SNMP can be a hidden gem that seems to be overlooked sometimes during penetration testing. It is really cool the information you can obtain just using snmpwalk from the command line however the information can be lengthy and unless you are an SNMP OID library or feel like googling a bunch of different stuff it really helps to have tools such as snmpcheck available. Below we describe what snmpcheck, which is written in Perl, will accomplish for you and we also provide a couple of examples against Ubuntu and a Cisco router.

Read the rest of this entry »

DeliciousStumbleUponDiggTwitterFacebookRedditLinkedInEmail
Tags: , , , , , , , , , , , , , , , , , , , , , , , , , ,

Comments No Comments »

When running snmpcheck, a SNMP enumeration tool found in Backtrack Linux, against Ubuntu 10.04 Lucid Lynx or Backtrack Linux it is likely you will receive some errors in the output. The errors occur when the running processes from the Linux server are enumerated. Below we show example output from the command when the errors are intact as well as a quick fix so you won’t have to modify the output for reports.

Read the rest of this entry »

DeliciousStumbleUponDiggTwitterFacebookRedditLinkedInEmail
Tags: , , , , , , , , , , , , , , , , ,

Comments No Comments »

When attempting to launch creepy via the Backtrack menu (Backtrack > Information Gathering > Network Analysis > OSINT Analysis > creepy) the starting creepy window will show in the taskbar however it simply disappears after a couple seconds without any action. If you investigate the menu item you will see that the menu item executes creepymap and when you attempt to execute creepymap you will see some Python errors. Below the error is described in more detail along with instructions on how to get creepy working properly.

Read the rest of this entry »

DeliciousStumbleUponDiggTwitterFacebookRedditLinkedInEmail
Tags: , , , , , , , , , , , , ,

Comments No Comments »

Need a quick way to generate a PHP backdoor for a compromised server you want to come back to later, then weevely is your application. I was pleasantly surprised when I started playing around with weevely in more detail as it provides a ton of built in functionality and does a lot more than I initially though that weevely did. The weevely application is built using Python and its current version on Backtrack 5 R3 is weevely v0.7. The weevley.py Python script is located in the /pentest/backdoors/web/weevely directory and some of its uses are described in more detail below.

Read the rest of this entry »

DeliciousStumbleUponDiggTwitterFacebookRedditLinkedInEmail
Tags: , , , , , , , , , , , , , , , , , , , ,

Comments No Comments »

The pdfid script in Backtrack Linux is a PDF forensics tool that will quickly provide you an overview of a PDF files potential threats and pdfid provides a way to disarm those threats. PDFid is written in Python and is located in /pentest/forensics/pdfid/. The current version of pdfid is 0.0.11 and was released April 28th, 2010. Below we describe the basic functionality of pdfid and also explain some of the PDF terminology that will help those not as familiar with a PDF files structure the ability to find value with the pdfid.py Python script.

Read the rest of this entry »

DeliciousStumbleUponDiggTwitterFacebookRedditLinkedInEmail
Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Comments No Comments »