I i've virtual machine that is running BackTrack4r2. I need to use the built-in tool Metaspolit in bt for assessing the security and vulnerability in websites The prob is that i dont have any about the Metaspolit tool.
View 10 RepliesWhat software can be used on a GNU/Linux box to assess security vulnerabilities? And not just network related. I mean:
- Unnecessary binaries with SUID/SGID flags set up.
- Users with passwords easily crackable
- Test known vulnerabilities of installed software
and a long etc etc.
So yesterday I receive a copy of the SANS @RISK security vulnerability newsletter, and, lo and behold, Mozilla's Firefox and Thunderbird are on it yet again. (Yeah, I know, shocking, isn't it?)So I quickly check what versions I have installed. Yup: Vulnerable.I check whether updates are available.These are pretty serious "remote code execution" vulnerabilities and the status is "vendor confirmed, updates available." So why isn't my 9.10 desktop's update manager telling me updates are available?
View 9 Replies View RelatedI noticed that when typing in your password after locking the screen or a screensaver, the program focussed behind it is able to catch the input...
This sounds like a huge security risk to me, is there anyone who can test this? (Only noticed with game in wine, perhaps you need low level xorg access)
I decided to report what happened me lately so that someone more clever could find the hole in the latest ubuntu. So: I have a machine connected 24/7 on high speed network. i had karmic on it. i ran openssh and apache2 (without any mod, plain apache2) on it. In addition i ran firefox, ktorrent, and amule on it. Nothing else. The system didnt have any rule in iptables.
Recently chkrootkit signaled a SuckIT rootkit in the system. I was scared, i googled for it and i saw that on ubuntu this actually happened and it was a false positive. Ok, i kept going. Yesterday i nmapped myself and i found an open port around 64000 that i couldnt see with netstat -atpnl so i concluded i was actually infected and erased the drive and tried to install lucid alpha2 so, one day of lucid,
- with a firewall this time that let open only the port 22 and 80 from internet
- with only openssh as service (no apache2)
- ran firefox3.6 , ktorrent and amule , nothing else
chkrootkit didnt find anything
debsums reported
debsums: changed file /sbin/initctl (from upstart package)
i did an apt-get install --reinstall upstart and that file didnt warn anymore. So i concluded there must be some kind of vulnerability either in
a) firefox
b) ktorrent
c) amule
Using Opera 10.61 and 10.62, I find that any secure website I access, such as a bank, the lock icon in the address bar is replaced by a question mark. Clicking on it brings up a window, stating that the connection is not secure, that the server does not support TLS Renegotiation. Doing some internet searches for "opera tls renegotiation" brought me to a page at the Opera website, where they discuss this issue. The issue is generic, not limited to Opera, affecting the TLS protocol, and it potentially enables a man-in-the-middle to renegotiate a "secure" connection between a server and client, issuing own commands to the server. Opera has addressed the problem on the client end, but now servers need to be upgraded too. None of the HTTPS sites I have tried have upgraded their servers, if the information provided by the Opera browser is correct.
My questions: how feasible is such a MITM attack, what level of resources would such an attack require? What, if anything, would the attacker need to know about the client and/or server to mount the attack? Would I be better off using Firefox, or is Firefox simply oblivious of the problem and not issuing warnings for that reason?
Is there a free online vulnerability scanner where either I can give them the IP address to scan or can be initiated from the console command, tool, or text based browser. I use GRC's Shields Up when I have a GUI, but I want a scan ran on my website that runs Ubuntu 8.04 server on a hosted VPS.
View 5 Replies View RelatedI've got an HP Netbook with Jaunty installed, and I've got an older Dell laptop running Debian.A friend of mine, on several occasions, has told me that when I left my computers unattended he could do some kind of series of key-strokes, and then a window comes up and he says that he can change the password for my account.I've asked him to show me how he does it, but he never will because he doesn't want me to be able to thwart himIs he lying, or is it for real? if it's for real, how do I go about changing it so that it can't happen anymore?
View 5 Replies View RelatedQuote: Security expert Georgi Guninski has pointed out a security issue in the 1.0 branch of OpenSSL that potentially allows SSL servers to compromise clients. Apparently the hole can be exploited simply by sending a specially crafted certificate to the client, causing deallocated memory to be accessed in the ssl3_get_key_exchange function (in ssls3_clnt.c). While this usually only causes an application to crash, it can potentially also be exploited to execute injected code.
View 1 Replies View RelatedI ran across this problem when I used checkinstall and then tried to extract the contents of data.tar.gz (which you can find inside any .deb).tar has an option to extract the contents of a file in a given directory.From tar's manpage:
Code:
-C, --directory DIR
change to directory DIR
[code]....
This is the first version that supports 64bit and ARM in addition the the 32 bit. Should be very interesting. [URL]
View 8 Replies View RelatedIm trying to run some penetration testing on my home wireless and want to know if the tools that backtrack uses are available in the repository.
Specifically tools that can be used to sniff out valid mac addresses and breaking wep encryption-what tools am i looking for?
I have installed a "backtrack 4" in order to test the the wireless network security of my router. how and which commands would be needed. Also, do I need to install airodump into the host?
View 1 Replies View RelatedI am using BackTrack 4 RC 2, Metasploit and Armitage. I am not able to see my target computers in the target area of the Armitage application after performing an Nmap quick scan (OS detect) on my wireless network (I have several computers connected to the wireless network).
Furthermore, I got the following warnings when trying to do the Nmap quick scan (OS detect):
Quote:
What do these warnings mean?
I was following these steps (as seen in this video: [url])
Code:
As you might have heard, a recent critical vulnerability was discovered in Firefox 3.6.Any word on a Slackware patch coming soon? I'd prefer to use a Slackware package rather than the actual Mozilla release, but I also don't like browsing the web with a remote code execution bug in my browser.Or is Slackware unaffected by this?
View 14 Replies View RelatedI am using Nagios 3.2.4 tool with Nagios-Plugins-1.4.14 and on Red Hat Fedora Linux ver 10.1.The Apache version is 2.2.11. My security team has identified the following vulnerabilities with this version and they want me to find a fix.
1)Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
2)Apache HTTP Server mod_proxy stream_reqbody_cl Function Denial of Service Vulnerability
3)Apache HTTP Server mod_deflate Remote Denial Of Service Vulnerability
4)Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
If the moderators permit (because it's a security issue), the security vulnerability was shown in the ubuntu 10.04(64 bits) first by VSR, a security research firm. Now kindly view the link i will give and suggest what to do! I have the same version ,but the 32 bits(Intel).
View 2 Replies View Relatedhow i can install backtrack 4 beside ubuntu
notice : My hard disk one partion.how i can resize this partion
I can't install my backtrack dvd burning, have trouble when cpoying data in 56%, have youcomclusion for my terouble???
size of btr4r2.iso= 1.9 gb
on the disk2034880512 bytes)
Today i install virtual box in backtrack 4 becous i want install windows 7 for try tools BT on Windows 7 but... intercept this message wean i start the virtual [url]
View 3 Replies View RelatedToday I loged to my pc Slackware that remain online all th night.I run dolphin to search for a file.Dolphin was giving me a blank page, nothing ..I thought I had to reboot , and that's what I did.When I rebooted I was under backtrack 3 OSMy whole disk was resumed to a 3 GB partition with backtrack on it.
View 2 Replies View RelatedCan anyone tell me if there any possibility to install all backtrack programs into my fedora 13 or not and how?
View 14 Replies View RelatedIf there any possibility to install all backtrack 5 programs into my fedora 15 or not and how? Penstest Tools !
View 3 Replies View RelatedI'm working on a tutorial using Backtrack 4 Live USB, and I would like to take a screencast of what I'm doing (not just screenshots)So far I have tried these application with limited success:-recordmydesktop -xvidcap -wink -istanbul -vlc -vnc2flvEach time I try the resulting files are generally choppy (at best 1 frame per second) and most don't even end up with a clear view of the screen each time.
View 2 Replies View Relatedi cant connect to the internet with backtrack. set up my wireless card so i can connect?
View 2 Replies View Relatedhow do i install a linux distro that doesnt natively support Intel fakeraid, using dmraid and a livedisk. the raid is already setup, its just that backtrack cant find it because it doesnt have the right software.
View 2 Replies View RelatedOk so I did some stupid stuff and tried to install some of the Backtrack 4 tools. Now when I tried to install VLC player in terminal I get this:"ph@top:~$ sudo apt-get install vlc Reading package lists. Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation:
[Code]...
My only OS is Ubuntu 10.04. There are no partitions ( that is, I use the entire hard drive for Ubuntu, obviously). I need to run Backtrack for security testing. I've seen lots of various options from running it in virtualbox to running it from a bootable USB but there seem to be problems originating with the grub bootloader. One thing I keep seeing is that the only way to get round all this is to hard drive install Backtrack first and THEN install Ubuntu. Clearly I don't want to have to reinstall my entire world on my pc, play with settings, re-install a billion apps etc.
My question is this - Given that I have 10.04 installed and running alone, how do I get Backtrack installed/running easily and without all the associated disasters? I like the USB option because the thought of screwing the grub up does not appeal; I don't want to reboot my computer and be told "I'm grub and I don't want you to load anything" / Other Annoying Message.Backtrack's site says they didn't provide a USB option so what should I use to burn the ISO (does Unetbootin work for Ubuntu?
I need to install unbuntu from backtrack or load the unbuntu install package onto a usb if this is possible using backtrack.
View 2 Replies View RelatedI just downloaded Backtrack 5 and installed it. Had some problems getting the right driver for my gpu but eventually managed to install the right one. At first I thought the problem could be because I didn't have the right gpu driver but its still there. My backtrack freezes when I do anything,for instance I open firefox and browse the internet I can't open command promp or even close firefox with the close butten (alt-F4 does work). I can do 1 thing but then it just freezes and I can only do the thing I was doing. I can still browse but can't do anything else. I have the 64-bit gnome edition.
system specs are:
asus p6t deluxe V2
intel core I7 930 (2.80GHz)
nvidia geforce gtx 470
western digital caviar black 1TB