Tuesday, October 16, 2012

Brute Forcing Web Applications

Here is a quick tutorial on how to discover and brute force web applications with Nikto and DirBuster.  Please be ethical when using these tools and be certain to have the proper authorization from the owner of the website prior to running these penetration tools.

All these penetration techniques were performed on BackTrack Linux 5 R3, so make sure to grab the appropriate iso image.

I created a quick script to perform the footprinting part of this test, so please feel free to use.
#!/bin/bash

nikto_dir=/pentest/web/nikto/
targets=~/targets # update this file with all the IPs that are needed (e.g. 192.168.1.1), line by line

cd ${nikto_dir}

# Updates Nikto with latest plugins and databases.
if ( ping -c 1 127.0.0.1 > /dev/null 2>&1 ); then
    echo ""
    echo "Updating Nikto"
    /usr/bin/perl nikto.pl -update
    echo ""
fi

echo ""
echo "Processing Nikto output for targets:"        
while read line
do
    /usr/local/bin/nmap ${line} -oG - | /usr/bin/perl nikto.pl -h ${line} -p 80,443 -F csv -o ~/nikto_${line}.csv
done < ${targets}

After you collect the web scanner information, perform the following to load DirBuster.
root@bt:~# cd pentest/web/dirbuster
root@bt:/pentest/web/dirbuster# java -jar DirBuster-0.12.jar -u http://localhost

Once DirBuster starts, you will be prompted with a interface that resembles the following:



To start your brute forcing test, enter in the "Target URL" field the appropriate website you wish to test (e.g. http://127.0.0.1:80).  Depending on the level of "force" you want to brute force your URL, click the browse button for the field entitled "File with list of dirs/files" and for this example choose "directory-list-lowercase-2.3-medium.txt."  You can leave all the other settings alone, the default settings will be fine for this example.  Once you are setup, click start and begin the brute force testing.

If you want to perform a DirBuster scan from terminal, perform the following:

root@bt:/pentest/web/dirbuster# java -jar DirBuster-0.12.jar -H -l /pentest/web/dirbuster/directory-list-2.3-medium.txt -s / -u http://127.0.0.1

DirBuster will output the results into /pentest/web/dirbuster when complete.

Thursday, October 11, 2012

BackTrack Linux 5 R3 Firefox/Flash Installation

I ran into some issues with the default installation of Firefox 14 on BackTrack Linux 5 R3, so here are the steps to upgrade to the latest Mozilla Firefox and Adobe Flash client plugin. The reason for this post is in regards to running Nessus v4.4.1 in BackTrack Linux. Nessus needs the Flash client plugin installed to run in a web browser; fortunately Nessus will be releasing a Nessus HTML5 client soon and we won't have to run into these issues in the future.

Kill all instances of Firefox by either closing your browser or running the pkill command.
# ps -elf | grep -i firefox

Make a new directory to download Firefox and the Flash client plugins in /tmp. Change directory to the newly created directory (e.g. /tmp/firefox).
# mkdir -p /tmp/firefox  
# cd /tmp/firefox

Remove the following files:
# rm -rf /opt/firefox/*  
# rm -rf /usr/lib/mozilla/plugins/*  
# rm -f /usr/share/icons/mozicon128.png

Download the following files:
Latest releases of Firefox &amp; Flash as of 10/11/2012:  
# wget http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/latest/linux-x86_64/en-US/firefox-16.0.tar.bz2  
# wget http://fpdownload.macromedia.com/get/flashplayer/pdc/11.2.202.238/install_flash_player_11_linux.x86_64.tar.gz

Extract the following files by running a TAR command:
Latest releases of Firefox &amp; Flash as of 10/11/2012:  
 # tar -xvf firefox-16.0.tar.bz2  
 # tar -xvf install_flash_player_11_linux.x86_64.tar.gz

Copy over the newly untarred files to finish installation:
# cp -R firefox/* /opt/firefox  
# cp libflashplayer.so /usr/lib/mozilla/plugins/  
# mkdir -p ~/.mozilla/plugins  
# cp libflashplayer.so ~/.mozilla/plugins/

To start a new instance of Firefox, perform the following:
# /opt/firefox/firefox &

Once Firefox successfully starts, point your browser to about:plugins and confirm that the plugin is enabled.

Monday, October 8, 2012

NASA insignia's

During my commute this morning, I was listening to The Nerdist episode with Tom Hanks and learned a fact in regards to the NASA insignia's nicknames.  Maybe this trivia will help me win a free beer?!

The Meatball (1959–82 and 1992–present)


The Worm (1975–1992)