BackTrack 5 Released – The Most Advanced Linux Security Distribution & LiveCD

The BackTrack Dev team has worked furiously in the past months on BackTrack 5, code name “revolution” – they released it on May 10th. This new revision has been built from scratch, and boasts several major improvements over all our previous releases. It’s based on Ubuntu Lucid LTS – Kernel 2.6.38, patched with all relevant wireless injection patches. Fully open source and GPL compliant.

The interesting part for me is that the new .ISO downloads offer multiple versions, including a choice between GNOME and KDE desktops and the images include ARM, 32-Bit and 64-Bit versions.

New in Version 5

  • Based on Ubuntu 10.04 LTS;
  • Linux kernel 2.6.38 (with wireless injection patches);
  • KDE 4.6;
  • GNOME 2.6;
  • 32-bit and 64-bit support;
  • Metasploit 3.7.0;
  • Forensics mode (a forensically sound instance);
  • Stealth mode (without generating network traffic);
  • Initial ARM image of BackTrack (for Android-powered devices);
  • All support for Backtrack 4 will end on May 10th, 2011 and BackTrack 4 will not be available for download from our official mirrors from that date onwards.

As for the ARM image, they have had some joy getting BackTrack running on a Motorola Xoom tablet – check it out here.

You can download BackTrack version 5 here:

http://www.backtrack-linux.org/downloads/

Labels: , , , , , , , , ,

sslsnoop v0.6 – Dump Live Session Keys From SSH & Decrypt Traffic On The Fly

sslsnoop dumps live session keys from openssh and can also decrypt the traffic on the fly.

  1. Works if scapy doesn’t drop packets. using pcap instead of SOCK_RAW helps a lot now.
  2. Works better on interactive traffic with no traffic at the time of the ptrace. It follows the flow, after that.
  3. Dumps one file by fd in outputs/
  4. Attaching a process is quickier with –addr 0xb788aa98 as provided by haystack INFO:abouchet:found instance @ 0xb788aa98
  5. how to get a pickled session_state file : $ sudo haystack –pid `pgrep ssh` sslsnoop.ctypes_openssh.session_state search > ss.pickled

Not all ciphers are implemented.

Workings ciphers: aes128-ctr, aes192-ctr, aes256-ctr, blowfish-cbc, cast128-cbc
Partially workings ciphers (INBOUND only ?!): aes128-cbc, aes192-cbc, aes256-cbc
Non workings ciphers: 3des-cbc, 3des, ssh1-blowfish, arcfour, arcfour1280

It can also dump DSA and RSA keys from ssh-agent or sshd ( or others ).

You can download sslsnoop here:

trolldbois-sslsnoop.zip

Or read more here.

Labels: , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)