So as part of my exploration into the fascinating world of backtrack 5 I found yesterday within it’s depths a tool called w3af GUI of course you could download this opensource or any opensource application outside of backtrack and use it but having an all in one pen test / hacking operating system built on Linux is great.
If you build web apps that need to stand up to the specific threats listed as part of the OWASP top 10 project then running a VM of backtrack in VMWare or VirtualBox could be just the ticket to ensure your app is robust enough to fend off the pen. test company.
It was just a case of loading up the app via BackTrack - Exploitation tools – web exploitation tools – w3af_gui, select the OWASP_TOP10 profile, supply a starting URL and click start… it will then crawl through the site trying to do all sorts of nasties… usually takes quite some time as it is a very in depth analysis…
Posted by Brad | Posted in Ramblings | Posted on 22-02-2012
As a windows developer who has dabbled in UNIX very little… I’m getting into penetration testing now using BackTrack and Metasploit… so I’m having a hack at cracking the WPA passphrase on a router… and in the last 22 hours my old laptop has chugged up a massive 58 million attempts from my 11GB dictionary text file… these are big numbers… so I thought I’d have a peek and see how many rows are in that 11GB txt file…..
With a simple command I did a line count of the text file and found after just a couple of minutes it worked out there are 982 MILLION lines in this file…. utterly mad speed…
“Well the O/H was not impressed that I bought one as she said its just a useless gadget but now she listens to the internet radio through the aux input on her kitchen mini system. She has all her fav stations saved and as I type she is dancing around the kitchen and just said this thing is fantastic”"
Posted by Brad | Posted in Ramblings | Posted on 08-10-2009
Something I saw around the interwebs yesterday,
Use an Old Linux Computer to Put your Baby to Sleep
If you are not a computer geek, here is an explanation of how this very simple program works.
First the program will auto-eject the CD-ROM drive attached to the computer and will then close the tray. This will then happen over and over again until you stop it.
while [1 = 1]
#pull cdrom tray back in
This is the result…
The lazy person who thought this up, tied a piece of string between the CD-ROM drive tray and the baby car seat and as the tray would open and close, the smooth movements were enough to put his baby to sleep.
Posted by Brad | Posted in Ramblings | Posted on 26-04-2009
So I have ubuntu la de da 9 on my vista laptop courtesy of a virtualbox partition so I don’t have to worry about fucking up by beloved windows laptop that I have setup to do anything I need so I can do business online.
And time after time I get the same shit with linux (which I have been having a stab at once every couple of years since ages ago), you want to do something, so you must find out a program that enables you to do it.
You look around google for people that wanted to do the same thing and you end up with a program name that means nothing to any normal human being, which you then install through a command line using lots of “flags” that again mean nothing to anyone that does not do this sort of shit all the time.
So you think, great, now I got my program, it’s even open source and thats amazing… but wait a second, the installer fucks out because you didn’t have some other stupid thing installed, so you go to some ugly wiki shit to get that, work out how to get hold of it and put it on, but then oops… that shit needs you to install something else from some other place.. and so it goes on and on and on… until yet again you go mwahhhh fuck it, I will just stick with windows where I can actually get stuff done rather than pissing about with installers and getting nothing actually done.
For those wondering what the hell I am trying to do, I’m wondering how to crack WPA wifi network passwords with ubuntu and aircrack-ng.
And have lots of things installed that may or may not be related to eachother, but ultimately from all these shitty youtube tutorials made by people who do just spend their lives on the command line rather than producing things that are intelligible to someone new to linux… anyway.. I have achieved nothing so far.
But at least I have a work in progress that I can choose to go back to whever I can be bothered to have another stab, at least I found that this virtualbox thing is a nice way to virtualise an OS to play around with.