Skip to content

Archive

Archive for January, 2013

Anonymous

As we have already installed Backtrack as our Virtual Machine here now this is the time to explore more , how about becoming anonymous on the web, however the reality behind the Anonymity is really complex to explain, there are  EYES watching us every time and noting down our every movement on the web.

In the league of getting anonymous on the web there are many applications available that we can use for our purpose, one of them is TOR. There are multiple flavors available in Tor for windows, apple, smartphones, etc.

In order to install Tor in BackTrack 5 we need to bypass some of its security measure which will  allow Tor to be ran as root and use it along with the other tools like nmap, proxychains, zenmap, sqlmap, and more.

How to Install Tor in BackTrack 5 to Surf Anonymously and Bypass Tor “Should not be run as Root” Complain Error

1. Install gedit if you haven’t installed it yet on your BackTrack 5 machine. To do this just open a terminal and type the command below. GEdit is a program to edit the files inside Linux operating system just like our notepad in windows.

apt-get install gedit

Install Tor in BackTrack 5 and run as Root

2. Download Tor Browser  Bundle using the  link . Just pick the one that suits our need, either if it’s 32-bit or 64-bit for Linux OS.

Install Tor in BackTrack 5 and run as Root

3. Save the Tor Browser Bundle file to your root/Desktop directory and copy it’s filename as it will be needed to unzip it.

Install Tor in BackTrack 5 and run as Root

4. When download is 100% completed, open a terminal and type the commands below to untar it.

cd Desktop

tar -zvxf <filename>

Just change the <filename> to the actual filename of the file, and press enter to unzip its contents.

Install Tor in BackTrack 5 and run as Root

5. Upon extracting, we should be able to find a browser folder tor-browser_en-US on our Desktop, locate that folder and open it.

Install Tor in BackTrack 5 and run as Root

6. Find the “start-tor-browser” as shown below and double click to open it.

Install Tor in BackTrack 5 and run as Root

7. Upon doing the step above, we will be presented by an error message, “The Tor Browser Bundle should not be run as root. Exiting.” shown below. This is what we need to bypass and attempt to crack.

Install Tor in BackTrack 5 and run as Root

8. Return to the Tor folder and locate again the “start-tor-browser“.

Install Tor in BackTrack 5 and run as Root

9. Right click on the file and choose Open with -> Gedit. If the Gedit notepad screen loads up, click on the search tab and type “the tor browser bundle“ as shown below.

Install Tor in BackTrack 5 and run as Root

10. If everything was done correctly, you will be facing a screen shown below. This is what we need to tweak in order to allow Tor run with root.

Install Tor in BackTrack 5 and run as Root

11. Delete the error comment and replace it with “Tor is running as Root“, then remove the “exit 1” code. The final edited “start-tor-browser” file must be identical to the one shown below.

Install Tor in BackTrack 5 and run as Root

12. Go back to the Desktop/tor-browser_en-US folder and then double click to open start-tor-browser like on the first steps. If you did the steps above correctly, the prompt screen should show you “Tor is running as Root“. Press the Ok button and then wait for Tor to finish loading.

Install Tor in BackTrack 5 and run as Root

13. Vidalia Control Panel will load up like shown below, and allow Tor to establish a connection.

Install Tor in BackTrack 5 and run as Root

14. Tor Browser should load up and we should now be able to surf anonymously. Watch the sites are now https:// complaint and running in encrypted mode.

how to install tor in backtrack 5 run as root

Hope we now running Tor as root inside Backtrack 5 R3 and hiding our public ip inside proxy chains provided by Tor network. We can also choose our proxy public ip by clicking on the ” Use a new identity” tab. Enjoy…

We will be working on following topology.

ASA 8.4 Gns3 topo

First of all we gather requirement for our ClientLess VPN, the requirement portion is  inspired by the Keith CBT video.

Requirement:
Type of VPN:- Clientless VPN
Randon machines on Internet
They all support global PKI (SSL)
Not managed by company

Stage 1
Group Level:
Banner message: No
Custom Bookmark: Yes
WebType ACL: No
Allow portal URL browsing: yes

Stage 2
Connection profile
Use LOCAL AAA
Name:- finance-con-profile
Alias:- finance-con-alias
Custom URL:- https://136.1.0.12/finance
Connections supported:- SSL ClientLess only
Connection profile linked to finance group:

Stage 3
User Level:
New user in new Finance group -“finance-user”
Require use of specific connection profile

Goal:- Our goal is to use Clientless VPN from outside Windows XP box(136.1.0.254) to connect to inside Webserver(136.1.121.254) and Backtrack (136.1.121.254) machine , we will configure this setup using ASDM.

We will first do it with the inbuilt wizards of ASDM. Click on Wizards>VPN Wizards>Clientless SSL VPN Wizard. The screen will look like this.

Screen gives us overview of SSL Clientless VPN.Click on Next.

Now in the next screen, it will ask for Connection Profile name and other parameters, configure as follows, this is also mentioned in the start. Check the box “Display Group Alias List at the login page”. And click on Next.

Now on this screen, we can use our AD or ACS database as AAA method , as of now we will use Local database of the ASA. Fill in the user details and password and then click on Add.The screen will like below , then click on next.

Now on the next page we will define our Group Policies for finance users. Create a name for the group like “finance-group” and then click on Next.

On this page it will ask for Bookmark,  Click on Manage to create a new bookmark or we can use existing from the dropdown.

Now on the small screen we can configure our bookmark, click on ADD and specify the bookmark name and on the right side click on Add button. A new Screen will pop-up where we configure the parameters of the Web Server as follows.

Then click on the Ok screen of every screen and Then Click on the Next screen. And click on the Finish button.  In the next screen the we can preview of CLI commands to be send to the ASA.

Click on send button.

Test the scenario. Now login to Windows XP residing outside of the ASA interface. And open the Internet Explorer and type either https://136.1.0.12/ to see the dropdown menu or use “https://136.1.0.12/finance” and accept the security warning.

Clientless

We will see the drop menu select “finance”. Select it and enter username and password as mentioned earlier .

Clientless1

After login you will see the bookmarks as mentioned earlier in the post.

Clientless2

Now click on the webserver link that is shown as bookmark. It will be redirected to inside Web server built on 2003 server.

Clientless3

Enjoy we have successfully installed and tested Clientless VPN , click on home button it will redirect us to the home page.

 

 

 

Backtrack

In this tutorial i will show you how to install Backtrack 5 R3 in Vmware workstation 8, it is recently  released by offensive security team and it is used by penetration testers world wide. Installation is easy just follow given simple steps.

Requirements
1 : Download backtrack ISO from here
2 :  Download VMware Workstation or  VMplayer
3 : Install any of above

Installation

1 : Create A new virtual machine under File and click Next, select typical(recommended).