Wednesday 11 September 2013

GDB Debugger Basic Commands


Very Basic GDB Tutorial, actually these are my handy notes!!!!..

Setting Breakpoint :

break *_start

Execute Next Instruction :

next
step
n
s

Continue Execution :

continue
c


Data :

2 main points we check is 'REGISTERS' and 'MEMORY'


Display Register Values : (Decimal , Binary , Hex )

print /d   --> Decimal
print /t   --> Binary
print /x   --> Hex


O/P :

(gdb) print /d $eax
$17 = 13

(gdb) print /t $eax
$18 = 1101

(gdb) print /x $eax
$19 = 0xd
(gdb)



Display values of specific memory locations :

command : x/nyz    (Examine)

n --> Number of fields to display      ==>
y --> Format for output                ==>  c (character) , d (decimal) , x (Hexadecimal)
z --> Size of field to be displayed    ==>  b (byte)  , h (halfword), w (word 32 Bit)


Below command displays 42 bytes of variable 'output' in character mode ,

(gdb) x/42cb &output
0x80490ac <output>:     84 'T'  104 'h' 101 'e' 32 ' '  112 'p' 114 'r' 111 'o' 99 'c'
0x80490b4 <output+8>:   101 'e' 115 's' 115 's' 111 'o' 114 'r' 32 ' '  86 'V'  101 'e'
0x80490bc <output+16>:  110 'n' 100 'd' 111 'o' 114 'r' 32 ' '  73 'I'  68 'D'  32 ' '
0x80490c4 <output+24>:  105 'i' 115 's' 32 ' '  39 '\'' 120 'x' 120 'x' 120 'x' 120 'x'
0x80490cc <output+32>:  120 'x' 120 'x' 120 'x' 120 'x' 120 'x' 120 'x' 120 'x' 120 'x'
0x80490d4 <output+40>:  39 '\'' 10 '\n'
(gdb)


CISCO IOS Penetration Testing


CISCO Penetration testing, is very interesting topic, but could not find much information so decided to collect information while working on professional assignment, and write article so as to get work done easily in future.

Enumeration is the Key!!!...:) I know there may be much information out but for basic start this will be helpful..!

I will suggest to watch basic videos from Vivek Ramchandran from securitytube.net

Below are simple Notes & IMP commands, which may be helpful.

CISCO IOS Pentesting:

root@bt:/pentest/cisco/cisco-torch# ./cisco-torch.pl -A -t -s -u -n -j -w -z -c -F FILE_NAME

Bruteforce:

root@bt:/pentest/cisco/cisco-torch# ./cisco-torch.pl -b -t -F FILE_NAME

Checking X.X.X.X ...
Tryng cisco:Cisco
Fingerprint:                    2552511255251325525324255253311310
Description:                    Cisco IOS host (tested on 2611, 2950)
Fingerprinting Successful


2036:   Checking X.X.X.X ...
Fingerprint:                    2552511255251325525324255253311310
Description:                    Cisco IOS host (tested on 2611, 2950)
Fingerprinting Successful

2036:   Checking X.X.X.X ...
Fingerprint:                    2552511255251325525324255253311310
Description:                    Cisco IOS host (tested on 2611, 2950)
Fingerprinting Successful

Sometimes you may need to generate your own password list for brute forcing, for which you can use "crunch" from backtrack...

Password Generator:

root@bt:/pentest/passwords/crunch#     ;) You can check MAN Pages for more information on crunch!!

Scan for SSH:

root@bt:/pentest/cisco/cisco-torch# ./cisco-torch.pl -s -F FILE_NAME

1815:   Checking X.X.X.X ...
Cisco found by SSH banner SSH-1.88-Cisco-1.20

1812:   Checking X.X.X.X ...
Cisco found by SSH banner SSH-1.88-Cisco-1.20

Scan for TFTP:

root@bt:/pentest/cisco/cisco-torch# ./cisco-torch.pl -j -F FILE_NAME

1851:   Checking X.X.X.X ...
*** Found  TFTP server

2730:   Checking X.X.X.X ...
*** Found  TFTP server

Cisco IOS HTTP Authorization Vulnerability Scan

root@bt:/pentest/cisco/cisco-torch# ./cisco-torch.pl -z -F FILE_NAME

Scan for NTP:

root@bt# ./cisco-torch.pl -n -F FILE_NAME | grep "Found Cisco remote NTP host"
Found Cisco remote NTP host X.X.X.X
Found Cisco remote NTP host X.X.X.X
Found Cisco remote NTP host X.X.X.X
Found Cisco remote NTP host X.X.X.X

CGE Cisco Exploiter:

Usage :
perl cge.pl <target> <vulnerability number>

Vulnerabilities list :
[1] - Cisco 677/678 Telnet Buffer Overflow Vulnerability
[2] - Cisco IOS Router Denial of Service Vulnerability
[3] - Cisco IOS HTTP Auth Vulnerability
[4] - Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability
[5] - Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability
[6] - Cisco 675 Web Administration Denial of Service Vulnerability
[7] - Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability
[8] - Cisco IOS Software HTTP Request Denial of Service Vulnerability
[9] - Cisco 514 UDP Flood Denial of Service Vulnerability
[10] - CiscoSecure ACS for Windows NT Server Denial of Service Vulnerability
[11] - Cisco Catalyst Memory Leak Vulnerability
[12] - Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability
[13] - 0 Encoding IDS Bypass Vulnerability (UTF)
[14] - Cisco IOS HTTP Denial of Service Vulnerability

root@bt:/pentest/cisco/cisco-global-exploiter# ./cge.pl Number

Launch Graphical Hydra:
Path : /usr/share/applications
sh -c "xhydra"

Wednesday 4 September 2013

Add New Hard Drive to BackTrack Virtual Machine


Adding new disk to existing VMWare becomes very helpful especially if we run out of space....
This VM comes in handy... :)

Short Steps:

  1. Virtual Machine Settings > Hardware > Add > Hard Disk
  2. Create New Virtual Disk > Virtual Disk SCSI > Disk Size > Store Virtual Disk as a Single File
  3. Disk File > (You can Name as per convenience...In My case D:\NewDrive.vmdk )
  4. Start Virtual Machine
  5. # fdisk -l
  6.  Message Disk "/dev/sdb" Does not contain a valid partition table --> This is our new Disk 
  7. Partition our brand new disk....
  8. # fdisk -c /dev/sdb
    1. n --> Add New Disk
    2. p --> Make Primary Partition
    3. We need to select partition number, Ex. 1 , 2 , 3, 4 etc.
    4. Keep first and last cylinder as it is ....by pressing Enter
    5. p --> To view updated partition table
    6. w --> Write partition table
  9. Create folder where you want to mount your new drive Ex. /NewDisk
  10. # Mount /dev/sdb1 /NewDisk
  11. Make Permanent Entry in /etc/fstab
    1. Backup your fstab file :  cp /etc/fstab /etc/fstab.bkp 
    2. Edit /etc/fstab and add entry :  /dev/sdb1 /NewDisk ext3 defaults 1 
This was short introduction to adding and creating new partition in existing Virtual Machine.
For Details Information Visit : Here

Hope this will be helpful.
Reminds me my Old RHCE Memories....!!! ;)