Monthly Archives: September 2007

Metasploit 3 Adds iPhone Hacking Tools

0
Posted by agent0x0 on September 28, 2007 – 9:49 am
Filed under Hacking

<%image(20070928-sw-0065.jpg|208|83|Metasploit Project)%>

HD Moore has done it again and is adding payloads for the iPhone. Some of these payloads include the ability to make a victims iPhone vibrate or even better..root shell access! HD is also putting in recent exploits like the like the one that exploits the Perl Compatible Regular Expressions (PCRE) library vulnerability.

HD goes on to explain that “a rootkit takes on a whole new meaning when the attacker has access to the camera, microphone, contact list, and phone hardware. Couple this with ‘always-on’ Internet access over EDGE and you have a perfect spying device…”.

You can read the full article at darkreading.com. Check out HD Moore’s blog post.

VMware Documentation for De-ICE Pen Test LiveCD’s Released

3
Posted by agent0x0 on September 27, 2007 – 11:49 pm
Filed under De-ICE LiveCD's

I finally had the time to finish a nice help document which describes how to install a VMware virtual network to run the De-ICE Penetration Testing LiveCD’s. So why did I do all of this?

For the longest time I have been looking for a way to create a training type program for a small corporate penetration testing team. The problem is that the people that conduct internal penetration tests within small and large corporations are usually part of a larger Information Security department. These are the people that usually have to wear many hats in Info Sec, not to mention that they have to do other things as well. This all leads to a decrease in time and hence, skill set! Since the corporate guys (and gals) don’t conduct pen tests everyday or every week (like our consulting brethren) there needs to be some sort of training program that corporate pen tester’s can use to keep their skills up-to-date.

The training program needs to consist of the following:

– Easy to setup in a lab or virtual environment.
– Scenario based challenges that replicate real world situations.
– A “level” type of achievement system. Levels should build upon one another.
– Real hacking tools need to be pre-installed and ready to use, no time to mess with configurations.
– Scenario’s that make you actually learn the tools and to think “outside the box”.
– Scenario’s need to be challenging and fun!

These are some of the high level requirements that I was looking for when it came to developing this training program.

I was lucky enough to attend the Defcon conference in Vegas this summer and sat in on a presentation entitled “Turn-Key Pen Test Labs” by Thomas Wilhelm. Thomas described these LiveCD’s (bootable on any kind of “intel” hardware) in which you can create your own pen test lab with some great real world scenarios. Thomas basically took scenarios that he did in real life pen testing assignments, recreated and re-engineered these on the LiveCD’s. What a fantastic idea! The LiveCD’s are based off of Slax. They contain real, live running services like telnet, ssh, ftp, etc..and even include a web server. So what do you do with the LiveCD once you pop it into a machine? You use Backtrack 2! Backtrack 2 is a LiveCD which contains over 300 tools pre-installed and ready to use. No need to configure anything. So..setup a small lan with two computers and a dhcp server and you are all set.

One thing I wanted to do was take the LiveCD’s that Thomas put together and create the lab environment in VMware. That way you can have the Backtrack 2 LiveCD and the De-ICE Pen Test LiveCD’s all on a virtual network contained on one laptop or desktop. Perfect for the corporate pen tester! I found (through the forums on Thomas’ website) that there were lots of questions and/or problems with setting up a virtual network to run the testing environment so I put together a document which guides you through the setup of the network and the LiveCD’s. This is the setup that I have used for the LiveCD’s and it has been working out great! One thing to note about my setup. I am running VMware Workstation 5.5 on Suse 10.2. These instructions should work with VMware Workstation 6 and server as well. I note that the Windows version is similar. I will need to update the document with the Windows instructions as well. This is version 1.0 so I plan on releasing updates to this in the future.

So where do you find all of this stuff?
You can download the De-ICE LiveCD’s from the De-ICE website here. There are also some really good “spoiler” and help forums if you get stuck. Thomas has done a great job on these LiveCD’s so please support his website and the forum community that is growing around these CD’s. I encourage you to learn more about these LiveCD’s and get involved with helping create scenarios for future LiveCD’s.

VMware Documentation for De-ICE Pen Test LiveCD’s
The VMware Configuration Document I created is available for download here. I also have a sticky in my forums with a download link as well. You can post questions or improvements to the document in the forums linked to this post either on spylogic.net or on de-ice.net. You can always send me an email as well. agent0x0 [aT] spylogic [d0t] net.

Gentoo Installation Woes

0
Posted by agent0x0 on September 27, 2007 – 10:04 am
Filed under Linux

So I have been tinkering around with Gentoo Linux and have been trying to get it up and running on a Dell D620. My first mistake was using genkernel instead of manually configuring the kernel (as recommended by Gentoo). Genkernel seems to install all kinds of extra stuff that you don’t need. My problem is that xorg won’t configure properly…looks like a kernel issue with the Intel 945g video. I have followed these instructions in the Gentoo Wiki and still can’t get X to work properly. I am going to try and reinstall with a manual kernel configuration. In the meantime, if you have a D620 and running Gentoo please post any suggestions in the forum. :)

PS3 PVR Tutorial

Posted by agent0x0 on September 27, 2007 – 9:50 am
Filed under Video Game Hardware Hacking

So I just got a PS3 and have been looking at all the cool things you can do with it…since you can run Linux on a PS3 (Yellowdog, Gentoo, etc..). One of the things you can turn your PS3 into is a PVR and record TV shows. There is a great site that shows you how to do this here. Looks like all you need is the following:

* Gentoo Linux Install
* MythTV
* Plextor ConvertX PX-M402U – TV
* Micronas GO7007 Linux Driver

Lots of good PS3 hacks on this site as well (homebrew). MythTV is similar to Freevo in that it is an open source PVR. Very cool…I am thinking of formating the PS3 and installing Gentoo at least. I’ll provide a review if this all works out! :)