bin to the PATH variable
    Note: you can also edit /etc/profile and find the lan that says:

    PATH="/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/local/apache/bin:/usr$

    And change X11R6 to X11R7

  6. Now is the time to install any graphic drivers if you happen to be using the lintel drivers you can find the install directions from: http://intellinuxgraphics.org/install.html and the actual drivers from xorg.freedesktop.org
  7. Change all the fontpaths in /etc/X11/xorg.conf from
  8. /X11R6 to /X11R7
  9. Change your fontpaths in /etc/fonts/fonts.conf:
  10. /usr/X11R6/lib/X11/fonts/TTF

    might be changed to

    /usr/X11R7/lib/X11/fonts/TTF
  11. Install these packages:
  12. ftp://ftp.scarlet.be/pub/linuxpackages/Slackware-11.0/Library/libpthread-stubs/libpthread-stubs-0.1-i486-1ced.tgz
    ftp://ftp.scarlet.be/pub/linuxpackages/Slackware-11.0/X11/libxcb/libxcb-1.0-i486-1ced.tgz
    ftp://ftp.scarlet.be/pub/linuxpackages/Slackware-11.0/X11/xcb-proto/xcb-proto

    Note: Change xcb-proto to xcb-proto.tgz so you can install it:

    # mv xcb-proto xcb-proto.tgz
  13. Run /usr/X11R6/bin/fc-cache -f from root and user if you have another account.
  14. Congratulations you’re now running xorg 7.2

Author :
remote-exploits.blogspot.com

Ditulis dalam Modding. 1 Komentar »

Compiling ALSA

“ALSA (an acronym for Advanced Linux Sound Architecture) is a Linux kernel module that replaces several different kernel drivers for sound cards with a single device driver which handles the diversity of sound cards internally. Some of the goals of the ALSA project were to support automatic configuration of sound card hardware, and graceful handling of multiple sound devices in a system, goals which it has largely met.

  1. Unpack the source:
  2. # bunzip2 alsa-driver* && tar -xvf alsa-driver*
  3. Change to the new directory:
  4. # cd alsa*
  5. Configure and compilation alsa:
  6. # ./configure && make
  7. Begin install:
  8. # make install
  9. If your card is supported(http://www.alsa-project.org/alsa-doc/), run ‘alsaconf’ and follow the directions:
  10. # alsaconf
  11. Then, to configure sound and mixer options:
  12. # alsamixer

Author :
remote-exploits.blogspot.com

Read More......

Koneksi ke OPEN/WEP WLAN ( DHCP )

· 0 comments

Untuk menghubungkan ke wireless LAN yang Open atau Secured by WEP (DHCP).

# iwconfig [interface]  mode managed key [WEP key]

Note :

Gantilah kata “interface” dengan nama interface Anda yang lagi aktif saat ini, misal ath0, wlan0 atau eth1.
WEP key, masukkanlah kata kuci WEP, 10 karakter hexadecimal untuk 64 bit dan 26 karakter untuk 128 bit.

# iwconfig essid  "[ESSID]" 

ESSIS = Spesifikasi SSID dari suatu WLAN

# dhclient [interface] 

Untuk mendapatkan IP address, netmask, DNS server dan default gateway dari akses poin.

Read More......

Koneksi ke OPEN/WEP WLAN ( Setup IP Manual )

· 0 comments

Untuk menghubungkan ke wireless LAN yang Open atau Secured by WEP ( IP Manual/Statis ).

# iwconfig [interface]  mode managed key [WEP key]
# ifconfig [interface] [IP address] netmask [subnetmask]
# iwconfig essid "[ESSID]"
# route add default gw [IP of default gateway]

Note :

Masukkan IP Address gatewaynya ( biasanya alamat IP dari Access Point )

# echo nameserver [IP address of DNS server]  >> /etc/resolv.conf

Konfigurasikan DNS server Anda.

# ping www.detik.com

Melakukan uji koneksi.

Read More......

Kumpulan Perintah iwconfig

· 0 comments

# iwconfig [interface] mode master

Menjadikan kartu PCMCIA dalam mode akses poin

# iwconfig [interface] mode managed

Menjadikan kartu PCMCIA Anda dalam mode client pada jaringan wifi infrastruktur

# iwconfig [interface] mode  ad-hoc

Mengeset kartu Anda sebagai anggota di jaringan wifi ad hoc tanpa akses poin

# iwconfig  [interface] mode monitor

Mengeset kartu Anda dalam mode monitor

# iwconfig [interface]  essid “SSID_Anda”

Konfigurasikan ESSID jaringan Anda.

# iwconfig [interface] key 1111-1111-1111-1111

Mengeset kunci WEP 128bit

# iwconfig [interface] key 11111111

Mengeset kunci WEP 65 bit

# iwconfig [interface] key off

Menonaktifkan kunci WEP

# iwconfig  [interface] key open

Menset sebagai open mode, tidak diperlukan autentikasi

# iwconfig [interface] channel [channel no.]

Menset sebuah channel 1-14

# iwconfig  [interface] channel auto

Memilih channel otomatis

# iwconfig  [interface] freq 2.422G

Menset channel dalam Ghz

# iwconfig [interface]  ap 11:11:11:11:11:11

Memaksa kartu untuk mendaftar ke alamat AP

# iwconfig [interface] rate 11M

Kartu akan menggunakan kecepatan tertentu

# iwconfig [interface] rate auto

Memilih kecepatan otomatis

# iwconfig [interface] rate auto 5.5M

Kartu akan menggunakan kecepatan tertentu dan kecepatan di bawahnya jika memang diperlukan

Read More......

Gateway Backtrack2

· 0 comments

Langsung saja, tutorial ini untuk melengkapi postingan bang alie dengan judul “Router Backtrack”-nya. Untuk membuat Gateway menggunakan distro Linux Backtrack langkah pertama adalah tentunya sudah terinstall Backtrack di komputer yang akan dijadikan sebagai Gateway, disini saya menggunakan Backtrack2 sebagai tempat percobaannya…eth0 terhubung langsung ke internet dengan keterangan sbb :

IP Address : 203.81.xxx.xx5
Netmask : 255.255.255.0
Gateway : 203.81.xxx.xx1
Nameserver :
203.81.xx4.11
203.81.xx5.12

eth1 terhubung ke klien di jaringan, dengan keterangan sbb :

IP Address : 192.168.0.1
Netmask : 255.255.255.0

Setelah sempat bingung mengutak-atik agar settingan jaringan dapat berjalan d saat startup mulai dari gui, mengetikkan command netconfig di konsole, bahkan file /etc/rc.d/rc.inet1.conf pun sudah saya utak-atik, tetap saja hasilnya nihil ( lantaran masih newbie se… )) ), untuk mengaktifkan NAT (Network Address Translation) biasanya ( di slackware ) kita mengisi beberapa baris perintah iptable di /etc/rc.d/rc.local, namun disini saya tidak melakukannya, sebagai alternatif… maka saya mencoba mengganti isi file /etc/rc.d/rc.inet1 yang akan diisi dengan beberapa baris perintah untuk setting network sekaligus iptablenya ( tentunya perintah iptable sederhana ), berikut langkah yang saya lakukan :

# chmod +x /etc/rc.d/rc.ip_forward
# echo “1″>/proc/sys/net/ipv4/ip_forward

Perintah tsb untuk mengaktifkan opsi bahwa Linuxbox tsb akan difungsikan sebagai router.

Masukkan NameServer pada file /etc/resolv.conf

# echo “nameserver 203.81.xx4.11″>/etc/resolv.conf
# echo “nameserver 203.81.xx5.12″>>/etc/resolv.conf
# cat /etc/resolv.conf
nameserver 203.81.xx4.11
nameserver 203.81.xx5.12

Sebelumnya saya melakukan backup file defaultnya terlebih dahulu…

# mv /etc/rc.d/rc.inet1 /etc/rc.d/rc.inet1.old
# nano /etc/rc.d/rc.inet1

Isinya sebagai berikut ( sesuaikan dengan keterangan diatas ) :

# rc.inet1 This shell script boots up the base INET system.
#
# Version: @(#)/etc/rc.d/rc.inet1 1.01 05/27/93
# Modified by atoz [at] debian-id [dot] org

# Attach the loopback device.
/sbin/ifconfig lo 127.0.0.1
/sbin/route add -net 127.0.0.0 netmask 255.0.0.0 lo

# Auto eth0.
IPADDR[0]=”” # REPLACE with YOUR IP address!
NETMASK[0]=”” # REPLACE with YOUR netmask!
NETWORK[0]=”” # REPLACE with YOUR network address!
BROADCAST[0]=”” # REPLACE with YOUR broadcast address, if you
# have one. If not, leave blank and edit below.

GATEWAY=”” # REPLACE with YOUR gateway address!

# Uncomment the line below to initialize the ethernet device.
/sbin/ifconfig eth0 ${IPADDR[0]} broadcast ${BROADCAST[0]} netmask ${NETMASK[0]}

# Uncomment this to set up your gateway route:
/sbin/route add default gw ${GATEWAY} netmask 0.0.0.0 metric 1

# Auto eth1.
IPADDR[1]=”” # REPLACE with YOUR IP address!
NETMASK[1]=”” # REPLACE with YOUR netmask!
NETWORK[1]=”” # REPLACE with YOUR network address!
BROADCAST[1]=”” # REPLACE with YOUR broadcast address, if you
# have one. If not, leave blank and edit below.

# Uncomment the line below to initialize the ethernet device.
/sbin/ifconfig eth1 ${IPADDR[1]} broadcast ${BROADCAST[1]} netmask ${NETMASK[1]}

# Network Address Translation ( NAT ).
iptables -A FORWARD -o eth0 -i ! eth1 -j ACCEPT
iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -f -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# End of rc.inet1

Anda dapat mencoba melakukan shutdown Linuxbox yang Anda gunakan dan menikmati hasilnya )

Read More......

Manajemen User di Backtrack

· 0 comments

Backtrack merupakan turunan dari distro Slax, dan bisa di katakan sebagai cucunya dari distro Slackware, bagi yang sudah pernah atau familiar dengan distro tua ini ( Slackware.Red ), tentunya tidak perlu terlalu lama untuk melakukan pembuatan user, jadi tutorial ini di tujukan untuk para newbie linux seperti saya p
Tutorial ini juga saya publish di blog BacktrackIndo.

Misalnya kita membuat user baru bernama anonymous. berikut langkah-langkahnya :

Periksa terlebih dahulu Anda sekarang login sebagai apa? tentu saja sebagai root ))
lha… user lainkan belum dibikin ne… ( AtoZ edan !!!… )) )

# whoami
root


Sebelum melanjutkan ke tahap pembuatan user, saya akan membuat folder public_html terlebih dulu
di direktori /etc/skel agar setelah selesai membuat user, secara automatis folder public_html
juga akan dibuat pada home direktori user tersebut ( /home/anonymous/public_html ) :

# mkdir /etc/skel/public_html

Sekarang kita memasuki tahap pembuatan user :

# adduser anonymous

Login name for new user: anonymous

User ID (’UID’) [ defaults to next available ]:

Initial group [ users ]:

Additional groups (comma separated) []:

Home directory [ /home/anonymous ]

Shell [ /bin/bash ]

Expiry date (YYYY-MM-DD) []:

New account will be created as follows:

—————————————
Login name…….: anonymous
UID…………..: [ Next available ]
Initial group….: users
Additional groups: [ None ]
Home directory…: /home/anonymous
Shell…………: /bin/bash
Expiry date……: [ Never ]

This is it… if you want to bail out, hit Control-C. Otherwise, press
ENTER to go ahead and make the account.

Creating new account…

Changing the user information for anonymous
Enter the new value, or press ENTER for the default
Full Name []: anonymous
Room Number []:
Work Phone []:
Home Phone []:
Other []: atoz@bungker.org
Changing password for anonymous
Enter the new password (minimum of 5, maximum of 127 characters)
Please use a combination of upper and lower case letters and numbers.
New password: ***********
Re-enter new password: ***********
Password changed.

Account setup complete.

Note :
Masukkan nama user, no id useeer, nama kecil atau inisialisasi, home direktori, shell yang digunakan,
tanggal kadaluarssa hasil account yang dibuat.

Untuk menghapus user, jalankan perntah :

# userdel anonymous

Setiap user memilik group masing-masing, berguna bila bekerja dalam sebuah jaringan. Semua user yang berada dalam group yang sama memiliki hak akses yang sama pula, nah… untuk menambah group. gunakan perintah :

# groupadd [nama_group]

Untuk menghapusnya, gunakan perintah :

# groupdel [nama_group]

Apabila Anda ingin memodifikasi akun user yang Anda punya, gunakan perntah usermod. Misalnya Anda ingin memodifikasi
group user anonymous, menjadi group wheel.

# usermod -G wheel anonymous
# id anonymous
uid=1001(anonymous) gid=100(users) groups=100(users),10(wheel)

Untuk melihat manual penggunaan perintah yang telash disebutkan di atas, gunakan perintah man [nama_perintah]. Contoh :

# man usermod

Sampai disini dulu pembahasan kita. Selamat mencoba )

Read More......

BackTrack

· 0 comments

ALL ABOUT BACK|TRACK
remote-exploit
wiki backtrack
forum remote-exploit
offensive security
INDONESIAN BACKTRACK
backtrack newbie
indonesian backtrack community
collecting about backtrack pentest
yogyafree backtrack
yogyafree backtrack
bungker.org

dadang haryadi backtrack
http://download.cyber-isp.net/linux/Backtrack/ download BT1
http://yum.jardiknas.org/backtrack/ download BT2
http://ftp.fisika.ui.ac.id/pub/linux/iso-cd/backtrack/ download BT2
http://repo.ugm.ac.id/iso/backtrack/ download BT2&3
echo backtrack
ALL ABOUT SLACKWARE

Bagaimana Menggunakan Linux Backtrack

Ok,banyak yang bertanya2 cara menggunakan linux backtrack.
Disini saya akan mengulas "sedikit" tentang cara menggunakan linux backtrack.
Download dulu linuxnya yang berbentuk livecd download backtrack2
Lalu burn menjadi livecd "caranya"
Booting komputer via cd (jgn lupa setting dibios boot first cd)
=============================================================

-------------------------------------------------------
:: Backtrack 2.0 ::
BackTrack
login: root
password: toor
--------------------------------------------------------
*** When finished, hit Ctrl+Alt+Delete and
wait until the computer reboots ***
--------------------------------------------------------
slax login:_
=============================================================
Lalu login masukkan login:root dan password:toor
Setelah itu Ketikkan xconf
=============================================================
Trying to autoconfigure Xwindow system, please wait...
creating /etc/X11/xorg.conf...
all done. Run startx now.
=============================================================
Atau langsung ketik startx
atau lo bisa ketik guifast
ok sekarang lo dah masuk ke linux backtracknya.


Biasanya backtrack akan men set network secara dhcp tapi kalau ngga caranya gini:
setting IP secara Dhcp.
caranya:
ketik "dhcpd eth0"
(untuk eth0 ini tergantung dari lan card yang lo gunain)
untuk memastikan ketik ifconfig


setting IP secara static.
caranya:
ketik "ifconfig eth0 192.168.1.2/24" ->setting IP dan subnet
ketik "route add default gw 192.168.1.1" -> setting gateway
ketik "echo nameserver 192.168.1.1 > /etc/resolve.conf" -> sett dns
untuk memastikan ketik ifconfig


Jangan lupa untuk ganti passwordnya
caranya:
ketik "passwd" masukkan pasword yang "kuat"


untuk memunculkan bash command bisa ketikkan:
leetmode atau yakuake


cara menginstal backtrack ke harddisk beserta pilihan dual boot:
jalanin "Qtparted" dari linux tsb dari bash command
nanti didalem qtparted tsb terdapat partisi (kayak fdisk di win)
ex: 4Giga
partisi pertama 3.5Giga
partisi Kedua 0.5Giga
yang partisi pertama di format ext3
yang partisi kedua di format linux-swap
(disini qtparted suka ngaco lo buka shell umount ato mount hda1 dan hda2)
hal ini supaya qtparted bisa di create ato format setelah itu jangan lupa commit di toolbarnya
setelah itu buka "backtrack installer" pilih "install backtrack to hda2" hal ini tergantung hdd lo
klo sata biasanya namanya sda klo ide biasanya namanya hda (hda1 buat windows and hda2 buat linux ext3) tunggu sampai 100% setelah itu restart and boot ke linux automatically
dari linux lo buka shell masuk ke folder /etc ketik "nano lilo.conf" trus di lilo tsb tambah ini diatas image
==============================
other = /dev/hda1
label = Windows
table = /dev/hda
==============================
jadi nya klo gw kayak gini
==============================
boot = /dev/hda
prompt
timeout =1200
bitmap=/boot/splash.bmp
change-rules
reset
vga = 0x317
other = /dev/hda1
label = Windows_Xp
table = /dev/hda
image = /boot/vmlinuz
root = current
initrd = /boot/splash.initrd
label = Backtrack_2
read-only
========================
dah sekarang restart lo bisa liat di waktu pertama boot di minta milih mau w1nd0ws apa linux


Sekarang merubah tampilan pertama backtrack :
caranya:
ketik ini di shell alias command promptnya klo di wnd0ws
bt ~ # nano /etc/issue
dah deh tinggal kreasiin sendiri


ngerubah command line logon menjadi otomatis saat kde start:
bt ~ #nano/etc/inittab
rubah id:3:initdefault: menjadi id:4:initdefault:


membuat leetmode start otomatis
ketik:
cd /root/.kde/Autostart
ln -s /usr/bin/leetmode leetmode
hal ini membuat link leetmode di outostart


membuat yakuake start otomatis
ketik:
cd /root/.kde/Autostart
ln -s /opt/kde/bin/yakuake yakuake
sekarang di KDE hanya tinggal tekan F12


Script dibawah yang membuat otomatis cd-rom keluar:
ketik:
cd /etc/rc.d
ketik:
nano rc.6
cari code yang seperti ini:
# eject cdrom devices
. ./usr/lib/liblinuxlive
#echo "Ejecting all CDROMs..."
#list_cdrom_devices while read DEVICE; do
# cdrecord dev=$DEVICE -eject >/dev/null 2>/dev/null
# can't use eject because it's not working with our kernel
# eject -s $DEVICE >/dev/null 2>/dev/null
#done
#echo "========================================"
#echo "It's safe to switch the computer off now"
#echo -ne "Press Enter to $command "
#read junk


cara merubah pesan pertama kali boot:
nano /etc/issue


cara menginstal java client:
INSTALL JAVA CLIENT
http://java.com/en/download/manual.jsp
- Download Java Linux (self-extracting file)
- cd opt
- mkdir java
- cp /tmp/jre-6u1-linux-i586.bin /opt/java
- cd java
- ls
- chmod a+x jre-6u1-linux-i586.bin
- ls -l
- ./jre-6u1-linux-i586.bin
- yes
- ls
http://java.com/en/download/help/5000010500.xml#enable
- cd /opt/firefox/plugins
- ln -s /opt/java/jre1.6.0_01/plugin/i386/ns7/libjavaplugin_oji.so
- Firefox-Preferences-Content-Enable java
Good luck.


secure shell daemon
caranya:
ketik "sshd-generate"
ketik "/usr/sbin/sshd"
ketik "netstat -ant grep 22"


Bikin http server klo bahasa neubenya bikin web server
caranya:
ketik "apachectl start" ->fungsinya hidupin apache server buat web
ketik "netstat -ant grep 80" ->cek apakah port 80 aktif
ketik "apachectl stop" ->fungsinya matiin apache server
ketik "netstat -ant grep 80" ->cek lagi


bikin file tansfer protocol atau kerennya ftp server
caranya:
ketik "atftpd --daemon --port 69 /tmp/"
ketik "netstat -anu grep 69"


bikin vnc server biasanya dipake buat ngeremote
caranya:
ketik "vncserver"
masukkan 8digit pass ato lebih
ketik "netstat -ant grep 5901"

caranya bikin dual boot secara otomatis (dikonfigurasi sendiri sama linuxnya)
tinggal ketik "liloconfig" tinggal ikutin perintahnya aja

konfigurasi IP memakai netconfig
di shell tinggal ketik "netconfig" aja

buat tanem ip
masuk k etc ubah file rc.inet1 "nano /etc/rc.d/rc.inet1.conf"
rubah:
# Config information for eth0:
IPADDR[0]="xxx.xxx.xxx.xxx"
NETMASK[0]="255.255.255.xxx"
USE_DHCP[0]=""
DHCP_HOSTNAME[0]=""
# Default gateway IP address:
GATEWAY="xxx.xxx.xxx.xx"
jangan lupa ketik
bt rc.d # rc.inet1

bikin techmon kayak leetmode di BT3
caranya di sheel ketik "superkaramba" trus download filenya jadi degh di desktop

cara install paket yang berextention .tgz
tinggal ketik:
"installpkg namapaket.tgz"

mengextrax file .gz
"tar -xzvf namafile.gz"
$ tar -zxvf nama_file.tar.gz -C /folder/tujuan/

mengextrax file .bz2
"tar -xjvf namafile.bz2"

bagaimana mengupdate slackware yang ada di backtrack pake slapt-get:
ketik ini di shell "slapt-get --update" setelah itu ketik "slapt-get --upgrade"
ketik 'kwrite /etc/slapt-get/slapt-getrc"
tambahin:
SOURCE=http://darkstar.ist.utl.pt/slackware/
buat download updatean nya
program yang lain yaitu:
Kslackcheck buat update slack juga
ini downloadnya kslackcheck
cara installnya tinggal "installpkg namafile.tgz" selesai lihat di system
nambah fast-track di BT2
caranya download dulu fast-track nya
lalu masukkan ke directory "/pentest/misc/"
setelah itu ketik "chmod 755 fast-track.py"

konfigurasi sound dibacktrack
tinggal ketik "alsaconf" ikutin perintahnya setelah selesai ketik "alsamixer" setelah setting suara ketik "alsactl store" buat nyimpen

ini hal aneh kok pentest ada officenya
yahhh gpp degh namanya juga belajar
pertama download officenya di open office
ekstrax "tar -xzvf OOo_2.3.1_LinuxIntel_install_en-US.tar.gz"
masuk ke folder "cd OOG680_m9_native_packed-1_en-US.9238"
masuk ke folder "cd RPMS"
ketik ini "rpm2tgz *.rpm"
install "installpkg *.tgz"
masuk ke diretory "cd /opt/openoffice.org2.3/program/"
jalanin program "soffice"
bikin di menu kde
bikin di menu start kde
klik kde start klk kanan pilih "edit menu"
pilih editor trus klik kanan pilih new item
name : office
command : '/opt/openoffice.org2.3/program/soffice' #pake tanda ' nya yah
work path : /opt/openoffice.org2.3/program
finish
gretzz to irfahmi
finish

mau milih window manager ketik ini "xwmconfig"


cara buat ngebaca ntfs yaitu pake ntfs-3g
sebelumnya umount dulu partisi yang mau di ntfs
"umount /dev/hda"
"ntfs-3g /dev/hda /mnt/hda? -o force"

cara nginstall Xvidcap buat bikin video tutorial
donwload
trus "installpkg namafile"

install kmail client
download kmailnya
"tar -xjvf kdepim-3.5.6.tar.bz2"
"configure && make && make install"

install thunderbird
download thunderbirdnya
ekstrax "tar -zxvf thunderbird-2.0.0.12.tar.gz"
buat linknya di kde menu editor linknya Thunderbird
atau "double klik thunderbird"

temen g ada yang nanya cara ngerubah password gimana
ketik aja "passwd" ketik password yang panjang
supaya ngga di konfirmasi sama linux lo

mengaktifkan ssh pada backtrack pertama kali
"setup-sshd" untuk start atau memulainya "start-sshd"
untuk stop "stop-sshd"

untuk mengaktifkan firewall di backtrack secara otomatis
bt / # cat >> /etc/rc.d/rc.local
. /etc/rc.d/rc.FireWall start
^d
bt / #
gretzz willy master slackware


Apasih kernel itu (bisa lihat disini)
Apasih perbedaan kernel SMP sama kernel biasa (bisa lihat disini)

=========================================
Install BT3 ke hdd
=========================================
Gw ngga Jelasin bagaimana caranya
membuat partisi di hdd
Siapin partisi hdd contoh:
sda1=backtrack
sda2=swap
——————————
bt~#mkdir /mnt/backtrack
bt~#mount /dev/sda3 /mnt/backtrack/
bt~#mkdir /mnt/backtrack/boot/
bt~#mount /dev/sda1 /mnt/backtrack/boot/
bt~#cp –preserve -R /{bin,dev,home,pentest,root,usr,etc,lib,opt,sbin,var} /mnt/backtrack/
bt~#mkdir /mnt/backtrack/{mnt,proc,sys,tmp}
bt~#mount –bind /dev/ /mnt/backtrack/dev/
bt~#mount -t proc proc /mnt/backtrack/proc/
bt~#cp /boot/vmlinuz /mnt/backtrack/boot/
—————————–
buat lilonya.
bt~#chroot /mnt/backtrack/ /bin/bash
bt~#nano /etc/lilo.conf
—————————–
# Isi dari Lilo.conf
lba32
boot = /dev/sda
prompt
timeout=60
change-rules
reset
vga=791 #tergantung display lo liat aja yang sudah ada
image = /boot/vmlinuz
root = /dev/sda3
label = Backtrack3_final
#selesai
bt~#lilo -v
bt/~#exit
—————————-
trus reboot komputernya :)


semuanya diketik tanpa memakai " "

Read More......

Mdk3 Secret Destruction Mode

Monday, November 24, 2008 · 0 comments

It's a combination of different attacks.
Cisco still has a bunch of support tickets running.
Their Intrusion Detection System crashed because of this special attack.
And with the IDS the routing tables at the whole university got mixed up for
about half an hour.

So, TRY THIS AT HOME, but not anywhere else.

The combination is:
- Running beacon flood mode to generate fake APs with the same name as your
victim
- Auth-DoS the original AP with intelligent mode
- Use the amok mode to kick the clients
And for the next version of mdk3
- Use the upcoming WIDS confusion mode to cross-connect kicked clients to
real and fake APs making all security systems go FUBAR.

In this 802.11-hell, there should be nobody able to access the network.
Because:
-> They get kicked when they connect (Amok mode)
-> They will see thousands of APs, unable to know which is the one to connect,
thus they are just trying around blindly (beacon flood)
-> The original AP may be too busy to handle the real clients because of the
Auth-DoS

Fake Shared Key Authentication
This is world's first fully functional code to enable fake authentication on networks using Shared Key Authentication. You do NOT need to know the key to authenticate, all you need is a keystream that has been chopped with aireplay-ng's chopchop attack. Hirte, another developer from the aircrack-ng community successfully included this code into the aircrack suite.
Fixed in Version 0.2:
- Show error when network does not use Shared Key Authentication
- Get Capability Field from Beacon Frame. (Using the standard capabilities failed for some APs)

ska-0.2.tar.bz2
ska-0.1.tar.bz2

Fragmentation Attack
And another world premiere from me. First implementation of the Fragmentation Attack on Linux. This attack needs a special driver and card, that is able to handle the IEEE802.11 fragmentation correctly, your driver may not work or may need to be updated/modified. The output of this tool is a file in the aircrack-ng keystream format (.xor). The output can be used in the same way like the output of the chopchop attack in aireplay-ng. With that keystream you can build an ARP packet (arpforge-ng or for the 0.6.2 release packetforge-ng). This packet can then be injected into the target wifi system, generating either answers and/or replies increasing the IV count. For an example attack, see the README in the tarball. afrag has already been integrated into aireplay-ng, best idea is to get the aircrack-ng SVN version for the newest fragmentation attack code.

afrag-0.1.tar.bz2

Read More......

Sniffing SSL traffic using MITM attack / ettercap, fragrouter, webmitm and dnsspoof.

· 0 comments

Before reading on this guide is for educational purposes only. I take no responsibility from what people do with this info.


First thing is to get fragrouter. I don't know if you can use other tools provided with the backtrack, there are 100 ways to skin a cat and this is just my way.

http://packetstormsecurity.nl/UNIX/IDS/nidsbench/fragrouter.html


There are lots of things that you can do with fragrouter but we are going to use fragrouter to setup IP forwarding.

We do this with this command :


Code:
fragrouter -B1Squash that window and put it to one side. Now open another shell and we will start dnsspoof with this command


Code:
dnsspoof -i ath0 (or whatever network interface you are using)Again put that window to one side and lets load up webmitm. Webmitm will issue our ssl cert to the victim so we can decrypt the traffic we capture.

Start webmitm by typing


Code:
webmitm -dNow we can start the arp spoof. To start ettercap type


Code:
ettercap -T -M arp:remote /router addy/ /victim addy/Ok now we are rolling next thing is to sniff the traffic. There are a few things you can do know like using ettercap filters and adding urls from metasploit, (Maybe next tut ) and lots of other things. But we are intrested in the ssl traffic so I use wireshark to save the data into a .cap file.

You can find wireshark in Backtrack >>> Privilege Escalation >>> Sniffers.

Now we have loaded wireshark lets start capturing packets. Go to Capture >>> Options and setup what network card you are using and then hit start.

Ok you should now be capturing packets addressed to your victims addy. Once you have captured enough, stop wireshark and save the data to your root directory.

Now to decrypt the SSL data.

You should first download ssldump:

http://www.rtfm.com/ssldump/

ssldump is going to decrypt our sniffed ssl data using our fake ssl cert we issued to the victim. We do this by opening up a shell and typing:


Code:
ssldump -r your.cap -w webmitm.crt -d > outAnd you are done, all the ssl data will be saved to a file called out in your root dir. Use what you like to search it for passwords etc.
by Dr_GrEeN

Read More......

ssldump

· 0 comments

ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP connections on the chosen network interface and attempts to interpret them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it decodes the records and displays them in a textual form to stdout. If provided with the appropriate keying material, it will also decrypt the connections and display the application data traffic.




ssldump 0.9b3
The current version is 0.9b3

ssldump 0.9b3 contains a number of fixes and enhancements over 0.9b2, including.

Security fix: some potential over and underflows
Added support for VLANs.
Added -P flag to disable promiscuous mode. Fixed bugs in the TCP reassembly code.
A lot of bug fixes.

Read More......

Nokia Energy Profiler 1.1

· 0 comments

Nokia Energy Profiler is a stand-alone test and measurement application for S60 3rd Edition, Feature Pack 1 devices (and onwards). The application allows developers to test and monitor their application’s energy usage in real time in the target device.


The application is available as a SIS package for S60 3rd Edition devices, but measurement works only in S60 3rd Edition, Feature Pack 1 (or newer). Older devices can still view files.

This view shows the cellular signal levels as RX and TX levels. RX level corresponds to the power of the received cellular signal. TX level refers to the transmission power from the cellular radio. Both measures are in dBm. TX levels show up only during active transmission periods (voice or data). RX levels are available whenever connected to a cellular network. This means there is no RX level in the Offline phone profile. Average/instant bar values are for the selected signal that is shown in the corner indicator. You can toggle the chosen signal with the [6] key. Unlike all the other views, the zero y-axis is in the bottom of the screen. RX levels are typically between -30 to -120 dBm (a lower value means poorer signal), whereas TX levels are positive dBm (a higher value means more power).

Read More......

FTD FieldTest NetMonitor S60v3 SymbianOS9.1/9.2

· 0 comments

Description:

FTD is netmonitoring mobile network application mobile devices.

Full GSM signaling which can be visible to network operator:
Information on the serving cell:
- Hoping, Channel carrier number, RX level, TX power levels, Rx quality, Time Slot, Timing advance, Radio Link Timeout, C1, C2, Currently used band, Type of current channel...
Information on the 1st, 2nd, 3rd, 4th, 5th, 6th, 7th, 8th neighbours.
Network selection display.
System information bits for the service cell.
Paging repeat period, TMSI, periodic location update.
Network parameters.
Ciphering, hoping DTX status and IMSI.
Uplink DTX switching display.
BTS-TEST carrier: lock / unlock on one BTS frequency.
Toggle cell barred status.
Select which band to use: GSM 900 - GSM 1800 - GSM 1900

Full GPRS signaling displays:
Information on the current GPRS state and previous TBF configuration:
- Hoping, Channel carrier number, RX level, Timing advance, Downlink time slot, Uplink time slot, Channel coding scheme downlink/uplink, Timing advance index, TFI and MAC mode for TBF config, Type of current channel, UFS values...
Previous UL TBF establishment.
Information on the GMM state.
Values of P-TMSI, RAC, SMS radio priority, Ciphering and Non-DRX parameters.
GPRS Network parameters.
Packet control channel parameters.
Packet system information parameters.
GPRS information on the serving cell and neighbors..

And many more...

Installation notes:

Copy/Move
FtdApp_reg.rsc to C:/Private/10003a3f/import/Apps

Copy/Move
Ftd.mbm, Ftd.mif, ftd.rsc, Ftd_aif.mif, ftdata_wk15_07.dat, ftdata_wk41_06.dat, Alarm.rsc, AlarmList.mbm, CallEnd.rsc, Custom.rsc to C:/Resource/Apps

Copy/Move
ftd.dll55l to C:/Resource/Plugins

Copy/Move
FTD.exe, FtDaInterface.dll, ftdaserver.exe, FtDbInterface.dll, ftdbserver.exe, FtdGwcTest.exe, FtEngine.dll to C:/Sys/Bin


For application icon in SymbianOS 9.1 use the file in attachment.

Tested on
N73, N95, N95 8GB, 6120c, 6290, 5700, E65, E51, E90.

Compatibiltiy:
Should work on all S60v3 devices

Read More......

JoikuSpot Light v2.1 Beta S60v3 SymbianOS [Updated - 31st July '08]

· 0 comments

JoikuSpot is FREE and SECURE Mobile HotSpot solution that turns Nokia phones to a WLAN HotSpot.

JoikuSpot software is installed directly to the phone. When switched on, laptops and iPods can establish instant, secure and fast WLAN connection via smartphone's JoikuSpot HotSpot using phone's own 3G internet connection.

Multiple devices can connect to JoikuSpot in parallel and seamlessly share the same 3G internet connection.

You can use JoikuSpot to access internet e.g. on the train, car, sailing boat, summer cottage, hotel, while walking, or when at remote office...where ever you are!

Release notes for JoikuSpot Light:
-Landing page works with all operators
-Encryption support with WEP including 128bit key generator
-Battery threshold shutting down the client when battery level is too low
-Default Access point setting
-Support for secure SSH tunnels with Putty
-MapSpot 1.0 support for GPS HotSpot location identification with external mapping services such as Google Maps

All settings can be adjusted after JoikuSpot is stopped, just press the Stop key.

Please uninstall the previous version before updating your JoikuSpot. Just go Tools --> Application management on your Nokia phone.


JoikuSpot works with Nokia S60 3rd Ed phones. For Windows Mobile version, please download WMWifiRouter.

JoikuSpot requires that you have a working Internet connection in the phone. WAP connection sharing is NOT supported.

Please make sure that you have the latest firmware on the phone. You can easily update it with Nokia Software Updater.

JoikuSpot Light supports HTTP and HTTPS protocols. This means that you can browse web and also secure sites (webmails, banks). HTTPS requires that "Automatic proxy configuration" is set on your web browser. See User guide for easy setup.

Other protocols such as IMAP (mail) or FTP are not part of Light Edition. We will soon launch a commercial Premium Edition with full protocol support. Light Edition will continue to stay free.

HTTPS settings for Apple iTouch:
Go Settings --> Wi-fi and select JoikuSpot network. Go to bottom and set HTTP proxy to Auto. TIP for some phone models and iTouch combinations:
Try auto configuration url http://192.168.2.1/wpad.dat or set HTTPS proxy as 192.168.2.1 port 80

Known issues:

-JoikuSpot has been tested successfully with several laptops: Fujitsu-Siemens, Apple Macbook, Dell, HP and new IBM models seem to work well. Older laptops might have an issue with the WLAN chipset.

-PSP and Nintendo DS require WLAN infrastructure mode and
Symbian does not support it yet. We are looking into it and discussing with Symbian.

-If you have firewall program installed in your smartphone (F-Secure Mobile Security e.g.), try lowering the security level. We shall do a fix for this to final version.

-Some operators (at least in UK) require that you have to go to their store and prove that you are over 18 in order to browse the web. Otherwise you will be limited just to their own sites. This in not a bug in JoikuSpot, it also applies to all web surfing. Try accessing the web through 3G first with phone's web browser to see if your access is limited.

Read More......

Counter measurements of FTE against copying their Bluetooth sniffer

· 0 comments

FTE is finally reacting on the fact that you can easily copy their Comprobes firmware to other, regular Bluetooth USB dongles. First, with their new hardware they released earlier this year, also the structure of the firmware has changed. Therefore the newer firmware wont work out of the box the good old way.

Second they seem to have changed their licensing policy. You have to register your software (with your license key) of FTE4BTonline. And, that’s the funny thing, seems that you also have to ‘de-register’ your software online. Means: when you want to install your software somewhere else, de-install it on the other PC and ‘de-register’ it online. Then install it on the other PC.

source: http://www.evilgenius.de/

Read More......

Sucking Data off of Cell Phones

· 0 comments

There is a new electronic capture device that has been developed primarily for law enforcement, surveillance, and intelligence operations that is also available to the public. It is called the Cellular Seizure Investigation Stick, or CSI Stick as a clever acronym. It is manufactured by a company called Paraben, and is a self-contained module about the size of a BIC lighter. It plugs directly into most Motorola and Samsung cell phones to capture all data that they contain. More phones will be added to the list, including many from Nokia, RIM, LG and others, in the next generation, to be released shortly.

Read More......

Packet Injection wifi Intel 4965 AGN

· 0 comments

Finally there exists a way how to solve packet injection with driver for wifi card Intel WiFi Link 4965AGN – operating system Linux. The one modified is the original driver iwlwifi (included for example in distribution Backtrack Linux). Be aware that the packet injection is functional but still it is an experimental thing (develop version). Besides the complicated compilation and occasional unstability so far (September 2008) the aireplay-ng attack -9 (t.j test injection) does not work on 100%.


Tutorial for packet injection Intel Pro Wireless 4965AGN (iwl4965)
What do you need:
- kernel 2.6.25 or higher*,
- kernel sources,
- compat-wireless-2.6 packet,
- aircrack-ng (=””> RC1),
- basic development tools (make, gcc, …),
- injection patche for driver.
Be aware that the instruction is for generic Linux. Your distribution, mainly in case of advanced packet administration (Debian, Ubuntu, etc.), can include required packets in source (then you don’t have to compile it manually from source code).

Preparation of kernel
Make sure that your kernel configuration includes mentioned configuration. Especially watch out for those that are as modules built-in and those that can be added.

Networking -> Wireless :
[M] Improved wireless configuration API
[*] nl80211 new netlink interface support
[*] Wireless extensions
[M] Generic IEEE 802.11 Networking Stack (mac80211)
[M] Generic IEEE 802.11 Networking Stack (DEPRECATED)
[M] IEEE 802.11 WEP encryption (802.1x)
[M] IEEE 802.11i CCMP support
[M] IEEE 802.11i TKIP encryption
[M] Software MAC add-on to the IEEE 802.11 networking stack

It is also necessary to turn on “Automatic kernel module loading” under “Loadable module support”, otherwise you will end if “module dependency errors”. At this moment you can suppose that your kernel is prepared and is running.

Driver compilation
Development version of drivers exists as a part of compat-wireless project. We will need the up-to-date packet. You can get it here.
Download to your home folder (or where ever you want),then download patches for iwlwifi drivers, including fragmentation patch for mac80211. Last mentioned is available here (download 2.6.26-wl version). The first available is hang up at paste.bin.

cd ~
tar xjf compat-wireless-2.6.tar.bz2
cd compat-wireless-2008-*
wget http://pastebin.com/pastebin.php?dl=f7bc96631 -O iwl4965-injection.patch
wget http://patches.aircrack-ng.org/mac80211_2.6.26-wl_frag.patch
patch -p1 < iwl4965-injection.patch
patch -p1 < mac80211_2.6.26-wl_frag.patch
make
make install [jako root!]
make unload; rmmod ssb mac80211 cfg80211 [all as root!]
make load [as root!]
echo options iwl4965 swcrypto=1 >> /etc/modprobe.d/options [all as root!]

This will allow to start it and to use the treated driver module. In case of success in the system there is registered interface “wlan0″ and “wmaster0″, the first can be seen by iwconfig.


Injecting
From the way how mac80211 works it is obvious that you can’t inject at the original interface wlan0. This is the moment when you can use the tool airmon-ng. By this tool you will create the interface mon0 that is able to do packet injection. Command:

# airmon-ng start wlan0

If the word error appears “iw”, program not found, download and compile. Program “iw” is pendent to “libnl” pack (downloadable here). If it is successful you can try again to run airmon-ng. The output should look like this:

# airmon-ng start wlan0
Interface Chipset Driver
wlan0 Intel 4965 a/b/g/n iwl4965 - [phy0] (monitor mode enabled on mon0)

If you made it up to here your wireless card is probably ready for packet injection. Interface mon0 can be used for airodump-ng scan and aireplay-ng packet injection.

First reference and tutorial was published (in English) at tinyshell forum. The text is a translation from the record at aircrack-ng wiki. Detailed description can be found in the discussion here. The summary of steps for Ubuntu 8.04 (or here). The card ipw4965 is not at this moment available, so do the testing and your comments are welcomed at the discussion forum.
via airdump.net

Read More......

Destruction Mode Charon 2 GUI

· 0 comments

Last year we told about not so well know tool called MDK, as part of the “Cracking WEP key - Acces Point with pree-shared key (PSK” concept. Alot of time has passed by since then and now we have well workiong stable version even with GUI extension Charon. It was not much of a deal in Fall 2007, but the situation has changed. The autor has also decidedd to eneble the Destruction Mode in the menu. The extension is written in Java and is very stable. If you have not encountered the MDK tool before, it is a proof-of-concept tool from the authors of the PTW implementation in aircrack-ng (Darmstadt Lab).

It tses 8 concepts of attacking wireless networks.

b - Beacon Flood Mode sends beacon frames and confuses the client by creating fake APs. This is able to make AP scanning applications and devices unusable
a - Authentication DoS mode sends auth frames to all APs in range. This results in freezinig or restarting devices
p - Basic probing a ESSID Bruteforce mode sends probe requests to APs and checks replys
d - Deauthentication / Disassociation Amok Mode. Disconnects AP’s all clients
m - Michael shutdown exploitation (TKIP). Permanetnly interrupts all communication in the wireless network
x - Penetration test for 802.1X
w - WIDS/WIPS Confusion.
f - MAC filter bruteforce mode (works only on APs that use proper open auth denial)

The GUI interface makes clicking tool out of MDK and allows the use of the already mentioned Destruction Mode. Just so you know what really happens, it’s scenario is described below:

Destruction mode
Destruction mode combines several attacks. This attack renders IDS Cisco useless. On system that dont colapse, it at least breaks the routing table. In the last version, the proccess is semi-automatic.

1. Beacon flood generates fake Access Points with the victim’s SSID
2. Auth-DoS floods victim’s AP with auth requests (ini inteligentnt mode)
3. Amok mode dissasociates clients from the AP
4. WIDS confusion mód connects the clients via fake APs back to the ‘real’ AP

In result, noone is able to connect because Amok mode disconnects anyone who tries, clients detect thousands of AP with no clue on whichone is the realone. That will produce a nice beacon flood. The real AP will be too busy processing auth frames generated by Auth-DoS.

Interface description
Each mode opens a new interface. The main menu

Charon Auth Flood mode
Charon Deauth Flood mode
Charon Decloacking mode
Charon Deny Trafic mode
Charon Destruction mode
Charon Fake Access Point mode
Charon MAC Brute Force mode
Charon WIDS mode

Every output has it’s own control panel.

Charon is available in lzm pack (ready out-of-the-box is only in Slackware), MDK wili run on any Linux based distribution. Charon with the latest versioin of MDK3 is available in the download section. Don’t forget the wlanconfig ath0 destroy / wlanconfig ath0 create wlandev wifi0 wlanmode monitor before pentesting (when full support of VAP cards such as Atheros will be done). Corrently the supported chipsets are ipw3945 and rt73. Ps: The pack even includes airchucknorris-ng 3 , but well tell you about that next time.
via airdump.net

Read More......

WPA Wi-Fi Security Gets Cracked

· 0 comments

Your Network is No Longer Secure

When it came to setting up Wi-Fi networks, if you knew what you were doing you would enable WPA security. This would keep people with a small amount of knowledge from gaining access to your network, which is very easy with the much weaker WEP security. No more! WPA security has now been cracked, rendering all but the most tightly-locked networks open for hacking.

Researchers by the name of Erik Tews and Martin Beck were the ones to do the cracking, finding a way to break the temporary Key Integrity Protocol (TKIP) in under 15 minutes. They haven't, however, figured out how to gain access to the data that travels between the PC and the router, so that's a plus.

So what should you do to secure your network? Switch to WPA2, which is still uncracked for the time being. And if you want to be one of those marginally-skilled Wi-Fi hackers? Grab the Aircrack-ng Linux program, which has already had this new code added to it.
via gizmodo.com

Read More......

tkiptun-ng

· 0 comments

It is a tool created by Martin Beck aka hirte, a member of aircrack-ng team. This tool is able to inject a few frames in a WPA TKIP network with QoS.

He worked a few weeks ago with Erik Tews (who created PTW attack) for a conference in PacSec 2008: “Gone in 900 Seconds, Some Crypto Issues with WPA”.

Read More......

WPA wireless encryption cracked

· 0 comments

Researchers have found a method of cracking a key encryption feature used in securing wireless systems that doesn't require trying a large number of possibilities. Details will be discussed at the sixth annual PacSec conference in Tokyo next week.

According to PCWorld, researchers Erik Tews and Martin Beck have found a way to crack the Temporal Key Integrity Protocol (TKIP) key, used by Wi-Fi Protected Access (WPA). Moreover, they can do so in about 15 minutes. The crack apparently only works for data aimed at a Wi-Fi adapter; they have not cracked the encryption keys used to secure data that goes from the PC to the router

TKIP has been known to be vulnerable when using a high volume of educated guesses, or what's called a dictionary attack. The methods to be described by Tews and Beck do not use a dictionary attack. Apparently their attack uses a flood of data from the WPA router combined with a mathematical trick that cracks the encryption.

Some elements of the crack have already been added to Beck's Aircrack-ng Wi-Fi encryption hacking tool used by penetration testers and others.

Tews is no stranger to cracking Wi-Fi encryption. In 2007, he broke 104-bit WEP (Wired Equivalent Privacy) (PDF) in 2007. WEP was used by TJX Corp. to secure wireless cash register transmissions from its stores but criminals were able to exploit weaknesses in its encryption to commit the largest data breach in U.S. history.

Given that WEP and WPA are not secure, experts recommend using WPA2 when securing wireless networks.
via news.cnet.com

Download tkiptun-ng and airdecloak-ng

ath5k frequency patch

Read More......

Tkiptun-ng

· 0 comments

Tkiptun-ng

Description
NOTE: This documention is still under development. Please check back on a regular basis to obtain the latest updates. If you have any feedback on the documentation, please post your comments to the Forum.

NOTE: The tkiptun-ng SVN version is not fully working. A working version will be released shortly.

Tkiptun-ng is a tool created by Martin Beck aka hirte, a member of aircrack-ng team. This tool is able to inject a few frames into a WPA TKIP network with QoS. He worked with Erik Tews (who created PTW attack) for a conference in PacSec 2008: “Gone in 900 Seconds, Some Crypto Issues with WPA”.

Tkiptun-ng is the proof-of-concept implementation the WPA/TKIP attack. This attack is described in the paper, Practical attacks against WEP and WPA written by Martin Beck and Erik Tews. The paper describes advanced attacks on WEP and the first practical attack on WPA. An additional excellent references explaining how tkiptun-ng does its magic is this ars technica article Battered, but not broken: understanding the WPA crack by Glenn Fleishman.

Basically tkiptun-ng starts by obtaining the plaintext of a small packet and the MIC (Message Integrity Check). This is done via chopchop-type method. Once this is done, the MICHAEL algorithm is reversed the MIC key used to protect packets being sent from the AP to the client can be calculated.

At this point, tkiptun-ng has recovered the MIC key and knows a keystram for access point to client communication. Subsequently, using the XOR file, you can create new packets and inject them. The creation and injection are done using the other aircrack-ng suite tools.

Please remember this is an extremely advanced attack. You require advanced linux and aircrack-ng skills to use this tool. DO NOT EXPECT support unless you can demonstrate you have these skills. Novices will NOT BE SUPPORTED.

General Requirements
Both the AP and the client must support QoS or sometimes called Wi-Fi Multi-media (WMM) on some APs.

The AP must be configured for WPA plus TKIP.

A fairly long rekeying time must be in use such as 3600 seconds. It should be at least 20 minutes.

Specific Requirements
The network card MAC address that is used by tkiptun-ng needs to be set to the MAC address of the client you are attacking.

Why?
This section is very preliminary. As tkiptun-ng works, it goes through various phases. People ask “Why is such and such done?”. This section attempts to answer those questions.

Question:
Why is the handshake gathered?

Answer:
It is done for debugging reasons. First, so that the temporal keys in tkiptun can be calculated. Seocnd, check them against the calculated values from the plaintext packet.

Another reason, is to check if the AP/client reuses the nonces after a mic shutdown.

Usage
Usage: tkiptun-ng

Filter options:

-d dmac : MAC address, Destination
-s smac : MAC address, Source
-m len : minimum packet length
-n len : maximum packet length
-t tods : frame control, To DS bit
-f fromds : frame control, From DS bit
-D : disable AP detection
Replay options:

-x nbpps : number of packets per second
-a bssid : set Access Point MAC address
-c dmac : set Destination MAC address
-h smac : set Source MAC address
-F : choose first matching packet
-e essid : set target AP SSID
Debug options:

-K prga : keystream for continuation
-y file : keystream-file for continuation
-j : inject FromDS packets
-P pmk : pmk for verification/vuln testing
-p psk : psk to calculate pmk with essid
Source options:

-i iface : capture packets from this interface
-r file : extract packets from this pcap file



--help : Displays this usage screen
Usage Examples
The example below is incomplete but it gives some idea of how it looks.

Input: tkiptun-ng -h 00:0F:B5:AB:CB:9D -a 00:14:6C:7E:40:80 -m 80 -n 100 ath0

Output:

Blub 2:38 E6 38 1C 24 15 1C CF
Blub 1:17 DD 0D 69 1D C3 1F EE
Blub 3:29 31 79 E7 E6 CF 8D 5E
14:48:00 Michael Test: Successful
14:48:00 Waiting for beacon frame (BSSID: 00:14:6C:7E:40:80) on channel 9
14:48:00 Found specified AP
14:48:00 Sending 4 directed DeAuth. STMAC: [00:0F:B5:AB:CB:9D] [ 2| 4 ACKs]
14:48:02 WPA handshake: 00:14:6C:7E:40:80 captured
14:48:02 Waiting for an ARP packet coming from the Client...
Saving chosen packet in replay_src-1109-144822.cap
14:48:22 Waiting for an ARP response packet coming from the AP...
Saving chosen packet in replay_src-1109-144822.cap
14:48:22 Got the answer!
14:48:22 Waiting 5 seconds to let encrypted EAPOL frames pass without interfering.

Sent 40 packets, current guess: 27..

Read More......

Airdecloak-ng

· 0 comments

Airdecloak-ng is a tool that removes wep cloaking from a pcap file. Some WIPS (actually one) can actively “prevent” cracking a WEP key by inserting chaff (fake wep frames) in the air to fool aircrack-ng. In some rare cases, cloaking fails and the key can be recovered without removing this chaff. In the cases where the key cannot be recovered, use this tool to filter out chaff.

The program works by reading the input file and selecting packets from a specific network. Each selected packet is put into a list and classified (default status is “unknown”). Filters are then applied (in the order specified by the user) on this list. They will change the status of the packets (unknown, uncloaked, potentially cloaked or cloaked). The order of the filters is really important since each filter will base its analysis amongst other things on the status of the packets and different orders will give different results.

Important requirement: The pcap file needs to have all packets (including beacons and all other “useless” packets) for the analysis (and if possible, prism/radiotap headers).

Options
Option Explanation
-i Path to the capture file.
–bssid BSSID of the network to filter.
–ssid ESSID of the network to filter (not yet implemented).
–filters Apply theses filters in this specific order. They have to be separated by a ','.
Example: –filters signal,consecutive_sn
–null-packets Assume that null packets can be cloaked (not yet implemented).
–disable-base_filter Disable the base filter.
–drop-frag Drop all fragmented packets. In most networks, fragmentation is not needed.

Read More......

Airtun-ng

· 0 comments

Airtun-ng is a virtual tunnel interface creator. There are two basic functions:

Allow all encrypted traffic to be monitored for wireless Intrusion Detection System (wIDS) purposes.
Inject arbitrary traffic into a network.

In order to perform wIDS data gathering, you must have the encryption key and the bssid for the network you wish to monitor. Airtun-ng decrypts all the traffic for the specific network and passes it to a traditional IDS system such as snort.

Traffic injection can be fully bidirectional if you have the full encyption key. It is outgoing unidirectional if you have the PRGA obtained via chopchop or fragmentation attacks. The prime advantage of airtun-ng over the other injection tools in the aircrack-ng suite is that you may use any tool subsequently to create, inject or sniff packets.

Airtun-ng also has repeater and tcpreplay-type functionality. There is a repeater function which allows you to replay all traffic sniffed through a wireless device (interface specified by -i at0) and optionally filter the traffic by a bssid together with a network mask and replay the remaining traffic. While doing this, you can still use the tun interface while repeating. As well, a pcap file read feature allows you to replay stored pcap-format packet captures just the way you captured them in the first place. This is essentially tcpreplay functionality for wifi.

Airtun-ng only runs on linux platforms and does not support WDS.

Read More......

Packetforge-ng

· 0 comments

The purpose of packetforge-ng is to create encrypted packets that can subsequently be used for injection. You may create various types of packets such as arp requests, UDP, ICMP and custom packets. The most common use is to create ARP requests for subsequent injection.

To create an encrypted packet, you must have a PRGA (pseudo random genration algorithm) file. This is used to encrypt the packet you create. This is typically obtained from aireplay-ng chopchop or fragmentation attacks.

Read More......

Wesside-ng

· 0 comments

Wesside-ng is an auto-magic tool which incorporates a number of techniques to seamlessly obtain a WEP key in minutes. It first identifies a network, then proceeds to associate with it, obtain PRGA (pseudo random generation algorithm) xor data, determine the network IP scheme, reinject ARP requests and finally determine the WEP key. All this is done without your intervention.


The original wesside tool was written by Andrea Bittau and was a proof-of-concept program to accompany two published papers. The two papers are “The Fragmentation Attack in Practice” by Andrea Bittau and “The Final Nail in WEP's Coffin” by Andrea Bittau, Mark Handley and Josua Lockey. See the the links page for these papers and more. The papers referenced provide excellent background information if you would like to understand the underlying methodologies. The concepts for the fragment attack currently incorporated in aircrack-ng came from these papers.

For you trivia buffs, who knows where the program name “wesside” came from? As it turns out, it comes from tupac the rapper (2Pac / Tupac Shakur).

Wesside-ng has been updated to reflect advances in determining the WEP key. Here are the steps which wesside-ng takes:

Channel hops looking for a WEP network.
Once a network is found, it tries to authenticate. If authentication fails, then the program attempts to find a MAC address currently associated with the AP to spoof.
Once the program has successfully authenticated then it associates with the AP.
After sniffing a single data packet, it proceeds to discover at least 128 bytes of PRGA by sending out larger broadcasts and intercepting the relayed packets. This is what is known as the fragmentation attack. The PRGA is written to the prga.log file.
After it sniffs an ARP request, it decrypts the IP address by guessing the next four bytes of PRGA using multicast frames and the linear keystream expansion technique. By decrypting the ARP request, the network number scheme can be determined plus the source IP of ARP request. This is used to build the ARP request which is used for subsequent injection.
It floods the network with ARP requests for the decrypted IP address.
Launches the aircrack-ng PTW attack to determine the WEP key.
So you may be asking “What is the linear keystream expansion technique?”. The foundation is the fact that packets like an encrypted ARP request can easily be identified combined with the fact that the start of it has known plain text. So the program first obtains the PRGA from known plain text portion of the ARP request. Then it creates a new ARP request packet broken into two fragments. The first fragment is one more byte then the know PRGA and the PRGA is guessed for the extra byte. These guesses are sent and the program listens to see which one is replayed by the AP. The replayed packet has the correct PRGA and this value was included in the destination multicast address. Now that we know the correct PRGA, one more byte can be decrypted in the original ARP request. This process is repeated until the sending IP in the original ARP request is decrypted. It takes a maximum of 256 guesses to determine the correct PRGA for a particular byte and on average only 128 guesses.

There are a few known limitations:

Only open authentication is support. Shared key authentication is not supported.
Only B and G networks are supported.
Fake MAC functionality is broken if there is a lot of traffic on the network.
Please remember that this is still basically a proof-of-concept tool so you can expect to find bugs. Plus you will find features that don't quite work as expected. Consider using easside-ng as an alternative or a companion program. Easside-ng is considered relatively stable software.

Read More......

Easside-ng

· 0 comments

Easside-ng is an auto-magic tool which allows you to communicate via an WEP-encrypted access point (AP) without knowing the WEP key. It first identifies a network, then proceeds to associate with it, obtain PRGA (pseudo random generation algorithm) xor data, determine the network IP scheme and then setup a TAP interface so that you can communicate with the AP without requiring the WEP key. All this is done without your intervention.


There are two primary papers “The Fragmentation Attack in Practice” by Andrea Bittau and “The Final Nail in WEP's Coffin” by Andrea Bittau, Mark Handley and Josua Lockey which are of interest. See the the links page for these papers and more. The papers referenced provide excellent background information if you would like to understand the underlying methodologies. The concepts for the fragment attack currently incorporated in aircrack-ng came from these papers.

In order to access the wireless network without knowing the WEP key is done by having the AP itself decrypt the packets. This is achieved having a “buddy” process running on a server accessible on the Internet. This “buddy” server echoes back the decrypted packets to the system running easside-ng. This imposes a number of critical requirements for easside-ng to work:

The target access point must be able to communicate with the Internet.
A “buddy” server must exist on the Internet without firewalling of the port used by easside-ng. The default is TCP and UDP port 6969.
The system running easside-ng must have access to the Internet and be able to communicate with the “buddy” server.
There are two overall phases:

Establish basic connectivity between easside-ng, buddy server and the access point.
Communication with the WIFI network.

Read More......

Installing Backtrack 3 under VirtualBox

· 0 comments

Installing Backtrack 3 under VirtualBox

Intro: This is a Tutorial on how to install Backtrack 3 (Linux) on Windows XP so you will
be able to run both Windows and Backtrack 3 (Linux) at the same time without rebooting.

It is written "skiny" so you can read it on one side of the screen and install Backtrack 3 in
VirtualBox on the other side of the screen.

The text "hxxp://." means to use http and add "www" .

In this Tutorial we will be using the free virtualization tool VirtualBox. If you have ever
used VMWare then the procedure is similar but there are a few more steps (and the
ability to directly access your hardware (ONLY if you have a NEW computer that supports
either VT-x or AMD-V)).

I have Backtrack 3 working perfectly and can boot from my harddrive, your results may be
better (or worse) depending on: your computer, your "Wireless Network Adapter" driver,
your choice of "Wireless Network Adapter" card and your abilities in general.

It is also possible to use VirtualBox the other way around, to install Windows on Linux.

You can have Linux directly access your hardware and use the virtualization to run Debian,
Windows XP, and Backtrack 3 (Slackware Linux) all at the same time. If you run VirtualBox
under Debian GNU/Linux and use VirtualBox to virtualize both Windows XP and Backtrack 3
then you won't have to worry about not getting direct access to your hardware and all of
Backtrack 3's programs should work correctly.

Running Backtrack 3 under VirtualBox on a Windows Host means that some of Backtrack 3's
programs will not work for some people (depending on your setup) but you can use most
of the tools to analyze packets that you have already captured with OmniPeek for Windows.

One of the best features (other than the ability to run Linux and Windows at the same
time) is that booting is quick and any changes you make are sticky between boots. You
can take Snapshots of your system and restore to previous versions if you get hit with
a virus (or type the wrong command).

Please note that this is an ADVANCED tutorial so Google before you ask for help!


----- Getting the software needed for this installation -----

Go to the Remote Exploit Website and visit the download page, obtain "bt3final_usb.iso".

BackTrack Downloads
hxxp://.remote-exploit.org/backtrack_download.html

Description: USB Version (Extended)
Name:: bt3final_usb.iso
Size: 784 MB
hxxp://.remote-exploit.org/cgi-bin/fileget?version=bt3-usb


Go to the VirtualBox Website and visit the download page, obtain "VirtualBox-2.0.2-36488-Win_x86.msi".

VirtualBox binaries
hxxp://.virtualbox.org/wiki/Downloads

VirtualBox 2.0.2 for Windows hosts x86
hxxp://download.virtualbox.org/virtualbox/2.0.2/VirtualBox-2.0.2-36488-Win_x86.msi


----- Installing VirtualBox 2.0.2 for Windows -----

Double click on the "VirtualBox-2.0.2-36488-Win_x86.msi" file. Reboot. Come back here.


----- Installing Backtrack 3 under VirtualBox -----

1.): Start VirtualBox and choose the "New" button.


2.): Name the Virtual Machine "Backtrack 3" and choose "Linux 2.6" for the "OS Type". Click the "Next" button.


3.): For the "Base Memory Size" choose at least 512k. I suggest 1024k if you have 3G of RAM. Click the "Next" button.


4.): On the "Virtual Hard Disk" pane click "New", click the "Next" button.
Choose the "Fixed-size Image" Radio Button, click the "Next" button.
Click the "Select Button" and choose a drive to store your Virtual Disk images.
Click on the "Create New Folder" icon and create a new directory called "Backtrack3".
Click on the newly created directory and type "Backtrack3_boot" as the "File Name", click the "Save" button.
You are back at the "Virtual Hard Disk" pane.
The "Image File Name" would now be something like: "C:\Backtrack3\Backtrack3_boot.vdi".
Leave the "Image Size" at 8GB, click the "Next" button.
Check that everything is correct, click the "Finish" button.
Wait about 2 minutes while the new "Virtual Hard Disk" is created.
Wait until you are back at the "Virtual Hard Disk" pane.
The "Boot Hard Disk (Primary Master)" would now be: "Backtrack3_boot.vdi (C:\Backtrack3)".
Click the "Next" button.
5.): You are now at the "Summary" pane. Check that everything is correct, click the "Finish" button.


6.): You will now have exited the "Wizard" and be on the "Details" tab.


7.): Click on the "CD/DVD-ROM" (Not mounted) area.
Click the "Mount CD/DVD Drive" checkbox.
Click the "ISO Image File", "Radio Button", click on the "Select Button".
In the "Virtual Disk Manager" pane click the "Add" button.
Look for your file: "bt3final_usb.iso" and click on it, choose open. Click "Select".
The "ISO Image File" would now be something like: "bt3final_usb.iso (C:\Downloads)".
8.): In the left panel of the "Settings" pane click on "General". You should be on the "Basic" tab.


9.): In the "General", "Settings", "Basic" tab you can change the "Video Memory Size" from
8MB to 120MB (120MB). If you use 120MB (120!) of memory for the "Video Memory Size" then
you should be OK. If you choose 128MB of memory then VirtualBox will crash on my machine
(but you should test it on yours). When I look at KDE's "Start", "System", "System Information",
"PCI" it says my "InnoTek VGA Compatible Controller" has only 8MB of memory, that makes
little sense since I can run 1024x768x24. If someone can get 32 bit graphics let us know.

When you get the X Window started (try the boot option "VESA KDE") there are only three video
modes available in KDE's "System", "Settings", "Hardware", "Configure Display". These are
"1024x768x16x85Hz", "800x600x16x85Hz", and, (least of all), "640x480x16x85Hz". Not great.

It is likely you will want to read Section 4.3.2 of the VirtualBox "UserManual.pdf", edit
Backtrack 3's "/etc/X11/xorg.conf" and then add this (or alter existing) section in xorg.conf:


Code:
Advice about "/etc/X11/xorg.conf" was deleted, see bottom of post.Read Section 9.5 of the Sun xVM VirtualBox Help "Custom VESA Resolutions" if you want to
change the 'text mode' screen run this command (and modify your kernel params) (this did
not work for me but the error message gives other numbers to use):

"C:\Program Files\Sun\xVM VirtualBox\VBoxManage" setextradata VMNAME "CustomVideoMode1" "1400x1050x32"

The VESA mode IDs for custom video modes start at 0x160. In order to use the above defined
custom video mode, the following command line has be supplied to Linux (by editing your boot
command line ("TAB" key when booting):

vga = 0x200 | 0x160
vga = 864


I tried to run xorgconfig to create an updated "/etc/X11/xorg.conf" and found that the
VirtualBox Video Driver will only support certain modes while letting the X Server reinitialize
the GUI correctly. It is possible to choose amongst many video modes but unfortunately
most will confuse the X server as to what the actual screen size is and result in the
Toolbar being drawn offscreen. If you get in this situation just right-click on the Desktop
and choose "Configure Desktop", "Display" and choose screen size 1024x768@85Hz
(assuming you don't delete this setting from "/etc/X11/xorg.conf").

----------

Revision - Fixes for ' /etc/X11/xorg.conf ' :


You could add this section to enable translucency and shadows (it may slow things down
(depending on your theme, some translucency is very slow) but allows fancier themes).


Code:
Section "Extensions"
Option "Composite" "Enable"
EndSection

You should add / change these sections to enable more choices of Display size.


Prior to the "Monitor section" add these lines (CHANGE the BusID line to suit your system - you
might get away with commenting it out):


Code:
Section "Device"
Identifier "Generic Video Card"
Driver "vboxvideo"
BusID "PCI:0:2:0"
EndSection
# *********************************************************
# Monitor section
In the ' Section "Monitor" / Identifier "My Monitor" ' section try these settings:


Code:
HorizSync 28-96
VertRefresh 43-85
# Add
Option "DPMS"
In the ' Section "Device" ' section try this:


Code:
Section "Device"
# Identifier "VESA Framebuffer"
Identifier "Generic Video Card"
Driver "vboxvideo"
EndSection
In the ' Section "Screen" ' section try this:


Code:
Section "Screen"
Identifier "Screen 1"
# Device "VESA Framebuffer"
Device "Generic Video Card"
Monitor "My Monitor"
Now you should be able to change this subsection in the ' Section "Screen" ' section and have the
values work properly. Check this in [Start] -> System -> Settings -> Hardware -> Display .

No more "Draw ToolBar Offscreen" Bug.


Code:
Subsection "Display"
Depth 24
# Modes "1024x768" "800x600" "640x480"
Modes "1024x768" "1280x1024" "1152x864" "1400x1050" "1600x1200" "1800x1400" "800x600" "640x480"
ViewPort 0 0
EndSubsection
I am more familiar with Debian (Lenny) than Slackware. I am able to boot Lenny in 24Bit mode
without VirtualBox's annoying messages about screen mode that occur when booting Slackware.

These changes to /etc/X11/xorg.conf work in VirtualBox on both Lenny and Slackware so they are
more specific to X11 in VirtualBox than they are to either Operating System. This is good.

I am still using the "VESA KDE" boot option.

write by Nokii@forums.remote-exploit.org

Read More......

Installing Backtrack 3 under VirtualBox - Part 2

· 0 comments

10.): In the "General", "Settings", "Advanced" tab you should do the following:
Click the "Boot Order", "Floppy" checkbox to uncheck it.
The "CD/DVD-ROM" should be the first boot device (for installation only).
You can leave the "Boot Order", "Hard Disk" checkbox checked, you will re-order the drives later.
Leave the "Extended Features", "Enable ACPI" checkbox checked.
Click the "Extended Features", "Enable IO APIC" checkbox to make it checked.
If you have a newer CPU then click the "Extended Features", "Enable VT-x/AMD-V" checkbox to make it checked.
Click the "Extended Features", "Enable PAE/NX" checkbox to make it checked.
Choose "Bidirectional" for the "Shared Clipboard" setting.
Choose "PIIX4 for the "IDE Controller Type" (PIIX3 does not implement an SMBus or I2C bus).
Change the "Snapshot Folder" to the same location as your Virtual Boot Drive (C:\Backtrack3).
11.): In the "General", "Settings", "Description" tab you can type "Backtrack 3".


12.): In the "General", "Settings", "Other" tab you should leave the "Remember Mounted Media" checkbox checked.


13.): In the "Hard Disks" tab you should click the "Enable SATA Controller" checkbox.
You could add a second drive as per the instructions in step 7. call it something
like: "C:\Backtrack3\Backtrack3_HD2.vdi". I disabled the SATA checkbox and it seemed
like VirtualBox ran slightly quicker, more testing required. I Ended up leaving it on.
14.): You have already configured your CD/DVD-ROM settings and can skip the "Floppy" setting (unless you want a floppy drive).


15.): In the "Audio" tab you should click the "Enable Audio" checkbox.
Choose "Windows DirectSound" for the "Host Audio Driver".
Choose "ICH AC97" for the "Audio Controller", (if you don't have audio in Backtrack 3 then
try the older "SoundBlaster 16" card). Audio works fine OOTB one my system.
16.): In the "Network", "Adapter 1" tab you should do the following:
Leave the "Enable Network Adapter" checkbox checked.
Choose "Intel PRO/1000 T Server (82543GC)" for the "Adapter Type" setting.
Choose "Host Interface" for the "Attached to" setting. Later you will (attempt) to 'Bridge' your 'Wireless Network Card'.
Click the "Generate" button and change the last 8 digits of the "MAC Address" to an easy to remember (080012345678) value.

Next to the "Host Interfaces" box click on the "Add" button and name the interface VBH 1 (one, not "i" or "L").
When the Windows "Hardware Installation" panel appears for the "VirtualBox TAP Adapter" click on "Continue Anyway".

After a minute you will get a new Icon in your tray with a 'red X' over it. This is
OK, we will Bridge this later. If you have more than one 'Wireless Network Card' then
you can repeat step 16 (with different MAC and IF names).
17.): In the "Serial Ports", "Port 1" tab click on "Enable Serial Port", choose "Port Number",
"COM1" and "Port Mode", "Host Device". This would allow you to add GPS later and causes
the Linux OS to notice that you do have serial ports (and install a driver).


18.): In the "USB" tab click the "Enable USB Controller" and the "Enable USB 2.0 (EHCI) Controller" checkboxs.

Click your Windows XP "Start" button, click on "Run" and 'Open' "cmd" (to shell to DOS), then type this:

cd "C:\Program Files\Sun\xVM VirtualBox"
VBoxManage list usbhost

Look at the list of USB devices. You can add things like BlueTooth or a USB drive / USB Memory Card.

Use the "Add" button to create a new "Filter" and the "Edit" button to fill in the details,
if you get a detail wrong you will filter out the device and be unable to use it so if you
are uncertain then only fill in the "Name" and "Serial Number".
19.): You can setup "Shared Folders" and "Remote Display" if you want, I did not.


20.): Prior to leaving the "Settings" panel please ensure that there is no "red warning message"
in the bottom panel and "Invalid settings detected". If there is then go back to the
suggested entry and see if it is correct. Sometimes a false warning is given and you can
simply click, then un-click on something, change the pane to a different one and the message
will go away without actually having changed anything. New software can have bugs or you may
have made an incompatable choice.

Hit "OK" and in the "Sun xVM VirtualBox" window, on the "Details" tab, all the black
writing (on the left) will turn blue once you have everthing correctly set.

21.): In the "Sun xVM VirtualBox" window click on "File", "Preferences" and in the "VirtualBox - Settings",
"Input" panel you might want to change the "Host Key" before you continue. Remember what it is
set to and click "OK". The "Host Key" allows you to swap between Backtrack 3 and Windows.


22.): Now click the green start arrow and Backtrack 3 should start to boot in the Virtual Machine.


23.): When the Virtual Machine starts you will get a reminder about your "Host Key", read the
message and then:

Click the "OK" button and QUICKLY get ready to hit the "Maximize button (so Backtrack 3
will know your true screen size). You might get a couple of popups about your screen being
in 24 bit mode (when you are actually in 32 bit mode), click "OK" to ignore these messages.


24.): You will get a "Found New Hardware" Wizard popup as Backtrack 3 boots. Grab the top and
move it out of the way so you can see Backtrack 3's boot screen and ensure that everything
is working properly. Remember, before you can use the mouse to grab the "Found New Hardware"
Wizard popup you MUST hit your "Host Key".


25.): When you get to Backtrack 3's login prompt you can go back to dealing with the "Found New Hardware" Wizard popup.

The first pane of the popup says "Can Windows connect to Windows Update to search for
software?", choose "No, not this time" and click "Next". The second pane of the popup says
"What do you want the Wizard to do?", choose "Install from a list or a specific location
(Advanced)" and click "Next". On the next pane choose the 'Radio Button' labeled "Don't
search. I will choose the driver to install. Click next. If you need to locate the driver
it might be in this directory: C:\Program Files\Sun\xVM VirtualBox\drivers\USB\device\ .
Click "Finish" to close the Wizard.


26.): If you return to Backtrack 3 (using ALT-TAB) you might see a black screen, click on it.
Now you might get a message about capturing the mouseclick, choose capture and move your
mouse. The screensaver will unblank.


27.): Now login to Backtrack three as user "root" with password "toor". Type "reboot" and
Backtrack 3 will eject the virtual CD/DVD-ROM and halt with a Fatal Error. Go to
VirtualBox's "File" menu and choose "Reset", when the capture box pops up click "OK"
(quickly) and hit the "Down Arrow" to defeat the 4 second countdown.


28.): These Lilo boot options are available under VirtualBox (without mods, with 64MB display memory):


Code:
BT3 Graphics mode (Compiz) - Boots but xconfig / startx reboots the X Server.
BT3 Graphics mode (Compiz Nvidia) - Boots but xconfig / startx reboots the X Server.
BT3 Graphics mode (KDE) - Keeps popping up messages about 16-bit mode and rebooting the X Server.
BT3 Graphics mode (Flux) - Keeps popping up messages about 16-bit mode and rebooting the X Server.
BT3 Graphics mode (VESA KDE) - Boots and starts the X session (in 16 bit mode).
...If you use the first setting and then run xconf you can run startx and see the errors
when the X Server terminates. If you use 120MB (120!) of memory for the "Video Memory Size"
then you only get 16 bit display depth (and few errors). Refer to Section 9 (above) in
this Tutorial for info about VirtualBox Video Modes.

After only a little testing (and messing around) I found that "BT3 Graphics mode (VESA KDE)"
was the only true graphics mode that works. You can use the "Compviz" modes if you don't
want to use X11 and the GUI.

write by Nokii@forums.remote-exploit.org

Read More......

Installing Backtrack 3 under VirtualBox - Part 2

· 0 comments

10.): In the "General", "Settings", "Advanced" tab you should do the following:
Click the "Boot Order", "Floppy" checkbox to uncheck it.
The "CD/DVD-ROM" should be the first boot device (for installation only).
You can leave the "Boot Order", "Hard Disk" checkbox checked, you will re-order the drives later.
Leave the "Extended Features", "Enable ACPI" checkbox checked.
Click the "Extended Features", "Enable IO APIC" checkbox to make it checked.
If you have a newer CPU then click the "Extended Features", "Enable VT-x/AMD-V" checkbox to make it checked.
Click the "Extended Features", "Enable PAE/NX" checkbox to make it checked.
Choose "Bidirectional" for the "Shared Clipboard" setting.
Choose "PIIX4 for the "IDE Controller Type" (PIIX3 does not implement an SMBus or I2C bus).
Change the "Snapshot Folder" to the same location as your Virtual Boot Drive (C:\Backtrack3).
11.): In the "General", "Settings", "Description" tab you can type "Backtrack 3".


12.): In the "General", "Settings", "Other" tab you should leave the "Remember Mounted Media" checkbox checked.


13.): In the "Hard Disks" tab you should click the "Enable SATA Controller" checkbox.
You could add a second drive as per the instructions in step 7. call it something
like: "C:\Backtrack3\Backtrack3_HD2.vdi". I disabled the SATA checkbox and it seemed
like VirtualBox ran slightly quicker, more testing required. I Ended up leaving it on.
14.): You have already configured your CD/DVD-ROM settings and can skip the "Floppy" setting (unless you want a floppy drive).


15.): In the "Audio" tab you should click the "Enable Audio" checkbox.
Choose "Windows DirectSound" for the "Host Audio Driver".
Choose "ICH AC97" for the "Audio Controller", (if you don't have audio in Backtrack 3 then
try the older "SoundBlaster 16" card). Audio works fine OOTB one my system.
16.): In the "Network", "Adapter 1" tab you should do the following:
Leave the "Enable Network Adapter" checkbox checked.
Choose "Intel PRO/1000 T Server (82543GC)" for the "Adapter Type" setting.
Choose "Host Interface" for the "Attached to" setting. Later you will (attempt) to 'Bridge' your 'Wireless Network Card'.
Click the "Generate" button and change the last 8 digits of the "MAC Address" to an easy to remember (080012345678) value.

Next to the "Host Interfaces" box click on the "Add" button and name the interface VBH 1 (one, not "i" or "L").
When the Windows "Hardware Installation" panel appears for the "VirtualBox TAP Adapter" click on "Continue Anyway".

After a minute you will get a new Icon in your tray with a 'red X' over it. This is
OK, we will Bridge this later. If you have more than one 'Wireless Network Card' then
you can repeat step 16 (with different MAC and IF names).
17.): In the "Serial Ports", "Port 1" tab click on "Enable Serial Port", choose "Port Number",
"COM1" and "Port Mode", "Host Device". This would allow you to add GPS later and causes
the Linux OS to notice that you do have serial ports (and install a driver).


18.): In the "USB" tab click the "Enable USB Controller" and the "Enable USB 2.0 (EHCI) Controller" checkboxs.

Click your Windows XP "Start" button, click on "Run" and 'Open' "cmd" (to shell to DOS), then type this:

cd "C:\Program Files\Sun\xVM VirtualBox"
VBoxManage list usbhost

Look at the list of USB devices. You can add things like BlueTooth or a USB drive / USB Memory Card.

Use the "Add" button to create a new "Filter" and the "Edit" button to fill in the details,
if you get a detail wrong you will filter out the device and be unable to use it so if you
are uncertain then only fill in the "Name" and "Serial Number".
19.): You can setup "Shared Folders" and "Remote Display" if you want, I did not.


20.): Prior to leaving the "Settings" panel please ensure that there is no "red warning message"
in the bottom panel and "Invalid settings detected". If there is then go back to the
suggested entry and see if it is correct. Sometimes a false warning is given and you can
simply click, then un-click on something, change the pane to a different one and the message
will go away without actually having changed anything. New software can have bugs or you may
have made an incompatable choice.

Hit "OK" and in the "Sun xVM VirtualBox" window, on the "Details" tab, all the black
writing (on the left) will turn blue once you have everthing correctly set.

21.): In the "Sun xVM VirtualBox" window click on "File", "Preferences" and in the "VirtualBox - Settings",
"Input" panel you might want to change the "Host Key" before you continue. Remember what it is
set to and click "OK". The "Host Key" allows you to swap between Backtrack 3 and Windows.


22.): Now click the green start arrow and Backtrack 3 should start to boot in the Virtual Machine.


23.): When the Virtual Machine starts you will get a reminder about your "Host Key", read the
message and then:

Click the "OK" button and QUICKLY get ready to hit the "Maximize button (so Backtrack 3
will know your true screen size). You might get a couple of popups about your screen being
in 24 bit mode (when you are actually in 32 bit mode), click "OK" to ignore these messages.


24.): You will get a "Found New Hardware" Wizard popup as Backtrack 3 boots. Grab the top and
move it out of the way so you can see Backtrack 3's boot screen and ensure that everything
is working properly. Remember, before you can use the mouse to grab the "Found New Hardware"
Wizard popup you MUST hit your "Host Key".


25.): When you get to Backtrack 3's login prompt you can go back to dealing with the "Found New Hardware" Wizard popup.

The first pane of the popup says "Can Windows connect to Windows Update to search for
software?", choose "No, not this time" and click "Next". The second pane of the popup says
"What do you want the Wizard to do?", choose "Install from a list or a specific location
(Advanced)" and click "Next". On the next pane choose the 'Radio Button' labeled "Don't
search. I will choose the driver to install. Click next. If you need to locate the driver
it might be in this directory: C:\Program Files\Sun\xVM VirtualBox\drivers\USB\device\ .
Click "Finish" to close the Wizard.


26.): If you return to Backtrack 3 (using ALT-TAB) you might see a black screen, click on it.
Now you might get a message about capturing the mouseclick, choose capture and move your
mouse. The screensaver will unblank.


27.): Now login to Backtrack three as user "root" with password "toor". Type "reboot" and
Backtrack 3 will eject the virtual CD/DVD-ROM and halt with a Fatal Error. Go to
VirtualBox's "File" menu and choose "Reset", when the capture box pops up click "OK"
(quickly) and hit the "Down Arrow" to defeat the 4 second countdown.


28.): These Lilo boot options are available under VirtualBox (without mods, with 64MB display memory):


Code:
BT3 Graphics mode (Compiz) - Boots but xconfig / startx reboots the X Server.
BT3 Graphics mode (Compiz Nvidia) - Boots but xconfig / startx reboots the X Server.
BT3 Graphics mode (KDE) - Keeps popping up messages about 16-bit mode and rebooting the X Server.
BT3 Graphics mode (Flux) - Keeps popping up messages about 16-bit mode and rebooting the X Server.
BT3 Graphics mode (VESA KDE) - Boots and starts the X session (in 16 bit mode).
...If you use the first setting and then run xconf you can run startx and see the errors
when the X Server terminates. If you use 120MB (120!) of memory for the "Video Memory Size"
then you only get 16 bit display depth (and few errors). Refer to Section 9 (above) in
this Tutorial for info about VirtualBox Video Modes.

After only a little testing (and messing around) I found that "BT3 Graphics mode (VESA KDE)"
was the only true graphics mode that works. You can use the "Compviz" modes if you don't
want to use X11 and the GUI.

write by Nokii@forums.remote-exploit.org

Read More......

 Subscribe in a reader

Review Update Via Email:

Delivered by FeedBurner

Add to Google Reader or Homepage

Powered by FeedBurner

Archive

FEEDJIT Live Traffic Feed