This is the first in a series of Backtrack 4 articles I will be writing regarding the tools available within Backtrack 4. I am fairly new to Backtrack so please comment, teach me, ask questions, or whatever you prefer in the comments section below. I am going to try to go down the list of every single Backtrack 4 tool and write a complete description including instructions on how to use the tools. This first article is on 0trace (0trace.sh) which allows you to perform a traceroute from within an established TCP connection such as HTTP which will be demonstrated below.
There are numerous reasons that you may either want to connect to Windows Remote Desktop on a different port or have Remote Desktop listen on a different port. The primary reason I wanted to configure this was my ISP does network scans every couple of months and if you have external ports listening they will suspend your service in an attempt to both cut down on viruses, spam, and to get you to upgrade your service to a business account that allows you to run servers. I wanted to be able to connect to a Windows Vista box at my house remotely and one of the ports included in my ISP’s scan list is the RDP (Remote Desktop Protocol) TCP port 3389. To get around this you can either configure RDP to run on a different port and simply use your router to directly NAT through the new port or I suggest you simply using Port Forward on your router to route another port from the external IP address to the TCP RDP port 3389 on the Windows computer running Remote Desktop. Below I describe connecting to a port other than the default TCP port 3389 from the Remote Desktop client.
I have been messing around with Django over the past week and experimenting with various settings. I first ran Django using mod_ptyhon from Apache but the results were unimpressive. Apache served the Django project’s pages extremely slow using the Apache mod_python module. After some reading I decided to give the Apache mod_fastcgi module a try to see if the results were any better. I was definitely happier with the web page load time so I then decided to experiment with various FastCGI settings.
Yesterday a colleague at my company was doing some testing with a potential partner and they needed to open a TCP port on one of our development servers so an application could bind to that port. At first I wasn’t sure how I should do this since the port didn’t need to do anything but listen for incoming connections and the remote application would simply connect to that port. To get something up immediately for them I simply had our web server listen on the requested port which worked however I did not want the web server running on this port for long so I needed to come up with another solution to simply open the port, listen for connections, and possibly log those connections so we could troubleshoot if necessary. I ended up finding an application called tcpsnoop which I explain how to compile and use below.
I needed to capture some packets on a server to import into Wireshark on a Windows XP computer but hadn’t done this in awhile so I needed to refresh on how to do this. I ended up using dumpcap to capture the data, then obtain the dump file on the windows computer, and then imported into Wireshark. One thing I had a moment of trouble with was the dumpcap filter syntax. Below are some examples of how to use the filter that the dumpcap -f switch uses.
Basic dumpcap Capture[All Data]:
- dumpcap -w /path/to/file