Automation Scripts for Backtrack 5r3

I have been testing with an excellent set of publicly-available scripts to automate tasks in BackTrack 5R3. I first heard about them when I saw Lee Baird’s presentation at the Appalachian Institute of Digital Evidence (AIDE 2012). You can see the slides courtesy of irongeek.com at this link. Lee Baird had help from Jason Arnold with crack-wifi.sh, and Jason Arnold was the main developer of sslcheck. There was a lot of time and effort put into this package, and I feel that anybody using Backtrack will benefit from using these scripts for automating many important parts of penetration tests. The package is on Google Code and it includes a set of aliases which enable you to update the subversion for the scripts and all of the scripts by simply typing update. Your first step is to download the package from google code from a backtrack shell:

svn co https://backtrack-scripts.googlecode.com/svn/ /opt/scripts
You can watch the video for a full demonstration here…

Or, if you don’t have the time to watch the video, just keep reading…

Ok after you download the scripts into the opt directory the next step is to change the permissions to make the scripts executable.

  chmod 755 /opt/scripts/ -R 



Next we will change into the scripts directory and then run the setup script.

cd /opt/scripts/ 
./setup.sh

Now exit the terminal and open a new terminal and type update

Next we will run the main discover script...


./discover.sh



(Discover is a script that allows you to choose to perform some open source intelligence gathering for the recon portion of your pentest, use Nmap to port scan an external or internal network, start a Metasploit listener, or even run other scripts such as my favorite, crack-wifi.sh.)

Crack-wifi makes the whole process of using airmon-ng, airodump-ng, aireplay-ng, and aircrack-ng to crack a wireless network's key very simple and automated. When you run crack-wifi.sh, a wireless interface is automatically searched for and tested to validate injection. You are then able to scan all your local wireless networks and choose a network to attack. If you have ever used Backtrack to crack a wireless network you know that it takes a few steps and commands to get it going successfully. Well, this script makes it very easy by automating everything. You can begin scanning the local networks for a WEP or WPA key to crack by pressing 1. When you find a network that you want to crack press Ctrl-C, and a window will pop up asking you to enter the Channel, ESSID, BSSID, and Station of the network which you want to attack. If your attack does not generate any data, or enough to crack the key, you can just close all the windows and start again, until the key is cracked. The code is updated on a regular basis, here is the additions that were made recently:
Updates

Aug 20 - Added jigsaw to setup.sh.
Aug 19 - Added goofile to the passive option for scrape.
July 29 - Added crack-wifi.sh to framework.
July 27 - Niko now takes a list of nmap greppable output.
July 25 - Added color to update alias and framework.
July 5 - Updated alias and setup.sh to reflect the new hosted location of sqlmap.
June 28 - Fixed passive recon problems with Whois-IP and LinkedIn returning job titles.
June 20 - After testing Metasploitable 2 by doing a full port scan, I noticed there were some ports missing from my default scan. The following TCP ports have been added: 1524, 6697, 8787, 41364, 48992, 49663, 59034.
June 11 - Scrape now contains passive and active options.
June 5 - Check 'notes' for a To-Do list
June 4 - Added new option - niktos

There are also some python scripts included by Saviour Emmanuel. For more information check out the googlecode wiki by going to the svn location:

They are available for download at http://code.google.com/p/backtrack-scripts/

LastPass offers utilities that can be used in Windows 8.

So I just completed installing Windows 8 RTM Enterprise in a Virtual Machine for security testing and was going to post how much I don’t like it. However, so far it is just like Windows 7 and I haven’t had to use Metro at all. Basically I set up Google Chrome as my default browser and have not had the chance to really complain much yet. However if you use the Metro version of Internet Explorer 10 you can’t use the Lastpass Browser plugin, so it is good that Last Pass has developed some portable versions of Lastpass that you can use in Windows 8. I have tried using Lastpass Pocket and as long as you are the only one using your computer, it should be ok. However, if someone else is using your computer, I don’t recommend using Lastpass pocket if you aren’t very careful. This is because I think that there is only a way to unencrypt all of the data together, and then all your passwords are sitting there looking at you in cleartext. I’m sure that once you close the app, Lastpass encrypts your data again, but you don’t want to leave Pocket open while someone else is on your computer. (Lastpass recommends using IE anywhere rather than Pocket.)

Anyway, I installed CCleaner, LastPass Pocket (LastPass just released a bunch of new different addons and plugins and stuff. I was basically just going there to see if they had developed anything that I could use with Internet Explorer 10, and they have: Lastpass Pocket.

Go there and check out the new ways you can utilize LastPass
  1. Lastpass IE Anywhere
  2. Lastpass Sesame

  3. Lastpass Portable (for Firefox and Chrome)
  4. Lastpass For Applcations
  5. Lastpass Pocket

Now is the perfect time to learn HTML5, CSS3, & Javascript.


Windows 8 needs Apps. Microsoft is desperately in need of people to create web apps for the new Windows 8 platform. I figure this is a great time to dive into learning how to make web applications with HTML5 and Javascript, and Microsoft is offering several videos to teach beginners. For those of you who have little to no knowledge of HTML, CSS, and javascript, there are two video tutorials on Microsoft’s Channel 9 that are essential for beginners. The first one is a series titled HTML5 and CSS3 Fundamentals: Development for absolute beginners. This class is taught by Robert Tabor who is an experienced web developer and he does a good job of attempting to teach beginners the basics of HTML5 and CSS3. I have some experience with older HTML and I really like how simple and streamlined HTML5 has become. For example, to start a document, one no longer has to use a long DOCTYPE like what was used in xhtml 1.0 strict(. The first line of an html document can simply be < !DOCTYPE html>. instead of the old < !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">.
Another great aspect of HTML5 is that it is extremely forgiving and laid back, compared to older HTML standards.

If you just want to read about HTML5’s elements and semantics you should go to W3.org’s website. I am really more interested in learning Javascript, and I have heard that it is not that difficult to learn, so I am taking a crash course in HTML5 before I jump into programming with Javascript. Channel 9 has a followup series titled: Javascript Fundamentals also on Channel 9 hosted by Bob Tabor as well. I recommend both of these series to any aspiring developer out there, but I want to warn you, you need to devote a lot of time to this and helps to have a passion for learning. I have always loved computers, but when I was young, I had no idea how complicated they were. Once I started learning how computers worked, I got hooked in and ever since then I have learned something new every single day. It’s only natural that I start programming and developing applications and Microsoft has a strong need for new developers to make apps for Windows 8.

Troubleshooting XP (still in 2012?)

Evil Windows XP

Evil XP edition

I have had a few problems in the past week and a half that have really impacted my workflow, taking more time to fix than I had expected.

The first problem that I had to solve was on a Windows XP computer of one of my clients’. Apparently someone had run a registry cleaner on it, and the TCP/IP Network Stack had become corrupt. This is nothing new, and has happened more than a few times on many XP machines, however each time is unique. I immediately noticed that Ipconfig would return an error of “the system cannot find the file specified, unable to query hostname” (or something similar to that effect.) First thing to do is try a system restore, so I tried several different restore points and none of them would return a usable networking state. Next, I would attempt to boot from a Windows XP disc and press R for repair. Of course the client could not find the Windows XP disk, so I grabbed one of mine and attempted a repair install. The thing about OEM Windows XP is that often “press R to attempt a repair install” is not given as an option. This would have been too easy.

The computer I was working on was an OLD, old Dell. Next, I ran SFC /Scannow, (which in XP needs a disc to replace corrupt files) but was met with a refusal to accept my disc as a possible source to replace the missing system files. I would have to get more creative. I went on to run the old chkdsk /r utility just for good measure, while I did some research (it’s been awhile since I had to rebuild the network stack in XP). I have a Windows XP utility disc which included a couple of classic utilities that were designed just for this purpose… “Winsock fix and XP-TCPrepair.” Perfect, I thought as I reset the winsock and prepared to have networking back on my side. However, this did not work and i had to dive deeper into the registry to see exactly what was missing. I went through all the utilities on the computer, hoping to be able to undo whatever optimizations had been done to the registry. I found Auslogics SpeedBoost, and reset all of the most recent changes to the system. I also saw that Advanced System Care was also on the machine and I was able to restore that program’s latest changes. However, this was not enough, the computer would not connect to the internet. The network connection was reporting itself as working, but there was no internet connectivity. I noticed that a tool called Registry Repair Wizard had recently been uninstalled completely. I went into Revo Uninstaller and attempted to restore the uninstallation, but was not able to get this program back in a state that would allow for me to easily see exactly what was erroneously removed from the registry.

The whole time this was going on Windows Network Diagnostics was returning an error of “Network Diagnostics is unable to repair the connection.” I remember vaguely that most of the information on the Microsoft sites related to this issue did not really offer a solution besides “Call Support, or Reinstall the operating system.” There was this informational post that did enable me to see what was really wrong with this computer’s stack… Obviously, it would have been easiest to restore the system from a backup, but “who really backs up their old XP machines anyway, right?” I learned an important rule a long time ago in regards to Microsoft’s “support” websites…. “Don’t listen to their advice unless it is a last resort.” All over Microsoft’s site was the commands:
netsh winsock reset and netsh int ip reset c:reset.log … Well neither of these did anything different from what those winsock repair tools I mentioned earlier did. Everywhere on the net you can see links that tell you to use these two commands to reset your tcp/ip network stack, but what do you do when this doesn’t work?
And then Boom, I found what I was looking for here… http://www.electrictoolbox.com/reinstall-tcpip-windows/ Thank You for this impossible to remember exactly step by step method of Really fixing the TCP/IP networking stack in Windows XP. If you ever come across this problem again and the old netsh int ip reset C:reset.log doesn’t work for you either, remember to find this page.