When conducting a pentest, the first thing the pentester should do is to change its computer mac address and hostname because they are recorded in the logs and dhcp server. Macxchange is a very simple script. It is meant to work with backtrack or any other linux distro. It selects a random word from john the ripper wordlist for hostname, and for the mac address uses macchanger. Once your mac and hostname have been changed remember to restart networking or get an ip “dhclient <interface> “. So if you’re using other distro than backtrack, make sure to have macchanger installed, and edit the proper varialbe for wordlist. You can also download script from here

#!/bin/bash
#author: Jorge L. Vazquez
#purpose: this script will change the mac address to random
#and will pick a random word from password.lst in jtr for hostname
#change variables "interface" and "file" to your settings
#also macchanger needs to be installed
 
INTERFACE=eth0
FILE=/pentest/passwords/jtr/password.lst
WORD=$(sort -R $FILE | head -1)
 
#changing mac address to random
ifconfig $INTERFACE down > /dev/null
if [ $? == 0 ]; then
	printf "%s\nChanging mac address...\n"
	macchanger -r $INTERFACE
else
	printf "%sScript encounter an error, sorry...\n"
	exit 1
fi
 
#changing hostname to random word from password.lst
printf "%s\nChanging Hostname...\n"
OLDHOST=$(hostname)
hostname $WORD
if [ $? == 0 ]; then
	printf "%sPrevius Hostname: $OLDHOST \n"
	printf "%sRandom Hostname: $WORD \n"
else
	printf "%sScript encounter an error, sorry...\n"
	exit 1
fi
 
#putting interface up
ifconfig $INTERFACE up > /dev/null
printf "\n"
 
#END

Ok, the previous video was kind of out dated, so I posted a new one. Credits to g0tmi1k. This video goes beyond just cracking wpa, it also shows how the different tools perform. This video explains the methodology really simple. Let me say that cracking WPA is not like cracking WEP, in WEP you’re exploiting a vulnerability in the way the encryption algorithm is implemented, but in WPA the only vulnerability will be in the strength of the user passphrase. Yes you’ve guessed it, when cracking WPA basically what you’re doing is brute-forcing the user password, in other words the success of your attack will depend on your dictionary or password list. If the user’s passphrase is not in your dictionary, you will never crack the WPA key. There are several types of WPA dictionary list out there, but I highly recommend using rainbow-tables which can be several Gigs in size. How to find them?… Google is your friend! Read the rest of this entry »

Not too long ago, I decided to install my bartpe onto a usb flash drive, as most modern pc today are capable of booting from usb devices, and in the process I thought of making it a dual boot with one of my favorite distros (Backtrack3) so for this tutorial we will go over the process of installing UBCD4win and Backtrack3 onto a usb flash drive in this case I use a 2Gb Sandisk. What is UBCD4win? well, is an application that is used for installing bartpe(bart preinstalled environment) on to a cd or usb flash drive from a windows xp install cd, very useful for repair and maintenance task. It will give you a complete Win32 environment with network support, a graphical user interface (800×600) and FAT/NTFS/CDFS filesystem support. Very handy for burn-in testing systems with no OS, rescuing files to a network share, virus scan and so on. Here you can find a complete list of tools that will be already built in your bartpe install . You can think of bartpe as a cut down version of windows xp. Read the rest of this entry »

This video shows how to gain access to an unpatched windows xp system, for this demonstration I use the Metasploit framework from the Backtrack live CD, and the Microsoft RPC DCOM exploit, with the win32_reverse payload to gain a reverse shell on the remote box, also I’ll be using PWDump4 to dump the password hashes on the remote system for later cracking with John….this is a good example why system update is so important.
click here to view tutorial

In this video I show how to gain access to a remote windows box, using Hydra GTK launching a dictionary attack against FTP server.
click here to view the tutorial