Basic Security Testing with Kali Linux Giveaway Contest

Want a chance to get a signed copy of my latest Kali Linux book? I am giving away a total of 10 signed copies of “Basic Security Testing with Kali Linux, 3rd Edition”!

Simply follow, like and share this article, or my official Twitter or Instagram announcement, for a chance to win a signed copy of my new book!

10 lucky winners will be randomly selected on October 31st.

The Contest is for those living in the United States only. I may do another one for international readers in the future.

Liking this article & sharing the Official Contest announcements on Twitter and Instagram will increase your chances of winning.  Winners will be notified on October 31st. If a winner cannot be notified or does not respond by the end of the first week of November, another winner will be picked.

Good luck!

 

Advertisements

The LaZagne Project dumps 22 Different Program Passwords

LaZagne Passwords

The LaZagne Project by Alessandro ZANNI is a nifty little utility that displays passwords for 22 Windows and 12 Linux programs. This is a nice tool for penetration testers when you want to quickly dump passwords after you gain access to a system.

For Windows, simply download the standalone version and run it. Running “laZagne.exe all” will dump all the passwords that it can find:

LaZagne 2

You need to have administrator access to pull user login passwords. For “verbose” mode, which adds additional information when it runs, simply add a “-v” switch. If you just want to pull individual passwords, simply run the program using one of the modules below:

LaZagne Password modules

According to the The LaZagne Project webpage it can display the following passwords:

LaZagne Password modules 2

LaZagne works fast and easy!

 

Pulling Remote Word Documents from RAM using Kali Linux

Really enjoyed the article on W00tsec about pulling RAW picture images from memory dumps and thought it would be cool if you could use the same process to pull information from a remote system’s memory using Kali – and you can!

In this tutorial we will see how to pull a Word document from a remote machine’s memory, parse it for text and view it in Kali Linux.

The target system is a Windows 7 PC running Office 2010. We will start with a remote metasploit meterpreter shell session already active. So basically we tricked our test system into running our booby trapped file which created a back door to our Kali system.

So we want to grab the remote memory, but we only want the memory in use by the Word process. Following the w00tsec tutorial we just need to use the SysInternals ProcDump command. ProcDump is available from Microsoft’s Technet site, it is part of the SysInternals Suite. This command allows you to pull memory for specific processes.

You may want to grab the SysInternal’s “Strings” program too while you are there. “Strings” is a Windows version of the Linux command that we will be using later.

These programs will need to be uploaded to the target system from Meterpreter.

Next, in the Metasploit DOS shell, type “tasklist” to see what is running on the remote Windows system:

tasklist

Further down the list we see that the user has an open session of MS Word (WINWORD.EXE):

processes

Run the procdump command using the “-ma” switch and the process name “WINWORD.EXE”, lastly we will call the resultant dump file “word” as seen below:

procdump

We now have a memory dump stored on our remote system called “word.dmp”. The file is pretty large, 362 MB, we could just download that file back to our Kali system – but we can shrink it. We are really only looking for text in the memory dump. We have two options here, we can use the SysInternals “Strings” program to work through the data dump and remove all the text from it (significantly reducing the download size) or we can download the whole file en-mass  back to our Kali system and use the Linux “strings” command to parse it.

The choice is yours, but I will say with just using the default program settings in both, the Linux one did a much better job of parsing the file.

But basically the command is the same in both versions, “strings word.dmp > word.txt

Now if we open the resultant text file in Kali, we see a ton of information – System settings, variables that are set on the system, I even found registry keys mentioned. But eventually we will see this (Produced with the Linux strings command):

Kali Strings Result

Compare that to the Word document we have open on the Windows 7 machine:

Original Document

As you can see the Nmap user manual open on our Windows 7 system has been successfully grabbed from memory remotely, and we can now view the text on our Kali system!

I know there are other forensics programs out there that will do basically the same thing, and this is not a forensically sound way of preserving data needed in a legal case, but it is a lot of fun doing this manually and opens up some interesting possibilities!

The best way to defend against these types of attacks are to follow good security practices against social engineering and Phishing type attacks. An attacker would need a remote connection to your system to be able to pull items from your memory. Do not open unknown or unsolicited attachments in e-mails. Be leery of odd sounding links sent to you from a friend’s account and use a script blocker and good AV Internet security program when surfing the web.

Want to learn more about Kali Linux and Metasploit? Check out my book, “Basic Security Testing with Kali Linux“.

Backtrack to be Reborn as Kali Linux – The Best Pentest Distro Ever!

Very interesting news from the Backtrack development team. Backtrack is in the process of a major overhaul and will be reborn into a new distribution named Kali!

Apparently Backtrack was a pet project used by the developers, now that it is THE Pentesting Platform, they want to make it better than ever.

Which is great news for us!

From the Backtrack Linux Website:

“What’s happened in the past year? We have been quietly developing the necessary infrastructure and laying the foundation for our newest penetration testing distribution as well as building over 300 Debian compliant packages and swearing in 8 different languages.

These changes brought with them an incredible amount of work, research and learning but are also leading us down the path to creating the best, and most flexible, penetration testing distribution we have ever built, dubbed “Kali”.”

Can’t wait to check it out!