tag:blogger.com,1999:blog-86208347328550521122024-02-19T20:39:04.914-08:00Linux ZealDexterPOSHhttp://www.blogger.com/profile/13802523451223949736noreply@blogger.comBlogger13125tag:blogger.com,1999:blog-8620834732855052112.post-83783779903228849312011-11-10T09:09:00.001-08:002016-08-21T00:57:05.150-07:00Password reset via Recovery mode + Passwd protecting GRUB entries.<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
This is the most common technique used, what I try when i get an Ubuntu System with un-protected Recovery Mode GRUB entries. Read this from <a href="http://howtogeek.com/"><span style="color: lime;">howtogeek.com</span></a><br />
<br />
<br />
First a quick look into how to reset password via the Recovery mode.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJF3BZ9ROBin1RtU_nzYqHuUn5jiNJGmCsh8uknZ3CH0AEUL06TRrli2FhvJR4QJ4hdgXVrPtrNOjFs-bfNTIVuj_BVIvToMuiMUTa5SqNDHGZBqk89wN-mZJjPi5JAGZx71UyVLvjYRzX/s1600/image33.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJF3BZ9ROBin1RtU_nzYqHuUn5jiNJGmCsh8uknZ3CH0AEUL06TRrli2FhvJR4QJ4hdgXVrPtrNOjFs-bfNTIVuj_BVIvToMuiMUTa5SqNDHGZBqk89wN-mZJjPi5JAGZx71UyVLvjYRzX/s1600/image33.png" /></a></div>
When a ubuntu machine boots up it presents us with a GRUB loading screen. Hit <span style="color: red;">"Esc"</span> to get to the menu as shown below :<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5JkxqH4bOGqRCw5CSLYFB7slcbQ4ETQ8VHv2dmVn-eTioGx4khyphenhyphenDwDcOdvH6wcY54CRmv2_PjvBhJP0JK1_vd3cej8_LLGbYvmghGB5c6loiXJmzugy_mhHAlOYCXQvTPzTKx_EQ2_Ota/s1600/image%25405b3%25405d.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5JkxqH4bOGqRCw5CSLYFB7slcbQ4ETQ8VHv2dmVn-eTioGx4khyphenhyphenDwDcOdvH6wcY54CRmv2_PjvBhJP0JK1_vd3cej8_LLGbYvmghGB5c6loiXJmzugy_mhHAlOYCXQvTPzTKx_EQ2_Ota/s1600/image%25405b3%25405d.png" /></a></div>
Now the highlighted entry is the Recovery Mode. From here you can either select <span style="color: red;">"drop to shell prompt"</span> and if it still asks for a password, then you can try this.<br />
Select the Recovery mode entry and press <span style="color: red;">"e"</span> to edit the entry.<br />
<br />
Then in next screen select the Kernel entry. You are presented as an entry like this.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsR8uS8bL-82W7tShNd0Je9NDDpnZ9_2TSwhBc4IclLdbII0_sOOfgYTHOytmve6e3m1OD5SVFgvXQ35sPFyIAiYrkeGt5BZrssY5N9pV3wP7SAPV3_RUyZd85FF0RsOGHSIPGzJW3-fNy/s1600/image36.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsR8uS8bL-82W7tShNd0Je9NDDpnZ9_2TSwhBc4IclLdbII0_sOOfgYTHOytmve6e3m1OD5SVFgvXQ35sPFyIAiYrkeGt5BZrssY5N9pV3wP7SAPV3_RUyZd85FF0RsOGHSIPGzJW3-fNy/s1600/image36.png" /> </a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
Now replace <span style="color: red;">"ro quiet splash"</span> with<br />
<div style="color: red;">
<br /></div>
<span style="color: red;">rw init=/bin/bash</span><br />
<br />
Once you have done this hit <span style="color: red;">"Enter"</span> and use <span style="color: red;">"b"</span> to boot<br />
<br />
You are presented with a root shell<br />
<br />
Issue <span style="color: red;">"passwd"</span> command to change password for root.<br />
Issue <span style="color: red;">"passwd <username>"</span> to change password for a user.<br />
<br />
<br />
Issue <span style="color: red;">"sync" </span>command to write the changes to disk.<br />
<span id="goog_1347545404"></span><span id="goog_1347545405"></span><br />
<span id="goog_952439794"></span><span id="goog_952439795"></span></div>
DexterPOSHhttp://www.blogger.com/profile/13802523451223949736noreply@blogger.com3tag:blogger.com,1999:blog-8620834732855052112.post-44082832347292018692011-07-16T06:35:00.000-07:002011-07-16T06:35:03.247-07:00chntpw - the Offline NT password Editor !As explained in Wikipedia,<b> chntpw</b> is a software utility for resetting or blanking local passwords used by <span style="font-size: large;">Windows NT, 2000, XP, Vista</span>, and <span style="font-size: large;">7</span>. It does this by editing the SAM database where Windows stores password hashes.<br />
I know many of you would be already knowing this or other methods e.g. utilman method. <br />
<br />
<br />
<br />
Now first of all you need a BackTrack LiveCD or any other Security Distro with chnptw pre-installed or you can download it afterwards from BackTrack repository.<br />
<br />
Steps to follow :<br />
<span style="font-size: large;"><b>1.</b></span> <b>Boot your system using BackTrack LiveCD.</b><br />
<br />
<span style="font-size: large;"><b>2.</b></span> <b>Mount your partition containing Windows.</b><br />
<br />
<span style="color: red;">root@bt:~# fdisk -l</span><br />
<br />
<br />
Device Boot Start End Blocks Id System<br />
/dev/sda1 * 1 10683 85811166 83 Linux<br />
/dev/sda2 10684 14762 32764567+ 83 Linux<br />
<span style="color: lime;">/dev/sda3 14801 56885 338047762+ f W95 Ext'd (LBA)</span><br />
/dev/sda4 56886 60801 31455270 7 HPFS/NTFS<br />
/dev/sda5 14802 32664 143484547+ 7 HPFS/NTFS<br />
/dev/sda6 32665 56885 194555151 83 Linux<br />
<br />
<span style="color: red;">root@bt:~# cd /media; mkdir dex</span><br style="color: red;" /><div style="color: red;">root@bt:~# mount -t ntfs /dev/sda3 /media/dex</div> <br />
Note - /dev/sda4 is partition containing Windows and /media/dex is the mount point.<br />
<br />
<b><span style="font-size: large;">3.</span> Fire up chntpw.</b><br />
<div style="color: black;"><br />
</div><div style="color: red;"><span style="color: black;">Though it is pretty explanatory but here's an example as how to remove password from an Admin account which is locked. </span></div><div style="color: red;"><br />
</div><div style="color: red;">root@bt:~# cd /pentest/passwords/chntpw/<br />
root@bt:/pentest/passwords/chntpw# </div><span style="color: red;">root@bt:/pentest/passwords/chntpw# find /media/dex/ -iname sam</span><br />
/media/dex/Windows/System32/config/RegBack/SAM<br />
<span style="color: lime;">/media/dex/Windows/System32/config/SAM</span><br />
^C<br />
<span style="color: red;">root@bt:/pentest/passwords/chntpw# ./chntpw -i /media/dex/Windows/System32/config/SAM</span><br />
<br />
<>========<> chntpw Main Interactive Menu <>========<><br />
<br />
Loaded hives: </media/dex/Windows/System32/config/SAM><br />
<br />
1 - Edit user data and passwords<br />
- - -<br />
9 - Registry editor, now with full write support!<br />
q - Quit (you will be asked if there is something to save)<br />
<br />
What to do? [1] -> <span style="color: red;">1</span><br />
===== chntpw Edit User Info & Passwords ====<br />
<br />
| RID -|---------- Username -------------| Admin? |<span style="color: black;">- Lock? --|</span><br />
<span style="color: lime;">| 01f4 | Administrator | ADMIN | dis/lock |</span><br />
| 03e8 | Dexter | ADMIN | dis/lock |<br />
| 01f5 | Guest | | dis/lock |<br />
<br />
Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)<br />
or simply enter the username to change: [Administrator]<span style="color: red;"> Administrator</span><br />
<br />
- - - - User Edit Menu:<br />
1 - Clear (blank) user password<br />
2 - Edit (set new) user password (careful with this on XP or Vista)<br />
3 - Promote user (make user an administrator)<br />
4 - Unlock and enable user account [probably locked now]<br />
q - Quit editing user, back to user select<br />
Select: [q] ><span style="color: red;"> 1</span><br />
<span style="color: lime;">Password cleared!</span><br />
<br />
Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)<br />
or simply enter the username to change: [Administrator] <span style="color: red;">Administrator</span><br />
<br />
- - - - User Edit Menu:<br />
1 - Clear (blank) user password<br />
2 - Edit (set new) user password (careful with this on XP or Vista)<br />
3 - Promote user (make user an administrator)<br />
4 - Unlock and enable user account [probably locked now]<br />
q - Quit editing user, back to user select<br />
Select: [q] ><span style="color: red;"> 4</span><br />
<span style="color: lime;">Unlocked!</span> <span style="color: cyan;"> <span style="color: lime;"> [note- this step is important as the Admin account was locked</span>]</span><br />
<br />
Select: ! - quit, . - list users, 0x<RID> - User with RID (hex)<br />
or simply enter the username to change: [Administrator] <span style="color: red;">!</span><br />
<br />
<>========<> chntpw Main Interactive Menu <>========<><br />
<br />
Loaded hives: </media/dex/Windows/System32/config/SAM><br />
<br />
1 - Edit user data and passwords<br />
- - -<br />
9 - Registry editor, now with full write support!<br />
q - Quit (you will be asked if there is something to save)<br />
<br />
<br />
What to do? [1] -><span style="color: red;"> q</span><br />
<br />
<br />
Hives that have changed:<br />
# Name<br />
0 </media/dex/Windows/System32/config/SAM><br />
Write hive files? (y/n) [n] :<span style="color: red;"> y</span><br />
0 </media/dexWindows/System32/config/SAM> - OK<br />
<span style="color: red;">root@bt:/pentest/passwords/chntpw# </span><br />
<br />
<br />
It's done. Next time you login to your Windows with username Administrator and no password... :)DexterPOSHhttp://www.blogger.com/profile/13802523451223949736noreply@blogger.com1tag:blogger.com,1999:blog-8620834732855052112.post-19134722748697188042011-06-14T23:23:00.000-07:002011-06-14T23:23:05.586-07:00Mobile Dial-Up in Back Track 5.<div dir="ltr" style="text-align: left;" trbidi="on">Installed BackTrack5 codename "<span style="font-size: large;">Revolution</span>" and was a bit frustrated when didn't found wvdial pre-installed in there.<br />
As most of people around me use dial-up connections to use Internet. So searched for a solution and found that "pon,poff and plog" scripts can be used to control PPP connections (pre-installed in BackTrack5).<br />
<br />
<b>NOTE---</b> The method is explained below. Comments are in <span style="color: lime;">Green</span> color and commands and the files content that is to be added are in <span style="color: red;">Red</span> color.<br />
<br />
<span style="font-size: large;"><b>Step 1</b></span><br />
<br />
Plug the Data Cable in Phone n see if it is recognized by the kernel.<br />
<br />
root@bt:~#tail /var/log/messages<br />
<br />
should result something like this <br />
<br />
localhost kernel: [4295346.417000] usb 1-1: new full speed USB device using ohci_hcd and address3<br />
localhost kernel: [4295348.125000] cdc_acm 1-1:1.8: <span style="color: red;">ttyACM0</span>: USB ACM device<br />
localhost kernel: [4295348.133000] usbcore: registered new driver cdc_acm<br />
localhost kernel: [4295348.133000] drivers/usb/class/cdc-acm.c: v0.23:USB Abstract Control Model driver for USB modems and ISDN adapters <span style="color: lime;"><---says that uses cdc-acm driver & that OS sees this device at /dev/ttyACM0</span><br />
<br />
<br />
<span style="font-size: large;"><b>Step 2</b></span><br />
<br />
Configure Ubuntu(bt5) to communicate with my phone.<br />
<br />
Need to have ppp , it comes pre-installed in bt5 [ root@bt:~#apt-get install ppp]<br />
<br />
Now , I need to create a configuration file that will tell BT5 , how to communicate with the phone<br />
<br />
<br />
<div style="color: red;">root@bt:~# nano /etc/ppp/peers/mobile </div><div style="color: red;"><br />
</div><div style="color: red;">debug</div><div style="color: red;">noauth</div><div style="color: red;">connect "/usr/sbin/chat -v -f /etc/chatscripts/mobile"</div><div style="color: red;">usepeerdns</div><div style="color: red;">/dev/ttyACM0 115200 <span style="color: lime;"><--Need to use the device modem is recognized as (step1)</span></div><div style="color: red;">defaultroute</div><div style="color: red;">crtscts</div><div style="color: red;">lcp-echo-failure 0</div><br />
My OS will send some commands to my phone to tell it to connect to the internet.These commands are stored in the chat script,and are sent when i try to connect.<br />
<br />
<div style="color: red;">root@bt:~#nano /etc/chatscripts/mobile</div><div style="color: red;"><br />
</div><div style="color: red;">TIMEOUT 35</div><div style="color: red;">ECHO ON</div><div style="color: red;">ABORT '\nBUSY\r'</div><div style="color: red;">ABORT '\nERROR\r'</div><div style="color: red;">ABORT '\nNO ANSWER\r'</div><div style="color: red;">ABORT '\nNO CARRIER\r'</div><div style="color: red;">ABORT '\nNO DIALTONE\r'</div><div style="color: red;">ABORT '\nRINGING\r\n\r\nRINGING\r'</div><div style="color: red;">'' \rAT</div><div style="color: red;">OK 'AT+CGDCONT=1,"IP","INTERNET"' </div><div style="color: red;">OK ATD*99***1#</div><div style="color: red;">CONNECT ""</div><br />
If I can connect in my phone without the PC,then this should work. If not then the likely points if the failure are the <br />
'AT+CGDCONT=1,"IP","INTERNET"'<br />
<br />
"INTERNET" in above line is the <span style="color: red;">Access Point Name</span>...Get it From the Phone.<br />
<br />
<br />
<span style="font-size: large;"><b>Step 3</b></span><br />
<br />
Ready to connect<br />
<br />
To dial use<br />
<div style="color: red;">root@bt:~#pon mobile</div><br />
To disconnect<br />
<div style="color: red;">root@bt:~# poff mobile</div><br />
<b>Note---</b>Whatever connection are communicated between the Phone N OS can be seen @ /var/log/syslog<br />
<br />
<div style="color: red;">root@bt:~#tail -f /var/log/syslog</div><br />
to view the messages "live" on the Terminal</div>DexterPOSHhttp://www.blogger.com/profile/13802523451223949736noreply@blogger.com0tag:blogger.com,1999:blog-8620834732855052112.post-61444981317800632362011-05-28T03:22:00.000-07:002011-05-28T03:54:24.150-07:00Omegle Spy Bot !<div dir="ltr" style="text-align: left;" trbidi="on"><div style="color: #0b5394;"><span style="color: blue;">NOT ILLEGAL BECAUSE OMEGLE DOESN'T HAVE A TERMS OF SERVICE - From the Creator of the Tool</span></div><div style="color: #0b5394;"><br />
</div>Few days back came across an awesome Java executable name "Omegle Spy Bot". Credit goes to the creator of this app and can be found<span style="font-size: large;"><a href="http://code.google.com/p/omegle-spy/"> here</a></span> under the download section.<br />
<br />
You need Java installed on your system to run this app, works fine in Windows too.<br />
For Linux users issue following on terminal<br />
<div style="color: red;"><br />
</div><div style="color: red;">Code:</div><span style="color: red;">dex@desktop :~$ sudo java -jar OmegeleSpy.jar</span><br />
<br />
The GUI of this app is pretty explanatory.<br />
Start by clicking on "Start new conversation"<br />
Here's a snapshot. <br />
<div style="color: #38761d;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUMJD2qnALh1dl6t913oiIf-BZFb2-2OnrCxo90OiykipfOIxoMu8q_XrV6k-DwQDCE7M76vKoBb3fa0NLsaFIfgBboy8AlMnvT_3hO-FWzKoH7p9TAG6F-0mYPb-qvOt7LEzOn3CadpCh/s1600/omegle.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="241" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUMJD2qnALh1dl6t913oiIf-BZFb2-2OnrCxo90OiykipfOIxoMu8q_XrV6k-DwQDCE7M76vKoBb3fa0NLsaFIfgBboy8AlMnvT_3hO-FWzKoH7p9TAG6F-0mYPb-qvOt7LEzOn3CadpCh/s320/omegle.png" width="320" /></a></div><br />
</div><br />
Then they start their normal conversation you can watch the conversation.<br />
Send message to either one from another one. Disconnect a user and impersonate him...Check it out ! Fun !</div>DexterPOSHhttp://www.blogger.com/profile/13802523451223949736noreply@blogger.com1tag:blogger.com,1999:blog-8620834732855052112.post-40406802741064880102011-05-25T23:46:00.000-07:002011-05-26T01:59:17.153-07:00Using Google's Open DNS servers !<div dir="ltr" style="text-align: left;" trbidi="on">It's better to use <span style="font-size: large;">Google's Open DNS server </span>rather than one provided with your ISP.<br />
<br />
There's a minor thing to take notice of in this method to work, as most of Linux users know for setting up DNS Server to use one needs to edit <span style="font-size: large;">/etc/resolv.conf</span> file.<br />
<br />
so do this<br />
<br />
<div style="color: red;">code:</div><div style="color: red;">dex@desktop :~$ sudo gedit /etc/resolv.conf</div><div style="color: red;">nameserver 8.8.8.8<br />
nameserver 8.8.4.4 </div><div style="color: red;">dex@desktop :~$ chattr +i /etc/resolv.conf</div><br />
Note :: Used <b>chattr </b>command here to give file resolv.conf <b>immutable file </b>attribute so that next time you reboot or restart your networking interface(s) your DNS servers will not be reset by the system to use the settings given by the DHCP server.<br />
<br />
When you want to change again the file resolv.conf, first issue the following command to remove the immutable file attribute first before editing resolv.conf .<br />
<br />
<div style="color: red;">code:</div><span style="color: red;">dex@desktop :~$ sudo chattr -i /etc/resolv.conf</span><br />
<br />
Someone suggested to me that Open DNS is better in terms of latency. So can also use as per need these DNS too :<br />
<br />
208.67.222.222<br />
208.67.220.220<br />
</div>DexterPOSHhttp://www.blogger.com/profile/13802523451223949736noreply@blogger.com0tag:blogger.com,1999:blog-8620834732855052112.post-51615842503031806422011-05-17T20:57:00.000-07:002011-05-17T20:57:26.343-07:00Google Dork for Security Cameras !!<div dir="ltr" style="text-align: left;" trbidi="on">Use this Google Search Terms or Google Dorks to find several unattended Security Cams.<br />
<br />
<span style="color: red;">Note :: Use for fun only , do not stalk others !!</span> <br />
<br />
<br />
inurl:ViewerFrame?Mode=<br />
intitle:Axis 2400 video server<br />
inurl:/view.shtml<br />
intitle:Live View / - AXIS<br />
inurl:view/view.shtml^<br />
inurl:ViewerFrame?Mode=<br />
inurl:ViewerFrame?Mode=Refresh<br />
inurl:axis-cgi/jpg<br />
inurl:axis-cgi/mjpg (motion-JPEG)<br />
inurl:view/indexFrame.shtml<br />
inurl:view/index.shtml<br />
inurl:view/view.shtml<br />
liveapplet<br />
intitle:live view intitle:axis<br />
intitle:liveapplet<br />
allintitle:Network Camera NetworkCamera<br />
intitle:axis intitle:video server<br />
intitle:liveapplet inurl:LvAppl<br />
intitle:EvoCam inurl:webcam.html<br />
intitle:Live NetSnap Cam-Server feed<br />
intitle:Live View / - AXIS<br />
intitle:Live View / - AXIS 206M<br />
intitle:Live View / - AXIS 206W<br />
intitle:Live View / - AXIS 210?<br />
inurl:indexFrame.shtml Axis<br />
inurl:MultiCameraFrame?Mode=Motion<br />
intitle:start inurl:cgistart<br />
intitle:WJ-NT104 Main Page<br />
intext:MOBOTIX M1? intext:Open Menu<br />
intext:MOBOTIX M10? intext:Open Menu<br />
intext:MOBOTIX D10? intext:Open Menu<br />
intitle:snc-z20 inurl:home/<br />
intitle:snc-cs3 inurl:home/<br />
intitle:snc-rz30 inurl:home/<br />
intitle:sony network camera snc-p1?<br />
intitle:sony network camera snc-m1?<br />
site:.viewnetcam.com -www.viewnetcam.com<br />
intitle:Toshiba Network Camera user login<br />
intitle:netcam live image<br />
intitle:i-Catcher Console - Web Monitor<br />
inurl:”ViewerFrame?Mode=<br />
intitle:Axis 2400 video server<br />
inurl:/view.shtml<br />
intitle:”Live View / - AXIS” | inurl:view/view.shtml^<br />
inurl:ViewerFrame?Mode=<br />
inurl:ViewerFrame?Mode=Refresh<br />
inurl:axis-cgi/jpg<br />
inurl:axis-cgi/mjpg (motion-JPEG)<br />
inurl:view/indexFrame.shtml<br />
inurl:view/index.shtml<br />
inurl:view/view.shtml<br />
liveapplet<br />
intitle:”live view” intitle:axis<br />
intitle:liveapplet<br />
allintitle:”Network Camera NetworkCamera”<br />
intitle:axis intitle:”video server”<br />
intitle:liveapplet inurl:LvAppl<br />
intitle:”EvoCam” inurl:”webcam.html”<br />
intitle:”Live NetSnap Cam-Server feed”<br />
intitle:”Live View / - AXIS”<br />
intitle:”Live View / - AXIS 206M”<br />
intitle:”Live View / - AXIS 206W”<br />
intitle:”Live View / - AXIS 210″<br />
inurl:indexFrame.shtml Axis<br />
inurl:”MultiCameraFrame?Mode=Motion”<br />
intitle:start inurl:cgistart<br />
intitle:”WJ-NT104 Main Page”<br />
intext:”MOBOTIX M1″ intext:”Open Menu”<br />
intext:”MOBOTIX M10″ intext:”Open Menu”<br />
intext:”MOBOTIX D10″ intext:”Open Menu”<br />
intitle:snc-z20 inurl:home/<br />
intitle:snc-cs3 inurl:home/<br />
intitle:snc-rz30 inurl:home/<br />
intitle:”sony network camera snc-p1″<br />
intitle:”sony network camera snc-m1″<br />
site:.viewnetcam.com -www.viewnetcam.com<br />
intitle:”Toshiba Network Camera” user login<br />
intitle:”netcam live image”<br />
intitle:”i-Catcher Console - Web Monitor” </div>DexterPOSHhttp://www.blogger.com/profile/13802523451223949736noreply@blogger.com1tag:blogger.com,1999:blog-8620834732855052112.post-33979447197157486062011-05-16T06:50:00.000-07:002011-05-16T06:53:54.790-07:00Online VNC , SSH and Remote Desktop Scanner !<div dir="ltr" style="text-align: left;" trbidi="on">Today, I came across these awesome Online tools to search for VNC, RDP & SSH ports open in an IP address range !! Do check them out !!<a href="http://www.blogger.com/post-create.g?blogID=8620834732855052112" name="2869284966313988672"></a> <br />
<h3 class="post-title entry-title" style="text-align: left;"><span style="color: #444444;">Note :: </span><span style="color: #444444; font-size: small;"><i style="font-weight: normal;">These tools doesn't Brute force, simply checks if the service ports are open</i></span><span style="color: #444444;">.</span> <br />
</h3><br />
<br />
<a href="http://scan.subhashdasyam.com/vnc-scanner.php">Online VNC Scanner </a><br />
<span style="font-style: italic;">This scans the VNC and gives you the IP address in <span style="color: lime;">Green</span>.</span><br />
<br />
<a href="http://scan.subhashdasyam.com/remote-desktop-scanner.php">Online Remote Desktop Scanner</a><br />
<span style="font-style: italic;">This scans the Remote Desktop / RDP and gives you the IP address in <span style="color: lime;"> Green</span>.</span><br />
<br />
<a href="http://scan.subhashdasyam.com/ssh-scanner.php">Online SSH Scanner</a><br />
<span style="font-style: italic;">This scans the SSH and gives you the IP address in <span style="color: lime;">Green</span>.</span></div>DexterPOSHhttp://www.blogger.com/profile/13802523451223949736noreply@blogger.com0tag:blogger.com,1999:blog-8620834732855052112.post-32957261227710395052011-05-13T22:00:00.000-07:002011-05-13T22:00:04.495-07:00BackTrack5 Released !!<div dir="ltr" style="text-align: left;" trbidi="on">This new revision has been built from scratch, and boasts several major improvements over all previous releases.Based on <span style="color: red;">Ubuntu Lucid LTS</span>. <span style="color: red;">Kernel 2.6.38</span>, patched with all relevant wireless injection patches. Fully open source and GPL compliant. BackTrack 5 comes in several flavors and architectures.<br />
<br />
BackTrack5 Codename<span style="font-size: large;"> "Revolution"</span> this time comes with <span style="font-size: large;">GNOME</span> Desktop Environment for the first time. There is a whole lot of architectures to chose from e.g arm, x86, x86_64 and also there is a choice between Virtual Image and ISO download. I am particularly excited about the GNOME Environment x86 architecture, going to try it soon.<br />
<br />
Grab Yourself a Copy at --->> <a href="http://www.backtrack-linux.org/downloads/">http://www.backtrack-linux.org/downloads/</a></div>DexterPOSHhttp://www.blogger.com/profile/13802523451223949736noreply@blogger.com0tag:blogger.com,1999:blog-8620834732855052112.post-48354847664106595622011-05-13T21:42:00.000-07:002011-05-13T21:44:25.574-07:00Ping Sweeping in BackTrack !!!<div dir="ltr" style="text-align: left;" trbidi="on">While many of us use "<span style="font-size: large;">Nmap</span>" to ping sweep a network, there is also "<span style="font-size: large;">fping</span>" and "<span style="font-size: large;">nbtscan</span>" which when combined can give pretty fast result. There are many better ways to ping sweep this is just one way to do it.<br />
<br />
Using fping is easy just refer the man page. Following is an example<br />
<br />
<span style="color: #e06666;">CODE</span><br />
<span style="color: red;"># fping -a -g 10.18.1.0/24 2>/dev/null </span><br />
<span style="color: red;">10.18.1.66</span><br />
<span style="color: red;">10.18.1.77</span><br />
<br />
This usage gives all the live host. For querying Netbios service to get the names of the Windows machine on your network use :<br />
<br />
<span style="color: #e06666;">CODE</span><br />
<span style="color: red;"># nbtscan 10.18.1.1-254</span><br />
<span style="color: red;">Doing NBT name scan for addresses from 10.18.1.1-254</span><br />
<br />
<span style="color: red;">IP address NetBIOS Name Server User MAC address </span><br />
<span style="color: red;">------------------------------------------------------------------------------</span><br />
<span style="color: red;">10.18.1.66 AAA-PC <server> <unknown> 00:1e:ce:90:ab:8c</span><br />
<br />
Many other ways to do ping-sweep a network with minimum packet generation e.g using "Scapy" or just go with Nmap.<br />
<br />
NOTE :: These are not expert views. on contrary these are something a newbie is picking up.</div>DexterPOSHhttp://www.blogger.com/profile/13802523451223949736noreply@blogger.com0tag:blogger.com,1999:blog-8620834732855052112.post-42494763320405104772011-05-04T05:32:00.000-07:002011-05-04T05:38:05.619-07:00Reliance NETCONNECT 1x CDMA stick in Ubuntu 10.04 !<div dir="ltr" style="text-align: left;" trbidi="on">Recently after getting 3G stick from <span style="font-size: large;"><a href="http://linuxzeal.blogspot.com/2011/04/micromax-3g-sticks-in-ubuntu-debian.html">Micromax work under Ubuntu,</a></span> One of my friend asked me to connect his Reliance NetConnect 1x (CDMA based dongle) on Ubuntu.<br />
<br />
I basically followed the steps as earlier for Micromax stick and got hit by a bummer when sakis3g script tells the device has no GSM capabilities, even after using -noprobe switch there was some issue of "PIN".<br />
<br />
So after that i tried a simple method. Execute the sakis3g script & switch modem <br />
<br />
<span style="color: red;">dex@dex-desktop:~$sudo ./sakis3g</span> <span style="color: red;">--interactive "verbose"</span><br />
<br />
Then go for " more options > Only switch modem(if applicable)>USB device> HT CDMA device"<br />
<br />
After the modem is switched the Network Manager App in Ubuntu(on top right of panel) shows a "new broadband connection" available. Click on that select Reliance as the operator.<br />
<br />
Before connecting using this new connection you'll have to enter your "user:password" combination by right-clicking the<br />
Network App> Edit Connections>Mobile Broadband > Reliance Connection.<br />
<br />
["user:password" for netconnect is just a 8 digit no. you got while you purchased your dongle. Enter the same no. for both ] <br />
<br />
Now you are ready just left-click on Network App and then "Reliance Connection" connects you....<br />
<br />
NOTE:: usb_modeswitch can also be used to switch the modem (can try that too).</div>DexterPOSHhttp://www.blogger.com/profile/13802523451223949736noreply@blogger.com0tag:blogger.com,1999:blog-8620834732855052112.post-92169566746429879872011-05-03T01:35:00.000-07:002011-05-03T19:28:28.079-07:00apt-fast--- faster apt-get installations !!!<div dir="ltr" style="text-align: left;" trbidi="on">When I see new upgrades or updates available for my Ubuntu distribution i go for them instantly, unfortunately it takes a whole lot time to update using "apt-get" mainly because it doesn't create parallel download connections.<br />
After a bit Googling i came across a cool script named apt-fast by <span style="background-color: yellow; color: red;">Matt Parnell </span>which can be found <a href="http://www.mattparnell.com/linux/apt-fast/"><span style="color: red; font-size: large;">here</span> </a>(most recent one with name "apt-fast.sh"). Just download it.<br />
<br />
Make it executable and owned by root and then move it to /usr/bin by issuing following commands on terminal::<br />
<br />
<div style="color: red;">dex@dex-desktop:~$ sudo -i</div><div style="color: red;">sudo password for dex: <br />
root@dex-desktop:~#whoami</div><div style="color: red;">root</div><div style="color: red;">root@dex-desktop:~# chown root:root apt-fast.sh </div><div style="color: red;"></div><span style="color: red;">root@dex-desktop:~#chmod u+x apt-fast.sh</span><br />
<div style="color: red;">root@dex-desktop:~#mv ./apt-fast.sh /usr/bin/apt-fast</div><span style="color: red;">root@dex-desktop:~# ls -l /usr/bin/apt-fast </span><br />
<span style="color: red;">-rwxr--r-- 1 root root 2072 2011-04-09 15:14 /usr/bin/apt-fast</span><br />
<br />
<span style="font-size: small;">Note that apt-fast uses same options and commands as apt-get but is faster.</span> For example <br />
<span style="background-color: black;"></span><br />
<span style="color: black;"><span style="color: red;">root@dex-desktop:~#apt-fast upgrade</span></span><br />
<br />
<br />
P.S. :: If your distro doesn't have axel package then the script apt-fast does it for you. <span style="background-color: black; color: red;">Axel is a light download accelerator for Linux.</span> You can play with axel too.</div>DexterPOSHhttp://www.blogger.com/profile/13802523451223949736noreply@blogger.com0tag:blogger.com,1999:blog-8620834732855052112.post-83349908540019289922011-04-28T21:28:00.000-07:002011-05-04T05:38:51.779-07:00Extracting META DATA from Photographs !!<div dir="ltr" style="text-align: left;" trbidi="on">Recently, I read a nice blog somewhere about "How" a person caught someone who was posting offensive pictures to a social-networking site using the EXIF Data stored in a photograph to get the GPS location of the offender.<br />
I looked around and found that my BackTrack R2 has got a perfect tool to strip metadata in /pentest/misc directory called "exiftool". You would be surprised as how much information does the smartphones are storing in the photographs you click.(Have plenty if these pics @ facebook of my friends with smartphones)<br />
<br />
How to use the tool ?? Well there is a README file. <br />
<br />
Or you can just fire the tool like this<br />
<br />
<div style="color: red;">root@bt /pentest/misc/exiftool # ./exiftool <path of image></div><br />
Following is a screenshot showing its usage<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLhEyho9ORCMyRB0zf3qDf2ZJd7oT-grIYh6eAI3n7h-eUGzMhqmPp7ipGr9XrkJbAsZooiErugqCSJvFiJucT-d5wqtzSKlc71OYQ_cGaEgjBQiwsjHSjb1G-B1CLd_2Nw9WB94a1P6TO/s1600/exiftool3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="174" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLhEyho9ORCMyRB0zf3qDf2ZJd7oT-grIYh6eAI3n7h-eUGzMhqmPp7ipGr9XrkJbAsZooiErugqCSJvFiJucT-d5wqtzSKlc71OYQ_cGaEgjBQiwsjHSjb1G-B1CLd_2Nw9WB94a1P6TO/s320/exiftool3.png" width="320" /></a></div><br />
The Pic shows the camera used is of make "Motorola" , well this is just a snippet of the information the tool also gives GPS location as shown below in another screenshot. See the first few lines.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbA_NoXKXlq88DxaF-RvxZqLYl5e9-UXbeKwN0k0lu10BgVpo1fJvkHBzwqKdw3y1KGZ6QsAsvctI_9J5b_bbMQe3VrtC2DeOGIevRAyW-Op7hK2cvgAhabtfjgL82oLGr6p3lmUUNyR9L/s1600/exiftool4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="174" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbA_NoXKXlq88DxaF-RvxZqLYl5e9-UXbeKwN0k0lu10BgVpo1fJvkHBzwqKdw3y1KGZ6QsAsvctI_9J5b_bbMQe3VrtC2DeOGIevRAyW-Op7hK2cvgAhabtfjgL82oLGr6p3lmUUNyR9L/s320/exiftool4.png" width="320" /></a></div><br />
<br />
<div style="color: red;">WARNING !! This tool is used in Forensics and Reconnaissance work on a target. So don't use it to stalk people. </div><br />
<br />
<br />
</div>DexterPOSHhttp://www.blogger.com/profile/13802523451223949736noreply@blogger.com1tag:blogger.com,1999:blog-8620834732855052112.post-99937469115900252011-04-27T23:44:00.000-07:002011-05-04T05:39:44.838-07:00Micromax 3G sticks in Ubuntu (Debian based distro)!!<div dir="ltr" style="text-align: left;" trbidi="on"><u><span style="font-size: large;">MICROMAX 310G USB stick in Ubuntu 9.10</span></u><br />
<br />
Recently tried to use Micromac310G with my installed <span style="font-size: large;"><a href="http://www.offensive-security.com/">BackTrack4 R2</a></span> (Ubuntu based distro). But the distro detects it as a CD-ROM.<br />
Read a lot of forums and googled the problem and it came to my knowledge that Ubuntu 10.10 supports these Modems. So , I had one option of updating my whole distro. But I decided to follow it on my current distro and i came across a nice blog which explains most of the process which requires a bit patience and requires basic Linux knowledge. Link is <span style="font-size: large;"> <a href="http://blogger.ziesemer.com/2008/10/alltel-um175al-usb-evdo-ubuntu.html%20">here</a></span><br />
<br />
Or for Ubuntu 10.04 and newer version can just try the sakis3g script which can be found <span style="font-size: large;"><a href="http://www.sakis3g.org/#download">here</a>.</span><br />
After downloading the script execute it with root privileges<br />
<br />
root#./sakis3g --interactive "verbose"<br />
<br />
and then the process is pretty explanatory.<br />
<br />
<br />
P. S. :: sakis3g script requires usb_modeswitch, so if your Ubuntu doesn't have it then go for the <span style="color: red;">Full version of sakis3g scrip</span>t. Otherwise <span style="color: red;">Binary free version </span>works fine with already installed usb_modeswitch.<br />
<br />
<br />
</div>DexterPOSHhttp://www.blogger.com/profile/13802523451223949736noreply@blogger.com0