While working on an upcoming article for QD I ran into an issue with the dnsenum.pl Perl script. I followed the process of installing the optional Perl modules and when I went back to test dnsenum it would no longer return any IP addresses. Instead of dnsenum returning actual IP addresses it was returning odd characters. It turns out there is some form of conflict between dnsenum.pl and the Net::DNS Perl module. Below I describe the dnsenum issue in more detail and provide a work around by manually downgrading the Net::DNS Perl module by hand.
cisco-auditing-tool – Backtrack 5 – Vulnerability Assessment – Network Assessment – Cisco Tools – cisco-auditing-tool
The cisco-auditing-tool located in the Backtrack menu ( Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools ) is written in Perl and accomplishes three tasks which include attempting to brute force the telnet password on a Cisco device if telnet is running, attempting to show the iOS history on the Cisco device using a vulnerability which I believe is from the late 90’s, and attempting to brute force the SNMP community strings for the device. The tool is fairly outdated as most Cisco devices in corporate networks should now be using SSH and it would seem surprising unless you are doing an internal audit if SNMP was exposed for any Cisco devices still in service. That being said there is definitely still value if you have a ton of Cisco devices to audit you can feed a list of IP’s or hostnames into the script and check basic SNMP community strings and telnet passwords.
When using the cisco-auditing-tool script located in the Backtrack Linux menu ( Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools ) I was getting an error even though I was sure one of the passwords I had in the wordlist was accurate. After some troubleshooting I was able to figure out that the script checked for a non-privileged account on the Cisco device but if the account was actually a privileged account which is also known as an enable account it would crash because it never received the response it expected. I added a couple lines of code and now the cisco-auditing-tool Perl script will provide confirmation of lower level accounts on a Cisco device as well as enable level accounts on a Cisco device. Below I describe the error message output when the cisco-auditing-tool Perl script was crashing followed by the code update to provide Cisco enable level password auditing.
Many people still seem to not be aware of EXIF data and the information it provides anyone that wants to view it. EXIF data is attached to image files as well as other files and provides all sorts of details from file creation time to exact GPS coordinates. This is the type of data that was extracted from an image uploaded by Vice Magazine that gave away John McAfee’s location when he escaped Belize. On Backtrack Linux there are numerous tools to extract EXIF data including exiftool which is written in Perl and easy to use. Below we will describe exiftool, which is located in /pentest/misc/exiftool/ or /usr/bin, and provide examples to show how easy it is to use.
I personally use exiftool to extract EXIF or Exchangeable Image File data from files including Microsoft Office files such as .doc, .xls, and .ppt. The newer versions of Microsoft Office have new file extensions as you know which are .docx, .pptx, and .xlsx. The version of exiftool on Backtrack Linux doesn’t extract EXIF data from the latest MS Office file formats however you can easily download the latest exiftool for use on Backtrack Linux 5. Use the information below to download the latest exiftool on Backtrack, install a necessary Perl library, and then start extracting EXIF data from the newer Microsoft Office file versions.