Monday, February 27, 2012
Damn Vulnerable Web App Installer Shell Script
Posted by
Shipcode
at
27.2.12
Labels:
Command Execution,
cross site scripting,
CSRF,
Damn Vulnerable Web App,
DVWA,
File Inlcusion,
shell script,
SQL Injection,
Travis Phillips,
web application,
XSS
Hey guys, shipcode here once again :)
Today I'm gonna share to you an installer shell script for Damn Vulnerable Web App (DVWA) which was coded by Travis Phillips.
DVWA is cool web application for testing your skills in web penetration testing and your knowledge in manual SQL Injection, XSS, Blind SQL Injection, etc.
DVWA is cool web application for testing your skills in web penetration testing and your knowledge in manual SQL Injection, XSS, Blind SQL Injection, etc.
#/bin/bash
echo -e "\n#######################################"
echo -e "# Damn Vulnerable Web App Installer Script #"
echo -e "#######################################"
echo " Coded By: Travis Phillips"
echo " Website: http://theunl33t.blogspot.com"
echo -e -n "\n[*] Changing directory to /var/www..."
cd /var/www > /dev/null
echo -e "Done!\n"
echo -n "[*] Removing default index.html..."
rm index.html > /dev/null
echo -e "Done!\n"
echo -n "[*] Changing to Temp Directory..."
cd /tmp
echo -e "Done!\n"
echo "[*] Downloading DVWA..."
wget http://voxel.dl.sourceforge.net/project/dvwa/DVWA-1.0.7.zip
echo -e "Done!\n"
echo -n "[*] Unzipping DVWA..."
unzip DVWA-1.0.7.zip > /dev/null
echo -e "Done!\n"
echo -n "[*] Deleting the zip file..."
rm DVWA-1.0.7.zip > /dev/null
echo -e "Done!\n"
echo -n "[*] Copying dvwa to root of Web Directory..."
cp -R dvwa/* /var/www > /dev/null
echo -e "Done!\n"
echo -n "[*] Clearing Temp Directory..."
rm -R dvwa > /dev/null
echo -e "Done!\n"
echo -n "[*] Enabling Remote include in php.ini..."
cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.ini1
sed -e 's/allow_url_include = Off/allow_url_include = On/' /etc/php5/apache2/php.ini1 > /etc/php5/apache2/php.ini
rm /etc/php5/apache2/php.ini1
echo -e "Done!\n"
echo -n "[*] Enabling write permissions to /var/www/hackable/upload..."
chmod 777 /var/www/hackable/uploads/
echo -e "Done!\n"
echo -n "[*] Starting Web Service..."
service apache2 start &> /dev/null
echo -e "Done!\n"
echo -n "[*] Starting MySQL..."
service mysql start &> /dev/null
echo -e "Done!\n"
echo -n "[*] Updating Config File..."
cp /var/www/config/config.inc.php /var/www/config/config.inc.php1
sed -e 's/'\'\''/'\''toor'\''/' /var/www/config/config.inc.php1 > /var/www/config/config.inc.php
rm /var/www/config/config.inc.php1
echo -e "Done!\n"
echo -n "[*] Updating Database..."
wget --post-data "create_db=Create / Reset Database" http://127.0.0.1/setup.php &> /dev/null
mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/gordonb.jpg" where user = "gordonb";'
mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/smithy.jpg" where user = "smithy";'
mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/admin.jpg" where user = "admin";'
mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/pablo.jpg" where user = "pablo";'
mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/1337.jpg" where user = "1337";'
echo -e "Done!\n"
echo -e -n "[*] Starting Firefox to DVWA\nUserName: admin\nPassword: password"
firefox http://127.0.0.1/login.php &> /dev/null &
echo -e "\nDone!\n"
echo -e "[\033[1;32m*\033[1;37m] DVWA Install Finished!\n"
So what you are going to do is to save it to whatever.sh. Make it into an executable script: chmod +x whatever.sh. Then to install it just execute the file : ./whatever.sh.
Take note that every time you want to launch this web application is that you need to start the services apache2 and mysql:
service apache2 start
service mysql start
You can now acess this web application from your localhost ;)
About the Contributor:
Shipcode
is a prolific blogger of ROOTCON and at the same time an InfoSec
enthusiast from Cebu. He was inspired to join ROOTCON as part of the
core team to share his knowledge in information security. He encourages
other like minded individuals to come forward and share their knowledge
through blogging right here at ROOTCON Blog section.
ROOTCON
is managed by like minded InfoSec professionals across the Philippines.
All rights reserved. Designated trademarks, brands and articles are
the property of their respective owners.
Tuesday, February 14, 2012
10 Pentesting Linux Distributions You Should Try
Posted by
Shipcode
at
14.2.12
Labels:
BackBox Linux,
BackTrack,
Blackbuntu,
forensics,
Knoppix STD,
Linux,
malware analysis,
Matriux,
nodezero,
penetration tesing,
recovery,
reverse engineering,
Samurai,
Security Live CD,
THC IPV6 Attack Toolkit
With the help of open source tools, penetration testing can now be conducted easier (although it can also be hard sometimes :p ) and cheaper. Linux has gained popularity in the area of penetration testing and information security. Not just because of its security but because of its efficiency because most Pentesting Linux distros that can just be booted using your flash drive or a live CD which makes wherein you don't need to install it on your HDD. These live penetration testing distros contains a package of tools for hacking or cracking a system. Each pentesting distro has its own pros, cons and specialty which includes web application vulnerability research, forensics, WiFi cracking, reverse engineering, malware analysis, and many more.
And so I decided to write a review about 10 pentesting distros I've tried and booted on my laptop or PC:
1. BackTrack 5
So tell me.. Who doesn't know about BackTrack? Some windows users do but almost all penetration testers and Linux users are familiar with this pentesting distro based on Ubuntu. BackTrack used to be a KDE pentesting distro but with the release of BackTrack 5, a Gnome Desktop Environment was also released for those users who dislike KDE. In fact with the release of BackTrack 5, the developer (phillips321) of GnackTrack decided to stop his project after careful consideration. Hence, bt5-fixit.sh was released by phillips321 for improving and adding more tools for BackTrack 5. BackTrack is one of my favorite pentesting distros that can run on a live CD or flash drive. Ideal for wireless cracking, exploiting, web application assessment, learning, or social-engineering a client.
Famous for its awesome line: "The quieter you become, the more you are able to hear". Download BT5 here.
2. BackBox Linux
BackBox Linux captured my heart because of its sleek performance and its flexibility as what the project claims to be. Its new version which is BackBox 2.01 uses these components: Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. The new version has cool features which include Forensic Analysis, Documentation & Reporting and Reverse Engineering and updated tools like dradis, ettercap, john, metasploit, nmap , Social Engineering Toolkit, sleuthkit, w3af, weevely, wireshark, etc. This pentesting distro is part of Open Soluzioni's project which is founded by Raffaele Forte.
Download this project and see for yourself. What makes their forum cool is that the admin is open for tools request. In fact, Raffaele added reaver (WiFi Protected Setup Attack Tool) in their repository after I made a request in their forum a few months ago.
3. Node Zero
Node Zero is a Ubuntu based distro for penetration testing. It uses the Ubuntu repositories so every time Ubuntu releases a patch for its bugs, you also are notified for system updates or upgrades. Nodezero is famous for its inclusion of THC IPV6 Attack Toolkit which includes tools like alive6, detect-new-ip6, dnsdict6, dos-new-ip6, fake-advertise6, fake-mipv6, fake_mld6, fake_router6, implementation6, implementation6d, parasite6, recon6, redir6, rsmurf6, sendpees6, smurf6, toobig6, and trace6. Node Zero was formally known as Ubuntu Pentest Edition and was the 1st Ubuntu/Gnome based pentesting distro that was released.
Nodezero Linux is an official media partner of ROOTCON. You can check out the list of tools that Nodezero has in this link.
4. Blackbuntu
Don't feel bad with it's name, it's not a forbidden distro that uses dark arts or unethical tools. It's the black theme which makes this distro very mysterious.
Blackbuntu is another penetration testing distro based on Ubuntu obviously because of its name. It uses GNOME as its DE and uses the Ubuntu 10.10 release. The categories of its tools include Information Gathering, Network Mapping, Vulnerability Identification, Penetration, Privilege Escalation, Maintaining Access, Radio Network Analysis, VOIP Analysis, Digital Forensic, Reverse Engineering and other Miscellaneous tools like macchanger and lynis auditing tools. You can download this distro here.
5. Samurai Web Testing Framework
Samurai Web Testing Framework is a live linux distro that focuses on web application vulnerability research, website hacking, web pentesting, and is a pre-configured as web application environment for you to try hacking ethically and without violating any laws. This distro is a must have for penetration testers who wants to combine network and web app techniques. The framework uses the component Ubuntu 9.04 release.
Samurai Web Testing Framework is a project of InGuardians Inc. which is a vendor-independent Information Security Consultancy based in Washington D.C. This distro can be downloaded in sourceforge.
6. Knoppix STD
No!! Not the Knoppix Sexual Transmitted Disease. STD stands for Security Tools Distribution and is based on Knoppix. This distro was last updated on 2009 which means it didn't have updates now unlike the previous distros that I discussed but I would like to give it a plus one for the fluxbox Desktop Environment because of its very light and smooth. They have some cool tools and has a cool feature which is the Cryptography section. Might not work on some new hardwares because of the forgotten system update but it works great in my virtualbox.
You can download this live distro here.
7. Pentoo
Pentoo? Sounds familiar right? My dear friends, Pentoo is based on Gentoo Linux and is a pentesting distro that uses Enlightenment E17 as its desktop environment. It's default wallpaper is really cute. I love Tux. LoL
It has a fairly cool collection of pentetsing tools, Cuda/OPENCL cracking support with development tools and GPU based cracking software pyrit installed on the distro.
8. WEAKERTH4N Linux
WEAKERTH4N is one of the awesome pentesting distros I have ever tried. It's still in its BETA release but the developer has done a good job for this project that some cool pentesting tools included in this distro. It is built from Debian Squeeze and uses Fluxbox as it Desktop environment. You can install this live pentesting distro using Custom Remastersys Installer. It has a lot of wireless tools unlike BackTrack 5.It has the old Android Hacking features.
For wifi warriors out there you should check out the Weaknet Labs Section under WiFu especially Catchme-NG which allows you to troll for a MAC address, or anything from an 802.11 packet using Airodump-ng and WPA-Phishing attack for EAP Phishing. Download the BETA version here.
9. Matriux Krypton
Matriux Krypton final was released last 2011.08.15 and is another open source security distribution for ethical hackers and penetration testers. Compiled with a cool set of tools which they call arsenals, this distro can be used for penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, exploiting, cracking, data recovery and many more. I also love its startup screen that says "Software is like sex; it's better when it's free" (attributed to Linus Torvalds).
Download this cool pentesting distro and check out their arsenal here.
10. Project Playground
Project Playground or “Pipi” is a pentesting distro based on Debian that uses XFCE as its DE. It centers on web application security practice, it is packed with web apps intended to have vulnerabilities and weaknesses for you to practice. This includes DVWA, mutillidae, gruyere and webgoat and many more. Aside from those mentioned, articles and tutorials are also included. The distro is made in the Philippines by a Filipino open source advocate and pentetsing lover named creatures/kreatures.
For now the alpha release is available for download and I have already tried it. Kudos to creatures/kreatures for the Alpha Release. You can email creatures at ysda27[at]gmail[dot]com or visit his website for more updates about his project. You can stalk some of his tutorials on the ProjectX Blog.
About the Contributor:
Shipcode
is a prolific blogger of ROOTCON and at the same time an InfoSec
enthusiast from Cebu. He was inspired to join ROOTCON as part of the
core team to share his knowledge in information security. He encourages
other like minded individuals to come forward and share their knowledge
through blogging right here at ROOTCON Blog section.
ROOTCON is managed by like minded InfoSec professionals across the Philippines. All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.
Monday, February 06, 2012
SSH Tunneling with puTTy and your browser
Posted by
Shipcode
at
6.2.12
Labels:
anonymity,
anonymous surfing,
bypass firewalls,
change IP address,
hide my ip,
puTTy,
secure shell,
SSH servers,
TCP forwarding,
tunneling
In this article we will discuss on how to tunnel using SSH / Secure Shell which can be used to hide your IP address or bypass firewalls at your school or office. SSH can also be used for forwarding TCP ports and x11 connections.
We will be using puTTy as our SSH client and it can be downloaded here. Follow this simple steps in order to cloak your IP address while you are surfing the net:
1. Run puTTy
2. Put the IP address of the SSH server that you want to use under Host name or IP Address Tab
3. Go to SSH tab >> Tunnels then put your desired port on the source port (In this example I will be using 9191 which we will soon put in the socks host port of the browser) then check Dynamic and click ADD.
4. Click Open then login with your username and password.
6. Configure your browser's network settings. Below are instructions for specific browsers that you have installed in your computer:
Mozilla Firefox: Tools > Options > Advanced > Settings > Manual proxy configuration.
Google Chrome: Options > Under the hood > Network > Change proxy settings > LAN settings > Use a proxy server > Advanced > HTTP.
Internet Explorer: Tools > Internet options > Connections > LAN settings > Use a proxy server > Advanced > HTTP.
Opera: Tools > Preferences > Advanced > Network.
7. Insert this in your socks:
Socks Host 127.0.0.1 port 9191(your desired port)
8. Click OK after you are done configuring your network settings.
Alright now we're all set! To check if you have successfully tunneled your IP address, click this. If you see the IP address of the SSH server that you put on your host then you have successfully configured your browser with your SSH server. Congratulations!
About the Contributor:
Shipcode
is a prolific blogger of ROOTCON and at the same time an InfoSec
enthusiast from Cebu. He was inspired to join ROOTCON as part of the
core team to share his knowledge in information security. He encourages
other like minded individuals to come forward and share their knowledge
through blogging right here at ROOTCON Blog section.
ROOTCON is managed by like minded InfoSec professionals across the Philippines. All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.
Subscribe to:
Posts (Atom)
Subscribe to:
Posts (Atom)