Install Arachni v0.2.2.2 - GnackTrack R6

### Installation Arachni v0.2.2.2 - GnackTrack R6

$ sudo apt-get install phpmyadmin

$ sudo apt-get install libxml2-dev libxslt1-dev libcurl4-openssl-dev libsqlite3-dev

$ bash < <( curl http://rvm.beginrescueend.com/releases/rvm-install-head )

wget ftp://ftp.ruby-lang.org//pub/ruby/1.9/ruby-1.9.2-p180.tar.gz

tar -zxvf ruby-1.9.2-p180.tar.gz

cd ruby-1.9.2-p180

./configure
make
make install

-----

http://localhost/phpmyadmin

MySQL connection collation:binary


https://github.com/zapotek/arachni

download : Zapotek-arachni-v0.2.2.1-41-ge72062e.tar.gz

tar -zxvf Zapotek-arachni-v0.2.2.1-41-ge72062e.tar.gz

cd Zapotek-arachni-v0.2.2.1-41-ge72062e.tar.gz

rake install

-----

arachni_web_autostart

Installing Compact-Wireless patched on Ubuntu Maveric with Kernel 2.6.35 to 2.6.37

for drivers rtl8187, zd1211rw, iwl3945, ath5k, rt73usb, rt2800usb)
New package already patched for Ubuntu Maverick or Lucid with new Kernel 2.6.35 to 2.6.37
(include patch to fix problem in Airodump-ng --> "mon0 is on channel: -1")

Download drivers: Compat-wireless-aircrack-maverick-patched

Code:
sudo rmmod rtl8187 zd1211rw iwl3945 ath5k rt73usb rt2800usb mac80211 cfg80211
sudo mkdir /usr/src/drivers
cd /usr/src/drivers
sudo tar jxvf compat-wireless-aircrack-maverick-patched.tar.bz2
cd compat-wireless-aircrack-maverick-patched
sudo make
sudo make install
sudo make unload

At this point, to use the driver RTL8187 with ALFA-AWUS036H, load the appropriate module with this command:
Code:
sudo modprobe iwl3945

While, for use of the new ALFA-AWUS050NH, load driver rt2800usb:
sudo modprobe rt2800usb

---------------

I tried the iwl3945 works, there was a problem in gnacktrack "mon0 is on channel: -1 " improved

GnackTrack - How to run VLC in root

wget -c http://downloads.sourceforge.net/project/vlc/1.1.7/vlc-1.1.7.tar.bz2
tar -xvf vlc-1.1.7.tar.bz2
cd vlc-1.1.7
apt-get build-dep vlc
./configure --enable-run-as-root
make
make install
------------------------------
start it from command line, (simply type vlc or /usr/local/bin/vlc) it may give you an error about libvlc.so, if it does run:

apt-get install libvlc-dev libvlc2

MagicTree

Description

MagicTree is a tool developed in Java by Gremwell. It enables to organize data gathered during a pentest. The tool also enables to launch commands (Nmap, Nikto, ...) for a better integration of the results. Here are some of the features:

* Automatic creation of nodes from netblock address
* Drag and drop objects from the tree
* Launch CLI-based tools (Nmap, Nikto, ...) from MagicTree
* Import results from other tools (Nessus, ...)
* Sort findings by severity
* Generate reports (*.odt, *.docx)
* And much more...

This article introduces the basics of the tool. For a more complete documentation, please refer to http://www.gremwell.com/magictreedoc/.
Installation
Java

You will need to install Java. Under *ubuntu, edit your /etc/apt/sources.list file and uncomment these 2 repositories:

deb http://archive.canonical.com/ubuntu lucid partner
deb-src http://archive.canonical.com/ubuntu lucid partner

Then update your local repositories and install Java:

$ sudo apt-get update
$ sudo apt-get install sun-java6-plugin

Install MagicTree

$ mkdir -p /pentest/misc/magictree/
$ cd /pentest/misc/magictree/
$ wget http://www.gremwell.com/dist/1381.5c2a7c0734ce8c65ba59f3c2b8884470/MagicTree-1381.jar

Usage
Start MagicTree

To start MagicTree, simply issue following command:

$ cd /pentest/misc/magictree/
$ java -jar MagicTree-1381.jar

You should see following screen:

Create, rename and delete nodes
Automatic creation

To automatically create a node from a netblock (e.g. 192.168.100.0/24), select "Node > Auto Create" from the menu. Then, enter the netblock with the CIDR form.
Manual creation
Manually create nodes

* To create a node from the root, right click on the top node and select:
o "Create child > Branch Node" to create a new branch
o "Create Child > Simple Node" to create an object (e.g. host)
* To rename an object, double click on it to edit the label.
* To delete an object, right click on it and select "Delete" from the menu.

Also notice that you can move any object by drag/drop-ing it.


Notice
The "testdata" branch node is generally used under "magictree" to store all the data related to the test. Sticking to the same tree structure is useful in several ways. Firstly, if you import XML from nmap, nessus, or other tools it will be under "testdata". If you manually create host nodes, you'll want the results of the scan to appear under the nodes you have created. Secondly, there are a number of scanned queries and what is called "methods" (a query and a command that use the query results) that generally work from the assumption that the data is under "/magictree/testdata".

Using tables

Tables enable to use a list of hosts in a command line (e.g. Nmap). In the example above, we use -iL $in to use the list of hosts/networks:

* -iL : Input from list of hosts/networks
* $in: Variable used to process data from the table

We also use an output to be able to get the results of our command:

* -oX : Output scan in XML format
* $out: Variable that will be processed to inject the results in the tree.

Click on "Console" to see the scan running (usefull to enter sudo password).

Once the scan is finished, select $out in the variables and click on "Import" to inject the results in the tree.
Import results from external tools

MagicTree enables to import Nessus results. Save your Nessus report in .nessus (Version 1 and Version 2) format and open the file in MagicTree.

Repo-browser

On the right hand side of the window frame there is a button that says "Repo Browser". Clicking on it opens the query and method repository. You can browse it by tags and execute queries and methods stored in it. You can also save the queries and commands that you use to the repository, to be able to quickly execute them later.

Generating Reports

Once you have completed your penetration tests, you can export the results in a *.odt (OpenOffice) or *.docx (MS Office) file. Select "Report > Generate Report" from the menu, and select one of the templates available in the ~/.magictree/report-templates/ directory.

Notice that if you use KDE (e.g. Kubuntu), you will get an error:

20:18.14 Report generation failed
java.lang.UnsupportedOperationException: Desktop API is not supported on the current platform
at java.awt.Desktop.getDesktop(Desktop.java:144)
at bU.b(SourceFile:277)
at bU.a(SourceFile:78)
at bU.a(SourceFile:24)
at cV.run(SourceFile:244)
at java.lang.Thread.run(Thread.java:636)
20:18.14 java.lang.UnsupportedOperationException: Desktop API is not supported on the current platform
at java.awt.Desktop.getDesktop(Desktop.java:144)
at bU.b(SourceFile:277)
at bU.a(SourceFile:78)
at bU.a(SourceFile:24)
at cV.run(SourceFile:244)
at java.lang.Thread.run(Thread.java:636)


t appears that the Java Desktop API that MagicTree is using to start OpenOffice does not work in KDE (it only works on Gnome). For more information on that issue, refer to http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6486393.

Although, the reports are successfully generated and saved in your ~/.magictree/tmp/ directory.

Dradis

Description

Dradis is a Ruby on Rails-based framework that helps pentester organize and share their results in a common database. The tool then enables to consolidate the inputs with external databases (e.g. vulnerabilities databases) and generate reports.

The tool is shipped with a set of plugins that enable to import scan results:

* Project package upload
* Project template upload
* Nmap upload
* Nikto upload
* Nessus upload
* Burp upload

Installation
Download and uncompress Dradis
-----------------------------------------------------------------------
-$ cd /data/src/
-$ wget http://downloads.sourceforge.net/dradis/dradis-v2.5.2.tar.bz2
-$ bzip2 -cd dradis-v2.5.2.tar.bz2 | tar xf -
-$ mkdir -p /pentest/misc/
-$ mv dradis-2.5/ /pentest/misc/dradis/
-----------------------------------------------------------------------
Install dependencies

First install following packages:
----------------------------------------------------------------------------
-$ apt-get install ruby1.8 rubygems1.8 irb rdoc ruby1.8-dev libopenssl-ruby
----------------------------------------------------------------------------
Then install Ruby dependencies via Gem:
----------------------------------
-$ sudo gem install rake -
-$ sudo gem install sqlite3-ruby -
----------------------------------

/Notice that dradis uses SQLite3 as default engine. If you wish to use a different engine (e.g. MySQL), you will have to modify the configuration file in ./dradis/server/config/database.yml./

*********************************************************************************
*Check the requirements
*
*At least check that all requirements are met by issuing following commands:
*
*$ cd /pentest/misc/dradis/
*$ ./verify.sh
*
*dradis Framework dependencies verification script
*-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
*
* This script will try to determine whether all the dependencies required to
*use the dradis Framework are present in the system providing hints on how to
*install the missing dependencies. The system will NOT be modified by the
*script.
*
*Please send your feedback about this script to:
* feedback [you-know-what] dradisframework.org
*
*
*Running Standard checks.
*
*Looking for Ruby interpreter... found [ /usr/bin/ruby ].
*Checking for support to compile native extensions... found.
*Looking for RubyGems and the 'gem' command... found [ /usr/bin/gem ].
*Looking for the 'rake' command... found [ /usr/bin/rake ].
*Looking for SQLite3 libraries... found.
*Looking for the SQLite3 ruby gem [sqlite3-ruby]... found (v1.3.1).
*
*Congratulations. You seem to be ready to run the Dradis Framework. Enjoy!
**********************************************************************************

Populate/reset the database
Then populate the database:

**********************************************************************************
*$ cd server/
*$ rake dradis:reset
*(in /pentest/misc/dradis/server)
*Environment not initialized. Nothing to backup.
*Dropping attachments from attachments/... done.
*== CreateNodes: migrating ====================================================
*-- create_table(:nodes)
* -> 0.0017s
*== CreateNodes: migrated (0.0019s) ===========================================
*
*== CreateCategories: migrating ===============================================
*-- create_table(:categories)
* -> 0.0021s
*== CreateCategories: migrated (0.0022s) ======================================
*
*== CreateNotes: migrating ====================================================
*-- create_table(:notes)
* -> 0.0038s
*== CreateNotes: migrated (0.0040s) ===========================================
*
*== CreateConfigurations: migrating ===========================================
*-- create_table(:configurations)
* -> 0.0023s
*== CreateConfigurations: migrated (0.0025s) ==================================
*
*== CreateUsers: migrating ====================================================
*-- create_table("users", {:force=>true})
* -> 0.0038s
*== CreateUsers: migrated (0.0040s) ===========================================
*
*== CreateFeeds: migrating ====================================================
*-- create_table(:feeds)
* -> 0.0018s
*== CreateFeeds: migrated (0.0019s) ===========================================
***********************************************************************************

Usage

Start Dradis server

To start the server, go to /pentest/misc/dradis/ and issue following commands:

$ cd /pentest/misc/dradis/server/
$ ruby ./script/server

By default, Dradis server listens on 127.0.0.1:3004. Alternatively, you may bind to different address and port:

$ ruby ./script/server -b -p

First connection

Point your web browser to: https://localhost:3004/

If everything is fine, you should see a similar screen:

/////////////////////////////////////////////////////////////////////////////////
Notice
If you notice SSL errors, reset the database, restart the server and reconnect.
////////////////////////////////////////////////////////////////////////////////

Initialize Dradis

To initialize a project, go to: https://localhost:3004/sessions/init

Fill in a password and check the "New project" radio button. Then click on the "Initialize" button.

On the next screen, select a login and use the password you have defined on the previous screen.

You should now be presented with a similar screen:

Import scan results

In this example, we are going to import scan results from Nmap.

First scan a target using Nmap (e.g. 192.168.100.18) and export the results (XML format) to a file:

$ sudo nmap -sS 192.168.100.18 -oX nmap-192.168.100.18.xml

Then go to Dradis web interface and click on the "Import" button from the top menu. You will be presented with a popup window in which you will specify the type (select Nmap upload) and the path to your file. Fill in all fields and click on OK.

Once imported, the results appear in the tree:

The same way, you can import results from:

* Nmap
* Nikto
* Nessus
* BurpSuite

Once imported, drag and drop items from the tree to organize them as you want:

Using import note

Dradis offers the possibility to import notes from an external database. We base our example on:

* A scan result from Nikto against a WIN-XP-PRO-SP3 machine
* the Open Source Vulnerability DataBase (OSVDB)

Info.png
Notice
Notice that you will need a valid API key to be able to use OSVDB. To get one, connect to https://osvdb.org/account/signup.

First generate a Nikto report:

$ ./nikto.pl -output /data/tmp/nikto-10.1.1.2.xml -host 10.1.1.2
- ***** SSL support not available (see docs for SSL install) *****
- Nikto v2.1.3
---------------------------------------------------------------------------
+ Target IP: 10.1.1.2
+ Target Hostname: 10.1.1.2
+ Target Port: 80
+ Start Time: 2010-11-21 09:13:34
---------------------------------------------------------------------------
+ Server: Microsoft-IIS/5.1
+ No CGI Directories found (use '-C all' to force check all possible dirs)
+ Microsoft-IIS/5.1 appears to be outdated (4.0 for NT 4, 5.0 for Win2k, current is at least 7.5)
+ Retrieved dasl header:
+ Retrieved dav header: 1, 2
+ Retrieved ms-author-via header: DAV
+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
+ OSVDB-5646: HTTP method ('Allow' Header): 'DELETE' may allow clients to remove files on the web server.
+ OSVDB-397: HTTP method ('Allow' Header): 'PUT' method could allow clients to save files on the web server.
+ OSVDB-5647: HTTP method ('Allow' Header): 'MOVE' may allow clients to change file locations on the web server.
+ Public HTTP Methods: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
+ OSVDB-5646: HTTP method ('Public' Header): 'DELETE' may allow clients to remove files on the web server.
+ OSVDB-397: HTTP method ('Public' Header): 'PUT' method could allow clients to save files on the web server.
+ OSVDB-5647: HTTP method ('Public' Header): 'MOVE' may allow clients to change file locations on the web server.
+ WebDAV enabled (SEARCH UNLOCK LOCK MKCOL COPY PROPPATCH PROPFIND listed as allowed)
+ OSVDB-13431: PROPFIND HTTP verb may show the server's internal IP address: http://10.1.1.2/
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ OSVDB-877: HTTP TRACK method is active, suggesting the host is vulnerable to XST
+ ERROR: No authentication header defined:
+ 6417 items checked: 1 error(s) and 16 item(s) reported on remote host
+ End Time: 2010-11-21 09:13:48 (14 seconds)
---------------------------------------------------------------------------
+ 1 host(s) tested
************************************************************************************************
Among all detected vulnerabilities, we will focus on the one in yellow (PUT method).
Info.png
Notice
Notice that the ID is OSVDB-397. We will use it to import the appropriate item from OSVD.

Go to Dradis web interface and import your results using the method described on the section "Import scan results".
Click on the "Import note" tab and fill in the form as follows:
External Source Choose OSVDB Import Plugin (OSVDBImport 2.4.0)
Filter Choose OSVDBIDLookup: OSVDB ID Lookup
Search for 397
Results Right click on the entry and select "Import this"

Once imported, the comments are added into Dradis:

Reports

At any time, you can export your results:

* HTML export
* Word export
* Pdf export

HTML export

Go to Dradis web interface and tag all categories as "HtmlExport Ready".

Then click on the export and select HTML export from the top menu. Here is an example:

Word export

Refer to this tutorial: http://dradisframework.org/WordExport_templates.html

Brute forcing RDP in GnackTrack with Rdesktop

Downlaod:

www.mediafire.com/blaguvest

rdesktop-1.6.0.tar.gz

rdp-brute-force-r806.diff

Download and install the application and patch using the newest version of rdp brute force patch, r806.diff

tar -xvzf  rdesktop-1.6.0.tar.gz

cd  rdesktop-1.6.0

patch -p1 -i ../rdp-brute-force-r806.diff

./configure
make
sudo make install

At this point you should have rdesktop modified and installed.


Exempel : rdesktop  -u [user] -p [file] -d [domain] [Target IP]

Attack : rdesktop -u administrator -p wordlist.txt  127.0.0.1