SSH provides shell access and as such it is one of the services that must be secured as well as it is possible. Step 0a - Change the default password IMPORTANT!: The first thing to do with Backtrack is to change the default password: To start the SSH service having the default password enabled is …
Do you still believe input validation is enough to fix Cross Site Scripting (XSS)? Billy Hoffman said it best at Schmoocon 2007 (4 years ago!!!) in his talk "JavaScript Malware for a Grey Goo Tomorrow" (fast forward to Q & A, minute 51:45): Person in the audience asks: "You said that AJAX doesn't really change …
Update 01/08/2011: The videos are now up here (YouTube). Thank you Tomasz! Update: Thanks to Jamie Duxbury (@w1bble) for hosting most of the pictures linked to from this page. I thought it was Soraya for some reason, sorry :). As I mentioned earlier: I was really honoured to attend BSides London and DC4420, aka Defcon …
NOTE: This will work in backtrack, ubuntu and pretty much any Linux distro as far as I know There are times where you would like to open a service to the internet and it is ok to only allow one host/IP address to connect to you, for example: - Host-to-host transactions - During a pentest …
I recently got an interesting question via email: Hi Abraham, I was just wondering if you’ve ever used a tool called Angry IP scanner? Is it safe to use? Is there any risk of it crashing a host you are scanning? Regards, Short answer: Q: I was just wondering if you’ve ever used a tool …
Introduction When you setup the VNC server you can connect remotely with GUI access to Backtrack, for this reason, it is best to start the VNC server BEFORE you enter the GUI, that will save a little bit on resources such as RAM. The VNC server service will provide no encryption, so make sure you …
First Check recognised HW: # dmesg|grep eth jme: JMicron JMC2XX ethernet driver version 1.0.4 eth0: registered as PCnet/PCI II 79C970A eth1: registered as PCnet/PCI II 79C970A eth2: registered as PCnet/PCI II 79C970A Option 1 - The manual way: Static IP assignment and nework configuration: a) Sets your IP address # ifconfig eth0 192.168.0.123 b) Set …
NOTE: For this to work you obviously need network connectivity first! this is explained backtrack-basics-networking Ok guys, finally this is the definitive guide from the Backtrack guys themselves (source): Update Back|Track Linux: apt-get update && apt-get upgrade && apt-get dist-upgrade Update Metasploit: cd /pentest/exploits/framework3 && svn update Update the Social-Engineer Toolkit (SET): cd /pentest/exploits/SET && …
This blog post will explain how to configure stunnel to allow non-SSL speaking tools (like for example netcat) to communicate with SSL protocols, in our example we will use HTTPS. Before stunnel, direct attempt of using a non-SSL tool: # nc www.example.com 443 HEAD / HTTP/1.0 .. 400 Bad Request Bad Request Your browser sent …
This is not strictly security related but I thought I would post it anyway ... So this is really weird, in Skype under windows sometimes the call button is disabled, I have plenty of resources, etc but for some reason Skype just does not let me ring any contact because the button is disabled. The …
