Roderick Derks

Network Tools:
Netcat, TCP/IP Swiss army knife, v1.11
url: www.vulnwatch.org/netcat/

Cryptcat, crpyto Netcat, v1.21
url: http://sourceforge.net/projects/cryptcat/

Putty, ssh client, v0.58
url: http://www.chiark.greenend.org.uk/~sgtatham/putty

WinScp, secure copy, v3.76
url: http://winscp.net/eng/download.php

connect, proxy (http and https) support for ssh, v1.95
url: http://zippo.taiyo.co.jp/~gotoh/ssh/connect.html

File Tools:
– Filemon
– Regmon

Dependency Walker, what dependant module (ex. dll's) needs a module, v2.1
url: http://dependencywalker.com/

Various Tools:
Notepad2, txt editor, v1.0.12
url: http://www.flos-freeware.ch/

A quick and dirty Windows password recovery:

Boot the Backtrack CD .

Change dir to your Windows mount point:
# cd /mnt/hda2/WINDOWS/system32/config
Copy the SAM and the system Registry hive to the temp dir:
# cp SAM /tmp
# cp system /tmp
Prepare our wordlist:
# cd /pentest/password/dictionaries/
# gunzip -c wordlist.txt.Z > /tmp/words.txt
# cd /tmp

As the Windows hashes (in the SAM file) are encrypted, we need this key (called bootkey) to decrypt the SAM hashes:
# bkhive system key
Now we can dump the password hashes out of the SAM file:
# samdump2 SAM key > /tmp/hashes.txt

Lets crack those hashes… the easiest way would be, if the password is in the wordlist, we use john for this case:
# john -w=words.txt -f=NT hashes.txt
No luck? Lets use the brute force method:
# john –incremental:all -f=NT hashes.txt

If this takes too long you could use ophcrack. This tool uses rainbow tables and should crack your hashes in a few seconds, but you need to download those rainbow tables (350mb or 700mb or you can generate them yourself) which are not included on the Backtrack cd (for a obvious reason…). Or you can use the oph online cracker, which should be quite fast.

Credits goes to http://www.hardware-place.com!

# rpm -ivh packages(s).rpm
install rpm file(s)

# rpm -Uvh packages(s).rpm   
upgrade system with rpms

# rpm -e package   
remove package

# rpm -q package   
show version of package installed

# rpm -q -i package   
show all package metadata

# rpm -q -f /path/file   
what package does file belong

# rpm -ql packagename > list.txt
Lists all the files in a currently installed package – there's no need to use the .rpm extension or its version number.  So if the package's full file name is: wget-1.8.2-4.72.i386.rpm   then just use wget

# rpm -ql packagename > list.txt
Lists all the files in a currently installed package – there's no need to use the .rpm extension or its version number.  So if the package's full file name is: wget-1.8.2-4.72.i386.rpm   then just use wget

# rpm -qpl packagename.rpm > list.txt
Lists all the files in an RPM file irrespective of whether it is installed.. Use the full file name, or, for instance, a shortened version wget* .

# rpm -qa > rpmlot.txt
Lists the names of all installed packages, I assume in order of their installation.

# rpm -qa | sort > rpmlot.txt
Ditto alphabetically sorted.

# rpm -qal > rpmlotfiles.txt
Lists all the files of all installed packages. There is no clear indication of what package the files belong to – but it is not too hard to figure it out:

# rpm -qf file-name
Lists the package a file belongs to.

If you install a new device, that has no ip assigned to it, but you have the mac address of this device, you can use arp and ping to assign a temporary ip address:

1) Assign ARP/IP

Windows:
> arp -s 192.168.1.123 00-aa-cc-c6-09

Linux:
# arp -i eth0 -vs 192.168.100.124 00:0E:35:1F:91:F5

2) Ping it

A "normal" ping will not work as expected here… you need to ping it with a packet-size of 113:

Windows:
> ping 192.168.1.123 -l 113

Linux:
# ping 192.168.1.124 -s 113

Putty SSH Timeouts
Application hints
If your SSH Session disconnect even if you enabled “Sending of null packets to keep session active” and “Enable TCP keepalives (SO_KEEPALIVE option)” you might want to try this..

read more

If you want to setup a SSH server on a Windows environment then this article should give you some answers. Use Cygwin: Cygwin is a Linux-like environment for Windows. This is very interesting for remote management of a Windows environment in a secure way. You can now also use Linux commands and that can save you a lot of trouble.

read more

Overview of some linux commands to mount a Windows filesystem or a cifs share (Windows protocol).
Also information about how to install a ntfs driver if this isn't supported yet by your kernel.

read more

Here is a short overview of some Linux Security Distro's.

read more

Great collection of Linux commands to connect to a wireless network. Many thanks to wirelessdefence.org.
read more

Very important: check if your own WiFi LAN is secure. You need some tools to perform these actions. Easiest way to get these tools is to download and burn the backtrack cd iso file. Start your computer and boot from the cd. Slax (live cd version of Slackware) is used for the os. Most of the tools you need to do the job run on Linux, not on Windows. And there are a lot of neat tools on this cd.

As I'm learning more I'll update this post now and then. Have fun!

read more