Many people still seem to not be aware of EXIF data and the information it provides anyone that wants to view it. EXIF data is attached to image files as well as other files and provides all sorts of details from file creation time to exact GPS coordinates. This is the type of data that was extracted from an image uploaded by Vice Magazine that gave away John McAfee’s location when he escaped Belize. On Backtrack Linux there are numerous tools to extract EXIF data including exiftool which is written in Perl and easy to use. Below we will describe exiftool, which is located in /pentest/misc/exiftool/ or /usr/bin, and provide examples to show how easy it is to use.

Read the rest of this entry »

I personally use exiftool to extract EXIF or Exchangeable Image File data from files including Microsoft Office files such as .doc, .xls, and .ppt. The newer versions of Microsoft Office have new file extensions as you know which are .docx, .pptx, and .xlsx. The version of exiftool on Backtrack Linux doesn’t extract EXIF data from the latest MS Office file formats however you can easily download the latest exiftool for use on Backtrack Linux 5. Use the information below to download the latest exiftool on Backtrack, install a necessary Perl library, and then start extracting EXIF data from the newer Microsoft Office file versions.

Read the rest of this entry »

The merge-router-config menu item in Backtrack Linux, which is located in the Backtrack Menu ( Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools ), allows you to make changes to a Cisco router configuration file and merge those changes to a Cisco router. You should be extremely careful with this script as it will make changes to the target Cisco router. Below we describe the tool in more detail and show examples of merging a router configuration file to a Cisco 861 router.

Read the rest of this entry »

The copy-router-config menu item, which is located in the Backtrack menu (Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools), is a handy little Perl script put together by Muts himself. Once you click on the menu item it will launch a terminal window in the /pentest/cisco/copy-router-config directory so you will have direct access to the 35 line Perl script which servers a single purpose. That purpose is to copy an entire router configuration file from a Cisco device if you have a RW (read/write) community string for the router.

Read the rest of this entry »

SNMP can be a hidden gem that seems to be overlooked sometimes during penetration testing. It is really cool the information you can obtain just using snmpwalk from the command line however the information can be lengthy and unless you are an SNMP OID library or feel like googling a bunch of different stuff it really helps to have tools such as snmpcheck available. Below we describe what snmpcheck, which is written in Perl, will accomplish for you and we also provide a couple of examples against Ubuntu and a Cisco router.

Read the rest of this entry »