DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C. DMitry has the ability to gather as much information as possible about a host. Base functionality is able to gather possible subdomains, email addresses, uptime information, tcp port scan, whois lookups, and more.

The following is a list of the current features:

An Open Source Project.
Perform an Internet Number whois lookup.
Retrieve possible uptime data, system and server data.
Perform a SubDomain search on a target host.
Perform an E-Mail address search on a target host.
Perform a TCP Portscan on the host target.
A Modular program allowing user specified modules

(Source: http://www.mor-pah.net/index.php?file=projects/dmitry)

We used this command: dmitry -winsepffb -o host.txt google.com

The output won’t contain in a single screenshot so we will do a partial screenshot and you can look at the output in a text file.

For some reason the last part of the scan didn’t get saved in the txt file but you can see it on the screenshot.

You can see the whole output: http://www.linuxhaxor.net/host.html

That’s all!!

pavs

ASS, the autonomous system scanner, is designed to find the AS of the router.
It supports the following protocols: IRDP, IGRP, EIGRP, RIPv1, RIPv2, CDP, HSRP
and OSPF.
In passive mode (./ass -i eth0), it just listens to routing protocol packets
(like broadcast and multicast hellos).
In active mode (./ass -i eth0 -A), it tries to discover routers by asking for
information. This is done to the appropriate address for each protocol (either
broadcast or multicast addresses). If you specify a destination address, this
will be used but may be not as effective as the defaults.
EIGRP scanning is done differently: While scanning, ASS listens for HELLO
packets and then scans the AS directly on the router who advertised himself.
You can force EIGRP scanning into the same AS-Scan behavior as IGRP uses by
giving a destination or into multicast scanning by the option -M.
For Active mode, you can select the protocols you want to scan for. If you
don’t select them, all are scanned. You select protcols by giving the option -P
and any combination of the following chars: IER12, where:

* I = IGRP
* E = EIGRP
* R = IRDP
* 1 = RIPv1
* 2 = RIPv2

Usage is trival:
./ass [-v[v[v]]] -i <interface> [-p] [-c] [-A] [-M] [-P IER12]
-a <autonomous system start> -b <autonomous system stop>
[-S <spoofed source IP>] [-D <destination ip>]
[-T <packets per delay>]

Where:
-i <interface> interface
-v verbose
-A this sets the scanner into active mode
-P <protocols> see above (usage: -P EIR12)
-M EIGRP systems are scanned using the multicast
address and not by HELLO enumeration and
direct query
-a <autonomous system> autonomous system to start from
-b <autonomous system> autonomous system to stop with
-S <spoofed source IP> maybe you need this
-D <destination IP> If you don’t specify this, the appropriate
address per protocol is used
-p don’t run in promiscuous mode (bad idea)
-c terminate after scanning. This is not
recommened since answers may arrive later and
you could see some traffic that did not show
up during your scans
-T <packets per delay> packets how many packets should we wait some
miliseconds (-T 1 is the slowest scan
-T 100 begins to become unreliable)

(Source: http://www.mirrors.wiretapped.net/security/packet-construction/irpas/irpas-README.txt)

We used this command: ass -vvv -i eth0 -P EIR12 -M -a -p -D 192.168.1.1

That’s all.

pavs

Backtrack 2 is the last edition of a very famous and widely used penetration testing Linux Live Distro. We will try to do walkthrough of every single (or as much as possible) tools that comes with backtrack 2. Since this is a very large project, and the distro itself contains approximately 255 unique tools. It will almost impossible to post it as one HOWTO. So we will try to do One post at a time.

But first Lets give you a look and feel about Backtrack 2:

Since Backtrack 2 is live distro and not an installed system it comes with default username to “root” and password of “toor”.

Here is how Backtrack looks like after you boot it from the CD:

You have a choice of using either KDE or Fluxbox. In most of our HowTo’s we will be using KDE. As I am more familiar with it. I would have preferred Gnome but backtrack doesn’t come with it.

To use KDE type “Startx”, to use Fluxbox type in “flux”, very simple.

This is how Backtrack KDE window manager looks like with some of it’s tools.

Continue Reading…

What is Nmap?

Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. (source)

First and foremost we will download, compile and install nmap from scratch under Linux. The latest Nmap sources available for download is 4.21ALPHA4 which you can download from here: http://download.insecure.org/nmap/dist/nmap-4.21ALPHA4.tar.bz2

However the stable version is 4.20 .

First we will download the latest source from it’s website:

Now we are going to go through the process Extracting the bzip2 file, “configure” it and “make install” it from the source. With this commands:

bzip2 -cd nmap-4.21ALPHA4.tar.bz2 | tar xvf -
cd nmap-4.21ALPHA4
./configure
make
su root
make install

During the process of installing I get this error:

nmapfe.c:114:2: error: #error “Your system does not appear to have GTK (www.gtk.org) installed. Thus the Nmap X Front End will not compile. You should still be able to use Nmap the normal way (via text console). GUIs are for wimps anyway :)”
Continue Reading…