Information Security Related Articles

0trace Error In Backtrack 5: 0trace.sh Probe Rejected By Target

SecurityBy alex March 29, 2012 3 Comments

Previously I wrote a brief article on 0trace in Backtrack 4 which can be located here however in the process of writing an updated article for Backtrack 5 I noticed that 0trace was no longer working. Every single time I would attempt to run an accurate trace through a firewall the results would come back empty and display “Probe rejected by target.” At first I was thinking maybe companies have really tightened down their firewalls however that didn’t make any sense because of how 0trace works using a standard port such as port 80 to allow traffic to pass because the servers function is to serve web pages. Below I describe the error in more detail and how you can resolve it.

OSX Lion Firewall Process Name

SecurityBy alex March 22, 2012 1 Comment

OK this article is sort of silly and will be fairly short and to the point but earlier I was trying to find the process name of the OSX Lion firewall. During the process of looking for the OSX Lion firewall process name I learned a bunch of little firewall tidbits such as there are a ton of settings you can set from the command line, there are third party OSX Lion Firewall GUI configuration tools, and there are complete third party firewalls available for install on OSX Lion.

Block WordPress User Enumeration, Secure WordPress Against Hacking

SecurityBy alex March 20, 2012 5 Comments

Recently I have been doing a lot of testing on a couple of my web sites that run WordPress and realized that securing your site takes a bit of effort. There are some plugins that do a great job at certain things however I wasn’t able to find any that did a great job of securing everything that I would prefer be secured. Below I describe a multi-pronged approach to securing your WordPress site from hacking attempts using multiple WordPress plugins as well as performing a couple manual steps that ensure the WordPress details exposed to the world are minimal.

Backtrack 5 : Information Gathering : Web Application Analysis : CMS Identification : wpscan

SecurityBy alex March 19, 2012 Leave a comment

One of my favorite apps in Backtrack Linux that I recently discovered is wpscan. There are a ton of WordPress sites in the wild and using wpscan is an excellent way to begin an audit on a WP site. There are a couple things that wpscan does that is really amazing such as enumerating logins from WordPress sites and enumerating WordPress plugins that are installed. Below are a couple examples of how wpscan can be useful for WordPress web site analysis.

Backtrack 5 : Information Gathering : Network Analysis : Identify Live Hosts : pbnj

SecurityBy alex March 18, 2012 Leave a comment

PBNJ is made ip of two commands which are scanpbnj and outputpbnj. The manpages for both scanpbnj and outputpbnj are located in collapsed tables at the bottom of this post in case you want more details. When you run scanpbnj it technically a script that runs nmap and dumps the results to a database. The scanpbnj command will store results in various database formats including CSV, MySQL, PostgreSQL, and SQLite. Once the results are stored you can pull the results from the database using outputpbnj which can output report style results in CSV format, tab delimited format, or HTML format. Continue reading below for more details regarding outputpbnj and scanpbnj on Backtrack Linux 5 r2.

Category Archives: Security

0trace Error In Backtrack 5: 0trace.sh Probe Rejected By Target

OSX Lion Firewall Process Name

Block WordPress User Enumeration, Secure WordPress Against Hacking

Backtrack 5 : Information Gathering : Web Application Analysis : CMS Identification : wpscan

Backtrack 5 : Information Gathering : Network Analysis : Identify Live Hosts : pbnj