Well, Backtrack 5 is out, and in this version you have the option to download your preferred desktop manager: Gnome or Kde. In my case I prefer gnome because in my opinion, it offers more flexibility when configuring X window. I have not played around much with this version, but I noticed that Nessus is back (you need to register) but it is free, and you can register as many times you want. Also, it has “Wbar” dock bar, which could be easily configure under Accessories->WbarConf. Anyway, here’s how the gnome desktop looks, well sort of, with a few minor changes.

backtrack 5

When conducting a pentest, the first thing the pentester should do is to change its computer mac address and hostname because they are recorded in the logs and dhcp server. Macxchange is a very simple script. It is meant to work with backtrack or any other linux distro. It selects a random word from john the ripper wordlist for hostname, and for the mac address uses macchanger. Once your mac and hostname have been changed remember to restart networking or get an ip “dhclient <interface> “. So if you’re using other distro than backtrack, make sure to have macchanger installed, and edit the proper varialbe for wordlist. You can also download script from here

#!/bin/bash
#author: Jorge L. Vazquez
#purpose: this script will change the mac address to random
#and will pick a random word from password.lst in jtr for hostname
#change variables "interface" and "file" to your settings
#also macchanger needs to be installed
 
INTERFACE=eth0
FILE=/pentest/passwords/jtr/password.lst
WORD=$(sort -R $FILE | head -1)
 
#changing mac address to random
ifconfig $INTERFACE down > /dev/null
if [ $? == 0 ]; then
	printf "%s\nChanging mac address...\n"
	macchanger -r $INTERFACE
else
	printf "%sScript encounter an error, sorry...\n"
	exit 1
fi
 
#changing hostname to random word from password.lst
printf "%s\nChanging Hostname...\n"
OLDHOST=$(hostname)
hostname $WORD
if [ $? == 0 ]; then
	printf "%sPrevius Hostname: $OLDHOST \n"
	printf "%sRandom Hostname: $WORD \n"
else
	printf "%sScript encounter an error, sorry...\n"
	exit 1
fi
 
#putting interface up
ifconfig $INTERFACE up > /dev/null
printf "\n"
 
#END

If you’re like me that test pretty much any os and apps in some sort of virtual environment. In my case I use VMware Workstation, so when I decided to test Backtrack 4 final, I needed to install the vmware Tools, and here I go over the commands needed to install the vmware tools.

1- First go to VM->Install Vmware Tools (the figure shows as Reinstall VMware Tools because I had previously installed it) but yours should say “Install”

Read the rest of this entry »

I decided to make a guide about TCP/IP configuration in Linux, and you may ask: well, what Linux distribution in specific? I know!, there are hundreds of Linux distribution, but for this guide, I’m only going to cover the two most used Linux distribution: Ubuntu and Fedora. Ubuntu is a Debian derivative, so the Ubuntu portion of TCP/IP configuration applies to any distro based on Debian. And the same goes for Fedora, which is based on RedHat Linux.

First, you want to find out what interfaces you have, and what ip address, “if any,” was assigned to your computer. For this use the “ifconfig” command:

ifconfig  #will list all enabled interfaces

if you are looking for a specific interface:

ifconfig eth0 #will only display the configuration for eth0 interface

If you get no interfaces other than the loopback address, it is time to do some troubleshooting and find out whether your network card was detected by Linux or not.

sudo lspci | grep -i ethernet #displaying all your ethernet cards

if you’re troubleshooting a wireless card just change “ethernet” for “wireless.”
other useful command when troubleshooting network card and drivers is “lsmod” Read the rest of this entry »

To see which processes are currently on a system, most people use the “ps” and “top” commands. The “ps” command gives you a snapshot (in a single list) of processes running at the moment. The “top” command offers a screen oriented, constantly updated listing of running commands, sorted as you choose ( by CPU, memory, UID, etc).

ps #List processes of current user at current shell

root@ubuntu-box:~# ps
  PID TTY          TIME CMD
 2988 pts/0    00:00:00 su
 2996 pts/0    00:00:00 bash
 3047 pts/0    00:00:00 ps

ps -u jorge #Show all jorge’s running processes

root@ubuntu-box:~# ps -u jorge
  PID TTY          TIME CMD
 2662 ?        00:00:00 x-session-manag
 2725 ?        00:00:00 VBoxClient
 2730 ?        00:00:00 VBoxClient
 2737 ?        00:00:00 VBoxClient
 2748 ?        00:00:00 ssh-agent

ps -u jorge u #Show all running processes with CPU/MEM Read the rest of this entry »

Running out of disk space can be annoying on your desktop system and potentially a disaster on your servers. To determine how much disk space is available and how much is currently in use, you can use the “df” command. To check how much space particular files and directories are consuming, use the “du” command.
The “df” command provides the “-h” options which output in a human-readable, usually in MB or GB.
This command display space on file systems in human-readable form

[root@Fedora11-vbox ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/vg_fedora11vbox-lv_root
                      6.7G  3.6G  2.9G  56% /
/dev/sda1             194M   21M  163M  12% /boot
tmpfs                 250M  292K  250M   1% /dev/shm

If you have remote share mounted, these will show up too. So to limit the output to local systems only:

df -hl

To check for disk space usage for particular files or directories in a file system:

[root@Fedora11-vbox ~]# du -h /home/
4.0K	/home/smbuser/.mozilla/plugins
4.0K	/home/smbuser/.mozilla/extensions
12K	/home/smbuser/.mozilla
4.0K	/home/smbuser/.gnome2

If you have root priviliges, you can use the “-s” option to get a summary of disk usage; otherwise, you will get “permission denied” when trying to access directories that you don’t have access to. Read the rest of this entry »

Understanding subnetwork mask can be confusing if you’re not used to them. You may find “ipcalc” (from ipcalc package) useful to calculate a computer network’s mask.

First start by installing “ipcalc” from the repositories, depending on your distro:

sudo apt-get install ipcalc #for debian distros like ubuntu
yum install ipcalc #for fedora

then find the ip address for which you want to calculate the network for, and enter it along with “ipcalc” command

[root@Fedora11-vbox ~]# ipcalc -bmn 192.168.10.122/22
NETMASK=255.255.252.0
BROADCAST=192.168.11.255
NETWORK=192.168.8.0

So in this scenario, the subnetmask is (255.255.252.0), the broadcast address (192.168.11.255), which means that the last usable ip address for that network is (192.168.11.254), and last the network address (192.168.8.0); therefore, the first ip address for that range will be (192.168.8.1).