Setting Up Prey on Back|Track 4
Did you know that Backt|Track 4 include Prey on their installation?
If you don’t, let setup this tracker device application.
First, you should check whether the prey installation exist or not. Try looking on /usr/share/prey, if they’re on its place, it’s ok now to configure this application.
Create account on your Prey Control Panel at Preyproject <http://preyproject.com>. Once it created, add your device and check your API and Device key (both are in the Control Panel and Profile page).
Go to /usr/share/prey/config and add your API Key and Device Key. Setup your email notification on your needs and Prey is ready to go.
Run Prey to make sure it’s sync all info to Prey websites.
root@bt:~# /usr/share/prey/prey.sh### PREY 0.3.73 spreads its wings!
### Linux bt 2.6.30.9 #1 SMP Tue Dec 1 21:51:08 EST 2009 i686 GNU/Linux– Looking for connection…
– Got network connection!
– Checking URL…
– Got XML. Parsing…>> Reading configuration…
– Delay in sync.
>> Verifying status…
– Got status code 200!
– Nothing to worry about.
root@bt:~#
If the result is the same as above, you’re good. Back|Track 4 already place prey to sync every 20 minutes.
Penetration testing Real world mode by Offsec
A video about Penetration testing in the real world, enjoy the video from Offensive Security.
It cannot be embedded, so better view on their website.
The video is here:
http://www.offensive-security.com/videos/penetration-testing-in-the-real-world/
Enjoy!
Sertifikasi OSCP dari Offensive Security
Sertifikasi OSCP (Offensive Security Certified Professional) adalah salah satu sertifikasi yang dikeluarkan oleh Offensive Security. Belum pernah mendengar tentang Offensive Security? Silakan ke websitenya untuk melihat-lihat. Karena kalau sudah pernah mendengar Auditor, WHAX, Whoppix, dan sekarang bernama BackTrack, secara tidak langsung berarti telah mengenal pembuatnya, yaitu orang-orang dari Remote-Exploit yang kemudian membentuk sub-bagian training bernama Offensive Security.
OSCP sendiri merupakan sebuah sertifikasi taraf internasional bisa didapat setelah berhasil mengikuti training Pentesting with BackTrack Online + ujian yang disediakan. Saya mengambil training Pentesting with BackTrack (PWB) secara online beberapa bulan yang lalu, tepatnya tanggal 24 Januari 2010. Ini pertama kalinya saya mengambil sebuah training online plus sertifikasi, karena itu saya akan menceritakan beberapa hal yang sangat menarik selama 2 bulan saya ikutan training PWB Online 
Secure Browsing dengan SSH Tunnel
Tehnik ini saya gunakan ketika memakai akses internet di area publik seperti Wireless Hotspot. Yup, secure browsing kali ini menggunakan SSH Tunnel. Tehnik yang menarik karena SSH bisa “ditebengin” dengan paket lain, sehingga paket yang “nebeng” protokol SSH juga ikut terenkripsi (SSH merupakan protokol yang aman karena tiap paket yang berjalan di enkripsi).
Ok basa-basi selesai, pertama kali yang harus disiapkan adalah sebuah server di internet yang bisa kita SSH (maksudnya, bisa kita remote dengan SSH) contohnya server VPS kita, atau mungkin server standalone milik sendiri di rumah (bisa pake Speedy, atau ISP lain yang menyediakan IP Public). Kali ini saya menggunakan server standalone yang ada di rumah dan sudah menjalankan SSH server. Kalau sudah, berikutnya bisa dipaparkan dalam bentuk step-by-step.
Nice Buffer Overflow Video – Easy Music Player
Well, this will show you how the buffer overflow exploitation works against Easy Music Player.
The art of Exploitation from D0uBle ZerO Zer0 on Vimeo.
Powered by ScribeFire.
Tehnik Tunneling dalam Hacking
Tunneling biasanya dipakai sebagai tehnik untuk meloloskan paket dari jaringan yang terisolasi oleh firewall atau oleh jaringan itu sendiri (NAT). Para administrator jaringan biasanya membuat sebuah tunnel untuk dapat mengakses bagian yang tidak dapat diakses tersebut. Bayangkan jika Anda seorang administrator jaringan hendak melakukan remote connection ke jaringan Anda sendiri namun komputer yang hendak Anda remote berada di balik NAT / jaringan yang tidak di routing ke internet, bagaimana melakukannya? Tentu saja dengan tehnik tunneling.
Tehnik tunneling juga dipakai oleh pentester untuk mendukung pekerjaan penetration test. Mari kita lihat tehnik ini berjalan.
Sebagai seorang pentester, saya ditugaskan untuk menjebol sistem sampe tuntas, termasuk jaringan internal target. Singkat cerita, saya telah mendapatkan remote shell dari sebuah komputer yang hanya dapat diakses dari satu subnet jaringan. Setelah ditelusuri, komputer target membuka port 3389 yang artinya service Remote Desktop sedang berjalan dan siap diakses. Namun karena komputer target berada pada jaringan NAT, maka koneksi langsung ke port 3389 akan segera diblok oleh Gateway/Firewall. Saya mencoba koneksi reverse connect dengan netcat, namun yang menjadi penghalang, ternyata OUTBOUND rule pada firewall hanya memperbolehkan koneksi ke port 80 dan 443, selain itu di blok. Untuk itulah saya terpikir untuk menggunakan SSH Tunneling, sebuah server SSH saya siapkan untuk listening di port 80. OIya, saya menggunakan Backtrack untuk melakukan ini semua
Attending PWB Online
During this month, I attended an online training organized by Offensive Security. Training called Pentesting With Backtrack Online (PWB) is really pure guiding all participants to be a hacker. Why do I say this, because the modules are given completely hands-on about how to attack a system.
I had a week of this training and begin to feel dizzy with the challenges provided. At the end of the training, participants are challenged to complete the mission related to a given module. After that, participants are given time to take the exam to gain the OSCP (Offensive Security Certified Professional) certification.
I have a few weaknesses in the areas of programming and software engineering, something I had never been in touch in IT area. I really hope and try to reach OSCP, so a few weeks I will be looking very dazed and disheveled.
This topic was posted simply as a distraction from the logic-flow-execution of a program
Most severe linux kernel bug exposed
from The Register:
Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.
The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn’t always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine.
From all sorts of vulnerabilities of the Linux operating system, this is the most severe. Unfortunately, the details of the bug has been announced before the vendors patching their systems. The hacker can easily penetrate the system access that the previous user privileges to be root privileges. Fortunately, this vulnerabilities occurred in the local operating system, not remotely. We still can say “fortunately”
Update and Patch your system with the distro’s way.
Dangerous of Cracks or Keygen
How many people download pirated programs on the internet? Pirated programs always include a keygen or a crack to open the protection of the commercial software. But, do you realize that most people do not know that keygen and crack are very dangerous against a computer?
Sometimes people do not know that when they use a crack or a keygen, they also run malicious programs such as worm, trojan, virus, or spyware. Here I provide a screenshot of a registry scan in my computer after I run the keygen.exe.
In the screenshot above, I use Process Monitor to see the process tree from file keygen.exe. As you see, they were alter the registry. In some cases, they are not only alter the registry but also create a hidden backdoor, planted into the DLL which will connect silently and you will never realize it (unless you use some utility tools like TCPView). Moreover, they steal private data such as passwords, credit cards information, product keys, capture keystrokes, capture login information, upload our private documents, etc.
So, do you still want to download pirated programs?
Think before click..
How-to: Backtrack 4 USB Persistent Changes
Here is my dirty way to make BT4 running on USB disk instead of run from DVD.
- Boot Live DVD Backtrack 4
- Split your pendrive into 2 partitions, the 1st is for your BT4 files, and the 2nd is for your changes. I have 4 GB pendrive, so i made 2 partitions with 1500MB for BT4 files (with FAT32 FS) and the rest of disk space went to another partition with Ext3 FS. You can use fdisk of cfdisk to make those things.
- Format it using mkfs:
- mkfs.vfat -F 32 -n BT4 /dev/sdb1
- mkfs.ext3 -b 4096 -L casper-rw /dev/sdb2
- Mount them:
- mkdir /mnt/BT4
- mount /dev/sdb1 /mnt/BT4
- Copy all BT4 files from mounted DVD to our new mounted partition (/mnt/BT4)
- rsync -avh /media/cdrom/ /mnt/BT4/
- Instal GRUB boot loader
- grub-install –no-floppy –root-directory=/mnt/BT4 /dev/sdb
- Edit the menu.lst file
- nano /mnt/BT4/boot/grub/menu.lst
- umount /mnt/BT4
- reboot
Start Persistent Live CD <———- find this line
bla bla bla quiet vga=0×317 <———- add vga=0×317 like this
That’s it. Can’t wait for the official release ^^
reference: Offensive-Security
