hmm, ill have to double check if my internal can do packet injection. my old laptops internal can. haha i bought that thing back in 06. I will have to check up on these alfa cards you speak off. i like the idea of removable antennas. I build my own parabolic ones that i would love to hook up to my laptop. haha. or better yet, ill make the alfa card, if its usb, the focus of the dish.

The best i have done, i took a usb wifi adapter and hooked it up to my firends 8 foot diameter dish and pointed in in random directions to see what we could find. haha. 65 networks.

Awesome. Thats good to know. Keeps me from running head into keyboard anymore. Haha. Ok, know if i install bt5 to a usb and boot off of that, i should be able to use my laptops internal card for wifi and scanning. That is to say that it is capable of doing so but it should be since it is a dell xps. Thanls
Matt

Ello all. I have run into a stumbling block. I have bt5 running in vm workstation 8. I have it set to nat as of the moment but i can switch it to bridged if needs be. Anyway i know that in vmware, the wifi of my host gets passed to the virtual machine as a wired connection. I can still browse internet but how do i use airmon, aircrack and wireshark or other wifi scanning  devices in bt5 if my connection is simulated as wired even though the windows laptop is connected via wifi to my router? Is this a case where im gonna have to either get an adapter or boot up as a live os and not virtually? Thanks

Matt

I was thinking of a samba but then i realized she may need to use the machine as a desktop machine. She does not like to use her laptop all the time, and i can see that. it is fun to use the desktop every once in a while. haha

i think i will go win xp and set up a user account.

ok, so to make sure i do it right, i just create a new account on the winxp file server, name it with her name and give it a password. then when she tries to connect to it via a mapped drive, she will have to put in a user name and password? this is all going to be done in workgroup. no domain.

I think know is the time for me to put security on my wifi instead of leaving it open. it has been left open for 5 years. haha.

so turue crypt is the way to go then?

thanks

Hello all. i need a lil help. i have been googling and googling for over 3 hours now with not much luck. I have a file server at home sorta speak. I have a win xp machine at home. i think it is home edition. not sure. cant remember. haha. anyway. i have 4 drives in the machine. each one has a folder under it named netdrive. they are shared folders. Then my wifes laptop, she has the drives mapped to her laptop so she canstore her files. She asked me if it was possible to password protect the folder. I cant seem to figure out how to do this. i even tried third party softwares but they all will not protect network drives.

I tried to make a .zip wioth a password and then everytime she wants to save something she has to add it to the archive and then re-password protect that. haha

to much work.  I dont want the folder to ask for her windows password, i want her windows account name and password seperate from the protected folder.

how would i accomplish this?

thanks

Matt

I have done the course from hacking dojo back in the day when it was herot.net. I have like version 1 of his classes. haha. He is now like on version 4.

Tom contacted me and the way he put it was that the new version of his course is about 10 or so hours of video and TONS of hands on.

I have read his book pro pen testing which is pretty cool.

he has good stuff and he helps with questions all the time.

ran a wireshark scan from the BT5 disk which resides on the 192.168.75.0/24 subnet against de-ice on the 192.168.1.0/24 subnet that is on other side of firewall.

i use a tcp filter so only tcp traffic is seen. so nmap sends the 3 tcp packets, but never gets any back what so ever.

now, when i run the same syntax against the ubuntu machine, i get replies back and tons of info.

so in conclusion, i think the de-ice disk somehow does not know how to send replies back to the 75.0/24 subnet. But then again, de-ice should send replies to the LAN interface of the FW which is in the same subnet and then the FW forward them to the 75.0 subnet. It is not making any sense at all.

firewall is setup to allow tcp on 80,21,443 and icmp. I SHOULD at least get a reply back from de-ice saying that port 80 is open.

thanks

all right, now its gettin strange. i tried hping2 and when i attacked the ubuntu machine, it shows the open ports, but when i attack de-ice with hping2, nothin, nothin at all. i think its just having a bad day is all. still trying to look at logs and see what is happening.

i can access the de-ice webpage from the ubuntu which is in same subnet but the BT machine cant. I can ping the ubuntu from wan to lan so i know FW is allowing icmp threw like i set it up to. I allowed tcp ports 80,https,ftp and also icmp to be allowed.

here is what it is blocking:
192.168.1.100:80    TCP:A

here is what the firewall rule is
allow TCP from HTTP to HTTP
haha

Ok, according to the firewall logs, nmap is using the udp protocol on port 53 when i issue the comman nmap 192.168.1.100 BUT when i clear the logs and use nmap 192.168.1.2 which is the ubuntu machine, the logs all of a sudden populate with tcp connections. so why is it using UDP for a standard nmap scan but then using the exact same syntax, it uses tcp. makes no sense to me


UPDATE:

Ok so more reading and diving into the logs, it shows that the tcp scan to ubuntu is set with the S flag and scanning the de-ice it is using the A flag. I am using the exact same syntax for both scans and i do not know why it is changing between syn and ack scanning between OS's.
I checked to see if any were actual ack,s telling the system it was alive but to ubuntu it was all syns even on port 80 but de-ice, they are all acks, but that should not matter because i have allowed tcp port 80. the firewall logs can only show up to 50 entries and and it does show what is passed threw as well.
thanks

Hello all. I finally built a lab with a firewall in it. I am using vmware workstation 8. the newest one. here is my lab set up

Backtrack 5 vm. net adapter is set with lan segment option with name as lan1 and is in the 192.168.75.0/24 subnet(wan side of pfsense)

pfsense firewall has 2 nics. nic1=lan segment(name is lan1) ip =192.168.75.1/24

nic2= lan segment(name is lan2) ip =192.168.1.0/24

The OS of pfsense is setup with lan1 as the WAN with ip 192.168.75.1/24 no dhcp

lan2 is the LAN portion of pfsense with dhcp and ip as 192.168.1.1/24

The firewall is allowing ports 80,443,21 and icmp to be passed through.

I have ubuntu 12.04 on lan segment(lan2). It grabs the dhcp and i can ping the firewall and even log into the web gui. So that vm is perfect.

I can even ping from bt5 to ubuntu just fine. nmap works so far on the ubuntu machine from teh bt5 side.

now the fun part. i add de-ice lvl1 to the lan segment(lan2). Ubuntu can nmap de-ice just fine. so i know the de-ice vm is loading correctly.

ok, so from the bt5 machine, i run nmap on the de-ice machine and it keeps saying that it is down. I try nmap from bt to ubuntu and it finds the closed/open ports on ubuntu vm just fine. I have even tried the following commands from bt5 to de-ice machine

nmap -sT 192.168.1.100
nmap -sP 192.168.1.0/24
nmap -sN 192.168.1.100
nmap -sS 192.168.1.100
nmap -sS -T5 192.168.1.100
nmap -Pn -T5 192.168.1.100(1 host up with all 1000 ports filtered)

ok, so im not sure if its the config of the system or if the firewall is doing what it is supposed to be, but then why would the ubuntu ports show up on bt5 nmap scan but not the de-ice.

here is some output from the ubuntu machine whos ip is 192.168.1.2 and is in same subnet as de0ice

matt@ubuntu#
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-08-03 00:22 EDT
Nmap scan report for 192.168.1.100
Host is up (0.00023s latency).
Not shown: 992 filtered ports
PORT    STATE  SERVICE
20/tcp  closed ftp-data
21/tcp  closed ftp
22/tcp  closed ssh
25/tcp  closed smtp
80/tcp  closed http
110/tcp closed pop3
143/tcp closed imap
443/tcp closed https
MAC Address: 00:0C:29:9A:56:D7 (VMware)

(interesting they are all closed though. they should be open since the data didnt even go through the firewall since they are on the same lan. UPDATE. i grabbed the wrong out put, they are open)
---------------------

here it is from an nmap sacn on the other side of the firewall. Nmap is being ran from bt5:

root@bt:~# nmap 192.168.1.2(ubuntu vm on other side of FW)

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-08-13 16:01 EDT
Nmap scan report for 192.168.1.2
Host is up (0.0010s latency).
Not shown: 997 filtered ports
PORT    STATE  SERVICE
21/tcp  closed ftp
80/tcp  closed http
443/tcp closed https
-------------------

ok so i know namp is working fine. now scanning from bt5 to de-ice which we know is up and running according to the ubuntu scan on the same network:

root@bt:~# nmap 192.168.1.100

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-08-13 16:06 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.07 seconds

oot@bt:~# nmap -sT 192.168.1.100

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-08-13 15:37 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.06 seconds
root@bt:~# nmap -sN 192.168.1.100

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-08-13 15:38 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.05 seconds
root@bt:~# nmap -sS 192.168.1.100

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-08-13 15:55 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.09 seconds
root@bt:~# nmap -sS -T5 192.168.1.100

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-08-13 15:55 EDT
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 1.55 seconds


nothing. port 80 should at least show up since i have allowed traffic to that port and when i scan the ubuntu machine, port 80 shows up and it is even closed. so for some reason the ports for de-ice are not making it back to the bt5 vm.

Any ideas what i can try out?

tahnks

Matt

no problem man, just trying to help out. haha. thanks for the info on vlans. I keep forgetting that there are OTHER companies besides cisco. haha.

o cool. yeah vlan is used in hp switches, juniper and basically any managed switch. haha. i did a little bit more digging and in the book, he just calls it vlan1 and vlan2 as the name of the network in VB because pfsense firewall apparently uses vlans as the way to seperate networks. sorta like how other firewalls had color coded names. red(public)green(private lan)orange(dmz)blue(wifi) pfsense just uses vlans. pretty much same thing.

so in vb the name is just vlan1 and vlan2 in the settings. its not actually creating vlans. haha. in vmplayer, its different. im actually learning tons right now. my lab is lookin awesome. i have a firewall between bt5 and de-ice lvl 1. this way i cn see how a fw is working. gonna install snort on it next.

took me like 4 hours to figure out what the book was trying to do. haha. since i dont use vb i had to make sure it was not actual vlans, but rather just names of the network cards. he later changes them to wlan1 and wlan2 or wan1 and wan2. haha.

thanks guys.

here is the link to the free chapter in case you want to read i.its 40$ from the same site if you want to buy it

http://packtlib.packtpub.com/library/9781849517744

http://www.packtpub.com/sites/default/files/9781849517744-Chapter-8.pdf?utm_source=packtpub&utm_medium=free&utm_campaign=pdf

Question about VB and VMplayer. Chapter 8 of the advanced pen test book is avialable for free to the public. They use VB and the auther mentions that backtrack is on vlan1 and ubuntu is on vlan2. Now is the terminology of vlan in virtual box the same as it is in cisco? or is that they way virtualbox lables virtual network adapters? If it is an actual vlan, then is there a way to do that in vmplayer?

thanks guys

i think i have seen that once before in my ccnp class. Is that were you take advantage of the way the trunking protocol works and by using cdp, you can see info passing from each vlan?

See my problem is i know basics but could never figure out how to manipulate the basics to find security issues. haha

exactly, its been 5 years since i have used any of my CCNP knowledge or CCNA. last time i used it, i installed the back bone for ebay HQ here in draper. That was a crazy project.

I still have access to the ccna learning center and i have all the books for my ccna and ccnp.

My next course after the pen test is my linux RHCT and security. Linux cbt has contacted me and i own there cbt. they are trying to help me build a lab. hahaha.

Im also talking to another group of how to make challange disks for firewall pentesting and also router pen testing. i want to at least contribute to the security group. haha. Even if it means i have to just make tutorials on it for now and tell people how to set up the firewall for some challanges.

thanks guys.


I just started reading the issaf, very interesting. Hopefully with the knowledge from that i can complete the lvl 1 disk.