Automation Scripts for Backtrack 5r3

I have been testing with an excellent set of publicly-available scripts to automate tasks in BackTrack 5R3. I first heard about them when I saw Lee Baird’s presentation at the Appalachian Institute of Digital Evidence (AIDE 2012). You can see the slides courtesy of at this link. Lee Baird had help from Jason Arnold with, and Jason Arnold was the main developer of sslcheck. There was a lot of time and effort put into this package, and I feel that anybody using Backtrack will benefit from using these scripts for automating many important parts of penetration tests. The package is on Google Code and it includes a set of aliases which enable you to update the subversion for the scripts and all of the scripts by simply typing update. Your first step is to download the package from google code from a backtrack shell:

svn co /opt/scripts
You can watch the video for a full demonstration here…

Or, if you don’t have the time to watch the video, just keep reading…

Ok after you download the scripts into the opt directory the next step is to change the permissions to make the scripts executable.

  chmod 755 /opt/scripts/ -R 

Next we will change into the scripts directory and then run the setup script.

cd /opt/scripts/ 

Now exit the terminal and open a new terminal and type update

Next we will run the main discover script...


(Discover is a script that allows you to choose to perform some open source intelligence gathering for the recon portion of your pentest, use Nmap to port scan an external or internal network, start a Metasploit listener, or even run other scripts such as my favorite,

Crack-wifi makes the whole process of using airmon-ng, airodump-ng, aireplay-ng, and aircrack-ng to crack a wireless network's key very simple and automated. When you run, a wireless interface is automatically searched for and tested to validate injection. You are then able to scan all your local wireless networks and choose a network to attack. If you have ever used Backtrack to crack a wireless network you know that it takes a few steps and commands to get it going successfully. Well, this script makes it very easy by automating everything. You can begin scanning the local networks for a WEP or WPA key to crack by pressing 1. When you find a network that you want to crack press Ctrl-C, and a window will pop up asking you to enter the Channel, ESSID, BSSID, and Station of the network which you want to attack. If your attack does not generate any data, or enough to crack the key, you can just close all the windows and start again, until the key is cracked. The code is updated on a regular basis, here is the additions that were made recently:

Aug 20 - Added jigsaw to
Aug 19 - Added goofile to the passive option for scrape.
July 29 - Added to framework.
July 27 - Niko now takes a list of nmap greppable output.
July 25 - Added color to update alias and framework.
July 5 - Updated alias and to reflect the new hosted location of sqlmap.
June 28 - Fixed passive recon problems with Whois-IP and LinkedIn returning job titles.
June 20 - After testing Metasploitable 2 by doing a full port scan, I noticed there were some ports missing from my default scan. The following TCP ports have been added: 1524, 6697, 8787, 41364, 48992, 49663, 59034.
June 11 - Scrape now contains passive and active options.
June 5 - Check 'notes' for a To-Do list
June 4 - Added new option - niktos

There are also some python scripts included by Saviour Emmanuel. For more information check out the googlecode wiki by going to the svn location:

They are available for download at

Hackers can steal new “keyless” BMW’s in 2 minutes

What did BMW think when they decided to allow for electronic keyless entry and ignition. Did they really think they could protect buyers from hackers? Don’t they know by now that if they are going to use computers inside their vehicles that they must hire a team of security experts. I feel bad for anyone who bought one of these “hackable rides”

We’re Officially in the Age of CyberWarfare

We’re Officially in the Age of MalWar.

In the first week of June, NY Times Reporter David E. Sanger published an article titled “How a Secret Cyberwar Program Worked.” This article was actually a sneak preview into David’s new book that has now been released titled: “Confront and Conceal” This claim was far from unbelievable as many CyberSecurity professionals, (myself included) had already guessed that the United States and/or Israel had to be behind the “Stuxnet”, and also the newfound “Flame” viruses.

What was unbelievable was that this was published at all, especially by a United States citizen. This borders on the line of treason and if it was 20 years ago, anyone reporting this to the world would have been called a traitor and brought up on federal charges. For at the past few years, we have been living in a new age, the age of “CyberWarfare”.

Through Mr. Sanger, The New York Times revealed — a report citing anonymous “sources” involved in the program — that two White House administrations and Israel collaborated to create the Stuxnet worm and deployed it to attack an Iranian nuclear facility. According to the Times, the operation dubbed “Olympic Games” began during the George W. Bush administration, when frustration over Iran’s developing nuclear program was at a fever pitch in 2006. The CIA had tried more traditional means of sabotaging Iran’s nuclear facility, attempting to get faulty and even booby-trapped parts set to explode into the facility, but with little success.

In the last few years of the Bush presidency, a bit of code called a beacon was developed and smuggled into the Iranian facility. Its job was to gather information on the SCADA computer systems, essentially creating an electronic map that would then be sent back to the National Security Agency. The beacon did its job and its findings, coupled with some follow-up research and experimentation in a joint effort between Washington and Israel, yielded the development of Stuxnet. The idea behind the worm was to infiltrate the systems that control centrifuges, which spin at high speeds to separate uranium molecules. The virus would vary the speeds of the spinning machines rapidly, speeding them up and slowing them down in quick succession until the delicate parts gave way under the stress.

Iran’s centrifuges first began spinning out of control for no apparent reason in 2008, but no damage was done. Bush left office and pressed the new President Obama to preserve “Olympic Games.” The 44th President took his predecessor’s advice and continued the operation. Stuxnet was designed to interact with the Siemens SCADA computer equipment that Iran was known to use in their “secret” uranium enrichment plants. (“SCADA” stands for Supervisory Control and Data Acquisition.)

In 2010, the worm escaped the confines of the Iranian plant, apparently on an engineer’s personal laptop. It soon began to propagate itself on the Internet, and when discovered by security researchers, it made worldwide headlines. Even with the cat out of the bag, Obama pressed on and shortly thereafter the worm took down nearly 1,000 centrifuges. Several years after President Bush had marked Iran in his infamous “Axis of Evil” State of the Union speech, the United States and Israel had launched a successful attack to do real (if only temporary) damage to the country’s infrastructure. The weapon started on a USB thumb drive and the ammunition was a chunk of code – the initial tools of CyberWarfare.

The main problem with Iran knowing who is behind the attack is of course the threat of retaliation. The threat of Cyber Retaliation is going to be a major problem because it doesn’t cost as much to write some malicious code as it does to strengthen a military. Iran has just created its own Computer Emergency Response Team, and it will not be long before it begins training and enlisting malicious coders to help it mount a retaliation.

CyberWarfare doesn’t just break down the importance of geographic boundaries, it also strips away the prominence of political boundaries and nation-states themselves. Just as terror networks driven by ideology rather than nationalism changed how we think about national and global security, CyberWarfare further decentralizes those threats. Fifteen years ago, the simplest way to launch a strike on Iran’s infrastructure (to say nothing of planning for Iran’s likely retaliation) might have involved a supersonic bomber taking off from a base in Missouri, dropping a payload and heading back home. The resources to pull off that single bomb run have required many years, several big defense contracts and several billions in taxpayer dollars to create. That means that the barrier to entry for engaging in global warfare was pretty much restricted to nations. Now, in the age of MalWar, that bar has been lowered dramatically.

While worms like Stuxnet and the recently discovered Flame are believed to be so complex that they could only have been created with the backing of a large government, that won’t be true forever, and it may not even be true any longer as I write this, if it ever was.

In fact, as Data Center Pro and MIT’s Technology Review point out, hackers have already begun to learn from Stuxnet, and some of the worm’s code even showed up in TDL-4, the so-called “indestructible” zombie botnet. This means the confusing array of hacks, DDOSes and defacements perpetrated by Anonymous, AntiSec and other groups (if you can even call them that) with a dizzying variety of names, structures, associations and motives could be just the beginning.

Many of the world’s Industrial Control Systems like those Stuxnet infiltrated are woefully short on anti-virus and basic security protection, and the foundation for launching CyberWarfare on them is now loose in the wild. It may not be long until a now unknown group conducts an attack on a power plant to make a political statement, or takes down a sewage treatment plant.

(This article was based on a GroovyPost.) article by Eric mack

Hackers Bring Down D.C Government Websites

Hackers launched a DoS denial of service attack on D.C. government websites today, clogging the system with a flurry of requests so that it operates extremely slow or is impossible to load.

“The District government has detected an attempted intrusion into it’s technology infrastructure system,” the D.C. Department of Homeland Security and Emergency Management said in an email to specified recipients around noon.

A DDOS or Distributed Denial of Service is one attack that is very difficult to thwart. Often a website can be brought down by attackers using many computers to send a synchronized flurry of requests toward specific ip addresses. “These attacks are not very difficult to construct and rely more on having a bevy of attacking machines under control at once, often Botnets are used to carry out these Denial of Service attacks.” Often, the only defense against these attacks is to simply throw more bandwidth at the problem. Networks that cannot handle the excessive traffic often just have to wait out the attack.

Homeland Security warned “Customers may experience intermittent difficulties in accessing the District’s web site as we attempt to address the issue. We are aggressively working to resolve this matter.”

In January the group launched a similar attack against the UFC for its support of the controversial Stop Online Piracy Act that was debated by Congress earlier this year. DDoS attacks have been launched by a variety of groups such as Anonymous and LulzSec against federal government websites and servers, including the FBI and CIA.