I've consolidated all my blogs at :
http://www.offensive-security.com/blog
This new blog will keep you updated with the latest and greatest in the world of BackTrack.
Tuesday, May 26, 2009
Monday, May 11, 2009
Wednesday, April 15, 2009
Getting Vmware Tools VMHGFS working on BackTrack 4 Beta
The stock Vmware Tools compile almost perfectly on BackTrack 4, with the exception of VMHGFS, which provides file sharing between the guest and host machine.
The compile error looks like this :
A quick Google search brought me to a vmhgfs patch that fixes this compile error.
To fix this:
0) Extract kernel sources and build dependancy scripts!
1) Start the Vmware tools install
2) Copy the vmware tools to /tmp
3) Replace the vmhgfs package with the patched one and install vmware tools
Don't forget to enable file sharing in VMWare after installing the tools.
After a restarting the vmware-tools service (or a reboot), you should see your share with a "mount" command.
The compile error looks like this :
CC [M] /tmp/vmware-config0/vmhgfs-only/module.o
CC [M] /tmp/vmware-config0/vmhgfs-only/page.o
/tmp/vmware-config0/vmhgfs-only/page.c: In function ‘HgfsDoWriteBegin’:
/tmp/vmware-config0/vmhgfs-only/page.c:763: warning: ISO C90 forbids mixed declarations and code
/tmp/vmware-config0/vmhgfs-only/page.c: In function ‘HgfsWriteBegin’:
/tmp/vmware-config0/vmhgfs-only/page.c:867: error: implicit declaration of function ‘__grab_cache_page’
/tmp/vmware-config0/vmhgfs-only/page.c:867: warning: assignment makes pointer from integer without a cast
make[2]: *** [/tmp/vmware-config0/vmhgfs-only/page.o] Error 1
make[1]: *** [_module_/tmp/vmware-config0/vmhgfs-only] Error 2
make[1]: Leaving directory `/usr/src/linux-source-2.6.28.1'
make: *** [vmhgfs.ko] Error 2
make: Leaving directory `/tmp/vmware-config0/vmhgfs-only'
Unable to build the vmhgfs module.
A quick Google search brought me to a vmhgfs patch that fixes this compile error.
To fix this:
0) Extract kernel sources and build dependancy scripts!
1) Start the Vmware tools install
2) Copy the vmware tools to /tmp
3) Replace the vmhgfs package with the patched one and install vmware tools
root@bt# tar zxpf VMwareTools-7.9.3-159196.tar.gz
root@bt# cd vmware-tools-distrib/
root@bt# cd lib/modules/source/
root@bt# rm vmhgfs.tar
root@bt# wget www.offensive-security.com/vmhgfs.tar
root@bt# cd /tmp/vmware-tools-distrib/
root@bt# ./vmware-install.pl
Don't forget to enable file sharing in VMWare after installing the tools.
After a restarting the vmware-tools service (or a reboot), you should see your share with a "mount" command.
root@bt# mount |grep hgfs
.host:/ on /mnt/hgfs type vmhgfs (rw,ttl=5)
root@bt# ls -l /mnt/hgfs/
total 1
drwxr-xr-x 1 501 dialout 204 2009-04-12 11:48 bt4
root@bt#
Tuesday, March 10, 2009
Add a GPG signing key for KDE3.5 Repos in BT4 Beta
A GPG signing key has been created for the Pearson Computing's KDE 3.5 repos that are in use in BT4 Beta.
Run this to import the key:
Run this to import the key:
wget http://apt.pearsoncomputing.net/public.gpg
apt-key add public.gpg
apt-get update
apt-get upgrade breaks BackTrack 4 Beta KDE
Some recent reports in the forums have indicated that an apt-get upgrade on BT4 breaks KDE 3. It seems like the guys responsible for the "unofficial" kde3 ubuntu repos made some fundamental changes in their updated version (namely path changes).
Here is a quick fix for the beta if you have upgraded KDE and borked it (copy and paste into a console shell).
Alternatively, you can download a script with the same commands and run it:
Either should do the job!
This fix is f course temporary, and will be fully addressed in the final. Depending on third party repos doesn't seem reliable enough for a smooth run.
We are thinking of various alternatives...
Here is a quick fix for the beta if you have upgraded KDE and borked it (copy and paste into a console shell).
cd /etc/alternatives/
mv x-session-manager x-session-manager-broke
ln -s /opt/kde3/bin/startkde x-session-manager
cd /opt/kde3/share/
mv applications borked-applications
mv pixmaps borked-pixmaps
mkdir -p /usr/local/share/applications/kde
cp borked-applications/kde/ksnapshot.desktop /usr/local/share/applications/kde
ln -s /usr/local/share/pixmaps pixmaps
ln -s /usr/local/share/applications applications
cd /opt/kde3/share/icons/crystalsvg/16x16/apps/
ln -s cache.png preferences-web-browser-cache.png
cd /opt/kde3/share/applications/kde
cat ksnapshot.desktop |grep -v ^GenericName > ksnapshot.desktop1
mv ksnapshot.desktop1 ksnapshot.desktop
Alternatively, you can download a script with the same commands and run it:
wget www.offensive-security.com/fix-kde.sh
cat fix-kde.sh
bash fix-kde.sh
Either should do the job!
This fix is f course temporary, and will be fully addressed in the final. Depending on third party repos doesn't seem reliable enough for a smooth run.
We are thinking of various alternatives...
Sunday, February 15, 2009
BackTrack 4 Beta - the aftermath
Since my last blog post, we've had 49,000+ downloads of the BT4 Beta ISO, and 17,000+ downloads of the VMWare image. This does not include the torrents, direct downloads and shmoo edition copies.
Up to now, we have been getting awesome (!) feedbacks. Hardware compatibility is impressive.
A few minor bugs have been identified, which now can be easily fixed by updating our repo. This is where using well organised repositories pays off. We will be updating several packages and drivers in the near future.
Keep an eye on this blog for updates and package fixes. I will be posting them as they come.
Apropos insane downloads - there have been 2,482,000+ downloads of BT3 iso and 1,575,000+ downloads of the BT3 VM since they came out. Yes, thats "millions". Ph33r.
Up to now, we have been getting awesome (!) feedbacks. Hardware compatibility is impressive.
A few minor bugs have been identified, which now can be easily fixed by updating our repo. This is where using well organised repositories pays off. We will be updating several packages and drivers in the near future.
Keep an eye on this blog for updates and package fixes. I will be posting them as they come.
Apropos insane downloads - there have been 2,482,000+ downloads of BT3 iso and 1,575,000+ downloads of the BT3 VM since they came out. Yes, thats "millions". Ph33r.
Tuesday, February 10, 2009
BackTrack 4 Beta Public Released
Weve gone live with the beta, and the downloads are going crazy. All our mirrors are at 90 mbit, more or less.
You can get the iso here md5sum and sha512sum
And the VMWare image here md5sum and sha512sum
We are trying to get estimates of downloads. If you link to our ISOs, please use:
http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-beta-iso
http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-beta-vm
and do not link them directly.
Release information will shortly be available on the Remote Exploit Web site.
You can get the iso here md5sum and sha512sum
And the VMWare image here md5sum and sha512sum
We are trying to get estimates of downloads. If you link to our ISOs, please use:
http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-beta-iso
http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-beta-vm
and do not link them directly.
Release information will shortly be available on the Remote Exploit Web site.
Monday, February 9, 2009
Release in 3...2...1
The Beta ISO and VMWare images are uploaded, and should be synced with our mirrors soon. We will be making a formal announcement on the Remote Exploit site and in the various mailing lists once the links are active.
We've set up a quick install guide for BT4, as there is no official GUI installer yet (we're working on it).
Remember to look here for basic commands / tips and tricks for getting up and running with BT4.
We will be releasing an 850 +MB iso and a VMWare image install. The image was created under VMWare Workstation 6.5.1 and has VMware tools installed. Should also work with VMWare player 2.5.1.
A few additional bugs and cosmetic changes were made since the Shmoo edition, mainly fixing a MySQL server login issue. We will try our best to have an upgrade path from this beta to the final , but by no means make any promises.
We consider the Beta to be very stable and usable. A few tools were kept back from this version, and will be soon added to the repositories.
Keep tuned with this blog for updates !
We've set up a quick install guide for BT4, as there is no official GUI installer yet (we're working on it).
Remember to look here for basic commands / tips and tricks for getting up and running with BT4.
We will be releasing an 850 +MB iso and a VMWare image install. The image was created under VMWare Workstation 6.5.1 and has VMware tools installed. Should also work with VMWare player 2.5.1.
A few additional bugs and cosmetic changes were made since the Shmoo edition, mainly fixing a MySQL server login issue. We will try our best to have an upgrade path from this beta to the final , but by no means make any promises.
We consider the Beta to be very stable and usable. A few tools were kept back from this version, and will be soon added to the repositories.
Keep tuned with this blog for updates !
Sunday, February 8, 2009
Shmoocon Highlights
Shmoo is a blast as usual. Lots of laughs, drinks, paybacks and sexually perverse stuff.
In an unlikely and strange cosmic coincidence, some of these moments were captured on video (THANK YOU Mister_X).
As I know these things eventually end up on the web (AKA, "The Pink Pirate Incident"), I decided to preempt this situation by posting these first.
The first gem is a short video of Reliks' awsome talk about Fast Track, with the new improved red skull eyes. During the beginning of the presentation, (Sub) Zero Chaos is hiding under Reliks' speaker table. At a strategic moment he pelts him in the nuts with a lemon. Ph33r.
The second gem captures a kodak moment where Zero Chaos explains why Pentoo is so good. He also stresses the importance of respect amongst friends. I believe his last words in the video are "Gay Chicken". Dont ask.
In an unlikely and strange cosmic coincidence, some of these moments were captured on video (THANK YOU Mister_X).
As I know these things eventually end up on the web (AKA, "The Pink Pirate Incident"), I decided to preempt this situation by posting these first.
The first gem is a short video of Reliks' awsome talk about Fast Track, with the new improved red skull eyes. During the beginning of the presentation, (Sub) Zero Chaos is hiding under Reliks' speaker table. At a strategic moment he pelts him in the nuts with a lemon. Ph33r.
The second gem captures a kodak moment where Zero Chaos explains why Pentoo is so good. He also stresses the importance of respect amongst friends. I believe his last words in the video are "Gay Chicken". Dont ask.
Friday, February 6, 2009
BackTrack 4 Beta - Shmoo release
This is it! After many months of effort from the Remote Exploit Dev team, BackTrack 4 Beta is ready and available at our Shmoo booth. I thought I'd post up some "getting started" notes, to help people out with the first surge of questions.
- Default password to BackTrack 4 hasn't changed, still root / toor.
- KDE 3 is being used in BT4. We tried KDE 4, really, we did. It sucked. Maybe 4.2 in BT4 final.
- Most of the KDE "apt gettable" packages have "kde3" appended to their names. So "apt-get install kate-kde3" is good, "apt-get install kate" is bad. Use "apt-cache search
" to search for packages to install.
- Kernel sources included in /usr/src/linux.
- DHCP disabled by default on boot, you need to /etc/init.d/networking start
- If you do an HD install and want to restore networking (DHCP) to be enabled at boot, type "update-rc.d networking defaults".
- Getting a live USB install is nice and easy with Unetbootin
- VMware users - to fix the KDE resolution, type "fixvmware" before starting X.
- Vmware tools and kernel modules compile perfectly on VMWare 6.5.1
- If you can't get X to work, first try to autogenerate an xorg.conf by typing "Xorg -configure" and try using the generated conf file. If that bums out, you can revert to VESA by typing "fixvesa".
- Wireless networking in KDE can be started with KnetworkManager (/etc/init.d/NetworkManager)
- Various drivers can be found in /opt/drivers (various madwifi branches, video drivers for Nvidia and HP 2133's).
- Installation of BT4 to HD is similar to BT3. (tip - dont forget to modify /etc/fstab after the install. Change the first line from aufs / aufs .... to the corresponding device and filesystem. For example, on my box it's /dev/sda3 / reiserfs defaults 0 0, as my root partition is on sda3 and i used the resiserfs filesystem).
- The warning message "W: GPG error: http://ppa.launchpad.net intrepid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY CB2F6C86F77B1CA9" when "apt-get update" occurs as the Intrepid KDE 3 repos do not use a GPG key. We will eventually host these package in our own repo.
- To generate ssh keys for the first time type "sshd-generate"
- Conky takes a while to load.
So far we have been receiving outstanding feedback as far as hardware support is concerned. We are looking forward to hearing people's feedback in Shmoo. Rock on!
Thursday, February 5, 2009
BackTrack 4 Beta Goodness - Ready for ShmooCon
We've closed our Shmoo edition BT4 image...and its ready to roll..
We will have a local download center in ShmooCon 2009 for people to freely download the image. Look for us at the Pico booth.
The image will be 850+ MB, so get them DVD's, or even better, USB keys ready. We will also have a VMWare image handy.
Get the wallpaper here:
We will have a local download center in ShmooCon 2009 for people to freely download the image. Look for us at the Pico booth.
The image will be 850+ MB, so get them DVD's, or even better, USB keys ready. We will also have a VMWare image handy.
Get the wallpaper here:
Wednesday, February 4, 2009
BT4 and SEXY Maltego Transforms
A combined effort from TheX1le and the guys from Paterva has brought some interesting news to the wireless arena.
Maltego now allows you to quickly and easily import wireless network data through the use of Airgraph-NG transforms - bringing in a whole new level of visualization to the field.
Seeing a live demo by Andrew MacPherson blew my mind away, as amazing deductions about the network and its behavior can now be easily understood by the various tranforms.
Very, very exciting stuff!
Maltego now allows you to quickly and easily import wireless network data through the use of Airgraph-NG transforms - bringing in a whole new level of visualization to the field.
Seeing a live demo by Andrew MacPherson blew my mind away, as amazing deductions about the network and its behavior can now be easily understood by the various tranforms.
Very, very exciting stuff!
Monday, February 2, 2009
RFID Tools Revamped, BT4 Beta Pre Release in Shmoocon!
Another teaser...With the kind help of Adam Laurie, we have revamped our RFID tools collection - Check it out.
A few delays prevented us from releasing BT4 on the 31st of Jan...We will have a closed pre-release in Shmoocon, and a public release once Shmoo is over!.
A few delays prevented us from releasing BT4 on the 31st of Jan...We will have a closed pre-release in Shmoocon, and a public release once Shmoo is over!.
Sunday, February 1, 2009
Generating WPA tables with pyrit and CUDA
We're playing around with pyrit and CUDA.
Amazingly , the BT4 Beta LiveCD was stable enough to actually run and generate tables out of the box. X gets nervous and freezes (as expected), so for now, ssh seems the way to go, or simply dust off that old onboard VGA adapter, and leave your preshusssssssssssss Nvidia alone!
We are also working on ATI and Padlock support , stay tuned.
Amazingly , the BT4 Beta LiveCD was stable enough to actually run and generate tables out of the box. X gets nervous and freezes (as expected), so for now, ssh seems the way to go, or simply dust off that old onboard VGA adapter, and leave your preshusssssssssssss Nvidia alone!
We are also working on ATI and Padlock support , stay tuned.
Saturday, January 31, 2009
Booting BackTrack 4 over the network (PXE or Net Boot CD)
One of the features we really wanted in BackTrack 4 was a fully working PXE boot system.
This could be ideal in Team Penetration Testing, Training, Cluster Cracking or simply Installing BackTrack over the network.
The PXE boot functionality was imported from SLAX, and is still not polished. In our tests, some network drivers failed to load at the initrd bootstrap due to kernel memory limitations. We got around this by adding some drivers into the kernel itself.
Most major network cards are supported and we will be improving on this as we get more feedback once BT4 Beta is released.
Getting the PXE system up and running after you've booted the Live{CD/USB} and set up your network interfaces is simple:
Once that's done, you should be running a web server (we use httpfs for the file transfer), and all the rest of the components required to boot a machine from the network.
Configure the target machine to boot from the network, and make sure there are no additional DHCP servers on the subnet.
Your Network Card PXE should pick up the BT4 PXE server, and load the initrd.
If all goes well, you should see BackTrack load the LZM files over HTTPFS:
We will also be publishing an 8mb "netboot" iso, in case you do not have PXE enabled cards. These isos will accept an "ip=" boot cheatcode parameter.
Anyone care to whip up a cluster script / djohn setup ?
This could be ideal in Team Penetration Testing, Training, Cluster Cracking or simply Installing BackTrack over the network.
The PXE boot functionality was imported from SLAX, and is still not polished. In our tests, some network drivers failed to load at the initrd bootstrap due to kernel memory limitations. We got around this by adding some drivers into the kernel itself.
Most major network cards are supported and we will be improving on this as we get more feedback once BT4 Beta is released.
Getting the PXE system up and running after you've booted the Live{CD/USB} and set up your network interfaces is simple:
Once that's done, you should be running a web server (we use httpfs for the file transfer), and all the rest of the components required to boot a machine from the network.
Configure the target machine to boot from the network, and make sure there are no additional DHCP servers on the subnet.
Your Network Card PXE should pick up the BT4 PXE server, and load the initrd.
If all goes well, you should see BackTrack load the LZM files over HTTPFS:
We will also be publishing an 8mb "netboot" iso, in case you do not have PXE enabled cards. These isos will accept an "ip=" boot cheatcode parameter.
Anyone care to whip up a cluster script / djohn setup ?
Friday, January 30, 2009
CUDA and RFID Support in BackTrack 4 Beta
Props to Adam Laurie and pure_hate for helping me get each of these set up.
Both RFIDIOt and Pyrit are working out of the box with the supported hardware.
More teaser screenies:
Both RFIDIOt and Pyrit are working out of the box with the supported hardware.
More teaser screenies:
Philosophical thoughts about BackTrack 4
Many people have asked me why we chose a Debian base (*buntu) for BackTrack 4. One person even asked in dismay "Ubuntu ?? That's for noobs!".
The reasoning is simple.
Last year the Defcon people were tracking User Agents on their network, and I was astounded by the massive use of BackTrack throughout the con. What many didn't know is that everyone running BackTrack was potentially vulnerable due to a flaw in wget which was discovered a few weeks earlier.
This is only an example of course. The main point being, that with over 3 million users that downloaded BackTrack, none were receiving any security updates or patches as they came out. The distribution was not maintained.
With fortune 500 and government agencies using BackTrack as their main testing platform, we felt compelled to address this situation by making BT4 a real distribution with security and tool updates. This literally lifts BackTrack 4 from a LiveCD to a full blown Distribution.
At the end of the day, Linux is a kernel with user space applications around it. The alignment of these applications is what distinguishes one distribution from another.
Oh, and here's a screenshot of aircrack-ng cracking WPA at 1400+ keys per second using a Pico card on BT4 Beta :)
For more Pico action shots, click here: http://secmaniac.blogspot.com/2009/01/cracking-wpa-at-speed-of-pico.html
The reasoning is simple.
Last year the Defcon people were tracking User Agents on their network, and I was astounded by the massive use of BackTrack throughout the con. What many didn't know is that everyone running BackTrack was potentially vulnerable due to a flaw in wget which was discovered a few weeks earlier.
This is only an example of course. The main point being, that with over 3 million users that downloaded BackTrack, none were receiving any security updates or patches as they came out. The distribution was not maintained.
With fortune 500 and government agencies using BackTrack as their main testing platform, we felt compelled to address this situation by making BT4 a real distribution with security and tool updates. This literally lifts BackTrack 4 from a LiveCD to a full blown Distribution.
At the end of the day, Linux is a kernel with user space applications around it. The alignment of these applications is what distinguishes one distribution from another.
Oh, and here's a screenshot of aircrack-ng cracking WPA at 1400+ keys per second using a Pico card on BT4 Beta :)
For more Pico action shots, click here: http://secmaniac.blogspot.com/2009/01/cracking-wpa-at-speed-of-pico.html
BackTrack 4 Beta almost out of the oven!
Once again, it's that time of the year... The Remote Exploit Dev team are working hard on BackTrack 4 ... and it will be released in the very near future...
We have taken huge conceptual leaps with BackTrack 4, and have some new and exciting features.
The most significant of these changes is our expansion from the realm of a Pentesting LiveCD to a full blown "Distribution".
Now based on Debian core packages and utilizing the Ubuntu software repositories, BackTrack 4 can be used both as a Live CD, or installed on hard disk as a full distribution. By syncing with our BackTrack repositories, you will regularly get security tool updates soon after they are released.
The BackTrack kernel is now in sync with upstream kernels - so you always get the latest hardware support.Kernel upgrades including the latest hardware support will be periodically available.
Working out of the box:
With all these changes, PLUS the usual goodies and surprises we have in BackTrack, we are truly excited about this new release.
check out these screenshots for some teasers:
http://www.offensive-security.com/bt4/01.png
http://www.offensive-security.com/bt4/02.png
http://www.offensive-security.com/bt4/03.png
http://www.offensive-security.com/bt4/04.png
http://www.offensive-security.com/bt4/05.png
http://www.offensive-security.com/bt4/06.png
http://www.offensive-security.com/bt4/07.png
We have taken huge conceptual leaps with BackTrack 4, and have some new and exciting features.
The most significant of these changes is our expansion from the realm of a Pentesting LiveCD to a full blown "Distribution".
Now based on Debian core packages and utilizing the Ubuntu software repositories, BackTrack 4 can be used both as a Live CD, or installed on hard disk as a full distribution. By syncing with our BackTrack repositories, you will regularly get security tool updates soon after they are released.
The BackTrack kernel is now in sync with upstream kernels - so you always get the latest hardware support.Kernel upgrades including the latest hardware support will be periodically available.
Working out of the box:
- Native support for Pico e12 and e16 cards is now fully functional, making BackTrack the first pentesting distro to fully utilize these awesome tiny machines.
- Support for PXE Boot - Boot BackTrack over the network with PXE supported cards!
- SAINT EXPLOIT - kindly provided by SAINT corporation for our users with a limited number of free IPs.
- MALTEGO - The guys over at Paterva did outstanding work with Maltego 2.0.2 - which is featured in BackTrack as a community edition.
- The latest mac80211 wireless injection pacthes are applied, with several custom patches for rtl8187 injection speed enhancements. Wireless injection support has never been so broad and functional.
- Unicornscan - Fully functional with postgress logging support and a web front end.
- RFID support (thanks to Adam Laurie)
- Possibly CUDA support...
- New and updated tools - the list is endless!
With all these changes, PLUS the usual goodies and surprises we have in BackTrack, we are truly excited about this new release.
check out these screenshots for some teasers:
http://www.offensive-security.com/bt4/01.png
http://www.offensive-security.com/bt4/02.png
http://www.offensive-security.com/bt4/03.png
http://www.offensive-security.com/bt4/04.png
http://www.offensive-security.com/bt4/05.png
http://www.offensive-security.com/bt4/06.png
http://www.offensive-security.com/bt4/07.png
Subscribe to:
Posts (Atom)
Posts
