Information Security

smbclient – Backtrack 5 – Information Gathering – Network Analysis – SMB Analysis – smbclient.py

In the Backtrack menu under Information Gathering > Network Analysis > SMB Analysis there is a menu item named smbclient which should actually be named smbclient.py. While the smbclient.py script does actually use smbclient it provides a different interface, commands, no switches, etc. making it fairly different than smbclient itself. While both smbclient and smbclient.py are supposed to provide the same end results they don’t because smbclient.py is extremely buggy so I will be writing an article on each so there is no confusion.

Information Security

sqllhf – Backtrack 5 – Vulnerability Assessment – Database Assessment – MSSQL Assessment – sqllhf

It appears that SQLLHF no longer works in Backtrack 5 release 3. When attempting to run this application it throws an error. I may update this article later with more information as I know the author of the software and once I can speak with him I will update accordingly. The good news is SQLLHF doesn’t accomplish any goals that other Microsoft SQL Server tools can accomplish so there is no loss in terms of functionality however at this point its just taking up real estate in the BT5 menu.

Information Security

xplico – Backtrack 5 – Information Gathering – Network Analysis – Network Traffic Analysis – xplico

Xplico is a NFAT or Network Forensics Analysis Tool that is designed to either capture traffic in real time sessions or to provide an interface to upload PCAP (Packet Capture Data) files for analysis. The current version in Backtrack Linux 5 release 3 is 0.7 however the latest Xplico version is Xplico 1.0.1. I believe there are some dependencies required in the later versions of Xplico so I will write an updated article once Backtrack 6 comes up and the latest version of Xplico can easily be installed.

Information Security

readpst – Backtrack 5 – Forensics – Forensics Analysis Tools – readpst

We have had a couple requests to write a post about readpst which is included in the default path of Backtrack 5 and also located in the Backtrack menu underneath Forensics/Forensics Analysis Tools. The readpst application will read PST files which are also known as Microsoft Outlook Personal Folders and convert them to mbox, MH, or KMail formats. There are various other switches that can be used to output each email into a separate file, include attachments, modify contact formats, be recursive, etc. I will explain basic functionality below along with a couple of the formats and various switches.