Posts By :

Roderick Derks

Windows Lifesaver Tools 150 150 Roderick Derks

Windows Lifesaver Tools

Network Tools:
Netcat, TCP/IP Swiss army knife, v1.11
url: www.vulnwatch.org/netcat/

Cryptcat, crpyto Netcat, v1.21
url: http://sourceforge.net/projects/cryptcat/

Putty, ssh client, v0.58
url: http://www.chiark.greenend.org.uk/~sgtatham/putty

WinScp, secure copy, v3.76
url: http://winscp.net/eng/download.php

connect, proxy (http and https) support for ssh, v1.95
url: http://zippo.taiyo.co.jp/~gotoh/ssh/connect.html

File Tools:
– Filemon
– Regmon

Dependency Walker, what dependant module (ex. dll's) needs a module, v2.1
url: http://dependencywalker.com/

Various Tools:
Notepad2, txt editor, v1.0.12
url: http://www.flos-freeware.ch/

Crack local Windows passwords with Backtrack v1.x 150 150 Roderick Derks

Crack local Windows passwords with Backtrack v1.x

A quick and dirty Windows password recovery:

Boot the Backtrack CD .

Change dir to your Windows mount point:
# cd /mnt/hda2/WINDOWS/system32/config
Copy the SAM and the system Registry hive to the temp dir:
# cp SAM /tmp
# cp system /tmp
Prepare our wordlist:
# cd /pentest/password/dictionaries/
# gunzip -c wordlist.txt.Z > /tmp/words.txt
# cd /tmp

As the Windows hashes (in the SAM file) are encrypted, we need this key (called bootkey) to decrypt the SAM hashes:
# bkhive system key
Now we can dump the password hashes out of the SAM file:
# samdump2 SAM key > /tmp/hashes.txt

Lets crack those hashes… the easiest way would be, if the password is in the wordlist, we use john for this case:
# john -w=words.txt -f=NT hashes.txt
No luck? Lets use the brute force method:
# john –incremental:all -f=NT hashes.txt

If this takes too long you could use ophcrack. This tool uses rainbow tables and should crack your hashes in a few seconds, but you need to download those rainbow tables (350mb or 700mb or you can generate them yourself) which are not included on the Backtrack cd (for a obvious reason…). Or you can use the oph online cracker, which should be quite fast.

Credits goes to http://www.hardware-place.com!

RPM commands 150 150 Roderick Derks

RPM commands

# rpm -ivh packages(s).rpm
install rpm file(s)

# rpm -Uvh packages(s).rpm   
upgrade system with rpms

# rpm -e package   
remove package

# rpm -q package   
show version of package installed

# rpm -q -i package   
show all package metadata

# rpm -q -f /path/file   
what package does file belong

# rpm -ql packagename > list.txt
Lists all the files in a currently installed package – there's no need to use the .rpm extension or its version number.  So if the package's full file name is: wget-1.8.2-4.72.i386.rpm   then just use wget

# rpm -ql packagename > list.txt
Lists all the files in a currently installed package – there's no need to use the .rpm extension or its version number.  So if the package's full file name is: wget-1.8.2-4.72.i386.rpm   then just use wget

# rpm -qpl packagename.rpm > list.txt
Lists all the files in an RPM file irrespective of whether it is installed.. Use the full file name, or, for instance, a shortened version wget* .

# rpm -qa > rpmlot.txt
Lists the names of all installed packages, I assume in order of their installation.

# rpm -qa | sort > rpmlot.txt
Ditto alphabetically sorted.

# rpm -qal > rpmlotfiles.txt
Lists all the files of all installed packages. There is no clear indication of what package the files belong to – but it is not too hard to figure it out:

# rpm -qf file-name
Lists the package a file belongs to.

Use ARP to assign ip address 150 150 Roderick Derks

Use ARP to assign ip address

If you install a new device, that has no ip assigned to it, but you have the mac address of this device, you can use arp and ping to assign a temporary ip address:

1) Assign ARP/IP

Windows:
> arp -s 192.168.1.123 00-aa-cc-c6-09

Linux:
# arp -i eth0 -vs 192.168.100.124 00:0E:35:1F:91:F5

2) Ping it

A "normal" ping will not work as expected here… you need to ping it with a packet-size of 113:

Windows:
> ping 192.168.1.123 -l 113

Linux:
# ping 192.168.1.124 -s 113

Putty SSH Timeouts 150 150 Roderick Derks

Putty SSH Timeouts

Putty SSH Timeouts
Application hints
If your SSH Session disconnect even if you enabled “Sending of null packets to keep session active” and “Enable TCP keepalives (SO_KEEPALIVE option)” you might want to try this..

read more

A Windows SSH server 150 150 Roderick Derks

A Windows SSH server

If you want to setup a SSH server on a Windows environment then this article should give you some answers. Use Cygwin: Cygwin is a Linux-like environment for Windows. This is very interesting for remote management of a Windows environment in a secure way. You can now also use Linux commands and that can save you a lot of trouble.

read more

Mount a windows filesystem or network share in Linux 150 150 Roderick Derks

Mount a windows filesystem or network share in Linux

Overview of some linux commands to mount a Windows filesystem or a cifs share (Windows protocol).
Also information about how to install a ntfs driver if this isn't supported yet by your kernel.

read more

Linux Security Distro’s 150 150 Roderick Derks

Linux Security Distro’s

Here is a short overview of some Linux Security Distro's.

read more

Linux Wireless Commands 150 150 Roderick Derks

Linux Wireless Commands

Great collection of Linux commands to connect to a wireless network. Many thanks to wirelessdefence.org.
read more

Check your WiFi security 150 150 Roderick Derks

Check your WiFi security

Very important: check if your own WiFi LAN is secure. You need some tools to perform these actions. Easiest way to get these tools is to download and burn the backtrack cd iso file. Start your computer and boot from the cd. Slax (live cd version of Slackware) is used for the os. Most of the tools you need to do the job run on Linux, not on Windows. And there are a lot of neat tools on this cd.

As I'm learning more I'll update this post now and then. Have fun!

read more

Your Name (required)

Your Email (required)

Subject

Your Message

Your Name (required)

Your Email (required)

Subject

Your Message