Information Security

pdgmail: Backtrack: Forensics: RAM Forensics Tools: pdgmail

We received a request for an article for pdgmail which is a Python script that analyzes Windows and Linux browser process dumps where the browser had Gmail open. I was able to test on 32-bit Windows 7, 64-bit Ubuntu 10.04 LTS, and 32-bit Ubuntu 10.04 LTS. Unfortunately the methods I was using did not work properly on the 64-bit Ubuntu however it worked perfectly on both 32-bit operating systems I tested. Below I describe how pdgmail can be used to dump Firefox process memory using Process Dumper on Backtrack Linux which is technically Ubuntu 10.04 LTS.

Details
Information Security

Backtrack 5: Information Gathering: Network Analysis: DNS Analysis: reverseraider

So many of the DNS enumeration scripts available in backtrack focus on typical DNS but reverseraider does what it sounds like it might do which is enumerate reverse DNS names. Enumerating reverse DNS on an IP or set of IP’s can sometimes reveal information you did not previously have. It is possible to be targeting a web server that has a bunch of virtual hosts and you prefer to track down primary web site on the web server which is where reverseraider may provide the results necessary as it is more likely that the most important site on the virtual web server has reverse DNS configured on the host itself. Below I display the primary three methods of using reverseraider.

Details
Information Security

Backtrack 5: Information Gathering: Network Analysis: OS Fingerprinting: xprobe2

The xprobe2 application was built specifically for OS Fingerprinting or being able to accurately guess a servers Operating System. The unfortunate part about xprobe2 is that is extremely outdated and doesn’t even include Windows 7 in its list of OS’s that it can identify. Even though nmap is pretty much the staple for people to use it is still worth discussing xprobe2 because the items it can guess it does a great job at doing so. It may also be possible that you are assessing a network with some really old servers and updated apps don’t include those operating systems anymore so you may get lucky and find the old operating system using xprobe2.

Details
Information Security

Backtrack 5: Information Gathering: Network Analysis: Identify Live Hosts: 0trace

I remember being so happy about 0trace when I started to write some Backtrack related articles because even though 0trace is fairly simple it is really useful to locate the full path to devices you are investigating. In the article below I will explain the necessary 0trace input from the command line, what needs to be done to complete a successful trace to a target using 0trace, and provide some example of devices in front of and behind a firewall blocking ICMP or traceroute requests.

Details
Information Security

0trace Error In Backtrack 5: 0trace.sh Probe Rejected By Target

Previously I wrote a brief article on 0trace in Backtrack 4 which can be located here however in the process of writing an updated article for Backtrack 5 I noticed that 0trace was no longer working. Every single time I would attempt to run an accurate trace through a firewall the results would come back empty and display “Probe rejected by target.” At first I was thinking maybe companies have really tightened down their firewalls however that didn’t make any sense because of how 0trace works using a standard port such as port 80 to allow traffic to pass because the servers function is to serve web pages. Below I describe the error in more detail and how you can resolve it.

Details