Latest Updates

Mozilla Firefox Plugins for hacking purposes

Mozilla Firefox Plugins for hacking purposes
So far , I have just found out 2 Mozilla Firefox add ons / plugins for Web Hacking Purposes . Here they are :
- Technika Security Framework
I found this (unreleased) plugin when i was visiting GNUCITIZEN , and this firefox plugin is created by David Kierznowski , a senior Security Analyst in UK (he’s also the owner of michaeldaw.org). Some kewl features offered by this plugin are:
  • tech.dspider – DOM link spider.
  • tech.forms – GET/POST form parser.
  • tech.mutate – By specifying a payload and regex, we can mutate our target arrays and build tests.
  • tech.scan – tech.scan is our actual engine that will handle our GET and POST requests.
  • tech.mNiktoMini-Nikto . We called it mini-nikto as it currently only contains a very small database.
  • tech.g – This is one of my favorite tools in the TS framework. It uses the Google AJAX API (JSON) to fetch links and perform other Google hacking queries outside of our current DOM. This is really useful even when it is not security related.
  • tech.store – Utilizes the Firefox sessionStorage to allow us to persistently store arrays.
Well , i really don’t have any idea about this plugin actually (coz’ i haven’t tried it out :P ) . Details can be found here.
- HackBar 1.1.1
HackBar 1.1.1 is Mozilla Firefox plugin created to assist you to do penetration testings against SQL INJECTION and XSS . I’ve tried this plugin by myself , and it’s strongly recommended. Some kewl features of this plugin :
  • MySql CHAR() converter
  • MsSQL CHAR() converter
  • md5 generator
  • URL SPLITTER
  • BASE64 ENCODE
  • BASE64 DECIDE
  • URL ENCODE
  • URL DECODE
Go try this plugin by yourself , and you’ll find the ease of sql injection / xss pentests :D . Download Here now!

Firefox security addons

Firefox security addons

Mozilla Firefox

Fifrefox Security Addons are some firefox addons which have some special purpose like web application pentesting , web browser security enhancement and so on. I’m going to give you a list of Firefox security addons that you must have on your firefox browser :)
So here they are :

1. Firebug
This addon can be useful� to debug your javascript,css,html from your firefox browser. Download Firebug : https://addons.mozilla.org/en-US/firefox/addon/1843

2. Hackbar
A very useful firefox security addon to effectively launch some penetration testing to web application (sql injection,xss and more) it supports md5 , base64 . mssql char and so on . Download Hackbar : https://addons.mozilla.org/en-US/firefox/addon/3899

3. Anonymouser
This firefox addon will be useful to anonymously open a link (by using anonymouse.org proxy). Download Anonymouser : https://addons.mozilla.org/en-US/firefox/addon/1415

4. Switcher
This will be useful to hide your User Agent :) . Download User Agent Switcher : https://addons.mozilla.org/en-US/firefox/addon/59

5. Modify Headers
Easily modify your http header :) Download Modify headers addon : https://addons.mozilla.org/en-US/firefox/addon/967

6. XSS-me
By using XSS-me , you will be able to do a xss pentest easily. Download XSS-me : http://www.securitycompass.com/exploit_me/xssme/xssme-0.2.1.xpi

7. Sql-inject-me
Same as the addon aboce , but it’s specialized in sql injection attack. Download sql-inject-me : http://www.securitycompass.com/exploit_me/sqlime/sqlime-0.2.xpi

Change fluxbox keyboard layout BT4 R1

Change fluxbox keyboard layout BT4 R1


fluxbox have a us keyboard layout, if you want a different layout as default, like me, just:

Code:
nano /root/.fluxbox/startup
and add
Code:
setxkbmap it &
(mine is "it" because i'm italian... you have to put your nationality)

i hope it will be useful to someone

Install firefox 3.6.9 on BT4

Install firefox 3.6.9 on BT4


I've done installed firefox(latest ver 3.6.9) on my BT4. After i update firefox, i also update libflashplayer.so(plugins).

This is what i did:

1- Simply go to Firefox homepage(here) to download the package from origin provider.

- The package is with extension “.tar.bz2″

2- Make sure the package is located on your home folder

3- Open Terminal/Konsole and run “su”command then type your password if asking to use wide installation

4- Move firefox package to /usr/local/bin using this command:

#mv firefox-3.6.9.tar.bz2 /usr/local/bin

5- Navigate to it location and extract the package into that location

# cd /usr/local/bin

# tar jxvf firefox-3.6.9.tar.bz2

6- Installation DONE but need configure the menu. Press ALT+F2 and type “kmenuedit”. This will bring you GUI menu that we can edit.

7- Navigate to Internet > Web Browser (Firefox Web Browser)

8- At “Command” form/box, change with this new location=/usr/local/bin/firefox/firefox

9- Close all Firefox(if running) and try start from the menu.

I not really sure what this will cause. But for now, i found no problem..Please leave comment and let me know about what i did or you have other easy way to update firefox on BT4

Installing Compiz and Emerald in Backtrack

Installing Compiz and Emerald in Backtrack


Installing Compiz Fusion in Backtrack.
Now this is a wierd thing to do and useless too but I tought that some who use BT as a main OS would get borred and want to add a little graphic.

First of all let's grab all that we need:


Code:
root@bt:~#apt-get install compiz compiz-fusion-plugins-extra compiz-fusion-plugins-unsupported emerald simple-ccsm fusion-icon
Now go to backtrack menu -> system -> compiz fusion
You should see the icon in the toolbar, right click on it and select "Reload Window Manager".


Adding compiz to startup:

Go to /etc/ and edit the file called "rc.local". And just add the files you installed to it, like this:



Code:
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

compiz
compiz-fusion-plugins-extra
compiz-fusion-plugins-unsupported
emerald
simple-ccsm
fusion-icon

exit 0


Now open a terminal and type in

Code:
chmod u+x /etc/rc.local
and you're done, reboot and enjoy.

How to get Atheros AR9287 Chipset Working in Back|Track

How to get Atheros AR9287 Chipset Working in Back|Track
Not sure if this deserves to be in the "How To" section, but I figured it might save someone a few headaches and a lot of googling.



Download:


http://www.orbit-lab.org/kernel/comp...2.6.33.tar.bz2

Code:

tar -xf /root/compat-wireless-2.6.33.tar.bz2
cd compat-wireless-2.6.33
make
make install
shutdown now -r

Once rebooted:

Code:

start-network

Then, Wicd Manager=>Preferences=>Wireless Interface: wlan0

Refresh and you should see some wireless networks.



Thanks to dustyboner for directing me to the compat drivers.



****kukubau was able to get it working using these commands. Anyone that tries either of these, please let me know if they work.

Code:

tar -xf /path/to/compat-wireless-2.6.33.tar.bz2 - latest stable compat-wireless drivers

cd /path/to/compat-wireless-2.6.33.tar.bz2

./scripts/driver-select - it will show you a list of supported hardware

./scripts/driver-select - VERY IMPORTANT - WRITE THE DRIVER FOR YOUR CARD. FOR ATHEROS - ath9k

so

./scripts/driver-select ath9k

make

sudo make install

Customising BackTrack Live CD the Easy Way

Customising BackTrack Live CD the Easy Way
I’ve automated the customising process of the livecd to a convenient script which can be run on the BT4 Pre final (and future) release. This script sets up a build environment for you and drops you off in a modifiable chroot. You update, upgrade, add, remove packages, and then exit the shell. The script goes on to build a modified iso for you, including the updates and additions you introduced.
bt4 customizer Customising BackTrack Live CD the Easy Way
The script is very basic, with many elements hard coded (for example, the iso name expected is bt4.iso), but is easily modifiable.  In this video demonstration we install the broadcom wireless drivers, to support the Broadcom Corporation BCM4322 802.11a/b/g/n Wireless LAN Controller (rev 01) card in Macbooks. In addition, we update our backtrack tools to the most recent versions.
The script is available here: http://www.offensive-security.com/bt4-customise.sh
Check it out here : Customising BT4 the easy way vid sm Customising BackTrack Live CD the Easy Way