*** CAUTION : This tutorial is written for Penetration Test only. Otherwise, you may be arrested if you attack/intrude any other network/computer without authorization. ***



Software :

Back|Track 4 R1

Ubuntu 10.10 Desktop

VirtualBox 3.2.10 r66523



Hardware :

Lenovo ThinkPad X200 with 4GB RAM and 80GB SSD



Lenovo ThinkPad X200 is installed Ubuntu 10.10 Desktop edition. On which, installs VirtualBox.



Go to the Oracle VM VirtualBox site to download the VirtualBox :

http://dlc.sun.com/virtualbox/vboxdownload.html#linux



(A) Create Back|Track virtual machine :



Select at least 8GB virtual hard drive place and 512MB RAM for the Back|Track. The first network adapter is set to "NAT" while the second is set to "Host-Only".



Boot up Back|Track from the VirtualBox and click on "install.sh" to install Back|Track.



Login for further setting. The username is "root" and the password is "toor".



Step 1 :



After the installation, you may execute the following command to fix the screen size to 800x600.



fix-splash800



Then, change the password of the root when necessary. Otherwise, the username is "root" while the password is "toor".



Execute the following command to make Back|Track to start network interface and X.org when bootup each time.



kate /root/.bash_profile



Append the following lines :



start-network

startx



Step 2 :



To install VirtualBox Additions when necessary via "Konqueror" -- "Storage Media" -- "media:/hdc".



bash VBoxLinuxAdditions-x86.run



Step 3 :



apt-get -y update

apt-get -y upgrade



Step 4 :



Go to "Menu" -- "BackTrack" -- "Penetration" -- "Fast Track". Select "Fast-Track Interactive" and choose "1".



Step 4a :



Go to "Menu" -- "BackTrack" -- "Penetration" -- "ExploitDB". Select "Update Exploitdb".



Step 4b :



Go to "Menu" -- "BackTrack" -- "Penetration" -- "Social Engineering Toolkit". Select "S.E.T-Update".



Step 5 :



At the terminal, execute the following command :



airodump-ng-oui-update



Step 6 :



Go to "Menu" -- "BackTrack" -- "Vulnerability Identification" -- "OpenVAS" -- "OpenVAS NVT Sync".



Step 7 :



Update the Add-ons of Firefox.



Step 8 :



apt-get -y install crark

apt-get -y install wbox

apt-get -y install vlc



Step 9 :



Update the Framework. However, it will take several hours.



cd /pentest/exploits/framework3/

svn up



Step 10 :



Reboot the system.



(B) Create Metasploitable virtual machine (Optional)



Go to the following link to download the "Metasploitable" which is an Ubuntu 8.04 server with some flaws.



http://blog.metasploit.com/2010/05/introducing-metasploitable.html



Set the downloaded Metasploitable as virtual hard drive at VirtualBox. The network adapter is set to "Host-Only". The virtual hard disk space is at least 8GB and 512MB RAM for the Metasploitable.



(C) The final



Now, the IP address of eth0 of Metasploitable is similar to 192.168.56.101. The IP address of eth0 and eth1 of Back|Track are similar to 10.0.2.15 and 192.168.56.102 respectively.



You may require to execute the following command at Back|Track in order to see the two network interfaces and their IPs.



/etc/init.d/networking restart



Back|Track can access (or ping) Metasploitable via IP address. Back|Track can surf the internet but Metasploitable cannot.



At last, your penetration environment is set up.



(D) Free Tutorials



(1) Metaploit Unleashed

(2) Fast-Track

(3) Social-Engineer Tootkit

(4) Got Milk?

(5) How to Metasploit Beginner to Advanced (Video)



(E) Non-free Training



Offensive Security



(F) Resources



(1) Exploits Database

(2) Metaploit Blog

(3) Offensive security Blog

(4) Yet another Back|Track in Gnome

(5) Metasploit



Thats all! See you.

Read More..

We were planning to ship a client a new domain server based on ClearOS.
Good spec machine with 2 x 1 TB hard disk in mirror. We got the operating system installed, the disks mirrored and the configuration started easily within 2 hours.
Our client then bought some software (without our recommendation or involvement) and it only runs on Windows server platforms using Microsoft SQL Server. So our Linux based, easy to configure domain server has now to be installed with the very expensive, very slow, very cumbersome Windows 2008 server software. (I had hoped never to have to install one of these again!).
We placed another disk in for the system to reside on and at our third attempt managed to get the OS loaded. Ok now time to set up the mirror on the 1 TG disk. Remember apart from the extra hard disk this is exactly the same hardware as we used before - not a new machine with different hardware - exactly the same kit.
We created the mirror (using the whole disk) and after 2 hours the format was only 24% complete! Six hours later we return to the machine to find the mirror resynching but only 51% complete!! I thought overnight disk formats went out with Novell Netware V2!!! And what is it resynching, there is no data on the disk!!!! (No, I do not want an answer but I want the boys and girls at Microsoft to ask themselves that question).
Has anyone in Microsoft ever tried to do this operation? I cannot believe that any developer would think this level of performance was acceptable.
So wake up world. There is no need to design and write programs that only run on Windows platforms. There is no need to rely on the inefficient Windows software. Or pay the over inflated prices Microsoft charge. (Hey, did you know that to buy a 3 pack set of Win7 OEM costs more that buying 3 individual packs).
Lets not settle for mediocrity, lets push for systems that allow us to benefit from the high performance hardware we can now get.

Read More..