Monday, February 27, 2012

Damn Vulnerable Web App Installer Shell Script

Hey guys, shipcode here once again :)

Today I'm gonna share to you an installer shell script for Damn Vulnerable Web App (DVWA) which was coded by Travis Phillips.

DVWA is cool web application for testing your skills in web penetration testing and your knowledge in manual SQL Injection, XSS, Blind SQL Injection, etc.

   
    #/bin/bash
    echo -e "\n#######################################"
    echo -e "# Damn Vulnerable Web App Installer Script #"
    echo -e "#######################################"
    echo " Coded By: Travis Phillips"
    echo " Website: http://theunl33t.blogspot.com"
    echo -e -n "\n[*] Changing directory to /var/www..."
    cd /var/www > /dev/null
    echo -e "Done!\n"


    echo -n "[*] Removing default index.html..."
    rm index.html > /dev/null
    echo -e "Done!\n"


    echo -n "[*] Changing to Temp Directory..."
    cd /tmp
    echo -e "Done!\n"


    echo "[*] Downloading DVWA..."
    wget http://voxel.dl.sourceforge.net/project/dvwa/DVWA-1.0.7.zip
    echo -e "Done!\n"


    echo -n "[*] Unzipping DVWA..."
    unzip DVWA-1.0.7.zip > /dev/null
    echo -e "Done!\n"


    echo -n "[*] Deleting the zip file..."
    rm DVWA-1.0.7.zip > /dev/null
    echo -e "Done!\n"


    echo -n "[*] Copying dvwa to root of Web Directory..."
    cp -R dvwa/* /var/www > /dev/null
    echo -e "Done!\n"


    echo -n "[*] Clearing Temp Directory..."
    rm -R dvwa > /dev/null
    echo -e "Done!\n"


    echo -n "[*] Enabling Remote include in php.ini..."
    cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.ini1
    sed -e 's/allow_url_include = Off/allow_url_include = On/' /etc/php5/apache2/php.ini1 > /etc/php5/apache2/php.ini
    rm /etc/php5/apache2/php.ini1
    echo -e "Done!\n"


    echo -n "[*] Enabling write permissions to /var/www/hackable/upload..."
    chmod 777 /var/www/hackable/uploads/
    echo -e "Done!\n"


    echo -n "[*] Starting Web Service..."
    service apache2 start &> /dev/null
    echo -e "Done!\n"


    echo -n "[*] Starting MySQL..."
    service mysql start &> /dev/null
    echo -e "Done!\n"


    echo -n "[*] Updating Config File..."
    cp /var/www/config/config.inc.php /var/www/config/config.inc.php1
    sed -e 's/'\'\''/'\''toor'\''/' /var/www/config/config.inc.php1 > /var/www/config/config.inc.php
    rm /var/www/config/config.inc.php1
    echo -e "Done!\n"


    echo -n "[*] Updating Database..."
    wget --post-data "create_db=Create / Reset Database" http://127.0.0.1/setup.php &> /dev/null
    mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/gordonb.jpg" where user = "gordonb";'
    mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/smithy.jpg" where user = "smithy";'
    mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/admin.jpg" where user = "admin";'
    mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/pablo.jpg" where user = "pablo";'
    mysql -u root --password='toor' -e 'update dvwa.users set avatar = "/hackable/users/1337.jpg" where user = "1337";'
    echo -e "Done!\n"


    echo -e -n "[*] Starting Firefox to DVWA\nUserName: admin\nPassword: password"
    firefox http://127.0.0.1/login.php &> /dev/null &
    echo -e "\nDone!\n"
    echo -e "[\033[1;32m*\033[1;37m] DVWA Install Finished!\n" 



So what you are going to do is to save it to whatever.sh. Make it into an executable script: chmod +x whatever.sh. Then to install it just execute the file : ./whatever.sh.


Take note that every time you want to launch this web application is that you need to start the services apache2 and mysql:
service apache2 start
service mysql start
 You can now acess this web application from your localhost ;)









About the Contributor:
Shipcode is a prolific blogger of ROOTCON and at the same time an InfoSec enthusiast from Cebu. He was inspired to join ROOTCON as part of the core team to share his knowledge in information security.  He encourages other like minded individuals to come forward and share their knowledge through blogging right here at ROOTCON Blog section.

ROOTCON is managed by like minded InfoSec professionals across the Philippines.  All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.
Read More

Tuesday, February 14, 2012

10 Pentesting Linux Distributions You Should Try

With the help of open source tools, penetration testing can now be conducted easier (although it can also be hard sometimes :p ) and cheaper. Linux has gained popularity in the area of penetration testing and information security. Not just because of its security but because of its efficiency because most Pentesting Linux distros that can just be booted using your flash drive or a live CD which makes wherein you don't need to install it on your HDD. These live penetration testing distros contains a package of tools for hacking or cracking a system. Each pentesting distro has its own pros, cons and specialty which includes web application vulnerability research, forensics, WiFi cracking, reverse engineering, malware analysis, and many more.

And so I decided to write a review about 10 pentesting distros I've tried and booted on my laptop or PC:

1. BackTrack 5


So tell me.. Who doesn't know about BackTrack? Some windows users do but almost all penetration testers and Linux users are familiar with this pentesting distro based on Ubuntu. BackTrack used to be a KDE pentesting distro but with the release of BackTrack 5, a Gnome Desktop Environment was also released for those users who dislike KDE. In fact with the release of BackTrack 5, the developer (phillips321) of GnackTrack decided to stop his project after careful consideration. Hence, bt5-fixit.sh was released by phillips321 for improving and adding more tools for BackTrack 5. BackTrack is one of my favorite pentesting distros that can run on a live CD or flash drive. Ideal for wireless cracking, exploiting, web application assessment, learning, or social-engineering a client.

Famous for its awesome line: "The quieter you become, the more you are able to hear". Download BT5 here.

2. BackBox Linux


BackBox Linux captured my heart because of its sleek performance and its flexibility as what the project claims to be. Its new version which is BackBox 2.01 uses these components: Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. The new version has cool features which include Forensic Analysis, Documentation & Reporting and Reverse Engineering and updated tools like dradis, ettercap, john, metasploit, nmap , Social Engineering Toolkit, sleuthkit, w3af, weevely, wireshark, etc. This pentesting distro is part of Open Soluzioni's project which is founded by Raffaele Forte.

Download this project and see for yourself. What makes their forum cool is that the admin is open for tools request. In fact, Raffaele added reaver (WiFi Protected Setup Attack Tool) in their repository after I made a request in their forum a few months ago.

3. Node Zero


Node Zero is a Ubuntu based distro for penetration testing. It uses the Ubuntu repositories so every time Ubuntu releases a patch for its bugs, you also are notified for system updates or upgrades. Nodezero is famous for its inclusion of THC IPV6 Attack Toolkit which includes tools like alive6, detect-new-ip6, dnsdict6, dos-new-ip6, fake-advertise6, fake-mipv6, fake_mld6, fake_router6, implementation6, implementation6d, parasite6, recon6, redir6, rsmurf6, sendpees6, smurf6, toobig6,  and trace6. Node Zero was formally known as Ubuntu Pentest Edition and was the 1st Ubuntu/Gnome based pentesting distro that was released.

Nodezero Linux is an official media partner of ROOTCON. You can check out the list of tools that Nodezero has in this link.

4. Blackbuntu


Don't feel bad with it's name, it's not a forbidden distro that uses dark arts or unethical tools. It's the black theme which makes this distro very mysterious.

Blackbuntu is another penetration testing distro based on Ubuntu obviously because of its name. It uses GNOME as its DE and uses the Ubuntu 10.10 release. The categories of its tools include Information Gathering, Network Mapping, Vulnerability Identification, Penetration, Privilege Escalation, Maintaining Access, Radio Network Analysis, VOIP Analysis, Digital Forensic, Reverse Engineering and other Miscellaneous tools like macchanger and lynis auditing tools. You can download this distro here.

5. Samurai Web Testing Framework


Samurai Web Testing Framework is a live linux distro that focuses on web application vulnerability research, website hacking, web pentesting, and is a pre-configured as web application environment for you to try hacking ethically and without violating any laws. This distro is a must have for penetration testers who wants to combine network and web app techniques. The framework uses the component Ubuntu 9.04 release.

Samurai Web Testing Framework is a project of InGuardians Inc. which is a vendor-independent Information Security Consultancy based in Washington D.C. This distro can be downloaded in sourceforge.


6. Knoppix STD



No!! Not the Knoppix Sexual Transmitted Disease. STD stands for Security Tools Distribution and is based on Knoppix. This distro was last updated on 2009 which means it didn't have updates now unlike the previous distros that I discussed but I would like to give it a plus one for the fluxbox Desktop Environment because of its very light and smooth. They have some cool tools and has a cool feature which is the Cryptography section. Might not work on some new hardwares because of the forgotten system update but it works great in my virtualbox.

You can download this live distro here.

7. Pentoo


Pentoo? Sounds familiar right? My dear friends, Pentoo is based on Gentoo Linux and is a pentesting distro that uses Enlightenment E17 as its desktop environment. It's default wallpaper is really cute. I love Tux. LoL

It has a fairly cool collection of pentetsing tools, Cuda/OPENCL cracking support with development tools and GPU based cracking software pyrit installed on the distro.

8. WEAKERTH4N Linux


WEAKERTH4N is one of the awesome pentesting distros I have ever tried. It's still in its BETA release but the developer has done a good job for this project that some cool pentesting tools included in this distro. It is built from Debian Squeeze and uses Fluxbox as it Desktop environment. You can install this live pentesting distro using Custom Remastersys Installer. It has a lot of wireless tools unlike BackTrack 5.It has the old Android Hacking features.

For wifi warriors out there you should check out the Weaknet Labs Section under WiFu especially Catchme-NG which allows you to troll for a MAC address, or anything from an 802.11 packet using Airodump-ng and WPA-Phishing attack for EAP Phishing.  Download the BETA version here.

9. Matriux Krypton


Matriux Krypton final was released last 2011.08.15 and is another open source security distribution for ethical hackers and penetration testers. Compiled with a cool set of tools which they call arsenals, this distro can be used for penetration testing, ethical hacking, system and network administration, cyber forensics investigations, security testing, vulnerability analysis, exploiting, cracking, data recovery and many more. I also love its startup screen that says "Software is like sex; it's better when it's free" (attributed to Linus Torvalds).

Download this cool pentesting distro and check out their arsenal here.


10. Project Playground


Project Playground or “Pipi” is a pentesting distro based on Debian that uses XFCE as its DE. It centers on web application security practice, it is packed with web apps intended to have vulnerabilities and weaknesses for you to practice. This includes DVWA, mutillidae, gruyere and webgoat and many more. Aside from those mentioned, articles and tutorials are also included. The distro is made in the Philippines by a Filipino open source advocate and pentetsing lover named creatures/kreatures.

For now the alpha release is available for download and I have already tried it. Kudos to creatures/kreatures for the Alpha Release. You can email creatures at ysda27[at]gmail[dot]com or visit his website for more updates about his project.  You can stalk some of his tutorials on the ProjectX Blog.


About the Contributor:
Shipcode is a prolific blogger of ROOTCON and at the same time an InfoSec enthusiast from Cebu. He was inspired to join ROOTCON as part of the core team to share his knowledge in information security.  He encourages other like minded individuals to come forward and share their knowledge through blogging right here at ROOTCON Blog section.

ROOTCON is managed by like minded InfoSec professionals across the Philippines.  All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.
Read More

Monday, February 06, 2012

SSH Tunneling with puTTy and your browser


In this article we will discuss on how to tunnel using SSH / Secure Shell which can be used to hide your IP address or bypass firewalls at your school or office. SSH can also be used for forwarding TCP ports and x11 connections.

We will be using puTTy as our SSH client and it can be downloaded here. Follow this simple steps in order to cloak your IP address while you are surfing the net:

1. Run puTTy

2. Put the IP address of the SSH server that you want to use under Host name or IP Address Tab

3. Go to SSH tab >> Tunnels then put your desired port on the source port (In this example I will be using 9191 which we will soon put in the socks host port of the browser) then check Dynamic and click ADD.


4. Click Open then login with your username and password.


6. Configure your browser's network settings. Below are instructions for specific browsers that you have installed in your computer:

Mozilla Firefox: Tools > Options > Advanced > Settings > Manual proxy configuration.

Google Chrome: Options > Under the hood > Network > Change proxy settings > LAN settings > Use a proxy server > Advanced > HTTP.

Internet Explorer: Tools > Internet options > Connections > LAN settings > Use a proxy server > Advanced > HTTP.

Opera: Tools > Preferences > Advanced > Network.

7.  Insert this in your socks:

Socks Host 127.0.0.1 port 9191(your desired port)

8. Click OK after you are done configuring your network settings.


Alright now we're all set! To check if you have successfully tunneled your IP address, click this. If you see the IP address of the SSH server that you put on your host then you have successfully configured your browser with your SSH server. Congratulations!


About the Contributor:
Shipcode is a prolific blogger of ROOTCON and at the same time an InfoSec enthusiast from Cebu. He was inspired to join ROOTCON as part of the core team to share his knowledge in information security.  He encourages other like minded individuals to come forward and share their knowledge through blogging right here at ROOTCON Blog section.

ROOTCON is managed by like minded InfoSec professionals across the Philippines.  All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.

Read More