Information Security

sqlscan – Backtrack 5 – Information Gathering – Web Application Analysis – Web Crawlers – sqlscan

Need to query Google for vulnerable SQL servers and extract MD5 hashes? The sqlscan.py Python script is your tool then. If you are using Backtrack release 5 you will first need install Python 2.4.4 and then fix sqlscan.py by following the instructions here and here. Once you have sqlscan.py functioning without errors proceed to the example below.

Details
Technology Errors

sqlscan Error: sqlscan.py:8: DeprecationWarning: the sets module is deprecated

Backtrack Linux is full of really great tools including SQLScan which is a SQL Scanner that provides the ability to query Google for vulnerable hosts and extract MD5 hashes from the results. Unfortunately sqlscan.py was written for Python 2.3 or Python 2.4 and has not been maintained to be compatible with Python 2.6 which is the current version of Python installed on Backtrack Linux 5 R3. Backtrack 5 R3 is based off of Ubuntu 10.04 which had a release date of April, 2010 so needless to say some packages are out of date. It should be noted though that there is a lot to be said for stability in your operating system versus bleeding edge capabilities and I am sure when the time is correct the Backtrack team will be releasing a new version of Backtrack based on a newer version of Ubuntu.

Details
Technology Insights

Install Python 2.4 On Backtrack Linux 5 R3

Some tools in Backtrack Linux version 5 R3 were written for older versions of Python so if you are interested in using some of these tools in can be beneficial to install older versions of Python such as Python 2.4. Below I describe how to easily install Python 2.4 without causing issues with the Python 2.6 that is installed by default on Backtrack Linux 5 R3 or Ubuntu 10.04.

Details
Information Security

dictstat – Backtrack 5 – Privilege Escalation – Password Attacks – Offline Attacks – dictstat

The dictstat Python script is a great little tool for password cracking results analysis or for regular wordlist analysis. The dictstat application is located in the /pentest/passwords/pack directory on Backtrack 5 R3 and can be run using “python dictstat.py” from within that directory. Written by iphelix during the 2010 Crack Me If You Can password cracking competition and is part of a larger toolset called PACK or Password Analysis and Cracking Kit. Below we show some examples of dictstat in action along with some details of the available parsing mechanisms that are in place.

Details
Information Security

spamhole – Backtrack 5 – Exploitation Tools – Social Engineering Tools – HoneyPots – spamhole

Unfortunately spamhole’s day is mostly behind us though I wish I would have been familiar with it earlier. The spamhole application developers took the approach of developing spamhole for other like minded individuals to assist in battling the SPAM issues on the Internet by creating fake open mail relays as possible and thus tricking spammers into sending their SPAM into blackholes or honeypots. It would have been extremely satisfying to watch SPAM enter a spamhole fake open relay I had created and be redirected to nothing. The spamhole application is not working as of Backtrack 5 R3 and is explained in more detail below.

Details