« Home | Beta Version of the Final Release of Back Track no... » | The new Internet Explorer 0-day createTextRange on... » | Nmap Idle Scanning and Linux » | Exploiting X-11 forwarding in SSH » | Bypassing Windows DEP » | Using socketNinja.pl with the Metasploit Framework » | About the body Onload Internet Explorer Vunerability » | Obfuscating The Mozilla Recent Firefox DOS » | Obfuscating Web Pages » | Optomizer.pl » 

Friday, May 19, 2006

My first impressions of the new Backtrack

Here are my first thoughts from using the new beta version (and hopefully release version) of Back Track.


When you select Scanners/Port Scanners/PBNJ, it brings up a console with the help for the pbnj command. However, the actual name of the executable is scrolled up so far that you can't find it, even if you try scrolling up. Also, since the /pentest/scanners/pbnj directory is not in root's path, you can't get tab completion to work, nor just type pbnj and have it work. However, since you are in the /pentest/scanners/pbnj directory, you can just type “ls” and discover that the executable is simply “pbnj”.

Captive NTFS is present, but not in the menus. You have to run captive-install-acquire to bring up the wizard that locates your windows DLLs that it needs. I have not experimented with this under Back Track, because I am running it under VMWare at the moment, but there used to be a couple scripts under root's home directory that allowed you to capture the dlls and mount the drive. I remember going in to one of the files and changing the options from “ro” to “rw” so we could edit things. Captive NTFS is useful for when you have local access to a machine and you want to break in to it. There are many ways, but my favorite is to replace sethc.exe with a copy of command.exe. Then if you reboot into Windows and hit the shift key 5 times, it will give you a command prompt as system before you have even logged in...

There is a lot of great wireless stuff, but I wish they had included Wellenreiter. That program eliminates a lot of headaches when trying to get your wireless card into monitor mode.

The dictionaries are in /pentest/password/dictionaries. Or rather the one dictionary that they include is there. There is also a default password list in there. I had good success with the word list from the old IWHAX/Whoppix days. But, I think Auditor used to have a bunch of different dictionaries in different languages and such. They also have the Crunch dictionary generator at /pentest/password/crunch which will enumerate through all possible passwords. It seems like with all the opportunities to brute force passwords that there are that we could get more dictionaries. On the other hand, it is pretty easy to find and create dictionaries, and they do have limited disk space.

There are both the 2.5 and 3.0 branches of Metasploit, although the 3.0 branch is still very much a work in progress. Hopefully, the next version of the 3.0 branch will be coming out soon. It will suck if it comes out just after this release of Back Track. I seem to remember someone developing an alternate user interface for Metasploit for IWHAX. It combined scanning with exploiting. I was hoping that would be in this version. Someone also had made a nifty script for cracking WEP that I don't think made it. They also include the Milw0rm and Security Focus exploit archives. They do not have the findsploit.pl script. I guess you are just supposed to grep through the index files...


Overall though, it looks pretty good. It looks like there is a lot to play with. I am also looking forward to testing out the wireless stuff.


10:49 AM | | E-mail this post

E-mail this post



Remenber me (?)



All personal information that you provide here will be governed by the Privacy Policy of Blogger.com. More...

Add a comment